diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-18 02:49:50 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-18 02:49:50 +0000 |
| commit | 9835e2ae736235810b4ea1c162ca5e65c547e770 (patch) | |
| tree | 3fcebf40ed70e581d776a8a4c65923e8ec20e026 /vendor/orion/src | |
| parent | Releasing progress-linux version 1.70.0+dfsg2-1~progress7.99u1. (diff) | |
| download | rustc-9835e2ae736235810b4ea1c162ca5e65c547e770.tar.xz rustc-9835e2ae736235810b4ea1c162ca5e65c547e770.zip | |
Merging upstream version 1.71.1+dfsg1.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'vendor/orion/src')
44 files changed, 71 insertions, 61 deletions
diff --git a/vendor/orion/src/errors.rs b/vendor/orion/src/errors.rs index 9a7c99f6c..33a5662e2 100644 --- a/vendor/orion/src/errors.rs +++ b/vendor/orion/src/errors.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2018-2022 The orion Developers +// Copyright (c) 2018-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal diff --git a/vendor/orion/src/hazardous/aead/chacha20poly1305.rs b/vendor/orion/src/hazardous/aead/chacha20poly1305.rs index 967516d87..bc1175809 100644 --- a/vendor/orion/src/hazardous/aead/chacha20poly1305.rs +++ b/vendor/orion/src/hazardous/aead/chacha20poly1305.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2018-2022 The orion Developers +// Copyright (c) 2018-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal diff --git a/vendor/orion/src/hazardous/aead/mod.rs b/vendor/orion/src/hazardous/aead/mod.rs index f509166fc..61d408728 100644 --- a/vendor/orion/src/hazardous/aead/mod.rs +++ b/vendor/orion/src/hazardous/aead/mod.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2018-2022 The orion Developers +// Copyright (c) 2018-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal diff --git a/vendor/orion/src/hazardous/aead/streaming.rs b/vendor/orion/src/hazardous/aead/streaming.rs index 25f6afceb..a030f0683 100644 --- a/vendor/orion/src/hazardous/aead/streaming.rs +++ b/vendor/orion/src/hazardous/aead/streaming.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2019-2022 The orion Developers +// Copyright (c) 2019-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal diff --git a/vendor/orion/src/hazardous/aead/xchacha20poly1305.rs b/vendor/orion/src/hazardous/aead/xchacha20poly1305.rs index 392c8c798..1d110f7ed 100644 --- a/vendor/orion/src/hazardous/aead/xchacha20poly1305.rs +++ b/vendor/orion/src/hazardous/aead/xchacha20poly1305.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2018-2022 The orion Developers +// Copyright (c) 2018-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal diff --git a/vendor/orion/src/hazardous/ecc/mod.rs b/vendor/orion/src/hazardous/ecc/mod.rs index 803cb09f7..a539b6747 100644 --- a/vendor/orion/src/hazardous/ecc/mod.rs +++ b/vendor/orion/src/hazardous/ecc/mod.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2021-2022 The orion Developers +// Copyright (c) 2021-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal diff --git a/vendor/orion/src/hazardous/ecc/x25519.rs b/vendor/orion/src/hazardous/ecc/x25519.rs index 44283d4a2..4bbbbc869 100644 --- a/vendor/orion/src/hazardous/ecc/x25519.rs +++ b/vendor/orion/src/hazardous/ecc/x25519.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2021-2022 The orion Developers +// Copyright (c) 2021-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal diff --git a/vendor/orion/src/hazardous/hash/blake2/blake2b.rs b/vendor/orion/src/hazardous/hash/blake2/blake2b.rs index 06fbd8a1e..877f2bbe6 100644 --- a/vendor/orion/src/hazardous/hash/blake2/blake2b.rs +++ b/vendor/orion/src/hazardous/hash/blake2/blake2b.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2018-2022 The orion Developers +// Copyright (c) 2018-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal diff --git a/vendor/orion/src/hazardous/hash/blake2/mod.rs b/vendor/orion/src/hazardous/hash/blake2/mod.rs index d74bedcb6..c64ab5b9f 100644 --- a/vendor/orion/src/hazardous/hash/blake2/mod.rs +++ b/vendor/orion/src/hazardous/hash/blake2/mod.