mirror of
https://github.com/str4d/rage.git
synced 2025-04-04 19:37:51 +03:00
Migrate to rsa 0.9
This commit is contained in:
Jack Grigg
parent
e3bb209dfa
commit
f2731ecc43
8 changed files with 36 additions and 30 deletions
28
Cargo.lock
generated
28
Cargo.lock
generated
|
|
@ -682,9 +682,9 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "der"
|
||||
version = "0.6.1"
|
||||
version = "0.7.6"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "f1a467a65c5e759bce6e65eaf91cc29f466cdc57cb65777bd646872a8a1fd4de"
|
||||
checksum = "56acb310e15652100da43d130af8d97b509e95af61aab1c5a7939ef24337ee17"
|
||||
dependencies = [
|
||||
"const-oid",
|
||||
"zeroize",
|
||||
|
|
@ -1768,21 +1768,20 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "pkcs1"
|
||||
version = "0.4.1"
|
||||
version = "0.7.5"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "eff33bdbdfc54cc98a2eca766ebdec3e1b8fb7387523d5c9c9a2891da856f719"
|
||||
checksum = "c8ffb9f10fa047879315e6625af03c164b16962a5368d724ed16323b68ace47f"
|
||||
dependencies = [
|
||||
"der",
|
||||
"pkcs8",
|
||||
"spki",
|
||||
"zeroize",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "pkcs8"
|
||||
version = "0.9.0"
|
||||
version = "0.10.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "9eca2c590a5f85da82668fa685c09ce2888b9430e83299debf1f34b65fd4a4ba"
|
||||
checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7"
|
||||
dependencies = [
|
||||
"der",
|
||||
"spki",
|
||||
|
|
@ -2131,11 +2130,12 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "rsa"
|
||||
version = "0.7.2"
|
||||
version = "0.9.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "094052d5470cbcef561cb848a7209968c9f12dfa6d668f4bca048ac5de51099c"
|
||||
checksum = "6ab43bb47d23c1a631b4b680199a45255dce26fa9ab2fa902581f624ff13e6a8"
|
||||
dependencies = [
|
||||
"byteorder",
|
||||
"const-oid",
|
||||
"digest 0.10.7",
|
||||
"num-bigint-dig",
|
||||
"num-integer",
|
||||
|
|
@ -2145,7 +2145,7 @@ dependencies = [
|
|||
"pkcs8",
|
||||
"rand_core 0.6.4",
|
||||
"signature",
|
||||
"smallvec",
|
||||
"spki",
|
||||
"subtle",
|
||||
"zeroize",
|
||||
]
|
||||
|
|
@ -2340,9 +2340,9 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "signature"
|
||||
version = "1.6.4"
|
||||
version = "2.1.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "74233d3b3b2f6d4b006dc19dee745e73e2a6bfb6f93607cd3b02bd5b00797d7c"
|
||||
checksum = "5e1788eed21689f9cf370582dfc467ef36ed9c707f073528ddafa8d83e3b8500"
|
||||
dependencies = [
|
||||
"digest 0.10.7",
|
||||
"rand_core 0.6.4",
|
||||
|
|
@ -2371,9 +2371,9 @@ checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"
|
|||
|
||||
[[package]]
|
||||
name = "spki"
|
||||
version = "0.6.0"
|
||||
version = "0.7.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "67cf02bbac7a337dc36e4f5a693db6c21e7863f45070f7064577eb4367a3212b"
|
||||
checksum = "9d1e996ef02c474957d681f1b05213dfb0abab947b446a62d37770b23500184a"
|
||||
dependencies = [
|
||||
"base64ct",
|
||||
"der",
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ to 1.0.0 are beta releases.
|
|||
|
||||
### Changed
|
||||
- MSRV is now 1.65.0.
|
||||
- Migrated to `base64 0.21`.
|
||||
- Migrated to `base64 0.21`, `rsa 0.9`.
