diff options
| author | David Benjamin <davidben@davidben.net> | 2018-08-23 14:58:30 -0500 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2018-08-23 14:58:30 -0500 |
| commit | 3ce8883fd62043419b225790cd524b7619b4bb72 (patch) | |
| tree | 2c522ad472b94daf04b9f8095168913260057851 /.travis | |
| parent | fe33ec8ca04b74479c68806616b0e6a43503d794 (diff) | |
| download | cryptography-3ce8883fd62043419b225790cd524b7619b4bb72.tar.gz cryptography-3ce8883fd62043419b225790cd524b7619b4bb72.tar.bz2 cryptography-3ce8883fd62043419b225790cd524b7619b4bb72.zip | |
Fix encoding errors in RSA test keys. (#4410)
* Fix encoding errors in RSA test keys.
enc-rsa-pkcs8.pem and unenc-rsa-pkcs8.pem did not encode the RSA key
correctly. Per RFC 8017, appendix A.1:
The object identifier rsaEncryption identifies RSA public and private
keys as defined in Appendices A.1.1 and A.1.2. The parameters field
has associated with this OID in a value of type AlgorithmIdentifier
SHALL have a value of type NULL.
rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 }
unenc-rsa-pkcs8.pem, however, was missing that NULL, which was, in turn,
carried into the encrypted payload of enc-rsa-pkcs8.pem. The DER
version, enc-rsa-pkcs8.der, carries this mistake too. Interestingly,
unenc-rsa-pkcs8.der does *not* have it. I'm guessing it was converted
with the openssl command-line tool which fixed the encoding in
conversion.
Current versions of OpenSSL are lax and ignore the parameters field, but
it's best to test against spec-compliant inputs. Fix unenc-rsa-pkcs8.pem
to match unenc-rsa-pkcs8.der and then refresh enc-rsa-pkcs8.{der,pem}
with the new encoding but otherwise the same encryption parameters.
I've refreshed the dumpasn1 (at least that's what it looks like)
preamble at the top of each file, but the current version of dumpasn1
appears to have changed the spacing slightly, so there's some whitespace
diff noise.
* Update test-vectors.rst.
Diffstat (limited to '.travis')
0 files changed, 0 insertions, 0 deletions