From d33e80faea45fe21517f1dcffade743371f35300 Mon Sep 17 00:00:00 2001 From: Shella Stephens Date: Mon, 29 Mar 2021 09:12:33 -0700 Subject: [PATCH] Update `rsa` to v0.4.0 & fix cargo audit (#246) * Bump rsa to v0.4.0 --- .github/workflows/security_audit.yml | 2 +- Cargo.lock | 170 ++++++++++++++------------- Cargo.toml | 4 +- src/certificate.rs | 2 +- src/key.rs | 2 +- 5 files changed, 93 insertions(+), 87 deletions(-) diff --git a/.github/workflows/security_audit.yml b/.github/workflows/security_audit.yml index a40357f..47d2f9c 100644 --- a/.github/workflows/security_audit.yml +++ b/.github/workflows/security_audit.yml @@ -42,4 +42,4 @@ jobs: uses: actions-rs/cargo@v1 with: command: audit - args: --deny-warnings --ignore RUSTSEC-2019-0031 # spin + args: --deny warnings --ignore RUSTSEC-2019-0031 # spin diff --git a/Cargo.lock b/Cargo.lock index ea0353d..99702d7 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -175,27 +175,26 @@ dependencies = [ [[package]] name = "der-oid-macro" -version = "0.3.0" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bd17d13ecf875e704369fdbde242483ac769fc18f6af21e43d5a692a079732fc" +checksum = "a4cccf60bb98c0fca115a581f894aed0e43fa55bf289fdac5599bec440bb4fd6" dependencies = [ "nom", - "num-bigint 0.3.2", + "num-bigint 0.4.0", "num-traits", - "proc-macro-hack", + "syn", ] [[package]] name = "der-parser" -version = "5.0.1" +version = "5.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "13e6cad1223a7b98b59275a56516ed8c40508d21284a32e404ed3fe2ae9a809a" +checksum = "120842c2385dea19347e2f6e31caa5dced5ba8afdfacaac16c59465fdd1168f2" dependencies = [ "der-oid-macro", "nom", - "num-bigint 0.3.2", + "num-bigint 0.4.0", "num-traits", - "proc-macro-hack", "rusticata-macros", ] @@ -241,7 +240,7 @@ dependencies = [ "generic-array", "group", "pkcs8", - "rand_core", + "rand_core 0.5.1", "subtle", "zeroize", ] @@ -266,7 +265,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "01646e077d4ebda82b73f1bca002ea1e91561a77df2431a9e79729bcc31950ef" dependencies = [ "bitvec 0.18.5", - "rand_core", + "rand_core 0.5.1", "subtle", ] @@ -297,6 +296,17 @@ dependencies = [ "wasi 0.9.0+wasi-snapshot-preview1", ] +[[package]] +name = "getrandom" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c9495705279e7140bf035dde1f6e750c162df8b625267cd52cc44e0b156732c8" +dependencies = [ + "cfg-if", + "libc", + "wasi 0.10.2+wasi-snapshot-preview1", +] + [[package]] name = "group" version = "0.8.0" @@ -304,7 +314,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cc11f9f5fbf1943b48ae7c2bf6846e7d827a512d1be4f23af708f5ca5d01dde1" dependencies = [ "ff", - "rand_core", + "rand_core 0.5.1", "subtle", ] @@ -355,9 +365,9 @@ checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4" [[package]] name = "js-sys" -version = "0.3.49" +version = "0.3.50" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dc15e39392125075f60c95ba416f5381ff6c3a948ff02ab12464715adf56c821" +checksum = "2d99f9e3e84b8f67f846ef5b4cbbc3b1c29f6c759fcbce6f01aa0e73d932a24c" dependencies = [ "wasm-bindgen", ] @@ -386,9 +396,9 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.90" +version = "0.2.91" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ba4aede83fc3617411dc6993bc8c70919750c1c257c6ca6a502aed6e0e2394ae" +checksum = "8916b1f6ca17130ec6568feccee27c156ad12037880833a3b842a823236502e7" [[package]] name = "libm" @@ -424,17 +434,6 @@ dependencies = [ "version_check", ] -[[package]] -name = "num-bigint" -version = "0.2.