diff --git a/Cargo.lock b/Cargo.lock index b47ff84f6611bd..e273d8967f8f1c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2663,6 +2663,7 @@ name = "deno_npm_cache" version = "0.53.0" dependencies = [ "async-trait", + "aws-lc-rs", "base64 0.22.1", "boxed_error", "deno_cache_dir", diff --git a/libs/npm_cache/Cargo.toml b/libs/npm_cache/Cargo.toml index 861e1317bc06b9..40878ca488de43 100644 --- a/libs/npm_cache/Cargo.toml +++ b/libs/npm_cache/Cargo.toml @@ -31,8 +31,6 @@ parking_lot.workspace = true percent-encoding.workspace = true serde.workspace = true serde_json.workspace = true -sha1.workspace = true -sha2.workspace = true sys_traits.workspace = true tar.workspace = true thiserror.workspace = true @@ -41,9 +39,12 @@ url.workspace = true [target.'cfg(not(target_arch = "wasm32"))'.dependencies] deno_error = { workspace = true, features = ["serde", "serde_json", "tokio"] } deno_unsync = { workspace = true, features = ["tokio"] } +aws-lc-rs.workspace = true [target.'cfg(target_arch = "wasm32")'.dependencies] flate2 = { workspace = true, features = ["rust_backend"] } +sha2.workspace = true +sha1.workspace = true [dev-dependencies] sys_traits = { workspace = true, features = ["real"] } diff --git a/libs/npm_cache/tarball_extract.rs b/libs/npm_cache/tarball_extract.rs index b5bf44f6f3d2b0..eb68775f05df5e 100644 --- a/libs/npm_cache/tarball_extract.rs +++ b/libs/npm_cache/tarball_extract.rs @@ -11,7 +11,6 @@ use deno_npm::registry::NpmPackageVersionDistInfo; use deno_npm::registry::NpmPackageVersionDistInfoIntegrity; use deno_semver::package::PackageNv; use flate2::read::GzDecoder; -use sha2::Digest; use sys_traits::FsCanonicalize; use sys_traits::FsCreateDirAll; use sys_traits::FsFileSetPermissions; @@ -26,6 +25,31 @@ use sys_traits::ThreadSleep; use tar::Archive; use tar::EntryType; +#[cfg(target_arch = "wasm32")] +mod hashing { + use sha2::Digest; + + pub fn sha1(data: &[u8]) -> impl AsRef<[u8]> { + sha1::Sha1::digest(data) + } + + pub fn sha512(data: &[u8]) -> impl AsRef<[u8]> { + sha2::Sha512::digest(data) + } +} + +#[cfg(not(target_arch = "wasm32"))] +mod hashing { + use aws_lc_rs::digest; + pub fn sha1(data: &[u8]) -> impl AsRef<[u8]> { + digest::digest(&digest::SHA1_FOR_LEGACY_USE_ONLY, data) + } + + pub fn sha512(data: &[u8]) -> impl AsRef<[u8]> { + digest::digest(&digest::SHA512, data) + } +} + #[derive(Debug, Copy, Clone)] pub enum TarballExtractionMode { /// Overwrites the destination directory without deleting any files. @@ -161,8 +185,8 @@ fn verify_tarball_integrity( base64_hash, } => { let tarball_checksum = match *algorithm { - "sha512" => BASE64_STANDARD.encode(sha2::Sha512::digest(data)), - "sha1" => BASE64_STANDARD.encode(sha1::Sha1::digest(data)), + "sha512" => BASE64_STANDARD.encode(hashing::sha512(data)), + "sha1" => BASE64_STANDARD.encode(hashing::sha1(data)), hash_kind => { return Err(TarballIntegrityError::NotImplementedHashFunction { package: Box::new(package.clone()), @@ -173,7 +197,7 @@ fn verify_tarball_integrity( (tarball_checksum, base64_hash) } NpmPackageVersionDistInfoIntegrity::LegacySha1Hex(hex) => { - let digest = sha1::Sha1::digest(data); + let digest = hashing::sha1(data); let tarball_checksum = faster_hex::hex_string(digest.as_ref()); (tarball_checksum, hex) }