This is an automated email from the ASF dual-hosted git repository.
xuanwo pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/opendal-reqsign.git
The following commit(s) were added to refs/heads/main by this push:
new 2e566d0 fix(google): use rsa rand_core rng for signing (#699)
2e566d0 is described below
commit 2e566d0c3ba38692afb2603d907fba8dd89f8bc1
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Wed Mar 18 17:03:53 2026 +0800
fix(google): use rsa rand_core rng for signing (#699)
Google service account signing only needs an RNG for RSA blinding during
private-key operations.
This change switches the signer to `rsa::rand_core::OsRng` and removes
the direct `rand` dependency from `reqsign-google` and the workspace. It
keeps the RNG source aligned with `rsa`'s `rand_core` version and avoids
binding this crate to `rand`'s higher-level API surface.
---------
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot]
<49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Xuanwo <[email protected]>
---
Cargo.toml | 1 -
services/google/Cargo.toml | 1 -
services/google/src/sign_request.rs | 3 ++-
3 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/Cargo.toml b/Cargo.toml
index 043bf88..b4ecc99 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -58,7 +58,6 @@ log = "0.4"
percent-encoding = "2"
pretty_assertions = "1.3"
quick-xml = { version = "0.39.2", features = ["serialize"] }
-rand = { version = "0.8.5" }
reqwest = { version = "0.13.1", default-features = false }
rsa = { version = "0.9.2", features = ["pkcs5", "sha2"] }
rust-ini = { version = "0.21" }
diff --git a/services/google/Cargo.toml b/services/google/Cargo.toml
index f41226d..81c5646 100644
--- a/services/google/Cargo.toml
+++ b/services/google/Cargo.toml
@@ -32,7 +32,6 @@ http = { workspace = true }
jsonwebtoken = { workspace = true }
log = { workspace = true }
percent-encoding = { workspace = true }
-rand = { workspace = true }
reqsign-core = { workspace = true }
rsa = { workspace = true }
serde = { workspace = true }
diff --git a/services/google/src/sign_request.rs
b/services/google/src/sign_request.rs
index 420036b..8f594cd 100644
--- a/services/google/src/sign_request.rs
+++ b/services/google/src/sign_request.rs
@@ -21,6 +21,7 @@ use log::debug;
use percent_encoding::{percent_decode_str, utf8_percent_encode};
use rsa::pkcs1v15::SigningKey;
use rsa::pkcs8::DecodePrivateKey;
+use rsa::rand_core::OsRng;
use rsa::signature::RandomizedSigner;
use serde::{Deserialize, Serialize};
use std::borrow::Cow;
@@ -242,7 +243,7 @@ impl RequestSigner {
}
fn sign_with_service_account(private_key_pem: &str, string_to_sign: &str)
-> Result<String> {
- let mut rng = rand::thread_rng();
+ let mut rng = OsRng;
let private_key =
rsa::RsaPrivateKey::from_pkcs8_pem(private_key_pem).map_err(|e| {
reqsign_core::Error::unexpected("failed to parse private
key").with_source(e)
})?;
