Skip to content

Add new algorithm identifiers and relax AuthenticatorInfo algorithms parsing#359

Merged
jschanck merged 2 commits into
mozilla:ctap2-2021from
jschanck:new-algorithm-ids
Jun 4, 2026
Merged

Add new algorithm identifiers and relax AuthenticatorInfo algorithms parsing#359
jschanck merged 2 commits into
mozilla:ctap2-2021from
jschanck:new-algorithm-ids

Conversation

@jschanck

@jschanck jschanck commented Jun 2, 2026

Copy link
Copy Markdown
Collaborator

Resolves #356

@jschanck jschanck requested a review from mozkeeler June 2, 2026 19:08
@jschanck jschanck force-pushed the new-algorithm-ids branch from b328907 to 5f2c50e Compare June 2, 2026 19:29
mozkeeler
mozkeeler approved these changes Jun 3, 2026
View reviewed changes
Comment thread src/crypto/mod.rs
@jschanck jschanck force-pushed the new-algorithm-ids branch from 5f2c50e to a50688c Compare June 3, 2026 02:46
@jschanck jschanck merged commit 86caf8b into mozilla:ctap2-2021 Jun 4, 2026
9 checks passed
mxinden
mxinden reviewed Jun 8, 2026
View reviewed changes

@mxinden mxinden left a comment
edited
Loading

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unsolicited review. Hope you don't mind. Please feel free to ignore.

Additional unsolicited recommendation to check in the projects Cargo.lock, despite being a library, for the sake of a deterministic CI.

Comment thread Cargo.toml
openssl-sys = { version = "0.9", optional = true}
openssl = { version = "0.10", optional = true}
nss-rs = { git = "https://github.com/mozilla/nss-rs", version = "^0.12", optional = true }
nss-rs = { git = "https://github.com/mozilla/nss-rs", version = ">=0.12", optional = true }

@mxinden mxinden Jun 8, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This disables all semver safety guards for future nss-rs versions, effectively saying that authenticator-rs is compatible with all future nss-rs versions, no matter what breaking changes nss-rs introduces.

Given that we (Mozilla) control both authenticator-rs and nss-rs, that might be fine, though it doesn't prevent human error on our end.

I would recommend:

nss-rs = { git = "https://github.com/mozilla/nss-rs", version = ">=0.12, <= 0.13", optional = true }

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mozkeeler mozkeeler mozkeeler approved these changes

+1 more reviewer

@mxinden mxinden mxinden left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Fails when a CTAP2 authenticator advertises Ed25519 algorithms in GetInfo

3 participants

@jschanck @mozkeeler @mxinden