Upgrade crypto deps (#3059)

* Upgrade aes and fpe * Upgrade bellman, bls12_381, jubjub to latest * Upgrade x25519-dalek to 1.2.0 and curve25519-dalek to 3.2.0 in the Cargo.lock * Skip outdated hdrhistogram rather than its dependencies Co-authored-by: teor <teor@riseup.net>
2021-11-16 14:47:54 -05:00 · 2021-11-16 14:47:54 -05:00 · 90da94fff3
parent 43c6d013a7
commit 90da94fff3
5 changed files with 75 additions and 184 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -68,17 +68,6 @@ dependencies = [
 "generic-array",
 ]

-[[package]]
-name = "aes"
-version = "0.6.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "884391ef1066acaa41e766ba8f596341b96e93ce34f9a43e7d24bf0a0eaf0561"
-dependencies = [
- "aes-soft",
- "aesni",
- "cipher 0.2.5",
-]
-
 [[package]]
 name = "aes"
 version = "0.7.5"
@ -86,31 +75,11 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9e8b47f52ea9bae42228d07ec09eb676433d7c4ed1ebdf0f1d1c29ed446f1ab8"
 dependencies = [
 "cfg-if 1.0.0",
- "cipher 0.3.0",
+ "cipher",
 "cpufeatures",
 "opaque-debug",
 ]

-[[package]]
-name = "aes-soft"
-version = "0.6.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "be14c7498ea50828a38d0e24a765ed2effe92a705885b57d029cd67d45744072"
-dependencies = [
- "cipher 0.2.5",
- "opaque-debug",
-]
-
-[[package]]
-name = "aesni"
-version = "0.10.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ea2e11f5e94c2f7d386164cc2aa1f97823fed6f259e486940a71c174dd01b0ce"
-dependencies = [
- "cipher 0.2.5",
- "opaque-debug",
-]
-
 [[package]]
 name = "ahash"
 version = "0.7.4"
@ -272,21 +241,22 @@ checksum = "cf9ff0bbfd639f15c74af777d81383cf53efb7c93613f6cab67c6c11e05bbf8b"

 [[package]]
 name = "bellman"
-version = "0.10.0"
+version = "0.11.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7db9a104adfbc817ea09dec27d616c32dbf1d56fd741dcdc2444a3dfa1b9fffd"
+checksum = "0944d18a9a37691b87733b39c9360c9950af9aa5f97e2455bc108d8eb64fc1c1"
 dependencies = [
 "bitvec",
 "blake2s_simd",
 "byteorder",
- "crossbeam",
- "ff 0.10.0",
- "futures 0.1.30",
- "futures-cpupool",
- "group 0.10.0",
+ "crossbeam-channel 0.5.1",
+ "ff 0.11.0",
+ "group 0.11.0",
+ "lazy_static",
+ "log",
 "num_cpus",
- "pairing 0.20.0",
+ "pairing",
 "rand_core 0.6.3",
+ "rayon",
 "subtle",
 ]

@ -429,16 +399,6 @@ dependencies = [
 "generic-array",
 ]

-[[package]]
-name = "block-modes"
-version = "0.7.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "57a0e8073e8baa88212fb5823574c02ebccb395136ba9a164ab89379ec6072f0"
-dependencies = [
- "block-padding",
- "cipher 0.2.5",
-]
-
 [[package]]
 name = "block-modes"
 version = "0.8.1"
@ -446,7 +406,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2cb03d1bed155d89dce0f845b7899b18a9a163e148fd004e1c28421a783e2d8e"
 dependencies = [
 "block-padding",
- "cipher 0.3.0",
+ "cipher",
 ]

