Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixes #11037 -- work around RFC 4055's inane notions of DER #11038

Merged
merged 1 commit into from
May 30, 2024
Merged

Fixes #11037 -- work around RFC 4055's inane notions of DER #11038

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions src/rust/cryptography-x509-verification/src/policy/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ static RSASSA_PSS_SHA256: Lazy<AlgorithmIdentifier<'_>> = Lazy::new(|| Algorithm
hash_algorithm: PSS_SHA256_HASH_ALG,
mask_gen_algorithm: PSS_SHA256_MASK_GEN_ALG,
salt_length: 32,
_trailer_field: 1,
_trailer_field: None,
}))),
});

Expand All @@ -108,7 +108,7 @@ static RSASSA_PSS_SHA384: Lazy<AlgorithmIdentifier<'_>> = Lazy::new(|| Algorithm
hash_algorithm: PSS_SHA384_HASH_ALG,
mask_gen_algorithm: PSS_SHA384_MASK_GEN_ALG,
salt_length: 48,
_trailer_field: 1,
_trailer_field: None,
}))),
});

Expand All @@ -119,7 +119,7 @@ static RSASSA_PSS_SHA512: Lazy<AlgorithmIdentifier<'_>> = Lazy::new(|| Algorithm
hash_algorithm: PSS_SHA512_HASH_ALG,
mask_gen_algorithm: PSS_SHA512_MASK_GEN_ALG,
salt_length: 64,
_trailer_field: 1,
_trailer_field: None,
}))),
});

Expand Down
13 changes: 11 additions & 2 deletions src/rust/cryptography-x509/src/common.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -367,9 +367,18 @@ pub struct RsaPssParameters<'a> {
#[explicit(2)]
#[default(20u16)]
pub salt_length: u16,
// While the RFC describes this field as `DEFAULT 1`, it also states that
// parsers must accept this field being encoded with a value of 1, in
// conflict with DER's requirement that field DEFAULT values not be
// encoded. Thus we just treat this as an optional field.
//
// Users of this struct should supply `None` to indicate the DEFAULT value
// of 1, or `Some` to indicate a different value. Note that if you supply
// `Some(1)` this will result in encoding a violation of the DER rules,
// thus this should never be done except to round-trip an existing
// structure.
#[explicit(3)]
#[default(1u8)]
pub _trailer_field: u8,
pub _trailer_field: Option<u8>,
}

// https://datatracker.ietf.org/doc/html/rfc3279#section-2.3.2
Expand Down
2 changes: 1 addition & 1 deletion src/rust/src/x509/sign.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -163,7 +163,7 @@ pub(crate) fn compute_signature_algorithm<'p>(
params: mgf_alg,
},
salt_length,
_trailer_field: 1,
_trailer_field: None,
})));

return Ok(common::AlgorithmIdentifier {
Expand Down