Use RustCrypto crates

Cargo.toml

@@ -37,6 +37,7 @@ filetime = "0.2"
 flate2 = { version = "1.0", optional = true, default-features = false, features = ["rust_backend"] }
 futures = "0.1.11"
 futures-cpupool = "0.1"
+hmac = { version = "0.7", optional = true }
 hyper = { version = "0.11", optional = true }
 jobserver = "0.1"
 jsonwebtoken = { version = "5.0", optional = true }
@@ -45,6 +46,7 @@ libc = "0.2.10"
 local-encoding = "0.2.0"
 log = "0.4"
 lru-disk-cache = { path = "lru-disk-cache", version = "0.2.0" }
+md-5 = { version = "0.8", optional = true }
 memcached-rs = { version = "0.3" , optional = true }
 num_cpus = "1.0"
 number_prefix = "0.2.5"
@@ -55,8 +57,8 @@ regex = "1"
 # Exact dependency since we use the unstable async API
 reqwest = { version = "=0.8.8", features = ["unstable"], optional = true }
 retry = "0.4.0"
-ring = "0.13.2"
-rust-crypto = { version = "0.2.36", optional = true }
+sha-1 = { version = "0.8", optional = true }
+sha2 = "0.8"
 serde = "1.0"
 serde_derive = "1.0"
 serde_json = "1.0"
@@ -106,8 +108,8 @@ default = ["s3"]
 all = ["redis", "s3", "memcached", "gcs", "azure"]
 # gcs requires openssl, which is a pain on Windows.
 all-windows = ["redis", "s3", "memcached", "azure"]
-azure = ["chrono", "hyper", "rust-crypto", "url"]
-s3 = ["chrono", "hyper", "reqwest", "rust-crypto", "simple-s3"]
+azure = ["chrono", "hyper", "md-5", "hmac", "url"]
+s3 = ["chrono", "hyper", "reqwest", "sha-1", "hmac", "simple-s3"]
 simple-s3 = []
 gcs = ["chrono", "hyper", "jsonwebtoken", "openssl", "reqwest", "url"]
 memcached = ["memcached-rs"]

src/azure/blobstore.rs

@@ -15,11 +15,9 @@
 
 use azure::credentials::*;
 use base64;
-use crypto::digest::Digest;
-use crypto::hmac::Hmac;
-use crypto::mac::Mac;
-use crypto::md5::Md5;
-use crypto::sha2::Sha256;
+use hmac::{Hmac, Mac};
+use md5::Md5;
+use sha2::{Sha256, Digest};
 use futures::{Future, Stream};
 use hyper::{header, Method};
 use url::Url;
@@ -34,25 +32,18 @@ use errors::*;
 
 const BLOB_API_VERSION: &str = "2017-04-17";
 
-fn hmac<D: Digest>(digest: D, data: &[u8], secret: &[u8]) -> Vec<u8> {
-    let mut hmac = Hmac::new(digest, secret);
-    hmac.input(data);
-    hmac.result().code().iter().map(|b| *b).collect::<Vec<u8>>()
-}
-
 fn signature(to_sign: &str, secret: &str) -> String {
     let decoded_secret = base64::decode_config(secret.as_bytes(), base64::STANDARD).unwrap();
-    let sig = hmac(Sha256::new(), to_sign.as_bytes(), &decoded_secret);
-    base64::encode_config::<Vec<u8>>(&sig, base64::STANDARD)
+    let mut hmac = Hmac::<Sha256>::new_varkey(&decoded_secret)
+        .expect("HMAC can take key of any size");
+    hmac.input(to_sign.as_bytes());
+    let sig = hmac.result().code();
+    base64::encode_config(&sig, base64::STANDARD)
 }
 
 fn md5(data: &[u8]) -> String {
-    let mut result: Vec<u8> = vec![0; 16]; // md5 digest is 16 bytes long.
-    let mut digest = Md5::new();
-    digest.input(data);
-    digest.result(&mut result);
-
-    base64::encode_config::<Vec<u8>>(&result, base64::STANDARD)
+    let result = Md5::digest(data);
+    base64::encode_config(&result, base64::STANDARD)
 }
 
 pub struct BlobContainer {

src/dist/cache.rs

@@ -1,9 +1,9 @@
 use dist::Toolchain;
 use lru_disk_cache::{LruDiskCache, ReadSeek};
 use lru_disk_cache::Result as LruResult;
-use ring::digest::{SHA512, Context};
+use sha2::{Sha512, Digest};
 use std::fs;
-use std::io::{self, BufReader, Read};
+use std::io;
 use std::path::{Path, PathBuf};
 use util;
 
@@ -231,25 +231,12 @@ impl TcCache {
 fn path_key(path: &Path) -> Result<String> {
     file_key(fs::File::open(path)?)
 }
-fn file_key<RS: ReadSeek + 'static>(rs: RS) -> Result<String> {
-    hash_reader(rs)
+fn file_key<RS: ReadSeek + 'static>(mut rs: RS) -> Result<String> {
+    let mut hasher = Sha512::new();
+    io::copy(&mut rs, &mut hasher)?;
+    Ok(util::hex(hasher.result().as_ref()))
 }
 /// Make a path to the cache entry with key `key`.
 fn make_lru_key_path(key: &str) -> PathBuf {
     Path::new(&key[0..1]).join(&key[1..2]).join(key)
 }
-
-// Partially copied from util.rs
-fn hash_reader<R: Read + Send + 'static>(rdr: R) -> Result<String> {
-    let mut m = Context::new(&SHA512);
-    let mut reader = BufReader::new(rdr);
-    loop {
-        let mut buffer = [0; 1024];
-        let count = reader.read(&mut buffer[..])?;
-        if count == 0 {
-            break;
-        }
-        m.update(&buffer[..count]);
-    }
-    Ok(util::hex(m.finish().as_ref()))
-}

src/lib.rs

@@ -41,6 +41,8 @@ extern crate flate2;
 #[macro_use]
 extern crate futures;
 extern crate futures_cpupool;
+#[cfg(feature = "hmac")]
+extern crate hmac;
 #[cfg(feature = "hyper")]
 extern crate hyper;
 #[cfg(test)]
@@ -56,6 +58,8 @@ extern crate local_encoding;
 extern crate log;
 extern crate libc;
 extern crate lru_disk_cache;
+#[cfg(feature = "md-5")]
+extern crate md5;
 #[cfg(feature = "memcached")]
 extern crate memcached;
 #[cfg(windows)]
@@ -65,7 +69,6 @@ extern crate number_prefix;
 #[cfg(feature = "openssl")]
 extern crate openssl;
 extern crate rand;
-extern crate ring;
 #[cfg(feature = "redis")]
 extern crate redis;
 extern crate regex;
@@ -75,6 +78,9 @@ extern crate retry;
 #[cfg(feature = "rouille")]
 #[macro_use(router)]
 extern crate rouille;
+#[cfg(feature = "sha-1")]
+extern crate sha1;
+extern crate sha2;
 extern crate serde;
 extern crate serde_json;
 #[macro_use]

src/simples3/s3.rs

@@ -6,10 +6,8 @@ use std::ascii::AsciiExt;
 use std::fmt;
 
 use base64;
-use crypto::digest::Digest;
-use crypto::hmac::Hmac;
-use crypto::mac::Mac;
-use crypto::sha1::Sha1;
+use hmac::{Hmac, Mac};
+use sha1::Sha1;
 use futures::{Future, Stream};
 use hyper::header;
 use hyper::Method;
@@ -42,19 +40,13 @@ fn base_url(endpoint: &str, ssl: Ssl) -> String {
     )
 }
 
-fn hmac<D: Digest>(d: D, key: &[u8], data: &[u8]) -> Vec<u8> {
-    let mut hmac = Hmac::new(d, key);
-    hmac.input(data);
-    hmac.result().code().iter().map(|b| *b).collect::<Vec<u8>>()
-}
-
 fn signature(string_to_sign: &str, signing_key: &str) -> String {
-    let s = hmac(
-        Sha1::new(),
-        signing_key.as_bytes(),
-        string_to_sign.as_bytes(),
-    );
-    base64::encode_config::<Vec<u8>>(&s, base64::STANDARD)
+    let mut hmac = Hmac::<Sha1>::new_varkey(signing_key.as_bytes())
+        .expect("HMAC can take key of any size");
+    hmac.input(string_to_sign.as_bytes());
+    let sig = hmac.result().code();
+
+    base64::encode_config(&sig, base64::STANDARD)
 }
 
 /// An S3 bucket.

src/util.rs

@@ -17,12 +17,12 @@ use byteorder::{ByteOrder, BigEndian};
 use futures::Future;
 use futures_cpupool::CpuPool;
 use mock_command::{CommandChild, RunCommand};
-use ring::digest::{SHA512, Context};
+use sha2::{Sha512, Digest as DigestTrait};
 use serde::Serialize;
 use std::ffi::{OsStr, OsString};
 use std::fs::File;
 use std::hash::Hasher;
-use std::io::BufReader;
+use std::io;
 use std::io::prelude::*;
 use std::path::Path;
 use std::process::{self,Stdio};
@@ -32,12 +32,12 @@ use errors::*;
 
 #[derive(Clone)]
 pub struct Digest {
-    inner: Context,
+    inner: Sha512,
 }
 
 impl Digest {
     pub fn new() -> Digest {
-        Digest { inner: Context::new(&SHA512) }
+        Digest { inner: Sha512::new() }
     }
 
     /// Calculate the SHA-512 digest of the contents of `path`, running
@@ -50,28 +50,20 @@ impl Digest {
         Self::reader(f, pool)
     }
 
-    pub fn reader<R: Read + Send + 'static>(rdr: R, pool: &CpuPool) -> SFuture<String> {
+    pub fn reader<R: Read + Send + 'static>(mut rdr: R, pool: &CpuPool) -> SFuture<String> {
         Box::new(pool.spawn_fn(move || -> Result<_> {
-            let mut m = Digest::new();
-            let mut reader = BufReader::new(rdr);
-            loop {
-                let mut buffer = [0; 1024];
-                let count = reader.read(&mut buffer[..])?;
-                if count == 0 {
-                    break;
-                }
-                m.update(&buffer[..count]);
-            }
-            Ok(m.finish())
+            let mut hasher = Sha512::new();
+            io::copy(&mut rdr, &mut hasher)?;
+            Ok(hex(hasher.result().as_ref()))
         }))
     }
 
     pub fn update(&mut self, bytes: &[u8]) {
-        self.inner.update(bytes);
+        self.inner.input(bytes);
     }
 
     pub fn finish(self) -> String {
-        hex(self.inner.finish().as_ref())
+        hex(self.inner.result().as_ref())
     }
 }