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2018-2022 The orion Developers +// Copyright (c) 2018-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal diff --git a/vendor/orion/src/hazardous/hash/mod.rs b/vendor/orion/src/hazardous/hash/mod.rs index a7d823fbc..ad3ac155e 100644 --- a/vendor/orion/src/hazardous/hash/mod.rs +++ b/vendor/orion/src/hazardous/hash/mod.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2018-2022 The orion Developers +// Copyright (c) 2018-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal diff --git a/vendor/orion/src/hazardous/hash/sha2/mod.rs b/vendor/orion/src/hazardous/hash/sha2/mod.rs index 4fb62cafb..cbdbb9a63 100644 --- a/vendor/orion/src/hazardous/hash/sha2/mod.rs +++ b/vendor/orion/src/hazardous/hash/sha2/mod.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2020-2022 The orion Developers +// Copyright (c) 2020-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal diff --git a/vendor/orion/src/hazardous/hash/sha2/sha256.rs b/vendor/orion/src/hazardous/hash/sha2/sha256.rs index 4300a0dac..737660715 100644 --- a/vendor/orion/src/hazardous/hash/sha2/sha256.rs +++ b/vendor/orion/src/hazardous/hash/sha2/sha256.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2020-2022 The orion Developers +// Copyright (c) 2020-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal diff --git a/vendor/orion/src/hazardous/hash/sha2/sha384.rs b/vendor/orion/src/hazardous/hash/sha2/sha384.rs index 3028e384a..e4df99d7a 100644 --- a/vendor/orion/src/hazardous/hash/sha2/sha384.rs +++ b/vendor/orion/src/hazardous/hash/sha2/sha384.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2020-2022 The orion Developers +// Copyright (c) 2020-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal diff --git a/vendor/orion/src/hazardous/hash/sha2/sha512.rs b/vendor/orion/src/hazardous/hash/sha2/sha512.rs index 0e0a1120c..f582f78c2 100644 --- a/vendor/orion/src/hazardous/hash/sha2/sha512.rs +++ b/vendor/orion/src/hazardous/hash/sha2/sha512.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2018-2022 The orion Developers +// Copyright (c) 2018-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal diff --git a/vendor/orion/src/hazardous/kdf/argon2i.rs b/vendor/orion/src/hazardous/kdf/argon2i.rs index 1257eff43..840c5b885 100644 --- a/vendor/orion/src/hazardous/kdf/argon2i.rs +++ b/vendor/orion/src/hazardous/kdf/argon2i.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2020-2022 The orion Developers +// Copyright (c) 2020-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal @@ -63,6 +63,9 @@ //! in depth against an attacker reading your application's private memory, then you as //! the user are responsible for zeroing out this buffer (see the [`zeroize` crate]). //! +//! The cost parameters were the recommended values at time of writing. Please be sure to also check +//! [OWASP] for the latest recommended values. +//! //! # Example: //! ```rust //! # #[cfg(feature = "safe_api")] { @@ -93,6 +96,7 @@ //! ``` //! [`secure_rand_bytes()`]: crate::util::secure_rand_bytes //! [`zeroize` crate]: https://crates.io/crates/zeroize +//! [OWASP]: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html use crate::errors::UnknownCryptoError; use crate::hazardous::hash::blake2::blake2b::Blake2b; @@ -494,7 +498,7 @@ pub fn derive_key( for segment_idx in offset..segment_length { let reference_idx = gidx.get_next(segment_idx, &mut working_block); - let current_idx = segment_n as u32 * segment_length + segment_idx as u32; + let current_idx = segment_n as u32 * segment_length + segment_idx; let previous_idx = if current_idx > 0 { current_idx - 1 } else { @@ -1481,7 +1485,7 @@ mod private { // Mimic offset..segment_length runs with idx assert_eq!( *expected, - gidx.get_next(idx as u32, &mut tmp_block), + gidx.get_next(idx, &mut tmp_block), "Invalid at {}", idx ); @@ -1572,7 +1576,7 @@ mod private { // Mimic offset..segment_length runs with idx assert_eq!( *expected, - gidx.get_next(idx as u32, &mut tmp_block), + gidx.get_next(idx, &mut tmp_block), "Invalid at {}", idx ); @@ -1666,7 +1670,7 @@ mod private { // Mimic offset..segment_length runs with idx assert_eq!