Remote master#6
Merged
Merged
Conversation
…ypto#2124) Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 7 to 8. - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](peter-evans/create-pull-request@v7...v8) --- updated-dependencies: - dependency-name: peter-evans/create-pull-request dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/cache](https://github.com/actions/cache) from 4 to 5. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@v4...v5) --- updated-dependencies: - dependency-name: actions/cache dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
`bincode` is unmaintained. See https://crates.io/crates/bincode/3.0.0 This adds `postcard` as an alternative for rustdocs
This is a transitive dependency of `postcard` (itself a dev-dependency of `serdect`) by way of `heapless`. We don't care it's unmaintained, the whole dependency chain is just for testing anyway.
The old error type was a simple unit struct that couldn't express anything. This replaces it with an enum that can express various error conditions, including Base64 encoding errors, which might be helpful when trying to support a myriad of different Base64 encodings.
…#2132) Writes directly to the underlying string, validating the added text comprises a valid `Field`, and truncating back to the original length in the event of an error
Renames the `Base64::ShaCrypt` variant to `Base64::Crypt`, removing the previous option entirely. See RustCrypto#2133: the implementation of `base64ct`'s `Base64Crypt` is mistaken: it implements the Base64 alphabet used by `crypt(3)`, but the special little endian packing implemented in `Base64ShaCrypt` is ubiquitously used with this alphabet. So this simply makes `mcf::Base64::Crypt` the only option, and also the correct one for any `crypt(3)` password hash.
Closes RustCrypto#2133 `Base64ShaCrypt` is, as far as I can tell, the standard Base64 alphabet used by all `crypt(3)` hashes. The only exception is `bcrypt` which uses a completely different alphabet (`./A-Za-z0-9`). As far as I can tell all algorithms that actually use the `./0-9A-Za-z` alphabet do so with the little endian packing implemented in `Base64ShaCrypt`. I'm uncertain about the provenance of the test vectors for `Base64Crypt` but as far as I can tell it's actually a non-standard packing for this particular alphabet. As such, this deprecates `Base64Crypt`, steering people towards `Base64ShaCrypt` for now. Perhaps in the future we can find better names.
…#2137) Now that the `Error` trait is always available in `core`, we can use it as a bound for associated error types, which makes them more convenient to use in generic code.
Updates the following dependencies: - `cipher` v0.5.0-rc.3 - `crypto-bigint` v0.7.0-rc.13 - `crypto-common` v0.2.0-rc.8 - `crypto-primes` (via git) - `digest` v0.11.0-rc.5 - `ecdsa` v0.17.0-rc.10 - `elliptic-curve` v0.14.0-rc.18 - `getrandom` v0.4.0-rc.0 - `p256` v0.14.0-rc.1 - `primefield` v0.14.0-rc.2 - `primeorder` v0.14.0-rc.2 - `rsa` (via git) - `signature` v3.0.0-rc.6 Notably this involved updating `cms` to use the new `Generate` trait
…to#2120) Redesigned the extension trait interface to support more flexible ownership patterns and use cases. The trait is renamed from AsExtension to ToExtension and now consumes values by default, with implementations for references and tuples like (OID, bool, &T) to allow direct control over criticality and OID. This makes the API more ergonomic for common scenarios while enabling advanced use cases that weren't previously possible. BREAKING CHANGE: The AsExtension trait has been renamed to ToExtension, and to_extension now takes self by value. Users must update trait bounds from AsExtension to ToExtension and may need to adjust how extensions are passed to add_extension methods.
