Bump cargo-deny-action and fix clippy suggestions (#397)

* clippy * Add 2024 to copyright year for SHA3 files * ci: Bump cargo-deny-action * clippy fixes fro HPKE tests * sha2: Remove test testing for unavailable 128-bit arch * Bump MSRV to 1.80 * cargo-deny: Update deny,toml for v2 and remove the deny-specs that now generate errors by default * sha2: restrict Self::MAX to tests, otherwise unused
orion-rs · Aug 25, 2024 · a6c1649 · a6c1649
1 parent 39d57ba
commit a6c1649
Show file tree

Hide file tree

Showing 23 changed files with 111 additions and 140 deletions.
diff --git a/.github/workflows/audit_check.yml b/.github/workflows/audit_check.yml
@@ -7,10 +7,10 @@ on:
   push:
     # Check immediately if dependencies are altered
     paths:
-      - '**/Cargo.toml'
+      - "**/Cargo.toml"
     # Check also at midnight each day
   schedule:
-    - cron: '0 0 * * *'
+    - cron: "0 0 * * *"
 
 jobs:
   cargo-deny:
@@ -22,9 +22,9 @@ jobs:
           - bans licenses sources
 
     steps:
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
-      with:
-        persist-credentials: false
-    - uses: EmbarkStudios/cargo-deny-action@3f4a782664881cf5725d0ffd23969fcce89fd868
-      with:
-        command: check ${{ matrix.checks }}
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+        with:
+          persist-credentials: false
+      - uses: EmbarkStudios/cargo-deny-action@8371184bd11e21dcf8ac82ebf8c9c9f74ebf7268
+        with:
+          command: check ${{ matrix.checks }}
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -2,12 +2,11 @@ on:
   # Test on PRs for any branch
   pull_request:
     branches:
-      - '*'
+      - "*"
   push:
     branches:
       - master
 
-
 # NOTE: Should we use fail-fast: false?
 
 name: Tests
@@ -22,26 +21,26 @@ jobs:
           - stable
           - beta
           - nightly
-          - 1.74.0 # MSRV
-        os: 
+          - 1.80.0 # MSRV
+        os:
           - ubuntu-latest
           - macos-latest
           - windows-latest
-    
+
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout sources
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
         with:
           persist-credentials: false
-      
+
       - name: Install toolchain
         uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af
         with:
           profile: minimal
           toolchain: ${{ matrix.rust }}
           override: true
-      
+
       - name: Test debug-mode, default features
         uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505
         with:
@@ -52,13 +51,13 @@ jobs:
         with:
           command: test
           args: --features serde
-      
+
       - name: Test debug-mode, no default features
         uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505
         with:
           command: test
           args: --no-default-features
-      
+
       - name: Test debug-mode, alloc feature
         uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505
         with:
@@ -70,7 +69,7 @@ jobs:
         with:
           command: test
           args: --features experimental
-      
+
       - name: Test release-mode, default features
         uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505
         with:
@@ -82,13 +81,13 @@ jobs:
         with:
           command: test
           args: --release --features serde
-      
+
       - name: Test release-mode, no default features
         uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505
         with:
           command: test
           args: --release --no-default-features
-      
+
       - name: Test release-mode, alloc feature
         uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505
         with:
@@ -102,7 +101,7 @@ jobs:
           args: --release --features experimental
 
