libp2p / rust-libp2p

Crate	Required	Latest	Status
either	`^1.11`	`1.13.0`	up to date
fnv	`^1.0`	`1.0.7`	up to date
futures-timer	`^3`	`3.0.3`	up to date
once_cell	`^1.19.0`	`1.20.2`	up to date
parking_lot	`^0.12.3`	`0.12.3`	up to date
pin-project	`^1.1.5`	`1.1.7`	up to date
quick-protobuf	`^0.8`	`0.8.1`	up to date
rand	`^0.8`	`0.8.5`	up to date
serde	`^1`	`1.0.215`	up to date
smallvec	`^1.13.2`	`1.13.2`	up to date
thiserror	`^1.0`	`2.0.3`	out of date

Crate	Required	Latest	Status
async-std	`^1.6.2`	`1.13.0`	up to date

Crate	Required	Latest	Status
clap	`^4.5.6`	`4.5.21`	up to date

Crate	Required	Latest	Status
clap	`^4.4.18`	`4.5.21`	up to date
tokio	`^1.35.1`	`1.41.1`	up to date
tracing	`^0.1.40`	`0.1.40`	up to date
tracing-subscriber	`^0.3.18`	`0.3.18`	up to date
rand	`^0.8.5`	`0.8.5`	up to date
opentelemetry	`^0.21.0`	`0.27.0`	out of date
opentelemetry_sdk	`^0.21.1`	`0.27.0`	out of date
tracing-opentelemetry	`^0.22.0`	`0.28.0`	out of date
opentelemetry-jaeger	`^0.20.0`	`0.22.0`	out of date
cfg-if	`^1.0.0`	`1.0.0`	up to date

Crate	Required	Latest	Status
anyhow	`^1.0.86`	`1.0.93`	up to date
rand	`^0.8`	`0.8.5`	up to date

Crate	Required	Latest	Status
async-trait	`^0.1`	`0.1.83`	up to date

Crate	Required	Latest	Status
clap	`^4.5.6`	`4.5.21`	up to date
futures-timer	`^3.0`	`3.0.3`	up to date
log	`^0.4`	`0.4.22`	up to date

Crate	Required	Latest	Status
async-trait	`^0.1`	`0.1.83`	up to date

Crate	Required	Latest	Status
serde	`^1.0`	`1.0.215`	up to date
clap	`^4.5.6`	`4.5.21`	up to date

Crate	Required	Latest	Status
tokio	`^1.37.0`	`1.41.1`	up to date

Crate	Required	Latest	Status
async-trait	`^0.1`	`0.1.83`	up to date
clap	`^4.5.6`	`4.5.21`	up to date
env_logger	`^0.10`	`0.11.5`	out of date
anyhow	`^1.0.86`	`1.0.93`	up to date

Crate	Required	Latest	Status
async-trait	`^0.1`	`0.1.83`	up to date
either	`^1.12`	`1.13.0`	up to date

Crate	Required	Latest	Status
axum	`^0.7`	`0.7.9`	up to date
opentelemetry	`^0.25.0`	`0.27.0`	out of date
opentelemetry-otlp	`^0.25.0`	`0.27.0`	out of date
opentelemetry_sdk	`^0.25.0`	`0.27.0`	out of date
tracing-opentelemetry	`^0.26.0`	`0.28.0`	out of date

Crate	Required	Latest	Status
clap	`^4.5.6`	`4.5.21`	up to date
tokio	`^1.37.0`	`1.41.1`	up to date

Crate	Required	Latest	Status
anyhow	`^1`	`1.0.93`	up to date
rand	`^0.8`	`0.8.5`	up to date

Crate	Required	Latest	Status
anyhow	`^1`	`1.0.93`	up to date
env_logger	`^0.10.2`	`0.11.5`	out of date
redis	`^0.24.0`	`0.27.5`	out of date
serde	`^1.0.203`	`1.0.215`	up to date
serde_json	`^1.0.117`	`1.0.132`	up to date
either	`^1.12.0`	`1.13.0`	up to date

