From 085edf92b2a883f20a96beeedd25cb3d0f893096 Mon Sep 17 00:00:00 2001
From: Arthur Gautier <baloo@superbaloo.net>
Date: Tue, 28 Nov 2023 11:04:27 -0800
Subject: [PATCH 1/4] spki: adds a public key to SubjectPublicKeyInfoOwned
 helper (#1269)

This adds a `SubjectPublicKeyInfoOwned::from_key` helper that will accept any
public key (an object implementing `EncodePublicKey`).
---
 spki/src/spki.rs | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/spki/src/spki.rs b/spki/src/spki.rs
index 3d949f887..b7e4c9280 100644
--- a/spki/src/spki.rs
+++ b/spki/src/spki.rs
@@ -181,6 +181,7 @@ impl<Params, Key> PemLabel for SubjectPublicKeyInfo<Params, Key> {
 #[cfg(feature = "alloc")]
 mod allocating {
     use super::*;
+    use crate::EncodePublicKey;
     use der::referenced::*;
 
     impl<'a> RefToOwned<'a> for SubjectPublicKeyInfoRef<'a> {
@@ -202,4 +203,15 @@ mod allocating {
             }
         }
     }
+
+    impl SubjectPublicKeyInfoOwned {
+        /// Create a [`SubjectPublicKeyInfoOwned`] from any object that implements
+        /// [`EncodePublicKey`].
+        pub fn from_key<T>(source: T) -> Result<Self>
+        where
+            T: EncodePublicKey,
+        {
+            Ok(source.to_public_key_der()?.decode_msg::<Self>()?)
+        }
+    }
 }

From 15ea461dc3484d48710deed932e4d3d9052c1f9b Mon Sep 17 00:00:00 2001
From: Arthur Gautier <baloo@superbaloo.net>
Date: Tue, 28 Nov 2023 11:35:04 -0800
Subject: [PATCH 2/4] spki: v0.7.3 (#1272)

Added:
 - public key to `SubjectPublicKeyInfoOwned` helper (#1269)
---
 Cargo.lock        | 2 +-
 spki/CHANGELOG.md | 6 ++++++
 spki/Cargo.toml   | 2 +-
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index c3ac2b1af..8179f1ce6 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1488,7 +1488,7 @@ checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"
 
 [[package]]
 name = "spki"
-version = "0.7.2"
+version = "0.7.3"
 dependencies = [
  "arbitrary",
  "base64ct",
diff --git a/spki/CHANGELOG.md b/spki/CHANGELOG.md
index c20ba8b77..cf3722dde 100644
--- a/spki/CHANGELOG.md
+++ b/spki/CHANGELOG.md
@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## 0.7.3 (2023-11-28)
+### Added
+- public key to `SubjectPublicKeyInfoOwned` helper ([#1269])
+
+[#1269]: https://github.com/RustCrypto/formats/pull/1269
+
 ## 0.7.2 (2023-05-04)
 
 ### Added
diff --git a/spki/Cargo.toml b/spki/Cargo.toml
index de7a98449..e9e268731 100644
--- a/spki/Cargo.toml
+++ b/spki/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "spki"
-version = "0.7.2"
+version = "0.7.3"
 description = """
 X.509 Subject Public Key Info (RFC5280) describing public keys as well as their
 associated AlgorithmIdentifiers (i.e. OIDs)

From 1d825c1fe519eb4592b7f5b03d4bde9db0a2a6c1 Mon Sep 17 00:00:00 2001
From: Arthur Gautier <baloo@superbaloo.net>
Date: Tue, 28 Nov 2023 12:50:37 -0800
Subject: [PATCH 3/4] x509-cert: use `SubjectPublicKeyInfoOwned::from_key`
 (#1271)

---
 x509-cert/Cargo.toml     | 2 +-
 x509-cert/src/builder.rs | 8 ++------
 2 files changed, 3 insertions(+), 7 deletions(-)

diff --git a/x509-cert/Cargo.toml b/x509-cert/Cargo.toml
index b90401750..033f48b3a 100644
--- a/x509-cert/Cargo.toml
+++ b/x509-cert/Cargo.toml
@@ -17,7 +17,7 @@ rust-version = "1.65"
 [dependencies]
 const-oid = { version = "0.9.3", features = ["db"] }
 der = { version = "0.7.6", features = ["alloc", "derive", "flagset", "oid"] }
-spki = { version = "0.7.2", features = ["alloc"] }
+spki = { version = "0.7.3", features = ["alloc"] }
 
 # optional dependencies
 arbitrary = { version = "1.3", features = ["derive"], optional = true }
diff --git a/x509-cert/src/builder.rs b/x509-cert/src/builder.rs
index ec51a7e35..c778f1e2f 100644
--- a/x509-cert/src/builder.rs
+++ b/x509-cert/src/builder.rs
@@ -276,9 +276,7 @@ where
         cert_signer: &'s S,
     ) -> Result<Self> {
         let verifying_key = cert_signer.verifying_key();
-        let signer_pub = verifying_key
-            .to_public_key_der()?
-            .decode_msg::<SubjectPublicKeyInfoOwned>()?;
+        let signer_pub = SubjectPublicKeyInfoOwned::from_key(verifying_key)?;
 
         let signature_alg = cert_signer.signature_algorithm_identifier()?;
         let issuer = profile.get_issuer(&subject);
@@ -370,9 +368,7 @@ where
     pub fn new(subject: Name, req_signer: &'s S) -> Result<Self> {
         let version = Default::default();
         let verifying_key = req_signer.verifying_key();
-        let public_key = verifying_key
-            .to_public_key_der()?
-            .decode_msg::<SubjectPublicKeyInfoOwned>()?;
+        let public_key = SubjectPublicKeyInfoOwned::from_key(verifying_key)?;
         let attributes = Default::default();
         let extension_req = Default::default();
 

From 5eb52b0be77d36a461277b1e88010867b46109c8 Mon Sep 17 00:00:00 2001
From: Arthur Gautier <baloo@superbaloo.net>
Date: Mon, 4 Dec 2023 12:44:37 -0800
Subject: [PATCH 4/4] .cargo/audit.toml: ignore RUSTSEC-2023-0071 (#1276)

It's not actionable until a new release of the `rsa` crate is available
---
 .cargo/audit.toml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.cargo/audit.toml b/.cargo/audit.toml
index 49970669a..bd592a8a7 100644
--- a/.cargo/audit.toml
+++ b/.cargo/audit.toml
@@ -1,4 +1,5 @@
 [advisories]
 ignore = [
     "RUSTSEC-2021-0127", # serde_cbor is unmaintained
+    "RUSTSEC-2023-0071", # rsa: Marvin Attack: potential key recovery
 ]