( *expected, - gidx.get_next(idx as u32, &mut tmp_block), + gidx.get_next(idx, &mut tmp_block), "Invalid at {}", idx ); @@ -1760,7 +1764,7 @@ mod private { // Mimic offset..segment_length runs with idx assert_eq!( *expected, - gidx.get_next(idx as u32, &mut tmp_block), + gidx.get_next(idx, &mut tmp_block), "Invalid at {}", idx ); @@ -1851,7 +1855,7 @@ mod private { // Mimic offset..segment_length runs with idx assert_eq!( *expected, - gidx.get_next(idx as u32, &mut tmp_block), + gidx.get_next(idx, &mut tmp_block), "Invalid at {}", idx ); @@ -1944,7 +1948,7 @@ mod private { // Mimic offset..segment_length runs with idx assert_eq!( *expected, - gidx.get_next(idx as u32, &mut tmp_block), + gidx.get_next(idx, &mut tmp_block), "Invalid at {}", idx ); @@ -2038,7 +2042,7 @@ mod private { // Mimic offset..segment_length runs with idx assert_eq!( *expected, - gidx.get_next(idx as u32, &mut tmp_block), + gidx.get_next(idx, &mut tmp_block), "Invalid at {}", idx ); @@ -2132,7 +2136,7 @@ mod private { // Mimic offset..segment_length runs with idx assert_eq!( *expected, - gidx.get_next(idx as u32, &mut tmp_block), + gidx.get_next(idx, &mut tmp_block), "Invalid at {}", idx ); @@ -2224,7 +2228,7 @@ mod private { // Mimic offset..segment_length runs with idx assert_eq!( *expected, - gidx.get_next(idx as u32, &mut tmp_block), + gidx.get_next(idx, &mut tmp_block), "Invalid at {}", idx ); @@ -2317,7 +2321,7 @@ mod private { // Mimic offset..segment_length runs with idx assert_eq!( *expected, - gidx.get_next(idx as u32, &mut tmp_block), + gidx.get_next(idx, &mut tmp_block), "Invalid at {}", idx ); @@ -2411,7 +2415,7 @@ mod private { // Mimic offset..segment_length runs with idx assert_eq!( *expected, - gidx.get_next(idx as u32, &mut tmp_block), + gidx.get_next(idx, &mut tmp_block), "Invalid at {}", idx ); @@ -2505,7 +2509,7 @@ mod private { // Mimic offset..segment_length runs with idx assert_eq!( *expected, - gidx.get_next(idx as u32, &mut tmp_block), + gidx.get_next(idx, &mut tmp_block), "Invalid at {}", idx ); diff --git a/vendor/orion/src/hazardous/kdf/hkdf.rs b/vendor/orion/src/hazardous/kdf/hkdf.rs index 8bb9321ab..371566a59 100644 --- a/vendor/orion/src/hazardous/kdf/hkdf.rs +++ b/vendor/orion/src/hazardous/kdf/hkdf.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2018-2022 The orion Developers +// Copyright (c) 2018-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal diff --git a/vendor/orion/src/hazardous/kdf/mod.rs b/vendor/orion/src/hazardous/kdf/mod.rs index df1cb66e0..28068769d 100644 --- a/vendor/orion/src/hazardous/kdf/mod.rs +++ b/vendor/orion/src/hazardous/kdf/mod.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2018-2022 The orion Developers +// Copyright (c) 2018-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal diff --git a/vendor/orion/src/hazardous/kdf/pbkdf2.rs b/vendor/orion/src/hazardous/kdf/pbkdf2.rs index 58b4e2291..9ed23b06f 100644 --- a/vendor/orion/src/hazardous/kdf/pbkdf2.rs +++ b/vendor/orion/src/hazardous/kdf/pbkdf2.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2018-2022 The orion Developers +// Copyright (c) 2018-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal @@ -44,8 +44,8 @@ //! - Salts should always be generated using a CSPRNG. //! [`secure_rand_bytes()`] can be used for this. //! - The recommended length for a salt is 64 bytes. -//! - The iteration count should be set as high as feasible. The recommended -//! minimum is 100000. +//! - The iteration count should be set as high as feasible. Please check [OWASP] for +//! the recommended minimum amount (600000 at the time of writing). //! - Please note that when verifying, a copy of the computed password hash is placed into //! `dst_out`. If the derived hash is considered sensitive and you want to provide defense //! in depth against an attacker reading your application's private memory, then you as @@ -72,6 +72,7 @@ //! [`Password::generate()`]: pbkdf2::sha512::Password::generate //! [`secure_rand_bytes()`]: crate::util::secure_rand_bytes //! [`zeroize` crate]: https://crates.io/crates/zeroize +//! [OWASP]: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html use crate::{errors::UnknownCryptoError, hazardous::mac::hmac}; diff --git a/vendor/orion/src/hazardous/mac/blake2b.rs b/vendor/orion/src/hazardous/mac/blake2b.rs index 65fc86cf7..9b9bfab6e 100644 --- a/vendor/orion/src/hazardous/mac/blake2b.rs +++ b/vendor/orion/src/hazardous/mac/blake2b.