 [[package]]
@ -462,8 +422,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "54757888b09a69be70b5ec303e382a74227392086ba808cb01eeca29233a2397"
 dependencies = [
 "ff 0.10.0",
- "group 0.10.0",
- "pairing 0.20.0",
 "rand_core 0.6.3",
 "subtle",
 ]
@ -476,7 +434,7 @@ checksum = "6d28daeeded7949f1c7c72693377c98473b00be0aa0023760a84a300e4e7c74b"
 dependencies = [
 "ff 0.11.0",
 "group 0.11.0",
- "pairing 0.21.0",
+ "pairing",
 "rand_core 0.6.3",
 "subtle",
 ]
@ -584,7 +542,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "01b72a433d0cf2aef113ba70f62634c56fddb0f244e6377185c56a7cadbd8f91"
 dependencies = [
 "cfg-if 1.0.0",
- "cipher 0.3.0",
+ "cipher",
 "cpufeatures",
 "zeroize",
 ]
@ -597,7 +555,7 @@ checksum = "3b84ed6d1d5f7aa9bdde921a5090e0ca4d934d250ea3b402a5fab3a994e28a2a"
 dependencies = [
 "aead",
 "chacha20",
- "cipher 0.3.0",
+ "cipher",
 "poly1305",
 "zeroize",
 ]
@ -616,15 +574,6 @@ dependencies = [
 "winapi",
 ]

-[[package]]
-name = "cipher"
-version = "0.2.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "12f8e7987cbd042a63249497f41aed09f8e65add917ea6566effbc56578d6801"
-dependencies = [
- "generic-array",
-]
-
 [[package]]
 name = "cipher"
 version = "0.3.0"
@ -949,9 +898,9 @@ dependencies = [

 [[package]]
 name = "curve25519-dalek"
-version = "3.0.0"
+version = "3.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c8492de420e9e60bc9a1d66e2dbb91825390b738a388606600663fc529b4b307"
+checksum = "0b9fdf9972b2bd6af2d913799d9ebc165ea4d2e65878e329d9c6b372c4491b61"
 dependencies = [
 "byteorder",
 "digest",
@ -1204,29 +1153,16 @@ dependencies = [
 "percent-encoding",
 ]

-[[package]]
-name = "fpe"
-version = "0.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a25080721bbcd2cd4d765b7d607ea350425fa087ce53cd3e31afcacdab850352"
-dependencies = [
- "aes 0.6.0",
- "block-modes 0.7.0",
- "num-bigint 0.3.3",
- "num-integer",
- "num-traits",
-]
-
 [[package]]
 name = "fpe"
 version = "0.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "fcf3e40fc9accc7218e082db8a75aeea244b8f5db73e591774ef93b4276365e6"
 dependencies = [
- "block-modes 0.8.1",
- "cipher 0.3.0",
+ "block-modes",
+ "cipher",
 "libm",
- "num-bigint 0.4.2",
+ "num-bigint",
 "num-integer",
 "num-traits",
 ]
@ -1243,12 +1179,6 @@ version = "1.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1847abb9cb65d566acd5942e94aea9c8f547ad02c98e1649326fc0e8910b8b1e"

-[[package]]
-name = "futures"
-version = "0.1.30"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4c7e4c2612746b0df8fed4ce0c69156021b704c9aefa360311c04e6e9e002eed"
-
 [[package]]
 name = "futures"
 version = "0.3.17"
@ -1280,16 +1210,6 @@ version = "0.3.17"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "88d1c26957f23603395cd326b0ffe64124b818f4449552f960d815cfba83a53d"

-[[package]]
-name = "futures-cpupool"
-version = "0.1.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ab90cde24b3319636588d0c35fe03b1333857621051837ed769faefb4c2162e4"
-dependencies = [
- "futures 0.1.30",
- "num_cpus",
-]
-
 [[package]]
 name = "futures-executor"
 version = "0.3.17"
@ -2145,17 +2065,6 @@ dependencies = [
 "winapi",
 ]

-[[package]]
-name = "num-bigint"
-version = "0.3.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5f6f7833f2cbf2360a6cfd58cd41a53aa7a90bd4c202f5b1c7dd2ed73c57b2c3"
-dependencies = [
- "autocfg",
- "num-integer",
- "num-traits",
-]
-
 [[package]]
 name = "num-bigint"
 version = "0.4.2"
@ -2235,13 +2144,13 @@ name = "orchard"
 version = "0.0.0"
 source = "git+https://github.com/zcash/orchard.git?rev=2c8241f25b943aa05203eacf9905db117c69bd29#2c8241f25b943aa05203eacf9905db117c69bd29"
 dependencies = [
- "aes 0.7.5",
+ "aes",
 "arrayvec 0.7.1",
 "bigint",
 "bitvec",
 "blake2b_simd",
 "ff 0.11.0",
- "fpe 0.5.0",
+ "fpe",
 "group 0.11.0",
 "halo2",
 "incrementalmerkletree",
@ -2286,15 +2195,6 @@ version = "3.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f9ad6d222cdc2351ccabb7af4f68bfaecd601b33c5f10d410ec89d2a273f6fff"

