Skip to content

Bump signature to v3.0.0-rc.4#1423

Merged
tarcieri merged 1 commit intomasterfrom
signature/v3.0.0-rc.4
Sep 13, 2025
Merged

Bump signature to v3.0.0-rc.4#1423
tarcieri merged 1 commit intomasterfrom
signature/v3.0.0-rc.4

Conversation

@tarcieri
Copy link
Copy Markdown
Member

@tarcieri tarcieri commented Sep 13, 2025

Also bumps ecdsa to v0.17.0-rc.7

This brings *DigestSigner/*DigestVerifier changes introduced in RustCrypto/traits#2004

cc @daxpedda

@tarcieri
Bump signature to v3.0.0-rc.4
7023004 
Also bumps `ecdsa` to v0.17.0-rc.7

This brings `*DigestSigner`/`*DigestVerifier` changes introduced in
RustCrypto/traits#2004
@tarcieri tarcieri merged commit 7ae747d into master Sep 13, 2025
174 checks passed
@tarcieri tarcieri deleted the signature/v3.0.0-rc.4 branch September 13, 2025 17:28
@daxpedda
Copy link
Copy Markdown
Contributor

daxpedda commented Sep 13, 2025

@tarcieri should I do a follow-up where I change it to Default + FixedOutput + HashMarker + Update?

@tarcieri
Copy link
Copy Markdown
Member Author

tarcieri commented Sep 13, 2025

@daxpedda sure, if you can do that across the board both here and in the signatures repo that'd be great

@daxpedda
Copy link
Copy Markdown
Contributor

daxpedda commented Sep 14, 2025

@tarcieri so I did attempt to do this for signatures, but its not that straightforward.
You can find my attempt here: daxpedda/signatures@f89e410.

Basically dsa and ecdsa require rfc6979, which in turn uses SimpleHmacReset, which requires Digest.
So the first thing I did is switch rfc6979 to HmacReset, which "just" requires EagerHash (which still requires Digest).
After that, I started replacing all mentions of Digest in dsa and ecdsa with EagerHash.
This worked for dsa, but ecdsa doesn't use rfc6979 for verifying, which is behind a separate crate feature, so it doesn't pull in hmac either, not giving me access to EagerHash.
Because ecdsa::hazmat::DigestAlgorithm::Digest now requires EagerHash, I would need to pull in hmac for feature = "verifying".

So its all solvable, but the change is pervasive, let me know if you want me to continue with EagerHash.

Alternatively, we could just make Digest a supertrait over Update, among other traits. It always bothered me in the first place that this isn't the case.

I assume I will hit the same snag in elliptic-curves because its built on ecdsa.

@tarcieri
Copy link
Copy Markdown
Member Author

tarcieri commented Sep 14, 2025

Perhaps ecdsa has too many knobs. I've been thinking about getting rid of the features which avoid providing an algorithm implementation.

For now though, consolidating into one feature for both signing and verification seems fine to me.

@daxpedda
Copy link
Copy Markdown
Contributor

daxpedda commented Sep 14, 2025

What about changing everything from Digest to EagerHash? That's a pretty big change, is that alright?

@tarcieri
Copy link
Copy Markdown
Member Author

tarcieri commented Sep 14, 2025

Definitely makes sense for *Signer due to the use of HMAC. I guess I still don't completely understand why it's needed for *Verifier. Is it just for parity with *Signer?

@daxpedda
Copy link
Copy Markdown
Contributor

daxpedda commented Sep 14, 2025

Its because both signer and verifier implementations use type ecdsa::hazmat::DigestAlgorithm::Digest. But to make this type work for signer implementations I had to write type Digest: EagerHash and I can't write that if I'm unable to import the type.

@tarcieri
Copy link
Copy Markdown
Member Author

tarcieri commented Sep 14, 2025

Aha, makes sense. Sounds fine to change them all to EagerHash then.

This was referenced Sep 15, 2025
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tarcieri @daxpedda