From 8eb0a26d5184687a25eec39e6a62422a8d4b4925 Mon Sep 17 00:00:00 2001 From: David Kotval Date: Thu, 8 Feb 2024 12:47:45 -0600 Subject: [PATCH] fix: don't break tls Due to our patch of ring@0.16.0, we must be careful that none of the transitive deps of the tls packages try to use a newer ring. --- Cargo.lock | 202 ++++++++++++++++------------------ libs/tls/Cargo.toml | 9 +- services/root-keys/Cargo.toml | 2 +- services/shellchat/Cargo.toml | 13 +-- 4 files changed, 101 insertions(+), 125 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index fc24afc7f..093ac3b56 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -761,9 +761,9 @@ source = "git+https://github.com/betrusted-io/com_rs?rev=891bdd3ca8e41f81510d112 [[package]] name = "compiler_builtins" -version = "0.1.107" +version = "0.1.108" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8da8e35920ddd38b7bbd68866060057a69c3368301d56f8b852bd581516d4dcd" +checksum = "d68bc55329711cd719c2687bb147bc06211b0521f97ef398280108ccb23227e9" dependencies = [ "rustc-std-workspace-core", ] @@ -1118,7 +1118,7 @@ dependencies = [ "sha2 0.10.8", "subtle", "trng", - "untrusted 0.7.1", + "untrusted", "xous-api-names", ] @@ -1149,15 +1149,13 @@ checksum = "b365fabc795046672053e29c954733ec3b05e4be654ab130fe8f1f94d7051f35" [[package]] name = "curve25519-dalek" -version = "4.1.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0a677b8922c94e01bdbb12126b0bc852f00447528dee1782229af9c720c3f348" +version = "4.1.1" dependencies = [ "cfg-if", "cpufeatures", "curve25519-dalek-derive", "digest 0.10.7", - "fiat-crypto 0.2.5", + "fiat-crypto 0.2.6", "platforms", "rustc_version 0.4.0", "subtle", @@ -1167,8 +1165,6 @@ dependencies = [ [[package]] name = "curve25519-dalek-derive" version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", @@ -1275,9 +1271,9 @@ checksum = "7e962a19be5cfc3f3bf6dd8f61eb50107f356ad6270fbb3ed41476571db78be5" [[package]] name = "defmt" -version = "0.3.5" +version = "0.3.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a8a2d011b2fee29fb7d659b83c43fce9a2cb4df453e16d441a51448e448f3f98" +checksum = "3939552907426de152b3c2c6f51ed53f98f448babd26f28694c95f5906194595" dependencies = [ "bitflags 1.3.2", "defmt-macros", @@ -1285,9 +1281,9 @@ dependencies = [ [[package]] name = "defmt-macros" -version = "0.3.6" +version = "0.3.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "54f0216f6c5acb5ae1a47050a6645024e6edafc2ee32d421955eccfef12ef92e" +checksum = "18bdc7a7b92ac413e19e95240e75d3a73a8d8e78aa24a594c22cbb4d44b4bbda" dependencies = [ "defmt-parser", "proc-macro-error", @@ -1298,9 +1294,9 @@ dependencies = [ [[package]] name = "defmt-parser" -version = "0.3.3" +version = "0.3.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "269924c02afd7f94bc4cecbfa5c379f6ffcf9766b3408fe63d22c728654eccd0" +checksum = "ff4a5fefe330e8d7f31b16a318f9ce81000d8e35e69b93eae154d16d2278f70f" dependencies = [ "thiserror", ] @@ -1519,9 +1515,9 @@ checksum = "e18997d4604542d0736fae2c5ad6de987f0a50530cbcc14a7ce5a685328a252d" [[package]] name = "ed25519-dalek" -version = "2.1.0" +version = "2.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1f628eaec48bfd21b865dc2950cfa014450c01d2fa2b69a86c2fd5844ec523c0" +checksum = "4a3daa8e81a3963a60642bcc1f90a670680bd4a77535faa384e9d1c79d620871" dependencies = [ "curve25519-dalek", "ed25519 2.2.3", @@ -1814,9 +1810,9 @@ checksum = "e825f6987101665dea6ec934c09ec6d721de7bc1bf92248e1d5810c8cd636b77" [[package]] name = "fiat-crypto" -version = "0.2.5" +version = "0.2.