Use pki-types for SignatureVerificationAlgorithm et al

This is slightly less straightforward, because `AlgorithmIdentifier` is no
longer `Copy` (because it has an owned variant).  This was previously
relied on in several places in `RingAlgorithm`.

rustc also dislikes using const values of `AlgorithmIdentifier`, complaining it
"encountered a reference pointing to mutable memory in a constant".  Make those
statics instead.

src/crl.rs

@@ -12,13 +12,15 @@
 // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
+use pki_types::SignatureVerificationAlgorithm;
+
 use crate::cert::{lenient_certificate_serial_number, Cert, EndEntityOrCa};
 use crate::der::{self, DerIterator, FromDer, Tag, CONSTRUCTED, CONTEXT_SPECIFIC};
 use crate::error::{DerTypeId, Error};
 use crate::signed_data::{self, SignedData};
 use crate::subject_name::GeneralName;
 use crate::x509::{remember_extension, set_extension_once, DistributionPointName, Extension};
-use crate::{SignatureVerificationAlgorithm, Time};
+use crate::Time;
 use core::fmt::Debug;
 
 #[cfg(feature = "alloc")]

src/end_entity.rs

@@ -12,13 +12,13 @@
 // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-use pki_types::{CertificateDer, TrustAnchor};
+use pki_types::{CertificateDer, SignatureVerificationAlgorithm, TrustAnchor};
 
 #[cfg(feature = "alloc")]
 use crate::subject_name::GeneralDnsNameRef;
 use crate::{
     cert, signed_data, subject_name, verify_cert, Error, KeyUsage, RevocationOptions,
-    SignatureVerificationAlgorithm, SubjectNameRef, Time,
+    SubjectNameRef, Time,
 };
 
 /// An end-entity certificate.

src/lib.rs

@@ -65,7 +65,7 @@ pub use {
     crl::{BorrowedCertRevocationList, BorrowedRevokedCert, CertRevocationList, RevocationReason},
     end_entity::EndEntityCert,
     error::{DerTypeId, Error},
-    signed_data::{alg_id, InvalidSignature, SignatureVerificationAlgorithm},
+    signed_data::alg_id,
     subject_name::{
         AddrParseError, DnsNameRef, InvalidDnsNameError, InvalidSubjectNameError, IpAddrRef,
         SubjectNameRef,

src/ring_algs.rs

@@ -12,23 +12,24 @@
 // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-use crate::signed_data::{alg_id, InvalidSignature, SignatureVerificationAlgorithm};
+use crate::signed_data::alg_id;
+use pki_types::{AlgorithmIdentifier, InvalidSignature, SignatureVerificationAlgorithm};
 use ring::signature;
 
 /// A `SignatureVerificationAlgorithm` implemented using *ring*.
 struct RingAlgorithm {
-    public_key_alg_id: alg_id::AlgorithmIdentifier,
-    signature_alg_id: alg_id::AlgorithmIdentifier,
+    public_key_alg_id: &'static AlgorithmIdentifier<'static>,
+    signature_alg_id: &'static AlgorithmIdentifier<'static>,
     verification_alg: &'static dyn signature::VerificationAlgorithm,
 }
 
 impl SignatureVerificationAlgorithm for RingAlgorithm {
-    fn public_key_alg_id(&self) -> alg_id::AlgorithmIdentifier {
-        self.public_key_alg_id
+    fn public_key_alg_id(&self) -> AlgorithmIdentifier {
+        self.public_key_alg_id.clone()
     }
 
-    fn signature_alg_id(&self) -> alg_id::AlgorithmIdentifier {
-        self.signature_alg_id
+    fn signature_alg_id(&self) -> AlgorithmIdentifier {
+        self.signature_alg_id.clone()
     }
 
     fn verify_signature(
@@ -45,61 +46,61 @@ impl SignatureVerificationAlgorithm for RingAlgorithm {
 
 /// ECDSA signatures using the P-256 curve and SHA-256.
 pub static ECDSA_P256_SHA256: &dyn SignatureVerificationAlgorithm = &RingAlgorithm {
-    public_key_alg_id: alg_id::ECDSA_P256,
-    signature_alg_id: alg_id::ECDSA_SHA256,
+    public_key_alg_id: &alg_id::ECDSA_P256,
+    signature_alg_id: &alg_id::ECDSA_SHA256,
     verification_alg: &signature::ECDSA_P256_SHA256_ASN1,
 };
 
 /// ECDSA signatures using the P-256 curve and SHA-384. Deprecated.
 pub static ECDSA_P256_SHA384: &dyn SignatureVerificationAlgorithm = &RingAlgorithm {
-    public_key_alg_id: alg_id::ECDSA_P256,
-    signature_alg_id: alg_id::ECDSA_SHA384,
+    public_key_alg_id: &alg_id::ECDSA_P256,
+    signature_alg_id: &alg_id::ECDSA_SHA384,
     verification_alg: &signature::ECDSA_P256_SHA384_ASN1,
 };
 
 /// ECDSA signatures using the P-384 curve and SHA-256. Deprecated.
 pub static ECDSA_P384_SHA256: &dyn SignatureVerificationAlgorithm = &RingAlgorithm {
-    public_key_alg_id: alg_id::ECDSA_P384,
-    signature_alg_id: alg_id::ECDSA_SHA256,
+    public_key_alg_id: &alg_id::ECDSA_P384,
+    signature_alg_id: &alg_id::ECDSA_SHA256,
     verification_alg: &signature::ECDSA_P384_SHA256_ASN1,
 };
 
 /// ECDSA signatures using the P-384 curve and SHA-384.
 pub static ECDSA_P384_SHA384: &dyn SignatureVerificationAlgorithm = &RingAlgorithm {
-    public_key_alg_id: alg_id::ECDSA_P384,
-    signature_alg_id: alg_id::ECDSA_SHA384,
+    public_key_alg_id: &alg_id::ECDSA_P384,
+    signature_alg_id: &alg_id::ECDSA_SHA384,
     verification_alg: &signature::ECDSA_P384_SHA384_ASN1,
 };
 
 /// RSA PKCS#1 1.5 signatures using SHA-256 for keys of 2048-8192 bits.
 #[cfg(feature = "alloc")]
 pub static RSA_PKCS1_2048_8192_SHA256: &dyn SignatureVerificationAlgorithm = &RingAlgorithm {
-    public_key_alg_id: alg_id::RSA_ENCRYPTION,
-    signature_alg_id: alg_id::RSA_PKCS1_SHA256,
+    public_key_alg_id: &alg_id::RSA_ENCRYPTION,
+    signature_alg_id: &alg_id::RSA_PKCS1_SHA256,
     verification_alg: &signature::RSA_PKCS1_2048_8192_SHA256,
 };
 
 /// RSA PKCS#1 1.5 signatures using SHA-384 for keys of 2048-8192 bits.
 #[cfg(feature = "alloc")]
 pub static RSA_PKCS1_2048_8192_SHA384: &dyn SignatureVerificationAlgorithm = &RingAlgorithm {
-    public_key_alg_id: alg_id::RSA_ENCRYPTION,
-    signature_alg_id: alg_id::RSA_PKCS1_SHA384,
+    public_key_alg_id: &alg_id::RSA_ENCRYPTION,
+    signature_alg_id: &alg_id::RSA_PKCS1_SHA384,
     verification_alg: &signature::RSA_PKCS1_2048_8192_SHA384,
 };
 
 /// RSA PKCS#1 1.5 signatures using SHA-512 for keys of 2048-8192 bits.
 #[cfg(feature = "alloc")]
 pub static RSA_PKCS1_2048_8192_SHA512: &dyn SignatureVerificationAlgorithm = &RingAlgorithm {
-    public_key_alg_id: alg_id::RSA_ENCRYPTION,
-    signature_alg_id: alg_id::RSA_PKCS1_SHA512,
+    public_key_alg_id: &alg_id::RSA_ENCRYPTION,
+    signature_alg_id: &alg_id::RSA_PKCS1_SHA512,
     verification_alg: &signature::RSA_PKCS1_2048_8192_SHA512,
 };
 
