From 3809bfcb87c2aba70322bdf34a4caf29e52c73ac Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 May 2026 19:23:14 +0000 Subject: [PATCH 1/4] chore(deps): update sha2 requirement from 0.10 to 0.11 Updates the requirements on [sha2](https://github.com/RustCrypto/hashes) to permit the latest version. - [Commits](https://github.com/RustCrypto/hashes/compare/groestl-v0.10.0...sha2-v0.11.0) --- updated-dependencies: - dependency-name: sha2 dependency-version: 0.11.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- shared/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared/Cargo.toml b/shared/Cargo.toml index 9302fd6b..930513e6 100644 --- a/shared/Cargo.toml +++ b/shared/Cargo.toml @@ -32,7 +32,7 @@ tracing-subscriber = { version = "0.3", features = ["env-filter", "json"] } # Crypto rand = "0.8" rsa = "0.9" -sha2 = "0.10" +sha2 = "0.11" openssl = "0.10" chacha20poly1305 = "0.10" itertools = "0.14.0" From 9d175bb3e2189a0f574e5953b5b1b974bbadee7a Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Wed, 27 May 2026 22:53:07 +0300 Subject: [PATCH 2/4] Bump crypto dependencies --- proxy/Cargo.toml | 2 +- shared/Cargo.toml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/proxy/Cargo.toml b/proxy/Cargo.toml index 0613818d..40d309e2 100644 --- a/proxy/Cargo.toml +++ b/proxy/Cargo.toml @@ -30,7 +30,7 @@ serde = "1" serde_json = "1" # Encryption handling -rsa = "0.9" +rsa = "0.10.0-rc.18" # Server-sent Events (SSE) support tokio-util = { version = "0.7", features = ["io"] } diff --git a/shared/Cargo.toml b/shared/Cargo.toml index 930513e6..3cef740c 100644 --- a/shared/Cargo.toml +++ b/shared/Cargo.toml @@ -30,13 +30,13 @@ tracing = "0.1" tracing-subscriber = { version = "0.3", features = ["env-filter", "json"] } # Crypto -rand = "0.8" -rsa = "0.9" +rand = "0.10" +rsa = "0.10.0-rc.18" sha2 = "0.11" openssl = "0.10" chacha20poly1305 = "0.10" itertools = "0.14.0" -jwt-simple = "0.11" +jwt-simple = { version = "0.12", default-features = false, features = ["pure-rust"] } # Global variables once_cell = "1" From 36c9a8be71adba80357f78f0d7b9779227c953bb Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Wed, 27 May 2026 22:53:15 +0300 Subject: [PATCH 3/4] Adapt to rsa 0.10 API --- proxy/src/serve_sockets.rs | 4 ++-- shared/src/crypto.rs | 2 +- shared/src/lib.rs | 20 ++++++++++++-------- 3 files changed, 15 insertions(+), 11 deletions(-) diff --git a/proxy/src/serve_sockets.rs b/proxy/src/serve_sockets.rs index 060e38bd..ae9794f0 100644 --- a/proxy/src/serve_sockets.rs +++ b/proxy/src/serve_sockets.rs @@ -11,7 +11,7 @@ use chacha20poly1305::{ self, generic_array::{typenum::Unsigned, GenericArray}, stream::{DecryptorLE31, EncryptorLE31, NewStream, StreamLE31, StreamPrimitive}, - Buffer, Nonce, OsRng, + Buffer, Nonce, }, consts::{U20, U32}, AeadCore, AeadInPlace, ChaCha20Poly1305, KeyInit, XChaCha20Poly1305, @@ -19,7 +19,7 @@ use chacha20poly1305::{ use dashmap::DashMap; use futures::{stream::IntoAsyncRead, FutureExt, SinkExt, StreamExt, TryStreamExt}; use hyper_util::rt::TokioIo; -use rsa::rand_core::RngCore; +use rsa::rand_core::{OsRng, RngCore}; use serde::{Deserialize, Serialize}; use serde_json::Value; use beam_lib::AppOrProxyId; diff --git a/shared/src/crypto.rs b/shared/src/crypto.rs index 2a60960b..79e11cb5 100644 --- a/shared/src/crypto.rs +++ b/shared/src/crypto.rs @@ -827,7 +827,7 @@ pub fn is_cert_from_privkey(cert: &X509, key: &RsaPrivateKey) -> Result(), + Oaep::::new(), &encrypted_decryption_key, )?) .map_err(|e| { @@ -302,9 +302,13 @@ pub trait EncryptableMsg: Msg + Serialize + Sized { receivers_public_keys: &Vec, ) -> Result { // Generate Symmetric Key and Nonce - let mut rng = rand::thread_rng(); - let symmetric_key = XChaCha20Poly1305::generate_key(&mut rng); - let nonce = XChaCha20Poly1305::generate_nonce(&mut rng); + let mut rng = rand::rng(); + let mut symmetric_key = Key::::default(); + openssl::rand::rand_bytes(&mut symmetric_key) + .map_err(|e| SamplyBeamError::SignEncryptError(e.to_string()))?; + let mut nonce = XNonce::default(); + openssl::rand::rand_bytes(&mut nonce) + .map_err(|e| SamplyBeamError::SignEncryptError(e.to_string()))?; // Encrypt symmetric key with receivers' public keys let Ok(encrypted_keys) = receivers_public_keys @@ -312,7 +316,7 @@ pub trait EncryptableMsg: Msg + Serialize + Sized { .map(|key| { key.encrypt( &mut rng, - Oaep::new::(), + Oaep::::new(), symmetric_key.as_slice(), ) }) @@ -767,7 +771,7 @@ mod tests { }; //Setup Keypairs - let mut rng = rand::thread_rng(); + let mut rng = rand::rng(); let rsa_length: usize = 2048; let p1_private = RsaPrivateKey::new(&mut rng, rsa_length) .expect("Failed to generate private key for proxy 1"); @@ -813,7 +817,7 @@ mod tests { }; //Setup Keypairs - let mut rng = rand::thread_rng(); + let mut rng = rand::rng(); let rsa_length: usize = 2048; let p1_private = RsaPrivateKey::new(&mut rng, rsa_length) .expect("Failed to generate private key for proxy 1"); From c37b5c5122b9113479f930e54aa6c8423ed85d3e Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Wed, 27 May 2026 22:54:27 +0300 Subject: [PATCH 4/4] Let this fail until rsa 0.10 is released --- proxy/Cargo.toml | 2 +- shared/Cargo.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/proxy/Cargo.toml b/proxy/Cargo.toml index 40d309e2..70d1af68 100644 --- a/proxy/Cargo.toml +++ b/proxy/Cargo.toml @@ -30,7 +30,7 @@ serde = "1" serde_json = "1" # Encryption handling -rsa = "0.10.0-rc.18" +rsa = "0.10" # Server-sent Events (SSE) support tokio-util = { version = "0.7", features = ["io"] } diff --git a/shared/Cargo.toml b/shared/Cargo.toml index 3cef740c..23d38086 100644 --- a/shared/Cargo.toml +++ b/shared/Cargo.toml @@ -31,7 +31,7 @@ tracing-subscriber = { version = "0.3", features = ["env-filter", "json"] } # Crypto rand = "0.10" -rsa = "0.10.0-rc.18" +rsa = "0.10" sha2 = "0.11" openssl = "0.10" chacha20poly1305 = "0.10"