Upgrade to ring 0.17 (#335)

* Upgrade to latest `ring` version

* Fix deprecation warnings

* Temporarily pin `ring` version

* Fix warning

* Remove duplicated code

* Bump ring to 0.17

* Fix formatting

Author: thomaseizinger

dtls/Cargo.toml

@@ -32,7 +32,7 @@ x25519-dalek = { version = "2", features = ["static_secrets"] }
 x509-parser = "0.15"
 der-parser = "8.1"
 rcgen = "0.11"
-ring = "0.16.19"
+ring = "0.17"
 rustls = { version = "0.21", features = ["dangerous_configuration"]}
 bincode = "1"
 serde = { version = "1", features = ["derive"] }

dtls/src/crypto/crypto_test.rs

@@ -89,7 +89,8 @@ fn test_generate_key_signature() -> Result<()> {
         NamedCurve::X25519,
         &CryptoPrivateKey {
             kind: CryptoPrivateKeyKind::Rsa256(
-                RsaKeyPair::from_der(&pem.contents).map_err(|e| Error::Other(e.to_string()))?,
+                ring::rsa::KeyPair::from_der(&pem.contents)
+                    .map_err(|e| Error::Other(e.to_string()))?,
             ),
             serialized_der: pem.contents.clone(),
         }, //hashAlgorithmSHA256,

dtls/src/crypto/mod.rs

@@ -12,7 +12,7 @@ use der_parser::oid;
 use der_parser::oid::Oid;
 use rcgen::KeyPair;
 use ring::rand::SystemRandom;
-use ring::signature::{EcdsaKeyPair, Ed25519KeyPair, RsaKeyPair};
+use ring::signature::{EcdsaKeyPair, Ed25519KeyPair};
 
 use crate::curve::named_curve::*;
 use crate::error::*;
@@ -139,7 +139,7 @@ pub(crate) fn value_key_message(
 pub enum CryptoPrivateKeyKind {
     Ed25519(Ed25519KeyPair),
     Ecdsa256(EcdsaKeyPair),
-    Rsa256(RsaKeyPair),
+    Rsa256(ring::rsa::KeyPair),
 }
 
 /// Private key.
@@ -187,14 +187,15 @@ impl Clone for CryptoPrivateKey {
                     EcdsaKeyPair::from_pkcs8(
                         &ring::signature::ECDSA_P256_SHA256_ASN1_SIGNING,
                         &self.serialized_der,
+                        &SystemRandom::new(),
                     )
                     .unwrap(),
                 ),
                 serialized_der: self.serialized_der.clone(),
             },
             CryptoPrivateKeyKind::Rsa256(_) => CryptoPrivateKey {
                 kind: CryptoPrivateKeyKind::Rsa256(
-                    RsaKeyPair::from_pkcs8(&self.serialized_der).unwrap(),
+                    ring::rsa::KeyPair::from_pkcs8(&self.serialized_der).unwrap(),
                 ),
                 serialized_der: self.serialized_der.clone(),
             },
@@ -206,37 +207,7 @@ impl TryFrom<&KeyPair> for CryptoPrivateKey {
     type Error = Error;
 
     fn try_from(key_pair: &KeyPair) -> Result<Self> {
-        let serialized_der = key_pair.serialize_der();
-        if key_pair.is_compatible(&rcgen::PKCS_ED25519) {
-            Ok(CryptoPrivateKey {
-                kind: CryptoPrivateKeyKind::Ed25519(
-                    Ed25519KeyPair::from_pkcs8(&serialized_der)
-                        .map_err(|e| Error::Other(e.to_string()))?,
-                ),
-                serialized_der,
-            })
-        } else if key_pair.is_compatible(&rcgen::PKCS_ECDSA_P256_SHA256) {
-            Ok(CryptoPrivateKey {
-                kind: CryptoPrivateKeyKind::Ecdsa256(
-                    EcdsaKeyPair::from_pkcs8(
-                        &ring::signature::ECDSA_P256_SHA256_ASN1_SIGNING,
-                        &serialized_der,
-                    )
-                    .map_err(|e| Error::Other(e.to_string()))?,
-                ),
-                serialized_der,
-            })
-        } else if key_pair.is_compatible(&rcgen::PKCS_RSA_SHA256) {
-            Ok(CryptoPrivateKey {
-                kind: CryptoPrivateKeyKind::Rsa256(
-                    RsaKeyPair::from_pkcs8(&serialized_der)
-                        .map_err(|e| Error::Other(e.to_string()))?,
-                ),
-                serialized_der,
-            })
-        } else {
-            Err(Error::Other("Unsupported key_pair".to_owned()))
-        }
+        Self::from_key_pair(key_pair)
     }
 }
 
