Bump ring from 0.16.20 to 0.17.13#99
Conversation
42d7a69 to
60d6a61
Compare
|
@dependabot rebase |
|
Looks like this PR is already up-to-date with master! If you'd still like to recreate it from scratch, overwriting any edits, you can request |
|
@dependabot recreate |
Bumps [ring](https://github.com/briansmith/ring) from 0.16.20 to 0.17.13. - [Changelog](https://github.com/briansmith/ring/blob/main/RELEASES.md) - [Commits](https://github.com/briansmith/ring/commits) --- updated-dependencies: - dependency-name: ring dependency-version: 0.17.13 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
60d6a61 to
bdea86e
Compare
Updated all the way to 0.17.14 which is the newest release. Updating to at least 0.17.13 is needed for a dependabot security issue. The public interface has changed somewhat so code had to change to match.
brghena
left a comment
There was a problem hiding this comment.
I think this is a relatively straightforward fix. Two "big" changes (the PublickKeyComponent creation and the SystemRandom addition) and a smaller one (public modulus len) that's in several places.
I did NOT test this code. I only ensured that it still compiles with cargo.
| let key_pair = ring::signature::EcdsaKeyPair::from_pkcs8( | ||
| &ring::signature::ECDSA_P256_SHA256_FIXED_SIGNING, | ||
| &private_key_contents, | ||
| &rand::SystemRandom::new(), |
There was a problem hiding this comment.
This seems to be the right thing to do since it was what was previously removed from inside of the function. briansmith/ring@2accae1
| }; | ||
|
|
||
| if key_pair.public_modulus_len() != 512 { | ||
| let public_key: ring::signature::RsaPublicKeyComponents<Vec<u8>> = key_pair.public().into(); |
There was a problem hiding this comment.
This got both harder and simpler. Getting the modulus and exponent from a public key is no longer directly supported, however a public key can just be changed into a PublicKeyComponents which is what we're creating here anyways.
|
@bradjc I got annoyed at Dependabot for not doing this update for us, so I did it myself. I don't know how to test it to make sure I didn't break something in elf2tab though. |
Bumps ring from 0.16.20 to 0.17.13.
Changelog
Sourced from ring's changelog.
Commits