2022-06-09 05:45:26 -07:00
# cargo-vet audits file
2022-06-09 07:50:00 -07:00
[ criteria . crypto-reviewed ]
description = "The cryptographic code in this crate has been reviewed for correctness by a member of a designated set of cryptography experts within the project."
[ criteria . license-reviewed ]
description = "The license of this crate has been reviewed for compatibility with its usage in this repository. If the crate is not available under the MIT license, `contrib/debian/copyright` has been updated with a corresponding copyright notice for files under `depends/*/vendored-sources/CRATE_NAME`."
2022-06-21 17:04:15 -07:00
2022-09-23 18:49:19 -07:00
[ [ audits . aead ] ]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.4.3 -> 0.5.1"
notes = "Adds an AeadCore::generate_nonce function to generate random nonces, given a CryptoRng."
2022-08-17 01:22:14 -07:00
[ [ audits . anyhow ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.56 -> 1.0.61"
notes = "Update does not introduce new code. Minor build script changes look fine."
2022-07-04 10:33:07 -07:00
[ [ audits . bellman ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = [ "crypto-reviewed" , "safe-to-deploy" ]
delta = "0.13.0 -> 0.13.1"
notes = "Adds multi-threaded batch validation, which I checked against the existing single-threaded batch validation."
2022-08-17 01:22:14 -07:00
[ [ audits . chacha20 ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = [ "crypto-reviewed" , "safe-to-deploy" ]
delta = "0.8.1 -> 0.8.2"
notes = "Unpins zeroize."
2022-09-23 18:49:19 -07:00
[ [ audits . chacha20 ] ]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.8.2 -> 0.9.0"
2022-08-17 01:22:14 -07:00
[ [ audits . chacha20poly1305 ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = [ "crypto-reviewed" , "safe-to-deploy" ]
delta = "0.9.0 -> 0.9.1"
notes = "Unpins zeroize."
2022-09-23 18:49:19 -07:00
[ [ audits . chacha20poly1305 ] ]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.9.1 -> 0.10.1"
notes = "This mainly adapts to API changes between aead 0.4 and aead 0.5."
[ [ audits . cipher ] ]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.3.0 -> 0.4.3"
notes = "Significant rework of (mainly RustCrypto-internal) APIs."
2022-08-17 01:22:14 -07:00
[ [ audits . clearscreen ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.9 -> 1.0.10"
notes = "Bumps nix and removes some of its default features."
[ [ audits . crypto-common ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = [ "crypto-reviewed" , "safe-to-deploy" ]
delta = "0.1.3 -> 0.1.6"
notes = "New trait and type alias look fine."
2022-07-25 05:46:44 -07:00
[ [ audits . cxx ] ]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "1.0.68 -> 1.0.72"
2022-09-22 19:46:38 -07:00
[ [ audits . cxx ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.72 -> 1.0.76"
notes = "Impls Unpin for SharedPtr and UniquePtr. The rationale makes sense."
2022-10-10 11:56:12 -07:00
[ [ audits . cxx ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.76 -> 1.0.78"
2022-07-25 05:46:44 -07:00
[ [ audits . cxxbridge-flags ] ]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "1.0.68 -> 1.0.72"
2022-09-22 19:46:38 -07:00
[ [ audits . cxxbridge-flags ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.72 -> 1.0.76"
2022-10-10 11:56:12 -07:00
[ [ audits . cxxbridge-flags ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.76 -> 1.0.78"
2022-07-25 05:46:44 -07:00
[ [ audits . cxxbridge-macro ] ]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "1.0.68 -> 1.0.72"
2022-09-22 19:46:38 -07:00
[ [ audits . cxxbridge-macro ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.72 -> 1.0.76"
2022-10-10 11:56:12 -07:00
[ [ audits . cxxbridge-macro ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.76 -> 1.0.78"
2022-06-09 09:06:27 -07:00
[ [ audits . equihash ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
version = "0.1.0"
2022-06-21 17:04:15 -07:00
notes = "The ECC core team maintains this crate, and we have reviewed every line."
2022-06-09 07:50:00 -07:00
2022-06-23 13:45:52 -07:00
[ [ audits . equihash ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.1.0 -> 0.2.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."