-[[package]]
-name = "pairing"
-version = "0.20.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7de9d09263c9966e8196fe0380c9dbbc7ea114b5cf371ba29004bc1f9c6db7f3"
-dependencies = [
- "group 0.10.0",
-]
-
 [[package]]
 name = "pairing"
 version = "0.21.0"
@ -3721,7 +3621,7 @@ version = "0.2.16"
 dependencies = [
 "color-eyre",
 "ed25519-zebra",
- "futures 0.3.17",
+ "futures",
 "futures-core",
 "pin-project 1.0.7",
 "rand 0.8.4",
@ -4308,9 +4208,9 @@ dependencies = [

 [[package]]
 name = "x25519-dalek"
-version = "1.1.1"
+version = "1.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5a0c105152107e3b96f6a00a65e86ce82d9b125230e1c4302940eca58ff71f4f"
+checksum = "2392b6b94a576b4e2bf3c5b2757d63f10ada8020a2e4d08ac849ebcf6ea8e077"
 dependencies = [
 "curve25519-dalek",
 "rand_core 0.5.1",
@ -4357,7 +4257,7 @@ name = "zcash_primitives"
 version = "0.5.0"
 source = "git+https://github.com/zcash/librustzcash.git?rev=53d0a51d33a421cb76d3e3124d1e4c1c9036068e#53d0a51d33a421cb76d3e3124d1e4c1c9036068e"
 dependencies = [
- "aes 0.7.5",
+ "aes",
 "bip0039",
 "bitvec",
 "blake2b_simd",
@ -4367,7 +4267,7 @@ dependencies = [
 "chacha20poly1305",
 "equihash 0.1.0 (git+https://github.com/zcash/librustzcash.git?rev=53d0a51d33a421cb76d3e3124d1e4c1c9036068e)",
 "ff 0.11.0",
- "fpe 0.5.0",
+ "fpe",
 "group 0.11.0",
 "hex",
 "incrementalmerkletree",
@ -4409,14 +4309,14 @@ dependencies = [
 name = "zebra-chain"
 version = "1.0.0-beta.0"
 dependencies = [
- "aes 0.6.0",
+ "aes",
 "bech32",
 "bigint",
 "bitflags",
 "bitvec",
 "blake2b_simd",
 "blake2s_simd",
- "bls12_381 0.5.0",
+ "bls12_381 0.6.0",
 "bs58",
 "byteorder",
 "chrono",
@ -4425,14 +4325,14 @@ dependencies = [
 "displaydoc",
 "ed25519-zebra",
 "equihash 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)",
- "fpe 0.4.0",
- "futures 0.3.17",
+ "fpe",
+ "futures",
 "group 0.11.0",
 "halo2",
 "hex",
 "incrementalmerkletree",
 "itertools 0.10.1",
- "jubjub 0.7.0",
+ "jubjub 0.8.0",
 "lazy_static",
 "orchard",
 "proptest",
@ -4468,14 +4368,14 @@ version = "1.0.0-beta.0"
 dependencies = [
 "bellman",
 "blake2b_simd",
- "bls12_381 0.5.0",
+ "bls12_381 0.6.0",
 "chrono",
 "color-eyre",
 "displaydoc",
- "futures 0.3.17",
+ "futures",
 "futures-util",
 "halo2",
- "jubjub 0.7.0",
+ "jubjub 0.8.0",
 "lazy_static",
 "metrics",
 "once_cell",
@ -4509,7 +4409,7 @@ dependencies = [
 "byteorder",
 "bytes 1.1.0",
 "chrono",
- "futures 0.3.17",
+ "futures",
 "hex",
 "indexmap",
 "lazy_static",
@ -4559,11 +4459,11 @@ dependencies = [
 "color-eyre",
 "dirs",
 "displaydoc",
- "futures 0.3.17",
+ "futures",
 "halo2",
 "hex",
 "itertools 0.10.1",
- "jubjub 0.7.0",
+ "jubjub 0.8.0",
 "lazy_static",
 "metrics",
 "multiset",
@ -4589,7 +4489,7 @@ name = "zebra-test"
 version = "1.0.0-beta.0"
 dependencies = [
 "color-eyre",
- "futures 0.3.17",
+ "futures",
 "hex",
 "lazy_static",
 "once_cell",
@ -4631,7 +4531,7 @@ dependencies = [
 "chrono",
 "color-eyre",
 "dirs",
- "futures 0.3.17",
+ "futures",
 "gumdrop",
 "hyper",
 "inferno",
@ -4668,9 +4568,9 @@ dependencies = [

