rustls · ctz · Jul 28, 2023 · Jul 21, 2023 · Jul 25, 2023 · Jul 28, 2023
diff --git a/Cargo.toml b/Cargo.toml
@@ -21,7 +21,7 @@ license = "ISC"
 name = "rustls-webpki"
 readme = "README.md"
 repository = "https://github.com/rustls/webpki"
-version = "0.101.2"
+version = "0.102.0-alpha.0"
 
 include = [
     "Cargo.toml",
@@ -43,6 +43,7 @@ include = [
     "src/name/verify.rs",
     "src/name/name.rs",
     "src/signed_data.rs",
+    "src/ring_algs.rs",
     "src/time.rs",
     "src/trust_anchor.rs",
     "src/x509.rs",
@@ -62,12 +63,13 @@ rustdoc-args = ["--cfg", "docsrs"]
 name = "webpki"
 
 [features]
-default = ["std"]
+default = ["std", "ring"]
+ring = ["dep:ring"]
 alloc = ["ring/alloc"]
 std = ["alloc"]
 
 [dependencies]
-ring = { version = "0.16.19", default-features = false }
+ring = { version = "0.16.19", default-features = false, optional = true }
 untrusted = "0.7.1"
 
 [dev-dependencies]

diff --git a/src/calendar.rs b/src/calendar.rs
@@ -100,8 +100,9 @@ fn days_in_feb(year: u64) -> u64 {
     }
 }
 
-#[allow(clippy::unreadable_literal)] // TODO: Make this clear.
-const DAYS_BEFORE_UNIX_EPOCH_AD: u64 = 719162;
+/// All the days up to and including 1969, plus the 477 leap days since AD began
+/// (calculated in Gregorian rules).
+const DAYS_BEFORE_UNIX_EPOCH_AD: u64 = 1969 * 365 + 477;
 
 #[cfg(test)]
 mod tests {
@@ -151,7 +152,6 @@ mod tests {
         assert_eq!(days_in_month(2100, 2), 28);
     }
 
-    #[allow(clippy::unreadable_literal)] // TODO: Make this clear.
     #[test]
     fn test_time_from_ymdhms_utc() {
         use super::{time_from_ymdhms_utc, Error, Time, UNIX_EPOCH_YEAR};
@@ -188,23 +188,23 @@ mod tests {
 
         // year boundary
         assert_eq!(
-            Time::from_seconds_since_unix_epoch(1483228799),
+            Time::from_seconds_since_unix_epoch(1_483_228_799),
             time_from_ymdhms_utc(2016, 12, 31, 23, 59, 59).unwrap()
         );
         assert_eq!(
-            Time::from_seconds_since_unix_epoch(1483228800),
+            Time::from_seconds_since_unix_epoch(1_483_228_800),
             time_from_ymdhms_utc(2017, 1, 1, 0, 0, 0).unwrap()
         );
 
         // not a leap year
         assert_eq!(
-            Time::from_seconds_since_unix_epoch(1492449162),
+            Time::from_seconds_since_unix_epoch(1_492_449_162),
             time_from_ymdhms_utc(2017, 4, 17, 17, 12, 42).unwrap()
         );
 
         // leap year, post-feb
         assert_eq!(
-            Time::from_seconds_since_unix_epoch(1460913162),
+            Time::from_seconds_since_unix_epoch(1_460_913_162),
             time_from_ymdhms_utc(2016, 4, 17, 17, 12, 42).unwrap()
         );
     }

diff --git a/src/crl.rs b/src/crl.rs
@@ -16,7 +16,7 @@ use crate::cert::lenient_certificate_serial_number;
 use crate::der::{self, DerIterator, FromDer, Tag, CONSTRUCTED, CONTEXT_SPECIFIC};
 use crate::signed_data::{self, SignedData};
 use crate::x509::{remember_extension, set_extension_once, DistributionPointName, Extension};
-use crate::{Error, SignatureAlgorithm, Time};
+use crate::{Error, SignatureVerificationAlgorithm, Time};
 
 #[cfg(feature = "alloc")]
 use std::collections::HashMap;
@@ -40,10 +40,10 @@ pub trait CertRevocationList: Sealed {
     fn find_serial(&self, serial: &[u8]) -> Result<Option<BorrowedRevokedCert>, Error>;
 
     /// Verify the CRL signature using the issuer's subject public key information (SPKI)
-    /// and a list of supported signature algorithms.
+    /// and a list of supported signature verification algorithms.
     fn verify_signature(
         &self,
-        supported_sig_algs: &[&SignatureAlgorithm],
+        supported_sig_algs: &[&dyn SignatureVerificationAlgorithm],
         issuer_spki: &[u8],
     ) -> Result<(), Error>;
 }
@@ -91,7 +91,7 @@ impl CertRevocationList for OwnedCertRevocationList {
 
     fn verify_signature(
         &self,
-        supported_sig_algs: &[&SignatureAlgorithm],
+        supported_sig_algs: &[&dyn SignatureVerificationAlgorithm],
         issuer_spki: &[u8],
     ) -> Result<(), Error> {
         signed_data::verify_signed_data(
@@ -172,9 +172,9 @@ impl<'a> BorrowedCertRevocationList<'a> {
                     //   values longer than 20 octets.
                     //
                     extension.value.read_all(Error::InvalidCrlNumber, |der| {
-                        let crl_number = ring::io::der::positive_integer(der)
+                        let crl_number = der::nonnegative_integer(der)
                             .map_err(|_| Error::InvalidCrlNumber)?
-                            .big_endian_without_leading_zero();
+                            .as_slice_less_safe();
                         if crl_number.len() <= 20 {
                             Ok(crl_number)
                         } else {
@@ -235,7 +235,7 @@ impl CertRevocationList for BorrowedCertRevocationList<'_> {
 
     fn verify_signature(
         &self,
-        supported_sig_algs: &[&SignatureAlgorithm],
+        supported_sig_algs: &[&dyn SignatureVerificationAlgorithm],
         issuer_spki: &[u8],
     ) -> Result<(), Error> {
         signed_data::verify_signed_data(

diff --git a/src/der.rs b/src/der.rs
@@ -15,7 +15,6 @@
 use core::marker::PhantomData;
 
 use crate::{calendar, time, Error};
-pub(crate) use ring::io::der::{CONSTRUCTED, CONTEXT_SPECIFIC};
 
