Skip to content

Commit 07f295e

Browse files
committed
bump crypto packages
1 parent 242c046 commit 07f295e

16 files changed

Lines changed: 562 additions & 303 deletions

File tree

Cargo.lock

Lines changed: 433 additions & 188 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

ssh-key/CHANGELOG.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -106,7 +106,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
106106
- `p256` v0.13
107107
- `p384` v0.13
108108
- `sec1` v0.7
109-
- Use `&mut impl CryptoRngCore` for RNGs ([#67])
109+
- Use `&mut impl Rng` for RNGs ([#67])
110110
- Make `certificate::Builder::new` fallible ([#71])
111111
- Rename `MPInt` => `Mpint` ([#76])
112112
- Split `AlgorithmUnknown` and `AlgorithmUnsupported` ([#81])

ssh-key/Cargo.toml

Lines changed: 16 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
[package]
22
name = "internal-russh-forked-ssh-key"
3-
version = "0.6.17+upstream-0.6.7"
3+
version = "0.6.18+upstream-0.6.7"
44
description = """
55
Pure Rust implementation of SSH key file format decoders/encoders as described
66
in RFC4251/RFC4253 and OpenSSH key formats, as well as "sshsig" signatures and
@@ -19,31 +19,29 @@ rust-version = "1.65"
1919
[dependencies]
2020
cipher = { package = "ssh-cipher", version = "0.2", path = "../ssh-cipher" }
2121
encoding = { package = "ssh-encoding", version = "0.2", features = ["base64", "pem", "sha2"], path = "../ssh-encoding" }
22-
sha2 = { version = "0.10.8", default-features = false }
23-
signature = { version = "2", default-features = false }
22+
sha2 = { version = "0.11.0-rc.5", default-features = false }
2423
subtle = { version = "2.5", default-features = false }
2524
zeroize = { version = "1", default-features = false }
25+
crypto-bigint = { version = "0.7.0-rc.28", features = ["alloc"] }
2626

2727
# optional dependencies
2828
argon2 = { version = "0.5", optional = true, default-features = false, features = ["alloc"] }
2929
bcrypt-pbkdf = { version = "0.10", optional = true, default-features = false, features = ["alloc"] }
3030
bigint = { package = "num-bigint-dig", version = "0.8.4", optional = true, default-features = false, features = ["std"] }
31-
dsa = { version = "0.6", optional = true, default-features = false }
32-
digest_next = { package = "digest", version = "0.11.0-rc.4", default-features = false }
33-
ecdsa = { version = "0.16.8", optional = true, default-features = false } # only need this explicit dependency due to a minimal-versions fail @ https://github.com/RustCrypto/elliptic-curves/issues/1038
34-
ed25519-dalek = { version = "2", optional = true, default-features = false }
31+
dsa = { version = "0.7.0-rc.13", optional = true, default-features = false, features = ["hazmat"] }
32+
ecdsa = { version = "0.17.0-rc.16", optional = true, default-features = false } # only need this explicit dependency due to a minimal-versions fail @ https://github.com/RustCrypto/elliptic-curves/issues/1038
33+
ed25519-dalek = { version = "3.0.0-pre.6", optional = true, default-features = false }
3534
hex = { version = "0.4", optional = true }
36-
hmac = { version = "0.12", optional = true }
37-
p256 = { version = "0.13", optional = true, default-features = false, features = ["ecdsa"] }
38-
p384 = { version = "0.13", optional = true, default-features = false, features = ["ecdsa"] }
39-
p521 = { version = "0.13.3", optional = true, default-features = false, features = ["ecdsa", "getrandom"] } # TODO(tarcieri): RFC6979
35+
hmac = { version = "0.13.0-rc.5", optional = true }
36+
p256 = { version = "0.14.0-rc.7", optional = true, default-features = false, features = ["ecdsa"] }
37+
p384 = { version = "0.14.0-rc.7", optional = true, default-features = false, features = ["ecdsa"] }
38+
p521 = { version = "0.14.0-rc.7", optional = true, default-features = false, features = ["ecdsa"] } # TODO(tarcieri): RFC6979
4039
rand_core = { version = "0.10.0", optional = true, default-features = false }
4140
rsa = { version = "0.10.0-rc.16", optional = true, default-features = false, features = ["sha2"] }
42-
sec1 = { version = "0.7.3", optional = true, default-features = false, features = ["point"] }
41+
sec1 = { version = "0.8.0-rc.13", optional = true, default-features = false, features = ["point"] }
4342
serde = { version = "1.0.16", optional = true }
44-
sha1 = { version = "0.10", optional = true, default-features = false, features = ["oid"] }
45-
sha1_next = { package = "sha1", version = "0.11.0-rc.3", optional = true, default-features = false, features = ["oid"] }
46-
signature_next = { package = "signature", version = "3.0.0-rc.5", default-features = false }
43+
sha1 = { version = "0.11.0-rc.5", optional = true, default-features = false, features = ["oid"] }
44+
signature = { version = "3.0.0-rc.10", default-features = false }
4745

