Merge branch 'maint'

IngelaAndin · IngelaAndin · commit 1963f1ddf83f · 2025-07-10T13:42:36.000+02:00
diff --git a/lib/public_key/src/pubkey_cert.erl b/lib/public_key/src/pubkey_cert.erl
@@ -258,9 +258,10 @@ validate_names(Cert, Permit, Exclude, Last, UserState, VerifyFun) ->
 %% working_public_key_algorithm, the working_public_key, and
 %% the working_public_key_parameters in path_validation_state.
 %%--------------------------------------------------------------------
-validate_signature(Cert, DerCert, Key, KeyParams,
+validate_signature(Cert, DerCert, Key, KeyParams0,
 		   UserState, VerifyFun) ->
     OtpCert = otp_cert(Cert),
+    KeyParams = key_params(OtpCert#'OTPCertificate'.tbsCertificate, KeyParams0),
     case verify_signature(OtpCert, DerCert, Key, KeyParams) of
 	true ->
 	    UserState;
@@ -2195,3 +2196,16 @@ otp_cert(#'OTPCertificate'{} = Cert) ->
     Cert;
 otp_cert(#cert{otp = OtpCert}) ->
     OtpCert.
+
+key_params(#'OTPTBSCertificate'{signature =
+                                    #'SignatureAlgorithm'{algorithm =
+                                                              ?'id-RSASSA-PSS',
+                                                          parameters = KeyParams}},
+           KeyParams0) when KeyParams0 == asn1_NOVALUE;
+                            KeyParams0 == 'NULL' ->
+    %% Sometimes parameters may be missing in issuer's
+    %% "SubjectPublicKeyInfo" but included in the certs
+    %% "SignatureAlgorithm" for RSA PSS signatures.
+    KeyParams;
+key_params(_, KeyParams) ->
+    KeyParams.
diff --git a/lib/public_key/test/public_key_SUITE.erl b/lib/public_key/test/public_key_SUITE.erl
@@ -125,6 +125,8 @@
          pkix_dsa_sha2_oid/1,
          pkix_crl/0,
          pkix_crl/1,
+         pkix_pss_params_in_signalg/0,
+         pkix_pss_params_in_signalg/1,
          general_name/0,
          general_name/1,
          pkix_hash_type/0,
@@ -191,6 +193,7 @@ all() ->
      pkix_rsa_md2_oid,
      pkix_dsa_sha2_oid,
      pkix_crl, 
+     pkix_pss_params_in_signalg,
      pkix_hash_type,
      general_name,
      pkix_verify_hostname_cn,
@@ -1458,6 +1461,34 @@ general_name(Config) when is_list(Config) ->
 					[{rfc822Name, DummyRfc822Name}],
 				    authorityCertSerialNumber = 
 					1}).
+%%--------------------------------------------------------------------
+
+pkix_pss_params_in_signalg() ->
+    [{doc, "Test that we can verify chain without RSA-PSS params in subjectPublickeyInfo, "
+   "but supplied in signature algorithm identifier record instead"}].
+pkix_pss_params_in_signalg(Config) when is_list(Config) ->
+    %% Use some pre-generated certificates, we do not care when they happen
+    %% to expire, we are testing that we handle RSA-PSS params.
+    Verify = {fun(_,{bad_cert, cert_expired}, UserState) ->
+                      {valid, UserState};
+                 (_,{bad_cert, _} = Reason, _) ->
+                      {fail, Reason};
+                 (_,{extension, _}, UserState) ->
+                      {unknown, UserState};
+                 (_, valid, UserState) ->
+                      {valid, UserState};
+                 (_, valid_peer, UserState) ->
+                      {valid, UserState}
+              end, []},
+    Root = root_cert(),
+    Intermediate = intermediate_cert(),
+    Entity = entity_cert(),
+    {ok,{{?'id-RSASSA-PSS',
+          #'RSAPublicKey'{},
+          asn1_NOVALUE},
+         []}} =
+        public_key:pkix_path_validation(Root, [Intermediate, Entity],
+                                        [{verify_fun, Verify}]).
