malept / crypto-hash Goto Github PK
View Code? Open in Web Editor NEWA Rust wrapper for OS-level cryptographic hash functions
Home Page: https://malept.github.io/crypto-hash/
License: MIT License
A Rust wrapper for OS-level cryptographic hash functions
Home Page: https://malept.github.io/crypto-hash/
License: MIT License
I'm building a library for automatic binary segmentation. This requires precise hash calculation.
The user of my library has to specify the hash of the file beforehand. So I run:
shasum -b -a 256 some_binary_file
and get a hash. But when comparing this hash to the hash I'm obtaining through hex_digest
, the hashes differ.
OS: macOS
Rust: stable (1.31)
shasum version: 5.84
crypto-hash v. 0.3.1. fails to build for me. I used Windows 10 Enterprise build 17763.rs5_release.180914-1434. You can download a VM with this environment at https://developer.microsoft.com/en-us/windows/downloads/virtual-machines .
rustc output:
thread 'main' panicked at 'failed unsafe {
CryptAcquireContextW(&mut hcp, ptr::null(), ptr::null(), PROV_RSA_AES,
CRYPT_VERIFYCONTEXT | CRYPT_SILENT)
}: Provider DLL failed to initialize correctly. (os error -2146893795)', C:\Users\appveyor\.cargo\registry\src\github.com-1ecc6299db9ec823\crypto-hash-0.3.1\src\imp\cryptoapi.rs:91:9
Hello, any idea of when a new minor version can be released? On the recent commits there's a version bump for packages, like hex. I need to reduce binary size on a project I work on that depends on crypto-hash, a new release would work perfectly for us.
This library uses e.g. CryptAcquireContextW
. As noted on the linked page, this is part of the deprecated API CryptoAPI. This is a proposal to migrate from CryptoAPI to CNG.
To help build more portable executables, it would be nice to have an option to build against a vendored openssl version.
At the moment, I have to do the following myself, even though openssl is a transitive dependency:
# This is a hack, to force openssl to be built statically.
# It's a dependency of crypto-hash.
[dependencies.openssl]
version = "0.10"
features = ["vendored"]
Hello, on Windows a call to write_all
after finish
causes panic.
Example:
use crypto_hash::{Algorithm, Hasher};
use std::io::Write;
fn main() {
let mut hasher = Hasher::new(Algorithm::MD5);
let message1 = b"Hello";
hasher.write_all(message1).unwrap();
let _hash1 = hasher.finish();
let message2 = b"world!";
hasher.write_all(message2).unwrap();
let _hash2 = hasher.finish();
}
This is caused by the misusage of the Windows CryptoAPI.
As stated here in the Microsoft documentation:
- The hash value can be retrieved by using CryptGetHashParam
- [...]
After one of the functions from this list has been called, CryptHashData and CryptHashSessionKey cannot be called.
The published version does not have this fix: 091fdea
Thus any build for iOS that has this dependency fails because it requires openssl. Would you mind publishing?
We're seeing breakage on Rust's CI for a breaking change in the 0.3.2 release:
[00:03:50] error[E0308]: mismatched types
[00:03:50] --> /cargo/registry/src/github.com-1ecc6299db9ec823/cargo-0.32.0/src/cargo/util/sha256.rs:9:34
[00:03:50] |
[00:03:50] 9 | let hasher = Hasher::new(Algorithm::SHA256);
[00:03:50] | ^^^^^^^^^^^^^^^^^
[00:03:50] | |
[00:03:50] | expected reference, found enum `util::sha256::crypto_hash::Algorithm`
[00:03:50] | help: consider borrowing here: `&Algorithm::SHA256`
[00:03:50] |
[00:03:50] = note: expected type `&util::sha256::crypto_hash::Algorithm`
[00:03:50] found type `util::sha256::crypto_hash::Algorithm`
[00:03:50]
[00:03:50] error: aborting due to previous error
[00:03:50]
[00:03:50] For more information about this error, try `rustc --explain E0308`.
It looks like a reference wasn't previously needed but now it is? Would it be possible to yank 0.3.2 and publish 0.3.3 with a fix?
Assuming I used your sample code:
use crypto_hash::{Algorithm, hex_digest};
let digest = hex_digest(Algorithm::SHA256, b"crypto-hash");
println!("{}", digest);
The output will be:
fd1afb6022cd4d47c890961c533928eacfe8219f1b2524f7fb2a61847ddf8c27
Then, how ca I unhash
it, if I want to read the original input
Hey,
Is it possible to introduce a fallback to openssl when it is building agains macOS 10.7 or anything before 10.8?
Right now it can't be linked agains such old system because commoncrypto is used an API which was added on 10.8 :)
Thanks!
Hiya @malept
If I would have potentially a security issue would the preference to be to raise privately or raise public issue ?
Also would you be okay for people still using the crate ? Thanks!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.