Bump nim-eth and nim-bearssl and accompanying fixes (#1150)

fluffy/common/common_utils.nim

@@ -50,7 +50,7 @@ proc loadBootstrapFile*(bootstrapFile: string,
 # However that would require the pull the keystore.nim and parts of
 # keystore_management.nim out of nimbus-eth2.
 proc getPersistentNetKey*(
-    rng: var BrHmacDrbgContext, keyFilePath: string, dataDir: string):
+    rng: var HmacDrbgContext, keyFilePath: string, dataDir: string):
     PrivateKey =
   logScope:
     key_file = keyFilePath

fluffy/network/wire/portal_stream.nim

@@ -78,7 +78,7 @@ type
     contentOffers: seq[ContentOffer]
     connectionTimeout: Duration
     contentReadTimeout*: Duration
-    rng: ref BrHmacDrbgContext
+    rng: ref HmacDrbgContext
     udata: pointer
     contentHandler: ContentHandlerCallback
 
@@ -102,7 +102,7 @@ proc addContentOffer*(
   # TODO: Should we check if `NodeId` & `connectionId` combo already exists?
   # What happens if we get duplicates?
   var connectionId: Bytes2
-  brHmacDrbgGenerate(stream.rng[], connectionId)
+  stream.rng[].generate(connectionId)
 
   # uTP protocol uses BE for all values in the header, incl. connection id.
   let id = uint16.fromBytesBE(connectionId)
@@ -122,7 +122,7 @@ proc addContentRequest*(
   # TODO: Should we check if `NodeId` & `connectionId` combo already exists?
   # What happens if we get duplicates?
   var connectionId: Bytes2
-  brHmacDrbgGenerate(stream.rng[], connectionId)
+  stream.rng[].generate(connectionId)
 
   # uTP protocol uses BE for all values in the header, incl. connection id.
   let id = uint16.fromBytesBE(connectionId)

fluffy/tests/test_content_db.nim

@@ -15,12 +15,11 @@ import
   ../content_db,
   ./test_helpers
 
-proc generateNRandomU256(rng: var BrHmacDrbgContext, n: int): seq[UInt256] =
+proc generateNRandomU256(rng: var HmacDrbgContext, n: int): seq[UInt256] =
   var i = 0
   var res = newSeq[Uint256]()
   while i < n:
-    var bytes = newSeq[byte](32)
+    let bytes = rng.generateBytes(32)
-    brHmacDrbgGenerate(rng, bytes)
     let num = Uint256.fromBytesBE(bytes)
     res.add(num)
     inc i

fluffy/tests/test_discovery_rpc.nim

@@ -20,7 +20,7 @@ type TestCase = ref object
   server: RpcProxy
   client: RpcHttpClient
 
-proc setupTest(rng: ref BrHmacDrbgContext): Future[TestCase] {.async.} =
+proc setupTest(rng: ref HmacDrbgContext): Future[TestCase] {.async.} =
   let
     localSrvAddress = "127.0.0.1"
     localSrvPort = 8545

fluffy/tests/test_helpers.nim

@@ -15,7 +15,7 @@ proc localAddress*(port: int): Address =
   Address(ip: ValidIpAddress.init("127.0.0.1"), port: Port(port))
 
 proc initDiscoveryNode*(
-    rng: ref BrHmacDrbgContext,
+    rng: ref HmacDrbgContext,
     privKey: PrivateKey,
     address: Address,
     bootstrapRecords: openArray[Record] = [],

fluffy/tests/test_portal_wire_protocol.nim

@@ -29,7 +29,7 @@ proc validateContent(content: openArray[byte], contentKey: ByteList): bool =
   true
 
 proc initPortalProtocol(
-    rng: ref BrHmacDrbgContext,
+    rng: ref HmacDrbgContext,
     privKey: PrivateKey,
     address: Address,
     bootstrapRecords: openArray[Record] = []): PortalProtocol =
@@ -57,7 +57,7 @@ proc stopPortalProtocol(proto: PortalProtocol) {.async.} =
   proto.stop()
   await proto.baseProtocol.closeWait()
 
-proc defaultTestSetup(rng: ref BrHmacDrbgContext):
+proc defaultTestSetup(rng: ref HmacDrbgContext):
     (PortalProtocol, PortalProtocol) =
   let
     proto1 =

fluffy/tools/portalcli.nim

@@ -268,11 +268,8 @@ proc run(config: PortalCliConf) =
     else:
       echo nodes.error
   of findcontent:
-    proc random(T: type UInt256, rng: var BrHmacDrbgContext): T =
+    proc random(T: type UInt256, rng: var HmacDrbgContext): T =
-      var key: UInt256
+      rng.generate(T)
-      brHmacDrbgGenerate(addr rng, addr key, csize_t(sizeof(key)))
-
-      key
 
