forked from transact-rs/sqlx
-
Notifications
You must be signed in to change notification settings - Fork 15
Draft
Conversation
Updates several cryptographic dependencies to their latest release candidates. Fixes an issue with MD5 password hashing by correctly formatting the output. Co-authored-by: contact <contact@ophir.dev>
Cursor Agent can help with this pull request. Just @cursor in comments and I'll start working on changes in this branch.
Learn more about Cursor Agents
lovasoa
commented
Nov 28, 2025
Collaborator
Author
@cursoragent test locally with all feature combinations
Run cargo clippy --manifest-path sqlx-core/Cargo.toml \
cargo clippy --manifest-path sqlx-core/Cargo.toml \
--no-default-features \
--features offline,all-databases,all-types,migrate,runtime-async-std-native-tls \
-- -D warnings
error[E0107]: associated function takes 0 generic arguments but 1 generic argument was supplied
--> sqlx-core/src/mysql/connection/auth.rs:151:25
|
151 | let padding = Oaep::new::<sha1::Sha1>();
| ^^^-------------- help: remove the unnecessary generics
| |
| expected 0 generic arguments
|
note: associated function defined here, with 0 generic parameters
--> /home/runner/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/rsa-0.10.0-rc.10/src/oaep.rs:82:12
|
82 | pub fn new() -> Self {
| ^^^
error[E0277]: the trait bound `rand::prelude::ThreadRng: rsa::rand_core::CryptoRng` is not satisfied
--> sqlx-core/src/mysql/connection/auth.rs:152:18
|
152 | pkey.encrypt(&mut rand::thread_rng(), padding, &pass[..])
| ------- ^^^^^^^^^^^^^^^^^^^^^^^ the trait `std::ops::DerefMut` is not implemented for `rand::prelude::ThreadRng`
| |
| required by a bound introduced by this call
|
note: there are multiple different versions of crate `rand_core` in the dependency graph
--> /home/runner/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/rand_core-0.10.0-rc-2/src/lib.rs:165:1
|
165 | pub trait CryptoRng: RngCore {}
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ this is the required trait
|
::: sqlx-core/src/mysql/connection/auth.rs:4:5
|
4 | use rsa::{pkcs8::DecodePublicKey, Oaep, RsaPublicKey};
| --- one version of crate `rand_core` used here, as a dependency of crate `crypto_bigint`
|
::: sqlx-core/src/postgres/connection/establish.rs:1:5
|
1 | use rand::Rng as _;
| ---- one version of crate `rand_core` used here, as a dependency of crate `rand`
|
::: /home/runner/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/rand-0.8.5/src/rngs/thread.rs:62:1
|
62 | pub struct ThreadRng {
| -------------------- this type doesn't implement the required trait
|
::: /home/runner/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/rand_core-0.6.4/src/block.rs:68:1
|
68 | pub trait BlockRngCore {
| ---------------------- this is the found trait
= help: you can use `cargo tree` to explore your dependency tree
= note: required for `rand::prelude::ThreadRng` to implement `rsa::rand_core::CryptoRng`
note: required by a bound in `rsa::RsaPublicKey::encrypt`
--> /home/runner/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/rsa-0.10.0-rc.10/src/key.rs:191:23
|
191 | pub fn encrypt<R: CryptoRng + ?Sized, P: PaddingScheme>(
| ^^^^^^^^^ required by this bound in `RsaPublicKey::encrypt`
Some errors have detailed explanations: E0107, E0277.
For more information about an error, try `rustc --explain E0107`.
|
Compilation succeeded. Summary of fixes: SummaryFixed two compilation errors related to the updated RSA crate:
The code now compiles successfully with all feature combinations. The OpenSSL error seen in CI is an environment issue (missing Learn more about Cursor Agents |
Co-authored-by: contact <contact@ophir.dev>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Update
crypto-commonand related crypto crates to their latest release candidate versions.This update modernizes the crypto dependency stack, requiring adaptations to API changes in
hmac(addingKeyInittrait) and digest output formatting (using.as_slice()for hex conversion).