From c41fe46cbfc4848b62282da8a70ed05b3ffa2bcb Mon Sep 17 00:00:00 2001
From: Yusuke Sasaki <yusuke.sasaki.nuem@gmail.com>
Date: Thu, 10 Jan 2019 18:17:56 +0900
Subject: [PATCH] bump ring to 0.14.0

---
 Cargo.toml            |  2 +-
 src/secure/private.rs | 10 +++++++---
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/Cargo.toml b/Cargo.toml
index 5a1fca52..49a4cfe5 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -17,7 +17,7 @@ percent-encode = ["url"]
 [dependencies]
 time = "0.1"
 url = { version = "1.0", optional = true }
-ring = { version = "0.13.0", optional = true }
+ring = { version = "0.14.0", optional = true }
 base64 = { version = "0.9.0", optional = true }
 
 [package.metadata.docs.rs]
diff --git a/src/secure/private.rs b/src/secure/private.rs
index 56dcdbc2..0817a6c8 100644
--- a/src/secure/private.rs
+++ b/src/secure/private.rs
@@ -1,4 +1,4 @@
-use secure::ring::aead::{seal_in_place, open_in_place, Algorithm, AES_256_GCM};
+use secure::ring::aead::{seal_in_place, open_in_place, Aad, Algorithm, Nonce, AES_256_GCM};
 use secure::ring::aead::{OpeningKey, SealingKey};
 use secure::ring::rand::{SecureRandom, SystemRandom};
 use secure::{base64, Key};
@@ -46,9 +46,11 @@ impl<'a> PrivateJar<'a> {
             return Err("length of decoded data is <= NONCE_LEN");
         }
 
-        let ad = name.as_bytes();
+        let ad = Aad::from(name.as_bytes());
         let key = OpeningKey::new(ALGO, &self.key).expect("opening key");
         let (nonce, sealed) = data.split_at_mut(NONCE_LEN);
+        let nonce = Nonce::try_assume_unique_for_key(nonce)
+            .expect("invalid length of `nonce`");
         let unsealed = open_in_place(&key, nonce, ad, 0, sealed)
             .map_err(|_| "invalid key/nonce/value: bad seal")?;
 
@@ -156,9 +158,11 @@ impl<'a> PrivateJar<'a> {
             let (nonce, in_out) = data.split_at_mut(NONCE_LEN);
             SystemRandom::new().fill(nonce).expect("couldn't random fill nonce");
             in_out[..cookie_val.len()].copy_from_slice(cookie_val);
+            let nonce = Nonce::try_assume_unique_for_key(nonce)
+                .expect("invalid length of `nonce`");
 
             // Use cookie's name as associated data to prevent value swapping.
-            let ad = cookie.name().as_bytes();
+            let ad = Aad::from(cookie.name().as_bytes());
 
             // Perform the actual sealing operation and get the output length.
             seal_in_place(&key, nonce, ad, in_out, overhead).expect("in-place seal")