From 49363fb6bb2e4b3480b5dc2faab2f13704bf4fa3 Mon Sep 17 00:00:00 2001 From: Alex Yusiuk Date: Fri, 7 Nov 2025 16:02:04 +0200 Subject: [PATCH 1/3] fix(picky): pin leftover pre-release crypto crates --- Cargo.lock | 4 ++++ picky/Cargo.toml | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/Cargo.lock b/Cargo.lock index 87801d98..b5ffaf29 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1257,7 +1257,9 @@ dependencies = [ "cipher", "crypto-bigint", "crypto-common", + "crypto-primes", "ctr", + "curve25519-dalek", "der", "des", "digest", @@ -1266,7 +1268,9 @@ dependencies = [ "ed25519-dalek", "elliptic-curve", "expect-test", + "ff", "ghash", + "group", "hex", "hkdf", "hmac", diff --git a/picky/Cargo.toml b/picky/Cargo.toml index ad58e7f5..31816389 100644 --- a/picky/Cargo.toml +++ b/picky/Cargo.toml @@ -105,6 +105,10 @@ pkcs1 = "=0.8.0-rc.4" keccak = "=0.2.0-rc.0" primefield = "=0.14.0-pre.6" primeorder = "=0.14.0-pre.9" +ff = { version = "=0.14.0-pre.0", default-features = false } +group = "=0.14.0-pre.0" +curve25519-dalek = "=5.0.0-pre.1" +crypto-primes = "=0.7.0-pre.3" [dev-dependencies] pretty_assertions = "1.4" From 965f37c275d62310e2b4c364843b015d33eef6b6 Mon Sep 17 00:00:00 2001 From: Alex Yusiuk Date: Fri, 7 Nov 2025 16:18:20 +0200 Subject: [PATCH 2/3] fix(ffi): pin argon2 and related crates --- Cargo.lock | 5 +++++ ffi/Cargo.toml | 10 +++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/Cargo.lock b/Cargo.lock index b5ffaf29..2e5c7aa0 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1369,11 +1369,16 @@ name = "picky-ffi" version = "0.0.0" dependencies = [ "argon2", + "blake2", + "block-buffer", + "crypto-common", + "digest", "diplomat", "diplomat-runtime", "embed-resource", "getrandom 0.3.4", "hex", + "password-hash", "picky", "picky-asn1", "picky-asn1-der", diff --git a/ffi/Cargo.toml b/ffi/Cargo.toml index c49419fe..04e2d9b4 100644 --- a/ffi/Cargo.toml +++ b/ffi/Cargo.toml @@ -20,7 +20,7 @@ picky-asn1 = { path = "../picky-asn1", default-features = false } picky-asn1-der = { path = "../picky-asn1-der" } picky-asn1-x509 = { path = "../picky-asn1-x509", features = ["legacy", "zeroize"] } -argon2 = "0.6.0-rc.1" +argon2 = "=0.6.0-rc.1" rand = "0.9" # FFI @@ -34,3 +34,11 @@ serde_json = "1" # WASM support [target.'cfg(target_arch = "wasm32")'.dependencies] getrandom = { version = "0.3", features = ["wasm_js"] } + +# Pin transitive dependencies versions. +# TODO: Remove when stable versions will be released. +blake2 = "=0.11.0-rc.2" +digest = "=0.11.0-rc.3" +crypto-common = "=0.2.0-rc.4" +block-buffer = "=0.11.0-rc.5" +password-hash = "=0.6.0-rc.1" \ No newline at end of file From 79a10220ed52029943f8f69ffe00bc71936eb15d Mon Sep 17 00:00:00 2001 From: Alex Yusiuk Date: Fri, 7 Nov 2025 16:19:00 +0200 Subject: [PATCH 3/3] update ffi/wasm/Cargo.lock --- ffi/wasm/Cargo.lock | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ffi/wasm/Cargo.lock b/ffi/wasm/Cargo.lock index 8cfda3c0..9d0a5495 100644 --- a/ffi/wasm/Cargo.lock +++ b/ffi/wasm/Cargo.lock @@ -683,14 +683,18 @@ dependencies = [ "cipher", "crypto-bigint", "crypto-common", + "crypto-primes", "ctr", + "curve25519-dalek", "der", "digest", "ecdsa", "ed25519", "ed25519-dalek", "elliptic-curve", + "ff", "ghash", + "group", "hex", "hkdf", "hmac",