Skip to content

Added support for RSASSA-PSS padding algorithms#417

Closed
MasonCitywide wants to merge 6 commits intorustls:mainfrom
MasonCitywide:main
Closed

Added support for RSASSA-PSS padding algorithms#417
MasonCitywide wants to merge 6 commits intorustls:mainfrom
MasonCitywide:main

Conversation

@MasonCitywide
Copy link

@MasonCitywide MasonCitywide commented Mar 12, 2026

Added algorithms to sign_algo.rs PKCS_RSA_PSS_SHA256, PKCS_RSA_PSS_SHA384, and PKCS_RSA_PSS_SHA512.

A half implemented version of PKCS_RSA_PSS_SHA256 already existed with a comment saying this doesn't work because ring hasn't implemented PSS padding (here). It seems that since then it has (here), and that comment was made before the release of aws-lc-rs.

There was also an issue in the pre-existing PKCS_RSA_PSS_SHA256 function in which the salt length was set to the default 20 instead of the recommended value of the number of octets of the hash algorithm (RFC 4055, pg. 9).

This is an important change as, if I am reading it correctly, non-PSS padding has been deprecated since RFC 8446 (pg. 70), with security concerns like ROBOT.

I was able to successfully create CSRs using all three of these algorithms using the aws-lc-rs backend. However, I'm not familiar with the unit testing of this library and I am new to contributions, so I would appreciate an independant review of these additions before they are merged.

Thank you for your time,
MC

@MasonCitywide MasonCitywide marked this pull request as draft March 12, 2026 19:44
djc
djc approved these changes Mar 12, 2026
View reviewed changes
Copy link
Member

@djc djc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The changes here look okay so far, but CI doesn't pass and we'll want to make sure there some tests exercising this against a different backend (maybe OpenSSL)?

@MasonCitywide
Copy link
Author

MasonCitywide commented Mar 13, 2026

The first build was failing because the algorithms I implemented had the same OIDs. However, RSA-PSS algorithms are supposed to have the same OIDs and are instead differentiated by their hash algorithm OIDs (RFC 4055, pgs. 8, 9, 15). So, I changed the PartialEq trait for sign_algo::SignatureAlgorithm to, if the params field is SignatureAlgorithmParams::RsaPss, differentiate based on the hash OID.

I checked CSR generation with all three algorithms, and it worked, but only with aws_lc_rs and not ring. Since the *::signature::RSA_PSS_SHA256 path is identical for each, I assumed it was a problem with ring and just gated all RSA-PSS functionality behind #[cfg(feature = "aws_lc_rs")].

After trying for several hours, I can't get the project to build with OpenSSL. Unfortunately, I don't think I have more time to dedicate to this PR. If anyone would like to take it from here, I am quite sure the code works, I just can't write proper OpenSSL tests.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@djc djc djc approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MasonCitywide @djc