net/quinn: Fix panic due to unset default crypto provider

Fix CI failure that we see after the upgrade of rustls from 0.23.13 to 0.23.15. Related docs/PR https://docs.rs/rustls/latest/rustls/crypto/struct.CryptoProvider.html#using-the-per-process-default-cryptoprovider https://github.com/quinn-rs/quinn/pull/1882 Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs/-/merge_requests/1865>
2024-11-21 19:11:02 +00:00 · 2024-10-21 14:47:52 +05:30 · 2024-10-21 14:47:52 +05:30 · d6e7031799
commit d6e7031799
parent 0e3d019e24
1 changed files with 21 additions and 25 deletions
--- a/net/quinn/src/utils.rs
+++ b/net/quinn/src/utils.rs
@ -155,11 +155,11 @@ pub fn make_socket_addr(addr: &str) -> Result<SocketAddr, WaitError> {
 * Following functions are taken from Quinn documentation/repository
 */
 #[derive(Debug)]
-struct SkipServerVerification;
+struct SkipServerVerification(Arc<rustls::crypto::CryptoProvider>);

 impl SkipServerVerification {
    pub fn new() -> Arc<Self> {
-        Arc::new(Self)
+        Arc::new(Self(Arc::new(rustls::crypto::ring::default_provider())))
    }
 }

@ -177,38 +177,34 @@ impl rustls::client::danger::ServerCertVerifier for SkipServerVerification {

    fn verify_tls12_signature(
        &self,
-        _: &[u8],
-        _: &rustls_pki_types::CertificateDer<'_>,
-        _: &rustls::DigitallySignedStruct,
+        message: &[u8],
+        cert: &rustls_pki_types::CertificateDer<'_>,
+        dss: &rustls::DigitallySignedStruct,
    ) -> Result<rustls::client::danger::HandshakeSignatureValid, rustls::Error> {
-        Ok(rustls::client::danger::HandshakeSignatureValid::assertion())
+        rustls::crypto::verify_tls12_signature(
+            message,
+            cert,
+            dss,
+            &self.0.signature_verification_algorithms,
+        )
    }

    fn verify_tls13_signature(
        &self,
-        _: &[u8],
-        _: &rustls_pki_types::CertificateDer<'_>,
-        _: &rustls::DigitallySignedStruct,
+        message: &[u8],
+        cert: &rustls_pki_types::CertificateDer<'_>,
+        dss: &rustls::DigitallySignedStruct,
    ) -> Result<rustls::client::danger::HandshakeSignatureValid, rustls::Error> {
-        Ok(rustls::client::danger::HandshakeSignatureValid::assertion())
+        rustls::crypto::verify_tls13_signature(
+            message,
+            cert,
+            dss,
+            &self.0.signature_verification_algorithms,
+        )
    }

    fn supported_verify_schemes(&self) -> Vec<rustls::SignatureScheme> {
-        vec![
-            rustls::SignatureScheme::RSA_PKCS1_SHA1,
-            rustls::SignatureScheme::ECDSA_SHA1_Legacy,
-            rustls::SignatureScheme::RSA_PKCS1_SHA256,
-            rustls::SignatureScheme::ECDSA_NISTP256_SHA256,
-            rustls::SignatureScheme::RSA_PKCS1_SHA384,
-            rustls::SignatureScheme::ECDSA_NISTP384_SHA384,
-            rustls::SignatureScheme::RSA_PKCS1_SHA512,
-            rustls::SignatureScheme::ECDSA_NISTP521_SHA512,
-            rustls::SignatureScheme::RSA_PSS_SHA256,
-            rustls::SignatureScheme::RSA_PSS_SHA384,
-            rustls::SignatureScheme::RSA_PSS_SHA512,
-            rustls::SignatureScheme::ED25519,
-            rustls::SignatureScheme::ED448,
-        ]
+        self.0.signature_verification_algorithms.supported_schemes()
    }
 }