Enforce MSRV

.github/workflows/rust.yml

@@ -29,10 +29,12 @@ jobs:
     - uses: actions/checkout@v2
 
     - name: Install target
-      run: rustup target add wasm32-wasip1
+      run: |
+        rustup toolchain add 1.81.0
+        rustup target add --toolchain 1.81.0 wasm32-wasip1
 
     - name: Build (all features enabled)
-      run: cargo build --verbose --target wasm32-wasip1 -p russh
+      run: cargo +1.81.0 build --verbose --target wasm32-wasip1 -p russh
 
   Formatting:
     runs-on: ubuntu-24.04
@@ -90,4 +92,6 @@ jobs:
     - uses: taiki-e/install-action@cargo-minimal-versions
 
     - name: Check with minimal dependency versions
-      run: cargo minimal-versions check --all-features
+      run: |
+        rustup toolchain add 1.65.0
+        cargo +1.65.0 minimal-versions check --all-features --no-dev-deps

Cargo.toml

@@ -16,9 +16,11 @@ byteorder = "1.4"
 bytes = "1.7"
 digest = "0.10"
 delegate = "0.13"
+env_logger = "0.6"
 futures = "0.3"
+home = "=0.5.5" # 0.5.6 changes MSRV
 hmac = "0.12"
-log = "0.4"
+log = "0.4.11"
 rand = "0.8"
 rsa = "0.9"
 sha1 = { version = "0.10.5", features = ["oid"] }
@@ -34,5 +36,5 @@ ssh-key = { version = "0.6.3", features = [
     "encryption",
 ] }
 thiserror = "1.0.30"
-tokio = { version = "1.40.0" }
+tokio = { version = "1.17.0" }
 tokio-stream = { version = "0.1.3", features = ["net", "sync"] }

pageant/Cargo.toml

@@ -6,7 +6,7 @@ edition = "2018"
 license = "Apache-2.0"
 name = "pageant"
 repository = "https://github.com/warp-tech/russh"
-version = "0.0.1-beta.3"
+version = "0.0.1"
 rust-version = "1.65"
 
 [dependencies]

russh-config/Cargo.toml

@@ -11,9 +11,9 @@ version = "0.48.0"
 rust-version = "1.65"
 
 [dependencies]
-home = "0.5"
+home.workspace = true
 futures.workspace = true
-globset = "0.4.14"
+globset = "0.3"
 log.workspace = true
 thiserror.workspace = true
 tokio = { workspace = true, features = ["io-util", "net", "macros", "process"] }

russh-config/src/lib.rs

@@ -189,6 +189,7 @@ impl SshConfigStrExt for &str {
             && ((self.starts_with('\'') && self.ends_with('\''))
                 || (self.starts_with('\"') && self.ends_with('\"')))
         {
+            #[allow(clippy::indexing_slicing)] // length checked
             &self[1..self.len() - 1]
         } else {
             self

russh-keys/Cargo.toml

@@ -74,13 +74,12 @@ tokio = { workspace = true, features = [
   "net",
 ] }
 tokio-stream.workspace = true
-home = "0.5"
-
+home.workspace = true
 
 [target.'cfg(windows)'.dependencies]
-pageant = { version = "0.0.1-beta.3", path = "../pageant" }
+pageant = { version = "0.0.1", path = "../pageant" }
 
 [dev-dependencies]
-env_logger = "0.11"
+env_logger.workspace = true
 tempfile = "3.14.0"
 tokio = { workspace = true, features = ["test-util", "macros", "process"] }

russh-keys/src/agent/server.rs

@@ -267,8 +267,6 @@ impl<S: AsyncRead + AsyncWrite + Send + Unpin + 'static, A: Agent + Send + Sync
         writebuf: &mut CryptoVec,
     ) -> Result<bool, Error> {
         let (blob, key_pair) = {
-            use ssh_encoding::Decode;
-
             let private_key =
                 ssh_key::private::PrivateKey::new(ssh_key::private::KeypairData::decode(r)?, "")?;
             let _comment = String::decode(r)?;

russh-keys/src/key.rs

@@ -37,7 +37,6 @@ pub trait Verify {
 
 /// Parse a public key from a byte slice.
 pub fn parse_public_key(mut p: &[u8]) -> Result<PublicKey, Error> {
-    use ssh_encoding::Decode;
     Ok(ssh_key::public::KeyData::decode(&mut p)?.into())
 }
 

russh-util/Cargo.toml

@@ -11,7 +11,7 @@ repository = "https://github.com/warp-tech/russh"
 