Crate	Required	Latest	Status
asn1_der	`^0.7.6`	`0.7.6`	up to date
bs58	`^0.5.1`	`0.5.1`	up to date
ed25519-dalek	`^2.1`	`2.1.1`	up to date
hkdf	`^0.12.4`	`0.12.4`	up to date
libsecp256k1	`^0.7.0`	`0.7.1`	up to date
multihash	`^0.19.1`	`0.19.2`	up to date
p256	`^0.13`	`0.13.2`	up to date
quick-protobuf	`^0.8.1`	`0.8.1`	up to date
rand	`^0.8`	`0.8.5`	up to date
sec1	`^0.7`	`0.7.3`	up to date
serde	`^1`	`1.0.215`	up to date
sha2	`^0.10.8`	`0.10.8`	up to date
thiserror	`^1.0`	`2.0.3`	out of date
zeroize	`^1.8`	`1.8.1`	up to date

Crate	Required	Latest	Status
base64	`^0.22.1`	`0.22.1`	up to date
serde_json	`^1.0`	`1.0.132`	up to date
rmp-serde	`^1.3`	`1.3.0`	up to date
criterion	`^0.5`	`0.5.1`	up to date
hex-literal	`^0.4.1`	`0.4.1`	up to date

Crate	Required	Latest	Status
anyhow	`^1`	`1.0.93`	up to date
either	`^1.11.0`	`1.13.0`	up to date
rand	`^0.8.5`	`0.8.5`	up to date
serde	`^1`	`1.0.215`	up to date

Crate	Required	Latest	Status
async-std	`^1.12.0`	`1.13.0`	up to date

Crate	Required	Latest	Status
async-std	`^1.12.0`	`1.13.0`	up to date
rand	`^0.8.5`	`0.8.5`	up to date

Crate	Required	Latest	Status
clap	`^4.5.6`	`4.5.21`	up to date
zeroize	`^1`	`1.8.1`	up to date
serde	`^1.0.203`	`1.0.215`	up to date
serde_json	`^1.0.117`	`1.0.132`	up to date
base64	`^0.22.1`	`0.22.1`	up to date

Crate	Required	Latest	Status
memory-stats	`^1`	`1.2.0`	up to date
sysinfo	`^0.30`	`0.32.0`	out of date

Crate	Required	Latest	Status
async-std	`^1.12.0`	`1.13.0`	up to date
rand	`^0.8.5`	`0.8.5`	up to date

Crate	Required	Latest	Status
pin-project	`^1.1.5`	`1.1.7`	up to date

Crate	Required	Latest	Status
bytes	`^1`	`1.8.0`	up to date
pin-project	`^1.1.5`	`1.1.7`	up to date
smallvec	`^1.13.2`	`1.13.2`	up to date

Crate	Required	Latest	Status
async-std	`^1.6.2`	`1.13.0`	up to date
futures_ringbuf	`^0.4.0`	`0.4.0`	up to date
rand	`^0.8`	`0.8.5`	up to date

Crate	Required	Latest	Status
bytes	`^1`	`1.8.0`	up to date
thiserror	`^1.0`	`2.0.3`	out of date
quick-protobuf	`^0.8`	`0.8.1`	up to date

Crate	Required	Latest	Status
criterion	`^0.5.1`	`0.5.1`	up to date

Crate	Required	Latest	Status
quickcheck	`^1`	`1.0.3`	up to date
num-traits	`^0.2`	`0.2.19`	up to date

Crate	Required	Latest	Status
pin-project	`^1.1.5`	`1.1.7`	up to date
static_assertions	`^1`	`1.1.0`	up to date

Crate	Required	Latest	Status
async-std	`^1.0`	`1.13.0`	up to date

Crate	Required	Latest	Status
base64	`^0.22`	`0.22.1`	up to date
clap	`^4.5.6`	`4.5.21`	up to date
futures-timer	`^3`	`3.0.3`	up to date
axum	`^0.7`	`0.7.9`	up to date
serde	`^1.0.203`	`1.0.215`	up to date
serde_derive	`^1.0.125`	`1.0.215`	up to date
serde_json	`^1.0`	`1.0.132`	up to date
zeroize	`^1`	`1.8.1`	up to date

Crate	Required	Latest	Status
bytes	`^1`	`1.8.0`	up to date
hex	`^0.4`	`0.4.3`	up to date
quick-protobuf	`^0.8`	`0.8.1`	up to date
rand	`^0.8`	`0.8.5`	up to date
serde	`^1.0`	`1.0.215`	up to date
sha2	`^0.10.8`	`0.10.8`	up to date
thiserror	`^1`	`2.0.3`	out of date
tinytemplate	`^1.2`	`1.2.1`	up to date

Crate	Required	Latest	Status
hex-literal	`^0.4`	`0.4.1`	up to date

Crate	Required	Latest	Status
bytes	`^1`	`1.8.0`	up to date
nohash-hasher	`^0.2`	`0.2.0`	up to date
parking_lot	`^0.12`	`0.12.3`	up to date
rand	`^0.8`	`0.8.5`	up to date
smallvec	`^1.13.2`	`1.13.2`	up to date

Crate	Required	Latest	Status
async-std	`^1.7.0`	`1.13.0`	up to date
criterion	`^0.5`	`0.5.1`	up to date

Crate	Required	Latest	Status
futures-timer	`^3.0.3`	`3.0.3`	up to date
futures_ringbuf	`^0.4.0`	`0.4.0`	up to date

Crate	Required	Latest	Status
either	`^1`	`1.13.0`	up to date
thiserror	`^1.0`	`2.0.3`	out of date
yamux	`^0.13.3`	`0.13.3`	up to date

Crate	Required	Latest	Status
async-std	`^1.7.0`	`1.13.0`	up to date

Crate	Required	Latest	Status
async-trait	`^0.1`	`0.1.83`	up to date
bytes	`^1`	`1.8.0`	up to date
either	`^1.9.0`	`1.13.0`	up to date
futures-timer	`^3.0`	`3.0.3`	up to date
quick-protobuf	`^0.8`	`0.8.1`	up to date
rand	`^0.8`	`0.8.5`	up to date
rand_core	`^0.6`	`0.6.4`	up to date
thiserror	`^1.0.52`	`2.0.3`	out of date

Crate	Required	Latest	Status
tokio ⚠️	`^1`	`1.41.1`	maybe insecure
async-std	`^1.10`	`1.13.0`	up to date
tracing-subscriber	`^0.3`	`0.3.18`	up to date

Crate	Required	Latest	Status
either	`^1.11.0`	`1.13.0`	up to date
futures-timer	`^3.0`	`3.0.3`	up to date
quick-protobuf	`^0.8`	`0.8.1`	up to date
thiserror	`^1.0`	`2.0.3`	out of date
lru	`^0.12.3`	`0.12.5`	up to date

Crate	Required	Latest	Status
async-std	`^1.12.0`	`1.13.0`	up to date
clap	`^4.5.6`	`4.5.21`	up to date
rand	`^0.8`	`0.8.5`	up to date

Crate	Required	Latest	Status
cuckoofilter	`^0.5.0`	`0.5.0`	up to date
fnv	`^1.0`	`1.0.7`	up to date
bytes	`^1.6`	`1.8.0`	up to date
quick-protobuf	`^0.8`	`0.8.1`	up to date
rand	`^0.8`	`0.8.5`	up to date
smallvec	`^1.13.2`	`1.13.2`	up to date
thiserror	`^1.0.61`	`2.0.3`	out of date

Crate	Required	Latest	Status
base64	`^0.22.1`	`0.22.1`	up to date
byteorder	`^1.5.0`	`1.5.0`	up to date
bytes	`^1.6`	`1.8.0`	up to date
either	`^1.11`	`1.13.0`	up to date
fnv	`^1.0.7`	`1.0.7`	up to date
futures-ticker	`^0.0.3`	`0.0.3`	up to date
getrandom	`^0.2.15`	`0.2.15`	up to date
hex_fmt	`^0.3.0`	`0.3.0`	up to date
quick-protobuf	`^0.8`	`0.8.1`	up to date
rand	`^0.8`	`0.8.5`	up to date
regex	`^1.10.5`	`1.11.1`	up to date
serde	`^1`	`1.0.215`	up to date
sha2	`^0.10.8`	`0.10.8`	up to date
smallvec	`^1.13.2`	`1.13.2`	up to date

Crate	Required	Latest	Status
async-std	`^1.6.3`	`1.13.0`	up to date
hex	`^0.4.2`	`0.4.3`	up to date

Crate	Required	Latest	Status
futures-timer	`^3.0.3`	`3.0.3`	up to date
lru	`^0.12.3`	`0.12.5`	up to date
quick-protobuf	`^0.8`	`0.8.1`	up to date
smallvec	`^1.13.2`	`1.13.2`	up to date
thiserror	`^1.0`	`2.0.3`	out of date
either	`^1.12.0`	`1.13.0`	up to date

Crate	Required	Latest	Status
async-std	`^1.6.2`	`1.13.0`	up to date

Crate	Required	Latest	Status
arrayvec	`^0.7.4`	`0.7.6`	up to date
bytes	`^1`	`1.8.0`	up to date
either	`^1.11`	`1.13.0`	up to date
fnv	`^1.0`	`1.0.7`	up to date
quick-protobuf	`^0.8`	`0.8.1`	up to date
rand	`^0.8`	`0.8.5`	up to date
sha2	`^0.10.8`	`0.10.8`	up to date
smallvec	`^1.13.2`	`1.13.2`	up to date
uint	`^0.9`	`0.10.0`	out of date
futures-timer	`^3.0.3`	`3.0.3`	up to date
serde	`^1.0`	`1.0.215`	up to date
thiserror	`^1`	`2.0.3`	out of date

Timing variability of any kind is problematic when working with potentially secret values such as elliptic curve scalars, and such issues can potentially leak private keys and other secrets. Such a problem was recently discovered in curve25519-dalek.

The Scalar29::sub (32-bit) and Scalar52::sub (64-bit) functions contained usage of a mask value inside a loop where LLVM saw an opportunity to insert a branch instruction (jns on x86) to conditionally bypass this code section when the mask value is set to zero as can be seen in godbolt:

32-bit (see L106): https://godbolt.org/z/zvaWxzvqv
64-bit (see L48): https://godbolt.org/z/PczYj7Pda

A similar problem was recently discovered in the Kyber reference implementation:

https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/hqbtIGFKIpU/m/cnE3pbueBgAJ

As discussed on that thread, one portable solution, which is also used in this PR, is to introduce a volatile read as an optimization barrier, which prevents the compiler from optimizing it away.

The fix can be validated in godbolt here:

32-bit: https://godbolt.org/z/jc9j7eb8E
64-bit: https://godbolt.org/z/x8d46Yfah

The problem was discovered and the solution independently verified by Alexander Wagner [email protected] and Lea Themint [email protected] using their DATA tool:

https://github.com/Fraunhofer-AISEC/DATA

Crate	Required	Latest	Status
heck	`^0.5`	`0.5.0`	up to date
quote	`^1.0`	`1.0.37`	up to date
syn	`^2.0.66`	`2.0.87`	up to date
proc-macro2	`^1.0`	`1.0.89`	up to date

Crate	Required	Latest	Status
async-trait	`^0.1.80`	`0.1.83`	up to date
rand	`^0.8.5`	`0.8.5`	up to date
futures-timer	`^3.0.3`	`3.0.3`	up to date

Crate	Required	Latest	Status
async-std-resolver	`^0.24`	`0.24.1`	up to date
async-trait	`^0.1.80`	`0.1.83`	up to date
parking_lot	`^0.12.3`	`0.12.3`	up to date
hickory-resolver	`^0.24.1`	`0.24.1`	up to date
smallvec	`^1.13.2`	`1.13.2`	up to date

Crate	Required	Latest	Status
salsa20	`^0.10`	`0.10.2`	up to date
sha3	`^0.10`	`0.10.8`	up to date
rand	`^0.8`	`0.8.5`	up to date
pin-project	`^1.1.5`	`1.1.7`	up to date

Crate	Required	Latest	Status
async-io	`^2.3.3`	`2.4.0`	up to date
futures-timer	`^3.0`	`3.0.3`	up to date
if-watch	`^3.2.0`	`3.2.0`	up to date
libc	`^0.2.155`	`0.2.164`	up to date
socket2	`^0.5.7`	`0.5.7`	up to date

Crate	Required	Latest	Status
hex	`^0.4.3`	`0.4.3`	up to date
hex-literal	`^0.4.1`	`0.4.1`	up to date

Crate	Required	Latest	Status
bytes	`^1.6.0`	`1.8.0`	up to date
js-sys	`^0.3.69`	`0.3.72`	up to date
parking_lot	`^0.12.3`	`0.12.3`	up to date
send_wrapper	`^0.6.0`	`0.6.0`	up to date
thiserror	`^1.0.61`	`2.0.3`	out of date
wasm-bindgen	`^0.2.90`	`0.2.95`	up to date
web-sys	`^0.3.69`	`0.3.72`	up to date

Crate	Required	Latest	Status
js-sys	`^0.3.70`	`0.3.72`	up to date
once_cell	`^1.19.0`	`1.20.2`	up to date
send_wrapper	`^0.6.0`	`0.6.0`	up to date
thiserror	`^1.0.61`	`2.0.3`	out of date
wasm-bindgen	`^0.2.93`	`0.2.95`	up to date
wasm-bindgen-futures	`^0.4.43`	`0.4.45`	up to date
web-sys	`^0.3.70`	`0.3.72`	up to date

libp2p / rust-libp2p

Crate libp2p-core

Dependencies

Dev dependencies

Crate autonat-example

Dependencies

Crate autonatv2

Dependencies

Crate browser-webrtc-example

Dependencies

Crate chat-example

Dependencies

Crate dcutr-example

Dependencies

Crate distributed-key-value-store-example

Dependencies

Crate file-sharing-example

Dependencies

Crate identify-example

Dependencies

Crate ipfs-kad-example

Dependencies

Crate ipfs-private-example

Dependencies

Crate metrics-example

Dependencies

Crate ping-example

Crate relay-server-example

Dependencies

Crate rendezvous-example

Crate stream-example

Dependencies

Crate upnp-example

Crate hole-punching-tests

Dependencies

Crate libp2p-identity

Dependencies

Dev dependencies

Crate interop-tests

Dependencies

Crate libp2p-allow-block-list

Dev dependencies

Crate libp2p-connection-limits

Dev dependencies

Crate keygen

Dependencies

Crate libp2p-memory-connection-limits

Dependencies

Dev dependencies

Crate libp2p-metrics

Dependencies

Crate multistream-select

Dependencies

Dev dependencies

Crate quick-protobuf-codec

Dependencies

Dev dependencies

Crate quickcheck-ext

Dependencies

Crate rw-stream-sink

Dependencies

Dev dependencies

Crate libp2p-server

Dependencies

Crate libp2p-webrtc-utils

Dependencies

Dev dependencies

Crate libp2p-mplex

Dependencies

Dev dependencies

Crate libp2p-muxer-test-harness

Dependencies

Crate libp2p-yamux

Dependencies

Dev dependencies

Crate libp2p-autonat

Dependencies

Dev dependencies

Crate libp2p-dcutr

Dependencies

Crate `libp2p-core`

Crate `autonat-example`

Crate `autonatv2`

Crate `browser-webrtc-example`

Crate `chat-example`

Crate `dcutr-example`

Crate `distributed-key-value-store-example`

Crate `file-sharing-example`

Crate `identify-example`

Crate `ipfs-kad-example`

Crate `ipfs-private-example`

Crate `metrics-example`

Crate `ping-example`

Crate `relay-server-example`

Crate `rendezvous-example`

Crate `stream-example`

Crate `upnp-example`

Crate `hole-punching-tests`

Crate `libp2p-identity`

Crate `interop-tests`

Crate `libp2p-allow-block-list`

Crate `libp2p-connection-limits`

Crate `keygen`

Crate `libp2p-memory-connection-limits`

Crate `libp2p-metrics`

Crate `multistream-select`

Crate `quick-protobuf-codec`

Crate `quickcheck-ext`

Crate `rw-stream-sink`

Crate `libp2p-server`

Crate `libp2p-webrtc-utils`

Crate `libp2p-mplex`

Crate `libp2p-muxer-test-harness`

Crate `libp2p-yamux`

Crate `libp2p-autonat`

Crate `libp2p-dcutr`

Crate `libp2p-floodsub`

Crate `libp2p-gossipsub`

Crate `libp2p-identify`

Crate `libp2p-kad`

Crate `libp2p-mdns`

Crate `libp2p-perf`

Crate `libp2p-ping`

Crate `libp2p-relay`

Crate `libp2p-rendezvous`

Crate `libp2p-request-response`

Crate `libp2p-stream`

Crate `libp2p-upnp`

Crate `libp2p-swarm-derive`

Crate `libp2p-swarm-test`

Crate `libp2p-swarm`

Crate `libp2p-dns`

Crate `libp2p-noise`

Crate `libp2p-plaintext`

Crate `libp2p-pnet`

Crate `libp2p-quic`

Crate `libp2p-tcp`

Crate `libp2p-tls`

Crate `libp2p-uds`

Crate `libp2p-webrtc-websys`

Crate `libp2p-webrtc`

Crate `libp2p-websocket-websys`