upgrade to ring 0.17

rustls · Oct 10, 2023 · 291e91a · 291e91a
1 parent fee2fe2
commit 291e91a
Show file tree

Hide file tree

Showing 10 changed files with 26 additions and 24 deletions.
diff --git a/README.md b/README.md
@@ -86,12 +86,14 @@ need them.
 While Rustls itself is platform independent it uses
 [`ring`](https://crates.io/crates/ring) for implementing the cryptography in
 TLS. As a result, rustls only runs on platforms
-supported by `ring`. At the time of writing this means x86, x86-64, armv7, and
-aarch64. For more information see [the supported `ring` CI
-targets](https://github.com/briansmith/ring/blob/9cc0d45f4d8521f467bb3a621e74b1535e118188/.github/workflows/ci.yml#L151-L167).
+supported by `ring`. At the time of writing this means x86, x86-64, aarch64,
+armv7, powerpc64le, riscv64gc and s390x. For more information, see [the
+supported `ring` CI targets][ring-ci-targets].
 
 Rustls requires Rust 1.61 or later.
 
+[ring-ci-targets]: https://github.com/briansmith/ring/blob/d34858a918b04127d085cdbc20325263bf8fdd36/.github/workflows/ci.yml#L171-L190
+
 # Example code
 There are two example programs which use
 [mio](https://github.com/carllerche/mio) to do asynchronous IO.

diff --git a/connect-tests/Cargo.toml b/connect-tests/Cargo.toml
@@ -19,4 +19,4 @@ rustls = { path = "../rustls", features = [ "logging" ]}
 
 [dev-dependencies]
 regex = "1.0"
-ring = "0.16.20"
+ring = "0.17"
diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml
@@ -17,7 +17,7 @@ rustversion = { version = "1.0.6", optional = true }
 
 [dependencies]
 log = { version = "0.4.4", optional = true }
-ring = "0.16.20"
+ring = "0.17"
 sct = "0.7.0"
 webpki = { package = "rustls-webpki", version = "0.101.7", features = ["alloc", "std"] }
 

diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs
@@ -148,7 +148,7 @@ pub(super) fn handle_server_hello(
     };
 
     let key_schedule = our_key_share.complete(&their_key_share.payload.0, |secret| {
-        Ok(key_schedule_pre_handshake.into_handshake(secret))
+        key_schedule_pre_handshake.into_handshake(secret)
     })?;
 
     // Remember what KX group the server liked for next time.
@@ -277,7 +277,7 @@ pub(super) fn prepare_resumption(
 
     let binder_len = resuming_suite
         .hash_algorithm()
-        .output_len;
+        .output_len();
     let binder = vec![0u8; binder_len];
 
     let psk_identity =

diff --git a/rustls/src/kx.rs b/rustls/src/kx.rs
@@ -49,14 +49,10 @@ impl KeyExchange {
     ///
     /// The shared secret is passed into the closure passed down in `f`, and the result of calling
     /// `f` is returned to the caller.
-    pub(crate) fn complete<T>(
-        self,
-        peer: &[u8],
-        f: impl FnOnce(&[u8]) -> Result<T, ()>,
-    ) -> Result<T, Error> {
+    pub(crate) fn complete<T>(self, peer: &[u8], f: impl FnOnce(&[u8]) -> T) -> Result<T, Error> {
         let peer_key = ring::agreement::UnparsedPublicKey::new(self.skxg.agreement_algorithm, peer);
-        ring::agreement::agree_ephemeral(self.privkey, &peer_key, (), f)
-            .map_err(|()| PeerMisbehaved::InvalidKeyShare.into())
+        ring::agreement::agree_ephemeral(self.privkey, &peer_key, f)
+            .map_err(|_| PeerMisbehaved::InvalidKeyShare.into())
     }
 }
 

diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs
@@ -59,12 +59,14 @@
 //! While Rustls itself is platform independent it uses
 //! [`ring`](https://crates.io/crates/ring) for implementing the cryptography in
 //! TLS. As a result, rustls only runs on platforms
-//! supported by `ring`. At the time of writing this means x86, x86-64, armv7, and
-//! aarch64. For more information see [the supported `ring` CI
-//! targets](https://github.com/briansmith/ring/blob/9cc0d45f4d8521f467bb3a621e74b1535e118188/.github/workflows/ci.yml#L151-L167).
+//! supported by `ring`. At the time of writing this means x86, x86-64, aarch64,
+//! armv7, powerpc64le, riscv64gc and s390x. For more information, see [the
+//! supported `ring` CI targets][ring-ci-targets].
 //!
 //! Rustls requires Rust 1.61 or later.
 //!
+//! [ring-ci-targets]: https://github.com/briansmith/ring/blob/d34858a918b04127d085cdbc20325263bf8fdd36/.github/workflows/ci.yml#L171-L190
+//!
 //! ## Design Overview
 //! ### Rustls does not take care of network IO
 //! It doesn't make or accept TCP connections, or do DNS, or read or write files.

diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs
@@ -543,7 +543,7 @@ mod client_hello {
 
         // Do key exchange
         let key_schedule = kx.complete(&share.payload.0, |secret| {
-            Ok(key_schedule_pre_handshake.into_handshake(secret))
+            key_schedule_pre_handshake.into_handshake(secret)
         })?;
 
         let handshake_hash = transcript.get_current_hash();

diff --git a/rustls/src/sign.rs b/rustls/src/sign.rs
@@ -4,6 +4,7 @@ use crate::key;
 use crate::x509::{wrap_in_asn1_len, wrap_in_sequence};
 
 use ring::io::der;
+use ring::rand::{SecureRandom, SystemRandom};
 use ring::signature::{self, EcdsaKeyPair, Ed25519KeyPair, RsaKeyPair};
 
 use std::error::Error as StdError;
@@ -188,7 +189,7 @@ impl RsaSigner {
 
 impl Signer for RsaSigner {
     fn sign(&self, message: &[u8]) -> Result<Vec<u8>, Error> {
-        let mut sig = vec![0; self.key.public_modulus_len()];
+        let mut sig = vec![0; self.key.public().modulus_len()];
 
         let rng = ring::rand::SystemRandom::new();
         self.key
@@ -227,9 +228,10 @@ impl EcdsaSigningKey {
         scheme: SignatureScheme,
         sigalg: &'static signature::EcdsaSigningAlgorithm,
     ) -> Result<Self, ()> {
-        EcdsaKeyPair::from_pkcs8(sigalg, &der.0)
+        let rng = SystemRandom::new();
+        EcdsaKeyPair::from_pkcs8(sigalg, &der.0, &rng)
             .map_err(|_| ())
-            .or_else(|_| Self::convert_sec1_to_pkcs8(scheme, sigalg, &der.0))
+            .or_else(|_| Self::convert_sec1_to_pkcs8(scheme, sigalg, &der.0, &rng))
             .map(|kp| Self {
                 key: Arc::new(kp),
                 scheme,
@@ -243,6 +245,7 @@ impl EcdsaSigningKey {
         scheme: SignatureScheme,
         sigalg: &'static signature::EcdsaSigningAlgorithm,
         maybe_sec1_der: &[u8],
+        rng: &dyn SecureRandom,
     ) -> Result<EcdsaKeyPair, ()> {
         let pkcs8_prefix = match scheme {
             SignatureScheme::ECDSA_NISTP256_SHA256 => &PKCS8_PREFIX_ECDSA_NISTP256,
@@ -261,7 +264,7 @@ impl EcdsaSigningKey {
         pkcs8.extend_from_slice(&sec1_wrap);
         wrap_in_sequence(&mut pkcs8);
 
-        EcdsaKeyPair::from_pkcs8(sigalg, &pkcs8).map_err(|_| ())
+        EcdsaKeyPair::from_pkcs8(sigalg, &pkcs8, rng).map_err(|_| ())
     }
 }
 

diff --git a/rustls/src/tls12/mod.rs b/rustls/src/tls12/mod.rs
@@ -234,7 +234,6 @@ impl ConnectionSecrets {
                 label.as_bytes(),
                 seed.as_ref(),
             );
-            Ok(())
         })?;
 
         Ok(ret)

diff --git a/rustls/src/tls12/prf.rs b/rustls/src/tls12/prf.rs
@@ -12,7 +12,7 @@ fn p(out: &mut [u8], alg: hmac::Algorithm, secret: &[u8], seed: &[u8]) {
 
     // A(1)
     let mut current_a = hmac::sign(&hmac_key, seed);
-    let chunk_size = alg.digest_algorithm().output_len;
+    let chunk_size = alg.digest_algorithm().output_len();
     for chunk in out.chunks_mut(chunk_size) {
         // P_hash[i] = HMAC_hash(secret, A(i) + seed)
         let p_term = concat_sign(&hmac_key, current_a.as_ref(), seed);