4846
[dev-dependencies]
4947
hex-literal = "0.4.1"
@@ -64,11 +62,10 @@ std = [
6462
"p521?/std",
6563
"rsa?/std",
6664
"sec1?/std",
67-
"signature/std"
6865
]
6966

7067
crypto = ["ed25519", "p256", "p384", "p521", "rsa"] # NOTE: `dsa` is obsolete/weak
71-
dsa = ["dep:bigint", "dep:dsa", "dep:sha1", "dep:sha1_next", "alloc", "signature/rand_core"]
68+
dsa = ["dep:bigint", "dep:dsa", "dep:sha1", "alloc", "signature/rand_core"]
7269
ecdsa = ["dep:sec1", "dep:ecdsa"]
7370
ed25519 = ["dep:ed25519-dalek", "rand_core"]
7471
encryption = [
@@ -85,9 +82,9 @@ hazmat-allow-insecure-rsa-keys = []
8582
p256 = ["dep:p256", "ecdsa"]
8683
p384 = ["dep:p384", "ecdsa"]
8784
p521 = ["dep:p521", "ecdsa"]
88-
ppk = ["dep:hex", "alloc", "cipher/aes-cbc", "dep:hmac", "dep:argon2", "dep:sha1", "dep:sha1_next"]
85+
ppk = ["dep:hex", "alloc", "cipher/aes-cbc", "dep:hmac", "dep:argon2", "dep:sha1"]
8986
rsa = ["dep:bigint", "dep:rsa", "alloc", "rand_core"]
90-
rsa-sha1 = ["rsa", "dep:sha1", "dep:sha1_next", "sha1/oid"]
87+
rsa-sha1 = ["rsa", "dep:sha1", "sha1/oid"]
9188
tdes = ["cipher/tdes", "encryption"]
9289

9390
[package.metadata.docs.rs]

ssh-key/src/certificate/builder.rs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ use crate::{public, Result, Signature, SigningKey};
55
use alloc::{string::String, vec::Vec};
66

77
#[cfg(feature = "rand_core")]
8-
use rand_core::Rng;
8+
use rand_core::CryptoRng;
99

1010
#[cfg(feature = "std")]
1111
use std::time::SystemTime;
@@ -152,7 +152,7 @@ impl Builder {
152152
/// provided random number generator.
153153
#[cfg(feature = "rand_core")]
154154
pub fn new_with_random_nonce(
155-
rng: &mut impl Rng,
155+
rng: &mut impl CryptoRng,
156156
public_key: impl Into<public::KeyData>,
157157
valid_after: u64,
158158
valid_before: u64,

ssh-key/src/fingerprint.rs

Lines changed: 25 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,8 @@
33
mod randomart;
44

55
use self::randomart::Randomart;
6-
use crate::{public, Error, HashAlg, Result};
6+
use crate::public::KeyData;
7+
use crate::{Error, HashAlg, Result};
78
use core::{
89
fmt::{self, Display},
910
str::{self, FromStr},
@@ -23,6 +24,22 @@ use alloc::string::{String, ToString};
2324
#[cfg(all(feature = "alloc", feature = "serde"))]
2425
use serde::{de, ser, Deserialize, Serialize};
2526

27+
struct WrappedSha256<'a>(&'a mut Sha256);
28+
impl encoding::Writer for WrappedSha256<'_> {
29+
fn write(&mut self, bytes: &[u8]) -> encoding::Result<()> {
30+
self.0.update(bytes);
31+
Ok(())
32+
}
33+
}
34+
35+
struct WrappedSha512<'a>(&'a mut Sha512);
36+
impl encoding::Writer for WrappedSha512<'_> {
37+
fn write(&mut self, bytes: &[u8]) -> encoding::Result<()> {
38+
self.0.update(bytes);
39+
Ok(())
40+
}
41+
}
42+
2643
/// SSH public key fingerprints.
2744
///
2845
/// Fingerprints have an associated key fingerprint algorithm, i.e. a hash
@@ -59,16 +76,20 @@ impl Fingerprint {
5976