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "090c7f9998ee0ff65aa5b723e4009f7b217707f1fb5ea551329cc4d6231fb304" -dependencies = [ - "autocfg 1.0.1", - "num-integer", - "num-traits", -] - [[package]] name = "num-bigint" version = "0.3.2" @@ -447,10 +446,21 @@ dependencies = [ ] [[package]] -name = "num-bigint-dig" -version = "0.6.1" +name = "num-bigint" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5d51546d704f52ef14b3c962b5776e53d5b862e5790e40a350d366c209bd7f7a" +checksum = "4e0d047c1062aa51e256408c560894e5251f08925980e53cf1aa5bd00eec6512" +dependencies = [ + "autocfg 1.0.1", + "num-integer", + "num-traits", +] + +[[package]] +name = "num-bigint-dig" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4547ee5541c18742396ae2c895d0717d0f886d8823b8399cdaf7b07d63ad0480" dependencies = [ "autocfg 0.1.7", "byteorder", @@ -493,6 +503,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9a64b1ec5cda2586e284722486d802acf1f7dbdc623e2bfc57e65ca1cd099290" dependencies = [ "autocfg 1.0.1", + "libm", ] [[package]] @@ -537,9 +548,9 @@ dependencies = [ [[package]] name = "pbkdf2" -version = "0.7.4" +version = "0.7.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "297e1dad0e9de7af53235b833761351bf6bda57d6acb4f263b61a2ddf674f1dc" +checksum = "bf916dd32dd26297907890d99dc2740e33f6bd9073965af4ccff2967962f5508" dependencies = [ "crypto-mac", ] @@ -595,12 +606,6 @@ version = "0.2.10" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ac74c624d6b2d21f425f752262f42188365d7b8ff1aff74c82e45136510a4857" -[[package]] -name = "proc-macro-hack" -version = "0.5.19" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dbf0c48bc1d91375ae5c3cd81e3722dff1abcf81a30960240640d223f59fe0e5" - [[package]] name = "proc-macro2" version = "1.0.24" @@ -633,25 +638,24 @@ checksum = "941ba9d78d8e2f7ce474c015eea4d9c6d25b6a3327f9832ee29a4de27f91bbb8" [[package]] name = "rand" -version = "0.7.3" +version = "0.8.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6a6b1679d49b24bbfe0c803429aa1874472f50d9b363131f0e89fc356b544d03" +checksum = "0ef9e7e66b4468674bfcb0c81af8b7fa0bb154fa9f28eb840da5c447baeb8d7e" dependencies = [ - "getrandom", "libc", "rand_chacha", - "rand_core", + "rand_core 0.6.2", "rand_hc", ] [[package]] name = "rand_chacha" -version = "0.2.2" +version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f4c8ed856279c9737206bf725bf36935d8666ead7aa69b52be55af369d193402" +checksum = "e12735cf05c9e10bf21534da50a147b924d555dc7a547c42e6bb2d5b6017ae0d" dependencies = [ "ppv-lite86", - "rand_core", + "rand_core 0.6.2", ] [[package]] @@ -659,17 +663,23 @@ name = "rand_core" version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "90bde5296fc891b0cef12a6d03ddccc162ce7b2aff54160af9338f8d40df6d19" + +[[package]] +name = "rand_core" +version = "0.6.