 [dependencies]
 chrono = "0.4.38"
-tokio = { version = "1.17", features = ["sync", "macros"] }
+tokio = { workspace = true, features = ["sync", "macros"] }
 
 [dev-dependencies]
 futures-executor = "0.3.13"
@@ -22,4 +22,4 @@ wasm-bindgen = "0.2"
 wasm-bindgen-futures = "0.4.43"
 
 [target.'cfg(not(target_arch = "wasm32"))'.dependencies]
-tokio = { version = "1.17", features = ["io-util", "rt-multi-thread", "rt"] }
+tokio = { workspace = true, features = ["io-util", "rt-multi-thread", "rt"] }

russh/Cargo.toml

@@ -62,9 +62,9 @@ tokio = { workspace = true, features = ["io-util", "sync", "time"] }
 
 [dev-dependencies]
 anyhow = "1.0.4"
-env_logger = "0.11"
+env_logger.workspace = true
 clap = { version = "3.2.3", features = ["derive"] }
-tokio = { version = "1.17.0", features = [
+tokio = { workspace = true, features = [
     "io-std",
     "io-util",
     "rt-multi-thread",
@@ -79,6 +79,6 @@ tokio-fd = "0.3"
 termion = "2"
 ratatui = "0.29.0"
 
-[target.'cfg(not(target_arch = "wasm32"))'.dependencies]
+[target.'cfg(not(target_arch = "wasm32"))'.dev-dependencies]
 russh-sftp = "2.0.5"
 tokio.workspace = true

russh/src/channels/io/tx.rs

@@ -1,7 +1,7 @@
 use std::convert::TryFrom;
 use std::future::Future;
 use std::io;
-use std::num::NonZero;
+use std::num::NonZeroUsize;
 use std::ops::DerefMut;
 use std::pin::Pin;
 use std::sync::Arc;
@@ -77,7 +77,7 @@ where
         }
     }
 
-    fn poll_writable(&mut self, cx: &mut Context<'_>, buf_len: usize) -> Poll<NonZero<usize>> {
+    fn poll_writable(&mut self, cx: &mut Context<'_>, buf_len: usize) -> Poll<NonZeroUsize> {
         let window_size = self.window_size.clone();
         let window_size_fut = self
             .window_size_fut
@@ -87,7 +87,7 @@ where
 
         let writable = (self.max_packet_size).min(*window_size).min(buf_len as u32) as usize;
 
-        match NonZero::try_from(writable) {
+        match NonZeroUsize::try_from(writable) {
             Ok(w) => {
                 *window_size -= writable as u32;
                 if *window_size > 0 {
@@ -109,7 +109,7 @@ where
         &mut self,
         cx: &mut Context<'_>,
         buf: &[u8],
-    ) -> Poll<(ChannelMsg, NonZero<usize>)> {
+    ) -> Poll<(ChannelMsg, NonZeroUsize)> {
         let writable = ready!(self.poll_writable(cx, buf.len()));
 
         let mut data = CryptoVec::new_zeroed(writable.into());

russh/src/cipher/mod.rs

@@ -23,14 +23,14 @@ use std::num::Wrapping;
 
 use aes::{Aes128, Aes192, Aes256};
 use byteorder::{BigEndian, ByteOrder};
-use cbc::CbcWrapper;
 use ctr::Ctr128BE;
 use delegate::delegate;
 use log::debug;
 use once_cell::sync::Lazy;
 use ssh_encoding::Encode;
 use tokio::io::{AsyncRead, AsyncReadExt};
 
