From 95b69ba15074b1ea5ea63ba26f754e2f136169e8 Mon Sep 17 00:00:00 2001 From: Thomas Eizinger Date: Mon, 31 Oct 2022 14:43:17 +1100 Subject: [PATCH 1/7] Upgrade to latest `ring` version --- dtls/Cargo.toml | 2 +- dtls/examples/hub/Cargo.toml | 2 +- dtls/src/crypto/mod.rs | 4 ++++ stun/Cargo.toml | 2 +- turn/Cargo.toml | 2 +- webrtc/Cargo.toml | 2 +- webrtc/src/peer_connection/certificate.rs | 2 ++ 7 files changed, 11 insertions(+), 5 deletions(-) diff --git a/dtls/Cargo.toml b/dtls/Cargo.toml index 273c0c871..e12bcdab0 100644 --- a/dtls/Cargo.toml +++ b/dtls/Cargo.toml @@ -41,7 +41,7 @@ oid-registry = "0.6.0" x509-parser = "0.13.2" der-parser = "8.1" rcgen = "0.9.2" -ring = "0.16.19" +ring = { git = "https://github.com/briansmith/ring" } webpki = "0.21.4" rustls = { version = "0.19.0", features = ["dangerous_configuration"]} bincode = "1.3" diff --git a/dtls/examples/hub/Cargo.toml b/dtls/examples/hub/Cargo.toml index 72796c31c..3531d963d 100644 --- a/dtls/examples/hub/Cargo.toml +++ b/dtls/examples/hub/Cargo.toml @@ -12,7 +12,7 @@ dtls = { package = "webrtc-dtls", path = "../../" } tokio = { version = "1", features = ["full"] } x509-parser = "0.13" rcgen = { version = "0.9", features = ["pem", "x509-parser"] } -ring = "0.16" +ring = { git = "https://github.com/briansmith/ring" } rustls = "0.19" log = "0.4.16" thiserror = "1" diff --git a/dtls/src/crypto/mod.rs b/dtls/src/crypto/mod.rs index a0f42dbb0..ea4ce6bd0 100644 --- a/dtls/src/crypto/mod.rs +++ b/dtls/src/crypto/mod.rs @@ -43,6 +43,7 @@ impl Certificate { EcdsaKeyPair::from_pkcs8( &ring::signature::ECDSA_P256_SHA256_ASN1_SIGNING, &serialized_der, + &SystemRandom::new(), ) .map_err(|e| Error::Other(e.to_string()))?, ), @@ -90,6 +91,7 @@ impl Certificate { EcdsaKeyPair::from_pkcs8( &ring::signature::ECDSA_P256_SHA256_ASN1_SIGNING, &serialized_der, + &SystemRandom::new(), ) .map_err(|e| Error::Other(e.to_string()))?, ), @@ -181,6 +183,7 @@ impl Clone for CryptoPrivateKey { EcdsaKeyPair::from_pkcs8( &ring::signature::ECDSA_P256_SHA256_ASN1_SIGNING, &self.serialized_der, + &SystemRandom::new(), ) .unwrap(), ), @@ -213,6 +216,7 @@ impl CryptoPrivateKey { EcdsaKeyPair::from_pkcs8( &ring::signature::ECDSA_P256_SHA256_ASN1_SIGNING, &serialized_der, + &SystemRandom::new(), ) .map_err(|e| Error::Other(e.to_string()))?, ), diff --git a/stun/Cargo.toml b/stun/Cargo.toml index 75758dc79..a13f15332 100644 --- a/stun/Cargo.toml +++ b/stun/Cargo.toml @@ -24,7 +24,7 @@ rand = "0.8.5" base64 = "0.13.0" subtle = "2.4" crc = "3.0" -ring = "0.16.20" +ring = { git = "https://github.com/briansmith/ring" } md-5 = "0.10.1" thiserror = "1.0" diff --git a/turn/Cargo.toml b/turn/Cargo.toml index abfc72f63..2efa51652 100644 --- a/turn/Cargo.toml +++ b/turn/Cargo.toml @@ -22,7 +22,7 @@ async-trait = "0.1.56" log = "0.4.16" base64 = "0.13.0" rand = "0.8.5" -ring = "0.16.20" +ring = { git = "https://github.com/briansmith/ring" } md-5 = "0.10.1" thiserror = "1.0" diff --git a/webrtc/Cargo.toml b/webrtc/Cargo.toml index 80777cdd5..8d817bf29 100644 --- a/webrtc/Cargo.toml +++ b/webrtc/Cargo.toml @@ -42,7 +42,7 @@ regex = "1" url = "2.2" rustls = { version = "0.19.0", features = ["dangerous_configuration"]} rcgen = { version = "0.9.2", features = ["pem", "x509-parser"]} -ring = "0.16.20" +ring = { git = "https://github.com/briansmith/ring" } sha2 = "0.10.2" lazy_static = "1.4" hex = "0.4.3" diff --git a/webrtc/src/peer_connection/certificate.rs b/webrtc/src/peer_connection/certificate.rs index 455931794..0adf1ba8b 100644 --- a/webrtc/src/peer_connection/certificate.rs +++ b/webrtc/src/peer_connection/certificate.rs @@ -6,6 +6,7 @@ use crate::stats::{CertificateStats, StatsReportType}; use dtls::crypto::{CryptoPrivateKey, CryptoPrivateKeyKind}; use rcgen::{CertificateParams, KeyPair, RcgenError}; +use ring::rand::SystemRandom; use ring::signature::{EcdsaKeyPair, Ed25519KeyPair, RsaKeyPair}; use sha2::{Digest, Sha256}; use std::ops::Add; @@ -58,6 +59,7 @@ impl RTCCertificate { EcdsaKeyPair::from_pkcs8( &ring::signature::ECDSA_P256_SHA256_ASN1_SIGNING, &serialized_der, + &SystemRandom::new(), ) .map_err(|e| Error::new(e.to_string()))?, ), From 829e1d969eb998b812d15718a8fea0de5ff041cc Mon Sep 17 00:00:00 2001 From: Thomas Eizinger Date: Mon, 31 Oct 2022 14:44:54 +1100 Subject: [PATCH 2/7] Fix deprecation warnings --- dtls/src/crypto/crypto_test.rs | 2 +- dtls/src/crypto/mod.rs | 17 +++++++++-------- webrtc/src/peer_connection/certificate.rs | 5 +++-- 3 files changed, 13 insertions(+), 11 deletions(-) diff --git a/dtls/src/crypto/crypto_test.rs b/dtls/src/crypto/crypto_test.rs index f9f680a46..13b6f5173 100644 --- a/dtls/src/crypto/crypto_test.rs +++ b/dtls/src/crypto/crypto_test.rs @@ -90,7 +90,7 @@ fn test_generate_key_signature() -> Result<()> { NamedCurve::X25519, &CryptoPrivateKey { kind: CryptoPrivateKeyKind::Rsa256( - RsaKeyPair::from_der(&pem.contents).map_err(|e| Error::Other(e.to_string()))?, + rsa::KeyPair::from_der(&pem.contents).map_err(|e| Error::Other(e.to_string()))?, ), serialized_der: pem.contents.clone(), }, //hashAlgorithmSHA256, diff --git a/dtls/src/crypto/mod.rs b/dtls/src/crypto/mod.rs index ea4ce6bd0..fce5ce57a 100644 --- a/dtls/src/crypto/mod.rs +++ b/dtls/src/crypto/mod.rs @@ -14,7 +14,8 @@ use crate::signature_hash_algorithm::{HashAlgorithm, SignatureAlgorithm, Signatu use der_parser::{oid, oid::Oid}; use rcgen::KeyPair; use ring::rand::SystemRandom; -use ring::signature::{EcdsaKeyPair, Ed25519KeyPair, RsaKeyPair}; +use ring::rsa; +use ring::signature::{EcdsaKeyPair, Ed25519KeyPair}; use std::sync::Arc; #[derive(Clone, PartialEq)] @@ -52,7 +53,7 @@ impl Certificate { } else if key_pair.is_compatible(&rcgen::PKCS_RSA_SHA256) { CryptoPrivateKey { kind: CryptoPrivateKeyKind::Rsa256( - RsaKeyPair::from_pkcs8(&serialized_der) + rsa::KeyPair::from_pkcs8(&serialized_der) .map_err(|e| Error::Other(e.to_string()))?, ), serialized_der, @@ -100,7 +101,7 @@ impl Certificate { } else if key_pair.is_compatible(&rcgen::PKCS_RSA_SHA256) { CryptoPrivateKey { kind: CryptoPrivateKeyKind::Rsa256( - RsaKeyPair::from_pkcs8(&serialized_der) + rsa::KeyPair::from_pkcs8(&serialized_der) .map_err(|e| Error::Other(e.to_string()))?, ), serialized_der, @@ -139,7 +140,7 @@ pub(crate) fn value_key_message( pub enum CryptoPrivateKeyKind { Ed25519(Ed25519KeyPair), Ecdsa256(EcdsaKeyPair), - Rsa256(RsaKeyPair), + Rsa256(rsa::KeyPair), } pub struct CryptoPrivateKey { @@ -191,7 +192,7 @@ impl Clone for CryptoPrivateKey { }, CryptoPrivateKeyKind::Rsa256(_) => CryptoPrivateKey { kind: CryptoPrivateKeyKind::Rsa256( - RsaKeyPair::from_pkcs8(&self.serialized_der).unwrap(), + rsa::KeyPair::from_pkcs8(&self.serialized_der).unwrap(), ), serialized_der: self.serialized_der.clone(), }, @@ -225,7 +226,7 @@ impl CryptoPrivateKey { } else if key_pair.is_compatible(&rcgen::PKCS_RSA_SHA256) { Ok(CryptoPrivateKey { kind: CryptoPrivateKeyKind::Rsa256( - RsaKeyPair::from_pkcs8(&serialized_der) + rsa::KeyPair::from_pkcs8(&serialized_der) .map_err(|e| Error::Other(e.to_string()))?, ), serialized_der, @@ -260,7 +261,7 @@ pub(crate) fn generate_key_signature( } CryptoPrivateKeyKind::Rsa256(kp) => { let system_random = SystemRandom::new(); - let mut signature = vec![0; kp.public_modulus_len()]; + let mut signature = vec![0; kp.public().modulus_len()]; kp.sign( &ring::signature::RSA_PKCS1_SHA256, &system_random, @@ -371,7 +372,7 @@ pub(crate) fn generate_certificate_verify( } CryptoPrivateKeyKind::Rsa256(kp) => { let system_random = SystemRandom::new(); - let mut signature = vec![0; kp.public_modulus_len()]; + let mut signature = vec![0; kp.public().modulus_len()]; kp.sign( &ring::signature::RSA_PKCS1_SHA256, &system_random, diff --git a/webrtc/src/peer_connection/certificate.rs b/webrtc/src/peer_connection/certificate.rs index 0adf1ba8b..59408dd6f 100644 --- a/webrtc/src/peer_connection/certificate.rs +++ b/webrtc/src/peer_connection/certificate.rs @@ -7,7 +7,8 @@ use crate::stats::{CertificateStats, StatsReportType}; use dtls::crypto::{CryptoPrivateKey, CryptoPrivateKeyKind}; use rcgen::{CertificateParams, KeyPair, RcgenError}; use ring::rand::SystemRandom; -use ring::signature::{EcdsaKeyPair, Ed25519KeyPair, RsaKeyPair}; +use ring::rsa; +use ring::signature::{EcdsaKeyPair, Ed25519KeyPair}; use sha2::{Digest, Sha256}; use std::ops::Add; use std::time::{Duration, SystemTime, UNIX_EPOCH}; @@ -68,7 +69,7 @@ impl RTCCertificate { } else if key_pair.is_compatible(&rcgen::PKCS_RSA_SHA256) { CryptoPrivateKey { kind: CryptoPrivateKeyKind::Rsa256( - RsaKeyPair::from_pkcs8(&serialized_der) + rsa::KeyPair::from_pkcs8(&serialized_der) .map_err(|e| Error::new(e.to_string()))?, ), serialized_der, From dc8d896784eb7ba8f5cecc2e5ae2917bb16c0c65 Mon Sep 17 00:00:00 2001 From: Thomas Eizinger Date: Mon, 31 Oct 2022 14:48:51 +1100 Subject: [PATCH 3/7] Temporarily pin `ring` version --- dtls/Cargo.toml | 2 +- dtls/examples/hub/Cargo.toml | 2 +- stun/Cargo.toml | 2 +- turn/Cargo.toml | 2 +- webrtc/Cargo.toml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/dtls/Cargo.toml b/dtls/Cargo.toml index e12bcdab0..ee522a7d5 100644 --- a/dtls/Cargo.toml +++ b/dtls/Cargo.toml @@ -41,7 +41,7 @@ oid-registry = "0.6.0" x509-parser = "0.13.2" der-parser = "8.1" rcgen = "0.9.2" -ring = { git = "https://github.com/briansmith/ring" } +ring = { git = "https://github.com/briansmith/ring", rev = "abe9529fc063f575759f8166bba02db171a3a0f6" } webpki = "0.21.4" rustls = { version = "0.19.0", features = ["dangerous_configuration"]} bincode = "1.3" diff --git a/dtls/examples/hub/Cargo.toml b/dtls/examples/hub/Cargo.toml index 3531d963d..9cb30dfd5 100644 --- a/dtls/examples/hub/Cargo.toml +++ b/dtls/examples/hub/Cargo.toml @@ -12,7 +12,7 @@ dtls = { package = "webrtc-dtls", path = "../../" } tokio = { version = "1", features = ["full"] } x509-parser = "0.13" rcgen = { version = "0.9", features = ["pem", "x509-parser"] } -ring = { git = "https://github.com/briansmith/ring" } +ring = { git = "https://github.com/briansmith/ring", rev = "abe9529fc063f575759f8166bba02db171a3a0f6" } rustls = "0.19" log = "0.4.16" thiserror = "1" diff --git a/stun/Cargo.toml b/stun/Cargo.toml index a13f15332..289e935ca 100644 --- a/stun/Cargo.toml +++ b/stun/Cargo.toml @@ -24,7 +24,7 @@ rand = "0.8.5" base64 = "0.13.0" subtle = "2.4" crc = "3.0" -ring = { git = "https://github.com/briansmith/ring" } +ring = { git = "https://github.com/briansmith/ring", rev = "abe9529fc063f575759f8166bba02db171a3a0f6" } md-5 = "0.10.1" thiserror = "1.0" diff --git a/turn/Cargo.toml b/turn/Cargo.toml index 2efa51652..82f030f56 100644 --- a/turn/Cargo.toml +++ b/turn/Cargo.toml @@ -22,7 +22,7 @@ async-trait = "0.1.56" log = "0.4.16" base64 = "0.13.0" rand = "0.8.5" -ring = { git = "https://github.com/briansmith/ring" } +ring = { git = "https://github.com/briansmith/ring", rev = "abe9529fc063f575759f8166bba02db171a3a0f6" } md-5 = "0.10.1" thiserror = "1.0" diff --git a/webrtc/Cargo.toml b/webrtc/Cargo.toml index 8d817bf29..a6f01df21 100644 --- a/webrtc/Cargo.toml +++ b/webrtc/Cargo.toml @@ -42,7 +42,7 @@ regex = "1" url = "2.2" rustls = { version = "0.19.0", features = ["dangerous_configuration"]} rcgen = { version = "0.9.2", features = ["pem", "x509-parser"]} -ring = { git = "https://github.com/briansmith/ring" } +ring = { git = "https://github.com/briansmith/ring", rev = "abe9529fc063f575759f8166bba02db171a3a0f6" } sha2 = "0.10.2" lazy_static = "1.4" hex = "0.4.3" From e4dad31da420b545256d6f38a73e31d07c429ab3 Mon Sep 17 00:00:00 2001 From: Thomas Eizinger Date: Fri, 11 Nov 2022 10:48:19 +1100 Subject: [PATCH 4/7] Fix warning --- dtls/src/crypto/mod.rs | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/dtls/src/crypto/mod.rs b/dtls/src/crypto/mod.rs index 6dae8d967..d3d901279 100644 --- a/dtls/src/crypto/mod.rs +++ b/dtls/src/crypto/mod.rs @@ -508,11 +508,9 @@ pub(crate) fn generate_aead_additional_data(h: &RecordLayerHeader, payload_len: #[cfg(test)] mod test { - use super::*; - #[cfg(feature = "pem")] #[test] - fn test_certificate_serialize_pem_and_from_pem() -> Result<()> { + fn test_certificate_serialize_pem_and_from_pem() -> crate::error::Result<()> { let cert = Certificate::generate_self_signed(vec!["webrtc.rs".to_owned()])?; let pem = cert.serialize_pem(); From bff1ecbb96d9fd5486c34312dd1febcdd8d5185c Mon Sep 17 00:00:00 2001 From: Thomas Eizinger Date: Fri, 11 Nov 2022 10:48:24 +1100 Subject: [PATCH 5/7] Remove duplicated code --- dtls/src/crypto/mod.rs | 33 +-------------------------------- 1 file changed, 1 insertion(+), 32 deletions(-) diff --git a/dtls/src/crypto/mod.rs b/dtls/src/crypto/mod.rs index d3d901279..0f0d0cd0d 100644 --- a/dtls/src/crypto/mod.rs +++ b/dtls/src/crypto/mod.rs @@ -207,38 +207,7 @@ impl TryFrom<&KeyPair> for CryptoPrivateKey { type Error = Error; fn try_from(key_pair: &KeyPair) -> Result { - let serialized_der = key_pair.serialize_der(); - if key_pair.is_compatible(&rcgen::PKCS_ED25519) { - Ok(CryptoPrivateKey { - kind: CryptoPrivateKeyKind::Ed25519( - Ed25519KeyPair::from_pkcs8(&serialized_der) - .map_err(|e| Error::Other(e.to_string()))?, - ), - serialized_der, - }) - } else if key_pair.is_compatible(&rcgen::PKCS_ECDSA_P256_SHA256) { - Ok(CryptoPrivateKey { - kind: CryptoPrivateKeyKind::Ecdsa256( - EcdsaKeyPair::from_pkcs8( - &ring::signature::ECDSA_P256_SHA256_ASN1_SIGNING, - &serialized_der, - &SystemRandom::new() - ) - .map_err(|e| Error::Other(e.to_string()))?, - ), - serialized_der, - }) - } else if key_pair.is_compatible(&rcgen::PKCS_RSA_SHA256) { - Ok(CryptoPrivateKey { - kind: CryptoPrivateKeyKind::Rsa256( - rsa::KeyPair::from_pkcs8(&serialized_der) - .map_err(|e| Error::Other(e.to_string()))?, - ), - serialized_der, - }) - } else { - Err(Error::Other("Unsupported key_pair".to_owned())) - } + Self::from_key_pair(key_pair) } } From 80703431575e7bb9c978658068338f77cea2aa7a Mon Sep 17 00:00:00 2001 From: Thomas Eizinger Date: Tue, 3 Oct 2023 12:42:36 +1100 Subject: [PATCH 6/7] Bump ring to 0.17 --- dtls/Cargo.toml | 2 +- dtls/src/crypto/crypto_test.rs | 2 +- dtls/src/crypto/mod.rs | 8 ++++---- stun/Cargo.toml | 2 +- turn/Cargo.toml | 2 +- webrtc/Cargo.toml | 2 +- 6 files changed, 9 insertions(+), 9 deletions(-) diff --git a/dtls/Cargo.toml b/dtls/Cargo.toml index 80a657661..559d67e30 100644 --- a/dtls/Cargo.toml +++ b/dtls/Cargo.toml @@ -32,7 +32,7 @@ x25519-dalek = { version = "2", features = ["static_secrets"] } x509-parser = "0.15" der-parser = "8.1" rcgen = "0.11" -ring = "0.16.19" +ring = "0.17" rustls = { version = "0.21", features = ["dangerous_configuration"]} bincode = "1" serde = { version = "1", features = ["derive"] } diff --git a/dtls/src/crypto/crypto_test.rs b/dtls/src/crypto/crypto_test.rs index d3b92c11a..04038eb04 100644 --- a/dtls/src/crypto/crypto_test.rs +++ b/dtls/src/crypto/crypto_test.rs @@ -89,7 +89,7 @@ fn test_generate_key_signature() -> Result<()> { NamedCurve::X25519, &CryptoPrivateKey { kind: CryptoPrivateKeyKind::Rsa256( - rsa::KeyPair::from_der(&pem.contents).map_err(|e| Error::Other(e.to_string()))?, + ring::rsa::KeyPair::from_der(&pem.contents).map_err(|e| Error::Other(e.to_string()))?, ), serialized_der: pem.contents.clone(), }, //hashAlgorithmSHA256, diff --git