Closed michaelsproul closed 3 weeks ago
Thanks for the detailed writeup!
Yep it seems that aes-gcm 0.9.4 introduced a breaking change and it was added as a patch :(
For aes-gcm 0.10.3, it seems that they've fixed it, so your other issue of updating aes-gcm should fix the overall issue. If that issue takes too long to close and is blocking, I'll be happy to apply a patch to 0.3.4 of rust-eth-kzg to make it compatible with subtle 2.4.1.
I've opened up a PR here: https://github.com/crate-crypto/rust-eth-kzg/pull/237 to codify the subtle versions we depend on!
rust_eth_kzg
depends onsubtle >= v2.5.0
due to its use ofexpect
here:https://github.com/crate-crypto/rust-eth-kzg/blob/7157789f08f636f18f9d02226344fb6c08bb4628/cryptography/bls12_381/src/batch_inversion.rs#L45-L48
expect
was only added toCtOption
insubtle v2.5.0
and does not exist inv2.4.1
as evidenced by:This causes strange compilation failures if some package has constrained or locked the version of
subtle
at a prior version, as is the case with theaes-gcm v0.9.4
package:Oddly,
aes-gcm v0.9.2
did not place this upper bound onsubtle
, so this is a pretty dodgy change on the part ofaes-gcm
to introduce in a patch version! That version is 3yo at this point, so projects (like Lighthouse) should probably move off it. However, it would still help clarify things ifrust_eth_kzg
declared its minimum dependency assubtle v2.5
.At the moment the compilation error in Lighthouse after updating
aes-gcm
to 0.9.4 is very counterintuitive:With a minimum
subtle
version specified I think the compilation error would be something clearer like: