zcashd/qa/supply-chain/audits.toml

# cargo-vet audits file

[criteria.crypto-reviewed]
description = "The cryptographic code in this crate has been reviewed for correctness by a member of a designated set of cryptography experts within the project."

[criteria.license-reviewed]
description = "The license of this crate has been reviewed for compatibility with its usage in this repository. If the crate is not available under the MIT license, `contrib/debian/copyright` has been updated with a corresponding copyright notice for files under `depends/*/vendored-sources/CRATE_NAME`."

[[audits.aead]]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.4.3 -> 0.5.1"
notes = "Adds an AeadCore::generate_nonce function to generate random nonces, given a CryptoRng."

[[audits.anyhow]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.56 -> 1.0.61"
notes = "Update does not introduce new code. Minor build script changes look fine."

[[audits.bellman]]
who = "Jack Grigg <jack@z.cash>"
criteria = ["crypto-reviewed", "safe-to-deploy"]
delta = "0.13.0 -> 0.13.1"
notes = "Adds multi-threaded batch validation, which I checked against the existing single-threaded batch validation."

[[audits.chacha20]]
who = "Jack Grigg <jack@z.cash>"
criteria = ["crypto-reviewed", "safe-to-deploy"]
delta = "0.8.1 -> 0.8.2"
notes = "Unpins zeroize."

[[audits.chacha20]]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.8.2 -> 0.9.0"

[[audits.chacha20poly1305]]
who = "Jack Grigg <jack@z.cash>"
criteria = ["crypto-reviewed", "safe-to-deploy"]
delta = "0.9.0 -> 0.9.1"
notes = "Unpins zeroize."

[[audits.chacha20poly1305]]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.9.1 -> 0.10.1"
notes = "This mainly adapts to API changes between aead 0.4 and aead 0.5."

[[audits.cipher]]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.3.0 -> 0.4.3"
notes = "Significant rework of (mainly RustCrypto-internal) APIs."

[[audits.clearscreen]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.9 -> 1.0.10"
notes = "Bumps nix and removes some of its default features."

[[audits.crypto-common]]
who = "Jack Grigg <jack@z.cash>"
criteria = ["crypto-reviewed", "safe-to-deploy"]
delta = "0.1.3 -> 0.1.6"
notes = "New trait and type alias look fine."

[[audits.cxx]]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "1.0.68 -> 1.0.72"

[[audits.cxx]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.72 -> 1.0.76"
notes = "Impls Unpin for SharedPtr and UniquePtr. The rationale makes sense."

[[audits.cxxbridge-flags]]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "1.0.68 -> 1.0.72"

[[audits.cxxbridge-flags]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.72 -> 1.0.76"

[[audits.cxxbridge-macro]]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "1.0.68 -> 1.0.72"

[[audits.cxxbridge-macro]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.72 -> 1.0.76"

[[audits.equihash]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
version = "0.1.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.equihash]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.1.0 -> 0.2.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.f4jumble]]
who = "Jack Grigg <jack@z.cash>"
criteria = ["crypto-reviewed", "safe-to-deploy"]
version = "0.1.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.getrandom]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.2.6 -> 0.2.7"
notes = """
Checked that getrandom::wasi::getrandom_inner matches wasi::random_get.
Checked that getrandom::util_libc::Weak lock ordering matches std::sys::unix::weak::DlsymWeak.
"""

[[audits.halo2_gadgets]]
who = "Jack Grigg <jack@z.cash>"
criteria = ["crypto-reviewed", "safe-to-deploy"]
version = "0.1.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.halo2_gadgets]]
who = "Jack Grigg <jack@z.cash>"
criteria = ["crypto-reviewed", "safe-to-deploy"]
delta = "0.1.0 -> 0.2.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.halo2_proofs]]
who = "Jack Grigg <jack@z.cash>"
criteria = ["crypto-reviewed", "safe-to-deploy"]
version = "0.1.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.halo2_proofs]]
who = "Jack Grigg <jack@z.cash>"
criteria = ["crypto-reviewed", "safe-to-deploy"]
delta = "0.1.0 -> 0.2.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.inout]]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
version = "0.1.3"
notes = "Reviewed in full."

[[audits.itoa]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.1 -> 1.0.3"
notes = "Update makes no changes to code."

[[audits.mio]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.8.2 -> 0.8.4"
notes = """
Migrates from winapi to windows-sys. The changes to API usage look reasonable
based on what I've seen in other uses of the windows-sys crate. Unsafe code
falls into two categories:
- Usage of `mem::zeroed()`, which doesn't look obviously wrong. The
  `..unsafe { mem::zeroed() }` in `sys::unix::selector::kqueue` looks weird
  but AFAICT is saying \"take any unspecified fields from an instance of this
  struct that has been zero-initialized\", which is fine for integer fields. It
  would be nice if there was documentation to this effect (explaining why this
  is done instead of `..Default::default()`).
- Calls to Windows API methods. These are either pre-existing (and altered for
  the differences in the crate abstractions), or newly added in logic that
  appears to be copied from miow 0.3.6 (I scanned this by eye and didn't see
  any noteworthy changes other than handling windows-sys API differences).
"""

[[audits.num-integer]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.1.44 -> 0.1.45"
notes = "Fixes some argument-handling panic bugs."

