]> Cypherpunks repositories - gostls13.git/commitdiff
projects / gostls13.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: dd7ab5e)
crypto/rsa: check hash message length first in SignPKCS1v15
authorRuss Cox <rsc@golang.org>
Sat, 30 Nov 2024 01:30:48 +0000 (20:30 -0500)
committerRuss Cox <rsc@golang.org>
Sat, 30 Nov 2024 03:42:43 +0000 (03:42 +0000)
This restores the error checking behavior from Go 1.23.
In particular, the boringcrypto code path now contains this
check again.

Change-Id: Ie38c68c27bc3a95c6a0b5a78fc4196694527cd6b
Reviewed-on: https://go-review.googlesource.com/c/go/+/632495
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
src/crypto/rsa/fips.go patch | blob | history
src/crypto/rsa/rsa_test.go patch | blob | history

diff --git a/src/crypto/rsa/fips.go b/src/crypto/rsa/fips.go
index eac4c44066db5d94d07b96b6a44547406a9c1fb4..7bf0e1e14b3236e9391e60341d76e1ce3c9a3bf4 100644 (file)
--- a/src/crypto/rsa/fips.go
+++ b/src/crypto/rsa/fips.go
@@ -278,6 +278,14 @@ func decryptOAEP(hash, mgfHash hash.Hash, priv *PrivateKey, ciphertext []byte, l
 // messages to signatures and identify the signed messages. As ever,
 // signatures provide authenticity, not confidentiality.
 func SignPKCS1v15(random io.Reader, priv *PrivateKey, hash crypto.Hash, hashed []byte) ([]byte, error) {
+       var hashName string
+       if hash != crypto.Hash(0) {
+               if len(hashed) != hash.Size() {
+                       return nil, errors.New("crypto/rsa: input must be hashed message")
+               }
+               hashName = hash.String()
+       }
+
        if err := checkPublicKeySize(&priv.PublicKey); err != nil {
                return nil, err
        }
@@ -300,13 +308,6 @@ func SignPKCS1v15(random io.Reader, priv *PrivateKey, hash crypto.Hash, hashed [
        if err != nil {
                return nil, err
        }
-       var hashName string
-       if hash != crypto.Hash(0) {
-               if len(hashed) != hash.Size() {
-                       return nil, errors.New("crypto/rsa: input must be hashed message")
-               }
-               hashName = hash.String()
-       }
        return fipsError2(rsa.SignPKCS1v15(k, hashName, hashed))
 }
 
diff --git a/src/crypto/rsa/rsa_test.go b/src/crypto/rsa/rsa_test.go
index 14543503eda54517932557489d6ac9d4aabad038..499b87ee67eae46857654c7bf7608ba1f38cd37c 100644 (file)
--- a/src/crypto/rsa/rsa_test.go
+++ b/src/crypto/rsa/rsa_test.go
@@ -248,8 +248,14 @@ func testEverything(t *testing.T, priv *PrivateKey) {
                }
        }
 
+       const hashMsg = "crypto/rsa: input must be hashed message"
+       sig, err := SignPKCS1v15(nil, priv, crypto.SHA256, msg)
+       if err == nil || err.Error() != hashMsg {
+               t.Errorf("SignPKCS1v15 with bad hash: err = %q, want %q", err, hashMsg)
+       }
+
        hash := sha256.Sum256(msg)
-       sig, err := SignPKCS1v15(nil, priv, crypto.SHA256, hash[:])
+       sig, err = SignPKCS1v15(nil, priv, crypto.SHA256, hash[:])
        if err == ErrMessageTooLong {
                t.Log("key too small for SignPKCS1v15")
        } else if err != nil {
Go GOST TLS 1.3