Bump to signature 3

Author: baloo

Cargo.lock

@@ -65,7 +65,7 @@ x509-ocsp = { path = "./x509-ocsp" }
 
 # https://github.com/RustCrypto/signatures/pull/913
 # https://github.com/RustCrypto/signatures/pull/923
-ecdsa   = { git = "https://github.com/RustCrypto/signatures.git" }
+ecdsa   = { git = "https://github.com/baloo/signatures.git", branch = "baloo/crypto-bigint/0.7.0-pre.2" }
 rfc6979 = { git = "https://github.com/RustCrypto/signatures.git" }
 # https://github.com/RustCrypto/key-wraps/pull/34
 # https://github.com/RustCrypto/key-wraps/pull/35
@@ -85,14 +85,13 @@ aead           = { git = "https://github.com/RustCrypto/traits.git" }
 
 # https://github.com/RustCrypto/RSA/pull/478
 # https://github.com/RustCrypto/RSA/pull/504
-rsa = { git = "https://github.com/RustCrypto/RSA.git" }
+rsa = { git = "https://github.com/baloo/RSA.git", branch = "baloo/signature3/v3" }
 
 # https://github.com/RustCrypto/password-hashes/pull/577
 # https://github.com/RustCrypto/password-hashes/pull/578
 pbkdf2 = { git = "https://github.com/RustCrypto/password-hashes.git" }
 scrypt = { git = "https://github.com/RustCrypto/password-hashes.git" }
 
-crypto-bigint = { git = "https://github.com/RustCrypto/crypto-bigint.git" }
 crypto-primes = { git = "https://github.com/entropyxyz/crypto-primes.git" }
 
 # https://github.com/RustCrypto/elliptic-curves/pull/1125

Cargo.toml

@@ -32,7 +32,7 @@ rsa = { version = "=0.10.0-pre.4", optional = true }
 sha1 = { version = "=0.11.0-pre.5", optional = true }
 sha2 = { version = "=0.11.0-pre.5", optional = true }
 sha3 = { version = "=0.11.0-pre.5", optional = true }
-signature = { version = "=2.3.0-pre.6", features = ["digest", "alloc"], optional = true }
+signature = { version = "=3.0.0-pre", features = ["digest", "alloc"], optional = true }
 zeroize = { version = "1.8.1", optional = true }
 
 [dev-dependencies]
@@ -45,7 +45,7 @@ pbkdf2 = "0.13.0-pre.0"
 rand = "0.9"
 rsa = { version = "=0.10.0-pre.4", features = ["sha2"] }
 ecdsa = { version = "=0.17.0-pre.9", features = ["digest", "pem"] }
-p256 = "=0.14.0-pre.2"
+p256 = { version = "=0.14.0-pre.2", features = ["digest"] }
 tokio = { version = "1.43.1", features = ["macros", "rt"] }
 x509-cert = { version = "=0.3.0-pre.0", features = ["pem"] }
 

cms/Cargo.toml

@@ -24,15 +24,15 @@ spki = { version = "0.8.0-rc.0", features = ["alloc"] }
 arbitrary = { version = "1.4", features = ["derive"], optional = true }
 digest = { version = "0.11.0-pre.10", optional = true, default-features = false }
 sha1 = { version = "0.11.0-pre.5", default-features = false, optional = true }
-signature = { version = "=2.3.0-pre.6", features = ["rand_core"], optional = true }
+signature = { version = "=3.0.0-pre", features = ["rand_core"], optional = true }
 tls_codec = { version = "0.4.0", default-features = false, features = ["derive"], optional = true }
 
 [dev-dependencies]
 hex-literal = "1"
 rand = "0.9"
 rsa = { version = "=0.10.0-pre.4", features = ["sha2"] }
 ecdsa = { version = "=0.17.0-pre.9", features = ["digest", "pem"] }
-p256 = "=0.14.0-pre.2"
+p256 = { version = "=0.14.0-pre.2" }
 rstest = "0.25"
 sha2 = { version = "=0.11.0-pre.5", features = ["oid"] }
 tempfile = "3.5.0"

x509-cert/Cargo.toml

@@ -7,8 +7,10 @@ use der::{
 };
 use p256::{NistP256, ecdsa::DerSignature, pkcs8::DecodePrivateKey};
 use rand::rngs::OsRng;
-use rsa::pkcs1::DecodeRsaPrivateKey;
-use rsa::pkcs1v15::SigningKey;
+use rsa::{
+    pkcs1::DecodeRsaPrivateKey,
+    pkcs1v15::{self, SigningKey},
+};
 use sha2::Sha256;
 use signature::rand_core::TryRngCore;
 use spki::SubjectPublicKeyInfo;
@@ -46,7 +48,7 @@ fn root_ca_certificate() {
     let builder = CertificateBuilder::new(profile, serial_number, validity, pub_key)
         .expect("Create certificate");
 
