From 8075aead864927ac214b58d4ee9151767b42c61c Mon Sep 17 00:00:00 2001 From: Sebastian Wolfram Date: Fri, 28 Jun 2024 13:47:51 +0200 Subject: [PATCH 1/6] bump dependency version - curve25519-dalek - x25519-dalek - age --- Cargo.toml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index e4ac2eb..5d23ad2 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -122,8 +122,8 @@ serde = { version = "1.0", optional = true, default-features = false, features = sha3 = { version = "0.10", optional = true, default-features = false } tiny-keccak = { version = "2.0", optional = true, default-features = false, features = [ "keccak" ] } unicode-normalization = { version = "0.1", optional = true, default-features = false } -curve25519-dalek = { version = "3.2", optional = true, default-features = false, features = [ "u64_backend" ] } -x25519-dalek = { version = "1.1", optional = true, default-features = false, features = [ "u64_backend" ] } +curve25519-dalek = { version = "4.1.3", optional = true, default-features = false } +x25519-dalek = { version = "2.0.1", optional = true, default-features = false, features = ["static_secrets", "zeroize"] } zeroize = { version = "1.5", optional = true, default-features = false, features = [ "zeroize_derive" ] } scrypt = { version = "0.11", optional = true, default-features = false } hkdf = { version = "0.12", optional = true, default-features = false } @@ -141,7 +141,7 @@ hex = { version = "0.4", default-features = false, features = [ "alloc", "std" ] rand = { version = "0.8", default-features = false, features = [ "std", "std_rng", "min_const_gen" ] } serde = { version = "1.0", default-features = false, features = [ "derive" ] } serde_json = { version = "1.0", default-features = false, features = [ "alloc", "std" ] } -age = { version = "0.9", default-features = false } +age = { version = "0.10", default-features = false } [profile.dev] split-debuginfo = "unpacked" From ecac9614e22b04d4349607a64bfe763f3f8214bc Mon Sep 17 00:00:00 2001 From: Sebastian Wolfram Date: Fri, 28 Jun 2024 14:17:53 +0200 Subject: [PATCH 2/6] fix clippy warning --- src/encoding/ternary/raw.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/encoding/ternary/raw.rs b/src/encoding/ternary/raw.rs index 3f546eb..521fd2b 100644 --- a/src/encoding/ternary/raw.rs +++ b/src/encoding/ternary/raw.rs @@ -101,7 +101,7 @@ pub trait RawEncodingBuf { /// Convert this encoding into another encoding. /// TODO: Rename this `reencode` #[allow(clippy::wrong_self_convention)] - fn into_encoding(this: TritBuf) -> TritBuf + fn into_encoding(this: TritBuf) -> TritBuf where Self: Sized, T: RawEncodingBuf, From 3f7e4028f345da5cc10a8dc803ed7cc12dcf63a0 Mon Sep 17 00:00:00 2001 From: Sebastian Wolfram Date: Fri, 28 Jun 2024 14:54:59 +0200 Subject: [PATCH 3/6] fix clippy warnings --- src/encoding/ternary/tryte.rs | 6 +++--- src/hashes/ternary/curl_p/batched/mod.rs | 2 +- src/hashes/ternary/kerl/bigint/i384/mod.rs | 8 ++++---- .../ternary/kerl/bigint/split_integer.rs | 18 +++++++++--------- src/keys/bip39.rs | 4 ++-- 5 files changed, 19 insertions(+), 19 deletions(-) diff --git a/src/encoding/ternary/tryte.rs b/src/encoding/ternary/tryte.rs index ab4c757..1a2410d 100644 --- a/src/encoding/ternary/tryte.rs +++ b/src/encoding/ternary/tryte.rs @@ -107,8 +107,8 @@ impl TryFrom for Tryte { fn try_from(c: char) -> Result { match c { '9' => Ok(Tryte::Nine), - 'N'..='Z' => Ok(unsafe { core::mem::transmute((c as u8 - b'N') as i8 - 13) }), - 'A'..='M' => Ok(unsafe { core::mem::transmute((c as u8 - b'A') as i8 + 1) }), + 'N'..='Z' => Ok(unsafe { core::mem::transmute::((c as u8 - b'N') as i8 - 13) }), + 'A'..='M' => Ok(unsafe { core::mem::transmute::((c as u8 - b'A') as i8 + 1) }), _ => Err(Error::InvalidRepr), } } @@ -119,7 +119,7 @@ impl TryFrom for Tryte { fn try_from(x: i8) -> Result { match x { - -13..=13 => Ok(unsafe { core::mem::transmute(x) }), + -13..=13 => Ok(unsafe { core::mem::transmute::(x) }), _ => Err(Error::InvalidRepr), } } diff --git a/src/hashes/ternary/curl_p/batched/mod.rs b/src/hashes/ternary/curl_p/batched/mod.rs index c302e31..f7ec066 100644 --- a/src/hashes/ternary/curl_p/batched/mod.rs +++ b/src/hashes/ternary/curl_p/batched/mod.rs @@ -21,7 +21,7 @@ use crate::{ /// The number of inputs that can be processed in a single batch. pub const BATCH_SIZE: usize = 8 * core::mem::size_of::(); -const HIGH_BITS: usize = usize::max_value(); +const HIGH_BITS: usize = usize::MAX; const NUM_ROUNDS: usize = 81; /// A hasher that can process several inputs at the same time in batches. diff --git a/src/hashes/ternary/kerl/bigint/i384/mod.rs b/src/hashes/ternary/kerl/bigint/i384/mod.rs index a3251cb..ca5d23f 100644 --- a/src/hashes/ternary/kerl/bigint/i384/mod.rs +++ b/src/hashes/ternary/kerl/bigint/i384/mod.rs @@ -186,7 +186,7 @@ impl Ord for I384 { // MSU8s are equal. If they are not equal, then an early return will be triggered. const NEGBIT: u8 = 0x80; - const UMAX: u8 = core::u8::MAX; + const UMAX: u8 = u8::MAX; let numbers_negative = match zipped_iter.next() { // Case 1: both numbers are negative, s is less. Some((s @ NEGBIT..=UMAX, o @ NEGBIT..=UMAX)) if s > o => return Greater, @@ -408,7 +408,7 @@ impl Ord for I384 { // MSU32s are equal. If they are not equal, then an early return will be triggered. const NEGBIT: u32 = 0x8000_0000; - const UMAX: u32 = core::u32::MAX; + const UMAX: u32 = u32::MAX; let numbers_negative = match zipped_iter.next() { // Case 1: both numbers are negative, s is less. Some((s @ NEGBIT..=UMAX, o @ NEGBIT..=UMAX)) if s > o => return Greater, @@ -504,7 +504,7 @@ impl Ord for I384 { // MSU8s are equal. If they are not equal, then an early return will be triggered. const NEGBIT: u8 = 0x80; - const UMAX: u8 = core::u8::MAX; + const UMAX: u8 = u8::MAX; let numbers_negative = match zipped_iter.next() { // Case 1: both numbers are negative, s is less. Some((s @ NEGBIT..=UMAX, o @ NEGBIT..=UMAX)) if s > o => return Greater, @@ -734,7 +734,7 @@ impl Ord for I384 { // MSU32s are equal. If they are not equal, then an early return will be triggered. const NEGBIT: u32 = 0x8000_0000; - const UMAX: u32 = core::u32::MAX; + const UMAX: u32 = u32::MAX; let numbers_negative = match zipped_iter.next() { // Case 1: both numbers are negative, s is less. diff --git a/src/hashes/ternary/kerl/bigint/split_integer.rs b/src/hashes/ternary/kerl/bigint/split_integer.rs index ac3ac7f..b698d79 100644 --- a/src/hashes/ternary/kerl/bigint/split_integer.rs +++ b/src/hashes/ternary/kerl/bigint/split_integer.rs @@ -66,18 +66,18 @@ mod tests { // i64 [split_i64_hi_one_is_zero, 1i64.hi(), 0i32], [split_i64_lo_one_is_one, 1i64.lo(), 1u32], - [split_i64_hi_max_is_max, i64::max_value().hi(), i32::max_value()], - [split_i64_lo_max_is_max, i64::max_value().lo(), u32::max_value()], - [split_i64_hi_min_is_min, i64::min_value().hi(), i32::min_value()], - [split_i64_lo_min_is_zero, i64::min_value().lo(), 0u32], + [split_i64_hi_max_is_max, i64::MAX.hi(), i32::MAX], + [split_i64_lo_max_is_max, i64::MAX.lo(), u32::MAX], + [split_i64_hi_min_is_min, i64::MIN.hi(), i32::MIN], + [split_i64_lo_min_is_zero, i64::MIN.lo(), 0u32], [split_i64_hi_neg_one_is_neg_one, (-1i64).hi(), -1i32], - [split_i64_lo_neg_one_is_max, (-1i64).lo(), u32::max_value()], + [split_i64_lo_neg_one_is_max, (-1i64).lo(), u32::MAX], // u64 [split_u64_hi_one_is_zero, 1u64.hi(), 0u32], [split_u64_lo_one_is_one, 1u64.lo(), 1u32], - [split_u64_hi_max_is_max, u64::max_value().hi(), u32::max_value()], - [split_u64_lo_max_is_max, u64::max_value().lo(), u32::max_value()], - [split_u64_hi_min_is_min, u64::min_value().hi(), 0u32], - [split_u64_lo_min_is_zero, u64::min_value().lo(), 