 #[derive(Debug)]
 pub struct DerIterator<'a, T> {
@@ -69,6 +68,9 @@ pub(crate) enum Tag {
     ContextSpecificConstructed3 = CONTEXT_SPECIFIC | CONSTRUCTED | 3,
 }
 
+pub(crate) const CONSTRUCTED: u8 = 0x20;
+pub(crate) const CONTEXT_SPECIFIC: u8 = 0x80;
+
 impl From<Tag> for usize {
     #[allow(clippy::as_conversions)]
     fn from(tag: Tag) -> Self {
@@ -377,8 +379,39 @@ pub(crate) fn optional_boolean(input: &mut untrusted::Reader) -> Result<bool, Er
     })
 }
 
+pub(crate) fn nonnegative_integer<'a>(
+    input: &mut untrusted::Reader<'a>,
+) -> Result<untrusted::Input<'a>, Error> {
+    let value = expect_tag_and_get_value(input, Tag::Integer)?;
+    match value
+        .as_slice_less_safe()
+        .split_first()
+        .ok_or(Error::BadDer)?
+    {
+        // Zero or leading zero.
+        (0, rest) => {
+            match rest.first() {
+                // Zero
+                None => Ok(value),
+                // Necessary leading zero.
+                Some(&second) if second & 0x80 == 0x80 => Ok(untrusted::Input::from(rest)),
+                // Unnecessary leading zero.
+                _ => Err(Error::BadDer),
+            }
+        }
+        // Positive value with no leading zero.
+        (first, _) if first & 0x80 == 0x00 => Ok(value),
+        // Negative value.
+        (_, _) => Err(Error::BadDer),
+    }
+}
+
+// Parse an integer in the range 0..=255.
 pub(crate) fn small_nonnegative_integer(input: &mut untrusted::Reader) -> Result<u8, Error> {
-    ring::io::der::small_nonnegative_integer(input).map_err(|_| Error::BadDer)
+    match *nonnegative_integer(input)?.as_slice_less_safe() {
+        [b] => Ok(b),
+        _ => Err(Error::BadDer),
+    }
 }
 
 pub(crate) fn time_choice(input: &mut untrusted::Reader) -> Result<time::Time, Error> {
@@ -702,4 +735,93 @@ mod tests {
         // Bits outside the range of values shouldn't be considered set.
         assert!(!res.bit_set(256));
     }
+
+    #[test]
+    fn test_small_nonnegative_integer() {
+        use super::{small_nonnegative_integer, Error, Tag};
+
+        for value in 0..=127 {
+            let data = [Tag::Integer.into(), 1, value];
+            let mut rd = untrusted::Reader::new(untrusted::Input::from(&data));
+            assert_eq!(small_nonnegative_integer(&mut rd), Ok(value),);
+        }
+
+        for value in 128..=255 {
+            let data = [Tag::Integer.into(), 2, 0x00, value];
+            let mut rd = untrusted::Reader::new(untrusted::Input::from(&data));
+            assert_eq!(small_nonnegative_integer(&mut rd), Ok(value),);
+        }
+
+        // not an integer
+        assert_eq!(
+            small_nonnegative_integer(&mut untrusted::Reader::new(untrusted::Input::from(&[
+                Tag::Sequence.into(),
+                1,
+                1
+            ]))),
+            Err(Error::BadDer)
+        );
+
+        // negative
+        assert_eq!(
+            small_nonnegative_integer(&mut untrusted::Reader::new(untrusted::Input::from(&[
+                Tag::Integer.into(),
+                1,
+                0xff
+            ]))),
+            Err(Error::BadDer)
+        );
+
+        // positive but too large
+        assert_eq!(
+            small_nonnegative_integer(&mut untrusted::Reader::new(untrusted::Input::from(&[
+                Tag::Integer.into(),
+                2,
+                0x01,
+                0x00
+            ]))),
+            Err(Error::BadDer)
+        );
+
+        // unnecessary leading zero
+        assert_eq!(
+            small_nonnegative_integer(&mut untrusted::Reader::new(untrusted::Input::from(&[
+                Tag::Integer.into(),
+                2,
+                0x00,
+                0x05
+            ]))),
+            Err(Error::BadDer)
+        );
+
+        // truncations
+        assert_eq!(
+            small_nonnegative_integer(&mut untrusted::Reader::new(untrusted::Input::from(&[]))),
+            Err(Error::BadDer)
+        );
+
+        assert_eq!(
+            small_nonnegative_integer(&mut untrusted::Reader::new(untrusted::Input::from(&[
+                Tag::Integer.into(),
+            ]))),
+            Err(Error::BadDer)
+        );
+
+        assert_eq!(
+            small_nonnegative_integer(&mut untrusted::Reader::new(untrusted::Input::from(&[
+                Tag::Integer.into(),
+                1,
+            ]))),
+            Err(Error::BadDer)
+        );
+
+        assert_eq!(
+            small_nonnegative_integer(&mut untrusted::Reader::new(untrusted::Input::from(&[
+                Tag::Integer.into(),
+                2,
+                0
+            ]))),
+            Err(Error::BadDer)
+        );
+    }
 }