-
Notifications
You must be signed in to change notification settings - Fork 17.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/rsa: better error message for RSA keys too short for PSS #23736
Comments
Spec for RSASSA-PSS signature generation is here: "encoding error" is technically the correct output from this function because Do you think that the error message should be changed to "RSA modulus size too small for PSS signature"? (I did not look at the source code.) |
Yes, there is no secret leakage (and we should put the check somewhere with no secret access anyway), so it would be better to tell the user how they can fix the issue. It took me a while to realize I was using 512-bit certificates in tests. |
@agl While looking at this code I noticed that the salt length can end up being zero when using RFC 8017 calls that out as a valid salt length, with security equivalent to a Full Domain Hashing scheme, however our API does not normally allow a zero-length salt (as Do we want to make that an error condition? |
Change https://golang.org/cl/92815 mentions this issue: |
If an RSA key is too short for PSS, signing fails with an unhelpful
crypto/rsa: encoding error
.We should return a message pointing to the minimum key length.
The text was updated successfully, but these errors were encountered: