From f02e277c054b3d4f1a4a17dc3b65b09964ad6978 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 26 Apr 2026 05:13:37 +0000 Subject: [PATCH 1/2] fix(deps): update rust crate aes to 0.9 --- Cargo.lock | 94 +++++++++++++++++++++++++++-------- crates/shadowsocks/Cargo.toml | 2 +- 2 files changed, 75 insertions(+), 21 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 2e330c89b989..7d8d33e1d7cf 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -14,7 +14,7 @@ version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d122413f284cf2d62fb1b7db97e02edb8cda96d769b16e443a4f6195e35662b0" dependencies = [ - "crypto-common", + "crypto-common 0.1.7", "generic-array", ] @@ -25,10 +25,21 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b169f7a6d4742236a0a00c541b845991d0ac43e546831af1249753ab4c3aa3a0" dependencies = [ "cfg-if", - "cipher", + "cipher 0.4.4", "cpufeatures 0.2.17", ] +[[package]] +name = "aes" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "66bd29a732b644c0431c6140f370d097879203d79b80c94a6747ba0872adaef8" +dependencies = [ + "cipher 0.5.1", + "cpubits", + "cpufeatures 0.3.0", +] + [[package]] name = "aes-gcm" version = "0.10.3" @@ -36,8 +47,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "831010a0f742e1209b3bcea8fab6a8e149051ba6099432c8cb2cc117dec3ead1" dependencies = [ "aead", - "aes", - "cipher", + "aes 0.8.4", + "cipher 0.4.4", "ctr", "ghash", "subtle", @@ -50,8 +61,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ae0784134ba9375416d469ec31e7c5f9fa94405049cf08c5ce5b4698be673e0d" dependencies = [ "aead", - "aes", - "cipher", + "aes 0.8.4", + "cipher 0.4.4", "ctr", "polyval", "subtle", @@ -461,7 +472,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3264e2574e9ef2b53ce6f536dea83a69ac0bc600b762d1523ff83fe07230ce30" dependencies = [ "byteorder", - "cipher", + "cipher 0.4.4", ] [[package]] @@ -483,7 +494,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9ae3c82e4355234767756212c570e29833699ab63e6ffd161887314cc5b43847" dependencies = [ "aead", - "cipher", + "cipher 0.4.4", "ctr", "subtle", ] @@ -522,7 +533,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c3613f74bd2eac03dad61bd53dbe620703d4371614fe0bc3b9f04dd36fe4e818" dependencies = [ "cfg-if", - "cipher", + "cipher 0.4.4", "cpufeatures 0.2.17", ] @@ -545,7 +556,7 @@ checksum = "10cd79432192d1c0f4e1a0fef9527696cc039165d729fb41b3f4f4f354c2dc35" dependencies = [ "aead", "chacha20 0.9.1", - "cipher", + "cipher 0.4.4", "poly1305", "zeroize", ] @@ -567,11 +578,21 @@ version = "0.4.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad" dependencies = [ - "crypto-common", - "inout", + "crypto-common 0.1.7", + "inout 0.1.4", "zeroize", ] +[[package]] +name = "cipher" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e34d8227fe1ba289043aeb13792056ff80fd6de1a9f49137a5f499de8e8c78ea" +dependencies = [ + "crypto-common 0.2.1", + "inout 0.2.2", +] + [[package]] name = "clang-sys" version = "1.8.1" @@ -683,6 +704,12 @@ version = "0.8.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b" +[[package]] +name = "cpubits" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5ef0c543070d296ea414df2dd7625d1b24866ce206709d8a4a424f28377f5861" + [[package]] name = "cpufeatures" version = "0.2.17" @@ -751,13 +778,22 @@ dependencies = [ "typenum", ] +[[package]] +name = "crypto-common" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77727bb15fa921304124b128af125e7e3b968275d1b108b379190264f4423710" +dependencies = [ + "hybrid-array", +] + [[package]] name = "ctr" version = "0.9.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0369ee1ad671834580515889b80f2ea915f23b8be8d0daa4bbaf2ac5c7590835" dependencies = [ - "cipher", + "cipher 0.4.4", ] [[package]] @@ -861,7 +897,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" dependencies = [ "block-buffer", - "crypto-common", + "crypto-common 0.1.7", "subtle", ] @@ -1497,6 +1533,15 @@ version = "2.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "135b12329e5e3ce057a9f972339ea52bc954fe1e9358ef27f95e89716fbc5424" +[[package]] +name = "hybrid-array" +version = "0.4.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "08d46837a0ed51fe95bd3b05de33cd64a1ee88fc797477ca48446872504507c5" +dependencies = [ + "typenum", +] + [[package]] name = "hyper" version = "1.9.0" @@ -1734,6 +1779,15 @@ dependencies = [ "generic-array", ] +[[package]] +name = "inout" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4250ce6452e92010fdf7268ccc5d14faa80bb12fc741938534c58f16804e03c7" +dependencies = [ + "hybrid-array", +] + [[package]] name = "ipconfig" version = "0.3.2" @@ -3178,7 +3232,7 @@ dependencies = [ name = "shadowsocks" version = "1.25.0" dependencies = [ - "aes", + "aes 0.9.0", "arc-swap", "base64", "blake3", @@ -3220,7 +3274,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3d038a3d17586f1c1ab3c1c3b9e4d5ef8fba98fb3890ad740c8487038b2e2ca5" dependencies = [ "aead", - "aes", + "aes 0.8.4", "aes-gcm", "aes-gcm-siv", "blake3", @@ -3397,7 +3451,7 @@ version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2d7abf5135ffd68fb4b438e1fb246923b80d25eda386d8b798bb4ad3ed00f75f" dependencies = [ - "cipher", + "cipher 0.4.4", ] [[package]] @@ -3986,9 +4040,9 @@ dependencies = [ [[package]] name = "typenum" -version = "1.19.0" +version = "1.20.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "562d481066bde0658276a35467c4af00bdc6ee726305698a55b86e61d7ad82bb" +checksum = "40ce102ab67701b8526c123c1bab5cbe42d7040ccfd0f64af1a385808d2f43de" [[package]] name = "ucd-trie" @@ -4020,7 +4074,7 @@ version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fc1de2c688dc15305988b563c3854064043356019f97a4b46276fe734c4f07ea" dependencies = [ - "crypto-common", + "crypto-common 0.1.7", "subtle", ] diff --git a/crates/shadowsocks/Cargo.toml b/crates/shadowsocks/Cargo.toml index ca6928e25415..670cc7c482a4 100644 --- a/crates/shadowsocks/Cargo.toml +++ b/crates/shadowsocks/Cargo.toml @@ -90,7 +90,7 @@ hickory-resolver = { version = "0.25", optional = true } arc-swap = { version = "1.7", optional = true } notify = { version = "8.0", optional = true } -aes = { version = "0.8", optional = true } +aes = { version = "0.9", optional = true } blake3 = "1.5" shadowsocks-crypto = { version = "0.6.0", default-features = false } From 2609729cb0d89e873324913697e246dfc43491b6 Mon Sep 17 00:00:00 2001 From: zonyitoo Date: Mon, 27 Apr 2026 00:51:42 +0800 Subject: [PATCH 2/2] feat: compat cipher 0.5 --- .../src/relay/tcprelay/aead_2022.rs | 12 ++++++-- .../src/relay/udprelay/aead_2022.rs | 30 +++++++++++++------ 2 files changed, 30 insertions(+), 12 deletions(-) diff --git a/crates/shadowsocks/src/relay/tcprelay/aead_2022.rs b/crates/shadowsocks/src/relay/tcprelay/aead_2022.rs index 37371689a040..5aa9e732f1b7 100644 --- a/crates/shadowsocks/src/relay/tcprelay/aead_2022.rs +++ b/crates/shadowsocks/src/relay/tcprelay/aead_2022.rs @@ -55,7 +55,7 @@ use std::{ use aes::{ Aes128, Aes256, Block, - cipher::{BlockDecrypt, BlockEncrypt, KeyInit}, + cipher::{BlockCipherDecrypt, BlockCipherEncrypt, KeyInit}, }; use byte_string::ByteStr; use bytes::{Buf, BufMut, Bytes, BytesMut}; @@ -315,11 +315,17 @@ impl DecryptedReader { match self.method { CipherKind::AEAD2022_BLAKE3_AES_128_GCM => { let cipher = Aes128::new_from_slice(&identity_sub_key[0..16]).expect("AES-128"); - cipher.decrypt_block_b2b(Block::from_slice(eih), &mut user_hash); + cipher.decrypt_block_b2b( + <&Block as TryFrom<&[u8]>>::try_from(eih).expect("EIH key length mismatch"), + &mut user_hash, + ); } CipherKind::AEAD2022_BLAKE3_AES_256_GCM => { let cipher = Aes256::new_from_slice(&identity_sub_key[0..32]).expect("AES-256"); - cipher.decrypt_block_b2b(Block::from_slice(eih), &mut user_hash); + cipher.decrypt_block_b2b( + <&Block as TryFrom<&[u8]>>::try_from(eih).expect("EIH key length mismatch"), + &mut user_hash, + ); } _ => unreachable!