 [[package]]
 name = "zeroize"
-version = "1.4.2"
+version = "1.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bf68b08513768deaa790264a7fac27a58cbf2705cfcdc9448362229217d7e970"
+checksum = "4756f7db3f7b5574938c3eb1c117038b8e07f95ee6718c0efad4ac21508f1efd"
 dependencies = [
 "zeroize_derive",
 ]
--- a/deny.toml
+++ b/deny.toml
@ -34,12 +34,6 @@ skip-tree = [
    # ticket #2953: tracing dependencies
    { name = "tracing-subscriber", version = "=0.1.6" },

-    # ticket #2952: cryptography dependencies
-    { name = "aes", version = "=0.6.0" },
-    { name = "bellman", version = "=0.10.0" },
-    { name = "bls12_381", version = "=0.5.0" },
-    { name = "fpe", version = "=0.4.0" },
-
    # ticket #2982: librustzcash and orchard git versions
    # Note that the equihash duplication is probably because `zcash_primitives`
    # (which imports it with a path import) is being imported as a git dependency.
@ -61,8 +55,8 @@ skip-tree = [
    # tickets #2985 and #2391: tempdir & rand dependencies
    { name = "tempdir", version = "=0.3.7" },

-    # ticket #2998: base64 dependencies
-    { name = "base64", version = "=0.10.1" },
+    # ticket #2998: hdrhistogram dependencies
+    { name = "hdrhistogram", version = "=6.3.4" },

    # ticket #2999: http dependencies
    { name = "bytes", version = "=0.5.6" },
--- a/zebra-chain/Cargo.toml
+++ b/zebra-chain/Cargo.toml
@ -13,25 +13,25 @@ proptest-impl = ["proptest", "proptest-derive", "itertools", "zebra-test", "rand
 bench = ["zebra-test"]

 [dependencies]
-aes = "0.6"
+aes = "0.7.5"
 bech32 = "0.8.1"
 bigint = "4.4.3"
 bitflags = "1.2.1"
 bitvec = "0.22"
 blake2b_simd = "0.5.11"
 blake2s_simd = "0.5.11"
-bls12_381 = "0.5.0"
+bls12_381 = "0.6.0"
 bs58 = { version = "0.4", features = ["check"] }
 byteorder = "1.4"
 chrono = { version = "0.4", features = ["serde"] }
 displaydoc = "0.2.2"
-fpe = "0.4"
+fpe = "0.5.0"
 futures = "0.3"
-group = "0.11"
+group = "0.11.0"
 halo2 = "=0.1.0-beta.1"
 hex = "0.4"
 incrementalmerkletree = "0.1.0"
-jubjub = "0.7.0"
+jubjub = "0.8.0"
 lazy_static = "1.4.0"
 orchard = { git = "https://github.com/zcash/orchard.git", rev = "2c8241f25b943aa05203eacf9905db117c69bd29" }
 rand_core = "0.6"
@ -43,7 +43,7 @@ sha2 = { version = "0.9.8", features=["compress"] }
 subtle = "2.4"
 thiserror = "1"
 uint = "0.9.1"
-x25519-dalek = { version = "1.1", features = ["serde"] }
+x25519-dalek = { version = "1.2.0", features = ["serde"] }
 zcash_history = { git = "https://github.com/zcash/librustzcash.git", rev = "53d0a51d33a421cb76d3e3124d1e4c1c9036068e" }
 zcash_primitives = { git = "https://github.com/zcash/librustzcash.git", rev = "53d0a51d33a421cb76d3e3124d1e4c1c9036068e" }
 zcash_note_encryption = { git = "https://github.com/zcash/librustzcash.git", rev = "53d0a51d33a421cb76d3e3124d1e4c1c9036068e" }
--- a/zebra-consensus/Cargo.toml
+++ b/zebra-consensus/Cargo.toml
@ -11,11 +11,11 @@ proptest-impl = ["proptest", "proptest-derive", "zebra-chain/proptest-impl"]

