Auto merge of #394 - pietroalbini:remove-ring, r=pietroalbini

Switch from ring to openssl

The ring update policy is awful (see briansmith/ring#774), so this switches to a crate that doesn't break existing builds every time a new version is released.

Author: bors

.appveyor.yml

@@ -14,6 +14,7 @@ cache:
 install:
   - appveyor-retry appveyor DownloadFile https://win.rustup.rs/ -FileName rustup-init.exe
   - rustup-init.exe -y --default-toolchain %CHANNEL% --default-host %TARGET%
+  - set OPENSSL_DIR=C:\OpenSSL-v111-Win64
   - set PATH=%PATH%;C:\Users\appveyor\.cargo\bin
   - rustc -V
   - cargo -V

Cargo.lock

@@ -39,7 +39,6 @@ rand = "0.5"
 ref_slice = "1.1.1"
 regex = "1.0"
 reqwest = "0.9"
-ring = "0.13"
 rusoto_core = "0.35.0"
 rusoto_credential = "0.14.0"
 rusoto_s3 = "0.35.0"
@@ -63,6 +62,7 @@ warp = "0.1.9"
 winapi = "0.3"
 log = "0.4.6"
 env_logger = "0.6.0"
+openssl = "0.10.16"
 
 [dev-dependencies]
 assert_cmd = "0.10.1"

Cargo.toml

@@ -9,7 +9,7 @@ use crate::server::Data;
 use bytes::buf::Buf;
 use http::{HeaderMap, Response, StatusCode};
 use hyper::Body;
-use ring;
+use openssl::{hash::MessageDigest, pkey::PKey, sign::Signer};
 use serde_json;
 use std::str::FromStr;
 use std::sync::Arc;
@@ -131,6 +131,15 @@ fn process_command(
 }
 
 fn verify_signature(secret: &str, payload: &[u8], raw_signature: &str) -> bool {
+    macro_rules! try_false {
+        ($expr:expr) => {
+            match $expr {
+                Ok(res) => res,
+                Err(_) => return false,
+            }
+        };
+    };
+
     // The signature must have a =
     if !raw_signature.contains('=') {
         return false;
@@ -156,16 +165,17 @@ fn verify_signature(secret: &str, payload: &[u8], raw_signature: &str) -> bool {
 
     // Get the correct digest
     let digest = match *algorithm {
-        "sha1" => &ring::digest::SHA1,
-        _ => {
-            // Unknown digest, return false
-            return false;
-        }
+        "sha1" => MessageDigest::sha1(),
+        // Unknown digest, return false
+        _ => return false,
     };
 
-    // Verify the HMAC signature
-    let key = ring::hmac::VerificationKey::new(digest, secret.as_bytes());
-    ring::hmac::verify(&key, payload, &signature).is_ok()
+    // Verify the HMAC using OpenSSL
+    let key = try_false!(PKey::hmac(secret.as_bytes()));
+    let mut signer = try_false!(Signer::new(digest, &key));
+    try_false!(signer.update(payload));
+    let hmac = try_false!(signer.sign_to_vec());
+    openssl::memcmp::eq(&hmac, &signature)
 }
 
 fn receive_endpoint(data: Arc<Data>, headers: HeaderMap, body: FullBody) -> Fallible<()> {