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2018-2022 The orion Developers +// Copyright (c) 2018-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal diff --git a/vendor/orion/src/hazardous/mac/hmac.rs b/vendor/orion/src/hazardous/mac/hmac.rs index dea7611bb..f5fecf224 100644 --- a/vendor/orion/src/hazardous/mac/hmac.rs +++ b/vendor/orion/src/hazardous/mac/hmac.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2018-2022 The orion Developers +// Copyright (c) 2018-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal diff --git a/vendor/orion/src/hazardous/mac/mod.rs b/vendor/orion/src/hazardous/mac/mod.rs index f8d02c514..114062b25 100644 --- a/vendor/orion/src/hazardous/mac/mod.rs +++ b/vendor/orion/src/hazardous/mac/mod.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2018-2022 The orion Developers +// Copyright (c) 2018-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal diff --git a/vendor/orion/src/hazardous/mac/poly1305.rs b/vendor/orion/src/hazardous/mac/poly1305.rs index 2b39421e3..29853f566 100644 --- a/vendor/orion/src/hazardous/mac/poly1305.rs +++ b/vendor/orion/src/hazardous/mac/poly1305.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2018-2022 The orion Developers +// Copyright (c) 2018-2023 The orion Developers // Based on the algorithm from https://github.com/floodyberry/poly1305-donna // Permission is hereby granted, free of charge, to any person obtaining a copy @@ -163,7 +163,7 @@ impl Poly1305 { mb[..16].copy_from_slice(data); // One byte is appended to detect trailing zeroes if not last chunk. // See https://cr.yp.to/mac/poly1305-20050329.pdf, Section 2 "Conversion and padding". - mb[16] = if self.is_finalized { 0 } else { 1 }; + mb[16] = u8::from(!self.is_finalized); let mut m: fiat_poly1305_tight_field_element = [0u32; 5]; fiat_poly1305_from_bytes(&mut m, &mb); diff --git a/vendor/orion/src/hazardous/mod.rs b/vendor/orion/src/hazardous/mod.rs index 0817404e7..25a5ae227 100644 --- a/vendor/orion/src/hazardous/mod.rs +++ b/vendor/orion/src/hazardous/mod.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2018-2022 The orion Developers +// Copyright (c) 2018-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal diff --git a/vendor/orion/src/hazardous/stream/chacha20.rs b/vendor/orion/src/hazardous/stream/chacha20.rs index 774ef8a67..f5c9bcda9 100644 --- a/vendor/orion/src/hazardous/stream/chacha20.rs +++ b/vendor/orion/src/hazardous/stream/chacha20.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2018-2022 The orion Developers +// Copyright (c) 2018-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal diff --git a/vendor/orion/src/hazardous/stream/mod.rs b/vendor/orion/src/hazardous/stream/mod.rs index 82b9af410..a211b7d77 100644 --- a/vendor/orion/src/hazardous/stream/mod.rs +++ b/vendor/orion/src/hazardous/stream/mod.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2018-2022 The orion Developers +// Copyright (c) 2018-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal diff --git a/vendor/orion/src/hazardous/stream/xchacha20.rs b/vendor/orion/src/hazardous/stream/xchacha20.rs index 3116aa62b..b8940aacb 100644 --- a/vendor/orion/src/hazardous/stream/xchacha20.rs +++ b/vendor/orion/src/hazardous/stream/xchacha20.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2018-2022 The orion Developers +// Copyright (c) 2018-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal diff --git a/vendor/orion/src/high_level/aead.rs b/vendor/orion/src/high_level/aead.rs index 4ab5003c2..4159ef83b 100644 --- a/vendor/orion/src/high_level/aead.rs +++ b/vendor/orion/src/high_level/aead.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2020-2022 The orion Developers +// Copyright (c) 2020-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal diff --git a/vendor/orion/src/high_level/auth.rs b/vendor/orion/src/high_level/auth.rs index e7957a7b3..7c61f9bd0 100644 --- a/vendor/orion/src/high_level/auth.rs +++ b/vendor/orion/src/high_level/auth.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2020-2022 The orion Developers +// Copyright (c) 2020-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal diff --git a/vendor/orion/src/high_level/hash.rs b/vendor/orion/src/high_level/hash.rs index e51777354..78b4bda4c 100644 --- a/vendor/orion/src/high_level/hash.rs +++ b/vendor/orion/src/high_level/hash.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2020-2022 The orion Developers +// Copyright (c) 2020-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal diff --git a/vendor/orion/src/high_level/hltypes.rs b/vendor/orion/src/high_level/hltypes.rs index 5e168f9a5..419cb2202 100644 --- a/vendor/orion/src/high_level/hltypes.rs +++ b/vendor/orion/src/high_level/hltypes.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2020-2022 The orion Developers +// Copyright (c) 2020-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal diff --git a/vendor/orion/src/high_level/kdf.rs b/vendor/orion/src/high_level/kdf.rs index 9b39f9479..87f019200 100644 --- a/vendor/orion/src/high_level/kdf.rs +++ b/vendor/orion/src/high_level/kdf.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2020-2022 The orion Developers +// Copyright (c) 2020-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal @@ -58,6 +58,8 @@ //! - The recommended minimum size for a salt is 16 bytes. //! - The recommended minimum size for a derived key is 16 bytes. //! +//! If the concrete cost parameters needed are unclear, please refer to [OWASP] for recommended minimum values. +//! //! # Example: //! ```rust //! use orion::kdf; @@ -70,6 +72,7 @@ //! # Ok::<(), orion::errors::UnknownCryptoError>(()) //! ``` //! [libsodium's docs]: https://download.libsodium.org/doc/password_hashing/default_phf#guidelines-for-choosing-the-parameters +//! [OWASP]: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html #![cfg_attr(docsrs, doc(cfg(feature = "safe_api")))] diff --git a/vendor/orion/src/high_level/kex.rs b/vendor/orion/src/high_level/kex.rs index 2d5a406f2..787f514a2 100644 --- a/vendor/orion/src/high_level/kex.rs +++ b/vendor/orion/src/high_level/kex.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2021-2022 The orion Developers +// Copyright (c) 2021-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal diff --git a/vendor/orion/src/high_level/mod.rs b/vendor/orion/src/high_level/mod.rs index b7b573924..25080e8fc 100644 --- a/vendor/orion/src/high_level/mod.rs +++ b/vendor/orion/src/high_level/mod.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2020-2022 The orion Developers +// Copyright (c) 2020-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal diff --git a/vendor/orion/src/high_level/pwhash.rs b/vendor/orion/src/high_level/pwhash.rs index dd8dbe087..3daee3917 100644 --- a/vendor/orion/src/high_level/pwhash.rs +++ b/vendor/orion/src/high_level/pwhash.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2020-2022 The orion Developers +// Copyright (c) 2020-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal @@ -74,6 +74,8 @@ //! - Choosing the correct cost parameters is important for security. Please refer to [libsodium's docs] //! for a description of how to do this. //! +//! If the concrete cost parameters needed are unclear, please refer to [OWASP] for recommended minimum values. +//! //! # Example: //! ```rust //! use orion::pwhash; @@ -86,6 +88,7 @@ //! ``` //! [encoding format here]: https://github.com/P-H-C/phc-string-format/blob/master/phc-sf-spec.md //! [libsodium's docs]: https://download.libsodium.org/doc/password_hashing/default_phf#guidelines-for-choosing-the-parameters +//! [OWASP]: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html #![cfg_attr(docsrs, doc(cfg(feature = "safe_api")))] diff --git a/vendor/orion/src/lib.rs b/vendor/orion/src/lib.rs index 32c8e8a88..5064526a2 100644 --- a/vendor/orion/src/lib.rs +++ b/vendor/orion/src/lib.