Bump dependencies (#2148)

Updates the following dependencies:
- `cipher` v0.5.0-rc.3
- `crypto-bigint` v0.7.0-rc.13
- `crypto-common` v0.2.0-rc.8
- `crypto-primes` (via git)
- `digest` v0.11.0-rc.5
- `ecdsa` v0.17.0-rc.10
- `elliptic-curve` v0.14.0-rc.18
- `getrandom` v0.4.0-rc.0
- `p256` v0.14.0-rc.1
- `primefield` v0.14.0-rc.2
- `primeorder` v0.14.0-rc.2
- `rsa` (via git)
- `signature` v3.0.0-rc.6

Notably this involved updating `cms` to use the new `Generate` trait

Author: tarcieri

Cargo.lock

@@ -61,4 +61,6 @@ x509-tsp = { path = "./x509-tsp" }
 x509-cert = { path = "./x509-cert" }
 x509-ocsp = { path = "./x509-ocsp" }
 
+crypto-primes = { git = "https://github.com/tarcieri/crypto-primes", branch = "crypto-bigint/v0.7.0-rc.13" }
 rand = { git = "https://github.com/rust-random/rand" }
+rsa = { git = "https://github.com/RustCrypto/RSA" }

Cargo.toml

@@ -25,27 +25,27 @@ aes = { version = "0.9.0-rc.2", optional = true }
 aes-kw = { version = "0.3.0-rc.1", optional = true }
 ansi-x963-kdf = { version = "0.1.0-rc.1", optional = true }
 cbc = { version = "0.2.0-rc.2", optional = true }
-cipher = { version = "0.5.0-rc.2", features = ["alloc", "block-padding", "rand_core"], optional = true }
-digest = { version = "0.11.0-rc.4", optional = true }
-elliptic-curve = { version = "0.14.0-rc.16", optional = true }
+cipher = { version = "0.5.0-rc.3", features = ["alloc", "block-padding", "rand_core"], optional = true }
+digest = { version = "0.11.0-rc.5", optional = true }
+elliptic-curve = { version = "0.14.0-rc.18", optional = true }
 rsa = { version = "0.10.0-rc.10", optional = true }
 sha1 = { version = "0.11.0-rc.3", optional = true }
 sha2 = { version = "0.11.0-rc.3", optional = true }
 sha3 = { version = "0.11.0-rc.3", optional = true }
-signature = { version = "3.0.0-rc.5", features = ["digest", "alloc"], optional = true }
+signature = { version = "3.0.0-rc.6", features = ["digest", "alloc"], optional = true }
 zeroize = { version = "1.8.1", optional = true }
 
 [dev-dependencies]
 aes = "0.9.0-rc.2"
-getrandom = "0.3"
+getrandom = "0.4.0-rc.0"
 hex-literal = "1"
 pem-rfc7468 = "1"
 pkcs5 = "0.8.0-rc.10"
 pbkdf2 = "0.13.0-rc.2"
-rand = "0.10.0-rc.1"
+rand = "0.10.0-rc.5"
 rsa = { version = "0.10.0-rc.10", features = ["sha2"] }
-ecdsa = { version = "0.17.0-rc.6", features = ["digest", "pem"] }
-p256 = "0.14.0-rc.1"
+ecdsa = { version = "0.17.0-rc.9", features = ["digest", "pem"] }
+p256 = "0.14.0-rc.2"
 tokio = { version = "1.45.1", features = ["macros", "rt"] }
 x509-cert = { version = "0.3.0-rc.0", features = ["pem"] }
 

cms/Cargo.toml

@@ -1,34 +1,41 @@
-#![cfg(feature = "builder")]
+//! Cryptographic Message Syntax Builder
 
-//! CMS Builder
+#![cfg(feature = "builder")]
 