2022-06-09 09:06:27 -07:00
[ [ audits . f4jumble ] ]
who = "Jack Grigg <jack@z.cash>"
2022-07-05 11:16:34 -07:00
criteria = [ "crypto-reviewed" , "safe-to-deploy" ]
2022-06-09 09:06:27 -07:00
version = "0.1.0"
2022-06-21 17:04:15 -07:00
notes = "The ECC core team maintains this crate, and we have reviewed every line."
2022-06-09 09:06:27 -07:00
2022-08-17 01:22:14 -07:00
[ [ audits . getrandom ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.2.6 -> 0.2.7"
notes = "" "
Checked that getrandom : : wasi : : getrandom_inner matches wasi : : random_get .
Checked that getrandom : : util_libc : : Weak lock ordering matches std : : sys : : unix : : weak : : DlsymWeak .
"" "
2022-06-09 09:06:27 -07:00
[ [ audits . halo2_gadgets ] ]
who = "Jack Grigg <jack@z.cash>"
2022-07-05 11:16:34 -07:00
criteria = [ "crypto-reviewed" , "safe-to-deploy" ]
2022-06-09 09:06:27 -07:00
version = "0.1.0"
2022-06-21 17:04:15 -07:00
notes = "The ECC core team maintains this crate, and we have reviewed every line."
2022-06-09 09:06:27 -07:00
2022-06-23 13:45:52 -07:00
[ [ audits . halo2_gadgets ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = [ "crypto-reviewed" , "safe-to-deploy" ]
delta = "0.1.0 -> 0.2.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."
2022-06-09 09:06:27 -07:00
[ [ audits . halo2_proofs ] ]
who = "Jack Grigg <jack@z.cash>"
2022-07-05 11:16:34 -07:00
criteria = [ "crypto-reviewed" , "safe-to-deploy" ]
2022-06-09 09:06:27 -07:00
version = "0.1.0"
2022-06-21 17:04:15 -07:00
notes = "The ECC core team maintains this crate, and we have reviewed every line."
2022-06-09 09:06:27 -07:00
2022-06-23 13:45:52 -07:00
[ [ audits . halo2_proofs ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = [ "crypto-reviewed" , "safe-to-deploy" ]
delta = "0.1.0 -> 0.2.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."
2022-09-23 11:05:08 -07:00
[ [ audits . indexmap ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.8.1 -> 1.9.1"
notes = "I'm satisfied that the assertion guarding the new unsafe block is correct."
2022-09-23 18:49:19 -07:00
[ [ audits . inout ] ]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
version = "0.1.3"
notes = "Reviewed in full."
2022-08-17 01:22:14 -07:00
[ [ audits . itoa ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.1 -> 1.0.3"
notes = "Update makes no changes to code."
2022-09-25 15:38:24 -07:00
[ [ audits . memuse ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.2.0 -> 0.2.1"
notes = "Exposes an existing macro. Note that I am the author of the crate."
2022-09-23 11:05:08 -07:00
[ [ audits . metrics ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.19.0 -> 0.20.1"
[ [ audits . metrics-exporter-prometheus ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.10.0 -> 0.11.0"
[ [ audits . metrics-macros ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.5.1 -> 0.6.0"
[ [ audits . metrics-util ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.13.0 -> 0.14.0"
2022-08-17 01:22:14 -07:00
[ [ audits . mio ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.8.2 -> 0.8.4"
notes = "" "
Migrates from winapi to windows-sys . The changes to API usage look reasonable
based on what I ' ve seen in other uses of the windows-sys crate . Unsafe code
falls into two categories :
- Usage of ` mem : : zeroed ( ) ` , which doesn ' t look obviously wrong . The
` . . unsafe { mem : : zeroed ( ) } ` in ` sys : : unix : : selector : : kqueue ` looks weird
but AFAICT is saying \ " take any unspecified fields from an instance of this
struct that has been zero-initialized \ " , which is fine for integer fields . It
would be nice if there was documentation to this effect ( explaining why this
is done instead of ` . . Default : : default ( ) ` ) .
