jws: fix RSA-PSS signatures

We were picking the wrong salt length. Verified that previously signatures could not be verified by jose or jwt.io, but succeed with this change.
szark · Feb 18, 2021 · 2ed6931 · 2ed6931
1 parent 5d8f69a
commit 2ed6931
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/jws/rsa.go b/jws/rsa.go
@@ -74,7 +74,7 @@ func makeSignPSS(hash crypto.Hash) rsaSignFunc {
 			return nil, errors.Wrap(err, "failed to write payload using SignPSS")
 		}
 		return rsa.SignPSS(rand.Reader, key, hash, h.Sum(nil), &rsa.PSSOptions{
-			SaltLength: rsa.PSSSaltLengthAuto,
+			SaltLength: rsa.PSSSaltLengthEqualsHash,
 		})
 	}
 }