elliptic-curve: bump pkcs8 crate dependency to v0.3 (#405)

elliptic-curve/Cargo.toml

@@ -20,7 +20,7 @@ digest = { version = "0.9", optional = true }
 ff = { version = "0.8", optional = true, default-features = false }
 group = { version = "0.8", optional = true, default-features = false }
 generic-array = { version = "0.14", default-features = false }
-pkcs8 = { version = "0.1", optional = true }
+pkcs8 = { version = "0.3", optional = true }
 rand_core = { version = "0.5", default-features = false }
 subtle = { version = "2.3", default-features = false }
 zeroize = { version = "1", optional = true,  default-features = false }

elliptic-curve/src/public_key.rs

@@ -281,19 +281,19 @@ where
     UncompressedPointSize<C>: ArrayLength<u8>,
 {
     fn from_spki(spki: pkcs8::SubjectPublicKeyInfo<'_>) -> pkcs8::Result<Self> {
-        if spki.algorithm.oid != ALGORITHM_OID || spki.algorithm.parameters != Some(C::OID) {
-            return Err(pkcs8::Error);
+        if spki.algorithm.oid != ALGORITHM_OID || spki.algorithm.parameters_oid() != Some(C::OID) {
+            return Err(pkcs8::Error::Decode);
         }
 
         // Strip leading `0` byte if it exists
         // TODO(tarcieri): determine if there's actually any case where this byte doesn't exist
         let bytes = match spki.subject_public_key.get(0) {
             Some(0) => &spki.subject_public_key[1..],
             Some(_) => spki.subject_public_key,
-            None => return Err(pkcs8::Error),
+            None => return Err(pkcs8::Error::Decode),
         };
 
-        Self::from_sec1_bytes(bytes).map_err(|_| pkcs8::Error)
+        Self::from_sec1_bytes(bytes).map_err(|_| pkcs8::Error::Decode)
     }
 }
 

elliptic-curve/src/secret_key.rs

@@ -163,9 +163,9 @@ where
         private_key_info: pkcs8::PrivateKeyInfo<'_>,
     ) -> pkcs8::Result<Self> {
         if private_key_info.algorithm.oid != ALGORITHM_OID
-            || private_key_info.algorithm.parameters != Some(C::OID)
+            || private_key_info.algorithm.parameters_oid() != Some(C::OID)
         {
-            return Err(pkcs8::Error);
+            return Err(pkcs8::Error::Decode);
         }
 
         let bytes = private_key_info.private_key;
@@ -177,27 +177,28 @@ where
         // 3-bytes: INTEGER version: tag byte + length + value
         // 2-bytes: OCTET STRING header: tag byte + length
         if bytes.len() < 2 + 3 + 2 + C::FieldSize::to_usize() {
-            return Err(pkcs8::Error);
+            return Err(pkcs8::Error::Decode);
         }
 
         // Check key begins with ASN.1 DER SEQUENCE tag (0x30) + valid length,
         // where the length omits the leading SEQUENCE header (tag + length byte)
         if bytes[0] != 0x30 || bytes[1].checked_add(2).unwrap() as usize != bytes.len() {
-            return Err(pkcs8::Error);
+            return Err(pkcs8::Error::Decode);
         }
 
         // Validate version field (ASN.1 DER INTEGER value: 1)
         if bytes[2..=4] != [0x02, 0x01, 0x01] {
-            return Err(pkcs8::Error);
+            return Err(pkcs8::Error::Decode);
         }
 
         // Validate ASN.1 DER OCTET STRING header: tag (0x04) + valid length
         if bytes[5] != 0x04 || bytes[6] as usize != C::FieldSize::to_usize() {
-            return Err(pkcs8::Error);
+            return Err(pkcs8::Error::Decode);
         }
 
         // TODO(tarcieri): extract and validate public key
-        Self::from_bytes(&bytes[7..(7 + C::FieldSize::to_usize())]).map_err(|_| pkcs8::Error)
+        Self::from_bytes(&bytes[7..(7 + C::FieldSize::to_usize())])
+            .map_err(|_| pkcs8::Error::Decode)
     }
 }