From: Roy7Kim <myoungwoon.kim@samsung.com>
Date: Wed, 15 Mar 2023 08:19:44 +0000 (+0900)
Subject: Bump to rust-webpki 0.22.0
X-Git-Tag: accepted/tizen/rust/20231016.022233~1^2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=8f7b618b4b0b9b6e1d43d4a0baa2573f8c33be00;p=platform%2Fupstream%2Frust-webpki.git

Bump to rust-webpki 0.22.0
---

diff --git a/packaging/extern.patch b/packaging/extern.patch
new file mode 100644
index 0000000..d5e062e
--- /dev/null
+++ b/packaging/extern.patch
@@ -0,0 +1,102 @@
+diff --git a/src/cert.rs b/src/cert.rs
+index 7c76f2e..8a7c33e 100644
+--- a/src/cert.rs
++++ b/src/cert.rs
+@@ -66,7 +66,7 @@ pub(crate) fn parse_cert_internal<'a>(
+         // TODO: In mozilla::pkix, the comparison is done based on the
+         // normalized value (ignoring whether or not there is an optional NULL
+         // parameter for RSA-based algorithms), so this may be too strict.
+-        if signature != signed_data.algorithm {
++        if signature.as_slice_less_safe() != signed_data.algorithm.as_slice_less_safe() {
+             return Err(Error::SignatureAlgorithmMismatch);
+         }
+ 
+diff --git a/src/lib.rs b/src/lib.rs
+index ce9e71a..d0bb038 100644
+--- a/src/lib.rs
++++ b/src/lib.rs
+@@ -41,6 +41,8 @@
+ #[cfg(any(test, feature = "alloc"))]
+ #[cfg_attr(test, macro_use)]
+ extern crate alloc;
++extern crate ring;
++extern crate untrusted;
+ 
+ #[macro_use]
+ mod der;
+diff --git a/src/name/verify.rs b/src/name/verify.rs
+index 6082c19..63f73bd 100644
+--- a/src/name/verify.rs
++++ b/src/name/verify.rs
+@@ -234,7 +234,7 @@ fn presented_directory_name_matches_constraint(
+     subtrees: Subtrees,
+ ) -> bool {
+     match subtrees {
+-        Subtrees::PermittedSubtrees => name == constraint,
++        Subtrees::PermittedSubtrees => name.as_slice_less_safe() == constraint.as_slice_less_safe(),
+         Subtrees::ExcludedSubtrees => true,
+     }
+ }
+diff --git a/src/signed_data.rs b/src/signed_data.rs
+index 834f907..bd94c68 100644
+--- a/src/signed_data.rs
++++ b/src/signed_data.rs
+@@ -312,7 +312,7 @@ struct AlgorithmIdentifier {
+ 
+ impl AlgorithmIdentifier {
+     fn matches_algorithm_id_value(&self, encoded: untrusted::Input) -> bool {
+-        encoded == self.asn1_id_value
++        encoded.as_slice_less_safe() == self.asn1_id_value.as_slice_less_safe()
+     }
+ }
+ 
+diff --git a/src/verify_cert.rs b/src/verify_cert.rs
+index c68e6cf..fca933e 100644
+--- a/src/verify_cert.rs
++++ b/src/verify_cert.rs
+@@ -55,7 +55,7 @@ pub fn build_chain(
+ 
+     match loop_while_non_fatal_error(trust_anchors, |trust_anchor: &TrustAnchor| {
+         let trust_anchor_subject = untrusted::Input::from(trust_anchor.subject);
+-        if cert.issuer != trust_anchor_subject {
++        if cert.issuer.as_slice_less_safe() != trust_anchor_subject.as_slice_less_safe() {
+             return Err(Error::UnknownIssuer);
+         }
+ 
+@@ -85,15 +85,15 @@ pub fn build_chain(
+         let potential_issuer =
+             cert::parse_cert(untrusted::Input::from(*cert_der), EndEntityOrCa::Ca(&cert))?;
+ 
+-        if potential_issuer.subject != cert.issuer {
++        if potential_issuer.subject.as_slice_less_safe() != cert.issuer.as_slice_less_safe() {
+             return Err(Error::UnknownIssuer);
+         }
+ 
+         // Prevent loops; see RFC 4158 section 5.2.