-    let certificate = builder.build(&signer).unwrap();
+    let certificate = builder.build::<_, pkcs1v15::Signature>(&signer).unwrap();
 
     let pem = certificate.to_pem(LineEnding::LF).expect("generate pem");
     println!("{}", openssl::check_certificate(pem.as_bytes()));
@@ -322,7 +324,9 @@ fn dynamic_signer() {
             .expect("Sign request")
     } else {
         let req_signer = rsa_signer();
-        csr_builder.build(&req_signer).expect("Sign request")
+        csr_builder
+            .build::<_, pkcs1v15::Signature>(&req_signer)
+            .expect("Sign request")
     };
 
     let csr_pem = csr.to_pem(LineEnding::LF).expect("format CSR");

x509-cert/tests/builder.rs

@@ -24,7 +24,7 @@ x509-cert = { version = "=0.3.0-pre.0", default-features = false }
 # Optional
 digest = { version = "=0.11.0-pre.10", optional = true, default-features = false, features = ["oid"] }
 rand_core = { version = "0.9", optional = true, default-features = false }
-signature = { version = "=2.3.0-pre.6", optional = true, default-features = false, features = ["digest", "rand_core"] }
+signature = { version = "=3.0.0-pre", optional = true, default-features = false, features = ["digest", "rand_core"] }
 
 [dev-dependencies]
 hex-literal = "1"

x509-ocsp/Cargo.toml

@@ -4,7 +4,11 @@
 use der::{DateTime, Decode, Encode};
 use hex_literal::hex;
 use lazy_static::lazy_static;
-use rsa::{RsaPrivateKey, pkcs1v15::SigningKey, pkcs8::DecodePrivateKey};
+use rsa::{
+    RsaPrivateKey,
+    pkcs1v15::{self, SigningKey},
+    pkcs8::DecodePrivateKey,
+};
 use sha1::Sha1;
 use sha2::{Sha224, Sha256, Sha384, Sha512};
 use x509_cert::{Certificate, name::Name, serial_number::SerialNumber};
@@ -173,7 +177,7 @@ fn encode_ocsp_req_signed() {
         .with_request(
             Request::from_issuer::<Sha1>(&ISSUER, SerialNumber::from(0x10001usize)).unwrap(),
         )
-        .sign(&mut signer, Some(vec![CERT.clone()]))
+        .sign::<_, pkcs1v15::Signature>(&mut signer, Some(vec![CERT.clone()]))
         .unwrap();
     assert_eq!(&req.to_der().unwrap(), &req_der);
 }
@@ -212,7 +216,7 @@ fn encode_ocsp_resp_sha1_certid() {
                 DateTime::new(2020, 1, 1, 0, 0, 0).unwrap(),
             )),
         )
-        .sign(
+        .sign::<_, pkcs1v15::Signature>(
             &mut signer,
             Some(vec![ISSUER.clone()]),
             OcspGeneralizedTime::from(DateTime::new(2020, 1, 1, 0, 0, 0).unwrap()),
@@ -236,7 +240,7 @@ fn encode_ocsp_resp_sha256_certid() {
                 DateTime::new(2020, 1, 1, 0, 0, 0).unwrap(),
             )),
         )
-        .sign(
+        .sign::<_, pkcs1v15::Signature>(
             &mut signer,
             Some(vec![ISSUER.clone()]),
             OcspGeneralizedTime::from(DateTime::new(2020, 1, 1, 0, 0, 0).unwrap()),
@@ -260,7 +264,7 @@ fn encode_ocsp_resp_sha512_certid() {
                 DateTime::new(2020, 1, 1, 0, 0, 0).unwrap(),
             )),
         )
-        .sign(
+        .sign::<_, pkcs1v15::Signature>(
             &mut signer,
             Some(vec![ISSUER.clone()]),
             OcspGeneralizedTime::from(DateTime::new(2020, 1, 1, 0, 0, 0).unwrap()),
@@ -303,7 +307,7 @@ fn encode_ocsp_resp_multiple_extensions() {
         )
         .with_extension(ext1)
         .unwrap()
-        .sign(
+        .sign::<_, pkcs1v15::Signature>(
             &mut signer,
             Some(vec![ISSUER.clone()]),
             OcspGeneralizedTime::from(DateTime::new(2020, 1, 1, 0, 0, 0).unwrap()),
@@ -397,7 +401,7 @@ fn encode_ocsp_resp_multiple_responses() {
                 DateTime::new(2020, 1, 1, 0, 0, 0).unwrap(),
             )),
         )
-        .sign(
+        .sign::<_, pkcs1v15::Signature>(
             &mut signer,
             Some(vec![ISSUER.clone()]),
             OcspGeneralizedTime::from(DateTime::new(2020, 1, 1, 0, 0, 0).unwrap()),
@@ -426,7 +430,7 @@ fn encode_ocsp_resp_revoked_delegated() {
                 DateTime::new(2024, 11, 4, 1, 9, 46).unwrap(),
             )),
         )
-        .sign(
+        .sign::<_, pkcs1v15::Signature>(
             &mut signer,
             Some(vec![OCSP.clone()]),
             OcspGeneralizedTime::from(DateTime::new(2023, 11, 5, 1, 9, 46).unwrap()),