     # For now just some random bytes
     let contentKey = ByteList.init(@[1'u8])

fluffy/tools/utp_testing/utp_test.nim

@@ -12,13 +12,8 @@ import
   eth/keys,
   ./utp_test_client
 
-proc generateByteSeq(rng: var BrHmacDrbgContext, length: int): seq[byte] =
+proc generateBytesHex(rng: var HmacDrbgContext, length: int): string =
-  var bytes = newSeq[byte](length)
+  rng.generateBytes(length).toHex()
-  brHmacDrbgGenerate(rng, bytes)
-  return bytes
-
-proc generateByteSeqHex(rng: var BrHmacDrbgContext, length: int): string =
-  generateByteSeq(rng, length).toHex()
 
 # Before running the suit, there need to be two instances of utp_test_app running
 # under provided ports (9042, 9041).
@@ -38,7 +33,7 @@ procSuite "Utp integration tests":
 
   type
     FutureCallback[A] = proc (): Future[A] {.gcsafe, raises: [Defect].}
-  # combinator which repeatadly calls passed closure until returned future is 
+  # combinator which repeatedly calls passed closure until returned future is
   # successfull
   # TODO: currently works only for non void types
   proc repeatTillSuccess[A](f: FutureCallback[A], maxTries: int = 20): Future[A] {.async.} =
@@ -100,7 +95,7 @@ procSuite "Utp integration tests":
     let serverConnectionKey = maybeServerConnectionKey.unsafeGet()
 
     let
-      bytesToWrite = generateByteSeqHex(rng[], numOfBytes)
+      bytesToWrite = generateBytesHex(rng[], numOfBytes)
       writeRes = await client.utp_write(clientConnectionKey, bytesToWrite)
       readData = await server.utp_read(serverConnectionKey, numOfBytes)
 
@@ -125,7 +120,7 @@ procSuite "Utp integration tests":
     let serverConnectionKey = maybeServerConnectionKey.unsafeGet()
 
     let
-      bytesToWrite = generateByteSeqHex(rng[], numOfBytes)
+      bytesToWrite = generateBytesHex(rng[], numOfBytes)
       writeRes = await server.utp_write(serverConnectionKey, bytesToWrite)
       readData = await client.utp_read(clientConnectionKey, numOfBytes)
 
@@ -147,9 +142,9 @@ procSuite "Utp integration tests":
     let serverConnectionKey = maybeServerConnectionKey.unsafeGet()
 
     let
-      bytesToWrite = generateByteSeqHex(rng[], numOfBytes)
+      bytesToWrite = generateBytesHex(rng[], numOfBytes)
-      bytesToWrite1 = generateByteSeqHex(rng[], numOfBytes)
+      bytesToWrite1 = generateBytesHex(rng[], numOfBytes)
-      bytesToWrite2 = generateByteSeqHex(rng[], numOfBytes)
+      bytesToWrite2 = generateBytesHex(rng[], numOfBytes)
       writeRes = await client.utp_write(clientConnectionKey, bytesToWrite)
       writeRes1 = await client.utp_write(clientConnectionKey, bytesToWrite1)
       writeRes2 = await client.utp_write(clientConnectionKey, bytesToWrite2)
@@ -186,9 +181,9 @@ procSuite "Utp integration tests":
     let serverConnectionKey3 = maybeServerConnectionKey3.unsafeGet()
 
     let
-      bytesToWrite1 = generateByteSeqHex(rng[], numOfBytes)
+      bytesToWrite1 = generateBytesHex(rng[], numOfBytes)
-      bytesToWrite2 = generateByteSeqHex(rng[], numOfBytes)
+      bytesToWrite2 = generateBytesHex(rng[], numOfBytes)
-      bytesToWrite3 = generateByteSeqHex(rng[], numOfBytes)
+      bytesToWrite3 = generateBytesHex(rng[], numOfBytes)
 
       writeRes1 = await client.utp_write(clientConnectionKey1, bytesToWrite1)
       writeRes2 = await client.utp_write(clientConnectionKey2, bytesToWrite2)

hive_integration/nodocker/rpc/vault.nim

@@ -40,7 +40,7 @@ type
     # Created accounts are tracked in this map.
     accounts: Table[EthAddress, PrivateKey]
 
-    rng: ref BrHmacDrbgContext
+    rng: ref HmacDrbgContext
     chainID: ChainID
     gasPrice: GasInt
     vaultKey: PrivateKey

nimbus/context.nim

@@ -19,7 +19,7 @@ type
     am*: AccountsManager
     # You should only create one instance of the RNG per application / library
     # Ref is used so that it can be shared between components
-    rng*: ref BrHmacDrbgContext
+    rng*: ref HmacDrbgContext
 
 proc newEthContext*(): EthContext =
   result = new(EthContext)

nimbus/rpc/jwt_auth.nim

@@ -14,7 +14,7 @@
 
 import
   std/[base64, json, options, os, strutils, times],
-  bearssl,
+  bearssl/rand,
   chronicles,
   chronos,
   chronos/apps/http/httptable,
@@ -54,7 +54,7 @@ type
   JwtGenSecret* = ##\
     ## Random generator function producing a shared key. Typically, this\
     ## will be a wrapper around a random generator type, such as\
-    ## `BrHmacDrbgContext`.
+    ## `HmacDrbgContext`.
     proc(): JwtSharedKey {.gcsafe.}
 