- Calls to Windows API methods . These are either pre-existing ( and altered for
the differences in the crate abstractions ) , or newly added in logic that
appears to be copied from miow 0.3 . 6 ( I scanned this by eye and didn ' t see
any noteworthy changes other than handling windows-sys API differences ) .
"" "
[ [ audits . num-integer ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.1.44 -> 0.1.45"
notes = "Fixes some argument-handling panic bugs."
2022-06-09 09:06:27 -07:00
[ [ audits . orchard ] ]
who = "Jack Grigg <jack@z.cash>"
2022-07-05 11:16:34 -07:00
criteria = [ "crypto-reviewed" , "safe-to-deploy" ]
2022-06-09 09:06:27 -07:00
version = "0.1.0"
2022-06-21 17:04:15 -07:00
notes = "The ECC core team maintains this crate, and we have reviewed every line."
2022-06-09 09:06:27 -07:00
2022-06-23 13:45:52 -07:00
[ [ audits . orchard ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = [ "crypto-reviewed" , "safe-to-deploy" ]
delta = "0.1.0 -> 0.2.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."
2022-09-23 11:05:08 -07:00
[ [ audits . parking_lot ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.11.2 -> 0.12.1"
notes = "Most `unsafe {}` changes were to reduce the scope of the unsafe blocks. I didn't closely review the migration to the asm! macro but it looks reasonable."
[ [ audits . parking_lot_core ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.8.5 -> 0.9.3"
2022-09-23 18:49:19 -07:00
[ [ audits . poly1305 ] ]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.7.2 -> 0.8.0"
notes = "Changes to unsafe (avx2) code look reasonable."
2022-07-25 05:46:44 -07:00
[ [ audits . proc-macro2 ] ]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "1.0.37 -> 1.0.41"
2022-09-23 11:05:08 -07:00
[ [ audits . quanta ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.9.3 -> 0.10.1"
2022-08-17 01:22:14 -07:00
[ [ audits . serde ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.136 -> 1.0.143"
notes = "Bumps serde-derive and adds some constructors."
[ [ audits . serde_derive ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.136 -> 1.0.143"
notes = "Bumps syn, inverts some build flags."
2022-09-23 11:05:08 -07:00
[ [ audits . sketches-ddsketch ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "0.1.3 -> 0.2.0"
notes = "I did not review the refactor, but there are no unsafe blocks and I didn't see any obvious changes that could result in panics."
2022-07-25 05:46:44 -07:00
[ [ audits . syn ] ]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "1.0.91 -> 1.0.98"
2022-08-17 01:22:14 -07:00
[ [ audits . thiserror ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.30 -> 1.0.32"
notes = "Bumps thiserror-impl, no code changes."
[ [ audits . thiserror-impl ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
delta = "1.0.30 -> 1.0.32"
notes = "Only change is to refine an error message."
2022-07-25 05:46:44 -07:00
[ [ audits . unicode-ident ] ]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
version = "1.0.2"
2022-09-23 18:49:19 -07:00
[ [ audits . universal-hash ] ]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "0.4.1 -> 0.5.0"
notes = "I checked correctness of to_blocks which uses unsafe code in a safe function."
2022-08-17 01:22:14 -07:00
[ [ audits . windows_aarch64_msvc ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-run"
version = "0.36.1"
notes = "" "
Adds a binary blob to the library search path , that contains a subset of
the Windows SDK to avoid a direct dependency on the latter . See
https : / / github . com / microsoft / windows-rs / pull / 1217 for context . I did not
audit the binary blob , but the build script looks fine .
"" "
[ [ audits . windows_i686_gnu ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-run"
version = "0.36.1"
notes = "" "
Adds a binary blob to the library search path , that contains a subset of
the Windows SDK to avoid a direct dependency on the latter . See
https : / / github . com / microsoft / windows-rs / pull / 1217 for context . I did not
audit the binary blob , but the build script looks fine .
"" "
[ [ audits . windows_i686_msvc ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-run"
version = "0.36.1"
notes = "" "
Adds a binary blob to the library search path , that contains a subset of
the Windows SDK to avoid a direct dependency on the latter . See
https : / / github . com / microsoft / windows-rs / pull / 1217 for context . I did not
audit the binary blob , but the build script looks fine .