0u32], + [split_u64_hi_max_is_max, u64::MAX.hi(), u32::MAX], + [split_u64_lo_max_is_max, u64::MAX.lo(), u32::MAX], + [split_u64_hi_min_is_min, u64::MIN.hi(), 0u32], + [split_u64_lo_min_is_zero, u64::MIN.lo(), 0u32], ); } diff --git a/src/keys/bip39.rs b/src/keys/bip39.rs index 7237d65..78a1161 100644 --- a/src/keys/bip39.rs +++ b/src/keys/bip39.rs @@ -60,7 +60,7 @@ impl<'a> TryFrom<&'a str> for &'a MnemonicRef { fn try_from(mnemonic_str: &'a str) -> Result { if is_nfkd(mnemonic_str) { // SAFETY: MnemonicRef is represented exactly as str due to repr(transparent) - Ok(unsafe { core::mem::transmute(mnemonic_str) }) + Ok(unsafe { core::mem::transmute::<&str, Self>(mnemonic_str) }) } else { Err(Error::UnnormalizedMnemonic) } @@ -196,7 +196,7 @@ impl<'a> TryFrom<&'a str> for &'a PassphraseRef { fn try_from(passphrase_str: &'a str) -> Result { if is_nfkd(passphrase_str) { // SAFETY: PassphraseRef is represented exactly as str due to repr(transparent) - Ok(unsafe { core::mem::transmute(passphrase_str) }) + Ok(unsafe { core::mem::transmute::<&str, Self>(passphrase_str) }) } else { Err(Error::UnnormalizedPassphrase) } From df04ad75a60a91ed2689b5e50309c3fcf857243f Mon Sep 17 00:00:00 2001 From: Sebastian Wolfram Date: Wed, 14 Aug 2024 11:42:46 +0200 Subject: [PATCH 4/6] add changelog entry for previous PR --- .changes/bump-dependency-version-to-fix-vulnerability.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .changes/bump-dependency-version-to-fix-vulnerability.md diff --git a/.changes/bump-dependency-version-to-fix-vulnerability.md b/.changes/bump-dependency-version-to-fix-vulnerability.md new file mode 100644 index 0000000..d4dc356 --- /dev/null +++ b/.changes/bump-dependency-version-to-fix-vulnerability.md @@ -0,0 +1,5 @@ +--- +"iota-crypto": patch +--- + +Bump dependencies to fix vulnerability from `cargo audit`. From f10f8e8d5ca20e060ea5f76d056da7d5414a8797 Mon Sep 17 00:00:00 2001 From: Sebastian Wolfram Date: Wed, 14 Aug 2024 11:42:53 +0200 Subject: [PATCH 5/6] update coverage flag to be set as stable option --- .github/workflows/scripts/coverage.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scripts/coverage.sh b/.github/workflows/scripts/coverage.sh index 29f94af..5fd9b4e 100755 --- a/.github/workflows/scripts/coverage.sh +++ b/.github/workflows/scripts/coverage.sh @@ -7,7 +7,7 @@ mkdir coverage # Run tests with profiling instrumentation echo "Running instrumented unit tests..." -RUSTFLAGS="-Zinstrument-coverage" LLVM_PROFILE_FILE="crypto-rs-%m.profraw" cargo +nightly test --tests --all --all-features +RUSTFLAGS="-Cinstrument-coverage" LLVM_PROFILE_FILE="crypto-rs-%m.profraw" cargo +nightly test --tests --all --all-features # Merge all .profraw files into "crypto-rs.profdata" echo "Merging coverage data..." @@ -19,7 +19,7 @@ BINARIES="" for file in \ $( \ - RUSTFLAGS="-Zinstrument-coverage" \ + RUSTFLAGS="-Cinstrument-coverage" \ cargo +nightly test --tests --all --all-features --no-run --message-format=json \ | jq -r "select(.profile.test == true) | .filenames[]" \ | grep -v dSYM - \ From 4b251eff8b149eb595f7730559a36a05b980930f Mon Sep 17 00:00:00 2001 From: Sebastian Wolfram Date: Wed, 14 Aug 2024 11:57:05 +0200 Subject: [PATCH 6/6] add updated dependencies to change note --- .changes/bump-dependency-version-to-fix-vulnerability.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.changes/bump-dependency-version-to-fix-vulnerability.md b/.changes/bump-dependency-version-to-fix-vulnerability.md index d4dc356..9d28017 100644 --- a/.changes/bump-dependency-version-to-fix-vulnerability.md +++ b/.changes/bump-dependency-version-to-fix-vulnerability.md @@ -2,4 +2,4 @@ "iota-crypto": patch --- -Bump dependencies to fix vulnerability from `cargo audit`. +Bump dependencies to fix vulnerability from `cargo audit` (`curve25519-dalek`: 3.2 -> 4.1.3, `x25519-dalek`: 1.1 -> 2.0.1, `age`: 0.9 -> 0.10).