   sanitizers:
-    name:  Tests w. sanitizers
+    name: Tests w. sanitizers
     runs-on: ubuntu-latest
     steps:
       - name: Checkout sources
@@ -116,12 +115,12 @@ jobs:
           toolchain: nightly
           target: x86_64-unknown-linux-gnu
           override: true
-      
+
       # Release (LeakSanitizer is enabled by default with AddressSanitizer for x86_64 Linux builds)
       # https://github.com/google/sanitizers/wiki/AddressSanitizerLeakSanitizer
       - run: RUSTFLAGS="-Z sanitizer=address" ASAN_OPTIONS="detect_odr_violation=0" cargo test --all-features --tests --release --target x86_64-unknown-linux-gnu
       - run: RUSTFLAGS="-Z sanitizer=address" ASAN_OPTIONS="detect_odr_violation=0" cargo test --no-default-features --tests --release --target x86_64-unknown-linux-gnu
-        
+
   no_std:
     name: no_std build
     runs-on: ubuntu-latest
@@ -131,20 +130,20 @@ jobs:
           - stable
           - nightly
     steps:
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
-      with:
-        persist-credentials: false
-    - uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af
-      with:
-        profile: minimal
-        toolchain: ${{ matrix.rust }}
-        target: thumbv7em-none-eabi
-        override: true
-    - uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505
-      with:
-        use-cross: true
-        command: build
-        args: --release --no-default-features --target thumbv7em-none-eabi
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+        with:
+          persist-credentials: false
+      - uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af
+        with:
+          profile: minimal
+          toolchain: ${{ matrix.rust }}
+          target: thumbv7em-none-eabi
+          override: true
+      - uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505
+        with:
+          use-cross: true
+          command: build
+          args: --release --no-default-features --target thumbv7em-none-eabi
 
   cross_compilation:
     name: Linux/ARM - Release tests
@@ -169,7 +168,6 @@ jobs:
           use-cross: true
           command: test
           args: --release --target ${{ matrix.arch }}
-
 
   # https://rustwasm.github.io/docs/book/reference/add-wasm-support-to-crate.html#maintaining-ongoing-support-for-webassembly
   web_assembly:
@@ -192,7 +190,7 @@ jobs:
         with:
           command: check
           args: --no-default-features --target ${{ matrix.arch }}
-  
+
   docs:
     name: Build documentation
     runs-on: ubuntu-latest
@@ -208,7 +206,7 @@ jobs:
         with:
           command: doc
           args: --no-deps --all-features
-  
+
   benches:
     name: Build and check benchmarks
     runs-on: ubuntu-latest

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,7 +5,7 @@
 **Changelog:**
 
 - Bump copyright year to 2024.
-- Bump MSRV to `1.74.0`.
+- Bump MSRV to `1.80.0`.
 - Update CI dependencies.
 - SHA2: Switch from `checked_shl(3)` to `checked_mul(8)` during `increment_mlen()` (internal) ([#376](https://github.com/orion-rs/orion/issues/376)).
 

diff --git a/Cargo.toml b/Cargo.toml
@@ -6,7 +6,7 @@ description = "Usable, easy and safe pure-Rust crypto"
 keywords = [ "cryptography", "crypto", "aead", "hash", "mac" ]
 categories = [ "cryptography", "no-std" ]
 edition = "2021"
-rust-version = "1.74" # Update CI (MSRV) test along with this.
+rust-version = "1.80" # Update CI (MSRV) test along with this.
 readme = "README.md"
 repository = "https://github.com/orion-rs/orion"
 documentation = "https://docs.rs/orion"