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "27573eac26f4dd11e2b1916c3fe1baa56407c83c71a773a8ba17ec0bca03b6b7" +checksum = "1676f435fc1dadde4d03e43f5d62b259e1ce5f40bd4ffb21db2b42ebe59c1382" [[package]] name = "filetime" @@ -2258,9 +2254,9 @@ dependencies = [ [[package]] name = "hermit-abi" -version = "0.3.4" +version = "0.3.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5d3d0e0f38255e7fa3cf31335b3a56f05febd18025f4db5ef7a0cfb4f8da651f" +checksum = "d0c62115964e08cb8039170eb33c1d0e2388a256930279edca206fff675f82c3" [[package]] name = "hex" @@ -2544,7 +2540,7 @@ version = "0.4.10" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0bad00257d07be169d870ab665980b06cdb366d792ad690bf2e76876dc503455" dependencies = [ - "hermit-abi 0.3.4", + "hermit-abi 0.3.5", "rustix", "windows-sys 0.52.0", ] @@ -2572,18 +2568,18 @@ checksum = "b1a46d1a171d865aa5f83f92695765caa047a9b4cbae2cbf37dbd613a793fd4c" [[package]] name = "jobserver" -version = "0.1.27" +version = "0.1.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8c37f63953c4c63420ed5fd3d6d398c719489b9f872b9fa683262f8edd363c7d" +checksum = "ab46a6e9526ddef3ae7f787c06f0f2600639ba80ea3eade3d8e670a2230f51d6" dependencies = [ "libc", ] [[package]] name = "js-sys" -version = "0.3.67" +version = "0.3.68" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9a1d36f1235bc969acba30b7f5990b864423a6068a10f7c90ae8f0112e3a59d1" +checksum = "406cda4b368d531c842222cf9d2600a9a4acce8d29423695379c6868a143a9ee" dependencies = [ "wasm-bindgen", ] @@ -3140,9 +3136,9 @@ dependencies = [ [[package]] name = "num-derive" -version = "0.4.1" +version = "0.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cfb77679af88f8b125209d354a202862602672222e7f2313fdd6dc349bad4712" +checksum = "ed3955f1a9c7c0c15e092f9c887db08b1fc683305fdf6eb6684f22555355e202" dependencies = [ "proc-macro2", "quote", @@ -3151,19 +3147,18 @@ dependencies = [ [[package]] name = "num-integer" -version = "0.1.45" +version = "0.1.46" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "225d3389fb3509a24c93f5c29eb6bde2586b98d9f016636dff58d7c6f7569cd9" +checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f" dependencies = [ - "autocfg", "num-traits", ] [[package]] name = "num-iter" -version = "0.1.43" +version = "0.1.44" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7d03e6c028c5dc5cac6e2dec0efda81fc887605bb3d884578bb6d6bf7514e252" +checksum = "d869c01cc0c455284163fd0092f1f93835385ccab5a98a0dcc497b2f8bf055a9" dependencies = [ "autocfg", "num-integer", @@ -3183,9 +3178,9 @@ dependencies = [ [[package]] name = "num-traits" -version = "0.2.17" +version = "0.2.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "39e3200413f237f41ab11ad6d161bc7239c84dcb631773ccd7de3dfe4b5c267c" +checksum = "da0df0e5185db44f69b44f26786fe401b6c293d1907744beaa7fa62b2e5a517a" dependencies = [ "autocfg", ] @@ -3196,7 +3191,7 @@ version = "1.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4161fcb6d602d4d2081af7c3a45852d875a03dd337a6bfdd6e06407b61342a43" dependencies = [ - "hermit-abi 0.3.4", + "hermit-abi 0.3.5", "libc", ] @@ -4139,27 +4134,13 @@ dependencies = [ "once_cell", "rkyv", "spin 0.5.2", - "untrusted 0.7.1", + "untrusted", "winapi", "xous 0.9.58 (registry+https://github.com/rust-lang/crates.io-index)", "xous-api-names", "xous-ipc 0.9.58 (registry+https://github.com/rust-lang/crates.io-index)", ] -[[package]] -name = "ring" -version = "0.17.