Skip to content

Fix MasterKeys.gen_signature signing raw PEM bytes (#66259)#69650

Open
dwoz wants to merge 1 commit into
saltstack:3007.xfrom
dwoz:fix/66259-master-pubkey-signature-clean-key
Open

Fix MasterKeys.gen_signature signing raw PEM bytes (#66259)#69650
dwoz wants to merge 1 commit into
saltstack:3007.xfrom
dwoz:fix/66259-master-pubkey-signature-clean-key

Conversation

@dwoz

@dwoz dwoz commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

What does this PR do?

Applies clean_key() to the master public-key PEM before signing it in
MasterKeys.gen_signature, so the signed content matches the pub_key the
master transmits to minions in the auth reply. Without this, minions cannot
verify the signature whenever master_use_pubkey_signature: True is set.

What issues does this PR fix or reference?

Fixes #66259

Previous Behavior

MasterKeys.gen_signature on 3007.x/3008.x/master signed
pub.public_bytes(PEM) directly, including the trailing newline emitted
per RFC 7468 (451 bytes for a 4096-bit RSA pub key). But
MasterKeys.get_pub_str() transmits clean_key(pub) (450 bytes,
newline stripped). A minion computing verify_signature(sign_pub, payload["pub_key"], payload["pub_sig"]) therefore verifies the wrong
byte range and rejects the master with:

The Salt Master server's public key did not authenticate!

...on every auth attempt.

Same root cause as #68930 (fixed on 3006.x by #68934). The 3007.x
refactor moved gen_signature into MasterKeys.gen_signature and the
whitespace-normalization patch did not carry forward because the new
code path derives the pub bytes from public_bytes(PEM) instead of
reading them from disk.

New Behavior

gen_signature normalizes the pub PEM through clean_key() before
priv.sign(...), matching what get_pub_str() sends. Signature
verification succeeds against the transmitted pub_key for minions of
any version.

Merge requirements satisfied?

  • Docs (no documented behavior changes; the feature now actually works as documented)
  • Changelog (changelog/66259.fixed.md)
  • Tests written/updated (tests/pytests/unit/crypt/test_crypt.py::test_master_keys_gen_signature_signs_clean_key)

Commits signed with GPG?

No

``MasterKeys.gen_signature`` on 3007.x+ signed ``pub.public_bytes(PEM)``
directly, which carries the trailing newline emitted per RFC 7468. The
auth-reply path transmits ``get_pub_str()`` = ``clean_key(pub)`` to the
minion (newline stripped). A minion verifying ``payload["pub_sig"]``
against ``payload["pub_key"]`` therefore fails every time
``master_use_pubkey_signature: True`` is set: the master signed 451
bytes, the minion verifies 450.

This is the same root cause as saltstack#68930 (fixed on 3006.x by saltstack#68934), but
the 3007.x refactor moved ``gen_signature`` into ``MasterKeys`` and the
whitespace-normalization patch didn't propagate.

Apply ``clean_key()`` to the PEM before signing so the signed content
matches what ``get_pub_str()`` sends.

Fixes saltstack#66259
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

test:full Run the full test suite

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant