foster/denoland-deno
1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-11-24 15:19:26 -05:00
Code Issues Packages 1 Wiki Activity

chore(ext/crypto): upgrade to ring 0.17 (#20824)

Browse source 
Ref https://github.com/denoland/deno/issues/18071
This commit is contained in:
Divy Srivastava 2023-10-27 14:15:09 -07:00 committed by GitHub
parent 6e2abb2b13
commit 4c6b986f17
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 40 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

45
Cargo.lock generated
View file

@ -1161,9 +1161,9 @@ dependencies = [
[[package]] [[package]]
name = "deno_cache_dir" name = "deno_cache_dir"
version = "0.6.0" version = "0.6.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "026d622a8251c427bdb506798b003926b059640a247d524e1f773751cce9f0bf" checksum = "2bbb245d9a3719b5eb2b5195aaaa25108c3c93d1762b181a20fb1af1c7703eaf"
dependencies = [ dependencies = [
"anyhow", "anyhow",
"deno_media_type", "deno_media_type",
@ -1469,9 +1469,9 @@ dependencies = [
[[package]] [[package]]
name = "deno_lockfile" name = "deno_lockfile"
version = "0.17.1" version = "0.17.2"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c7673d66847223bd4115075a96b0699da71b1755524aeb3956f0a3edf3af3217" checksum = "8cd29f62e6dec60e585f579df3e9c2fc562aadf881319152974bc442a9042077"
dependencies = [ dependencies = [
"ring", "ring",
"serde", "serde",
@ -3120,7 +3120,7 @@ version = "1.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
dependencies = [ dependencies = [
"spin", "spin 0.5.2",
] ]
[[package]] [[package]]
@ -4384,17 +4384,16 @@ dependencies = [
[[package]] [[package]]
name = "ring" name = "ring"
version = "0.16.20" version = "0.17.2"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc" checksum = "911b295d2d302948838c8ac142da1ee09fa7863163b44e6715bc9357905878b8"
dependencies = [ dependencies = [
"cc", "cc",
"getrandom 0.2.10",
"libc", "libc",
"once_cell", "spin 0.9.8",
"spin",
"untrusted", "untrusted",
"web-sys", "windows-sys",
"winapi",
] ]
[[package]] [[package]]
@ -4495,9 +4494,9 @@ dependencies = [
[[package]] [[package]]
name = "rustls" name = "rustls"
version = "0.21.7" version = "0.21.8"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cd8d6c9f025a446bc4d18ad9632e69aec8f287aa84499ee335599fabd20c3fd8" checksum = "446e14c5cda4f3f30fe71863c34ec70f5ac79d6087097ad0bb433e1be5edf04c"
dependencies = [ dependencies = [
"log", "log",
"ring", "ring",
@ -4528,9 +4527,9 @@ dependencies = [
[[package]] [[package]]
name = "rustls-webpki" name = "rustls-webpki"
version = "0.101.6" version = "0.101.7"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3c7d5dece342910d9ba34d259310cae3e0154b873b35408b787b59bce53d34fe" checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765"
dependencies = [ dependencies = [
"ring", "ring",
"untrusted", "untrusted",
@ -4640,9 +4639,9 @@ dependencies = [
[[package]] [[package]]
name = "sct" name = "sct"
version = "0.7.0" version = "0.7.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d53dcdb7c9f8158937a7981b48accfd39a43af418591a5d008c7b22b5e1b7ca4" checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414"
dependencies = [ dependencies = [
"ring", "ring",
"untrusted", "untrusted",
@ -4993,6 +4992,12 @@ version = "0.5.2"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"
[[package]]
name = "spin"
version = "0.9.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67"
[[package]] [[package]]
name = "spki" name = "spki"
version = "0.6.0" version = "0.6.0"
@ -6104,7 +6109,7 @@ version = "1.6.3"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "97fee6b57c6a41524a810daee9286c02d7752c4253064d0b05472833a438f675" checksum = "97fee6b57c6a41524a810daee9286c02d7752c4253064d0b05472833a438f675"
dependencies = [ dependencies = [
"cfg-if 1.0.0", "cfg-if 0.1.10",
"rand 0.8.5", "rand 0.8.5",
"static_assertions", "static_assertions",
] ]
@ -6234,9 +6239,9 @@ dependencies = [
[[package]] [[package]]
name = "untrusted" name = "untrusted"
version = "0.7.1" version = "0.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1"
[[package]] [[package]]
name = "url" name = "url"

6
Cargo.toml
View file

@ -45,7 +45,7 @@ deno_runtime = { version = "0.129.0", path = "./runtime" }
napi_sym = { version = "0.51.0", path = "./cli/napi/sym" } napi_sym = { version = "0.51.0", path = "./cli/napi/sym" }
deno_bench_util = { version = "0.115.0", path = "./bench_util" } deno_bench_util = { version = "0.115.0", path = "./bench_util" }
test_util = { path = "./test_util" } test_util = { path = "./test_util" }
deno_lockfile = "0.17.1" deno_lockfile = "0.17.2"
deno_media_type = { version = "0.1.1", features = ["module_specifier"] } deno_media_type = { version = "0.1.1", features = ["module_specifier"] }
# exts # exts
@ -118,9 +118,9 @@ rand = "=0.8.5"
regex = "^1.7.0" regex = "^1.7.0"
lazy-regex = "3" lazy-regex = "3"
reqwest = { version = "0.11.20", default-features = false, features = ["rustls-tls", "stream", "gzip", "brotli", "socks", "json"] } reqwest = { version = "0.11.20", default-features = false, features = ["rustls-tls", "stream", "gzip", "brotli", "socks", "json"] }
ring = "=0.16.20" ring = "^0.17.0"
rusqlite = { version = "=0.29.0", features = ["unlock_notify", "bundled"] } rusqlite = { version = "=0.29.0", features = ["unlock_notify", "bundled"] }
rustls = "0.21.0" rustls = "0.21.8"
rustls-pemfile = "1.0.0" rustls-pemfile = "1.0.0"
rustls-webpki = "0.101.4" rustls-webpki = "0.101.4"
rustls-native-certs = "0.6.2" rustls-native-certs = "0.6.2"