("{} doesn't support EIH", self.method), } diff --git a/crates/shadowsocks/src/relay/udprelay/aead_2022.rs b/crates/shadowsocks/src/relay/udprelay/aead_2022.rs index 2514724edae6..d474087b076c 100644 --- a/crates/shadowsocks/src/relay/udprelay/aead_2022.rs +++ b/crates/shadowsocks/src/relay/udprelay/aead_2022.rs @@ -58,7 +58,7 @@ use std::{ use aes::{ Aes128, Aes256, Block, - cipher::{BlockDecrypt, BlockEncrypt, KeyInit}, + cipher::{BlockCipherDecrypt, BlockCipherEncrypt, KeyInit}, }; use byte_string::ByteStr; use bytes::{Buf, BufMut, Bytes, BytesMut}; @@ -225,12 +225,14 @@ fn encrypt_message( match method { CipherKind::AEAD2022_BLAKE3_AES_128_GCM => { let cipher = Aes128::new_from_slice(ipsk).expect("AES-128 init"); - let block = Block::from_mut_slice(packet_header); + let block = <&mut Block as TryFrom<&mut [u8]>>::try_from(packet_header) + .expect("Packet header length mismatch"); cipher.encrypt_block(block); } CipherKind::AEAD2022_BLAKE3_AES_256_GCM => { let cipher = Aes256::new_from_slice(ipsk).expect("AES-256 init"); - let block = Block::from_mut_slice(packet_header); + let block = <&mut Block as TryFrom<&mut [u8]>>::try_from(packet_header) + .expect("Packet header length mismatch"); cipher.encrypt_block(block); } _ => unreachable!("{} is not an AES-*-GCM cipher", method), @@ -305,12 +307,14 @@ fn decrypt_message( match method { CipherKind::AEAD2022_BLAKE3_AES_128_GCM => { let cipher = Aes128::new_from_slice(key).expect("AES-128 init"); - let block = Block::from_mut_slice(packet_header); + let block = <&mut Block as TryFrom<&mut [u8]>>::try_from(packet_header) + .expect("Packet header length mismatch"); cipher.decrypt_block(block); } CipherKind::AEAD2022_BLAKE3_AES_256_GCM => { let cipher = Aes256::new_from_slice(key).expect("AES-256 init"); - let block = Block::from_mut_slice(packet_header); + let block = <&mut Block as TryFrom<&mut [u8]>>::try_from(packet_header) + .expect("Packet header length mismatch"); cipher.decrypt_block(block); } _ => unreachable!("{} is not an AES-*-GCM cipher", method), @@ -343,11 +347,15 @@ fn decrypt_message( match method { CipherKind::AEAD2022_BLAKE3_AES_128_GCM => { let cipher = Aes128::new_from_slice(key).expect("AES-128 init"); - cipher.decrypt_block(Block::from_mut_slice(eih)); + cipher.decrypt_block( + <&mut Block as TryFrom<&mut [u8]>>::try_from(eih).expect("EIH key length mismatch"), + ); } CipherKind::AEAD2022_BLAKE3_AES_256_GCM => { let cipher = Aes256::new_from_slice(key).expect("AES-256 init"); - cipher.decrypt_block(Block::from_mut_slice(eih)) + cipher.decrypt_block( + <&mut Block as TryFrom<&mut [u8]>>::try_from(eih).expect("EIH key length mismatch"), + ) } _ => unreachable!("{} doesn't support EIH", method), } @@ -466,11 +474,15 @@ pub fn encrypt_client_payload_aead_2022( match method { CipherKind::AEAD2022_BLAKE3_AES_128_GCM => { let cipher = Aes128::new_from_slice(ipsk).expect("AES-128 init"); - cipher.encrypt_block(Block::from_mut_slice(identity_header)); + cipher.encrypt_block( + <&mut Block as TryFrom<&mut [u8]>>::try_from(identity_header).expect("EIH key length mismatch"), + ); } CipherKind::AEAD2022_BLAKE3_AES_256_GCM => { let cipher = Aes256::new_from_slice(ipsk).expect("AES-256 init"); - cipher.encrypt_block(Block::from_mut_slice(identity_header)); + cipher.encrypt_block( + <&mut Block as TryFrom<&mut [u8]>>::try_from(identity_header).expect("EIH key length mismatch"), + ); } _ => unreachable!("{} doesn't support EIH", method), }