rustls · djc · Oct 2, 2023 · Oct 2, 2023 · Oct 2, 2023 · Oct 2, 2023
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -236,7 +236,7 @@ jobs:
       - name: Install toolchain
         uses: dtolnay/rust-toolchain@master
         with:
-          toolchain: "1.60"
+          toolchain: "1.61"
       - run: cargo check --lib --all-features
 
   cross:

diff --git a/Cargo.toml b/Cargo.toml
@@ -16,7 +16,7 @@
 categories = ["cryptography", "no-std"]
 description = "Web PKI X.509 Certificate Verification."
 edition = "2021"
-rust-version = "1.60"
+rust-version = "1.61"
 license = "ISC"
 name = "rustls-webpki"
 readme = "README.md"
@@ -75,8 +75,8 @@ std = ["alloc"]
 [dependencies]
 aws-lc-rs = { version = "1.0.0", optional = true }
 pki-types = { package = "rustls-pki-types", version = "0.2.1", default-features = false }
-ring = { version = "0.16.19", default-features = false, optional = true }
-untrusted = "0.7.1"
+ring = { version = "0.17", default-features = false, optional = true }
+untrusted = "0.9"
 
 [dev-dependencies]
 base64 = "0.21"

diff --git a/src/alg_tests.rs b/src/alg_tests.rs
@@ -107,10 +107,12 @@ fn test_verify_signed_data_signature_outer(file_contents: &[u8], expected_error:
     let tsd = parse_test_signed_data(file_contents);
     let signature = untrusted::Input::from(&tsd.signature);
     assert_eq!(
-        Err(expected_error),
-        signature.read_all(Error::TrailingData(DerTypeId::Signature), |input| {
-            der::bit_string_with_no_unused_bits(input)
-        })
+        signature
+            .read_all(Error::TrailingData(DerTypeId::Signature), |input| {
+                der::bit_string_with_no_unused_bits(input)
+            })
+            .unwrap_err(),
+        expected_error,
     );
 }
 
@@ -128,10 +130,11 @@ fn test_parse_spki_bad_outer(file_contents: &[u8], expected_error: Error) {
     let tsd = parse_test_signed_data(file_contents);
     let spki = untrusted::Input::from(&tsd.spki);
     assert_eq!(
-        Err(expected_error),
         spki.read_all(Error::BadDer, |input| {
             der::expect_tag(input, der::Tag::Sequence)
         })
+        .unwrap_err(),
+        expected_error,
     );
 }
 

diff --git a/src/cert.rs b/src/cert.rs
@@ -17,7 +17,7 @@ use crate::error::{DerTypeId, Error};
 use crate::signed_data::SignedData;
 use crate::subject_name::{GeneralName, NameIterator, WildcardDnsNameRef};
 use crate::x509::{remember_extension, set_extension_once, DistributionPointName, Extension};
-use crate::DnsNameRef;
+use crate::{public_values_eq, DnsNameRef};
 
 /// A parsed X509 certificate.
 pub struct Cert<'a> {
@@ -66,7 +66,7 @@ impl<'a> Cert<'a> {
                 // TODO: In mozilla::pkix, the comparison is done based on the
                 // normalized value (ignoring whether or not there is an optional NULL
                 // parameter for RSA-based algorithms), so this may be too strict.
-                if signature != signed_data.algorithm {
+                if !public_values_eq(signature, signed_data.algorithm) {
                     return Err(Error::SignatureAlgorithmMismatch);
                 }
 

diff --git a/src/crl/mod.rs b/src/crl/mod.rs
@@ -14,9 +14,9 @@
 
 use pki_types::SignatureVerificationAlgorithm;
 
-use crate::der;
 use crate::error::Error;
 use crate::verify_cert::{Budget, PathNode};
+use crate::{der, public_values_eq};
 
 use core::fmt::Debug;
 
@@ -113,7 +113,7 @@ impl<'a> RevocationOptions<'a> {
         supported_sig_algs: &[&dyn SignatureVerificationAlgorithm],
         budget: &mut Budget,
     ) -> Result<Option<CertNotRevoked>, Error> {
-        assert_eq!(path.cert.issuer, issuer_subject);
+        assert!(public_values_eq(path.cert.issuer, issuer_subject));
 
         // If the policy only specifies checking EndEntity revocation state and we're looking at an
         // issuer certificate, return early without considering the certificate's revocation state.

diff --git a/src/crl/types.rs b/src/crl/types.rs
@@ -3,6 +3,7 @@ use pki_types::{SignatureVerificationAlgorithm, UnixTime};
 use crate::cert::lenient_certificate_serial_number;
 use crate::der::{self, DerIterator, FromDer, Tag, CONSTRUCTED, CONTEXT_SPECIFIC};
 use crate::error::{DerTypeId, Error};
+use crate::public_values_eq;
 use crate::signed_data::{self, SignedData};
 use crate::subject_name::GeneralName;
 use crate::verify_cert::{Budget, PathNode};
@@ -277,7 +278,7 @@ impl<'a> FromDer<'a> for BorrowedCertRevocationList<'a> {
             //   This field MUST contain the same algorithm identifier as the
             //   signatureAlgorithm field in the sequence CertificateList
             let signature = der::expect_tag(tbs_cert_list, Tag::Sequence)?;
-            if signature != signed_data.algorithm {
+            if !public_values_eq(signature, signed_data.algorithm) {
                 return Err(Error::SignatureAlgorithmMismatch);
             }
 

diff --git a/src/der.rs b/src/der.rs
@@ -449,33 +449,35 @@ mod tests {
 
         // Unexpected type
         assert_eq!(
-            Err(Error::TrailingData(DerTypeId::BitString)),
-            bit_string_with_no_unused_bits(&mut bytes_reader(&[0x01, 0x01, 0xff]))
+            bit_string_with_no_unused_bits(&mut bytes_reader(&[0x01, 0x01, 0xff])).unwrap_err(),
+            Error::TrailingData(DerTypeId::BitString),
         );
 
