chore(ext/crypto): upgrade to ring 0.17 (#20824)

Ref https://github.com/denoland/deno/issues/18071
author: Divy Srivastava <dj.srivastava23@gmail.com> 2023-10-27 14:15:09 -0700
committer: GitHub <noreply@github.com> 2023-10-27 23:15:09 +0200
commit: 4c6b986f17ff482052793c821d2901699ddc0804 (patch)
tree: 9fbbc7a1d95223f3fa9951e1e7b78b544b4c61eb
parent: 6e2abb2b13af5dff5d631fb1bc0c279c49ebd066 (diff)
7 files changed, 40 insertions, 30 deletions
diff --git a/Cargo.lock b/Cargo.lock
index 1fcfb8b9b..758901184 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1161,9 +1161,9 @@ dependencies = [
 
 [[package]]
 name = "deno_cache_dir"
-version = "0.6.0"
+version = "0.6.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "026d622a8251c427bdb506798b003926b059640a247d524e1f773751cce9f0bf"
+checksum = "2bbb245d9a3719b5eb2b5195aaaa25108c3c93d1762b181a20fb1af1c7703eaf"
 dependencies = [
  "anyhow",
  "deno_media_type",
@@ -1469,9 +1469,9 @@ dependencies = [
 
 [[package]]
 name = "deno_lockfile"
-version = "0.17.1"
+version = "0.17.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c7673d66847223bd4115075a96b0699da71b1755524aeb3956f0a3edf3af3217"
+checksum = "8cd29f62e6dec60e585f579df3e9c2fc562aadf881319152974bc442a9042077"
 dependencies = [
  "ring",
  "serde",
@@ -3120,7 +3120,7 @@ version = "1.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
 dependencies = [
- "spin",
+ "spin 0.5.2",
 ]
 
 [[package]]
@@ -4384,17 +4384,16 @@ dependencies = [
 
 [[package]]
 name = "ring"
-version = "0.16.20"
+version = "0.17.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc"
+checksum = "911b295d2d302948838c8ac142da1ee09fa7863163b44e6715bc9357905878b8"
 dependencies = [
  "cc",
+ "getrandom 0.2.10",
  "libc",
- "once_cell",
- "spin",
+ "spin 0.9.8",
  "untrusted",
- "web-sys",
- "winapi",
+ "windows-sys",
 ]
 
 [[package]]
@@ -4495,9 +4494,9 @@ dependencies = [
 
 [[package]]
 name = "rustls"
-version = "0.21.7"
+version = "0.21.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cd8d6c9f025a446bc4d18ad9632e69aec8f287aa84499ee335599fabd20c3fd8"
+checksum = "446e14c5cda4f3f30fe71863c34ec70f5ac79d6087097ad0bb433e1be5edf04c"
 dependencies = [
  "log",
  "ring",
@@ -4528,9 +4527,9 @@ dependencies = [
 
 [[package]]
 name = "rustls-webpki"
-version = "0.101.6"
+version = "0.101.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3c7d5dece342910d9ba34d259310cae3e0154b873b35408b787b59bce53d34fe"
+checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765"
 dependencies = [
  "ring",
  "untrusted",
@@ -4640,9 +4639,9 @@ dependencies = [
 
 [[package]]
 name = "sct"
-version = "0.7.0"
+version = "0.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d53dcdb7c9f8158937a7981b48accfd39a43af418591a5d008c7b22b5e1b7ca4"
+checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414"
 dependencies = [
  "ring",
  "untrusted",
@@ -4994,6 +4993,12 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"
 
 [[package]]
+name = "spin"
+version = "0.9.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67"
+
+[[package]]
 name = "spki"
 version = "0.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -6104,7 +6109,7 @@ version = "1.6.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "97fee6b57c6a41524a810daee9286c02d7752c4253064d0b05472833a438f675"
 dependencies = [
- "cfg-if 1.0.0",
+ "cfg-if 0.1.10",
  "rand 0.8.5",
  "static_assertions",
 ]
@@ -6234,9 +6239,9 @@ dependencies = [
 
 [[package]]
 name = "untrusted"
-version = "0.7.1"
+version = "0.9.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a"
+checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1"
 
 [[package]]
 name = "url"
diff --git a/Cargo.toml b/Cargo.toml
index 81e0f388c..77f229e04 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -45,7 +45,7 @@ deno_runtime = { version = "0.129.0", path = "./runtime" }
 napi_sym = { version = "0.51.0", path = "./cli/napi/sym" }
 deno_bench_util = { version = "0.115.0", path = "./bench_util" }
 test_util = { path = "./test_util" }
-deno_lockfile = "0.17.1"
+deno_lockfile = "0.17.2"
 deno_media_type = { version = "0.1.1", features = ["module_specifier"] }
 
 # exts
@@ -118,9 +118,9 @@ rand = "=0.8.5"
 regex = "^1.7.0"
 lazy-regex = "3"
 reqwest = { version = "0.11.20", default-features = false, features = ["rustls-tls", "stream", "gzip", "brotli", "socks", "json"] }
-ring = "=0.16.20"
+ring = "^0.17.0"
 rusqlite = { version = "=0.29.0", features = ["unlock_notify", "bundled"] }
-rustls = "0.21.0"
+rustls = "0.21.8"
 rustls-pemfile = "1.0.0"
 rustls-webpki = "0.101.4"
 rustls-native-certs = "0.6.2"
diff --git a/cli/Cargo.toml b/cli/Cargo.toml
index b6547c2b3..5f5406254 100644
--- a/cli/Cargo.toml
+++ b/cli/Cargo.toml
@@ -46,7 +46,7 @@ winres.workspace = true
 
