Those are not "illegal" subnet masks. The first can be used in access-lists to match exactly two IP addresses, and the second matches exactly one IP address and is the usual subnet mask for a loopback interface.
RFC 4632 would probably make useful reading. To quote section 3.1 :
"In CIDR notation, a prefix is shown as a 4-octet quantity, just like a traditional IPv4 address or network number, followed by the "/" (slash) character, followed by a decimal value between 0 and 32 that describes the number of significant bits."
So, this basically says your subnet mask can be any value from 0 (i.e. a default route) to 32 (i.e. a "host"). In your example 255.255.255.254 is 31 bits and 255.255.255.255 is 32 bits so both are valid.
There's a nice table that illustrates this in the RFC as well.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...