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "688c63d65483050968b2a8937f7995f443e27041a0f7700aa59b0822aedebb74" -dependencies = [ - "cc", - "getrandom 0.2.12", - "libc", - "spin 0.9.8", - "untrusted 0.9.0", - "windows-sys 0.48.0", -] - [[package]] name = "rkyv" version = "0.4.3" @@ -4207,7 +4188,7 @@ dependencies = [ "locales", "log", "modals", - "num-derive 0.4.1", + "num-derive 0.4.2", "num-traits", "rand_core 0.6.4", "rkyv", @@ -4282,24 +4263,34 @@ dependencies = [ [[package]] name = "rustls" -version = "0.21.10" +version = "0.21.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f9d5a6813c0759e4609cd494e8e725babae6a2ca7b62a5536a13daaec6fcb7ba" +checksum = "cd8d6c9f025a446bc4d18ad9632e69aec8f287aa84499ee335599fabd20c3fd8" dependencies = [ "log", - "ring 0.17.7", - "rustls-webpki", + "ring", + "rustls-webpki 0.101.4", "sct", ] [[package]] name = "rustls-webpki" -version = "0.101.7" +version = "0.100.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5f6a5fc258f1c1276dfe3016516945546e2d5383911efc0fc4f1cdc5df3a4ae3" +dependencies = [ + "ring", + "untrusted", +] + +[[package]] +name = "rustls-webpki" +version = "0.101.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765" +checksum = "7d93931baf2d282fff8d3a532bbfd7653f734643161b87e3e01e59a04439bf0d" dependencies = [ - "ring 0.17.7", - "untrusted 0.9.0", + "ring", + "untrusted", ] [[package]] @@ -4337,12 +4328,12 @@ checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" [[package]] name = "sct" -version = "0.7.1" +version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414" +checksum = "d53dcdb7c9f8158937a7981b48accfd39a43af418591a5d008c7b22b5e1b7ca4" dependencies = [ - "ring 0.17.7", - "untrusted 0.9.0", + "ring", + "untrusted", ] [[package]] @@ -4587,7 +4578,7 @@ dependencies = [ "log", "modals", "net", - "num-derive 0.4.1", + "num-derive 0.4.2", "num-traits", "pddb", "perflib", @@ -4596,7 +4587,7 @@ dependencies = [ "rand_chacha 0.3.1", "rand_xorshift", "random-pick", - "ring 0.16.20", + "ring", "rkyv", "root-keys", "sha2 0.10.8", @@ -4909,13 +4900,12 @@ checksum = "55937e1799185b12863d447f42597ed69d9928686b8d88a1df17376a097d8369" [[package]] name = "tempfile" -version = "3.9.0" +version = "3.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "01ce4141aa927a6d1bd34a041795abd0db1cccba5d5f24b009f694bdf3a1f3fa" +checksum = "a365e8cd18e44762ef95d87f284f4b5cd04107fec2ff3052bd6a3e6069669e67" dependencies = [ "cfg-if", "fastrand", - "redox_syscall", "rustix", "windows-sys 0.52.0", ] @@ -5091,7 +5081,8 @@ dependencies = [ "pddb", "rkyv", "rustls", - "rustls-webpki", + "rustls-webpki 0.101.4", + "sct", "sha2 0.10.8", "ureq", "webpki-roots 0.24.0", @@ -5132,7 +5123,7 @@ dependencies = [ "log", "pem", "pkcs8 0.8.0", - "ring 0.16.20", + "ring", "sha2 0.10.8", "svd2utra 0.1.22", "xmas-elf", @@ -5227,7 +5218,7 @@ name = "trng" version = "0.1.0" dependencies = [ "log", - "num-derive 0.4.1", + "num-derive 0.4.2", "num-traits", "rand 0.8.5", "rand_chacha 0.3.1", @@ -5344,28 +5335,22 @@ version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" -[[package]] -name = "untrusted" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" - [[package]] name = "ureq" -version = "2.9.1" +version = "2.