qbit/go
1
0
Fork 0
mirror of https://github.com/golang/go synced 2024-11-15 06:10:35 -07:00
Code Releases Activity

crypto/x509: fix certificate request creation with RSA-PSS

Browse Source 
In case of a RSA-PSS algorithm, the hashFunc of CreateCertificateRequest
is embedded in a rsa.PSSOptions struct. Given to key.Sign(), this will
generate a proper RSA-PSS signature.

Pasted from the RSA-PSS handling code in CreateCertificate()

Fixes #45990
This commit is contained in:
Yoann Congal 2021-05-07 00:01:27 +02:00
parent 1d33b5364e
commit 63fb0214c3
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/crypto/x509/x509.go
View File

@ -2110,8 +2110,16 @@ func CreateCertificateRequest(rand io.Reader, template *CertificateRequest, priv
signed = h.Sum(nil)
}
var signerOpts crypto.SignerOpts = hashFunc
if template.SignatureAlgorithm != 0 && template.SignatureAlgorithm.isRSAPSS() {
signerOpts = &rsa.PSSOptions{
SaltLength: rsa.PSSSaltLengthEqualsHash,
Hash: hashFunc,
}
}
var signature []byte
signature, err = key.Sign(rand, signed, hashFunc)
signature, err = key.Sign(rand, signed, signerOpts)
if err != nil {
return
}