diff --git a/Cargo.lock b/Cargo.lock index 8e7496e06f..72813aafd5 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -466,6 +466,12 @@ dependencies = [ "tokio", ] +[[package]] +name = "base16ct" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d8b59d472eab27ade8d770dcb11da7201c11234bef9f82ce7aa517be028d462b" + [[package]] name = "base64" version = "0.13.1" @@ -556,7 +562,7 @@ version = "0.10.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "46502ad458c9a52b69d4d4d32775c788b7a1b85e8bc9d482d92250fc0e3f8efe" dependencies = [ - "digest", + "digest 0.10.7", ] [[package]] @@ -568,6 +574,15 @@ dependencies = [ "generic-array", ] +[[package]] +name = "block-buffer" +version = "0.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "96eb4cdd6cf1b31d671e9efe75c5d1ec614776856cefbe109ca373554a6d514f" +dependencies = [ + "hybrid-array", +] + [[package]] name = "block2" version = "0.5.1" @@ -892,9 +907,9 @@ dependencies = [ [[package]] name = "const-oid" -version = "0.9.6" +version = "0.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" +checksum = "0dabb6555f92fb9ee4140454eb5dcd14c7960e1225c6d1a6cc361f032947713e" [[package]] name = "core-foundation" @@ -1030,6 +1045,19 @@ version = "0.8.21" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28" +[[package]] +name = "crypto-bigint" +version = "0.7.0-rc.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6715836b4946e8585016e80b79c7561476aff3b22f7b756778e7b109d86086c6" +dependencies = [ + "num-traits", + "rand_core 0.10.0-rc-2", + "serdect", + "subtle", + "zeroize", +] + [[package]] name = "crypto-common" version = "0.1.7" @@ -1040,6 +1068,26 @@ dependencies = [ "typenum", ] +[[package]] +name = "crypto-common" +version = "0.2.0-rc.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "919bd05924682a5480aec713596b9e2aabed3a0a6022fab6847f85a99e5f190a" +dependencies = [ + "hybrid-array", +] + +[[package]] +name = "crypto-primes" +version = "0.7.0-pre.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fdd9b2855017318a49714c07ee8895b89d3510d54fa6d86be5835de74c389609" +dependencies = [ + "crypto-bigint", + "libm", + "rand_core 0.10.0-rc-2", +] + [[package]] name = "csv" version = "1.4.0" @@ -1104,9 +1152,9 @@ dependencies = [ [[package]] name = "der" -version = "0.7.10" +version = "0.8.0-rc.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e7c1832837b905bbfb5101e07cc24c8deddf52f93225eee6ead5f4d63d53ddcb" +checksum = "02c1d73e9668ea6b6a28172aa55f3ebec38507131ce179051c8033b5c6037653" dependencies = [ "const-oid", "pem-rfc7468", @@ -1135,9 +1183,20 @@ version = "0.10.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" dependencies = [ - "block-buffer", + "block-buffer 0.10.4", + "crypto-common 0.1.7", + "subtle", +] + +[[package]] +name = "digest" +version = "0.11.0-rc.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ea390c940e465846d64775e55e3115d5dc934acb953de6f6e6360bc232fe2bf7" +dependencies = [ + "block-buffer 0.11.0", "const-oid", - "crypto-common", + "crypto-common 0.2.0-rc.5", "subtle", ] @@ -1762,20 +1821,20 @@ checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" [[package]] name = "hkdf" -version = "0.12.4" +version = "0.13.0-rc.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7b5f8eb2ad728638ea2c7d47a21db23b7b58a72ed6a38256b8a1849f15fbbdf7" +checksum = "cfbb4225acf2b5cc4e12d384672cd6d1f0cb980ff5859ffcf144db25b593a24d" dependencies = [ "hmac", ] [[package]] name = "hmac" -version = "0.12.1" +version = "0.13.0-rc.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" +checksum = "f1c597ac7d6cc8143e30e83ef70915e7f883b18d8bec2e2b2bce47f5bbb06d57" dependencies = [ - "digest", + "digest 0.11.0-rc.4", ] [[package]] @@ -1818,6 +1877,15 @@ version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9" +[[package]] +name = "hybrid-array" +version = "0.4.