From d39752b80b07905fc4e9a272c0e2f04c329af235 Mon Sep 17 00:00:00 2001
From: sopleb <sopleb@pm.me>
Date: Fri, 19 Jun 2026 02:00:24 -0400
Subject: [PATCH] Advance RustCrypto pins to the current rc.18/rc.33/rc.10
 cluster

Bump the exact-pinned RustCrypto release candidates in the sspi and
dpapi manifests so they resolve alongside crates that have already moved
to the newer cluster (e.g. russh 0.61):

  ecdsa            0.17.0-rc.17 -> 0.17.0-rc.18   (dpapi)
  elliptic-curve   0.14.0-rc.31 -> 0.14.0-rc.33   (dpapi)
  p256/p384/p521   0.14.0-rc.9  -> 0.14.0-rc.10
  primeorder       0.14.0-rc.9  -> 0.14.0-rc.10
  primefield       0.14.0-rc.9  -> 0.14.0-rc.12
  rsa              0.10.0-rc.17 -> 0.10.0-rc.18
  ed25519-dalek    3.0.0-pre.6  -> 3.0.0-rc.0
  x25519-dalek     3.0.0-pre.6  -> 3.0.0-rc.0     (dpapi)
  curve25519-dalek 5.0.0-pre.6  -> 5.0.0-rc.0

Crates that have shipped stable releases drop the RC pin and track the
stable line: ed25519, signature, pkcs8, ff, group, aead, pbkdf2, rfc6979.
No source changes are required; sspi (with scard) and the full workspace
build and tests pass.

Note: sspi-ffi depends on published picky 7.0.0-rc.23, whose pins still
target the older cluster, so the workspace resolves on crates.io only
once the companion picky pin bump is released.
---
 Cargo.toml              | 24 ++++++++++++------------
 crates/dpapi/Cargo.toml | 38 +++++++++++++++++++-------------------
 2 files changed, 31 insertions(+), 31 deletions(-)

diff --git a/Cargo.toml b/Cargo.toml
index d079d1de..51cfabda 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -105,7 +105,7 @@ dpapi-pdu = { version = "0.1.0", path = "crates/dpapi-pdu" }
 dpapi-transport = { version = "0.1.0", path = "crates/dpapi-transport" }
 dpapi-native-transport = { version = "0.1.0", path = "crates/dpapi-native-transport" }
 
-rsa = { version = "=0.10.0-rc.17", default-features = false }
+rsa = { version = "=0.10.0-rc.18", default-features = false }
 base64 = "0.22"
 whoami = "2.1"
 tracing-subscriber = "0.3"
@@ -203,24 +203,24 @@ tokio = { workspace = true, features = ["time", "rt", "rt-multi-thread"] }
 # TODO: Remove when stable versions will be released
 # RustCrypto crates
 pkcs1 = "=0.8.0-rc.4"
-pkcs8 = "=0.11.0-rc.11"
-signature = "=3.0.0-rc.10"
-p256 = "=0.14.0-rc.9"
-primefield = "=0.14.0-rc.9"
-primeorder = "=0.14.0-rc.9"
-p384 = "=0.14.0-rc.9"
-p521 = "=0.14.0-rc.9"
+pkcs8 = "0.11"
+signature = "3.0.0"
+p256 = "=0.14.0-rc.10"
+primefield = "=0.14.0-rc.12"
+primeorder = "=0.14.0-rc.10"
+p384 = "=0.14.0-rc.10"
+p521 = "=0.14.0-rc.10"
 
 # "Zero-knowledge Cryptography in Rust" crates
-ff = { version = "=0.14.0-pre.0", default-features = false }
-group = "=0.14.0-pre.0"
+ff = { version = "0.14", default-features = false }
+group = "0.14"
 rustcrypto-ff = "=0.14.0-rc.1"
 rustcrypto-ff_derive = "=0.14.0-rc.0"
 rustcrypto-group = "=0.14.0-rc.1"
 
 # "dalek cryptography" crates
-ed25519-dalek = "=3.0.0-pre.6"
-curve25519-dalek = "=5.0.0-pre.6"
+ed25519-dalek = "=3.0.0-rc.0"
+curve25519-dalek = "=5.0.0-rc.0"
 
 [dev-dependencies]
 base64.workspace = true
diff --git a/crates/dpapi/Cargo.toml b/crates/dpapi/Cargo.toml
index 184eb07a..70280b23 100644
--- a/crates/dpapi/Cargo.toml
+++ b/crates/dpapi/Cargo.toml
@@ -41,10 +41,10 @@ dpapi-transport.workspace = true
 sspi = { path = "../..", version = "0.21" } # public
 
 kbkdf = "=0.1.0-rc.1"
-elliptic-curve = { version = "=0.14.0-rc.31", features = ["sec1", "std"] }
-p521 = { version = "=0.14.0-rc.9", features = ["ecdh"] }
-p256 = { version = "=0.14.0-rc.9", features = ["ecdh"] }
-p384 = { version = "=0.14.0-rc.9", features = ["ecdh"] }
+elliptic-curve = { version = "=0.14.0-rc.33", features = ["sec1", "std"] }
+p521 = { version = "=0.14.0-rc.10", features = ["ecdh"] }
+p256 = { version = "=0.14.0-rc.10", features = ["ecdh"] }
+p384 = { version = "=0.14.0-rc.10", features = ["ecdh"] }
 concat-kdf = { git = "https://github.com/RustCrypto/KDFs.git", rev = "f2f5c03" } # TODO: We need the new version, but it's not released yet.
 typenum = "1.20"
 aes-kw = "0.3"
@@ -58,25 +58,25 @@ getrandom = "0.4"
 
 # Pin transitive dependencies
 # TODO: Remove when stable versions will be released
-pkcs8 = "=0.11.0-rc.11"
-signature = "=3.0.0-rc.10"
-ecdsa = "=0.17.0-rc.17"
-rfc6979 = "=0.5.0-rc.5"
-aead = "=0.6.0-rc.10"
-ed25519 = "=3.0.0-rc.4"
-pbkdf2 = "=0.13.0-rc.10"
+pkcs8 = "0.11"
+signature = "3.0.0"
+ecdsa = "=0.17.0-rc.18"
+rfc6979 = "0.5"
+aead = "0.6"
+ed25519 = "3.0.0"
+pbkdf2 = "0.13"
 pkcs1 = "=0.8.0-rc.4"
-rsa = { version = "=0.10.0-rc.17", default-features = false }
-ff = { version = "=0.14.0-pre.0", default-features = false }
-group = "=0.14.0-pre.0"
+rsa = { version = "=0.10.0-rc.18", default-features = false }
+ff = { version = "0.14", default-features = false }
+group = "0.14"
 rustcrypto-ff = "=0.14.0-rc.1"
 rustcrypto-ff_derive = "=0.14.0-rc.0"
 rustcrypto-group = "=0.14.0-rc.1"
-primefield = "=0.14.0-rc.9"
-primeorder = "=0.14.0-rc.9"
-ed25519-dalek = "=3.0.0-pre.6"
-curve25519-dalek = "=5.0.0-pre.6"
-x25519-dalek = "=3.0.0-pre.6"
+primefield = "=0.14.0-rc.12"
+primeorder = "=0.14.0-rc.10"
+ed25519-dalek = "=3.0.0-rc.0"
+curve25519-dalek = "=5.0.0-rc.0"
+x25519-dalek = "=3.0.0-rc.0"
 
 [dev-dependencies]
 paste = "1.0"