-use crate::cert::CertificateChoices;
-use crate::content_info::{CmsVersion, ContentInfo};
-use crate::enveloped_data::{
-    EncryptedContentInfo, EncryptedKey, EnvelopedData, KekIdentifier, KeyTransRecipientInfo,
-    OriginatorInfo, PasswordRecipientInfo, RecipientIdentifier, RecipientInfo, RecipientInfos,
-    UserKeyingMaterial,
-};
-use crate::revocation::{RevocationInfoChoice, RevocationInfoChoices};
-use crate::signed_data::{
-    CertificateSet, DigestAlgorithmIdentifiers, EncapsulatedContentInfo, SignatureValue,
-    SignedAttributes, SignedData, SignerIdentifier, SignerInfo, SignerInfos, UnsignedAttributes,
+use crate::{
+    cert::CertificateChoices,
+    content_info::{CmsVersion, ContentInfo},
+    enveloped_data::{
+        EncryptedContentInfo, EncryptedKey, EnvelopedData, KekIdentifier, KeyTransRecipientInfo,
+        OriginatorInfo, PasswordRecipientInfo, RecipientIdentifier, RecipientInfo, RecipientInfos,
+        UserKeyingMaterial,
+    },
+    revocation::{RevocationInfoChoice, RevocationInfoChoices},
+    signed_data::{
+        CertificateSet, DigestAlgorithmIdentifiers, EncapsulatedContentInfo, SignatureValue,
+        SignedAttributes, SignedData, SignerIdentifier, SignerInfo, SignerInfos,
+        UnsignedAttributes,
+    },
 };
 use aes::{Aes128, Aes192, Aes256};
-use alloc::borrow::ToOwned;
-use alloc::boxed::Box;
-use alloc::string::{String, ToString};
-use alloc::vec::Vec;
+use alloc::{
+    borrow::ToOwned,
+    boxed::Box,
+    string::{String, ToString},
+    vec,
+    vec::Vec,
+};
 use cipher::{
-    BlockModeEncrypt, Key, KeyIvInit, KeySizeUser, block_padding::Pkcs7, rand_core::CryptoRng,
+    BlockModeEncrypt, Iv, Key, KeyIvInit, block_padding::Pkcs7, crypto_common::Generate,
+    rand_core::CryptoRng,
 };
 use const_oid::ObjectIdentifier;
-use core::cmp::Ordering;
-use core::fmt;
-use core::marker::PhantomData;
-use der::asn1::{BitString, Null, OctetString, OctetStringRef, SetOfVec};
-use der::oid::db::DB;
-use der::{Any, AnyRef, Decode, Encode, ErrorKind, Tag};
+use core::{cmp::Ordering, fmt, marker::PhantomData};
+use der::{
+    Any, AnyRef, Decode, Encode, ErrorKind, Tag,
+    asn1::{BitString, Null, OctetString, OctetStringRef, SetOfVec},
+    oid::db::DB,
+};
 use digest::Digest;
 use rsa::Pkcs1v15Encrypt;
 use sha2::digest;
@@ -39,7 +46,6 @@ use spki::{
     AlgorithmIdentifierOwned, DynSignatureAlgorithmIdentifier, EncodePublicKey,
     SignatureBitStringEncoding,
 };
-use std::vec;
 use x509_cert::{
     attr::{Attribute, AttributeValue, Attributes},
     builder::{self, AsyncBuilder, Builder},
@@ -1172,18 +1178,16 @@ fn get_hasher(
 macro_rules! encrypt_block_mode {
     ($data:expr, $block_mode:ident::$typ:ident<$alg:ident>, $key:expr, $rng:expr, $oid:expr) => {{
         let (key, iv) = match $key {
-            None => $block_mode::$typ::<$alg>::generate_key_iv_with_rng($rng),
+            None => {
+                let key = Key::<$block_mode::$typ<$alg>>::generate_from_rng($rng);
+                let iv = Iv::<$block_mode::$typ<$alg>>::generate_from_rng($rng);
+                (key, iv)
+            }
             Some(key) => {
-                if key.len() != $alg::key_size() {
-                    return Err(Error::Builder(String::from(
-                        "Invalid key size for chosen algorithm",
-                    )));
-                }
-                (
-                    Key::<$block_mode::$typ<$alg>>::try_from(key)
-                        .expect("size invariants violation"),
-                    $block_mode::$typ::<$alg>::generate_iv_with_rng($rng),
-                )
+                let key = Key::<$block_mode::$typ<$alg>>::try_from(key)
+                    .map_err(|_| Error::Builder("invalid key size for chosen algorithm".into()))?;
+                let iv = Iv::<$block_mode::$typ<$alg>>::generate_from_rng($rng);
+                (key, iv)
             }
         };
         let encryptor = $block_mode::$typ::<$alg>::new(&key.into(), &iv.into());

cms/src/builder.rs

@@ -29,10 +29,10 @@ tls_codec = { version = "0.4", default-features = false, features = ["derive"],
 
 [dev-dependencies]
 hex-literal = "1"
-rand = "0.10.0-rc.1"
+rand = "0.10.0-rc.5"
 rsa = { version = "0.10.0-rc.10", features = ["sha2"] }
-ecdsa = { version = "0.17.0-rc.6", features = ["digest", "pem"] }
-p256 = "0.14.0-rc.1"
+ecdsa = { version = "0.17.0-rc.9", features = ["digest", "pem"] }
+p256 = "0.14.0-rc.2"
 rstest = "0.26"
 sha2 = { version = "0.11.0-rc.3", features = ["oid"] }
 tempfile = "3.5"