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f471e0a81b2f90ffc0cb2f951ae04da57de8baa46fa99112b062a5173a5088d0" +dependencies = [ + "typenum", +] + [[package]] name = "hyper" version = "0.14.32" @@ -2149,9 +2217,6 @@ name = "lazy_static" version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" -dependencies = [ - "spin", -] [[package]] name = "libc" @@ -2276,12 +2341,12 @@ checksum = "73cbba799671b762df5a175adf59ce145165747bb891505c43d09aefbbf38beb" [[package]] name = "md-5" -version = "0.10.6" +version = "0.11.0-rc.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d89e7ee0cfbedfc4da3340218492196241d89eefb6dab27de5df917a6d2e78cf" +checksum = "64dd2c9099caf8e29b629305199dddb1c6d981562b62c089afea54b0b4b5c333" dependencies = [ "cfg-if", - "digest", + "digest 0.11.0-rc.4", ] [[package]] @@ -2466,22 +2531,6 @@ dependencies = [ "num-traits", ] -[[package]] -name = "num-bigint-dig" -version = "0.8.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e661dda6640fad38e827a6d4a310ff4763082116fe217f279885c97f511bb0b7" -dependencies = [ - "lazy_static", - "libm", - "num-integer", - "num-iter", - "num-traits", - "rand 0.8.5", - "smallvec", - "zeroize", -] - [[package]] name = "num-conv" version = "0.1.0" @@ -2497,17 +2546,6 @@ dependencies = [ "num-traits", ] -[[package]] -name = "num-iter" -version = "0.1.45" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1429034a0490724d0075ebb2bc9e875d6503c3cf69e235a8941aa757d83ef5bf" -dependencies = [ - "autocfg", - "num-integer", - "num-traits", -] - [[package]] name = "num-traits" version = "0.2.19" @@ -2515,7 +2553,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" dependencies = [ "autocfg", - "libm", ] [[package]] @@ -2914,9 +2951,9 @@ checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a" [[package]] name = "pem-rfc7468" -version = "0.7.0" +version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "88b39c9bfcfc231068454382784bb460aae594343fb030d46e9f50a645418412" +checksum = "a6305423e0e7738146434843d1694d621cce767262b2a86910beab705e4493d9" dependencies = [ "base64ct", ] @@ -2972,20 +3009,19 @@ dependencies = [ [[package]] name = "pkcs1" -version = "0.7.5" +version = "0.8.0-rc.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c8ffb9f10fa047879315e6625af03c164b16962a5368d724ed16323b68ace47f" +checksum = "986d2e952779af96ea048f160fd9194e1751b4faea78bcf3ceb456efe008088e" dependencies = [ "der", - "pkcs8", "spki", ] [[package]] name = "pkcs8" -version = "0.10.2" +version = "0.11.0-rc.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7" +checksum = "77089aec8290d0b7bb01b671b091095cf1937670725af4fd73d47249f03b12c0" dependencies = [ "der", "spki", @@ -3284,6 +3320,12 @@ version = "0.9.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "99d9a13982dcf210057a8a78572b2217b667c3beacbf3a0d8b454f6f82837d38" +[[package]] +name = "rand_core" +version = "0.10.0-rc-2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "104a23e4e8b77312a823b6b5613edbac78397e2f34320bc7ac4277013ec4478e" + [[package]] name = "rand_xoshiro" version = "0.7.0" @@ -3473,18 +3515,17 @@ dependencies = [ [[package]] name = "rsa" -version = "0.9.8" +version = "0.10.0-rc.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "78928ac1ed176a5ca1d17e578a1825f3d81ca54cf41053a592584b020cfd691b" +checksum = "e499c52862d75a86c0024cc99dcb6d7127d15af3beae7b03573d62fab7ade08a" dependencies = [ "const-oid", - "digest", - "num-bigint-dig", - "num-integer", - "num-traits", + "crypto-bigint", + "crypto-primes", + "digest 0.11.0-rc.4", "pkcs1", "pkcs8", - "rand_core 0.6.4", + "rand_core 0.10.0-rc-2", "signature", "spki", "subtle", @@ -3785,15 +3826,25 @@ dependencies = [ "syn 2.0.110", ] +[[package]] +name = "serdect" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3ef0e35b322ddfaecbc60f34ab448e157e48531288ee49fafbb053696b8ffe2" +dependencies = [ + "base16ct", + "serde", +] + [[package]] name = "sha1" -version = "0.10.6" +version = "0.11.0-rc.