a/dtls/src/crypto/mod.rs b/dtls/src/crypto/mod.rs index 066e35103..4ae949b87 100644 --- a/dtls/src/crypto/mod.rs +++ b/dtls/src/crypto/mod.rs @@ -12,7 +12,7 @@ use der_parser::oid; use der_parser::oid::Oid; use rcgen::KeyPair; use ring::rand::SystemRandom; -use ring::signature::{EcdsaKeyPair, Ed25519KeyPair, RsaKeyPair}; +use ring::signature::{EcdsaKeyPair, Ed25519KeyPair}; use crate::curve::named_curve::*; use crate::error::*; @@ -139,7 +139,7 @@ pub(crate) fn value_key_message( pub enum CryptoPrivateKeyKind { Ed25519(Ed25519KeyPair), Ecdsa256(EcdsaKeyPair), - Rsa256(rsa::KeyPair), + Rsa256(ring::rsa::KeyPair), } /// Private key. @@ -195,7 +195,7 @@ impl Clone for CryptoPrivateKey { }, CryptoPrivateKeyKind::Rsa256(_) => CryptoPrivateKey { kind: CryptoPrivateKeyKind::Rsa256( - rsa::KeyPair::from_pkcs8(&self.serialized_der).unwrap(), + ring::rsa::KeyPair::from_pkcs8(&self.serialized_der).unwrap(), ), serialized_der: self.serialized_der.clone(), }, @@ -237,7 +237,7 @@ impl CryptoPrivateKey { } else if key_pair.is_compatible(&rcgen::PKCS_RSA_SHA256) { Ok(CryptoPrivateKey { kind: CryptoPrivateKeyKind::Rsa256( - rsa::KeyPair::from_pkcs8(&serialized_der) + ring::rsa::KeyPair::from_pkcs8(&serialized_der) .map_err(|e| Error::Other(e.to_string()))?, ), serialized_der, diff --git a/stun/Cargo.toml b/stun/Cargo.toml index ae7be9509..51eba6929 100644 --- a/stun/Cargo.toml +++ b/stun/Cargo.toml @@ -23,7 +23,7 @@ rand = "0.8" base64 = "0.21" subtle = "2.4" crc = "3" -ring = "0.16" +ring = "0.17" md-5 = "0.10" thiserror = "1" diff --git a/turn/Cargo.toml b/turn/Cargo.toml index 9c6f749bc..569833637 100644 --- a/turn/Cargo.toml +++ b/turn/Cargo.toml @@ -19,7 +19,7 @@ async-trait = "0.1" log = "0.4" base64 = "0.21" rand = "0.8" -ring = "0.16" +ring = "0.17" md-5 = "0.10" thiserror = "1" diff --git a/webrtc/Cargo.toml b/webrtc/Cargo.toml index 192fd03fd..45cf8f370 100644 --- a/webrtc/Cargo.toml +++ b/webrtc/Cargo.toml @@ -41,7 +41,7 @@ smol_str = { version = "0.2", features = ["serde"] } url = "2" rustls = { version = "0.21", features = ["dangerous_configuration"]} rcgen = { version = "0.11", features = ["pem", "x509-parser"]} -ring = "0.16" +ring = "0.17" sha2 = "0.10" lazy_static = "1.4" hex = "0.4" From a3f7c6d89465497b46120e1d11e1ab3686c717e9 Mon Sep 17 00:00:00 2001 From: Thomas Eizinger Date: Tue, 3 Oct 2023 12:59:04 +1100 Subject: [PATCH 7/7] Fix formatting --- dtls/src/crypto/crypto_test.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dtls/src/crypto/crypto_test.rs b/dtls/src/crypto/crypto_test.rs index 04038eb04..b47c4dc64 100644 --- a/dtls/src/crypto/crypto_test.rs +++ b/dtls/src/crypto/crypto_test.rs @@ -89,7 +89,8 @@ fn test_generate_key_signature() -> Result<()> { NamedCurve::X25519, &CryptoPrivateKey { kind: CryptoPrivateKeyKind::Rsa256( - ring::rsa::KeyPair::from_der(&pem.contents).map_err(|e| Error::Other(e.to_string()))?, + ring::rsa::KeyPair::from_der(&pem.contents) + .map_err(|e| Error::Other(e.to_string()))?, ), serialized_der: pem.contents.clone(), }, //hashAlgorithmSHA256,