 [dependencies]
 blake2b_simd = "0.5.11"
-bellman = "0.10.0"
-bls12_381 = "0.5.0"
+bellman = "0.11.1"
+bls12_381 = "0.6.0"
 chrono = "0.4.19"
 displaydoc = "0.2.2"
-jubjub = "0.7.0"
+jubjub = "0.8.0"
 lazy_static = "1.4.0"
 once_cell = "1.8"
 rand = "0.8"
--- a/zebra-state/Cargo.toml
+++ b/zebra-state/Cargo.toml
@ -9,51 +9,48 @@ edition = "2018"
 proptest-impl = ["proptest", "proptest-derive", "zebra-test"]

 [dependencies]
-zebra-chain = { path = "../zebra-chain" }
-
+bincode = "1"
+chrono = "0.4.19"
 dirs = "4.0.0"
+displaydoc = "0.2.2"
+futures = "0.3.17"
 hex = "0.4.3"
 lazy_static = "1.4.0"
-regex = "1"
-serde = { version = "1", features = ["serde_derive"] }
-bincode = "1"
-
-futures = "0.3.17"
 metrics = "0.17.0"
-tower = { version = "0.4.9", features = ["buffer", "util"] }
-tracing = "0.1"
-thiserror = "1.0.30"
-tokio = { version = "1.13.0", features = ["sync"] }
-displaydoc = "0.2.2"
-rocksdb = "0.16.0"
-tempdir = "0.3.7"
-chrono = "0.4.19"
-rlimit = "0.5.4"
 # TODO: this crate is not maintained anymore. Replace it?
 # https://github.com/ZcashFoundation/zebra/issues/2523
 #
 # Pinned to a commit which includes bug fix https://github.com/jmitchell/multiset/pull/21
 # The fix should be included in multiset 0.0.6.
 multiset = { git = "https://github.com/jmitchell/multiset", rev = "91ef8550b518f75ae87ae0d8771150f259fd34d5" }
-
 proptest = { version = "0.10.1", optional = true }
 proptest-derive = { version = "0.3", optional = true }
+regex = "1"
+rlimit = "0.5.4"
+rocksdb = "0.16.0"
+serde = { version = "1", features = ["serde_derive"] }
+tempdir = "0.3.7"
+thiserror = "1.0.30"
+tokio = { version = "1.13.0", features = ["sync"] }
+tower = { version = "0.4.9", features = ["buffer", "util"] }
+tracing = "0.1"
+
+zebra-chain = { path = "../zebra-chain" }
 zebra-test = { path = "../zebra-test/", optional = true }

 [dev-dependencies]
-zebra-chain = { path = "../zebra-chain", features = ["proptest-impl"] }
-zebra-test = { path = "../zebra-test/" }
-
 color-eyre = "0.5.11"
 once_cell = "1.8"
-itertools = "0.10.1"
-spandoc = "0.2"
-tempdir = "0.3.7"
-tokio = { version = "1.13.0", features = ["full"] }
 # TODO: replace w/ crate version when released: https://github.com/ZcashFoundation/zebra/issues/2083
 # Note: if updating this, also update the workspace Cargo.toml to match.
 halo2 = "=0.1.0-beta.1"
-jubjub = "0.7.0"
-
+itertools = "0.10.1"
+jubjub = "0.8.0"
 proptest = "0.10.1"
 proptest-derive = "0.3"
+spandoc = "0.2"
+tempdir = "0.3.7"
+tokio = { version = "1.13.0", features = ["full"] }
+
+zebra-chain = { path = "../zebra-chain", features = ["proptest-impl"] }
+zebra-test = { path = "../zebra-test/" }