paritytech · dvdplm · May 23, 2019 · May 13, 2019 · May 13, 2019 · May 13, 2019
diff --git a/parity-crypto/Cargo.toml b/parity-crypto/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "parity-crypto"
-version = "0.3.1"
+version = "0.4.0-beta.1"
 authors = ["Parity Technologies <admin@parity.io>"]
 repository = "https://github.com/paritytech/parity-common"
 description = "Crypto utils used by ethstore and network."
@@ -15,7 +15,7 @@ harness = false
 [dependencies]
 quick-error = "1.2.2"
 tiny-keccak = "1.4"
-scrypt = { version = "0.1.1", default-features = false }
+scrypt = { version = "0.2", default-features = false }
 ripemd160 = "0.8.0"
 sha2 = "0.8.0"
 digest = "0.8"
@@ -24,7 +24,8 @@ aes = "0.3.2"
 aes-ctr = "0.3.0"
 block-modes = "0.3.3"
 pbkdf2 = "0.3.0"
-constant_time_eq = "0.1.3"
+subtle = "2.1"
+#constant_time_eq = "0.1.3"
 
 [dev-dependencies]
 criterion = "0.2"
diff --git a/parity-crypto/README.md b/parity-crypto/README.md
@@ -3,3 +3,8 @@
 General cryptographic utilities for Ethereum.
 
 By default, this library is compiled with the `secp256k1` feature, which provides ECDH and ECIES capability on that curve. It can be compiled without to avoid a dependency on the `libsecp256k1` library.
+
+
+## Changelog
+
+The 0.4 release removes the dependency on `ring` and replaces it with prue-rust alternatives. As a consequence of this, AES GCM support has been removed. `subtle` replaces the `constant_time_eq` crate for constant time equality testing.
diff --git a/parity-crypto/src/lib.rs b/parity-crypto/src/lib.rs
@@ -28,7 +28,7 @@ extern crate aes as raes;
 extern crate aes_ctr;
 extern crate block_modes;
 extern crate pbkdf2 as rpbkdf2;
-extern crate constant_time_eq;
+extern crate subtle;
 
 pub mod aes;
 pub mod error;
@@ -40,6 +40,7 @@ pub mod pbkdf2;
 pub use error::Error;
 
 use tiny_keccak::Keccak;
+use subtle::ConstantTimeEq;
 
 pub const KEY_LENGTH: usize = 32;
 pub const KEY_ITERATIONS: usize = 10240;
@@ -78,5 +79,19 @@ pub fn derive_mac(derived_left_bits: &[u8], cipher_text: &[u8]) -> Vec<u8> {
 }
 
 pub fn is_equal(a: &[u8], b: &[u8]) -> bool {
-	constant_time_eq::constant_time_eq(a, b)
+	a.ct_eq(b).into()
+}
+
+#[cfg(test)]
+mod test {
+	use super::*;
+
+	#[test]
+	fn can_test_for_equality() {
+		let a = b"abc";
+		let b = b"abc";
+		let c = b"efg";
+		assert!(is_equal(a, b));
+		assert!(!is_equal(a, c));
+	}
 }
diff --git a/parity-crypto/src/pbkdf2/test.rs b/parity-crypto/src/pbkdf2/test.rs
@@ -15,7 +15,6 @@
 // along with Parity.  If not, see <http://www.gnu.org/licenses/>.
 
 use super::*;
-use std::num::NonZeroU32;
 
 #[test]
 fn basic_test() {