         // Unexpected nonexistent type
         assert_eq!(
-            Err(Error::TrailingData(DerTypeId::BitString)),
-            bit_string_with_no_unused_bits(&mut bytes_reader(&[0x42, 0xff, 0xff])),
+            bit_string_with_no_unused_bits(&mut bytes_reader(&[0x42, 0xff, 0xff])).unwrap_err(),
+            Error::TrailingData(DerTypeId::BitString),
         );
 
         // Unexpected empty input
         assert_eq!(
-            Err(Error::TrailingData(DerTypeId::BitString)),
-            bit_string_with_no_unused_bits(&mut bytes_reader(&[]))
+            bit_string_with_no_unused_bits(&mut bytes_reader(&[])).unwrap_err(),
+            Error::TrailingData(DerTypeId::BitString),
         );
 
         // Valid input with non-zero unused bits
         assert_eq!(
-            Err(Error::BadDer),
             bit_string_with_no_unused_bits(&mut bytes_reader(&[0x03, 0x03, 0x04, 0x12, 0x34]))
+                .unwrap_err(),
+            Error::BadDer,
         );
 
         // Valid input
         assert_eq!(
-            untrusted::Input::from(&[0x12, 0x34]),
             bit_string_with_no_unused_bits(&mut bytes_reader(&[0x03, 0x03, 0x00, 0x12, 0x34]))
                 .unwrap()
+                .as_slice_less_safe(),
+            &[0x12, 0x34],
         );
     }
 

diff --git a/src/lib.rs b/src/lib.rs
@@ -170,3 +170,7 @@ pub static ALL_VERIFICATION_ALGS: &[&dyn types::SignatureVerificationAlgorithm]
     #[cfg(feature = "aws_lc_rs")]
     aws_lc_rs::RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
 ];
+
+fn public_values_eq(a: untrusted::Input<'_>, b: untrusted::Input<'_>) -> bool {
+    a.as_slice_less_safe() == b.as_slice_less_safe()
+}
diff --git a/src/verify_cert.rs b/src/verify_cert.rs
@@ -20,7 +20,7 @@
 use crate::cert::Cert;
 use crate::crl::RevocationOptions;
 use crate::der::{self, FromDer};
-use crate::{signed_data, subject_name, Error};
+use crate::{public_values_eq, signed_data, subject_name, Error};
 
 pub(crate) struct ChainOptions<'a> {
     pub(crate) eku: KeyUsage,
@@ -71,7 +71,7 @@
             self.trust_anchors,
             |trust_anchor: &TrustAnchor| {
                 let trust_anchor_subject = untrusted::Input::from(trust_anchor.subject.as_ref());
-                if path.cert.issuer != trust_anchor_subject {
+                if !public_values_eq(path.cert.issuer, trust_anchor_subject) {
                     return Err(Error::UnknownIssuer.into());
                 }
 
@@ -97,14 +97,14 @@
 
         loop_while_non_fatal_error(err, self.intermediate_certs, |cert_der| {
             let potential_issuer = Cert::from_der(untrusted::Input::from(cert_der))?;
-            if potential_issuer.subject != path.cert.issuer {
+            if !public_values_eq(potential_issuer.subject, path.cert.issuer) {
                 return Err(Error::UnknownIssuer.into());
             }
 
             // Prevent loops; see RFC 4158 section 5.2.
             if path.iter().any(|prev| {
-                potential_issuer.spki == prev.cert.spki
-                    && potential_issuer.subject == prev.cert.subject
+                public_values_eq(potential_issuer.spki, prev.cert.spki)
+                    && public_values_eq(potential_issuer.subject, prev.cert.subject)
             }) {
                 return Err(Error::UnknownIssuer.into());
             }
@@ -396,17 +396,19 @@
     }
 
     fn key_purpose_id_equals(&self, value: untrusted::Input<'_>) -> bool {
-        match self {
-            ExtendedKeyUsage::Required(eku) => *eku,
-            ExtendedKeyUsage::RequiredIfPresent(eku) => *eku,
-        }
-        .oid_value
-            == value
+        public_values_eq(
+            match self {
+                ExtendedKeyUsage::Required(eku) => *eku,
+                ExtendedKeyUsage::RequiredIfPresent(eku) => *eku,
+            }
+            .oid_value,
+            value,
+        )
     }
 }
 
 /// An OID value indicating an Extended Key Usage (EKU) key purpose.
-#[derive(Clone, Copy, PartialEq, Eq)]
+#[derive(Clone, Copy)]
 struct KeyPurposeId {
     oid_value: untrusted::Input<'static>,
 }
@@ -422,6 +424,14 @@
     }
 }
 
+impl PartialEq<Self> for KeyPurposeId {
+    fn eq(&self, other: &Self) -> bool {
+        public_values_eq(self.oid_value, other.oid_value)
+    }
+}
+
+impl Eq for KeyPurposeId {}
+
 // id-pkix            OBJECT IDENTIFIER ::= { 1 3 6 1 5 5 7 }
 // id-kp              OBJECT IDENTIFIER ::= { id-pkix 3 }