 
 %%--------------------------------------------------------------------
 
@@ -2061,3 +2092,138 @@ pss_params(sha256) ->
                                              },
        saltLength = 32,
        trailerField = 1}.
+
+root_cert() ->
+    <<48,130,3,101,48,130,2,77,2,20,84,146,109,40,51,96,205,30,13,45,128,74,161,
+      155,47,20,138,254,44,215,48,13,6,9,42,134,72,134,247,13,1,1,11,5,0,48,111,49,
+      11,48,9,6,3,85,4,6,19,2,83,69,49,18,48,16,6,3,85,4,8,12,9,83,116,111,99,107,
+      104,111,108,109,49,18,48,16,6,3,85,4,7,12,9,83,116,111,99,107,104,111,108,
+      109,49,18,48,16,6,3,85,4,10,12,9,77,121,79,114,103,78,97,109,101,49,17,48,15,
+      6,3,85,4,11,12,8,77,121,82,111,111,116,67,65,49,17,48,15,6,3,85,4,3,12,8,77,
+      121,82,111,111,116,67,65,48,30,23,13,50,53,48,51,50,52,49,56,52,54,51,53,90,
+      23,13,51,53,48,51,50,50,49,56,52,54,51,53,90,48,111,49,11,48,9,6,3,85,4,6,19,
+      2,83,69,49,18,48,16,6,3,85,4,8,12,9,83,116,111,99,107,104,111,108,109,49,18,
+      48,16,6,3,85,4,7,12,9,83,116,111,99,107,104,111,108,109,49,18,48,16,6,3,85,4,
+      10,12,9,77,121,79,114,103,78,97,109,101,49,17,48,15,6,3,85,4,11,12,8,77,121,
+      82,111,111,116,67,65,49,17,48,15,6,3,85,4,3,12,8,77,121,82,111,111,116,67,65,
+      48,130,1,34,48,13,6,9,42,134,72,134,247,13,1,1,1,5,0,3,130,1,15,0,48,130,1,
+      10,2,130,1,1,0,172,31,79,63,209,47,91,232,50,144,244,240,108,21,154,11,248,
+      137,136,255,175,123,48,19,227,178,98,227,162,99,222,164,175,37,245,195,160,
+      169,247,10,158,143,232,52,48,32,64,83,161,133,29,92,14,229,118,75,162,237,
+      194,148,158,210,16,247,1,105,133,153,8,108,123,119,86,45,155,9,85,5,72,176,
+      91,243,192,172,84,63,46,8,200,216,153,199,38,156,159,9,234,116,237,44,90,231,
+      22,214,236,213,21,233,7,62,75,42,187,211,62,216,129,1,75,21,47,218,78,54,113,
+      184,78,114,85,25,15,117,69,231,84,245,231,55,48,30,254,104,143,187,218,22,27,
+      67,192,240,251,166,40,194,197,65,52,1,139,152,148,60,174,36,212,135,70,132,
+      203,121,28,90,193,62,142,115,5,40,48,164,113,209,193,154,69,212,11,221,148,
+      194,4,12,187,57,202,164,98,148,189,9,67,135,155,189,10,252,107,191,141,26,52,
+      175,67,41,114,15,80,79,97,229,148,205,254,29,198,130,88,134,133,153,117,73,
+      223,7,236,23,124,240,207,192,193,16,198,155,212,44,213,218,46,203,199,198,
+      120,252,28,205,2,3,1,0,1,48,13,6,9,42,134,72,134,247,13,1,1,11,5,0,3,130,1,1,
+      0,129,55,80,172,175,171,144,210,76,225,67,60,141,160,98,125,231,122,225,103,
+      217,88,51,67,200,96,2,7,161,20,47,170,243,190,67,81,233,66,94,134,217,247,
+      157,29,157,89,232,26,114,64,112,125,238,125,243,133,125,131,174,151,205,142,
+      157,145,243,69,64,43,186,99,230,79,251,218,20,61,83,253,250,233,95,149,55,
+      143,235,220,22,18,16,133,209,74,153,96,90,155,29,10,128,115,33,134,84,114,
+      144,196,51,170,78,54,55,200,21,41,54,230,62,121,92,229,236,93,226,127,64,79,
+      8,237,230,66,48,73,247,74,138,150,69,99,186,7,15,81,208,223,233,79,24,41,205,
+      95,2,130,147,41,153,192,126,2,38,208,194,37,16,229,157,100,190,103,167,94,
+      103,26,239,121,224,139,40,83,31,56,49,187,100,145,141,122,122,81,29,11,5,217,
+      199,48,39,1,201,190,86,230,33,247,193,149,81,228,99,173,153,3,158,155,238,
+      113,155,48,237,192,52,189,33,50,180,74,148,121,193,186,52,0,17,170,145,140,
+      201,199,76,185,45,155,90,133,210,208,177,76,251,180,240,49,231,184,171,131,
+      39,214>>.
