pkcs5: remove lifetimes (#1195)

Removes lifetimes from all types in the `pkcs5` crate, making them own their data. Signed-off-by: Arthur Gautier <[email protected]> Co-authored-by: Arthur Gautier <[email protected]>
RustCrypto · Jan 7, 2024 · b5d5dcb · b5d5dcb
1 parent dd6f364
commit b5d5dcb
Show file tree

Hide file tree

Showing 12 changed files with 274 additions and 166 deletions.
diff --git a/.github/workflows/cms.yml b/.github/workflows/cms.yml
@@ -42,6 +42,9 @@ jobs:
       - run: cargo hack build --target ${{ matrix.target }} --feature-powerset --exclude-features arbitrary,default,std,builder
 
   minimal-versions:
+    # Temporarily disabled until pkcs8 0.8.0-pre gets published
+    # see #1196
+    if: false
     uses: RustCrypto/actions/.github/workflows/minimal-versions.yml@master
     with:
         working-directory: ${{ github.workflow }}

diff --git a/.github/workflows/pkcs8.yml b/.github/workflows/pkcs8.yml
@@ -42,11 +42,13 @@ jobs:
       - uses: RustCrypto/actions/cargo-hack-install@master
       - run: cargo hack build --target ${{ matrix.target }} --feature-powerset --exclude-features getrandom,std,rand
 
-  # TODO(tarcieri): re-enable this when we're not using unpublished prerelease dependencies
-  #  minimal-versions:
-  #    uses: RustCrypto/actions/.github/workflows/minimal-versions.yml@master
-  #    with:
-  #        working-directory: ${{ github.workflow }}
+  minimal-versions:
+    # Temporarily disabled until pkcs8 0.8.0-pre gets published
+    # see #1196
+    if: false
+    uses: RustCrypto/actions/.github/workflows/minimal-versions.yml@master
+    with:
+        working-directory: ${{ github.workflow }}
 
   test:
     runs-on: ubuntu-latest

diff --git a/cms/Cargo.toml b/cms/Cargo.toml
@@ -34,8 +34,8 @@ zeroize = { version = "1.6.0", optional = true }
 getrandom = "0.2"
 hex-literal = "0.4"
 pem-rfc7468 = "0.7.0"
-pkcs5 = { version = "0.7" }
-rand = { version = "0.8.5" }
+pkcs5 = "0.7"
+rand = "0.8.5"
 rsa = { version = "0.9.6", features = ["sha2"] }
 ecdsa = { version = "0.16.8", features = ["digest", "pem"] }
 p256 = "0.13.0"

diff --git a/pkcs5/src/lib.rs b/pkcs5/src/lib.rs
@@ -49,7 +49,7 @@ use alloc::vec::Vec;
 #[derive(Clone, Debug, Eq, PartialEq)]
 #[non_exhaustive]
 #[allow(clippy::large_enum_variant)]
-pub enum EncryptionScheme<'a> {
+pub enum EncryptionScheme {
     /// Password-Based Encryption Scheme 1 as defined in [RFC 8018 Section 6.1].
     ///
     /// [RFC 8018 Section 6.1]: https://tools.ietf.org/html/rfc8018#section-6.1
@@ -58,10 +58,10 @@ pub enum EncryptionScheme<'a> {
     /// Password-Based Encryption Scheme 2 as defined in [RFC 8018 Section 6.2].
     ///
     /// [RFC 8018 Section 6.2]: https://tools.ietf.org/html/rfc8018#section-6.2
-    Pbes2(pbes2::Parameters<'a>),
+    Pbes2(pbes2::Parameters),
 }
 
