Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

proposal: crypto/rsa: pss with zero salt length for backward compatiblity with openssl #67779

Open
ashwani573 opened this issue Jun 3, 2024 · 0 comments
Labels
Proposal Proposal-Crypto Proposal related to crypto packages or other security issues
Milestone

Comments

@ashwani573
Copy link

Proposal Details

What version of Go are you using (go version)?
$ go version
go version go1.21.0 linux/amd64

Does this issue reproduce with the latest release?
yes.

What did you do?
I have an application that is doing an RSA PSS sign using OpenSSL, allowing zero salt length. Go crypto handles zero length differently, it maximizes the salt length.

I am migrating it to go crypto and there might be users who are using zero salt length in OpenSSL, which may break for them.

What did you expect to see?
I expected it to work in the same way as OpenSSL because it may break some users.
RSA-PSS standard allows salt_len to be 0 which would indeed result in empty salt, and therefore a deterministic encoding.
From: https://datatracker.ietf.org/doc/html/rfc8017#section-9.1.1
"Generate a random octet string salt of length sLen; if sLen = 0, then salt is the empty string."

In Golang, currently there are two configurable options for salt behavior:

  • PSSSaltLengthAuto
  • PSSSaltLengthEqualsHash
    The Proposal request is to add a new option to support the Salt length as empty.
  • PSSSaltLengthEmpty

What did you see instead?
I see that go crypto does not allow zero salt length, it maximizes the salt length when zero (PSSSaltLengthAuto) is passed for salt length.

I Opened a fresh issue, there was one similar issue that got closed due to waiting for more information.
#45684

@ianlancetaylor ianlancetaylor changed the title crypto/rsa: pss with zero salt length for backward compatiblity with openssl proposal: crypto/rsa: pss with zero salt length for backward compatiblity with openssl Jun 5, 2024
@ianlancetaylor ianlancetaylor added the Proposal-Crypto Proposal related to crypto packages or other security issues label Jun 5, 2024
@gopherbot gopherbot added this to the Proposal milestone Jun 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Proposal Proposal-Crypto Proposal related to crypto packages or other security issues
Projects
Status: Incoming
Development

No branches or pull requests

3 participants