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2018-2022 The orion Developers +// Copyright (c) 2018-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal @@ -64,7 +64,6 @@ unused_qualifications, overflowing_literals )] -#![doc(html_root_url = "https://docs.rs/orion/0.17.3")] #![cfg_attr(docsrs, feature(doc_cfg))] #[cfg(test)] diff --git a/vendor/orion/src/test_framework/aead_interface.rs b/vendor/orion/src/test_framework/aead_interface.rs index fa4bfb7ca..93ed41b25 100644 --- a/vendor/orion/src/test_framework/aead_interface.rs +++ b/vendor/orion/src/test_framework/aead_interface.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2019-2022 The orion Developers +// Copyright (c) 2019-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal diff --git a/vendor/orion/src/test_framework/incremental_interface.rs b/vendor/orion/src/test_framework/incremental_interface.rs index 060b67f8d..6bb14b93d 100644 --- a/vendor/orion/src/test_framework/incremental_interface.rs +++ b/vendor/orion/src/test_framework/incremental_interface.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2019-2022 The orion Developers +// Copyright (c) 2019-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal diff --git a/vendor/orion/src/test_framework/mod.rs b/vendor/orion/src/test_framework/mod.rs index 8612baec2..afe93610e 100644 --- a/vendor/orion/src/test_framework/mod.rs +++ b/vendor/orion/src/test_framework/mod.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2019-2022 The orion Developers +// Copyright (c) 2019-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal diff --git a/vendor/orion/src/test_framework/streamcipher_interface.rs b/vendor/orion/src/test_framework/streamcipher_interface.rs index b6cded990..d46e202ca 100644 --- a/vendor/orion/src/test_framework/streamcipher_interface.rs +++ b/vendor/orion/src/test_framework/streamcipher_interface.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2019-2022 The orion Developers +// Copyright (c) 2019-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal diff --git a/vendor/orion/src/typedefs.rs b/vendor/orion/src/typedefs.rs index dafc6b6e0..6471c3036 100644 --- a/vendor/orion/src/typedefs.rs +++ b/vendor/orion/src/typedefs.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2018-2022 The orion Developers +// Copyright (c) 2018-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal diff --git a/vendor/orion/src/util/endianness.rs b/vendor/orion/src/util/endianness.rs index 8d78e2369..e40087350 100644 --- a/vendor/orion/src/util/endianness.rs +++ b/vendor/orion/src/util/endianness.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2019-2022 The orion Developers +// Copyright (c) 2019-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal diff --git a/vendor/orion/src/util/mod.rs b/vendor/orion/src/util/mod.rs index d71556005..27fc29156 100644 --- a/vendor/orion/src/util/mod.rs +++ b/vendor/orion/src/util/mod.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2018-2022 The orion Developers +// Copyright (c) 2018-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal diff --git a/vendor/orion/src/util/u32x4.rs b/vendor/orion/src/util/u32x4.rs index c17b7e36e..c1ff1bcce 100644 --- a/vendor/orion/src/util/u32x4.rs +++ b/vendor/orion/src/util/u32x4.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2019-2022 The orion Developers +// Copyright (c) 2019-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal diff --git a/vendor/orion/src/util/u64x4.rs b/vendor/orion/src/util/u64x4.rs index 5edde773b..bc181c49a 100644 --- a/vendor/orion/src/util/u64x4.rs +++ b/vendor/orion/src/util/u64x4.rs @@ -1,6 +1,6 @@ // MIT License -// Copyright (c) 2019-2022 The orion Developers +// Copyright (c) 2019-2023 The orion Developers // Permission is hereby granted, free of charge, to any person obtaining a copy // of this software and associated documentation files (the "Software"), to deal |