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "34cf66eb183df1c5876e2dcf6b13d57340741e8dc255b48e40a26de954d06ae7" dependencies = [ - "getrandom", + "getrandom 0.2.2", ] [[package]] name = "rand_hc" -version = "0.2.0" +version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ca3129af7b92a17112d59ad498c6f81eaf463253766b90396d39ea7a39d6613c" +checksum = "3190ef7066a446f2e7f42e239d161e905420ccab01eb967c9eb27d21b2322a73" dependencies = [ - "rand_core", + "rand_core 0.6.2", ] [[package]] @@ -706,9 +716,9 @@ dependencies = [ [[package]] name = "rsa" -version = "0.3.0" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3648b669b10afeab18972c105e284a7b953a669b0be3514c27f9b17acab2f9cd" +checksum = "68ef841a26fc5d040ced0417c6c6a64ee851f42489df11cdf0218e545b6f8d28" dependencies = [ "byteorder", "digest", @@ -719,10 +729,8 @@ dependencies = [ "num-traits", "pem", "rand", - "sha2", "simple_asn1", "subtle", - "thiserror", "zeroize", ] @@ -758,9 +766,9 @@ dependencies = [ [[package]] name = "serde" -version = "1.0.124" +version = "1.0.125" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bd761ff957cb2a45fbb9ab3da6512de9de55872866160b23c25f1a841e99d29f" +checksum = "558dc50e1a5a5fa7112ca2ce4effcb321b0300c0d4ccf0776a9f60cd89031171" [[package]] name = "sha-1" @@ -794,18 +802,19 @@ version = "1.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "29f060a7d147e33490ec10da418795238fd7545bba241504d6b31a409f2e6210" dependencies = [ - "rand_core", + "rand_core 0.5.1", ] [[package]] name = "simple_asn1" -version = "0.4.1" +version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "692ca13de57ce0613a363c8c2f1de925adebc81b04c923ac60c5488bb44abe4b" +checksum = "db8d597fce66eb0f19dd129b9956e4054cba21aeaf97d4116595027b670fac50" dependencies = [ "chrono", - "num-bigint 0.2.6", + "num-bigint 0.3.2", "num-traits", + "thiserror", ] [[package]] @@ -843,9 +852,9 @@ dependencies = [ [[package]] name = "syn" -version = "1.0.64" +version = "1.0.67" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3fd9d1e9976102a03c542daa2eff1b43f9d72306342f3f8b3ed5fb8908195d6f" +checksum = "6498a9efc342871f91cc2d0d694c674368b4ceb40f62b65a7a08c3792935e702" dependencies = [ "proc-macro2", "quote", @@ -901,12 +910,11 @@ dependencies = [ [[package]] name = "time" -version = "0.1.44" +version = "0.1.43" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6db9e6914ab8b1ae1c260a4ae7a49b6c5611b40328a735b21862567685e73255" +checksum = "ca8a50ef2360fbd1eeb0ecd46795a87a19024eb4b53c5dc916ca1fd95fe62438" dependencies = [ "libc", - "wasi 0.10.0+wasi-snapshot-preview1", "winapi", ] @@ -942,15 +950,15 @@ checksum = "cccddf32554fecc6acb585f82a32a72e28b48f8c4c1883ddfeeeaa96f7d8e519" [[package]] name = "wasi" -version = "0.10.0+wasi-snapshot-preview1" +version = "0.10.2+wasi-snapshot-preview1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1a143597ca7c7793eff794def352d41792a93c481eb1042423ff7ff72ba2c31f" +checksum = "fd6fbd9a79829dd1ad0cc20627bf1ed606756a7f77edff7b66b7064f9cb327c6" [[package]] name = "wasm-bindgen" -version = "0.2.72" +version = "0.2.73" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8fe8f61dba8e5d645a4d8132dc7a0a66861ed5e1045d2c0ed940fab33bac0fbe" +checksum = "83240549659d187488f91f33c0f8547cbfef0b2088bc470c116d1d260ef623d9" dependencies = [ "cfg-if", "wasm-bindgen-macro", @@ -958,9 +966,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-backend" -version = "0.2.72" +version = "0.2.73" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "046ceba58ff062da072c7cb4ba5b22a37f00a302483f7e2a6cdc18fedbdc1fd3" +checksum = "ae70622411ca953215ca6d06d3ebeb1e915f0f6613e3b495122878d7ebec7dae" dependencies = [ "bumpalo", "lazy_static", @@ -973,9 +981,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" -version = "0.2.72" +version = "0.2.73" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0ef9aa01d36cda046f797c57959ff5f3c615c9cc63997a8d545831ec7976819b" +checksum = "3e734d91443f177bfdb41969de821e15c516931c3c3db3d318fa1b68975d0f6f" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -983,9 +991,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.72" +version = "0.2.73" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "96eb45c1b2ee33545a813a92dbb53856418bf7eb54ab34f7f7ff1448a5b3735d" +checksum = "d53739ff08c8a68b0fdbcd54c372b8ab800b1449ab3c9d706503bc7dd1621b2c" dependencies = [ "proc-macro2", "quote", @@ -996,15 +1004,15 @@ dependencies = [ [[package]] name = "wasm-bindgen-shared" -version = "0.2.72" +version = "0.2.73" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b7148f4696fb4960a346eaa60bbfb42a1ac4ebba21f750f75fc1375b098d5ffa" +checksum = "d9a543ae66aa233d14bb765ed9af4a33e81b8b58d1584cf1b47ff8cd0b9e4489" [[package]] name = "web-sys" -version = "0.3.49" +version = "0.3.50" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "59fe19d70f5dacc03f6e46777213facae5ac3801575d56ca6cbd4c93dcd12310" +checksum = "a905d57e488fec8861446d3393670fb50d27a262344013181c2cdf9fff5481be" dependencies = [ "js-sys", "wasm-bindgen", @@ -1059,18 +1067,16 @@ dependencies = [ [[package]] name = "x509-parser" -version = "0.9.1" +version = "0.9.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "db7999ae290e75ec1d4dc8e9ff9870e48e3542a8f2e9c1e2e07d7ca02b459e10" +checksum = "64abca276c58f8341ddc13fd4bd6ae75993cc669043f5b34813c90f7dff04771" dependencies = [ "base64", "chrono", "data-encoding", - "der-oid-macro", "der-parser", "lazy_static", "nom", - "num-bigint 0.3.2", "oid-registry", "rusticata-macros", "rustversion", @@ -1102,7 +1108,7 @@ dependencies = [ "des", "elliptic-curve", "env_logger", - "getrandom", + "getrandom 0.1.16", "hmac", "lazy_static", "log", diff --git a/Cargo.toml b/Cargo.toml index 481515d..ba52c9d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -31,14 +31,14 @@ getrandom = "0.1" hmac = "0.10" log = "0.4" nom = "6" -num-bigint = { version = "0.6", features = ["rand"], package = "num-bigint-dig" } +num-bigint-dig = { version = "0.7", features = ["rand"], package = "num-bigint-dig" } num-traits = "0.2" num-integer = "0.1" pbkdf2 = { version = "0.7", default-features = false } p256 = "0.7" p384 = "0.6" pcsc = "2" -rsa = "0.3" +rsa = "0.4" secrecy = "0.7" sha-1 = "0.9" sha2 = "0.9" diff --git a/src/certificate.rs b/src/certificate.rs index 4146a26..947fbe2 100644 --- a/src/certificate.rs +++ b/src/certificate.rs @@ -41,7 +41,7 @@ use crate::{ use chrono::{DateTime, Utc}; use elliptic_curve::sec1::EncodedPoint as EcPublicKey; use log::error; -use num_bigint::BigUint; +use num_bigint_dig::BigUint; use p256::NistP256; use p384::NistP384; use rsa::{PublicKeyParts, RSAPublicKey}; diff --git a/src/key.rs b/src/key.rs index 89f41a5..7f4edad 100644 --- a/src/key.rs +++ b/src/key.rs @@ -59,7 +59,7 @@ use crate::{ use elliptic_curve::sec1::EncodedPoint as EcPublicKey; use log::{error, warn}; #[cfg(feature = "untested")] -use num_bigint::traits::ModInverse; +use num_bigint_dig::traits::ModInverse; #[cfg(feature = "untested")] use num_integer::Integer; #[cfg(feature = "untested")]