[[audits.orchard]]
who = "Jack Grigg <jack@z.cash>"
criteria = ["crypto-reviewed", "safe-to-deploy"]
version = "0.1.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.orchard]]
who = "Jack Grigg <jack@z.cash>"
criteria = ["crypto-reviewed", "safe-to-deploy"]
delta = "0.1.0 -> 0.2.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.poly1305]]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.7.2 -> 0.8.0"
notes = "Changes to unsafe (avx2) code look reasonable."

[[audits.proc-macro2]]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "1.0.37 -> 1.0.41"

[[audits.serde]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.136 -> 1.0.143"
notes = "Bumps serde-derive and adds some constructors."

[[audits.serde_derive]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.136 -> 1.0.143"
notes = "Bumps syn, inverts some build flags."

[[audits.syn]]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "1.0.91 -> 1.0.98"

[[audits.thiserror]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.30 -> 1.0.32"
notes = "Bumps thiserror-impl, no code changes."

[[audits.thiserror-impl]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.30 -> 1.0.32"
notes = "Only change is to refine an error message."

[[audits.unicode-ident]]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
version = "1.0.2"

[[audits.universal-hash]]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.4.1 -> 0.5.0"
notes = "I checked correctness of to_blocks which uses unsafe code in a safe function."

[[audits.windows_aarch64_msvc]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-run"
version = "0.36.1"
notes = """
Adds a binary blob to the library search path, that contains a subset of
the Windows SDK to avoid a direct dependency on the latter. See
https://github.com/microsoft/windows-rs/pull/1217 for context. I did not
audit the binary blob, but the build script looks fine.
"""

[[audits.windows_i686_gnu]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-run"
version = "0.36.1"
notes = """
Adds a binary blob to the library search path, that contains a subset of
the Windows SDK to avoid a direct dependency on the latter. See
https://github.com/microsoft/windows-rs/pull/1217 for context. I did not
audit the binary blob, but the build script looks fine.
"""

[[audits.windows_i686_msvc]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-run"
version = "0.36.1"
notes = """
Adds a binary blob to the library search path, that contains a subset of
the Windows SDK to avoid a direct dependency on the latter. See
https://github.com/microsoft/windows-rs/pull/1217 for context. I did not
audit the binary blob, but the build script looks fine.
"""

[[audits.windows_x86_64_gnu]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-run"
version = "0.36.1"
notes = """
Adds a binary blob to the library search path, that contains a subset of
the Windows SDK to avoid a direct dependency on the latter. See
https://github.com/microsoft/windows-rs/pull/1217 for context. I did not
audit the binary blob, but the build script looks fine.
"""

[[audits.windows_x86_64_msvc]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-run"
version = "0.36.1"
notes = """
Adds a binary blob to the library search path, that contains a subset of
the Windows SDK to avoid a direct dependency on the latter. See
https://github.com/microsoft/windows-rs/pull/1217 for context. I did not
audit the binary blob, but the build script looks fine.
"""

[[audits.zcash_address]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
version = "0.1.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.zcash_encoding]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
version = "0.1.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.zcash_history]]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
version = "0.3.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.zcash_note_encryption]]
who = "Jack Grigg <jack@z.cash>"
criteria = ["crypto-reviewed", "safe-to-deploy"]
version = "0.1.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.zcash_primitives]]
who = "Jack Grigg <jack@z.cash>"
criteria = ["crypto-reviewed", "safe-to-deploy"]
version = "0.6.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.zcash_primitives]]
who = "Jack Grigg <jack@z.cash>"
criteria = ["crypto-reviewed", "safe-to-deploy"]
delta = "0.6.0 -> 0.7.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.zcash_proofs]]
who = "Jack Grigg <jack@z.cash>"
criteria = ["crypto-reviewed", "safe-to-deploy"]
version = "0.6.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.zcash_proofs]]
who = "Jack Grigg <jack@z.cash>"
criteria = ["crypto-reviewed", "safe-to-deploy"]
delta = "0.6.0 -> 0.7.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.zcash_proofs]]
who = "Jack Grigg <jack@z.cash>"
criteria = ["crypto-reviewed", "safe-to-deploy"]
delta = "0.7.0 -> 0.7.1"
notes = "The ECC core team maintains this crate, and we have reviewed every line."

[[audits.zeroize]]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "1.4.3 -> 1.5.7"
notes = "The zeroize_c_string unit test has UB, but that's very unlikely to cause a problem in practice."