2
cli/Cargo.toml
View file

@ -46,7 +46,7 @@ winres.workspace = true
[dependencies] [dependencies]
deno_ast = { workspace = true, features = ["bundler", "cjs", "codegen", "dep_graph", "module_specifier", "proposal", "react", "sourcemap", "transforms", "typescript", "view", "visit"] } deno_ast = { workspace = true, features = ["bundler", "cjs", "codegen", "dep_graph", "module_specifier", "proposal", "react", "sourcemap", "transforms", "typescript", "view", "visit"] }
deno_cache_dir = "=0.6.0" deno_cache_dir = "=0.6.1"
deno_config = "=0.4.0" deno_config = "=0.4.0"
deno_core = { workspace = true, features = ["include_js_files_for_snapshotting"] } deno_core = { workspace = true, features = ["include_js_files_for_snapshotting"] }
deno_doc = "=0.70.0" deno_doc = "=0.70.0"

2
ext/crypto/generate_key.rs
View file

@ -136,7 +136,7 @@ fn generate_key_hmac(
length length
} else { } else {
hash.digest_algorithm().block_len hash.digest_algorithm().block_len()
}; };
let rng = ring::rand::SystemRandom::new(); let rng = ring::rand::SystemRandom::new();

5
ext/crypto/import_key.rs
View file

@ -556,10 +556,12 @@ fn import_key_ec_jwk(
} }
}; };
let rng = ring::rand::SystemRandom::new();
let _key_pair = EcdsaKeyPair::from_private_key_and_public_key( let _key_pair = EcdsaKeyPair::from_private_key_and_public_key(
key_alg, key_alg,
private_d.as_bytes(), private_d.as_bytes(),
point_bytes.as_ref(), point_bytes.as_ref(),
&rng,
); );
Ok(ImportKeyResult::Ec { Ok(ImportKeyResult::Ec {
@ -658,8 +660,9 @@ fn import_key_ec(
} }
}; };
let rng = ring::rand::SystemRandom::new();
// deserialize pkcs8 using ring crate, to VALIDATE public key // deserialize pkcs8 using ring crate, to VALIDATE public key
let _private_key = EcdsaKeyPair::from_pkcs8(signing_alg, &data)?; let _private_key = EcdsaKeyPair::from_pkcs8(signing_alg, &data, &rng)?;
// 11. // 11.
if named_curve != pk_named_curve { if named_curve != pk_named_curve {

8
ext/crypto/lib.rs
View file

@ -266,7 +266,8 @@ pub async fn op_crypto_sign_key(
let curve: &EcdsaSigningAlgorithm = let curve: &EcdsaSigningAlgorithm =
args.named_curve.ok_or_else(not_supported)?.try_into()?; args.named_curve.ok_or_else(not_supported)?.try_into()?;
let key_pair = EcdsaKeyPair::from_pkcs8(curve, &args.key.data)?; let rng = RingRand::SystemRandom::new();
let key_pair = EcdsaKeyPair::from_pkcs8(curve, &args.key.data, &rng)?;
// We only support P256-SHA256 & P384-SHA384. These are recommended signature pairs. // We only support P256-SHA256 & P384-SHA384. These are recommended signature pairs.
// https://briansmith.org/rustdoc/ring/signature/index.html#statics // https://briansmith.org/rustdoc/ring/signature/index.html#statics
if let Some(hash) = args.hash { if let Some(hash) = args.hash {
@ -276,7 +277,6 @@ pub async fn op_crypto_sign_key(
} }
}; };
let rng = RingRand::SystemRandom::new();
let signature = key_pair.sign(&rng, data)?; let signature = key_pair.sign(&rng, data)?;
// Signature data as buffer. // Signature data as buffer.
@ -388,7 +388,9 @@ pub async fn op_crypto_verify_key(
let public_key_bytes = match args.key.r#type { let public_key_bytes = match args.key.r#type {
KeyType::Private => { KeyType::Private => {
private_key = EcdsaKeyPair::from_pkcs8(signing_alg, &args.key.data)?; let rng = RingRand::SystemRandom::new();
private_key =
EcdsaKeyPair::from_pkcs8(signing_alg, &args.key.data, &rng)?;
private_key.public_key().as_ref() private_key.public_key().as_ref()
} }

2
ext/node/ops/crypto/mod.rs
View file

@ -715,7 +715,7 @@ fn ec_generate(
let pkcs8 = EcdsaKeyPair::generate_pkcs8(curve, &rng) let pkcs8 = EcdsaKeyPair::generate_pkcs8(curve, &rng)
.map_err(|_| type_error("Failed to generate EC key"))?; .map_err(|_| type_error("Failed to generate EC key"))?;
let public_key = EcdsaKeyPair::from_pkcs8(curve, pkcs8.as_ref()) let public_key = EcdsaKeyPair::from_pkcs8(curve, pkcs8.as_ref(), &rng)
.map_err(|_| type_error("Failed to generate EC key"))? .map_err(|_| type_error("Failed to generate EC key"))?
.public_key() .public_key()
.as_ref() .as_ref()