+         let mut prev = cert;
+         loop {
+-            if potential_issuer.spki.value() == prev.spki.value()
+-                && potential_issuer.subject == prev.subject
++            if potential_issuer.spki.value().as_slice_less_safe() == prev.spki.value().as_slice_less_safe()
++                && potential_issuer.subject.as_slice_less_safe() == prev.subject.as_slice_less_safe()
+             {
+                 return Err(Error::UnknownIssuer);
+             }
+@@ -302,7 +302,7 @@ fn check_eku(
+         Some(input) => {
+             loop {
+                 let value = der::expect_tag_and_get_value(input, der::Tag::OID)?;
+-                if value == required_eku_if_present.oid_value {
++                if value.as_slice_less_safe() == required_eku_if_present.oid_value.as_slice_less_safe() {
+                     input.skip_to_end();
+                     break;
+                 }
+@@ -322,7 +322,7 @@ fn check_eku(
+             // important that id-kp-OCSPSigning is explicit so that a normal
+             // end-entity certificate isn't able to sign trusted OCSP responses
+             // for itself or for other certificates issued by its issuing CA.
+-            if required_eku_if_present.oid_value == EKU_OCSP_SIGNING.oid_value {
++            if required_eku_if_present.oid_value.as_slice_less_safe() == EKU_OCSP_SIGNING.oid_value.as_slice_less_safe() {
+                 return Err(Error::RequiredEkuNotFound);
+             }
+ 
diff --git a/packaging/rust-webpki.manifest b/packaging/rust-webpki.manifest
new file mode 100644
index 0000000..017d22d
--- /dev/null
+++ b/packaging/rust-webpki.manifest
@@ -0,0 +1,5 @@
+<manifest>
+ <request>
+    <domain name="_"/>
+ </request>
+</manifest>
diff --git a/packaging/rust-webpki.spec b/packaging/rust-webpki.spec
new file mode 100644
index 0000000..45cd216
--- /dev/null
+++ b/packaging/rust-webpki.spec
@@ -0,0 +1,75 @@
+# Generated by rust2rpm 23
+%global _rpm_strip_disable 1
+%global debug_package %{nil}
+
+%global crate webpki
+%global real_crate_name webpki
+%global rustc_edition 2018
+
+Name:           rust-webpki
+Version:        0.22.0
+Release:        1
+Summary:        Web PKI X.509 Certificate Verification
+
+# Upstream license specification: None
+License:        # FIXME
+
+URL:            https://crates.io/crates/webpki
+Source:         %{crate}-%{version}.tar.gz
+Source1:        %{name}.manifest
+Source2:        extern.patch
+
+# ==========================================================
+# BuildRequires
+# specifies build-time dependencies for the package
+# ==========================================================
+BuildRequires:  rust
+BuildRequires:  rust-ring
+BuildRequires:  rust-untrusted
+
+# ==========================================================
+# dev-dependencies
+# ==========================================================
+# BuildRequires:  rust-base64 
+
+
+%description
+Web PKI X.509 Certificate Verification.
+
+%prep
+%setup -q
+cp %{SOURCE1} .
+%{__patch} -p1 < %{SOURCE2}
+
+# ==========================================================
+# build section
+# crate-type : dylib, proc-macro, cdylib, bin, etc.
+# ==========================================================
+%build
+ %{rustc_std_build} --crate-type=dylib \
+         --crate-name=%{real_crate_name} \
+         %{?rustc_edition:--edition=%{rustc_edition}} \
+         --cfg='feature="std"' \
+         --cfg='feature="alloc"' \
+         ./src/lib.rs
+
+# ==========================================================
+# install section
+# ==========================================================
+%install
+ install -d -m 0755 %{buildroot}%{_rust_dylibdir}
+ install -m 0644 lib%{real_crate_name}.so %{buildroot}/%{_rust_dylibdir}/lib%{real_crate_name}.so
+
+%clean
+
+%post -p /sbin/ldconfig
+
+%postun -p /sbin/ldconfig
+
+# ==========================================================
+# files section
+# ==========================================================
+%files
+%manifest %{name}.manifest
+ %license LICENSE
+ %{_rust_dylibdir}/lib%{real_crate_name}.so