   JwtExcept* = object of CatchableError
@@ -183,7 +183,7 @@ proc fromHex*(key: var JwtSharedKey, src: string): Result[void,JwtError] =
   except ValueError:
     err(jwtKeyInvalidHexString)
 
-proc jwtGenSecret*(rng: ref BrHmacDrbgContext): JwtGenSecret =
+proc jwtGenSecret*(rng: ref HmacDrbgContext): JwtGenSecret =
   ## Standard shared key random generator. If a fixed key is needed, a
   ## function like
   ## ::
@@ -195,7 +195,7 @@ proc jwtGenSecret*(rng: ref BrHmacDrbgContext): JwtGenSecret =
   ## only.
   result = proc: JwtSharedKey =
     var data: array[jwtMinSecretLen,byte]
-    rng[].brHmacDrbgGenerate(data)
+    rng[].generate(data)
     data.JwtSharedKey
 
 proc jwtSharedSecret*(rndSecret: JwtGenSecret; config: NimbusConf):
@@ -255,7 +255,7 @@ proc jwtSharedSecret*(rndSecret: JwtGenSecret; config: NimbusConf):
   except ValueError:
     return err(jwtKeyInvalidHexString)
 
-proc jwtSharedSecret*(rng: ref BrHmacDrbgContext; config: NimbusConf):
+proc jwtSharedSecret*(rng: ref HmacDrbgContext; config: NimbusConf):
                     Result[JwtSharedKey, JwtError]
     {.gcsafe, raises: [Defect,JwtExcept].} =
   ## Variant of `jwtSharedSecret()` with explicit random generator argument.

nimbus/utils/pow.nim

@@ -16,7 +16,6 @@ import
   std/[options, strutils],
   ../utils,
   ./pow/[pow_cache, pow_dataset],
-  bearssl,
   eth/[common, keys, p2p, rlp],
   ethash,
   nimcrypto,
@@ -63,7 +62,7 @@ type
 
     # You should only create one instance of the RNG per application / library
     # Ref is used so that it can be shared between components
-    rng: ref BrHmacDrbgContext
+    rng: ref HmacDrbgContext
 
 # ------------------------------------------------------------------------------
 # Private functions: RLP support
@@ -161,7 +160,7 @@ proc mineFull(tm: PowRef; blockNumber: BlockNumber; powHeaderDigest: Hash256,
 # ---------------
 
 proc init(tm: PowRef;
-          rng: Option[ref BrHmacDrbgContext];
+          rng: Option[ref HmacDrbgContext];
           light: Option[PowCacheRef];
           full: Option[PowDatasetRef]) =
   ## Constructor
@@ -185,7 +184,7 @@ proc init(tm: PowRef;
 # ------------------------------------------------------------------------------
 
 proc new*(T: type PowRef;
-          rng: ref BrHmacDrbgContext;
+          rng: ref HmacDrbgContext;
           cache: PowCacheRef;
           dataset: PowDatasetRef): T =
   ## Constructor
@@ -197,9 +196,9 @@ proc new*(T: type PowRef; cache: PowCacheRef; dataset: PowDatasetRef): T =
   ## Constructor
   new result
   result.init(
-    none(ref BrHmacDrbgContext), some(cache), some(dataset))
+    none(ref HmacDrbgContext), some(cache), some(dataset))
 
-proc new*(T: type PowRef; rng: ref BrHmacDrbgContext): T =
+proc new*(T: type PowRef; rng: ref HmacDrbgContext): T =
   ## Constructor
   new result
   result.init(
@@ -209,7 +208,7 @@ proc new*(T: type PowRef): T =
   ## Constructor
   new result
   result.init(
-    none(ref BrHmacDrbgContext), none(PowCacheRef), none(PowDatasetRef))
+    none(ref HmacDrbgContext), none(PowCacheRef), none(PowDatasetRef))
 
 # ------------------------------------------------------------------------------
 # Public functions
@@ -298,7 +297,7 @@ proc getNonce*(tm: PowRef; number: BlockNumber; powHeaderDigest: Hash256;
     {.gcsafe,raises: [Defect,CatchableError].} =
   ## Variant of `getNonce()`
   var startNonce: array[8,byte]
-  tm.rng[].brHmacDrbgGenerate(startNonce)
+  tm.rng[].generate(startNonce)
   tm.getNonce(number, powHeaderDigest, difficulty, startNonce)
 
 proc getNonce*(tm: PowRef; header: BlockHeader): BlockNonce

vendor/nim-bearssl

@@ -1 +1 @@
-Subproject commit 65b74302e03912ab5bde64b6da10d05896139007
+Subproject commit 32e125015ae4251675763842366380795a91b722

vendor/nim-eth

@@ -1 +1 @@
-Subproject commit 8761ea3222f8d4fbd7ebae6755665e791499d7f2
+Subproject commit 2c08626ed8261fa18adc22eaf465b57931b88a65