mirror of
https://github.com/servo/servo.git
synced 2025-06-16 04:14:29 +00:00
Switch to the sha2 crate for SRI digests.
This removes one (simple) use of OpenSSL
This commit is contained in:
Fabrice Desré
parent
f4c4f4472d
commit
fec4c589b2
6 changed files with 31 additions and 26 deletions
27
Cargo.lock
generated
27
Cargo.lock
generated
|
|
@ -961,13 +961,13 @@ dependencies = [
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "content-security-policy"
|
name = "content-security-policy"
|
||||||
version = "0.4.2"
|
version = "0.5.0"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "91ea9f813e3c5ece60232e2b5d0d8187d310bf1e5641c5457e54099780a892a8"
|
checksum = "1780f19455c4d346013dc4fb3e9c329c64c7c300b0ebeff786743f4b9f34ec0e"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"base64 0.12.0",
|
"base64 0.13.0",
|
||||||
"bitflags",
|
"bitflags",
|
||||||
"lazy_static",
|
"once_cell",
|
||||||
"percent-encoding",
|
"percent-encoding",
|
||||||
"regex",
|
"regex",
|
||||||
"serde",
|
"serde",
|
||||||
|
|
@ -1410,9 +1410,9 @@ dependencies = [
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "digest"
|
name = "digest"
|
||||||
version = "0.10.3"
|
version = "0.10.6"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "f2fb860ca6fafa5552fb6d0e816a69c8e49f0908bf524e30a90d97c85892d506"
|
checksum = "8168378f4e5023e7218c89c891c0fd8ecdb5e5e4f18cb78f38cf245dd021e76f"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"block-buffer 0.10.2",
|
"block-buffer 0.10.2",
|
||||||
"crypto-common",
|
"crypto-common",
|
||||||
|
|
@ -3995,6 +3995,7 @@ dependencies = [
|
||||||
"flate2",
|
"flate2",
|
||||||
"futures 0.3.5",
|
"futures 0.3.5",
|
||||||
"futures-util",
|
"futures-util",
|
||||||
|
"generic-array 0.14.4",
|
||||||
"headers",
|
"headers",
|
||||||
"http",
|
"http",
|
||||||
"hyper 0.14.5",
|
"hyper 0.14.5",
|
||||||
|
|
@ -4023,6 +4024,7 @@ dependencies = [
|
||||||
"servo_arc",
|
"servo_arc",
|
||||||
"servo_config",
|
"servo_config",
|
||||||
"servo_url",
|
"servo_url",
|
||||||
|
"sha2",
|
||||||
"std_test_override",
|
"std_test_override",
|
||||||
"time",
|
"time",
|
||||||
"tokio 0.2.24",
|
"tokio 0.2.24",
|
||||||
|
|
@ -5948,19 +5950,18 @@ checksum = "028f48d513f9678cda28f6e4064755b3fbb2af6acd672f2c209b62323f7aea0f"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"cfg-if 1.0.0",
|
"cfg-if 1.0.0",
|
||||||
"cpufeatures",
|
"cpufeatures",
|
||||||
"digest 0.10.3",
|
"digest 0.10.6",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "sha2"
|
name = "sha2"
|
||||||
version = "0.8.1"
|
version = "0.10.6"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "27044adfd2e1f077f649f59deb9490d3941d674002f7d062870a60ebe9bd47a0"
|
checksum = "82e6b795fe2e3b1e845bafcb27aa35405c4d47cdfc92af5fc8d3002f76cebdc0"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"block-buffer 0.7.3",
|
"cfg-if 1.0.0",
|
||||||
"digest 0.8.1",
|
"cpufeatures",
|
||||||
"fake-simd",
|
"digest 0.10.6",
|
||||||
"opaque-debug 0.2.3",
|
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
|
|
|
||||||
|
|
@ -30,7 +30,7 @@ servo = [
|
||||||
[dependencies]
|
[dependencies]
|
||||||
accountable-refcell = { version = "0.2.0", optional = true }
|