6077
/// Create a fingerprint of the given public key data using the provided
6178
/// hash algorithm.
62-
pub fn new(algorithm: HashAlg, public_key: &public::KeyData) -> Self {
79+
pub fn new(algorithm: HashAlg, public_key: &KeyData) -> Self {
6380
match algorithm {
6481
HashAlg::Sha256 => {
6582
let mut digest = Sha256::new();
66-
public_key.encode(&mut digest).expect(FINGERPRINT_ERR_MSG);
83+
public_key
84+
.encode(&mut WrappedSha256(&mut digest))
85+
.expect(FINGERPRINT_ERR_MSG);
6786
Self::Sha256(digest.finalize().into())
6887
}
6988
HashAlg::Sha512 => {
7089
let mut digest = Sha512::new();
71-
public_key.encode(&mut digest).expect(FINGERPRINT_ERR_MSG);
90+
public_key
91+
.encode(&mut WrappedSha512(&mut digest))
92+
.expect(FINGERPRINT_ERR_MSG);
7293
Self::Sha512(digest.finalize().into())
7394
}
7495
}

ssh-key/src/kdf.rs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ use encoding::{CheckedSum, Decode, Encode, Reader, Writer};
99
use alloc::vec::Vec;
1010

1111
#[cfg(feature = "encryption")]
12-
use {crate::Cipher, bcrypt_pbkdf::bcrypt_pbkdf, rand_core::CryptoRngCore, zeroize::Zeroizing};
12+
use {crate::Cipher, bcrypt_pbkdf::bcrypt_pbkdf, rand_core::Rng, zeroize::Zeroizing};
1313

1414
/// Default number of rounds to use for bcrypt-pbkdf.
1515
#[cfg(feature = "encryption")]
@@ -40,7 +40,7 @@ pub enum Kdf {
4040
impl Kdf {
4141
/// Initialize KDF configuration for the given algorithm.
4242
#[cfg(feature = "encryption")]
43-
pub fn new(algorithm: KdfAlg, rng: &mut impl CryptoRngCore) -> Result<Self> {
43+
pub fn new(algorithm: KdfAlg, rng: &mut impl Rng) -> Result<Self> {
4444
let mut salt = vec![0u8; DEFAULT_SALT_SIZE];
4545
rng.fill_bytes(&mut salt);
4646

ssh-key/src/mpint.rs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,9 +3,9 @@
33
use crate::{Error, Result};
44
use alloc::{boxed::Box, vec::Vec};
55
use core::fmt;
6+
#[cfg(any(feature = "dsa", feature = "rsa"))]
7+
use crypto_bigint::BoxedUint;
68
use encoding::{CheckedSum, Decode, Encode, Reader, Writer};
7-
#[cfg(feature = "rsa")]
8-
use rsa::BoxedUint;
99
use subtle::{Choice, ConstantTimeEq};
1010
use zeroize::Zeroize;
1111

ssh-key/src/ppk.rs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ use core::fmt::{Debug, Display};
99
use core::num::ParseIntError;
1010
use core::str::FromStr;
1111
use hex::FromHex;
12-
use hmac::{Hmac, Mac};
12+
use hmac::{Hmac, KeyInit, Mac};
1313
use sha1::{Digest, Sha1};
1414
use sha2::Sha256;
1515

ssh-key/src/private.rs

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -155,7 +155,7 @@ use {
155155
};
156156

157157
#[cfg(feature = "rand_core")]
158-
use rand_core::Rng;
158+
use rand_core::CryptoRng;
159159