+
+intermediate_cert() ->
+    <<48,130,4,56,48,130,3,32,160,3,2,1,2,2,5,23,66,132,25,149,48,13,6,9,42,134,72,
+      134,247,13,1,1,11,5,0,48,111,49,11,48,9,6,3,85,4,6,19,2,83,69,49,18,48,16,6,
+      3,85,4,8,12,9,83,116,111,99,107,104,111,108,109,49,18,48,16,6,3,85,4,7,12,9,
+      83,116,111,99,107,104,111,108,109,49,18,48,16,6,3,85,4,10,12,9,77,121,79,114,
+      103,78,97,109,101,49,17,48,15,6,3,85,4,11,12,8,77,121,82,111,111,116,67,65,
+      49,17,48,15,6,3,85,4,3,12,8,77,121,82,111,111,116,67,65,48,30,23,13,50,53,48,
+      51,50,52,49,56,52,54,51,53,90,23,13,51,53,48,51,50,50,49,56,52,54,51,53,90,
+      48,109,49,11,48,9,6,3,85,4,6,19,2,83,69,49,18,48,16,6,3,85,4,8,12,9,83,116,
+      111,99,107,104,111,108,109,49,18,48,16,6,3,85,4,10,12,9,77,121,79,114,103,78,
+      97,109,101,49,25,48,23,6,3,85,4,11,12,16,77,121,73,110,116,101,114,109,101,
+      100,105,97,116,101,67,65,49,27,48,25,6,3,85,4,3,12,18,77,121,73,110,116,101,
+      114,109,101,100,105,97,116,101,67,65,45,50,48,130,1,34,48,13,6,9,42,134,72,
+      134,247,13,1,1,1,5,0,3,130,1,15,0,48,130,1,10,2,130,1,1,0,156,174,148,169,31,
+      183,41,227,124,177,2,91,41,77,105,187,136,57,229,255,251,22,197,103,254,91,
+      17,198,213,237,164,161,121,214,179,198,81,151,226,74,224,158,208,112,81,102,
+      154,21,79,181,154,60,234,22,136,27,3,183,62,225,223,4,17,105,122,21,15,68,22,
+      236,252,6,210,217,30,142,9,120,128,181,8,130,195,253,245,59,239,27,191,97,7,
+      14,8,138,217,61,4,134,14,118,228,183,206,99,157,152,46,115,66,87,17,40,88,45,
+      49,238,54,57,53,156,172,139,50,206,79,179,118,89,26,201,196,17,6,222,77,78,
+      245,5,73,85,81,242,234,136,97,4,175,134,74,207,38,9,54,98,185,191,11,183,130,
+      108,26,234,5,60,203,29,141,40,207,132,105,200,115,14,42,123,248,2,118,241,6,
+      2,143,229,40,121,216,119,249,145,65,243,75,226,142,26,209,185,21,165,60,153,
+      235,155,230,203,132,253,183,158,109,240,56,22,42,118,34,33,141,74,161,201,76,
+      127,220,218,229,104,112,162,83,138,175,106,182,95,42,116,179,248,69,112,217,
+      103,179,150,137,5,64,76,46,170,157,12,96,93,2,3,1,0,1,163,129,220,48,129,217,
+      48,14,6,3,85,29,15,1,1,255,4,4,3,2,1,6,48,15,6,3,85,29,19,1,1,255,4,5,48,3,1,
+      1,255,48,29,6,3,85,29,14,4,22,4,20,149,52,132,249,152,100,9,172,104,217,14,
+      21,103,243,114,237,4,135,197,71,48,129,150,6,3,85,29,35,4,129,142,48,129,139,
+      161,115,164,113,48,111,49,11,48,9,6,3,85,4,6,19,2,83,69,49,18,48,16,6,3,85,4,
+      8,12,9,83,116,111,99,107,104,111,108,109,49,18,48,16,6,3,85,4,7,12,9,83,116,
+      111,99,107,104,111,108,109,49,18,48,16,6,3,85,4,10,12,9,77,121,79,114,103,78,
+      97,109,101,49,17,48,15,6,3,85,4,11,12,8,77,121,82,111,111,116,67,65,49,17,48,
+      15,6,3,85,4,3,12,8,77,121,82,111,111,116,67,65,130,20,84,146,109,40,51,96,
+      205,30,13,45,128,74,161,155,47,20,138,254,44,215,48,13,6,9,42,134,72,134,247,
+      13,1,1,11,5,0,3,130,1,1,0,113,62,255,199,151,42,233,82,42,44,101,9,155,153,
+      127,205,20,52,24,99,231,126,37,61,244,68,105,72,182,208,3,145,187,137,166,
+      239,219,155,68,7,241,5,64,142,191,68,248,51,197,135,181,121,9,60,109,216,199,
+      79,113,223,228,14,91,199,110,222,13,84,193,50,112,116,127,129,48,195,223,35,
+      179,154,182,85,3,11,78,100,228,163,41,166,134,90,230,240,231,241,126,23,49,2,
+      239,101,4,178,24,11,249,183,238,226,160,121,221,133,255,168,41,243,220,193,9,
+      114,167,52,138,30,143,247,221,162,127,100,137,66,199,175,8,112,52,52,143,71,
+      5,181,13,81,129,232,212,115,14,253,220,141,174,82,186,122,174,107,53,56,127,
+      189,105,132,110,154,193,152,43,145,181,233,136,202,95,58,249,179,121,70,79,
+      182,83,222,51,233,247,57,223,174,51,219,90,67,61,129,197,255,47,101,2,127,
+      220,106,211,166,156,75,215,235,18,58,27,179,74,251,149,63,250,101,83,171,229,
+      106,163,229,123,160,62,76,79,121,223,182,12,208,153,220,233,111,84,149,52,
+      206,65,157,104,120,68,104,225,47,56,80>>.
