From: Dr. Stephen Henson Date: Tue, 10 Aug 2010 13:01:49 +0000 (+0000) Subject: PR: 2315 X-Git-Tag: OpenSSL-fips-2_0-rc1~1009 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=0b789adc671b5b8bae94027d17e30696f01b23d8;p=oweals%2Fopenssl.git PR: 2315 Use consistent calculation for PSS salt length. --- diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index 6f790c2548..cefac171a5 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -588,7 +588,11 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, if (saltlen == -1) saltlen = EVP_MD_size(sigmd); else if (saltlen == -2) + { saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2; + if (((EVP_PKEY_bits(pk) - 1) & 0x7) == 0) + saltlen--; + } pss = RSA_PSS_PARAMS_new(); if (!pss) goto err;