Adds the variant of Base64 used by the PHC string format
Updates the following dependencies:
$ cargo update
Updating git repository `https://github.com/rust-random/rand`
Updating crates.io index
Locking 37 packages to latest compatible versions
Updating aead v0.6.0-rc.3 -> v0.6.0-rc.5
Updating anstyle v1.0.11 -> v1.0.13
Updating clap v4.5.40 -> v4.5.54
Updating clap_builder v4.5.40 -> v4.5.54
Updating clap_lex v0.7.5 -> v0.7.6
Updating deranged v0.4.0 -> v0.5.5
Updating inout v0.2.1 -> v0.2.2
Updating itoa v1.0.15 -> v1.0.17
Updating libc v0.2.178 -> v0.2.179
Removing paste v1.0.15
Updating proc-macro2 v1.0.95 -> v1.0.104
Updating quote v1.0.40 -> v1.0.42
Updating rand v0.10.0-rc.5 (https://github.com/rust-random/rand#ff07ec20) -> #75fe38ff
Updating regex v1.11.1 -> v1.12.2
Updating rmp v0.8.14 -> v0.8.15
Updating rmp-serde v1.3.0 -> v1.3.1
Updating rustix v1.1.2 -> v1.1.3
Updating ryu v1.0.20 -> v1.0.22
Updating serde v1.0.226 -> v1.0.228
Updating serde_core v1.0.226 -> v1.0.228
Updating serde_derive v1.0.226 -> v1.0.228
Updating serde_json v1.0.140 -> v1.0.148
Removing serde_spanned v0.6.9
Updating syn v2.0.101 -> v2.0.113
Updating target-triple v0.1.4 -> v1.0.0
Updating tempfile v3.20.0 -> v3.24.0
Updating time v0.3.41 -> v0.3.44
Updating time-core v0.1.4 -> v0.1.6
Updating tokio v1.48.0 -> v1.49.0
Removing toml v0.8.23
Removing toml v0.9.7
Adding toml v0.9.10+spec-1.1.0
Removing toml_datetime v0.6.11
Removing toml_datetime v0.7.2
Adding toml_datetime v0.7.5+spec-1.1.0
Removing toml_edit v0.22.27
Removing toml_edit v0.23.6
Adding toml_edit v0.23.10+spec-1.0.0
Updating toml_parser v1.0.4 -> v1.0.6+spec-1.1.0
Removing toml_write v0.1.2
Updating trybuild v1.0.105 -> v1.0.114
Updating universal-hash v0.6.0-rc.3 -> v0.6.0-rc.4
Adding windows-link v0.2.1
Updating windows-sys v0.59.0 -> v0.61.2
Removing windows-targets v0.52.6
Removing windows_aarch64_gnullvm v0.52.6
Removing windows_aarch64_msvc v0.52.6
Removing windows_i686_gnu v0.52.6
Removing windows_i686_gnullvm v0.52.6
Removing windows_i686_msvc v0.52.6
Removing windows_x86_64_gnu v0.52.6
Removing windows_x86_64_gnullvm v0.52.6
Removing windows_x86_64_msvc v0.52.6
Updating zeroize_derive v1.4.2 -> v1.4.3
Adding zmij v1.0.91
Bumps [crate-ci/typos](https://github.com/crate-ci/typos) from 1.40.0 to 1.41.0. - [Release notes](https://github.com/crate-ci/typos/releases) - [Changelog](https://github.com/crate-ci/typos/blob/master/CHANGELOG.md) - [Commits](crate-ci/typos@v1.40.0...v1.41.0) --- updated-dependencies: - dependency-name: crate-ci/typos dependency-version: 1.41.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the all-deps group with 8 updates: | Package | From | To | | --- | --- | --- | | [elliptic-curve](https://github.com/RustCrypto/traits) | `0.14.0-rc.18` | `0.14.0-rc.19` | | [ecdsa](https://github.com/RustCrypto/signatures) | `0.17.0-rc.10` | `0.17.0-rc.11` | | [p256](https://github.com/RustCrypto/elliptic-curves) | `0.14.0-rc.2` | `0.14.0-rc.3` | | [crypto-bigint](https://github.com/RustCrypto/crypto-bigint) | `0.7.0-rc.13` | `0.7.0-rc.14` | | [crypto-common](https://github.com/RustCrypto/traits) | `0.2.0-rc.8` | `0.2.0-rc.9` | | [primefield](https://github.com/RustCrypto/elliptic-curves) | `0.14.0-rc.2` | `0.14.0-rc.3` | | [primeorder](https://github.com/RustCrypto/elliptic-curves) | `0.14.0-rc.2` | `0.14.0-rc.3` | | [zmij](https://github.com/dtolnay/zmij) | `1.0.9` | `1.0.11` | Updates `elliptic-curve` from 0.14.0-rc.18 to 0.14.0-rc.19 - [Commits](RustCrypto/traits@elliptic-curve-v0.14.0-rc.18...elliptic-curve/v0.14.0-rc.19) Updates `ecdsa` from 0.17.0-rc.10 to 0.17.0-rc.11 - [Commits](RustCrypto/signatures@ecdsa/v0.17.0-rc.10...ecdsa/v0.17.0-rc.11) Updates `p256` from 0.14.0-rc.2 to 0.14.0-rc.3 - [Commits](RustCrypto/elliptic-curves@p256/v0.14.0-rc.2...p256/v0.14.0-rc.3) Updates `crypto-bigint` from 0.7.0-rc.13 to 