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f8cdd25c339e200129fe4de81451814e5228c9b771d57378817d6117cc2b3f97" +checksum = "0b11c96ac7ee530603dcdf68ed1557050f374ce55a5a07193ebf8cbc9f8927e9" dependencies = [ "base64 0.21.7", "flate2", "log", "once_cell", "rustls", - "rustls-webpki", + "rustls-webpki 0.100.3", "serde", "serde_json", "url", - "webpki-roots 0.25.4", + "webpki-roots 0.23.1", ] [[package]] @@ -5728,9 +5713,9 @@ dependencies = [ [[package]] name = "wasm-bindgen" -version = "0.2.90" +version = "0.2.91" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b1223296a201415c7fad14792dbefaace9bd52b62d33453ade1c5b5f07555406" +checksum = "c1e124130aee3fb58c5bdd6b639a0509486b0338acaaae0c84a5124b0f588b7f" dependencies = [ "cfg-if", "wasm-bindgen-macro", @@ -5738,9 +5723,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-backend" -version = "0.2.90" +version = "0.2.91" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fcdc935b63408d58a32f8cc9738a0bffd8f05cc7c002086c6ef20b7312ad9dcd" +checksum = "c9e7e1900c352b609c8488ad12639a311045f40a35491fb69ba8c12f758af70b" dependencies = [ "bumpalo", "log", @@ -5753,9 +5738,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-futures" -version = "0.4.40" +version = "0.4.41" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bde2032aeb86bdfaecc8b261eef3cba735cc426c1f3a3416d1e0791be95fc461" +checksum = "877b9c3f61ceea0e56331985743b13f3d25c406a7098d45180fb5f09bc19ed97" dependencies = [ "cfg-if", "js-sys", @@ -5765,9 +5750,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" -version = "0.2.90" +version = "0.2.91" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3e4c238561b2d428924c49815533a8b9121c664599558a5d9ec51f8a1740a999" +checksum = "b30af9e2d358182b5c7449424f017eba305ed32a7010509ede96cdc4696c46ed" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -5775,9 +5760,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.90" +version = "0.2.91" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bae1abb6806dc1ad9e560ed242107c0f6c84335f1749dd4e8ddb012ebd5e25a7" +checksum = "642f325be6301eb8107a83d12a8ac6c1e1c54345a7ef1a9261962dfefda09e66" dependencies = [ "proc-macro2", "quote", @@ -5788,15 +5773,15 @@ dependencies = [ [[package]] name = "wasm-bindgen-shared" -version = "0.2.90" +version = "0.2.91" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4d91413b1c31d7539ba5ef2451af3f0b833a005eb27a631cec32bc0635a8602b" +checksum = "4f186bd2dcf04330886ce82d6f33dd75a7bfcf69ecf5763b89fcde53b6ac9838" [[package]] name = "wasm-bindgen-test" -version = "0.3.40" +version = "0.3.41" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "139bd73305d50e1c1c4333210c0db43d989395b64a237bd35c10ef3832a7f70c" +checksum = "143ddeb4f833e2ed0d252e618986e18bfc7b0e52f2d28d77d05b2f045dd8eb61" dependencies = [ "console_error_panic_hook", "js-sys", @@ -5808,9 +5793,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-test-macro" -version = "0.3.40" +version = "0.3.41" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "70072aebfe5da66d2716002c729a14e4aec4da0e23cc2ea66323dac541c93928" +checksum = "a5211b7550606857312bba1d978a8ec75692eae187becc5e680444fffc5e6f89" dependencies = [ "proc-macro2", "quote", @@ -5892,9 +5877,9 @@ dependencies = [ [[package]] name = "web-sys" -version = "0.3.67" +version = "0.3.68" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "58cd2333b6e0be7a39605f0e255892fd7418a682d8da8fe042fe25128794d2ed" +checksum = "96565907687f7aceb35bc5fc03770a8a0471d82e479f25832f54a0e3f4b28446" dependencies = [ "js-sys", "wasm-bindgen", @@ -5902,18 +5887,21 @@ dependencies = [ [[package]] name = "webpki-roots" -version = "0.24.0" +version = "0.23.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b291546d5d9d1eab74f069c77749f2cb8504a12caa20f0f2de93ddbf6f411888" +checksum = "b03058f88386e5ff5310d9111d53f48b17d732b401aeb83a8d5190f2ac459338" dependencies = [ - "rustls-webpki", + "rustls-webpki 0.100.3", ] [[package]] name = "webpki-roots" -version = "0.25.4" +version = "0.24.