From 7d982f73c5b6a96d9f5ca2fbe5fce6263693644e Mon Sep 17 00:00:00 2001 From: Thomas Eizinger Date: Mon, 13 Nov 2023 11:46:54 +1100 Subject: [PATCH] deps(identity): bump `ring` to `v0.17.5` The `libp2p-identity` crate is a dependency of the entire ecosystem. We should keep its dependencies up to date as much as possible. At the moment, we can't bump `ring` across the entire workspace because we still need releases of `rustls` that update to the new `ring` version. Not all our users depend in `libp2p-tls` or `libp2p-quic` though. For those users, a bump in `libp2p-identity` will be useful. Pull-Request: #4779. --- Cargo.lock | 4 ++-- Cargo.toml | 2 +- identity/CHANGELOG.md | 5 +++++ identity/Cargo.toml | 4 ++-- identity/src/rsa.rs | 2 +- 5 files changed, 11 insertions(+), 6 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index cd0d090c4cd..cd01a4faacf 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2695,7 +2695,7 @@ dependencies = [ [[package]] name = "libp2p-identity" -version = "0.2.7" +version = "0.2.8" dependencies = [ "asn1_der", "base64 0.21.5", @@ -2710,7 +2710,7 @@ dependencies = [ "quick-protobuf", "quickcheck-ext", "rand 0.8.5", - "ring 0.16.20", + "ring 0.17.5", "rmp-serde", "sec1", "serde", diff --git a/Cargo.toml b/Cargo.toml index 0b9bc72d377..c05f93cd073 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -81,7 +81,7 @@ libp2p-dns = { version = "0.41.1", path = "transports/dns" } libp2p-floodsub = { version = "0.44.0", path = "protocols/floodsub" } libp2p-gossipsub = { version = "0.46.0", path = "protocols/gossipsub" } libp2p-identify = { version = "0.44.0", path = "protocols/identify" } -libp2p-identity = { version = "0.2.7" } +libp2p-identity = { version = "0.2.8" } libp2p-kad = { version = "0.45.1", path = "protocols/kad" } libp2p-mdns = { version = "0.45.0", path = "protocols/mdns" } libp2p-memory-connection-limits = { version = "0.2.0", path = "misc/memory-connection-limits" } diff --git a/identity/CHANGELOG.md b/identity/CHANGELOG.md index fbc51fcb200..004943ce195 100644 --- a/identity/CHANGELOG.md +++ b/identity/CHANGELOG.md @@ -1,3 +1,8 @@ +## 0.2.8 + +- Bump `ring` to `0.17.5. + See [PR 4779](https://github.com/libp2p/rust-libp2p/pull/4779). + ## 0.2.7 - Add `rand` feature to gate methods requiring a random number generator, enabling use in restricted environments (e.g. smartcontracts). diff --git a/identity/Cargo.toml b/identity/Cargo.toml index e09e8b0e2b2..1d5a8f4ac54 100644 --- a/identity/Cargo.toml +++ b/identity/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "libp2p-identity" -version = "0.2.7" +version = "0.2.8" edition = "2021" description = "Data structures and algorithms for identifying peers in libp2p." rust-version = { workspace = true } @@ -30,7 +30,7 @@ void = { version = "1.0", optional = true } zeroize = { version = "1.6", optional = true } [target.'cfg(not(target_arch = "wasm32"))'.dependencies] -ring = { version = "0.16.9", features = [ "alloc", "std"], default-features = false, optional = true } +ring = { version = "0.17.5", features = [ "alloc", "std"], default-features = false, optional = true } [features] secp256k1 = ["dep:libsecp256k1", "dep:asn1_der", "dep:sha2", "dep:hkdf", "dep:zeroize"] diff --git a/identity/src/rsa.rs b/identity/src/rsa.rs index f14b1975023..cbfe3c1b919 100644 --- a/identity/src/rsa.rs +++ b/identity/src/rsa.rs @@ -71,7 +71,7 @@ impl Keypair { /// Sign a message with this keypair. pub fn sign(&self, data: &[u8]) -> Result, SigningError> { - let mut signature = vec![0; self.0.public_modulus_len()]; + let mut signature = vec![0; self.0.public().modulus_len()]; let rng = SystemRandom::new(); match self.0.sign(&RSA_PKCS1_SHA256, &rng, data, &mut signature) { Ok(()) => Ok(signature),