[release-branch.go1.24] crypto/x509: mitigate DoS vector when intermediate certificate contains DSA public key

An attacker could craft an intermediate X.509 certificate
containing a DSA public key and can crash a remote host
with an unauthenticated call to any endpoint that
verifies the certificate chain.

Thank you to Jakub Ciolek for reporting this issue.

Fixes CVE-2025-58188
For golang#75675
Fixes golang#75702

Change-Id: I2ecbb87b9b8268dbc55c8795891e596ab60f0088
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2780
Reviewed-by: Damien Neil <[email protected]>
Reviewed-by: Roland Shoemaker <[email protected]>
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2964
Reviewed-on: https://go-review.googlesource.com/c/go/+/709836
TryBot-Bypass: Michael Pratt <[email protected]>
Reviewed-by: Carlos Amedee <[email protected]>
Auto-Submit: Michael Pratt <[email protected]>

Author: thatnealpatel

src/crypto/x509/verify.go

@@ -873,7 +873,10 @@ func alreadyInChain(candidate *Certificate, chain []*Certificate) bool {
 		if !bytes.Equal(candidate.RawSubject, cert.RawSubject) {
 			continue
 		}
-		if !candidate.PublicKey.(pubKeyEqual).Equal(cert.PublicKey) {
+		// We enforce the canonical encoding of SPKI (by only allowing the
+		// correct AI paremeter encodings in parseCertificate), so it's safe to
+		// directly compare the raw bytes.
+		if !bytes.Equal(candidate.RawSubjectPublicKeyInfo, cert.RawSubjectPublicKeyInfo) {
 			continue
 		}
 		var certSAN *pkix.Extension