+
+entity_cert() ->
+    <<48,130,3,191,48,130,2,124,2,20,15,173,151,156,170,164,58,131,234,136,140,158,
+      13,36,237,166,129,102,178,109,48,56,6,9,42,134,72,134,247,13,1,1,10,48,43,
+      160,13,48,11,6,9,96,134,72,1,101,3,4,2,1,161,26,48,24,6,9,42,134,72,134,247,
+      13,1,1,8,48,11,6,9,96,134,72,1,101,3,4,2,1,48,109,49,11,48,9,6,3,85,4,6,19,2,
+      83,69,49,18,48,16,6,3,85,4,8,12,9,83,116,111,99,107,104,111,108,109,49,18,48,
+      16,6,3,85,4,10,12,9,77,121,79,114,103,78,97,109,101,49,25,48,23,6,3,85,4,11,
+      12,16,77,121,73,110,116,101,114,109,101,100,105,97,116,101,67,65,49,27,48,25,
+      6,3,85,4,3,12,18,77,121,73,110,116,101,114,109,101,100,105,97,116,101,67,65,
+      45,50,48,30,23,13,50,53,48,51,50,52,49,56,52,54,51,54,90,23,13,51,53,48,51,
+      50,50,49,56,52,54,51,54,90,48,119,49,11,48,9,6,3,85,4,6,19,2,83,69,49,18,48,
+      16,6,3,85,4,8,12,9,83,116,111,99,107,104,111,108,109,49,18,48,16,6,3,85,4,7,
+      12,9,83,116,111,99,107,104,111,108,109,49,18,48,16,6,3,85,4,10,12,9,77,121,
+      79,114,103,78,97,109,101,49,24,48,22,6,3,85,4,11,12,15,77,121,83,101,114,118,
+      105,99,101,67,108,105,101,110,116,49,18,48,16,6,3,85,4,3,12,9,108,111,99,97,
+      108,104,111,115,116,48,130,1,32,48,11,6,9,42,134,72,134,247,13,1,1,10,3,130,
+      1,15,0,48,130,1,10,2,130,1,1,0,189,65,229,200,99,164,197,115,5,62,249,116,8,
+      91,48,99,76,105,88,243,190,73,230,205,56,243,126,64,38,197,95,173,13,142,36,
+      81,67,91,163,9,136,101,237,143,151,192,214,144,21,27,141,149,59,40,182,244,
+      58,107,175,14,55,210,75,135,217,129,12,61,222,42,3,72,219,79,232,185,17,22,
+      62,5,117,249,16,45,41,112,201,202,229,223,90,217,217,227,199,242,75,60,109,
+      185,247,189,165,180,57,118,158,54,188,108,205,150,101,171,197,230,199,107,
+      206,31,127,143,96,121,39,24,216,190,34,241,215,142,21,65,158,211,113,211,116,
+      115,92,145,2,216,34,218,245,51,51,171,147,118,165,67,211,236,245,28,90,27,85,
+      54,28,153,59,199,206,44,23,252,2,216,211,188,43,89,247,135,227,158,198,151,
+      90,108,161,140,207,160,178,207,64,161,24,13,85,10,240,55,105,255,119,191,93,
+      123,233,207,91,131,52,26,165,199,186,8,143,1,74,124,140,11,224,195,29,25,239,
+      109,178,86,57,141,110,247,146,14,44,175,152,88,7,221,9,55,247,95,171,190,119,
+      154,177,123,123,205,25,12,65,173,2,3,1,0,1,48,56,6,9,42,134,72,134,247,13,1,
+      1,10,48,43,160,13,48,11,6,9,96,134,72,1,101,3,4,2,1,161,26,48,24,6,9,42,134,
+      72,134,247,13,1,1,8,48,11,6,9,96,134,72,1,101,3,4,2,1,3,130,1,1,0,121,122,65,
+      44,230,154,144,151,21,186,181,229,46,141,213,104,136,245,156,128,159,0,185,
+      227,176,198,113,197,103,245,177,30,216,30,48,101,196,111,119,89,84,2,43,87,
+      21,42,85,220,184,194,171,207,5,7,143,142,7,178,211,212,92,124,1,145,180,84,
+      168,128,114,207,111,225,239,171,46,250,63,188,79,221,217,170,103,36,28,139,
+      156,199,63,232,34,156,146,42,163,206,172,107,74,189,112,9,129,69,107,75,54,
+      41,227,136,127,204,234,77,99,186,232,26,74,184,175,170,40,44,196,77,160,226,
+      160,168,206,198,137,121,114,225,90,231,195,220,119,178,70,167,95,28,174,110,
+      4,219,141,181,29,113,27,165,184,183,4,228,43,175,119,101,7,199,81,205,23,130,
+      154,112,72,76,139,12,27,145,203,220,27,176,236,219,66,52,2,49,26,42,83,218,8,
+      37,234,177,21,23,175,104,224,201,67,168,55,11,52,243,187,120,10,143,42,247,
+      192,248,221,66,55,73,61,67,213,223,3,129,161,19,191,166,23,234,120,254,108,
+      210,239,35,51,101,41,224,241,14,212,245,123,140,245,241,129,175,129,123,242,
+      175>>.