accountable-refcell = { version = "0.2.0", optional = true }
|
||||||
app_units = "0.7"
|
app_units = "0.7"
|
||||||
content-security-policy = { version = "0.4.0", features = ["serde"], optional = true }
|
content-security-policy = { version = "0.5", features = ["serde"], optional = true }
|
||||||
crossbeam-channel = { version = "0.4", optional = true }
|
crossbeam-channel = { version = "0.4", optional = true }
|
||||||
cssparser = "0.29"
|
cssparser = "0.29"
|
||||||
euclid = "0.22"
|
euclid = "0.22"
|
||||||
|
|
|
||||||
|
|
@ -20,7 +20,7 @@ async-tungstenite = { version = "0.9", features = ["tokio-openssl"] }
|
||||||
base64 = "0.10.1"
|
base64 = "0.10.1"
|
||||||
brotli = "3"
|
brotli = "3"
|
||||||
bytes = "1"
|
bytes = "1"
|
||||||
content-security-policy = { version = "0.4.0", features = ["serde"] }
|
content-security-policy = { version = "0.5", features = ["serde"] }
|
||||||
cookie_rs = { package = "cookie", version = "0.12" }
|
cookie_rs = { package = "cookie", version = "0.12" }
|
||||||
crossbeam-channel = "0.4"
|
crossbeam-channel = "0.4"
|
||||||
data-url = "0.1.0"
|
data-url = "0.1.0"
|
||||||
|
|
@ -29,6 +29,7 @@ embedder_traits = { path = "../embedder_traits" }
|
||||||
flate2 = "1"
|
flate2 = "1"
|
||||||
futures = { version = "0.3", package = "futures" }
|
futures = { version = "0.3", package = "futures" }
|
||||||
futures-util = { version = "0.3" }
|
futures-util = { version = "0.3" }
|
||||||
|
generic-array = "0.14"
|
||||||
headers = "0.3"
|
headers = "0.3"
|
||||||
http = "0.2"
|
http = "0.2"
|
||||||
hyper = { version = "0.14", features = ["client", "http1", "http2", "tcp", "stream"] }
|
hyper = { version = "0.14", features = ["client", "http1", "http2", "tcp", "stream"] }
|
||||||
|
|
@ -57,6 +58,7 @@ servo_allocator = { path = "../allocator" }
|
||||||
servo_arc = { path = "../servo_arc" }
|
servo_arc = { path = "../servo_arc" }
|
||||||
servo_config = { path = "../config" }
|
servo_config = { path = "../config" }
|
||||||
servo_url = { path = "../url" }
|
servo_url = { path = "../url" }
|
||||||
|
sha2 = "0.10"
|
||||||
time = "0.1.41"
|
time = "0.1.41"
|
||||||
tokio = { version = "1", package = "tokio", features = ["sync", "macros", "rt-multi-thread"] }
|
tokio = { version = "1", package = "tokio", features = ["sync", "macros", "rt-multi-thread"] }
|
||||||
tokio2 = { version = "0.2", package = "tokio", features = ["sync", "macros", "rt-threaded", "tcp"] }
|
tokio2 = { version = "0.2", package = "tokio", features = ["sync", "macros", "rt-threaded", "tcp"] }
|
||||||
|
|
|
||||||
|
|
@ -3,8 +3,9 @@
|
||||||
* file, You can obtain one at https://mozilla.org/MPL/2.0/. */
|
* file, You can obtain one at https://mozilla.org/MPL/2.0/. */
|
||||||
|
|
||||||
use base64;
|
use base64;
|
||||||
|
use generic_array::ArrayLength;
|
||||||
use net_traits::response::{Response, ResponseBody, ResponseType};
|
use net_traits::response::{Response, ResponseBody, ResponseType};
|
||||||
use openssl::hash::{hash, MessageDigest};
|
use sha2::{Digest, Sha256, Sha384, Sha512};
|
||||||
use std::iter::Filter;
|
use std::iter::Filter;
|
||||||
use std::str::Split;
|
use std::str::Split;
|
||||||
use std::sync::MutexGuard;
|