|
||||
|
||||
## [0.9.2] - 2023-06-12
|
||||
### Added
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ rand.workspace = true
|
|||
|
||||
# OpenSSH-specific dependencies:
|
||||
# - RSAES-OAEP from RFC 8017 with SHA-256 and MGF1
|
||||
rsa = { version = "0.7", default-features = false, optional = true }
|
||||
rsa = { version = "0.9", default-features = false, optional = true }
|
||||
|
||||
# - Conversion of public keys from Ed25519 to X25519
|
||||
curve25519-dalek = { version = "3", optional = true }
|
||||
|
|
|
|||
|
|
@ -522,7 +522,7 @@ mod read_ssh {
|
|||
mod write_ssh {
|
||||
use cookie_factory::{bytes::be_u32, combinator::slice, sequence::tuple, SerializeFn};
|
||||
use num_traits::identities::Zero;
|
||||
use rsa::{BigUint, PublicKeyParts};
|
||||
use rsa::{traits::PublicKeyParts, BigUint};
|
||||
use std::io::Write;
|
||||
|
||||
use super::SSH_RSA_KEY_PREFIX;
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ use nom::{
|
|||
IResult,
|
||||
};
|
||||
use rand::rngs::OsRng;
|
||||
use rsa::{padding::PaddingScheme, pkcs1::DecodeRsaPrivateKey};
|
||||
use rsa::{pkcs1::DecodeRsaPrivateKey, Oaep};
|
||||
use sha2::{Digest, Sha256, Sha512};
|
||||
use std::fmt;
|
||||
use std::io;
|
||||
|
|
@ -60,7 +60,7 @@ impl UnencryptedKey {
|
|||
Some(
|
||||
sk.decrypt_blinded(
|
||||
&mut rng,
|
||||
PaddingScheme::new_oaep_with_label::<Sha256, _>(SSH_RSA_OAEP_LABEL),
|
||||
Oaep::new_with_label::<Sha256, _>(SSH_RSA_OAEP_LABEL),
|
||||
&stanza.body,
|
||||
)
|
||||
.map_err(DecryptError::from)
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ use nom::{
|
|||
IResult,
|
||||
};
|
||||
use rand::rngs::OsRng;
|
||||
use rsa::{padding::PaddingScheme, PublicKey};
|
||||
use rsa::Oaep;
|
||||
use sha2::Sha256;
|
||||
use std::fmt;
|
||||
use x25519_dalek::{EphemeralSecret, PublicKey as X25519PublicKey, StaticSecret};
|
||||
|
|
@ -136,7 +136,7 @@ impl crate::Recipient for Recipient {
|
|||
let encrypted_file_key = pk
|
||||
.encrypt(
|
||||
&mut rng,
|
||||
PaddingScheme::new_oaep_with_label::<Sha256, _>(SSH_RSA_OAEP_LABEL),
|
||||
Oaep::new_with_label::<Sha256, _>(SSH_RSA_OAEP_LABEL),
|
||||
file_key.expose_secret(),
|
||||
)
|
||||
.expect("pubkey is valid and file key is not too long");
|
||||
|
|
|
|||
|
|
@ -240,7 +240,7 @@ version = "5.4.0"
|
|||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.der]]
|
||||
version = "0.6.1"
|
||||
version = "0.7.6"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.digest]]
|
||||
|
|
@ -544,11 +544,11 @@ version = "0.5.0"
|
|||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.pkcs1]]
|
||||
version = "0.4.1"
|
||||
version = "0.7.5"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.pkcs8]]
|
||||
version = "0.9.0"
|
||||
version = "0.10.2"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.pkg-config]]
|
||||
|
|
@ -652,7 +652,7 @@ version = "6.0.1"
|
|||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.rsa]]
|
||||
version = "0.7.2"
|
||||
version = "0.9.2"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.rust-embed]]
|
||||
|
|
@ -715,10 +715,6 @@ criteria = "safe-to-deploy"
|
|||
version = "0.6.2"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.signature]]
|
||||
version = "1.6.4"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.smallvec]]
|
||||
version = "1.10.0"
|
||||
criteria = "safe-to-deploy"
|
||||
|
|
@ -728,7 +724,7 @@ version = "0.5.2"
|
|||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.spki]]
|
||||
version = "0.6.0"
|
||||
version = "0.7.2"
|
||||
criteria = "safe-to-deploy"
|
||||
|
||||
[[exemptions.stable_deref_trait]]
|
||||
|
|
|
|||
|
|
@ -1302,6 +1302,16 @@ criteria = "safe-to-deploy"
|
|||
delta = "1.0.95 -> 1.0.96"
|
||||
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
|
||||
|
||||
[[audits.zcash.audits.signature]]
|
||||
who = "Daira Emma Hopwood <daira@jacaranda.org>"
|
||||
criteria = "safe-to-deploy"
|
||||
version = "2.1.0"
|
||||
notes = """
|
||||
This crate uses `#![forbid(unsafe_code)]`, has no build script, and only provides traits with some trivial default implementations.
|
||||
I did not review whether implementing these APIs would present any undocumented cryptographic hazards.
|
||||
"""
|
||||
aggregated-from = "https://raw.githubusercontent.com/zcash/zcash/master/qa/supply-chain/audits.toml"
|
||||
|
||||
[[audits.zcash.audits.time-core]]
|
||||
who = "Jack Grigg <jack@electriccoin.co>"
|
||||
criteria = "safe-to-deploy"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue