diff --git a/Cargo.lock b/Cargo.lock index 3a047f49ad3..41f6bbb74b1 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -21,7 +21,7 @@ version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4cf01b9b56e767bb57b94ebf91a58b338002963785cdd7013e21c0d4679471e4" dependencies = [ - "generic-array", + "generic-array 0.12.3", ] [[package]] @@ -57,7 +57,7 @@ checksum = "cfd7e7ae3f9a1fb5c03b389fc6bb9a51400d0c13053f0dca698c832bfd893a0d" dependencies = [ "block-cipher-trait", "byteorder", - "opaque-debug", + "opaque-debug 0.2.3", ] [[package]] @@ -67,7 +67,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2f70a6b5f971e473091ab7cfb5ffac6cde81666c4556751d8d5620ead8abf100" dependencies = [ "block-cipher-trait", - "opaque-debug", + "opaque-debug 0.2.3", ] [[package]] @@ -202,7 +202,16 @@ dependencies = [ "block-padding", "byte-tools", "byteorder", - "generic-array", + "generic-array 0.12.3", +] + +[[package]] +name = "block-buffer" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4152116fd6e9dadb291ae18fc1ec3575ed6d84c29642d97890f4b4a3417297e4" +dependencies = [ + "generic-array 0.14.3", ] [[package]] @@ -211,7 +220,7 @@ version = "0.6.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1c924d49bd09e7c06003acda26cd9742e796e34282ec6c1189404dee0c1f4774" dependencies = [ - "generic-array", + "generic-array 0.12.3", ] [[package]] @@ -313,7 +322,6 @@ dependencies = [ "license-exprs", "log", "oauth2", - "openssl", "parking_lot", "rand 0.7.3", "reqwest", @@ -321,6 +329,7 @@ dependencies = [ "semver 0.10.0", "serde", "serde_json", + "sha2 0.9.1", "swirl", "tar", "tempfile", @@ -336,8 +345,9 @@ version = "0.2.0" dependencies = [ "base64 0.12.3", "chrono", - "openssl", + "hmac 0.8.1", "reqwest", + "sha-1 0.9.1", ] [[package]] @@ -534,9 +544,9 @@ dependencies = [ "aes-gcm", "base64 0.12.3", "hkdf", - "hmac", + "hmac 0.7.1", "rand 0.7.3", - "sha2", + "sha2 0.8.2", "time 0.2.16", ] @@ -556,6 +566,12 @@ version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b3a71ab494c0b5b860bdc8407ae08978052417070c2ced38573a9157ad75b8ac" +[[package]] +name = "cpuid-bool" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ec6763c20301ab0dc67051d1b6f4cc9132ad9e6eddcb1f10c6c53ea6d6ae2183" + [[package]] name = "crc32fast" version = "1.2.0" @@ -571,10 +587,20 @@ version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4434400df11d95d556bac068ddfedd482915eb18fe8bea89bc80b6e4b1c179e5" dependencies = [ - "generic-array", + "generic-array 0.12.3", "subtle 1.0.0", ] +[[package]] +name = "crypto-mac" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b584a330336237c1eecd3e94266efb216c56ed91225d634cb2991c5f3fd1aeab" +dependencies = [ + "generic-array 0.14.3", + "subtle 2.2.3", +] + [[package]] name = "ctor" version = "0.1.15" @@ -657,7 +683,16 @@ version = "0.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f3d0c8c8752312f9713efd397ff63acb9f85585afbf179282e720e7704954dd5" dependencies = [ - "generic-array", + "generic-array 0.12.3", +] + +[[package]] +name = "digest" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3dd60d1080a57a05ab032377049e0591415d2b31afd7028356dbf3cc6dcb066" +dependencies = [ + "generic-array 0.14.3", ] [[package]] @@ -1005,6 +1040,16 @@ dependencies = [ "typenum", ] +[[package]] +name = "generic-array" +version = "0.14.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "60fb4bb6bba52f78a471264d9a3b7d026cc0af47b22cd2cffbc0b787ca003e63" +dependencies = [ + "typenum", + "version_check 0.9.2", +] + [[package]] name = "getrandom" version = "0.1.14" @@ -1111,8 +1156,8 @@ version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3fa08a006102488bd9cd5b8013aabe84955cf5ae22e304c2caf655b633aefae3" dependencies = [ - "digest", - "hmac", + "digest 0.8.1", + "hmac 0.7.1", ] [[package]] @@ -1121,8 +1166,18 @@ version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5dcb5e64cda4c23119ab41ba960d1e170a774c8e4b9d9e6a9bc18aabf5e59695" dependencies = [ - "crypto-mac", - "digest", + "crypto-mac 0.7.0", + "digest 0.8.1", +] + +[[package]] +name = "hmac" +version = "0.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "126888268dcc288495a26bf004b38c5fdbb31682f992c84ceb046a1f0fe38840" +dependencies = [ + "crypto-mac 0.8.0", + "digest 0.9.0", ] [[package]] @@ -1719,7 +1774,7 @@ dependencies = [ "reqwest", "serde", "serde_json", - "sha2", + "sha2 0.8.2", "unicode-normalization", "url", ] @@ -1742,6 +1797,12 @@ version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2839e79665f131bdb5782e51f2c6c9599c133c6098982a54c794358bf432529c" +[[package]] +name = "opaque-debug" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" + [[package]] name = "openssl" version = "0.10.30" @@ -1847,7 +1908,7 @@ checksum = "54be6e404f5317079812fc8f9f5279de376d8856929e21c184ecf6bbd692a11d" dependencies = [ "maplit", "pest", - "sha-1", + "sha-1 0.8.2", ] [[package]] @@ -2420,10 +2481,23 @@ version = "0.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f7d94d0bede923b3cea61f3f1ff57ff8cdfd77b400fb8f9998949e0cf04163df" dependencies = [ - "block-buffer", - "digest", + "block-buffer 0.7.3", + "digest 0.8.1", "fake-simd", - "opaque-debug", + "opaque-debug 0.2.3", +] + +[[package]] +name = "sha-1" +version = "0.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "170a36ea86c864a3f16dd2687712dd6646f7019f301e57537c7f4dc9f5916770" +dependencies = [ + "block-buffer 0.9.0", + "cfg-if", + "cpuid-bool", + "digest 0.9.0", + "opaque-debug 0.3.0", ] [[package]] @@ -2438,10 +2512,23 @@ version = "0.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a256f46ea78a0c0d9ff00077504903ac881a1dafdc20da66545699e7776b3e69" dependencies = [ - "block-buffer", - "digest", + "block-buffer 0.7.3", + "digest 0.8.1", "fake-simd", - "opaque-debug", + "opaque-debug 0.2.3", +] + +[[package]] +name = "sha2" +version = "0.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2933378ddfeda7ea26f48c555bdad8bb446bf8a3d17832dc83e380d444cfb8c1" +dependencies = [ + "block-buffer 0.9.0", + "cfg-if", + "cpuid-bool", + "digest 0.9.0", + "opaque-debug 0.3.0", ] [[package]] @@ -2931,7 +3018,7 @@ version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "df0c900f2f9b4116803415878ff48b63da9edb268668e08cf9292d7503114a01" dependencies = [ - "generic-array", + "generic-array 0.12.3", "subtle 2.2.3", ] diff --git a/Cargo.toml b/Cargo.toml index 73670a3da8b..b092026f39c 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -37,7 +37,7 @@ url = "2.1" tar = "0.4.16" base64 = "0.12" -openssl = "0.10.13" +sha2 = "0.9" oauth2 = { version = "3.0.0", default-features = false, features = ["reqwest-010"] } log = "0.4" env_logger = "0.7" diff --git a/src/s3/Cargo.toml b/src/s3/Cargo.toml index 3103d095c3a..08e84f75725 100644 --- a/src/s3/Cargo.toml +++ b/src/s3/Cargo.toml @@ -16,5 +16,6 @@ path = "lib.rs" [dependencies] base64 = "0.12" chrono = "0.4" -openssl = "0.10.13" +sha-1 = "0.9" +hmac = "0.8" reqwest = { version = "0.10", features = ["blocking"] } diff --git a/src/s3/error.rs b/src/s3/error.rs deleted file mode 100644 index 8e5d65ce6cb..00000000000 --- a/src/s3/error.rs +++ /dev/null @@ -1,33 +0,0 @@ -use std::fmt; - -use openssl::error::ErrorStack; -use reqwest::Error as ReqwestError; - -#[derive(Debug)] -pub enum Error { - Openssl(ErrorStack), - Reqwest(ReqwestError), -} - -impl From for Error { - fn from(stack: ErrorStack) -> Self { - Self::Openssl(stack) - } -} - -impl From for Error { - fn from(error: ReqwestError) -> Self { - Self::Reqwest(error) - } -} - -impl fmt::Display for Error { - fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - match self { - Self::Openssl(stack) => stack.fmt(f), - Self::Reqwest(error) => error.fmt(f), - } - } -} - -impl std::error::Error for Error {} diff --git a/src/s3/lib.rs b/src/s3/lib.rs index 669dbdf21c8..41b7fb2912c 100644 --- a/src/s3/lib.rs +++ b/src/s3/lib.rs @@ -1,18 +1,14 @@ #![warn(clippy::all, rust_2018_idioms)] -use base64::encode; use chrono::prelude::Utc; -use openssl::error::ErrorStack; -use openssl::hash::MessageDigest; -use openssl::pkey::PKey; -use openssl::sign::Signer; +use hmac::{Hmac, Mac, NewMac}; use reqwest::{ blocking::{Body, Client, Response}, header, }; +use sha1::Sha1; -mod error; -pub use error::Error; +pub use reqwest::Error; #[derive(Clone, Debug)] pub struct Bucket { @@ -55,7 +51,7 @@ impl Bucket { path }; let date = Utc::now().to_rfc2822(); - let auth = self.auth("PUT", &date, path, "", content_type)?; + let auth = self.auth("PUT", &date, path, "", content_type); let url = self.url(path); client @@ -78,7 +74,7 @@ impl Bucket { path }; let date = Utc::now().to_rfc2822(); - let auth = self.auth("DELETE", &date, path, "", "")?; + let auth = self.auth("DELETE", &date, path, "", ""); let url = self.url(path); client @@ -102,14 +98,7 @@ impl Bucket { ) } - fn auth( - &self, - verb: &str, - date: &str, - path: &str, - md5: &str, - content_type: &str, - ) -> Result { + fn auth(&self, verb: &str, date: &str, path: &str, md5: &str, content_type: &str) -> String { let string = format!( "{verb}\n{md5}\n{ty}\n{date}\n{headers}{resource}", verb = verb, @@ -120,12 +109,13 @@ impl Bucket { resource = format!("/{}/{}", self.name, path) ); let signature = { - let key = PKey::hmac(self.secret_key.as_bytes())?; - let mut signer = Signer::new(MessageDigest::sha1(), &key)?; - signer.update(string.as_bytes())?; - encode(&signer.sign_to_vec()?[..]) + let key = self.secret_key.as_bytes(); + let mut h = Hmac::::new_varkey(key).expect("HMAC can take key of any size"); + h.update(string.as_bytes()); + let res = h.finalize().into_bytes(); + base64::encode(&res) }; - Ok(format!("AWS {}:{}", self.access_key, signature)) + format!("AWS {}:{}", self.access_key, signature) } fn url(&self, path: &str) -> String { diff --git a/src/uploaders.rs b/src/uploaders.rs index 46a7c3acace..80081fd7507 100644 --- a/src/uploaders.rs +++ b/src/uploaders.rs @@ -1,8 +1,7 @@ use conduit::RequestExt; use flate2::read::GzDecoder; -use openssl::error::ErrorStack; -use openssl::hash::{Hasher, MessageDigest}; use reqwest::{blocking::Client, header}; +use sha2::{Digest, Sha256}; use crate::util::errors::{cargo_err, internal, AppResult, ChainError}; use crate::util::{Error, LimitErrorReader, Maximums}; @@ -133,13 +132,13 @@ impl Uploader { krate: &Crate, maximums: Maximums, vers: &semver::Version, - ) -> AppResult> { + ) -> AppResult<[u8; 32]> { let app = Arc::clone(req.app()); let path = Uploader::crate_path(&krate.name, &vers.to_string()); let mut body = Vec::new(); LimitErrorReader::new(req.body(), maximums.max_upload_size).read_to_end(&mut body)?; verify_tarball(krate, vers, &body, maximums.max_unpack_size)?; - let checksum = hash(&body)?; + let checksum = Sha256::digest(&body); let content_length = body.len() as u64; let content = Cursor::new(body); let mut extra_headers = header::HeaderMap::new(); @@ -156,7 +155,7 @@ impl Uploader { extra_headers, ) .map_err(|e| internal(&format_args!("failed to upload crate: {}", e)))?; - Ok(checksum) + Ok(checksum.into()) } pub(crate) fn upload_readme( @@ -225,9 +224,3 @@ fn verify_tarball( } Ok(()) } - -fn hash(data: &[u8]) -> Result, ErrorStack> { - let mut hasher = Hasher::new(MessageDigest::sha256())?; - hasher.update(data)?; - Ok(hasher.finish()?.to_vec()) -} diff --git a/src/util/errors/concrete.rs b/src/util/errors/concrete.rs index 54c2d9d0b3a..833c1c37aa1 100644 --- a/src/util/errors/concrete.rs +++ b/src/util/errors/concrete.rs @@ -9,7 +9,6 @@ pub enum Error { Internal(String), Io(io::Error), JobEnqueue(swirl::EnqueueError), - Openssl(openssl::error::ErrorStack), Reqwest(reqwest::Error), } @@ -25,7 +24,6 @@ impl fmt::Display for Error { Error::Internal(inner) => inner.fmt(f), Error::Io(inner) => inner.fmt(f), Error::JobEnqueue(inner) => inner.fmt(f), - Error::Openssl(inner) => inner.fmt(f), Error::Reqwest(inner) => inner.fmt(f), } } @@ -73,15 +71,6 @@ impl From for Error { } } -impl From for Error { - fn from(err: s3::Error) -> Self { - match err { - s3::Error::Openssl(e) => Error::Openssl(e), - s3::Error::Reqwest(e) => Error::Reqwest(e), - } - } -} - impl From for Error { fn from(err: reqwest::Error) -> Self { Error::Reqwest(err)