-impl<'a> EncryptionScheme<'a> {
+impl EncryptionScheme {
     /// Attempt to decrypt the given ciphertext, allocating and returning a
     /// byte vector containing the plaintext.
     #[cfg(all(feature = "alloc", feature = "pbes2"))]
@@ -79,11 +79,11 @@ impl<'a> EncryptionScheme<'a> {
     /// is unsupported, or if the ciphertext is malformed (e.g. not a multiple
     /// of a block mode's padding)
     #[cfg(feature = "pbes2")]
-    pub fn decrypt_in_place<'b>(
+    pub fn decrypt_in_place<'a>(
         &self,
         password: impl AsRef<[u8]>,
-        buffer: &'b mut [u8],
-    ) -> Result<&'b [u8]> {
+        buffer: &'a mut [u8],
+    ) -> Result<&'a [u8]> {
         match self {
             Self::Pbes2(params) => params.decrypt_in_place(password, buffer),
             Self::Pbes1(_) => Err(Error::NoPbes1CryptSupport),
@@ -103,12 +103,12 @@ impl<'a> EncryptionScheme<'a> {
     /// Encrypt the given ciphertext in-place using a key derived from the
     /// provided password and this scheme's parameters.
     #[cfg(feature = "pbes2")]
-    pub fn encrypt_in_place<'b>(
+    pub fn encrypt_in_place<'a>(
         &self,
         password: impl AsRef<[u8]>,
-        buffer: &'b mut [u8],
+        buffer: &'a mut [u8],
         pos: usize,
-    ) -> Result<&'b [u8]> {
+    ) -> Result<&'a [u8]> {
         match self {
             Self::Pbes2(params) => params.encrypt_in_place(password, buffer, pos),
             Self::Pbes1(_) => Err(Error::NoPbes1CryptSupport),
@@ -132,21 +132,21 @@ impl<'a> EncryptionScheme<'a> {
     }
 
     /// Get [`pbes2::Parameters`] if it is the selected algorithm.
-    pub fn pbes2(&self) -> Option<&pbes2::Parameters<'a>> {
+    pub fn pbes2(&self) -> Option<&pbes2::Parameters> {
         match self {
             Self::Pbes2(params) => Some(params),
             _ => None,
         }
     }
 }
 
-impl<'a> DecodeValue<'a> for EncryptionScheme<'a> {
+impl<'a> DecodeValue<'a> for EncryptionScheme {
     fn decode_value<R: Reader<'a>>(decoder: &mut R, header: Header) -> der::Result<Self> {
         AlgorithmIdentifierRef::decode_value(decoder, header)?.try_into()
     }
 }
 
-impl EncodeValue for EncryptionScheme<'_> {
+impl EncodeValue for EncryptionScheme {
     fn value_len(&self) -> der::Result<Length> {
         match self {
             Self::Pbes1(pbes1) => pbes1.oid().encoded_len()? + pbes1.parameters.encoded_len()?,
@@ -170,24 +170,24 @@ impl EncodeValue for EncryptionScheme<'_> {
     }
 }
 
-impl<'a> Sequence<'a> for EncryptionScheme<'a> {}
+impl Sequence<'_> for EncryptionScheme {}
 
-impl<'a> From<pbes1::Algorithm> for EncryptionScheme<'a> {
-    fn from(alg: pbes1::Algorithm) -> EncryptionScheme<'a> {
+impl From<pbes1::Algorithm> for EncryptionScheme {
+    fn from(alg: pbes1::Algorithm) -> EncryptionScheme {
         Self::Pbes1(alg)
     }
 }
 
-impl<'a> From<pbes2::Parameters<'a>> for EncryptionScheme<'a> {
-    fn from(params: pbes2::Parameters<'a>) -> EncryptionScheme<'a> {
+impl From<pbes2::Parameters> for EncryptionScheme {
+    fn from(params: pbes2::Parameters) -> EncryptionScheme {
         Self::Pbes2(params)
     }
 }
 
-impl<'a> TryFrom<AlgorithmIdentifierRef<'a>> for EncryptionScheme<'a> {
+impl TryFrom<AlgorithmIdentifierRef<'_>> for EncryptionScheme {
     type Error = der::Error;
 
-    fn try_from(alg: AlgorithmIdentifierRef<'a>) -> der::Result<EncryptionScheme<'_>> {
+    fn try_from(alg: AlgorithmIdentifierRef<'_>) -> der::Result<EncryptionScheme> {
         if alg.oid == pbes2::PBES2_OID {
             match alg.parameters {
                 Some(params) => pbes2::Parameters::try_from(params).map(Into::into),
@@ -199,10 +199,10 @@ impl<'a> TryFrom<AlgorithmIdentifierRef<'a>> for EncryptionScheme<'a> {
     }
 }
 
-impl<'a> TryFrom<&'a [u8]> for EncryptionScheme<'a> {
+impl TryFrom<&[u8]> for EncryptionScheme {
     type Error = der::Error;
 
-    fn try_from(bytes: &'a [u8]) -> der::Result<EncryptionScheme<'a>> {
+    fn try_from(bytes: &[u8]) -> der::Result<EncryptionScheme> {
         AlgorithmIdentifierRef::from_der(bytes)?.try_into()
     }
 }