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f20c57d8d7db6d3b86154206ae5d8fba62dd39573114de97c2cb0578251f8e1" +checksum = "b291546d5d9d1eab74f069c77749f2cb8504a12caa20f0f2de93ddbf6f411888" +dependencies = [ + "rustls-webpki 0.101.4", +] [[package]] name = "which" @@ -6525,7 +6513,3 @@ dependencies = [ "cc", "pkg-config", ] - -[[patch.unused]] -name = "curve25519-dalek" -version = "4.1.1" diff --git a/libs/tls/Cargo.toml b/libs/tls/Cargo.toml index 84824f2d4..31d55de10 100644 --- a/libs/tls/Cargo.toml +++ b/libs/tls/Cargo.toml @@ -25,10 +25,11 @@ rkyv = "0.4.3" sha2 = { version = "0.10.8" } # note requirement for patch to xous-ring in workspace Cargo.toml -rustls = { version = "0.21.7", features = ["dangerous_configuration"] } -ureq = "2.7.1" -webpki = { package = "rustls-webpki", version = "0.101.4" } -webpki-roots = { version = "0.24.0", optional = true } +rustls = { version = "=0.21.7", features = ["dangerous_configuration"] } +ureq = "=2.7.1" +webpki = { package = "rustls-webpki", version = "=0.101.4" } +sct = { version = "=0.7.0"} +webpki-roots = { version = "=0.24.0", optional = true } x509-parser = "0.15.0" [features] diff --git a/services/root-keys/Cargo.toml b/services/root-keys/Cargo.toml index 976f9a3e0..95a08319e 100644 --- a/services/root-keys/Cargo.toml +++ b/services/root-keys/Cargo.toml @@ -71,7 +71,7 @@ byteorder = "1.4.3" # used by keywrap hex = { version = "0.4.3", default-features = false, features = [] } [dependencies.curve25519-dalek] -version = "4.1.1" # note this is patched to our fork in ./Cargo.toml +version = "=4.1.1" # note this is patched to our fork in ./Cargo.toml default-features = false [dependencies.ed25519-dalek] diff --git a/services/shellchat/Cargo.toml b/services/shellchat/Cargo.toml index 2ab605d64..6210ec9c9 100644 --- a/services/shellchat/Cargo.toml +++ b/services/shellchat/Cargo.toml @@ -83,7 +83,7 @@ tls = { path = "../../libs/tls", optional = true } url = { version = "2.2.2", optional = true } # for testing ring math functions # note requirement for patch to xous-ring in workspace Cargo.toml -ring = { version = "0.16.20", optional = true } +ring = { version = "=0.16.20", optional = true } # for websocket testing tungstenite = { version = "0.20.0", optional = true } @@ -97,17 +97,8 @@ random-pick = { version = "1.2.16", optional = true } hex = { version = "0.4.3", default-features = false, features = [] } #sha2 = {version = "0.9.5", default-features = false, features = []} [dependencies.curve25519-dalek] -version = "4.1.1" # note this is patched to our fork in ./Cargo.toml +version = "=4.1.1" # note this is patched to our fork in ./Cargo.toml default-features = false -#Note: legacy_compatibility enables calling Scalar::from_bits on curve25519_dalek::Scalar. -# This method is deprecated due to the danger that if one used it without verifying that -# the key is on the prime order subgroup (which can be ensured by clamping), then one would -# be vulnerable to an invlid curve attack. In this crate, it is only used in the tests where -# its use is valid. I suspect this is fine, but I'd like to verify that the call is unable to -# be used in any other crate where this feature is not enabled. I don't fully understand how -# crate unification works, but I suspect you don't get different versions of the crate based one -# features. -features = ["legacy_compatibility"] [dependencies.x25519-dalek] version = "2.0.1"