diff --git a/crypto/Contributors.html b/crypto/Contributors.html
index b3cf33bac..1f8ef780c 100644
--- a/crypto/Contributors.html
+++ b/crypto/Contributors.html
@@ -269,7 +269,7 @@ University of Wollongong, Institute of Cybersecurity and Cryptology, under the s
<p>Matthew Sitton (https://github.com/mdsitton) - Addition of missing ALPN Protocol names.</p>
</li>
<li>
- <p>Jozef Gajdoš (https://github.com/harrison314) - Time constructor optimization, RevokedStatus fix, improved thread-safe singleton code (e.g. X509Certificate/X509Crl cached encoding), SubjectPublicKeyInfo support in OpenSsl.PemWriter.</p>
+ <p>Jozef Gajdoš (https://github.com/harrison314) - Time constructor optimization, RevokedStatus fix, improved thread-safe singleton code (e.g. X509Certificate/X509Crl cached encoding), SubjectPublicKeyInfo support in OpenSsl.PemWriter, fixed PSS raw signing over spans.</p>
</li>
<li>
<p>Ben Adams (https://github.com/benaadams) - Performance optimization for AES-NI.</p>
diff --git a/crypto/Readme.html b/crypto/Readme.html
index ee726b5a4..76afc29a4 100644
--- a/crypto/Readme.html
+++ b/crypto/Readme.html
@@ -32,6 +32,8 @@
<a href="#mozTocId3413">Notes:</a>
<ol>
<li>
+ <a href="#mozTocId85332">Release 2.3.1</a>
+ <li>
<a href="#mozTocId85331">Release 2.3.0</a>
<li>
<a href="#mozTocId85330">Release 2.2.1</a>
@@ -329,6 +331,22 @@
<hr style="WIDTH: 100%; HEIGHT: 2px">
<h3><a class="mozTocH3" name="mozTocId3413"></a>Notes:</h3>
+ <h4><a class="mozTocH4" name="mozTocId85332"></a>Release 2.3.1, TBD</h4>
+ <h5>Defects Fixed</h5>
+ <ul>
+ <li>PSS: Fixed regression in 2.3.0 when updating signer from a span.</li>
+ </ul>
+ <h5>Additional Features and Functionality</h5>
+ <ul>
+ </ul>
+ <h5>Additional Notes</h5>
+ <ul>
+ <li>
+ See the (cumulative) list of GitHub pull requests that we have accepted at
+ <a href="https://github.com/bcgit/bc-csharp/pulls?q=is%3Apr+is%3Aclosed">bcgit/bc-csharp</a>.
+ </li>
+ </ul>
+
<h4><a class="mozTocH4" name="mozTocId85331"></a>Release 2.3.0, Monday February 5, 2024</h4>
<h5>Defects Fixed</h5>
<ul>
diff --git a/crypto/test/src/crypto/test/PSSTest.cs b/crypto/test/src/crypto/test/PSSTest.cs
index 599c2c8c7..72558e62f 100644
--- a/crypto/test/src/crypto/test/PSSTest.cs
+++ b/crypto/test/src/crypto/test/PSSTest.cs
@@ -4,6 +4,7 @@ using NUnit.Framework;
using Org.BouncyCastle.Crypto.Digests;
using Org.BouncyCastle.Crypto.Engines;
+using Org.BouncyCastle.Crypto.Generators;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.Crypto.Signers;
using Org.BouncyCastle.Math;
@@ -215,7 +216,44 @@ namespace Org.BouncyCastle.Crypto.Tests
get { return "PSSTest"; }
}
- private void doTestSig(
+ [Test]
+ public void TestRegression_GitHub_bc_csharp_524()
+ {
+ SecureRandom secureRandom = new SecureRandom();
+
+ var kpg = new RsaKeyPairGenerator();
+ kpg.Init(new RsaKeyGenerationParameters(BigInteger.ValueOf(17), secureRandom, 1024, 100));
+ var keyPair = kpg.GenerateKeyPair();
+
+ var digest = new Sha256Digest();
+
+ var hash = SecureRandom.GetNextBytes(secureRandom, digest.GetDigestSize());
+
+ var signer = PssSigner.CreateRawSigner(new RsaBlindedEngine(), digest);
+ signer.Init(true, keyPair.Private);
+ // NOTE: .NET Core 3.1 has Span<T>, but is tested against our .NET Standard 2.0 assembly.
+ //#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+#if NET6_0_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ signer.BlockUpdate(hash);
+#else
+ signer.BlockUpdate(hash, 0, hash.Length);
+#endif
+ byte[] signature = signer.GenerateSignature();
+
+ signer.Init(false, keyPair.Public);
+ // NOTE: .NET Core 3.1 has Span<T>, but is tested against our .NET Standard 2.0 assembly.
+//#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+#if NET6_0_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ signer.BlockUpdate(hash);
+#else
+ signer.BlockUpdate(hash, 0, hash.Length);
+#endif
+ bool verified = signer.VerifySignature(signature);
+
+ Assert.IsTrue(verified);
+ }
+
+ private void doTestSig(
int id,
RsaKeyParameters pub,
RsaKeyParameters prv,
|