+use self::cbc::CbcWrapper;
 use crate::mac::MacAlgorithm;
 use crate::sshbuffer::SSHBuffer;
 use crate::Error;
@@ -243,10 +243,10 @@ pub(crate) trait SealingKey {
     }
 }
 
-pub(crate) async fn read<'a, R: AsyncRead + Unpin>(
-    stream: &'a mut R,
-    buffer: &'a mut SSHBuffer,
-    cipher: &'a mut (dyn OpeningKey + Send),
+pub(crate) async fn read<R: AsyncRead + Unpin>(
+    stream: &mut R,
+    buffer: &mut SSHBuffer,
+    cipher: &mut (dyn OpeningKey + Send),
 ) -> Result<usize, Error> {
     if buffer.len == 0 {
         let mut len = vec![0; cipher.packet_length_to_read_for_block_length()];
@@ -272,10 +272,12 @@ pub(crate) async fn read<'a, R: AsyncRead + Unpin>(
 
     buffer.buffer.resize(buffer.len + 4);
     debug!("read_exact {:?}", buffer.len + 4);
+
+    let l = cipher.packet_length_to_read_for_block_length();
+
     #[allow(clippy::indexing_slicing)] // length checked
-    stream
-        .read_exact(&mut buffer.buffer[cipher.packet_length_to_read_for_block_length()..])
-        .await?;
+    stream.read_exact(&mut buffer.buffer[l..]).await?;
+
     debug!("read_exact done");
     let seqn = buffer.seqn.0;
     let ciphertext_len = buffer.buffer.len() - cipher.tag_len();

russh/src/client/mod.rs

@@ -717,8 +717,6 @@ pub async fn connect<H: Handler + Send + 'static, A: tokio::net::ToSocketAddrs>(
     addrs: A,
     handler: H,
 ) -> Result<Handle<H>, H::Error> {
-    use russh_keys::map_err;
-
     let socket = map_err!(tokio::net::TcpStream::connect(addrs).await)?;
     connect_stream(config, socket, handler).await
 }

russh/src/server/encrypted.rs

@@ -448,7 +448,15 @@ impl Encrypted {
                 };
 
                 if is_real != 0 {
-                    let pos0 = r.as_ptr();
+                    // SAFETY: both original_packet and pos0 are coming
+                    // from the same allocation (pos0 is derived from
+                    // a slice of the original_packet)
+                    let sig_init_buffer = {
+                        let pos0 = r.as_ptr();
+                        let init_len = unsafe { pos0.offset_from(original_packet.as_ptr()) };
+                        #[allow(clippy::indexing_slicing)] // length checked
+                        &original_packet[0..init_len as usize]
+                    };
 
                     let sent_pk_ok = if let Some(CurrentRequest::PublicKey { sent_pk_ok, .. }) =
                         auth_request.current
@@ -464,15 +472,6 @@ impl Encrypted {
                         &mut encoded_signature.as_slice()
                     ))?;
 
-                    // SAFETY: both original_packet and pos0 are coming
-                    // from the same allocation (pos0 is derived from
-                    // a slice of the original_packet)
-                    let init = {
-                        let init_len = unsafe { pos0.offset_from(original_packet.as_ptr()) };
-                        #[allow(clippy::indexing_slicing)] // length checked
-                        &original_packet[0..init_len as usize]
-                    };
-
                     let is_valid = if sent_pk_ok && user == auth_user {
                         true
                     } else if auth_user.is_empty() {
@@ -491,7 +490,7 @@ impl Encrypted {
                             let mut buf = buf.borrow_mut();
                             buf.clear();
                             map_err!(session_id.encode(&mut *buf))?;
-                            buf.extend(init);
+                            buf.extend(sig_init_buffer);
 
                             Ok(sig_workaround::verify(&pubkey, &buf, &sig).is_ok())
                         })? {