diff --git a/README.md b/README.md
@@ -1,5 +1,5 @@
 # orion
-[![Tests](https://github.com/orion-rs/orion/workflows/Tests/badge.svg)](https://github.com/orion-rs/orion/actions) [![Daily tests](https://github.com/orion-rs/orion/workflows/Daily%20tests/badge.svg)](https://github.com/orion-rs/orion/actions) [![dudect](https://github.com/orion-rs/orion-dudect/workflows/dudect/badge.svg)](https://github.com/orion-rs/orion-dudect/actions)  [![Audit](https://github.com/orion-rs/orion/actions/workflows/audit_check.yml/badge.svg)](https://github.com/orion-rs/orion/actions/workflows/audit_check.yml) [![codecov](https://codecov.io/gh/orion-rs/orion/branch/master/graph/badge.svg)](https://codecov.io/gh/orion-rs/orion) [![Documentation](https://docs.rs/orion/badge.svg)](https://docs.rs/orion/) [![Crates.io](https://img.shields.io/crates/v/orion.svg)](https://crates.io/crates/orion) [![Safety Dance](https://img.shields.io/badge/unsafe-forbidden-success.svg)](https://github.com/rust-secure-code/safety-dance/) [![MSRV](https://img.shields.io/badge/MSRV-1.74-informational.svg)](https://img.shields.io/badge/MSRV-1.74-informational) [![Matrix](https://img.shields.io/matrix/orion-rs:matrix.org.svg?logo=matrix)](https://matrix.to/#/#orion-rs:matrix.org)
+[![Tests](https://github.com/orion-rs/orion/workflows/Tests/badge.svg)](https://github.com/orion-rs/orion/actions) [![Daily tests](https://github.com/orion-rs/orion/workflows/Daily%20tests/badge.svg)](https://github.com/orion-rs/orion/actions) [![dudect](https://github.com/orion-rs/orion-dudect/workflows/dudect/badge.svg)](https://github.com/orion-rs/orion-dudect/actions)  [![Audit](https://github.com/orion-rs/orion/actions/workflows/audit_check.yml/badge.svg)](https://github.com/orion-rs/orion/actions/workflows/audit_check.yml) [![codecov](https://codecov.io/gh/orion-rs/orion/branch/master/graph/badge.svg)](https://codecov.io/gh/orion-rs/orion) [![Documentation](https://docs.rs/orion/badge.svg)](https://docs.rs/orion/) [![Crates.io](https://img.shields.io/crates/v/orion.svg)](https://crates.io/crates/orion) [![Safety Dance](https://img.shields.io/badge/unsafe-forbidden-success.svg)](https://github.com/rust-secure-code/safety-dance/) [![MSRV](https://img.shields.io/badge/MSRV-1.80-informational.svg)](https://img.shields.io/badge/MSRV-1.80-informational) [![Matrix](https://img.shields.io/matrix/orion-rs:matrix.org.svg?logo=matrix)](https://matrix.to/#/#orion-rs:matrix.org)
 
 ### About
 Orion is a cryptography library written in pure Rust. It aims to provide easy and usable crypto while trying to minimize the use of unsafe code. You can read more about Orion in the [wiki](https://github.com/orion-rs/orion/wiki).
@@ -19,12 +19,12 @@ Experimental support (with `experimental` feature enabled):
 ### Security
 This library has **not undergone any third-party security audit**. Usage is at **own risk**.
 
-Orion uses formally verified arithmetic, generated by Fiat Crypto, for the X25519 and Poly1305 implementations. 
+Orion uses formally verified arithmetic, generated by Fiat Crypto, for the X25519 and Poly1305 implementations.
 
 See the [SECURITY.md](https://github.com/orion-rs/orion/blob/master/SECURITY.md) regarding recommendations on correct use, reporting security issues and more. Additional information about security regarding Orion is available in the [wiki](https://github.com/orion-rs/orion/wiki/Security).
 
 ### Minimum Supported Rust Version
-Rust 1.74 or later is supported however, the majority of testing happens with latest stable Rust.
+Rust 1.80 or later is supported however, the majority of testing happens with latest stable Rust.
 
 MSRV may be changed at any point and will not be considered a SemVer breaking change.
 

diff --git a/deny.toml b/deny.toml
@@ -6,32 +6,20 @@ targets = [
 ]
 
 [advisories]
-unmaintained = "deny"
 yanked = "deny"
-notice = "deny"
-unsound = "deny"
-vulnerability = "deny"
 ignore = []
 
 [licenses]
 unlicensed = "deny"
 # We want really high confidence when inferring licenses from text
 confidence-threshold = 0.93
-allow = [
-    "MIT",
-    "BSD-3-Clause",
-    "Apache-2.0",
-]
-exceptions = [
-    { allow = [
-        "Unicode-DFS-2016",
-    ], name = "unicode-ident" },
-]
+allow = ["MIT", "BSD-3-Clause", "Apache-2.0"]
+exceptions = [{ allow = ["Unicode-DFS-2016"], name = "unicode-ident" }]
 
 [bans]
 multiple-versions = "allow" # We don't maintain Cargo lockfile, so this isn't really feasible to deny
-wildcards = "deny" # Dependencies should not have be specified with '*'
+wildcards = "deny"          # Dependencies should not have be specified with '*'
 
 [sources]
 unknown-registry = "deny" # crates.io is allowed and a known register by default
-unknown-git = "deny"
+unknown-git = "deny"
diff --git a/src/hazardous/ecc/x25519.rs b/src/hazardous/ecc/x25519.rs
@@ -500,12 +500,13 @@ impl PublicKey {
 ///
 /// # Security:
 /// - __**Avoid using**__ `unprotected_as_bytes()` whenever possible, as it breaks all protections
-/// that the type implements.
+///   that the type implements.
 ///
 /// - The trait `PartialEq<&'_ [u8]>` is implemented for this type so that users are not tempted
-/// to call `unprotected_as_bytes` to compare this sensitive value to a byte slice. The trait
-/// is implemented in such a way that the comparison happens in constant time. Thus, users should
-/// prefer `SecretType == &[u8]` over `SecretType.unprotected_as_bytes() == &[u8]`.
+///   to call `unprotected_as_bytes` to compare this sensitive value to a byte slice. The trait
+///   is implemented in such a way that the comparison happens in constant time. Thus, users should
+///   prefer `SecretType == &[u8]` over `SecretType.unprotected_as_bytes() == &[u8]`.
+///
 /// Examples are shown below. The examples apply to any type that implements `PartialEq<&'_ [u8]>`.
 /// ```rust
 /// # #[cfg(feature = "safe_api")] {

diff --git a/src/hazardous/hash/sha2/mod.rs b/src/hazardous/hash/sha2/mod.rs
@@ -51,6 +51,7 @@ pub(crate) mod sha2_core {
         + PartialEq<Self>
         + Zeroize
     {
+        #[cfg(any(debug_assertions, test))]
         const MAX: Self;
 
         fn wrapping_add(&self, rhs: Self) -> Self;
@@ -476,6 +477,7 @@ pub(crate) mod w32 {
     }
 
     impl super::sha2_core::Word for WordU32 {
+        #[cfg(any(debug_assertions, test))]
         const MAX: Self = Self(u32::MAX);
 
         #[inline]
@@ -512,7 +514,7 @@ pub(crate) mod w32 {
 
         #[inline]
         fn size_of() -> usize {
-            core::mem::size_of::<u32>()
+            size_of::<u32>()
         }
 
         #[inline]
@@ -618,6 +620,7 @@ pub(crate) mod w64 {
     }
 
     impl super::sha2_core::Word for WordU64 {
+        #[cfg(any(debug_assertions, test))]
         const MAX: Self = Self(u64::MAX);
 
         #[inline]
@@ -654,7 +657,7 @@ pub(crate) mod w64 {
 
         #[inline]
         fn size_of() -> usize {
-            core::mem::size_of::<u64>()
+            size_of::<u64>()
         }
 
         #[inline]
@@ -707,14 +710,6 @@ mod test_word {
         let _ = WordU32::from((u32::MAX as usize) + 1);
     }
 
-    #[test]
-    #[should_panic]
-    #[cfg(target_pointer_width = "128")]
-    // See above note.
-    fn w64_panic_on_above_from() {
-        WordU64::from((u64::MAX as usize) + 1);
-    }
-
     #[test]
     fn equiv_max() {
         assert_eq!(WordU32::MAX.0, u32::MAX);
@@ -723,8 +718,8 @@ mod test_word {
 
     #[test]
     fn equiv_sizeof() {
-        assert_eq!(WordU32::size_of(), core::mem::size_of::<u32>());
-        assert_eq!(WordU64::size_of(), core::mem::size_of::<u64>());
+        assert_eq!(WordU32::size_of(), size_of::<u32>());
+        assert_eq!(WordU64::size_of(), size_of::<u64>());
     }
 
     #[test]
@@ -1029,8 +1024,8 @@ mod test_word {
             let w32n = WordU32::from(n);
             let w64m = WordU64::from(m);
 
-            let mut dest32 = [0u8; core::mem::size_of::<u32>()];
-            let mut dest64 = [0u8; core::mem::size_of::<u64>()];
+            let mut dest32 = [0u8; size_of::<u32>()];
+            let mut dest64 = [0u8; size_of::<u64>()];
             w32n.as_be(&mut dest32);
             w64m.as_be(&mut dest64);