diff options
Diffstat (limited to 'ext')
| -rw-r--r-- | ext/crypto/generate_key.rs | 2 | ||||
| -rw-r--r-- | ext/crypto/import_key.rs | 5 | ||||
| -rw-r--r-- | ext/crypto/lib.rs | 8 | ||||
| -rw-r--r-- | ext/node/ops/crypto/mod.rs | 2 |
4 files changed, 11 insertions, 6 deletions
diff --git a/ext/crypto/generate_key.rs b/ext/crypto/generate_key.rs index abe7ef1ee..bda3d3226 100644 --- a/ext/crypto/generate_key.rs +++ b/ext/crypto/generate_key.rs @@ -136,7 +136,7 @@ fn generate_key_hmac( length } else { - hash.digest_algorithm().block_len + hash.digest_algorithm().block_len() }; let rng = ring::rand::SystemRandom::new(); diff --git a/ext/crypto/import_key.rs b/ext/crypto/import_key.rs index 0a864d68c..8ef73a8c4 100644 --- a/ext/crypto/import_key.rs +++ b/ext/crypto/import_key.rs @@ -556,10 +556,12 @@ fn import_key_ec_jwk( } }; + let rng = ring::rand::SystemRandom::new(); let _key_pair = EcdsaKeyPair::from_private_key_and_public_key( key_alg, private_d.as_bytes(), point_bytes.as_ref(), + &rng, ); Ok(ImportKeyResult::Ec { @@ -658,8 +660,9 @@ fn import_key_ec( } }; + let rng = ring::rand::SystemRandom::new(); // deserialize pkcs8 using ring crate, to VALIDATE public key - let _private_key = EcdsaKeyPair::from_pkcs8(signing_alg, &data)?; + let _private_key = EcdsaKeyPair::from_pkcs8(signing_alg, &data, &rng)?; // 11. if named_curve != pk_named_curve { diff --git a/ext/crypto/lib.rs b/ext/crypto/lib.rs index 3be6bcc3d..87b9702ce 100644 --- a/ext/crypto/lib.rs +++ b/ext/crypto/lib.rs @@ -266,7 +266,8 @@ pub async fn op_crypto_sign_key( let curve: &EcdsaSigningAlgorithm = args.named_curve.ok_or_else(not_supported)?.try_into()?; - let key_pair = EcdsaKeyPair::from_pkcs8(curve, &args.key.data)?; + let rng = RingRand::SystemRandom::new(); + let key_pair = EcdsaKeyPair::from_pkcs8(curve, &args.key.data, &rng)?; // We only support P256-SHA256 & P384-SHA384. These are recommended signature pairs. // https://briansmith.org/rustdoc/ring/signature/index.html#statics if let Some(hash) = args.hash { @@ -276,7 +277,6 @@ pub async fn op_crypto_sign_key( } }; - let rng = RingRand::SystemRandom::new(); let signature = key_pair.sign(&rng, data)?; // Signature data as buffer. @@ -388,7 +388,9 @@ pub async fn op_crypto_verify_key( let public_key_bytes = match args.key.r#type { KeyType::Private => { - private_key = EcdsaKeyPair::from_pkcs8(signing_alg, &args.key.data)?; + let rng = RingRand::SystemRandom::new(); + private_key = + EcdsaKeyPair::from_pkcs8(signing_alg, &args.key.data, &rng)?; private_key.public_key().as_ref() } diff --git a/ext/node/ops/crypto/mod.rs b/ext/node/ops/crypto/mod.rs index 372f7dcb5..bf7a99ba0 100644 --- a/ext/node/ops/crypto/mod.rs +++ b/ext/node/ops/crypto/mod.rs @@ -715,7 +715,7 @@ fn ec_generate( let pkcs8 = EcdsaKeyPair::generate_pkcs8(curve, &rng) .map_err(|_| type_error("Failed to generate EC key"))?; - let public_key = EcdsaKeyPair::from_pkcs8(curve, pkcs8.as_ref()) + let public_key = EcdsaKeyPair::from_pkcs8(curve, pkcs8.as_ref(), &rng) .map_err(|_| type_error("Failed to generate EC key"))? .public_key() .as_ref() |