Skip to content

[FIPS 4.0 CHERRY-PICK #3181 and #3194] Map rsaesOaep SPKI to RSA in parse_key_type#3246

Merged
justsmth merged 2 commits into
aws:fips-2025-09-12-ltsfrom
crlorentzen:fips-2025-09-12-lts
May 13, 2026
Merged

[FIPS 4.0 CHERRY-PICK #3181 and #3194] Map rsaesOaep SPKI to RSA in parse_key_type#3246
justsmth merged 2 commits into
aws:fips-2025-09-12-ltsfrom
crlorentzen:fips-2025-09-12-lts

Conversation

@crlorentzen
Copy link
Copy Markdown
Contributor

@crlorentzen crlorentzen commented May 12, 2026

Issues:

n/a

Description of changes:

Cherry-pick #3181 and #3194

Testing:

  • CI

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

@crlorentzen
feat: Map rsaesOaep SPKI to RSA in parse_key_type
1337585 
TPM 1.2 Endorsement Key certificates use rsaesOaep
(OID 1.2.840.113549.1.1.7) as their SubjectPublicKeyInfo algorithm
identifier. The underlying key is a standard RSA key. Without this
mapping, X509_get_pubkey() fails with PUBLIC_KEY_DECODE_ERROR and
X509_verify_cert() cannot validate these certificates.

Add NID_rsaesOaep alongside the existing NID_rsa special case in
parse_key_type() to return rsa_asn1_meth for both. Add a test for
public key extraction using a real TPM 1.2 EK certificate with
rsaesOaep SPKI.
@crlorentzen
Update NID_rsaesOaep test certificate
8b5d784
@crlorentzen crlorentzen requested a review from a team as a code owner May 12, 2026 14:05
@crlorentzen crlorentzen changed the title Fips 2025 09 12 lts [FIPS 4.0 CHERRY-PICK #3181 and #3194] Map rsaesOaep SPKI to RSA in parse_key_type May 12, 2026
@justsmth justsmth requested a review from samuel40791765 May 12, 2026 14:28
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented May 12, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 78.75%. Comparing base (dd90637) to head (8b5d784).

Additional details and impacted files 
@@                   Coverage Diff                   @@
##           fips-2025-09-12-lts    #3246      +/-   ##
=======================================================
- Coverage                79.03%   78.75%   -0.28%     
=======================================================
  Files                      667      667              
  Lines                   113339   113344       +5     
  Branches                 16086    16082       -4     
=======================================================
- Hits                     89575    89265     -310     
- Misses                   22966    23283     +317     
+ Partials                   798      796       -2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@justsmth justsmth merged commit e732603 into aws:fips-2025-09-12-lts May 13, 2026
157 of 190 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@samuel40791765 samuel40791765 samuel40791765 approved these changes

@justsmth justsmth justsmth approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@crlorentzen @codecov-commenter @samuel40791765 @justsmth