"" "
[ [ audits . windows_x86_64_gnu ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-run"
version = "0.36.1"
notes = "" "
Adds a binary blob to the library search path , that contains a subset of
the Windows SDK to avoid a direct dependency on the latter . See
https : / / github . com / microsoft / windows-rs / pull / 1217 for context . I did not
audit the binary blob , but the build script looks fine .
"" "
[ [ audits . windows_x86_64_msvc ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-run"
version = "0.36.1"
notes = "" "
Adds a binary blob to the library search path , that contains a subset of
the Windows SDK to avoid a direct dependency on the latter . See
https : / / github . com / microsoft / windows-rs / pull / 1217 for context . I did not
audit the binary blob , but the build script looks fine .
"" "
2022-06-09 09:06:27 -07:00
[ [ audits . zcash_address ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
version = "0.1.0"
2022-06-21 17:04:15 -07:00
notes = "The ECC core team maintains this crate, and we have reviewed every line."
2022-06-09 09:06:27 -07:00
[ [ audits . zcash_encoding ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
version = "0.1.0"
2022-06-21 17:04:15 -07:00
notes = "The ECC core team maintains this crate, and we have reviewed every line."
2022-06-09 09:06:27 -07:00
[ [ audits . zcash_history ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = "safe-to-deploy"
version = "0.3.0"
2022-06-21 17:04:15 -07:00
notes = "The ECC core team maintains this crate, and we have reviewed every line."
2022-06-09 09:06:27 -07:00
[ [ audits . zcash_note_encryption ] ]
who = "Jack Grigg <jack@z.cash>"
2022-07-05 11:16:34 -07:00
criteria = [ "crypto-reviewed" , "safe-to-deploy" ]
2022-06-09 09:06:27 -07:00
version = "0.1.0"
2022-06-21 17:04:15 -07:00
notes = "The ECC core team maintains this crate, and we have reviewed every line."
2022-06-09 09:06:27 -07:00
[ [ audits . zcash_primitives ] ]
who = "Jack Grigg <jack@z.cash>"
2022-07-05 11:16:34 -07:00
criteria = [ "crypto-reviewed" , "safe-to-deploy" ]
2022-06-09 09:06:27 -07:00
version = "0.6.0"
2022-06-21 17:04:15 -07:00
notes = "The ECC core team maintains this crate, and we have reviewed every line."
2022-06-09 09:06:27 -07:00
2022-06-23 13:45:52 -07:00
[ [ audits . zcash_primitives ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = [ "crypto-reviewed" , "safe-to-deploy" ]
delta = "0.6.0 -> 0.7.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."
2022-06-09 09:06:27 -07:00
[ [ audits . zcash_proofs ] ]
who = "Jack Grigg <jack@z.cash>"
2022-07-05 11:16:34 -07:00
criteria = [ "crypto-reviewed" , "safe-to-deploy" ]
2022-06-09 09:06:27 -07:00
version = "0.6.0"
2022-06-21 17:04:15 -07:00
notes = "The ECC core team maintains this crate, and we have reviewed every line."
2022-06-09 05:45:26 -07:00
2022-06-23 13:45:52 -07:00
[ [ audits . zcash_proofs ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = [ "crypto-reviewed" , "safe-to-deploy" ]
delta = "0.6.0 -> 0.7.0"
notes = "The ECC core team maintains this crate, and we have reviewed every line."
2022-07-04 10:33:07 -07:00
[ [ audits . zcash_proofs ] ]
who = "Jack Grigg <jack@z.cash>"
criteria = [ "crypto-reviewed" , "safe-to-deploy" ]
delta = "0.7.0 -> 0.7.1"
notes = "The ECC core team maintains this crate, and we have reviewed every line."
2022-09-23 18:49:19 -07:00
[ [ audits . zeroize ] ]
who = "Daira Hopwood <daira@jacaranda.org>"
criteria = "safe-to-deploy"
delta = "1.4.3 -> 1.5.7"
notes = "The zeroize_c_string unit test has UB, but that's very unlikely to cause a problem in practice."