 /// RSA PKCS#1 1.5 signatures using SHA-384 for keys of 3072-8192 bits.
 #[cfg(feature = "alloc")]
 pub static RSA_PKCS1_3072_8192_SHA384: &dyn SignatureVerificationAlgorithm = &RingAlgorithm {
-    public_key_alg_id: alg_id::RSA_ENCRYPTION,
-    signature_alg_id: alg_id::RSA_PKCS1_SHA384,
+    public_key_alg_id: &alg_id::RSA_ENCRYPTION,
+    signature_alg_id: &alg_id::RSA_PKCS1_SHA384,
     verification_alg: &signature::RSA_PKCS1_3072_8192_SHA384,
 };
 
@@ -110,8 +111,8 @@ pub static RSA_PKCS1_3072_8192_SHA384: &dyn SignatureVerificationAlgorithm = &Ri
 #[cfg(feature = "alloc")]
 pub static RSA_PSS_2048_8192_SHA256_LEGACY_KEY: &dyn SignatureVerificationAlgorithm =
     &RingAlgorithm {
-        public_key_alg_id: alg_id::RSA_ENCRYPTION,
-        signature_alg_id: alg_id::RSA_PSS_SHA256,
+        public_key_alg_id: &alg_id::RSA_ENCRYPTION,
+        signature_alg_id: &alg_id::RSA_PSS_SHA256,
         verification_alg: &signature::RSA_PSS_2048_8192_SHA256,
     };
 
@@ -122,8 +123,8 @@ pub static RSA_PSS_2048_8192_SHA256_LEGACY_KEY: &dyn SignatureVerificationAlgori
 #[cfg(feature = "alloc")]
 pub static RSA_PSS_2048_8192_SHA384_LEGACY_KEY: &dyn SignatureVerificationAlgorithm =
     &RingAlgorithm {
-        public_key_alg_id: alg_id::RSA_ENCRYPTION,
-        signature_alg_id: alg_id::RSA_PSS_SHA384,
+        public_key_alg_id: &alg_id::RSA_ENCRYPTION,
+        signature_alg_id: &alg_id::RSA_PSS_SHA384,
         verification_alg: &signature::RSA_PSS_2048_8192_SHA384,
     };
 
@@ -134,15 +135,15 @@ pub static RSA_PSS_2048_8192_SHA384_LEGACY_KEY: &dyn SignatureVerificationAlgori
 #[cfg(feature = "alloc")]
 pub static RSA_PSS_2048_8192_SHA512_LEGACY_KEY: &dyn SignatureVerificationAlgorithm =
     &RingAlgorithm {
-        public_key_alg_id: alg_id::RSA_ENCRYPTION,
-        signature_alg_id: alg_id::RSA_PSS_SHA512,
+        public_key_alg_id: &alg_id::RSA_ENCRYPTION,
+        signature_alg_id: &alg_id::RSA_PSS_SHA512,
         verification_alg: &signature::RSA_PSS_2048_8192_SHA512,
     };
 
 /// ED25519 signatures according to RFC 8410
 pub static ED25519: &dyn SignatureVerificationAlgorithm = &RingAlgorithm {
-    public_key_alg_id: alg_id::ED25519,
-    signature_alg_id: alg_id::ED25519,
+    public_key_alg_id: &alg_id::ED25519,
+    signature_alg_id: &alg_id::ED25519,
     verification_alg: &signature::ED25519,
 };
 
@@ -538,7 +539,7 @@ mod tests {
         general_purpose::STANDARD.decode(&base64).unwrap()
     }
 
-    static SUPPORTED_ALGORITHMS_IN_TESTS: &[&dyn signed_data::SignatureVerificationAlgorithm] = &[
+    static SUPPORTED_ALGORITHMS_IN_TESTS: &[&dyn super::SignatureVerificationAlgorithm] = &[
         // Reasonable algorithms.
         super::ECDSA_P256_SHA256,
         super::ECDSA_P384_SHA384,