Addressed review comments

This commit is contained in:
Hideki Miyazaki
2026-06-10 07:02:46 +09:00
parent b06ced1166
commit 7d74caac6d
2 changed files with 25 additions and 0 deletions
+11
View File
@@ -2,6 +2,17 @@
## Enhancements
* **Behavioral change (RSA-PSS trailerField enforcement)**: `DecodeRsaPssParams`
(and its public wrapper `wc_DecodeRsaPssParams`) now enforces RFC 8017 A.2.3,
which mandates `trailerField == trailerFieldBC(1)`. In the default build
(i.e., without `WOLFSSL_NO_ASN_STRICT`), any certificate or CMS/PKCS#7
structure whose RSA-PSS parameters contain a `trailerField` value other than 1
is now rejected with `ASN_PARSE_E`. Previously, any positive integer value was
silently accepted. This affects all call paths that decode RSA-PSS algorithm
parameters, including X.509 certificate parsing and PKCS#7 signature
verification. Users who need to interoperate with non-conformant peers can
define `WOLFSSL_NO_ASN_STRICT` to restore the previous permissive behavior.
* **BREAKING (FIPS 205 SLH-DSA)**: `wc_SlhDsaKey_SignHash`,
`wc_SlhDsaKey_SignHashDeterministic`, `wc_SlhDsaKey_SignHashWithRandom`, and
`wc_SlhDsaKey_VerifyHash` now take the **caller-pre-hashed message digest**
+14
View File
@@ -1136,6 +1136,20 @@ int test_wc_DecodeRsaPssParams(void)
(word32)sizeof(trailerZero), &hash, &mgf, &saltLen),
WC_NO_ERR_TRACE(ASN_PARSE_E));
}
/* --- Test 12: trailerField = 256 (multi-byte INTEGER) => ASN_PARSE_E ---
* Exercises the 2-byte integer branch in GetInteger16Bit (non-template)
* and the len==2 case of ASN_DATA_TYPE_WORD16 (template path).
* SEQUENCE { [3] CONSTRUCTED { INTEGER 256 } } = 30 06 a3 04 02 02 01 00
*/
{
static const byte trailerMultiByte[] = {
0x30, 0x06, 0xa3, 0x04, 0x02, 0x02, 0x01, 0x00
};
ExpectIntEQ(wc_DecodeRsaPssParams(trailerMultiByte,
(word32)sizeof(trailerMultiByte), &hash, &mgf, &saltLen),
WC_NO_ERR_TRACE(ASN_PARSE_E));
}
#endif /* !WOLFSSL_NO_ASN_STRICT */
#endif /* WC_RSA_PSS && !NO_RSA && !NO_ASN */