update rand and curve25519-dalek crates #33
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Note that because of the new MSRV, the next spake2 release that includes this change should be at least version |
This reduces our dependency load: the latest rand_core includes a basic OsRng, which is all we need, so we don't need to pull in the entire rand hierarchy. Since the curve25519-dalek API includes the RngCore and CryptoRng traits, we must update to the latest version so they'll match. This also pulls in zeroize, which uses a feature named `alloc` that did not stabilize until rustc 1.36. This increases the 'spake2' MSRV to rust-1.36.
This reduces our dependency load: the latest rand_core includes a basic OsRng, which is all we need, so we don't need to pull in the entire rand hierarchy. The 'srp' MSRV remains at rust-1.32.
'srp' now requires 1.32, and 'spake2' now requires 1.36. It would take more work to change the travis config to exercise the two builds separately, so I'm only going to have it test 1.36.
warner
force-pushed
the
21-update-rand-hkdf-dalek
branch
from
54f9278 to
69e8db0
Compare
Open
|
This might also make it easier to add |
|
@warner we've bumped MSRV to 1.41.0 now. Also there are newer releases you can upgrade to. |
tarcieri
added a commit
that referenced
this pull request
Jan 22, 2022
This is a continuation of #33. It bumps `curve25519-dalek` to the latest stable release and replaces the `rand` crate with the version of `rand_core` which is compatible with `curve25519-dalek`: v0.5 (which is still a version behind)
tarcieri
added a commit
that referenced
this pull request
Jan 22, 2022
This is a continuation of #33. It bumps `curve25519-dalek` to the latest stable release and replaces the `rand` crate with the version of `rand_core` which is compatible with `curve25519-dalek`: v0.5 (which is still a version behind)
|
Continued as #85 |
tarcieri
added a commit
that referenced
this pull request
Jan 22, 2022
This is a continuation of #33. It bumps `curve25519-dalek` to the latest stable release and replaces the `rand` crate with the version of `rand_core` which is compatible with `curve25519-dalek`: v0.5 (which is still a version behind)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This now only needs
rand_core, not the fullrandhierarchy, because the latestrand_coreincludes a basicOsRngfunction.The latest curve25519-dalek uses
zeroize, which uses theallocfeature, which raises thespake2MSRV to rustc-1.36 .It upgrades
srpto userand_coreas well. ThesrpMSRV remains at rustc-1.32 .I update the travis config to exercise 1.36, because it seemed too hard to make it test srp/spake2 with different versions.
fixes #21
@newpavlov you might want to defer this until you made the SRP API changes you mentioned in #21