diff --git a/Cargo.lock b/Cargo.lock index 1fcfb8b9b2..7589011841 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1161,9 +1161,9 @@ dependencies = [ [[package]] name = "deno_cache_dir" -version = "0.6.0" +version = "0.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "026d622a8251c427bdb506798b003926b059640a247d524e1f773751cce9f0bf" +checksum = "2bbb245d9a3719b5eb2b5195aaaa25108c3c93d1762b181a20fb1af1c7703eaf" dependencies = [ "anyhow", "deno_media_type", @@ -1469,9 +1469,9 @@ dependencies = [ [[package]] name = "deno_lockfile" -version = "0.17.1" +version = "0.17.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c7673d66847223bd4115075a96b0699da71b1755524aeb3956f0a3edf3af3217" +checksum = "8cd29f62e6dec60e585f579df3e9c2fc562aadf881319152974bc442a9042077" dependencies = [ "ring", "serde", @@ -3120,7 +3120,7 @@ version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" dependencies = [ - "spin", + "spin 0.5.2", ] [[package]] @@ -4384,17 +4384,16 @@ dependencies = [ [[package]] name = "ring" -version = "0.16.20" +version = "0.17.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc" +checksum = "911b295d2d302948838c8ac142da1ee09fa7863163b44e6715bc9357905878b8" dependencies = [ "cc", + "getrandom 0.2.10", "libc", - "once_cell", - "spin", + "spin 0.9.8", "untrusted", - "web-sys", - "winapi", + "windows-sys", ] [[package]] @@ -4495,9 +4494,9 @@ dependencies = [ [[package]] name = "rustls" -version = "0.21.7" +version = "0.21.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cd8d6c9f025a446bc4d18ad9632e69aec8f287aa84499ee335599fabd20c3fd8" +checksum = "446e14c5cda4f3f30fe71863c34ec70f5ac79d6087097ad0bb433e1be5edf04c" dependencies = [ "log", "ring", @@ -4528,9 +4527,9 @@ dependencies = [ [[package]] name = "rustls-webpki" -version = "0.101.6" +version = "0.101.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3c7d5dece342910d9ba34d259310cae3e0154b873b35408b787b59bce53d34fe" +checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765" dependencies = [ "ring", "untrusted", @@ -4640,9 +4639,9 @@ dependencies = [ [[package]] name = "sct" -version = "0.7.0" +version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d53dcdb7c9f8158937a7981b48accfd39a43af418591a5d008c7b22b5e1b7ca4" +checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414" dependencies = [ "ring", "untrusted", @@ -4993,6 +4992,12 @@ version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" +[[package]] +name = "spin" +version = "0.9.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" + [[package]] name = "spki" version = "0.6.0" @@ -6104,7 +6109,7 @@ version = "1.6.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "97fee6b57c6a41524a810daee9286c02d7752c4253064d0b05472833a438f675" dependencies = [ - "cfg-if 1.0.0", + "cfg-if 0.1.10", "rand 0.8.5", "static_assertions", ] @@ -6234,9 +6239,9 @@ dependencies = [ [[package]] name = "untrusted" -version = "0.7.1" +version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" +checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" [[package]] name = "url" diff --git a/Cargo.toml b/Cargo.toml index 81e0f388c8..77f229e04d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -45,7 +45,7 @@ deno_runtime = { version = "0.129.0", path = "./runtime" } napi_sym = { version = "0.51.0", path = "./cli/napi/sym" } deno_bench_util = { version = "0.115.0", path = "./bench_util" } test_util = { path = "./test_util" } -deno_lockfile = "0.17.1" +deno_lockfile = "0.17.2" deno_media_type = { version = "0.1.1", features = ["module_specifier"] } # exts @@ -118,9 +118,9 @@ rand = "=0.8.5" regex = "^1.7.0" lazy-regex = "3" reqwest = { version = "0.11.20", default-features = false, features = ["rustls-tls", "stream", "gzip", "brotli", "socks", "json"] } -ring = "=0.16.20" +ring = "^0.17.0" rusqlite = { version = "=0.29.0", features = ["unlock_notify", "bundled"] } -rustls = "0.21.0" +rustls = "0.21.8" rustls-pemfile = "1.0.0" rustls-webpki = "0.101.4" rustls-native-certs = "0.6.2" diff --git a/cli/Cargo.toml b/cli/Cargo.toml index b6547c2b3d..5f54062543 100644 --- a/cli/Cargo.toml +++ b/cli/Cargo.toml @@ -46,7 +46,7 @@ winres.workspace = true [dependencies] deno_ast = { workspace = true, features = ["bundler", "cjs", "codegen", "dep_graph", "module_specifier", "proposal", "react", "sourcemap", "transforms", "typescript", "view", "visit"] } -deno_cache_dir = "=0.6.0" +deno_cache_dir = "=0.6.1" deno_config = "=0.4.0" deno_core = { workspace = true, features = ["include_js_files_for_snapshotting"] } deno_doc = "=0.70.0" diff --git a/ext/crypto/generate_key.rs b/ext/crypto/generate_key.rs index abe7ef1ee5..bda3d3226f 100644 --- a/ext/crypto/generate_key.rs +++ b/ext/crypto/generate_key.rs @@ -136,7 +136,7 @@ fn generate_key_hmac( length } else { - hash.digest_algorithm().block_len + hash.digest_algorithm().block_len() }; let rng = ring::rand::SystemRandom::new(); diff --git a/ext/crypto/import_key.rs b/ext/crypto/import_key.rs index 0a864d68cd..8ef73a8c44 100644 --- a/ext/crypto/import_key.rs +++ b/ext/crypto/import_key.rs @@ -556,10 +556,12 @@ fn import_key_ec_jwk( } }; + let rng = ring::rand::SystemRandom::new(); let _key_pair = EcdsaKeyPair::from_private_key_and_public_key( key_alg, private_d.as_bytes(), point_bytes.as_ref(), + &rng, ); Ok(ImportKeyResult::Ec { @@ -658,8 +660,9 @@ fn import_key_ec( } }; + let rng = ring::rand::SystemRandom::new(); // deserialize pkcs8 using ring crate, to VALIDATE public key - let _private_key = EcdsaKeyPair::from_pkcs8(signing_alg, &data)?; + let _private_key = EcdsaKeyPair::from_pkcs8(signing_alg, &data, &rng)?; // 11. if named_curve != pk_named_curve { diff --git a/ext/crypto/lib.rs b/ext/crypto/lib.rs index 3be6bcc3db..87b9702ce0 100644 --- a/ext/crypto/lib.rs +++ b/ext/crypto/lib.rs @@ -266,7 +266,8 @@ pub async fn op_crypto_sign_key( let curve: &EcdsaSigningAlgorithm = args.named_curve.ok_or_else(not_supported)?.try_into()?; - let key_pair = EcdsaKeyPair::from_pkcs8(curve, &args.key.data)?; + let rng = RingRand::SystemRandom::new(); + let key_pair = EcdsaKeyPair::from_pkcs8(curve, &args.key.data, &rng)?; // We only support P256-SHA256 & P384-SHA384. These are recommended signature pairs. // https://briansmith.org/rustdoc/ring/signature/index.html#statics if let Some(hash) = args.hash { @@ -276,7 +277,6 @@ pub async fn op_crypto_sign_key( } }; - let rng = RingRand::SystemRandom::new(); let signature = key_pair.sign(&rng, data)?; // Signature data as buffer. @@ -388,7 +388,9 @@ pub async fn op_crypto_verify_key( let public_key_bytes = match args.key.r#type { KeyType::Private => { - private_key = EcdsaKeyPair::from_pkcs8(signing_alg, &args.key.data)?; + let rng = RingRand::SystemRandom::new(); + private_key = + EcdsaKeyPair::from_pkcs8(signing_alg, &args.key.data, &rng)?; private_key.public_key().as_ref() } diff --git a/ext/node/ops/crypto/mod.rs b/ext/node/ops/crypto/mod.rs index 372f7dcb50..bf7a99ba04 100644 --- a/ext/node/ops/crypto/mod.rs +++ b/ext/node/ops/crypto/mod.rs @@ -715,7 +715,7 @@ fn ec_generate( let pkcs8 = EcdsaKeyPair::generate_pkcs8(curve, &rng) .map_err(|_| type_error("Failed to generate EC key"))?; - let public_key = EcdsaKeyPair::from_pkcs8(curve, pkcs8.as_ref()) + let public_key = EcdsaKeyPair::from_pkcs8(curve, pkcs8.as_ref(), &rng) .map_err(|_| type_error("Failed to generate EC key"))? .public_key() .as_ref()