@@ -257,6 +228,7 @@ impl CryptoPrivateKey {
                     EcdsaKeyPair::from_pkcs8(
                         &ring::signature::ECDSA_P256_SHA256_ASN1_SIGNING,
                         &serialized_der,
+                        &SystemRandom::new(),
                     )
                     .map_err(|e| Error::Other(e.to_string()))?,
                 ),
@@ -265,7 +237,7 @@ impl CryptoPrivateKey {
         } else if key_pair.is_compatible(&rcgen::PKCS_RSA_SHA256) {
             Ok(CryptoPrivateKey {
                 kind: CryptoPrivateKeyKind::Rsa256(
-                    RsaKeyPair::from_pkcs8(&serialized_der)
+                    ring::rsa::KeyPair::from_pkcs8(&serialized_der)
                         .map_err(|e| Error::Other(e.to_string()))?,
                 ),
                 serialized_der,
@@ -300,7 +272,7 @@ pub(crate) fn generate_key_signature(
         }
         CryptoPrivateKeyKind::Rsa256(kp) => {
             let system_random = SystemRandom::new();
-            let mut signature = vec![0; kp.public_modulus_len()];
+            let mut signature = vec![0; kp.public().modulus_len()];
             kp.sign(
                 &ring::signature::RSA_PKCS1_SHA256,
                 &system_random,
@@ -422,7 +394,7 @@ pub(crate) fn generate_certificate_verify(
         }
         CryptoPrivateKeyKind::Rsa256(kp) => {
             let system_random = SystemRandom::new();
-            let mut signature = vec![0; kp.public_modulus_len()];
+            let mut signature = vec![0; kp.public().modulus_len()];
             kp.sign(
                 &ring::signature::RSA_PKCS1_SHA256,
                 &system_random,
@@ -537,7 +509,7 @@ mod test {
 
     #[cfg(feature = "pem")]
     #[test]
-    fn test_certificate_serialize_pem_and_from_pem() -> Result<()> {
+    fn test_certificate_serialize_pem_and_from_pem() -> crate::error::Result<()> {
         let cert = Certificate::generate_self_signed(vec!["webrtc.rs".to_owned()])?;
 
         let pem = cert.serialize_pem();

stun/Cargo.toml

@@ -23,7 +23,7 @@ rand = "0.8"
 base64 = "0.21"
 subtle = "2.4"
 crc = "3"
-ring = "0.16"
+ring = "0.17"
 md-5 = "0.10"
 thiserror = "1"
 

turn/Cargo.toml

@@ -19,7 +19,7 @@ async-trait = "0.1"
 log = "0.4"
 base64 = "0.21"
 rand = "0.8"
-ring = "0.16"
+ring = "0.17"
 md-5 = "0.10"
 thiserror = "1"
 

webrtc/Cargo.toml

@@ -41,7 +41,7 @@ smol_str = { version = "0.2", features = ["serde"] }
 url = "2"
 rustls = { version = "0.21", features = ["dangerous_configuration"]}
 rcgen = { version = "0.11", features = ["pem", "x509-parser"]}
-ring = "0.16"
+ring = "0.17"
 sha2 = "0.10"
 lazy_static = "1.4"
 hex = "0.4"

webrtc/src/peer_connection/certificate.rs

@@ -3,7 +3,9 @@ use std::time::{Duration, SystemTime, UNIX_EPOCH};
 
 use dtls::crypto::{CryptoPrivateKey, CryptoPrivateKeyKind};
 use rcgen::{CertificateParams, KeyPair};
-use ring::signature::{EcdsaKeyPair, Ed25519KeyPair, RsaKeyPair};
+use ring::rand::SystemRandom;
+use ring::rsa;
+use ring::signature::{EcdsaKeyPair, Ed25519KeyPair};
 use sha2::{Digest, Sha256};
 
 use crate::dtls_transport::dtls_fingerprint::RTCDtlsFingerprint;
@@ -58,6 +60,7 @@ impl RTCCertificate {
                     EcdsaKeyPair::from_pkcs8(
                         &ring::signature::ECDSA_P256_SHA256_ASN1_SIGNING,
                         &serialized_der,
+                        &SystemRandom::new(),
                     )
                     .map_err(|e| Error::new(e.to_string()))?,
                 ),
@@ -66,7 +69,7 @@ impl RTCCertificate {
         } else if key_pair.is_compatible(&rcgen::PKCS_RSA_SHA256) {
             CryptoPrivateKey {
                 kind: CryptoPrivateKeyKind::Rsa256(
-                    RsaKeyPair::from_pkcs8(&serialized_der)
+                    rsa::KeyPair::from_pkcs8(&serialized_der)
                         .map_err(|e| Error::new(e.to_string()))?,
                 ),
                 serialized_der,