chore(deps): upgrade RustCrypto stack to latest versions#25
Open
zonyitoo wants to merge 1 commit into
Open
Conversation
Upgrade all cryptography dependencies to their latest versions and
migrate the codebase to the new RustCrypto 0.11 ecosystem APIs.
Dependency updates:
- aes-gcm 0.10 -> 0.11.0-rc.3
- aes-gcm-siv 0.11 -> 0.12.0-rc.3
- ccm 0.5 -> 0.6.0-rc.3
- chacha20poly1305 0.10 -> 0.11.0-rc.3
- aead 0.5 -> 0.6.0-rc.10
- aes 0.8 -> 0.9
- chacha20 0.9 -> 0.10
- ctr 0.9 -> 0.10
- camellia 0.1 -> 0.2
- sm4 0.5 -> 0.6
- ghash 0.5 -> 0.6
- subtle 2.5 -> 2.6
- bytes 1.3 -> 1.11
- blake3 1.3 -> 1.8
The AEAD crates remain on their 0.11 rc releases because the stable
0.10 line still pins aes 0.8 and ghash 0.5, which would conflict with
the upgraded block/universal-hash stack.
API migration:
- Replace aead::generic_array with aead::array (hybrid-array)
- Replace AeadInPlace with AeadInOut (encrypt_inout_detached /
decrypt_inout_detached take InOutBuf)
- Update AeadCore impl for SM4-GCM: drop CiphertextOverhead, add
TAG_POSITION constant
- Replace deprecated Array::from_slice / from_mut_slice with TryFrom
- Rename cipher::{BlockEncrypt, BlockDecrypt} imports to their
BlockCipher{Encrypt,Decrypt} counterparts
- Import Unsigned from typenum (cipher::typenum / aead::array::typenum)
- Use cipher::Iv for chacha20 nonce (Nonce is no longer re-exported)
Also bump rust-version to 1.85 to match the MSRV of the new
RustCrypto crates.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Upgrade all cryptography dependencies to their latest versions and migrate the codebase to the new RustCrypto 0.11 ecosystem APIs.
Dependency updates
The AEAD crates remain on their 0.11 release candidates because the current stable 0.10 line still pins
aes 0.8andghash 0.5, which would conflict with the upgraded block/universal-hash stack. Moving the entire stack together keeps dependency resolution clean.API migration
aead::generic_arraywithaead::array(hybrid-array)AeadInPlacewithAeadInOut—encrypt_inout_detached/decrypt_inout_detachednow take anInOutBufAeadCoreimpl: dropCiphertextOverhead, add the newTAG_POSITIONassociated constantArray::from_slice/from_mut_slicewithTryFromcipher::{BlockEncrypt, BlockDecrypt}imports to theirBlockCipher{Encrypt,Decrypt}counterpartsUnsignedfromtypenum(cipher::typenum/aead::array::typenum) since the re-export atcipher::Unsignedwas removedcipher::Ivfor ChaCha20 nonce (chacha20::Nonceis no longer re-exported)Also bumps
rust-versionto 1.85 to match the MSRV of the new RustCrypto crates.Verification
cargo build --features "v1-stream v1-aead-extra v2-extra"— 0 errors, 0 warningscargo test --features "v1-stream v1-aead-extra v2-extra"— 25/25 passingcargo test --features "v1-stream v1-aead-extra v2-extra aws-lc"— 25/25 passingNote
The pre-existing
ringfeature remains broken (theringbranch inaes_gcm.rsandchacha20_poly1305.rsdeclares helper traits but never exposes theAes128Gcm/Aes256Gcm/ChaCha20Poly1305structs). This bug existed before this PR and is unrelated to the dependency upgrade.