crypto/x509: fix certificate request creation with RSA-PSS

In case of a RSA-PSS algorithm, the hashFunc of CreateCertificateRequest is embedded in a rsa.PSSOptions struct. Given to key.Sign(), this will generate a proper RSA-PSS signature. Pasted from the RSA-PSS handling code in CreateCertificate(). Fixes #45990 Fixes #65074 Change-Id: I8475afa79d8add107f092cc2871d38300e7b3903 GitHub-Last-Rev: 63fb0214c3 GitHub-Pull-Request: golang/go#55153 Reviewed-on: https://go-review.googlesource.com/c/go/+/431916 Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org> TryBot-Bypass: Filippo Valsorda <filippo@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Alex Scheel <alex.scheel@hashicorp.com> Reviewed-by: Cherry Mui <cherryyz@google.com>
2024-11-15 04:20:22 -07:00 · 2024-05-16 09:19:20 +00:00 · 2024-05-16 09:19:20 +00:00 · 18104621ce
commit 18104621ce
parent 6ed31e3c3e
2 changed files with 10 additions and 1 deletions
--- a/src/crypto/x509/x509.go
+++ b/src/crypto/x509/x509.go
@ -2111,8 +2111,16 @@ func CreateCertificateRequest(rand io.Reader, template *CertificateRequest, priv
 		signed = h.Sum(nil)
 	}

+	var signerOpts crypto.SignerOpts = hashFunc
+	if template.SignatureAlgorithm != 0 && template.SignatureAlgorithm.isRSAPSS() {
+		signerOpts = &rsa.PSSOptions{
+			SaltLength: rsa.PSSSaltLengthEqualsHash,
+			Hash:       hashFunc,
+		}
+	}
+
 	var signature []byte
-	signature, err = key.Sign(rand, signed, hashFunc)
+	signature, err = key.Sign(rand, signed, signerOpts)
 	if err != nil {
 		return
 	}
--- a/src/crypto/x509/x509_test.go
+++ b/src/crypto/x509/x509_test.go
@ -1418,6 +1418,7 @@ func TestCreateCertificateRequest(t *testing.T) {
 		sigAlgo SignatureAlgorithm
 	}{
 		{"RSA", testPrivateKey, SHA256WithRSA},
+		{"RSA-PSS-SHA256", testPrivateKey, SHA256WithRSAPSS},
 		{"ECDSA-256", ecdsa256Priv, ECDSAWithSHA256},
 		{"ECDSA-384", ecdsa384Priv, ECDSAWithSHA256},
 		{"ECDSA-521", ecdsa521Priv, ECDSAWithSHA256},