diff --git a/Cargo.lock b/Cargo.lock index 1e8fb86..ccf0aad 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1103,6 +1103,7 @@ dependencies = [ [[package]] name = "rcgen" version = "0.13.1" +source = "git+https://github.com/rustls/rcgen.git?rev=refs/pull/272/head#f5717442ddbd7d1a6835e5ed42e9645ea9bbc277" dependencies = [ "pem 3.0.4", "ring 0.17.8", diff --git a/Cargo.toml b/Cargo.toml index cbeeeab..aa36410 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -29,11 +29,9 @@ sha2 = "0.9.9" log = "0.4.14" rcgen = { version = "0.13.1", features = ["pem"] } -[package.metadata.patch] -crates=["rcgen"] - [patch.crates-io] -rcgen = { path = './target/patch/rcgen-0.13.1' } +# TODO: Remove once https://github.com/rustls/rcgen/pull/272 is merged +rcgen = { git = 'https://github.com/rustls/rcgen.git' , rev = "refs/pull/272/head" } [lib] name = "parsec_tool" diff --git a/patches/rcgen+0.13.1.patch b/patches/rcgen+0.13.1.patch deleted file mode 100644 index 3c1e272..0000000 --- a/patches/rcgen+0.13.1.patch +++ /dev/null @@ -1,67 +0,0 @@ -diff --git a/src/key_pair.rs b/src/key_pair.rs -index 00beea6..1c71fc5 100644 ---- a/src/key_pair.rs -+++ b/src/key_pair.rs -@@ -252,6 +252,9 @@ impl KeyPair { - } else if alg == &PKCS_RSA_PSS_SHA256 { - let rsakp = RsaKeyPair::from_pkcs8(&serialized_der)._err()?; - KeyPairKind::Rsa(rsakp, &signature::RSA_PSS_SHA256) -+ }else if alg == &PKCS_RSA_PSS_SHA384 { -+ let rsakp = RsaKeyPair::from_pkcs8(&serialized_der)._err()?; -+ KeyPairKind::Rsa(rsakp, &signature::RSA_PSS_SHA384) - } else { - #[cfg(feature = "aws_lc_rs")] - if alg == &PKCS_ECDSA_P521_SHA512 { -diff --git a/src/sign_algo.rs b/src/sign_algo.rs -index 5d7052a..2c85d04 100644 ---- a/src/sign_algo.rs -+++ b/src/sign_algo.rs -@@ -89,6 +89,7 @@ impl SignatureAlgorithm { - &PKCS_RSA_SHA384, - &PKCS_RSA_SHA512, - //&PKCS_RSA_PSS_SHA256, -+ //&PKCS_RSA_PSS_SHA384, - &PKCS_ECDSA_P256_SHA256, - &PKCS_ECDSA_P384_SHA384, - #[cfg(feature = "aws_lc_rs")] -@@ -151,21 +152,37 @@ pub(crate) mod algo { - // support those: https://github.com/briansmith/ring/issues/1353 - // - /// RSA signing with PKCS#1 2.1 RSASSA-PSS padding and SHA-256 hashing as per [RFC 4055](https://tools.ietf.org/html/rfc4055) -- pub(crate) static PKCS_RSA_PSS_SHA256: SignatureAlgorithm = SignatureAlgorithm { -+ pub static PKCS_RSA_PSS_SHA256: SignatureAlgorithm = SignatureAlgorithm { - // We could also use RSA_ENCRYPTION here, but it's recommended - // to use ID-RSASSA-PSS if possible. - oids_sign_alg: &[&RSASSA_PSS], - #[cfg(feature = "crypto")] - sign_alg: SignAlgo::Rsa(&signature::RSA_PSS_SHA256), -- oid_components: RSASSA_PSS, //&[1, 2, 840, 113549, 1, 1, 13], -+ oid_components: RSASSA_PSS, //&[1, 2, 840, 113549, 1, 1, 10], - // rSASSA-PSS-SHA256-Params in RFC 4055 - params: SignatureAlgorithmParams::RsaPss { - // id-sha256 in https://datatracker.ietf.org/doc/html/rfc4055#section-2.1 - hash_algorithm: &[2, 16, 840, 1, 101, 3, 4, 2, 1], -- salt_length: 20, -+ salt_length: 32, - }, - }; - -+ /// RSA signing with PKCS#1 2.1 RSASSA-PSS padding and SHA-384 hashing as per [RFC 4055](https://tools.ietf.org/html/rfc4055) -+ pub static PKCS_RSA_PSS_SHA384 :SignatureAlgorithm = SignatureAlgorithm { -+ // We could also use OID_RSA_ENCRYPTION here, but it's recommended -+ // to use ID-RSASSA-PSS if possible. -+ oids_sign_alg: &[&RSASSA_PSS], -+ #[cfg(feature = "crypto")] -+ sign_alg :SignAlgo::Rsa(&signature::RSA_PSS_SHA384), -+ oid_components : RSASSA_PSS, //&[1, 2, 840, 113549, 1, 1, 10], -+ // rSASSA-PSS-SHA384-Params in RFC 4055 -+ params : SignatureAlgorithmParams::RsaPss { -+ // id-sha384 in https://datatracker.ietf.org/doc/html/rfc4055#section-2.1 -+ hash_algorithm : &[2, 16, 840, 1, 101, 3, 4, 2, 2], -+ salt_length : 48, -+ }, -+ }; -+ - /// ECDSA signing using the P-256 curves and SHA-256 hashing as per [RFC 5758](https://tools.ietf.org/html/rfc5758#section-3.2) - pub static PKCS_ECDSA_P256_SHA256: SignatureAlgorithm = SignatureAlgorithm { - oids_sign_alg: &[&EC_PUBLIC_KEY, &EC_SECP_256_R1],