Bump rust-asn1 to 0.16 (#10272)

pyca · Jan 27, 2024 · 5427fa1 · 5427fa1
1 parent 5cd842b
commit 5427fa1
Show file tree

Hide file tree

Showing 7 changed files with 13 additions and 14 deletions.
diff --git a/src/rust/Cargo.lock b/src/rust/Cargo.lock
diff --git a/src/rust/Cargo.toml b/src/rust/Cargo.toml
@@ -11,7 +11,7 @@ rust-version = "1.63.0"
 once_cell = "1"
 cfg-if = "1"
 pyo3 = { version = "0.20", features = ["abi3"] }
-asn1 = { version = "0.15.5", default-features = false }
+asn1 = { version = "0.16.0", default-features = false }
 cryptography-cffi = { path = "cryptography-cffi" }
 cryptography-key-parsing = { path = "cryptography-key-parsing" }
 cryptography-x509 = { path = "cryptography-x509" }

diff --git a/src/rust/cryptography-key-parsing/Cargo.toml b/src/rust/cryptography-key-parsing/Cargo.toml
@@ -8,7 +8,7 @@ publish = false
 rust-version = "1.63.0"
 
 [dependencies]
-asn1 = { version = "0.15.5", default-features = false }
+asn1 = { version = "0.16.0", default-features = false }
 cfg-if = "1"
 openssl = "0.10.63"
 openssl-sys = "0.9.99"

diff --git a/src/rust/cryptography-x509-verification/Cargo.toml b/src/rust/cryptography-x509-verification/Cargo.toml
@@ -8,7 +8,7 @@ publish = false
 rust-version = "1.63.0"
 
 [dependencies]
-asn1 = { version = "0.15.5", default-features = false }
+asn1 = { version = "0.16.0", default-features = false }
 cryptography-x509 = { path = "../cryptography-x509" }
 once_cell = "1"
 

diff --git a/src/rust/cryptography-x509-verification/src/policy/mod.rs b/src/rust/cryptography-x509-verification/src/policy/mod.rs
@@ -350,8 +350,8 @@ impl<'a, B: CryptoOps> Policy<'a, B> {
         // Per 5280: The serial number MUST be a positive integer.
         // In practice, there are a few roots in common trust stores (like certifi)
         // that have `serial == 0`, so we can't enforce this yet.
-        let serial_bytes = cert.tbs_cert.serial.as_bytes();
-        if !(1..=21).contains(&serial_bytes.len()) {
+        let serial = cert.tbs_cert.serial;
+        if !(1..=21).contains(&serial.as_bytes().len()) {
             // Conforming CAs MUST NOT use serial numbers longer than 20 octets.
             // NOTE: In practice, this requires us to check for an encoding of
             // 21 octets, since some CAs generate 20 bytes of randomness and
@@ -360,8 +360,7 @@ impl<'a, B: CryptoOps> Policy<'a, B> {
             return Err(ValidationError::Other(
                 "certificate must have a serial between 1 and 20 octets".to_string(),
             ));
-        } else if serial_bytes[0] & 0x80 == 0x80 {
-            // TODO: replace with `is_negative`: https://github.com/alex/rust-asn1/pull/425
+        } else if serial.is_negative() {
             return Err(ValidationError::Other(
                 "certificate serial number cannot be negative".to_string(),
             ));

diff --git a/src/rust/cryptography-x509/Cargo.toml b/src/rust/cryptography-x509/Cargo.toml
@@ -8,4 +8,4 @@ publish = false
 rust-version = "1.63.0"
 
 [dependencies]
-asn1 = { version = "0.15.5", default-features = false }
+asn1 = { version = "0.16.0", default-features = false }
diff --git a/src/rust/cryptography-x509/src/pkcs7.rs b/src/rust/cryptography-x509/src/pkcs7.rs
@@ -18,9 +18,9 @@ pub struct ContentInfo<'a> {
 #[derive(asn1::Asn1DefinedByWrite)]
 pub enum Content<'a> {
     #[defined_by(PKCS7_SIGNED_DATA_OID)]
-    SignedData(asn1::Explicit<'a, Box<SignedData<'a>>, 0>),
+    SignedData(asn1::Explicit<Box<SignedData<'a>>, 0>),
     #[defined_by(PKCS7_DATA_OID)]
-    Data(Option<asn1::Explicit<'a, &'a [u8], 0>>),
+    Data(Option<asn1::Explicit<&'a [u8], 0>>),
 }
 
 #[derive(asn1::Asn1Write)]