use std::sync::MutexGuard;
|
||||||
|
|
@ -115,12 +116,13 @@ pub fn get_strongest_metadata(integrity_metadata_list: Vec<SriEntry>) -> Vec<Sri
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <https://w3c.github.io/webappsec-subresource-integrity/#apply-algorithm-to-response>
|
/// <https://w3c.github.io/webappsec-subresource-integrity/#apply-algorithm-to-response>
|
||||||
fn apply_algorithm_to_response(
|
fn apply_algorithm_to_response<S: ArrayLength<u8>, D: Digest<OutputSize = S>>(
|
||||||
body: MutexGuard<ResponseBody>,
|
body: MutexGuard<ResponseBody>,
|
||||||
message_digest: MessageDigest,
|
mut hasher: D,
|
||||||
) -> String {
|
) -> String {
|
||||||
if let ResponseBody::Done(ref vec) = *body {
|
if let ResponseBody::Done(ref vec) = *body {
|
||||||
let response_digest = hash(message_digest, vec).unwrap(); //Now hash
|
hasher.update(vec);
|
||||||
|
let response_digest = hasher.finalize(); //Now hash
|
||||||
base64::encode(&response_digest)
|
base64::encode(&response_digest)
|
||||||
} else {
|
} else {
|
||||||
unreachable!("Tried to calculate digest of incomplete response body")
|
unreachable!("Tried to calculate digest of incomplete response body")
|
||||||
|
|
@ -156,14 +158,14 @@ pub fn is_response_integrity_valid(integrity_metadata: &str, response: &Response
|
||||||
let algorithm = item.alg;
|
let algorithm = item.alg;
|
||||||
let digest = item.val;
|
let digest = item.val;
|
||||||
|
|
||||||
let message_digest = match &*algorithm {
|
let hashed = match &*algorithm {
|
||||||
"sha256" => MessageDigest::sha256(),
|
"sha256" => apply_algorithm_to_response(body, Sha256::new()),
|
||||||
"sha384" => MessageDigest::sha384(),
|
"sha384" => apply_algorithm_to_response(body, Sha384::new()),
|
||||||
"sha512" => MessageDigest::sha512(),
|
"sha512" => apply_algorithm_to_response(body, Sha512::new()),
|
||||||
_ => continue,
|
_ => continue,
|
||||||
};
|
};
|
||||||
|
|
||||||
if apply_algorithm_to_response(body, message_digest) == digest {
|
if hashed == digest {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@ test = false
|
||||||
doctest = false
|
doctest = false
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
content-security-policy = { version = "0.4.0", features = ["serde"] }
|
content-security-policy = { version = "0.5", features = ["serde"] }
|
||||||
cookie = "0.12"
|
cookie = "0.12"
|
||||||
embedder_traits = { path = "../embedder_traits" }
|
embedder_traits = { path = "../embedder_traits" }
|
||||||
headers = "0.3"
|
headers = "0.3"
|
||||||
|
|
|
||||||
|
|
@ -39,7 +39,7 @@ bitflags = "1.0"
|
||||||
bluetooth_traits = { path = "../bluetooth_traits" }
|
bluetooth_traits = { path = "../bluetooth_traits" }
|
||||||
canvas_traits = { path = "../canvas_traits" }
|
canvas_traits = { path = "../canvas_traits" }
|
||||||
chrono = "0.4"
|
chrono = "0.4"
|
||||||
content-security-policy = { version = "0.4.0", features = ["serde"] }
|
content-security-policy = { version = "0.5", features = ["serde"] }
|
||||||
cookie = "0.12"
|
cookie = "0.12"
|
||||||
crossbeam-channel = "0.4"
|
crossbeam-channel = "0.4"
|
||||||
cssparser = "0.29"
|
cssparser = "0.29"
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue