PR: 2315

Use consistent calculation for PSS salt length.

diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index 6f790c2548c1b625b4b4c5ca72acfaf7acddde70..cefac171a535d80383fa61d73f173201540397ec 100644 (file)
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -588,7 +588,11 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
                if (saltlen == -1)
                        saltlen = EVP_MD_size(sigmd);
                else if (saltlen == -2)
+                       {
                        saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2;
+                       if (((EVP_PKEY_bits(pk) - 1) & 0x7) == 0)
+                               saltlen--;
+                       }
                pss = RSA_PSS_PARAMS_new();
                if (!pss)
                        goto err;