diff --git a/Cargo.lock b/Cargo.lock index 7b259da..b6d748c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -225,12 +225,12 @@ checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b" [[package]] name = "bcrypt-pbkdf" -version = "0.9.0" +version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3806a8db60cf56efee531616a34a6aaa9a114d6da2add861b0fa4a188881b2c7" +checksum = "6aeac2e1fe888769f34f05ac343bbef98b14d1ffb292ab69d4608b3abc86f2a2" dependencies = [ "blowfish", - "pbkdf2", + "pbkdf2 0.12.1", "sha2", ] @@ -1704,6 +1704,16 @@ dependencies = [ "sha2", ] +[[package]] +name = "pbkdf2" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0ca0b5a68607598bf3bad68f32227a8164f6254833f84eafaac409cd6746c31" +dependencies = [ + "digest 0.10.7", + "hmac", +] + [[package]] name = "percent-encoding" version = "2.3.0" @@ -2232,12 +2242,11 @@ checksum = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd" [[package]] name = "scrypt" -version = "0.10.0" +version = "0.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9f9e24d2b632954ded8ab2ef9fea0a0c769ea56ea98bddbafbad22caeeadf45d" +checksum = "0516a385866c09368f0b5bcd1caff3366aace790fcd46e2bb032697bb172fd1f" dependencies = [ - "hmac", - "pbkdf2", + "pbkdf2 0.12.1", "salsa20", "sha2", ] @@ -3101,7 +3110,7 @@ dependencies = [ "crossbeam-utils", "flate2", "hmac", - "pbkdf2", + "pbkdf2 0.11.0", "sha1", "time 0.3.22", "zstd", diff --git a/Cargo.toml b/Cargo.toml index e4aa43c..48747c8 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -35,7 +35,7 @@ hmac = "0.12" sha2 = "0.10" # - scrypt from RFC 7914 -scrypt = { version = "0.10", default-features = false } +scrypt = { version = "0.11", default-features = false } # - CSPRNG rand = "0.8" diff --git a/age/Cargo.toml b/age/Cargo.toml index c2e59ef..220ce4e 100644 --- a/age/Cargo.toml +++ b/age/Cargo.toml @@ -61,7 +61,7 @@ num-traits = { version = "0.2", optional = true } # - Encrypted keys aes = { version = "0.8", optional = true } aes-gcm = { version = "0.10", optional = true } -bcrypt-pbkdf = { version = "0.9", optional = true } +bcrypt-pbkdf = { version = "0.10", optional = true } cbc = { version = "0.1", optional = true } cipher = { version = "0.4.3", features = ["alloc"], optional = true } ctr = { version = "0.9", optional = true } diff --git a/age/src/primitives.rs b/age/src/primitives.rs index b72dd67..32b6654 100644 --- a/age/src/primitives.rs +++ b/age/src/primitives.rs @@ -62,7 +62,7 @@ impl Write for HmacWriter { /// /// [RFC 7914]: https://tools.ietf.org/html/rfc7914 pub(crate) fn scrypt(salt: &[u8], log_n: u8, password: &str) -> Result<[u8; 32], InvalidParams> { - let params = ScryptParams::new(log_n, 8, 1)?; + let params = ScryptParams::new(log_n, 8, 1, 32)?; let mut output = [0; 32]; scrypt_inner(password.as_bytes(), salt, ¶ms, &mut output) diff --git a/fuzz-afl/Cargo.lock b/fuzz-afl/Cargo.lock index 3b4271c..ac8eb58 100644 --- a/fuzz-afl/Cargo.lock +++ b/fuzz-afl/Cargo.lock @@ -609,11 +609,12 @@ dependencies = [ [[package]] name = "pbkdf2" -version = "0.11.0" +version = "0.12.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "83a0692ec44e4cf1ef28ca317f14f8f07da2d95ec3fa01f86e4467b725e60917" +checksum = "f8ed6a7761f76e3b9f92dfb0a60a6a6477c61024b775147ff0973a02653abaf2" dependencies = [ "digest 0.10.7", + "hmac", ] [[package]] @@ -850,11 +851,10 @@ checksum = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd" [[package]] name = "scrypt" -version = "0.10.0" +version = "0.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9f9e24d2b632954ded8ab2ef9fea0a0c769ea56ea98bddbafbad22caeeadf45d" +checksum = "0516a385866c09368f0b5bcd1caff3366aace790fcd46e2bb032697bb172fd1f" dependencies = [ - "hmac", "pbkdf2", "salsa20", "sha2", diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index bb1e108..0c5ffe8 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -560,11 +560,12 @@ dependencies = [ [[package]] name = "pbkdf2" -version = "0.11.0" +version = "0.12.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "83a0692ec44e4cf1ef28ca317f14f8f07da2d95ec3fa01f86e4467b725e60917" +checksum = "f8ed6a7761f76e3b9f92dfb0a60a6a6477c61024b775147ff0973a02653abaf2" dependencies = [ "digest 0.10.7", + "hmac", ] [[package]] @@ -792,11 +793,10 @@ checksum = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd" [[package]] name = "scrypt" -version = "0.10.0" +version = "0.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9f9e24d2b632954ded8ab2ef9fea0a0c769ea56ea98bddbafbad22caeeadf45d" +checksum = "0516a385866c09368f0b5bcd1caff3366aace790fcd46e2bb032697bb172fd1f" dependencies = [ - "hmac", "pbkdf2", "salsa20", "sha2", diff --git a/supply-chain/config.toml b/supply-chain/config.toml index eed9659..adb3f29 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -76,7 +76,7 @@ version = "1.6.0" criteria = "safe-to-deploy" [[exemptions.bcrypt-pbkdf]] -version = "0.9.0" +version = "0.10.0" criteria = "safe-to-deploy" [[exemptions.bech32]] @@ -519,6 +519,10 @@ criteria = "safe-to-deploy" version = "0.11.0" criteria = "safe-to-deploy" +[[exemptions.pbkdf2]] +version = "0.12.1" +criteria = "safe-to-deploy" + [[exemptions.percent-encoding]] version = "2.3.0" criteria = "safe-to-deploy" @@ -684,7 +688,7 @@ version = "1.1.0" criteria = "safe-to-deploy" [[exemptions.scrypt]] -version = "0.10.0" +version = "0.11.0" criteria = "safe-to-deploy" [[exemptions.secrecy]]