Fixes #11037 -- work around RFC 4055's inane notions of DER (#11038)

pyca · May 30, 2024 · fdfc524 · fdfc524
1 parent fac1188
commit fdfc524
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 6 deletions.
diff --git a/src/rust/cryptography-x509-verification/src/policy/mod.rs b/src/rust/cryptography-x509-verification/src/policy/mod.rs
@@ -97,7 +97,7 @@ static RSASSA_PSS_SHA256: Lazy<AlgorithmIdentifier<'_>> = Lazy::new(|| Algorithm
         hash_algorithm: PSS_SHA256_HASH_ALG,
         mask_gen_algorithm: PSS_SHA256_MASK_GEN_ALG,
         salt_length: 32,
-        _trailer_field: 1,
+        _trailer_field: None,
     }))),
 });
 
@@ -108,7 +108,7 @@ static RSASSA_PSS_SHA384: Lazy<AlgorithmIdentifier<'_>> = Lazy::new(|| Algorithm
         hash_algorithm: PSS_SHA384_HASH_ALG,
         mask_gen_algorithm: PSS_SHA384_MASK_GEN_ALG,
         salt_length: 48,
-        _trailer_field: 1,
+        _trailer_field: None,
     }))),
 });
 
@@ -119,7 +119,7 @@ static RSASSA_PSS_SHA512: Lazy<AlgorithmIdentifier<'_>> = Lazy::new(|| Algorithm
         hash_algorithm: PSS_SHA512_HASH_ALG,
         mask_gen_algorithm: PSS_SHA512_MASK_GEN_ALG,
         salt_length: 64,
-        _trailer_field: 1,
+        _trailer_field: None,
     }))),
 });
 

diff --git a/src/rust/cryptography-x509/src/common.rs b/src/rust/cryptography-x509/src/common.rs
@@ -367,9 +367,18 @@ pub struct RsaPssParameters<'a> {
     #[explicit(2)]
     #[default(20u16)]
     pub salt_length: u16,
+    // While the RFC describes this field as `DEFAULT 1`, it also states that
+    // parsers must accept this field being encoded with a value of 1, in
+    // conflict with DER's requirement that field DEFAULT values not be
+    // encoded. Thus we just treat this as an optional field.
+    //
+    // Users of this struct should supply `None` to indicate the DEFAULT value
+    // of 1, or `Some` to indicate a different value. Note that if you supply
+    // `Some(1)` this will result in encoding a violation of the DER rules,
+    // thus this should never be done except to round-trip an existing
+    // structure.
     #[explicit(3)]
-    #[default(1u8)]
-    pub _trailer_field: u8,
+    pub _trailer_field: Option<u8>,
 }
 
 // https://datatracker.ietf.org/doc/html/rfc3279#section-2.3.2

diff --git a/src/rust/src/x509/sign.rs b/src/rust/src/x509/sign.rs
@@ -163,7 +163,7 @@ pub(crate) fn compute_signature_algorithm<'p>(
                     params: mgf_alg,
                 },
                 salt_length,
-                _trailer_field: 1,
+                _trailer_field: None,
             })));
 
         return Ok(common::AlgorithmIdentifier {