Support RSA PKCS#1 signatures with absent parameters

[ctz]

RFC4055 says on sha256WithRSAEncryption and company:

When any of these four object identifiers appears within an
AlgorithmIdentifier, the parameters MUST be NULL. Implementations
MUST accept the parameters being absent as well as present.

The latter clause is implemented in this commit.

The algorithm identifiers live here rather than pki-types, as they must not be used to originate new certificates. Putting them in pki-types would mean they appear in a public API, whereas here they are kept private and restricted to verifying existing signatures.

--

For ecosystem background, go entirely ignores parameters for these algorithms: https://cs.opensource.google/go/go/+/refs/tags/go1.24.3:src/crypto/x509/x509.go;l=425-431 (which is strictly weaker than the RFC requires; go would seemingly be happy if the parameters were a UTF8STRING containing the complete works of Shakespeare.)

re rustls/rustls#2448

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 97.91%. Comparing base (0ac75b1) to head (1178545).
Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #346   +/-   ##
=======================================
  Coverage   97.91%   97.91%           
=======================================
  Files          20       20           
  Lines        4470     4470           
=======================================
  Hits         4377     4377           
  Misses         93       93           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[djc]

The algorithm identifiers live here rather than pki-types, as they must not be used to originate new certificates. Putting them in pki-types would mean they appear in a public API, whereas here they are kept private and restricted to verifying existing signatures.

They're still pub API, right? I don't see a very meaningful difference...

[cpu]

They're still pub API, right?

They're in a non-pub mod and not re-exported from lib.rs though AFAICT:

webpki/src/lib.rs

Lines 91 to 104 in 0ac75b1

	#[cfg(feature = "ring")]
	/// Signature verification algorithm implementations using the *ring* crypto library.
	pub mod ring {
	pub use super::ring_algs::{
	ECDSA_P256_SHA256, ECDSA_P256_SHA384, ECDSA_P384_SHA256, ECDSA_P384_SHA384, ED25519,
	};
	#[cfg(feature = "alloc")]
	pub use super::ring_algs::{
	RSA_PKCS1_2048_8192_SHA256, RSA_PKCS1_2048_8192_SHA384, RSA_PKCS1_2048_8192_SHA512,
	RSA_PKCS1_3072_8192_SHA384, RSA_PSS_2048_8192_SHA256_LEGACY_KEY,
	RSA_PSS_2048_8192_SHA384_LEGACY_KEY, RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
	};
	}

[djc]

They're still pub API, right?

They're in a non-pub mod and not re-exported from lib.rs though AFAICT:

webpki/src/lib.rs

Lines 91 to 104 in 0ac75b1

	#[cfg(feature = "ring")]
	/// Signature verification algorithm implementations using the *ring* crypto library.
	pub mod ring {
	pub use super::ring_algs::{
	ECDSA_P256_SHA256, ECDSA_P256_SHA384, ECDSA_P384_SHA256, ECDSA_P384_SHA384, ED25519,
	};
	#[cfg(feature = "alloc")]
	pub use super::ring_algs::{
	RSA_PKCS1_2048_8192_SHA256, RSA_PKCS1_2048_8192_SHA384, RSA_PKCS1_2048_8192_SHA512,
	RSA_PKCS1_3072_8192_SHA384, RSA_PSS_2048_8192_SHA256_LEGACY_KEY,
	RSA_PSS_2048_8192_SHA384_LEGACY_KEY, RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
	};
	}

I thought we relied on unreachable_pub to warn against this sort of thing...

[ctz]

They're still pub API, right? I don't see a very meaningful difference...

They're pub API from this crate in the form of an impl SignatureVerificationAlgorithm, and you can get the value out via signature_alg_id() there I guess. But at least they don't appear in https://docs.rs/rustls-pki-types/latest/rustls_pki_types/alg_id/index.html ...

[ctz]

I thought we relied on unreachable_pub to warn against this sort of thing...

This commit exports them in the usual place.

[cpu]

This commit exports them in the usual place.

Oops, I was looking at tip-of-main lib.rs.