0.7.0-rc.14 - [Changelog](https://github.com/RustCrypto/crypto-bigint/blob/master/CHANGELOG.md) - [Commits](RustCrypto/crypto-bigint@v0.7.0-rc.13...v0.7.0-rc.14) Updates `crypto-common` from 0.2.0-rc.8 to 0.2.0-rc.9 - [Commits](RustCrypto/traits@crypto-common-v0.2.0-rc.8...crypto-common-v0.2.0-rc.9) Updates `primefield` from 0.14.0-rc.2 to 0.14.0-rc.3 - [Commits](RustCrypto/elliptic-curves@primefield/v0.14.0-rc.2...primefield/v0.14.0-rc.3) Updates `primeorder` from 0.14.0-rc.2 to 0.14.0-rc.3 - [Commits](RustCrypto/elliptic-curves@primeorder/v0.14.0-rc.2...primeorder/v0.14.0-rc.3) Updates `zmij` from 1.0.9 to 1.0.11 - [Release notes](https://github.com/dtolnay/zmij/releases) - [Commits](dtolnay/zmij@1.0.9...1.0.11) --- updated-dependencies: - dependency-name: elliptic-curve dependency-version: 0.14.0-rc.19 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-deps - dependency-name: ecdsa dependency-version: 0.17.0-rc.11 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-deps - dependency-name: p256 dependency-version: 0.14.0-rc.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-deps - dependency-name: crypto-bigint dependency-version: 0.7.0-rc.14 dependency-type: indirect update-type: version-update:semver-patch dependency-group: all-deps - dependency-name: crypto-common dependency-version: 0.2.0-rc.9 dependency-type: indirect update-type: version-update:semver-patch dependency-group: all-deps - dependency-name: primefield dependency-version: 0.14.0-rc.3 dependency-type: indirect update-type: version-update:semver-patch dependency-group: all-deps - dependency-name: primeorder dependency-version: 0.14.0-rc.3 dependency-type: indirect update-type: version-update:semver-patch dependency-group: all-deps - dependency-name: zmij dependency-version: 1.0.11 dependency-type: indirect update-type: version-update:semver-patch dependency-group: all-deps ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This is an alphabet used with PBKDF2 Modular Crypt Format (MCF) password hash strings. It's a variant of the unpadded standard Base64 alphabet which uses `.` in place of the usual `+`. Some example hashes can be found here: https://github.com/hlandau/passlib/blob/8f820e0/hash/pbkdf2/pbkdf2_test.go Also adds a `Base64::Pbkdf2` to the `mcf` crate.
### Added - `Base64Pbkdf2` alphabet (RustCrypto#2168)
Bumps the all-deps group with 10 updates: | Package | From | To | | --- | --- | --- | | [rsa](https://github.com/RustCrypto/RSA) | `0.10.0-rc.11` | `0.10.0-rc.12` | | [pbkdf2](https://github.com/RustCrypto/password-hashes) | `0.13.0-rc.6` | `0.13.0-rc.7` | | [toml](https://github.com/toml-rs/toml) | `0.9.10+spec-1.1.0` | `0.9.11+spec-1.1.0` | | [crypto-bigint](https://github.com/RustCrypto/crypto-bigint) | `0.7.0-rc.15` | `0.7.0-rc.16` | | [crypto-primes](https://github.com/entropyxyz/crypto-primes) | `0.7.0-pre.5` | `0.7.0-pre.6` | | [indexmap](https://github.com/indexmap-rs/indexmap) | `2.12.1` | `2.13.0` | | [libc](https://github.com/rust-lang/libc) | `0.2.179` | `0.2.180` | | [zerocopy](https://github.com/google/zerocopy) | `0.8.31` | `0.8.33` | | [zerocopy-derive](https://github.com/google/zerocopy) | `0.8.31` | `0.8.33` | | [zmij](https://github.com/dtolnay/zmij) | `1.0.11` | `1.0.13` | Updates `rsa` from 0.10.0-rc.11 to 0.10.0-rc.12 - [Changelog](https://github.com/RustCrypto/RSA/blob/master/CHANGELOG.md) - [Commits](RustCrypto/RSA@v0.10.0-rc.11...v0.10.0-rc.12) Updates `pbkdf2` from 0.13.0-rc.6 to 0.13.0-rc.7 - [Commits](RustCrypto/password-hashes@pbkdf2-v0.13.0-rc.6...pbkdf2/v0.13.0-rc.7) Updates `toml` from 0.9.10+spec-1.1.0 to 0.9.11+spec-1.1.0 - [Commits](toml-rs/toml@toml-v0.9.10...toml-v0.9.11) Updates `crypto-bigint` from 0.7.0-rc.15 to 0.7.0-rc.16 - [Changelog](https://github.com/RustCrypto/crypto-bigint/blob/master/CHANGELOG.md) - [Commits](RustCrypto/crypto-bigint@v0.7.0-rc.15...v0.7.0-rc.16) Updates `crypto-primes` from 0.7.0-pre.5 to 0.7.0-pre.6 - [Changelog](https://github.com/entropyxyz/crypto-primes/blob/master/CHANGELOG.md) - [Commits](entropyxyz/crypto-primes@v0.7.0-pre.5...v0.7.0-pre.6) Updates `indexmap` from 2.12.1 to 2.13.0 - [Changelog](https://github.com/indexmap-rs/indexmap/blob/main/RELEASES.md) - [Commits](indexmap-rs/indexmap@2.12.1...2.13.0) Updates `libc` from 0.2.179 to 0.2.180 - [Release notes](https://github.com/rust-lang/libc/releases) - [Changelog](https://github.com/rust-lang/libc/blob/0.2.180/CHANGELOG.md) - [Commits](rust-lang/libc@0.2.179...0.2.180) Updates `zerocopy` from 0.8.31 to 0.8.33 - [Release notes](https://github.com/google/zerocopy/releases) - [Changelog](https://github.com/google/zerocopy/blob/main/CHANGELOG.md) - [Commits](google/zerocopy@v0.8.31...v0.8.33) Updates `zerocopy-derive` from 0.8.31 to 0.8.33 - [Release notes](https://github.com/google/zerocopy/releases) - [Changelog](https://github.com/google/zerocopy/blob/main/CHANGELOG.md) - [Commits](google/zerocopy@v0.8.31...v0.8.33) Updates `zmij` from 1.0.11 to 1.0.13 - [Release notes](https://github.com/dtolnay/zmij/releases) - [Commits](dtolnay/zmij@1.0.11...1.0.13) --- updated-dependencies: - dependency-name: rsa dependency-version: 0.10.0-rc.12 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-deps - dependency-name: pbkdf2 dependency-version: 0.13.0-rc.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-deps - dependency-name: toml dependency-version: 0.9.11+spec-1.1.0 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-deps - dependency-name: crypto-bigint dependency-version: 0.7.0-rc.16 dependency-type: indirect update-type: version-update:semver-patch dependency-group: all-deps - dependency-name: crypto-primes dependency-version: 0.7.0-pre.6 dependency-type: indirect update-type: version-update:semver-patch dependency-group: all-deps - dependency-name: indexmap dependency-version: 2.13.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: all-deps - dependency-name: libc dependency-version: 0.2.180 dependency-type: indirect update-type: version-update:semver-patch dependency-group: all-deps - dependency-name: zerocopy dependency-version: 0.8.33 dependency-type: indirect update-type: version-update:semver-patch dependency-group: all-deps - dependency-name: zerocopy-derive dependency-version: 0.8.33 dependency-type: indirect update-type: version-update:semver-patch dependency-group: all-deps - dependency-name: zmij dependency-version: 1.0.13 dependency-type: indirect update-type: version-update:semver-patch dependency-group: all-deps ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [crate-ci/typos](https://github.com/crate-ci/typos) from 1.41.0 to 1.42.0. - [Release notes](https://github.com/crate-ci/typos/releases) - [Changelog](https://github.com/crate-ci/typos/blob/master/CHANGELOG.md) - [Commits](crate-ci/typos@v1.41.0...v1.42.0) --- updated-dependencies: - dependency-name: crate-ci/typos dependency-version: 1.42.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
A recent change in the upcoming rand_core 0.10.0-rc-4 dropped the implied `CryptoRng: RngCore` from the trait. This forces any consumer to make the requirement explicit. This commit prepares for that.
This fixes the use of vulnerable cmov versions See GHSA-2gqc-6j2q-83qp
Bumps [crate-ci/typos](https://github.com/crate-ci/typos) from 1.42.0 to 1.42.1. - [Release notes](https://github.com/crate-ci/typos/releases) - [Changelog](https://github.com/crate-ci/typos/blob/master/CHANGELOG.md) - [Commits](crate-ci/typos@v1.42.0...v1.42.1) --- updated-dependencies: - dependency-name: crate-ci/typos dependency-version: 1.42.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
pkcs5 0.8.0-rc.12 pkcs8 0.11.0-rc.9
Bumps `ctutils` to v0.4
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.