Upgrade more crypto crates

2025-07-29 22:01:14 +03:00 · 2022-01-05 10:57:18 +01:00
parent 1377e09dbe
commit 767d7649ce
3 changed files with 21 additions and 12 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -1155,6 +1155,15 @@ dependencies = [
 "digest 0.9.0",
 ]

+[[package]]
+name = "hmac"
+version = "0.12.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ddca131f3e7f2ce2df364b57949a9d47915cfbd35e46cfee355ccebbf794d6a2"
+dependencies = [
+ "digest 0.10.1",
+]
+
 [[package]]
 name = "http"
 version = "0.2.6"
@ -1562,10 +1571,10 @@ dependencies = [
 "async-trait",
 "base64ct",
 "crypto-mac",
- "digest 0.9.0",
+ "digest 0.10.1",
 "ecdsa",
 "elliptic-curve",
- "hmac",
+ "hmac 0.12.0",
 "p256",
 "pkcs1",
 "pkcs8",
@ -1575,7 +1584,7 @@ dependencies = [
 "serde",
 "serde_json",
 "serde_with",
- "sha2 0.9.8",
+ "sha2 0.10.0",
 "signature",
 "thiserror",
 "tokio",
@ -2582,7 +2591,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "96ef608575f6392792f9ecf7890c00086591d29a83910939d430753f7c050525"
 dependencies = [
 "crypto-bigint",
- "hmac",
+ "hmac 0.11.0",
 "zeroize",
 ]

@ -3118,7 +3127,7 @@ dependencies = [
 "futures-util",
 "hashlink",
 "hex",
- "hmac",
+ "hmac 0.11.0",
 "indexmap",
 "itoa 1.0.1",
 "libc",
--- a/crates/jose/Cargo.toml
+++ b/crates/jose/Cargo.toml
@ -10,10 +10,10 @@ anyhow = "1.0.52"
 async-trait = "0.1.52"
 base64ct = { version = "1.0.1", features = ["std"] }
 crypto-mac = { version = "0.11.1", features = ["std"] }
-digest = "0.9.0"
+digest = "0.10.1"
 ecdsa = { version = "0.13.3", features = ["sign", "verify", "pem", "pkcs8"] }
 elliptic-curve = { version = "0.11.6", features = ["ecdh", "pem"] }
-hmac = "0.11.0"
+hmac = "0.12.0"
 p256 = { version = "0.10.0", features = ["ecdsa", "pem", "pkcs8"] }
 pkcs1 = { version = "0.3.1", features = ["pem", "pkcs8"] }
 pkcs8 = { version = "0.8.0", features = ["pem"] }
@ -23,7 +23,7 @@ sec1 = "0.2.1"
 serde = { version = "1.0.133", features = ["derive"] }
 serde_json = "1.0.74"
 serde_with = { version = "1.11.0", features = ["base64"] }
-sha2 = "0.9.8"
+sha2 = "0.10.0"
 signature = "1.4.0"
 thiserror = "1.0.30"
 tokio = { version = "1.15.0", features = ["macros", "rt"] }
--- a/crates/jose/src/keystore.rs
+++ b/crates/jose/src/keystore.rs
@ -19,7 +19,7 @@ use async_trait::async_trait;
 use base64ct::{Base64UrlUnpadded, Encoding};
 use digest::Digest;
 use ecdsa::VerifyingKey;
-use hmac::{Hmac, Mac, NewMac};
+use hmac::{Hmac, Mac};
 use p256::{NistP256, PublicKey};
 use pkcs1::EncodeRsaPublicKey;
 use pkcs8::EncodePublicKey;
@ -117,19 +117,19 @@ impl<'a> VerifyingKeystore for &SharedSecret<'a> {
            JsonWebSignatureAlgorithm::Hs256 => {
                let mut mac = Hmac::<Sha256>::new_from_slice(self.inner)?;
                mac.update(payload);
-                mac.verify(signature)?;
+                mac.verify(signature.try_into()?)?;
            }

            JsonWebSignatureAlgorithm::Hs384 => {
                let mut mac = Hmac::<Sha384>::new_from_slice(self.inner)?;
                mac.update(payload);
-                mac.verify(signature)?;
+                mac.verify(signature.try_into()?)?;
            }

            JsonWebSignatureAlgorithm::Hs512 => {
                let mut mac = Hmac::<Sha512>::new_from_slice(self.inner)?;
                mac.update(payload);
-                mac.verify(signature)?;
+                mac.verify(signature.try_into()?)?;
            }

            _ => bail!("unsupported algorithm"),