mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-30 02:14:16 +01:00
3725bb2d6d
It should be valid to RSASSA-PSS sign a SHA-512 hash with a 1024-bit or 1032-bit RSA key, but with the salt size being always equal to the hash size, this isn't possible: the key is too small. To enable use of hashes that are relatively large compared to the key size, allow reducing the salt size to no less than the hash size minus 2 bytes. We don't allow salt sizes smaller than the hash size minus 2 bytes because that too significantly changes the security guarantees the library provides compared to the previous implementation which always used a salt size equal to the hash size. The new calculated salt size remains compliant with FIPS 186-4. We also need to update the "hash too large" test, since we now reduce the salt size when certain key sizes are used. We used to not support 1024-bit keys with SHA-512, but now we support this by reducing the salt size to 62. Update the "hash too large" test to use a 1016-bit RSA key with SHA-512, which still has too large of a hash because we will not reduce the salt size further than 2 bytes shorter than the hash size. The RSA private key used for the test was generated using "openssl genrsa 1016" using OpenSSL 1.1.1-pre8. $ openssl genrsa 1016 Generating RSA private key, 1016 bit long modulus (2 primes) ..............++++++ ....++++++ e is 65537 (0x010001) -----BEGIN RSA PRIVATE KEY----- MIICVwIBAAKBgACu54dKTbLxUQBEQF2ynxTfDze7z2H8vMmUo9McqvhYp0zI8qQK yanOeqmgaA9iz52NS4JxFFM/2/hvFvyd/ly/hX2GE1UZpGEf/FnLdHOGFhmnjj7D FHFegEz/gtbzLp9X3fOQVjYpiDvTT0Do20EyCbFRzul9gXpdZcfaVHNLAgMBAAEC gYAAiWht2ksmnP01B2nF8tGV1RQghhUL90Hd4D/AWFJdX1C4O1qc07jRBd1KLDH0 fH19WocLCImeSZooGCZn+jveTuaEH14w6I0EfnpKDcpWVAoIP6I8eSdAttrnTyTn Y7VgPrcobyq4WkCVCD/jLUbn97CneF7EHNspXGMTvorMeQJADjy2hF5SginhnPsk YR5oWawc6n01mStuLnloI8Uq/6A0AOQoMPkGl/CESZw+NYfe/BnnSeckM917cMKL DIKAtwJADEj55Frjj9tKUUO+N9eaEM1PH5eC7yakhIpESccs/XEsaDUIGHNjhctK mrbbWu+OlsVRA5z8yJFYIa7gae1mDQJABjtQ8JOQreTDGkFbZR84MbgCWClCIq89 5R3DFZUiAw4OdS1o4ja+Shc+8DFxkWDNm6+C63g/Amy5sVuWHX2p9QI/a69Cxmns TxHoXm1w9Azublk7N7DgB26yqxlTfWJo+ysOFmLEk47g0ekoCwLPxkwXlYIEoad2 JqPh418DwYExAkACcqrd9+rfxtrbCbTXHEizW7aHR+fVOr9lpXXDEZTlDJ57sRkS SpjXbAmylqQuKLqH8h/72RbiP36kEm5ptmw2 -----END RSA PRIVATE KEY----- |
||
---|---|---|
.. | ||
.gitignore | ||
aes.c | ||
aesni.c | ||
arc4.c | ||
aria.c | ||
asn1parse.c | ||
asn1write.c | ||
base64.c | ||
bignum.c | ||
blowfish.c | ||
camellia.c | ||
ccm.c | ||
certs.c | ||
chacha20.c | ||
chachapoly.c | ||
cipher_wrap.c | ||
cipher.c | ||
cmac.c | ||
CMakeLists.txt | ||
ctr_drbg.c | ||
debug.c | ||
des.c | ||
dhm.c | ||
ecdh.c | ||
ecdsa.c | ||
ecjpake.c | ||
ecp_curves.c | ||
ecp.c | ||
entropy_poll.c | ||
entropy.c | ||
error.c | ||
gcm.c | ||
havege.c | ||
hkdf.c | ||
hmac_drbg.c | ||
Makefile | ||
md2.c | ||
md4.c | ||
md5.c | ||
md_wrap.c | ||
md.c | ||
memory_buffer_alloc.c | ||
net_sockets.c | ||
nist_kw.c | ||
oid.c | ||
padlock.c | ||
pem.c | ||
pk_wrap.c | ||
pk.c | ||
pkcs5.c | ||
pkcs11.c | ||
pkcs12.c | ||
pkparse.c | ||
pkwrite.c | ||
platform_util.c | ||
platform.c | ||
poly1305.c | ||
ripemd160.c | ||
rsa_internal.c | ||
rsa.c | ||
sha1.c | ||
sha256.c | ||
sha512.c | ||
ssl_cache.c | ||
ssl_ciphersuites.c | ||
ssl_cli.c | ||
ssl_cookie.c | ||
ssl_srv.c | ||
ssl_ticket.c | ||
ssl_tls.c | ||
threading.c | ||
timing.c | ||
version_features.c | ||
version.c | ||
x509_create.c | ||
x509_crl.c | ||
x509_crt.c | ||
x509_csr.c | ||
x509.c | ||
x509write_crt.c | ||
x509write_csr.c | ||
xtea.c |