From: Yoann Congal <yoann.congal@smile.fr>
Date: Thu, 16 May 2024 09:19:20 +0000 (+0000)
Subject: crypto/x509: fix certificate request creation with RSA-PSS
X-Git-Tag: go1.23rc1~308
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=18104621ce742af7be8d5049bb9aee588b562950;p=gostls13.git

crypto/x509: fix certificate request creation with RSA-PSS

In case of a RSA-PSS algorithm, the hashFunc of CreateCertificateRequest
is embedded in a rsa.PSSOptions struct. Given to key.Sign(), this will
generate a proper RSA-PSS signature.

Pasted from the RSA-PSS handling code in CreateCertificate().

Fixes #45990
Fixes #65074

Change-Id: I8475afa79d8add107f092cc2871d38300e7b3903
GitHub-Last-Rev: 63fb0214c3b03a18e184562a9510145ea817bc20
GitHub-Pull-Request: golang/go#55153
Reviewed-on: https://go-review.googlesource.com/c/go/+/431916
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
TryBot-Bypass: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Alex Scheel <alex.scheel@hashicorp.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
---

diff --git a/src/crypto/x509/x509.go b/src/crypto/x509/x509.go
index 3e26941573..47bb428110 100644
--- a/src/crypto/x509/x509.go
+++ b/src/crypto/x509/x509.go
@@ -2111,8 +2111,16 @@ func CreateCertificateRequest(rand io.Reader, template *CertificateRequest, priv
 		signed = h.Sum(nil)
 	}
 
+	var signerOpts crypto.SignerOpts = hashFunc
+	if template.SignatureAlgorithm != 0 && template.SignatureAlgorithm.isRSAPSS() {
+		signerOpts = &rsa.PSSOptions{
+			SaltLength: rsa.PSSSaltLengthEqualsHash,
+			Hash:       hashFunc,
+		}
+	}
+
 	var signature []byte
-	signature, err = key.Sign(rand, signed, hashFunc)
+	signature, err = key.Sign(rand, signed, signerOpts)
 	if err != nil {
 		return
 	}
diff --git a/src/crypto/x509/x509_test.go b/src/crypto/x509/x509_test.go
index a9dc145265..026367b167 100644
--- a/src/crypto/x509/x509_test.go
+++ b/src/crypto/x509/x509_test.go
@@ -1418,6 +1418,7 @@ func TestCreateCertificateRequest(t *testing.T) {
 		sigAlgo SignatureAlgorithm
 	}{
 		{"RSA", testPrivateKey, SHA256WithRSA},
+		{"RSA-PSS-SHA256", testPrivateKey, SHA256WithRSAPSS},
 		{"ECDSA-256", ecdsa256Priv, ECDSAWithSHA256},
 		{"ECDSA-384", ecdsa384Priv, ECDSAWithSHA256},
 		{"ECDSA-521", ecdsa521Priv, ECDSAWithSHA256},