-
Notifications
You must be signed in to change notification settings - Fork 147
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update cryptography dependencies #1345
Update cryptography dependencies #1345
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I did not review the changes in forks so in that sense my review is not complete. The code changes here all looked fine, just the changes in cargo toml looked problematic
- Don't use personal forks
- Pin to revisions not branches or else repeatable builds are undermined
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Mostly looks good, I agree with Chris' comments as well, and there are a couple show-stoppers that have crept in.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, will give formal approval once the other PRs have been merged and we've branched for 1.2.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
approved based on reading all the dependent PRs
Bumps [blake2](https://github.com/RustCrypto/hashes) from 0.9.2 to 0.10.2. - [Release notes](https://github.com/RustCrypto/hashes/releases) - [Commits](RustCrypto/hashes@blake2-v0.9.2...blake2-v0.10.2) --- updated-dependencies: - dependency-name: blake2 dependency-type: direct:production update-type: version-update:semver-minor
…+Sized, and introduce a similar NoiseDigest type
b748736
to
782ffcd
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This mostly LGTM, the main thing is making sure we're explictly requiring hkdf = "0.12.3"
, because we need at least 0.12.1, but there were various bugs fixed going into 0.12.3 that we need.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM thank you
Motivation
There are some breaking changes in
digest
, which have cascaded to other crates so we have to update all the crates that depend on it transitively.Builds on:
mobilecoinfoundation/KDFs#1
mobilecoinfoundation/bulletproofs#2
mobilecoinfoundation/curve25519-dalek#2
mobilecoinfoundation/ed25519-dalek#2
mobilecoinfoundation/x25519-dalek#2
mobilecoinfoundation/schnorrkel#2
In this PR
Fixes #1089.
Future Work