 [dependencies]
 deno_ast = { workspace = true, features = ["bundler", "cjs", "codegen", "dep_graph", "module_specifier", "proposal", "react", "sourcemap", "transforms", "typescript", "view", "visit"] }
-deno_cache_dir = "=0.6.0"
+deno_cache_dir = "=0.6.1"
 deno_config = "=0.4.0"
 deno_core = { workspace = true, features = ["include_js_files_for_snapshotting"] }
 deno_doc = "=0.70.0"
diff --git a/ext/crypto/generate_key.rs b/ext/crypto/generate_key.rs
index abe7ef1ee..bda3d3226 100644
--- a/ext/crypto/generate_key.rs
+++ b/ext/crypto/generate_key.rs
@@ -136,7 +136,7 @@ fn generate_key_hmac(
 
     length
   } else {
-    hash.digest_algorithm().block_len
+    hash.digest_algorithm().block_len()
   };
 
   let rng = ring::rand::SystemRandom::new();
diff --git a/ext/crypto/import_key.rs b/ext/crypto/import_key.rs
index 0a864d68c..8ef73a8c4 100644
--- a/ext/crypto/import_key.rs
+++ b/ext/crypto/import_key.rs
@@ -556,10 +556,12 @@ fn import_key_ec_jwk(
         }
       };
 
+      let rng = ring::rand::SystemRandom::new();
       let _key_pair = EcdsaKeyPair::from_private_key_and_public_key(
         key_alg,
         private_d.as_bytes(),
         point_bytes.as_ref(),
+        &rng,
       );
 
       Ok(ImportKeyResult::Ec {
@@ -658,8 +660,9 @@ fn import_key_ec(
           }
         };
 
+        let rng = ring::rand::SystemRandom::new();
         // deserialize pkcs8 using ring crate, to VALIDATE public key
-        let _private_key = EcdsaKeyPair::from_pkcs8(signing_alg, &data)?;
+        let _private_key = EcdsaKeyPair::from_pkcs8(signing_alg, &data, &rng)?;
 
         // 11.
         if named_curve != pk_named_curve {
diff --git a/ext/crypto/lib.rs b/ext/crypto/lib.rs
index 3be6bcc3d..87b9702ce 100644
--- a/ext/crypto/lib.rs
+++ b/ext/crypto/lib.rs
@@ -266,7 +266,8 @@ pub async fn op_crypto_sign_key(
       let curve: &EcdsaSigningAlgorithm =
         args.named_curve.ok_or_else(not_supported)?.try_into()?;
 
-      let key_pair = EcdsaKeyPair::from_pkcs8(curve, &args.key.data)?;
+      let rng = RingRand::SystemRandom::new();
+      let key_pair = EcdsaKeyPair::from_pkcs8(curve, &args.key.data, &rng)?;
       // We only support P256-SHA256 & P384-SHA384. These are recommended signature pairs.
       // https://briansmith.org/rustdoc/ring/signature/index.html#statics
       if let Some(hash) = args.hash {
@@ -276,7 +277,6 @@ pub async fn op_crypto_sign_key(
         }
       };
 
-      let rng = RingRand::SystemRandom::new();
       let signature = key_pair.sign(&rng, data)?;
 
       // Signature data as buffer.
@@ -388,7 +388,9 @@ pub async fn op_crypto_verify_key(
 
       let public_key_bytes = match args.key.r#type {
         KeyType::Private => {
-          private_key = EcdsaKeyPair::from_pkcs8(signing_alg, &args.key.data)?;
+          let rng = RingRand::SystemRandom::new();
+          private_key =
+            EcdsaKeyPair::from_pkcs8(signing_alg, &args.key.data, &rng)?;
 
           private_key.public_key().as_ref()
         }
diff --git a/ext/node/ops/crypto/mod.rs b/ext/node/ops/crypto/mod.rs
index 372f7dcb5..bf7a99ba0 100644
--- a/ext/node/ops/crypto/mod.rs
+++ b/ext/node/ops/crypto/mod.rs
@@ -715,7 +715,7 @@ fn ec_generate(
   let pkcs8 = EcdsaKeyPair::generate_pkcs8(curve, &rng)
     .map_err(|_| type_error("Failed to generate EC key"))?;
 
-  let public_key = EcdsaKeyPair::from_pkcs8(curve, pkcs8.as_ref())
+  let public_key = EcdsaKeyPair::from_pkcs8(curve, pkcs8.as_ref(), &rng)
     .map_err(|_| type_error("Failed to generate EC key"))?
     .public_key()
     .as_ref()
author	Divy Srivastava <dj.srivastava23@gmail.com>	2023-10-27 14:15:09 -0700
committer	GitHub <noreply@github.com>	2023-10-27 23:15:09 +0200
commit	4c6b986f17ff482052793c821d2901699ddc0804 (patch)
tree	9fbbc7a1d95223f3fa9951e1e7b78b544b4c61eb
parent	6e2abb2b13af5dff5d631fb1bc0c279c49ebd066 (diff)