Replacement of Sodiumoxide

Open AbhijithGanesh opened this issue 3 years ago • 2 comments

Signed-off-by: Abhijith Ganesh [email protected]

Description

Replaces Sodiumoxide Crate with ed25519_dalek crate due to the security issue: RUSTSEC-2021-0137

Links to any relevant issues

Linked Issue: #2811

Open Questions

Change checklist

[x] I have performed a self-review of my own code
[ ] I have made corresponding changes to the documentation
[x] I have added tests that prove my fix is effective or that my feature works
[ ] A changelog entry has been made in the appropriate crates

Aug 11 '22 17:08 AbhijithGanesh

I've triggered the build and it is failing. Did this work for you locally?

Aug 11 '22 22:08 thomaseizinger

My local test showed pass, I do second doubt the very nature of the function due to the way it's implemented. I ve not made it a draft because I felt the tests were essential, I am trying to work this out

Aug 12 '22 00:08 AbhijithGanesh

@thomaseizinger I am aware there are security and compliance related issues with this PR but I don't intend to leave this hanging. Owning_Ref is another crate which was patched recently by Max Inden. This is failing the CI. As I update my branch, it should go away

Aug 12 '22 14:08 AbhijithGanesh

We are likely going to move forward with https://github.com/libp2p/rust-libp2p/pull/2817 for this issue because it uses a different library to do the testing than what we use for the production code which is a good idea for cryptography stuff.

Going to close this in favor of https://github.com/libp2p/rust-libp2p/pull/2817. Thank you for the contribution effort though! :)

Aug 19 '22 11:08 thomaseizinger