dice-mfg: replace pem crate w/ pem-rfc7468

oxidecomputer · Mar 11, 2024 · 777c8e1 · 777c8e1
1 parent 29c6e55
commit 777c8e1
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 33 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -26,7 +26,6 @@ hex.version = "0.4"
 hubpack = "0.1"
 log = { version = "0.4", features = ["std"] }
 p384 = { version = "0.13", default-features = false }
-pem = { version = "3", default-features = false }
 pem-rfc7468 = { version = "0.7.0", default-features = false }
 ron = "0.8"
 rpassword = "7.3.1"

diff --git a/dice-mfg/Cargo.toml b/dice-mfg/Cargo.toml
@@ -14,7 +14,7 @@ corncobs.workspace = true
 dice-mfg-msgs = { path = "../dice-mfg-msgs", features = ["std"] }
 env_logger.workspace = true
 log.workspace = true
-pem = { workspace = true, features = ["std"] }
+pem-rfc7468 = { workspace = true, features = ["alloc", "std"] }
 rpassword.workspace = true
 serde_json.workspace = true
 serialport.workspace = true

diff --git a/dice-mfg/src/lib.rs b/dice-mfg/src/lib.rs
@@ -619,25 +619,20 @@ impl CertSigner {
 }
 
 fn sized_blob_from_pem_path(p: &PathBuf) -> Result<SizedBlob> {
-    let cert = fs::read_to_string(p)?;
-    let cert = pem::parse(cert)?;
+    let cert = fs::read(p)?;
+    let (_, cert) = pem_rfc7468::decode_vec(&cert)?;
 
-    // Error type doesn't implement std Error
-    Ok(SizedBlob::try_from(cert.contents())?)
+    Ok(SizedBlob::try_from(&cert[..])?)
 }
 
 pub fn save_csr<W: Write>(mut w: W, csr: SizedBlob) -> Result<()> {
     let size = usize::from(csr.size);
 
-    // encode as PEM
-    let pem = pem::Pem::new(
-        String::from("CERTIFICATE REQUEST"),
-        csr.as_bytes()[..size].to_vec(),
-    );
-    let csr_pem = pem::encode_config(
-        &pem,
-        pem::EncodeConfig::new().set_line_ending(pem::LineEnding::LF),
-    );
+    let csr_pem = pem_rfc7468::encode_string(
+        "CERTIFICATE REQUEST",
+        pem_rfc7468::LineEnding::LF,
+        &csr.as_bytes()[..size],
+    )?;
 
     Ok(w.write_all(csr_pem.as_bytes())?)
 }