mirror of
https://github.com/golang/go
synced 2024-11-15 02:50:31 -07:00
crypto/x509: fix certificate request creation with RSA-PSS
In case of a RSA-PSS algorithm, the hashFunc of CreateCertificateRequest is embedded in a rsa.PSSOptions struct. Given to key.Sign(), this will generate a proper RSA-PSS signature. Pasted from the RSA-PSS handling code in CreateCertificate() Fixes #45990
This commit is contained in:
parent
1d33b5364e
commit
63fb0214c3
@ -2110,8 +2110,16 @@ func CreateCertificateRequest(rand io.Reader, template *CertificateRequest, priv
|
||||
signed = h.Sum(nil)
|
||||
}
|
||||
|
||||
var signerOpts crypto.SignerOpts = hashFunc
|
||||
if template.SignatureAlgorithm != 0 && template.SignatureAlgorithm.isRSAPSS() {
|
||||
signerOpts = &rsa.PSSOptions{
|
||||
SaltLength: rsa.PSSSaltLengthEqualsHash,
|
||||
Hash: hashFunc,
|
||||
}
|
||||
}
|
||||
|
||||
var signature []byte
|
||||
signature, err = key.Sign(rand, signed, hashFunc)
|
||||
signature, err = key.Sign(rand, signed, signerOpts)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user