160160
#[cfg(feature = "std")]
161161
use std::{fs, path::Path};
@@ -396,7 +396,7 @@ impl PrivateKey {
396396
#[cfg(feature = "encryption")]
397397
pub fn encrypt(
398398
&self,
399-
rng: &mut impl Rng,
399+
rng: &mut impl CryptoRng,
400400
password: impl AsRef<[u8]>,
401401
) -> Result<Self> {
402402
self.encrypt_with_cipher(rng, Cipher::Aes256Ctr, password)
@@ -409,7 +409,7 @@ impl PrivateKey {
409409
#[cfg(feature = "encryption")]
410410
pub fn encrypt_with_cipher(
411411
&self,
412-
rng: &mut impl Rng,
412+
rng: &mut impl CryptoRng,
413413
cipher: Cipher,
414414
password: impl AsRef<[u8]>,
415415
) -> Result<Self> {
@@ -509,7 +509,7 @@ impl PrivateKey {
509509
/// - `Error::AlgorithmUnknown` if the algorithm is unsupported.
510510
#[cfg(feature = "rand_core")]
511511
#[allow(unreachable_code, unused_variables)]
512-
pub fn random(rng: &mut impl Rng, algorithm: Algorithm) -> Result<Self> {
512+
pub fn random(rng: &mut impl CryptoRng, algorithm: Algorithm) -> Result<Self> {
513513
let checkint = rng.next_u32();
514514
let key_data = match algorithm {
515515
#[cfg(feature = "dsa")]

ssh-key/src/private/dsa.rs

Lines changed: 12 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -2,12 +2,14 @@
22
33
use crate::{public::DsaPublicKey, Error, Mpint, Result};
44
use core::fmt;
5+
#[cfg(feature = "dsa")]
6+
use crypto_bigint::BoxedUint;
57
use encoding::{CheckedSum, Decode, Encode, Reader, Writer};
68
use subtle::{Choice, ConstantTimeEq};
79
use zeroize::Zeroize;
810

911
#[cfg(all(feature = "dsa", feature = "rand_core"))]
10-
use rand_core::CryptoRngCore;
12+
use rand_core::CryptoRng;
1113

1214
/// Digital Signature Algorithm (DSA) private key.
1315
///
@@ -86,20 +88,20 @@ impl Drop for DsaPrivateKey {
8688
}
8789

8890
#[cfg(feature = "dsa")]
89-
impl TryFrom<DsaPrivateKey> for dsa::BigUint {
91+
impl TryFrom<DsaPrivateKey> for BoxedUint {
9092
type Error = Error;
9193

92-
fn try_from(key: DsaPrivateKey) -> Result<dsa::BigUint> {
93-
dsa::BigUint::try_from(&key.inner)
94+
fn try_from(key: DsaPrivateKey) -> Result<BoxedUint> {
95+
BoxedUint::try_from(&key.inner)
9496
}
9597
}
9698

9799
#[cfg(feature = "dsa")]
98-
impl TryFrom<&DsaPrivateKey> for dsa::BigUint {
100+
impl TryFrom<&DsaPrivateKey> for BoxedUint {
99101
type Error = Error;
100102

101-
fn try_from(key: &DsaPrivateKey) -> Result<dsa::BigUint> {
102-
dsa::BigUint::try_from(&key.inner)
103+
fn try_from(key: &DsaPrivateKey) -> Result<BoxedUint> {
104+
BoxedUint::try_from(&key.inner)
103105
}
104106
}
105107

@@ -118,7 +120,7 @@ impl TryFrom<&dsa::SigningKey> for DsaPrivateKey {
118120

119121
fn try_from(key: &dsa::SigningKey) -> Result<DsaPrivateKey> {
120122
Ok(DsaPrivateKey {
121-
inner: key.x().try_into()?,
123+
inner: key.x().as_ref().try_into()?,
122124
})
123125
}
124126
}
@@ -141,7 +143,7 @@ impl DsaKeypair {
141143

142144
/// Generate a random DSA private key.
143145
#[cfg(all(feature = "dsa", feature = "rand_core"))]
144-
pub fn random(rng: &mut impl CryptoRngCore) -> Result<Self> {
146+
pub fn random(rng: &mut impl CryptoRng) -> Result<Self> {
145147
let components = dsa::Components::generate(rng, Self::KEY_SIZE);
146148
dsa::SigningKey::generate(rng, components).try_into()
147149
}
@@ -218,7 +220,7 @@ impl TryFrom<&DsaKeypair> for dsa::SigningKey {
218220
fn try_from(key: &DsaKeypair) -> Result<dsa::SigningKey> {
219221
Ok(dsa::SigningKey::from_components(
220222
dsa::VerifyingKey::try_from(&key.public)?,
221-
dsa::BigUint::try_from(&key.private)?,
223+
BoxedUint::try_from(&key.private)?,
222224
)?)
223225
}
224226
}

0 commit comments

Comments
 (0)