Revert aes-gcm-siv patch once new version is pushed #168
Assignees
Labels
security
An issue potentially related to security - memory leaks, architectural crypto, etc.
Comments
bunnie
added
the
security
|
RustCrypto/AEADs@479ae5f moves us closer to closing this issue. For now, we are pointing to the top of their All that's missing now is a tagged release. |
bunnie
added a commit
that referenced
this issue
Jun 20, 2022
at least we're off a fork and back onto the main repo.
|
Also AES-GCM-SIV just found its way into |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As a reminder of how we got to this purgatory: I thought it would be a good idea to have FIDO2. Which requires CBC for AES. CBC isn't in AES 0.7...
Which brought us to refactoring AES to API level 0.8
Which also brought our cipher dependency to 0.4
Which now contradicts the dependencies required by aes-gcm-siv latest version (0.10.3).
But, a new version of aes-gcm-siv is in the works! pending per issue RustCrypto/AEADs#410
This issue is to remind myself to absorb the release and remove the monkey patch over the aes-gcm-siv dependency from the Cargo.toml file inside the PDDB server, once this problem is resolved.
And with this, I partially take back the gripes about OpenSK rolling all their own crypto APIs. "At least they had CBC on AES without having to pull their software supply chain through a wormhole."
The text was updated successfully, but these errors were encountered: