From 63839c28978a065a51925a1a99f22b119511dd07 Mon Sep 17 00:00:00 2001 From: Andrew Pennebaker Date: Fri, 23 Jan 2026 12:28:21 -0600 Subject: [PATCH] sketch out some early dependency updates and minor refactorings --- apk/Cargo.toml | 2 +- apk/src/sign.rs | 5 +++-- appbundle/Cargo.toml | 4 ++-- msix/Cargo.toml | 2 +- msix/src/p7x.rs | 5 +++-- xcommon/Cargo.toml | 2 +- xcommon/src/lib.rs | 5 +++-- 7 files changed, 14 insertions(+), 11 deletions(-) diff --git a/apk/Cargo.toml b/apk/Cargo.toml index 520e3b0e..682a8a4f 100644 --- a/apk/Cargo.toml +++ b/apk/Cargo.toml @@ -13,7 +13,7 @@ quick-xml = { version = "0.26.0", features = ["serialize"] } rasn = "0.6.1" rasn-pkix = "0.6.0" roxmltree = "0.16.0" -rsa = "0.7.2" +rsa = "0.9.10" serde = { version = "1.0.151", features = ["derive"] } sha2 = { version = "0.10.6", features = ["oid"] } tracing = "0.1.37" diff --git a/apk/src/sign.rs b/apk/src/sign.rs index 1e907ca2..ae4ed163 100644 --- a/apk/src/sign.rs +++ b/apk/src/sign.rs @@ -1,8 +1,9 @@ use anyhow::Result; use byteorder::{LittleEndian, ReadBytesExt, WriteBytesExt}; use rasn_pkix::Certificate; +use rsa::pkcs1v15; use rsa::pkcs8::{DecodePublicKey, EncodePublicKey}; -use rsa::{PaddingScheme, PublicKey, RsaPublicKey}; +use rsa::RsaPublicKey; use sha2::{Digest as _, Sha256}; use std::fs::File; use std::io::{BufReader, Cursor, Read, Seek, SeekFrom, Write}; @@ -61,7 +62,7 @@ pub fn verify(path: &Path) -> Result> { ); let pubkey = RsaPublicKey::from_public_key_der(&signer.public_key)?; let digest = Sha256::digest(&signer.signed_data); - let padding = PaddingScheme::new_pkcs1v15_sign::(); + let padding = pkcs1v15::Pkcs1v15Sign::new::(); pubkey.verify(padding, &digest, &sig.signature)?; } let mut r = Cursor::new(&signer.signed_data[..]); diff --git a/appbundle/Cargo.toml b/appbundle/Cargo.toml index 80d0c8e2..44c6baa9 100644 --- a/appbundle/Cargo.toml +++ b/appbundle/Cargo.toml @@ -8,10 +8,10 @@ license = "Apache-2.0 OR MIT" [dependencies] anyhow = "1.0.68" -apple-codesign = "0.22.0" +apple-codesign = "0.29.0" icns = "0.3.1" log = "0.4.17" -pkcs8 = "0.9.0" +pkcs8 = "0.10.2" plist = "1.3.1" rasn = "0.6.1" rasn-cms = "0.6.0" diff --git a/msix/Cargo.toml b/msix/Cargo.toml index 466bb5a7..14ceeff9 100644 --- a/msix/Cargo.toml +++ b/msix/Cargo.toml @@ -22,4 +22,4 @@ zip = { version = "0.6.3", default-features = false } [dev-dependencies] der-parser = "8.1.0" -rsa = "0.7.2" +rsa = "0.9.10" diff --git a/msix/src/p7x.rs b/msix/src/p7x.rs index 55aeab9b..f0754978 100644 --- a/msix/src/p7x.rs +++ b/msix/src/p7x.rs @@ -164,8 +164,9 @@ impl Default for SpcSipInfoContent { #[cfg(test)] mod tests { use super::*; + use rsa::pkcs1v15; use rsa::pkcs8::DecodePrivateKey; - use rsa::{PaddingScheme, RsaPrivateKey}; + use rsa::RsaPrivateKey; use sha2::{Digest, Sha256}; const HASHES: Digests = Digests { @@ -257,7 +258,7 @@ mod tests { assert_eq!(&orig_digest[..], &digest[..]); let orig_signature = b"\x7f\x13uP\xc8m:\x99\xb6\x89u\x85y\xea\xfc\xd8Cw\x96w\x10>j\xa7Z\x8c\xa3\x1f\\\xf4\x82\\\xdf\x8eh;\x10\x16o/\"i\x89\xb9\xf1\x03\x9c\xb0)\x9f\xc4\xfe\xf1\x05\x93\xbeJ\xd2\xeb\xe3\xb1f\xb1rq\x89\xdf\x7f\xe4\xe1\n\xae\xa70\x8c|\xd3\xe6\xe6/\xad\x97\xcb1\xb6\xa0\xf9\x16z\x83R#\xe8n\r\xfdErJ\x01\xfb\xd4\xef\x05\xf9\xab\x08o\x16\xbc)C\xee\x03=$\x88>G\xa4\xba)\xbc\xf4n6\xaa\xfd\xa7e\x15\xb9,|\xd6\xf9\x9b>\xe8\x95\xf7\xc6\x08\n\t\x8a\xd5{j\x8a\xfe{,O\xf3\xd9\x8a\xc79\x9f\x80\xcd\x17k8\xf8\xb3\xc3\x96\xd8\x1a/\xa8\x14R\x14\xaf\x813\x91;>\x99\xd24\x86J\x12\x0e\x89\x0c\xb8?\xfa\xa8\x1dM\x98@vz'\xe6y\xab\xc0\xcb\xc5\xb3\xbeC'$\"\xd2\x15\xaf0\xa3\x05\xcbj\x18j\x11\xa2\xfd\xe7\xe6y\xcf\xadd\x99\xa9\xdc\xc4\xc2`\x1d\xb0\xe3\xdb\xfeC\xdc\xce\xe5@\xde;P\xfav\x8c\xff"; let key = RsaPrivateKey::from_pkcs8_pem(crate::DEBUG_PEM).unwrap(); - let padding = PaddingScheme::new_pkcs1v15_sign::(); + let padding = pkcs1v15::Pkcs1v15Sign::new::(); let sig = key.sign(padding, &digest).unwrap(); assert_eq!(sig.len(), orig_signature.len()); assert_eq!(sig, orig_signature); diff --git a/xcommon/Cargo.toml b/xcommon/Cargo.toml index 4d725d7d..8ebf0edf 100644 --- a/xcommon/Cargo.toml +++ b/xcommon/Cargo.toml @@ -14,6 +14,6 @@ image = { version = "0.24.5", default-features = false, features = ["png", "webp pem = "1.1.0" rasn = "0.6.1" rasn-pkix = "0.6.0" -rsa = "0.7.2" +rsa = "0.9.10" sha2 = { version = "0.10.6", features = ["oid"] } zip = { version = "0.6.3", default-features = false, features = ["deflate"] } diff --git a/xcommon/src/lib.rs b/xcommon/src/lib.rs index 61e7c0af..72440cd5 100644 --- a/xcommon/src/lib.rs +++ b/xcommon/src/lib.rs @@ -5,8 +5,9 @@ use byteorder::{LittleEndian, ReadBytesExt}; use image::imageops::FilterType; use image::io::Reader as ImageReader; use image::{DynamicImage, GenericImageView, ImageOutputFormat, RgbaImage}; +use rsa::pkcs1v15; use rsa::pkcs8::DecodePrivateKey; -use rsa::{PaddingScheme, RsaPrivateKey, RsaPublicKey}; +use rsa::{RsaPrivateKey, RsaPublicKey}; use sha2::{Digest, Sha256}; use std::fs::{File, OpenOptions}; use std::io::{Cursor, Read, Seek, SeekFrom, Write}; @@ -180,7 +181,7 @@ impl Signer { pub fn sign(&self, bytes: &[u8]) -> Vec { let digest = Sha256::digest(bytes); - let padding = PaddingScheme::new_pkcs1v15_sign::(); + let padding = pkcs1v15::Pkcs1v15Sign::new::(); self.key.sign(padding, &digest).unwrap() }