Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Migrate SPKI parsing from OpenSSL to Rust #10121

Merged
merged 1 commit into from
Jan 21, 2024
Merged

Migrate SPKI parsing from OpenSSL to Rust #10121

merged 1 commit into from
Jan 21, 2024

Conversation

alex
Copy link
Member

@alex alex commented Jan 4, 2024
edited
Loading

TODO:

  • Handle unsupported key types
  • Handle un-named EC keys
  • Figure out how to handle DHX stuff (DH_set_flags(dh, DH_FLAG_TYPE_DHX))
  • More EC curves?
  • rust-openssl release
  • Figure out the RHEL issue
  • Missing EC coverage
    • Private key with explicit curve parameters
    • Private key with an unsupported curve
    • Loading keys with obscure curves:
      • SECT163K1
      • SECT233K1
      • SECT163R2
      • SECT233R1

@alex alex mentioned this pull request Jan 4, 2024
Open
@alex alex force-pushed the spki-parse-rust branch 15 times, most recently from 9a42dc6 to 9a78475 Compare January 4, 2024 22:28
alex
alex commented Jan 4, 2024
View reviewed changes
src/rust/cryptography-x509/src/common.rs Outdated Show resolved Hide resolved
tests/x509/test_x509_ext.py Show resolved Hide resolved
@alex alex force-pushed the spki-parse-rust branch 6 times, most recently from 5c5ea79 to 0a2fa6b Compare January 6, 2024 15:13
@alex alex added this to the Forty Second Release milestone Jan 6, 2024
@alex alex force-pushed the spki-parse-rust branch 3 times, most recently from 0b153b7 to 62a2983 Compare January 19, 2024 16:58
@alex alex force-pushed the spki-parse-rust branch 2 times, most recently from 872704c to f35e89a Compare January 20, 2024 00:21
@alex alex marked this pull request as ready for review January 20, 2024 00:21
@alex alex force-pushed the spki-parse-rust branch 2 times, most recently from 1b4460d to 0a71e16 Compare January 21, 2024 12:44
@reaperhulk reaperhulk merged commit 6b4a4de into pyca:main Jan 21, 2024
58 checks passed
@alex alex deleted the spki-parse-rust branch January 21, 2024 18:13
@tamird
Copy link

tamird commented Jan 24, 2024

This seems to be stricter than OpenSSL. In particular, some keys with BEGIN RSA PUBLIC KEY which previously decoded without error no longer do until changed to BEGIN PUBLIC KEY.

@alex
Copy link
Member Author

alex commented Jan 24, 2024

@tamird can you file a new ticket with the details of the issue and an example public key?

It sounds like this is a full SPKI but using the BEGIN RSA PUBLIC KEY header (which is usually for PKCS1 keys).

@tamird
Copy link

tamird commented Jan 24, 2024

It looks like the key was indeed not correct, passing it through openssl rsa -pubin -pubout strips "RSA" from the header and footer.

Just flagging that this is a behavior change.

@reaperhulk reaperhulk mentioned this pull request Jan 24, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@botovq botovq botovq left review comments

@reaperhulk reaperhulk reaperhulk approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
Forty Second Release
Development

Successfully merging this pull request may close these issues.
4 participants
@alex @tamird @reaperhulk @botovq