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba" +checksum = "aa1ae819b9870cadc959a052363de870944a1646932d274a4e270f64bf79e5ef" dependencies = [ "cfg-if", "cpufeatures", - "digest", + "digest 0.11.0-rc.4", ] [[package]] @@ -3804,7 +3855,18 @@ checksum = "a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283" dependencies = [ "cfg-if", "cpufeatures", - "digest", + "digest 0.10.7", +] + +[[package]] +name = "sha2" +version = "0.11.0-rc.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "19d43dc0354d88b791216bb5c1bfbb60c0814460cc653ae0ebd71f286d0bd927" +dependencies = [ + "cfg-if", + "cpufeatures", + "digest 0.11.0-rc.4", ] [[package]] @@ -3824,12 +3886,12 @@ dependencies = [ [[package]] name = "signature" -version = "2.2.0" +version = "3.0.0-rc.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de" +checksum = "2a0251c9d6468f4ba853b6352b190fb7c1e405087779917c238445eb03993826" dependencies = [ - "digest", - "rand_core 0.6.4", + "digest 0.11.0-rc.4", + "rand_core 0.10.0-rc-2", ] [[package]] @@ -3890,9 +3952,9 @@ dependencies = [ [[package]] name = "spki" -version = "0.7.3" +version = "0.8.0-rc.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d" +checksum = "8baeff88f34ed0691978ec34440140e1572b68c7dd4a495fd14a3dc1944daa80" dependencies = [ "base64ct", "der", @@ -3951,7 +4013,7 @@ dependencies = [ "chrono", "crc", "crossbeam-queue", - "digest", + "digest 0.11.0-rc.4", "dirs", "dotenvy", "either", @@ -3991,7 +4053,7 @@ dependencies = [ "serde", "serde_json", "sha1", - "sha2", + "sha2 0.11.0-rc.3", "smallvec", "sqlx-oldapi", "sqlx-rt-oldapi", @@ -4110,7 +4172,7 @@ dependencies = [ "quote", "serde", "serde_json", - "sha2", + "sha2 0.10.9", "sqlx-core-oldapi", "sqlx-rt-oldapi", "syn 2.0.110", diff --git a/sqlx-core/Cargo.toml b/sqlx-core/Cargo.toml index 8dd6e5c77c..da5f8d1299 100644 --- a/sqlx-core/Cargo.toml +++ b/sqlx-core/Cargo.toml @@ -115,7 +115,7 @@ byteorder = { version = "1.4.3", default-features = false, features = ["std"] } chrono = { version = "0.4.19", default-features = false, features = ["clock"], optional = true } crc = { version = "3", optional = true } crossbeam-queue = "0.3.2" -digest = { version = "0.10.0", default-features = false, optional = true, features = ["std"] } +digest = { version = "0.11.0-rc.4", default-features = false, optional = true } dirs = { version = "6.0.0", optional = true } encoding_rs = { version = "0.8.30", optional = true } either = "1.6.1" @@ -127,7 +127,7 @@ futures-util = { version = "0.3.19", default-features = false, features = ["allo futures-executor = { version = "0.3.19", optional = true } flume = { version = "0.11.0", optional = true, default-features = false, features = ["async"] } hex = "0.4.3" -hmac = { version = "0.12.0", default-features = false, optional = true } +hmac = { version = "0.13.0-rc.3", default-features = false, optional = true } itoa = "1.0.1" ipnetwork = { version = "0.20.0", default-features = false, optional = true } mac_address = { version = "1.1.2", default-features = false, optional = true } @@ -139,20 +139,20 @@ libsqlite3-sys = { version = "0", optional = true, default-features = false, fea "unlock_notify" ] } log = { version = "0.4.14", default-features = false } -md-5 = { version = "0.10.0", default-features = false, optional = true } +md-5 = { version = "0.11.0-rc.3", default-features = false, optional = true } memchr = { version = "2.4.1", default-features = false } num-bigint = { version = "0.4.0", default-features = false, optional = true, features = ["std"] } once_cell = "1.9.0" percent-encoding = "2.1.0" rand = { version = "0.8", default-features = false, optional = true, features = ["std", "std_rng"] } regex = { version = "1.5.5", optional = true } -rsa = { version = "0.9.2", optional = true } +rsa = { version = "0.10.0-rc.10", optional = true } rustls = { version = "0.23", optional = true, default-features = false } rustls-pemfile = { version = "2.1", optional = true } serde = { version = "1.0.132", features = ["derive", "rc"], optional = true } serde_json = { version = "1.0.73", features = ["raw_value"], optional = true } -sha1 = { version = "0.10.1", default-features = false, optional = true } -sha2 = { version = "0.10.0", default-features = false, optional = true } +sha1 = { version = "0.11.0-rc.3", default-features = false, optional = true } +sha2 = { version = "0.11.0-rc.3", default-features = false, optional = true } thiserror = "2.0.3" time = { version = "0.3.2", features = ["macros", "formatting", "parsing"], optional = true } tokio-stream = { version = "0.1.8", features = ["fs"], optional = true } @@ -169,7 +169,7 @@ hashlink = "0.10.0" # NOTE: *must* remain below 1.7.0 to allow users to avoid the `ahash` cyclic dependency problem by pinning the version # https://github.com/tkaitchuck/aHash/issues/95#issuecomment-874150078 indexmap = "2.0.0" -hkdf = { version = "0.12.0", optional = true } +hkdf = { version = "0.13.0-rc.3", optional = true } event-listener = "5.4.0" dotenvy = "0.15" diff --git a/sqlx-core/src/mysql/connection/auth.rs b/sqlx-core/src/mysql/connection/auth.rs index 038d4d28d9..73657bbcd9 100644 --- a/sqlx-core/src/mysql/connection/auth.rs +++ b/sqlx-core/src/mysql/connection/auth.rs @@ -10,6 +10,29 @@ use crate::mysql::connection::stream::MySqlStream; use crate::mysql::protocol::auth::AuthPlugin; use crate::mysql::protocol::Packet; +struct RandRngAdapter { + rng: rand::rngs::ThreadRng, +} + +impl rsa::rand_core::RngCore for RandRngAdapter { + fn next_u32(&mut self) -> u32 { + use rand::RngCore; + self.rng.next_u32() + } + + fn next_u64(&mut self) -> u64 { + use rand::RngCore; + self.rng.next_u64() + } + + fn fill_bytes(&mut self, dest: &mut [u8]) { + use rand::RngCore; + self.rng.fill_bytes(dest) + } +} + +impl rsa::rand_core::CryptoRng for RandRngAdapter {} + impl AuthPlugin { pub(super) async fn scramble( self, @@ -148,8 +171,11 @@ async fn encrypt_rsa<'s>( // client sends an RSA encrypted password let pkey = parse_rsa_pub_key(rsa_pub_key)?; - let padding = Oaep::new::(); - pkey.encrypt(&mut rand::thread_rng(), padding, &pass[..]) + let padding = Oaep::::new(); + let mut rng = RandRngAdapter { + rng: rand::thread_rng(), + }; + pkey.encrypt(&mut rng, padding, &pass[..]) .map_err(Error::protocol) } diff --git a/sqlx-core/src/postgres/connection/sasl.rs b/sqlx-core/src/postgres/connection/sasl.rs index 1852ddbe3a..ec9a7cc5cc 100644 --- a/sqlx-core/src/postgres/connection/sasl.rs +++ b/sqlx-core/src/postgres/connection/sasl.rs @@ -4,7 +4,7 @@ use crate::postgres::message::{ Authentication, AuthenticationSasl, MessageFormat, SaslInitialResponse, SaslResponse, }; use crate::postgres::PgConnectOptions; -use hmac::{Hmac, Mac}; +use hmac::{Hmac, KeyInit, Mac}; use rand::Rng; use sha2::{Digest, Sha256}; use stringprep::saslprep; diff --git a/sqlx-core/src/postgres/message/password.rs b/sqlx-core/src/postgres/message/password.rs index 8b0a8d66ae..3fa9e31d13 100644 --- a/sqlx-core/src/postgres/message/password.rs +++ b/sqlx-core/src/postgres/message/password.rs @@ -54,14 +54,21 @@ impl Encode<'_> for Password<'_> { let mut output = String::with_capacity(35); - let _ = write!(output, "{:x}", hasher.finalize_reset()); + let hash = hasher.finalize_reset(); + for byte in hash.as_slice() { + let _ = write!(output, "{:02x}", byte); + } hasher.update(&output); hasher.update(salt); output.clear(); + output.push_str("md5"); - let _ = write!(output, "md5{:x}", hasher.finalize()); + let hash = hasher.finalize(); + for byte in hash.as_slice() { + let _ = write!(output, "{:02x}", byte); + } buf.put_str_nul(&output); }