Auto merge of #394 - pietroalbini:remove-ring, r=pietroalbini

bors · bors · commit d2e8a487e3f0 · 2019-01-26T20:59:44.000Z
Switch from ring to openssl The ring update policy is awful (see briansmith/ring#774), so this switches to a crate that doesn't break existing builds every time a new version is released.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -39,7 +39,6 @@ rand = "0.5"
 ref_slice = "1.1.1"
 regex = "1.0"
 reqwest = "0.9"
-ring = "0.13"
 rusoto_core = "0.35.0"
 rusoto_credential = "0.14.0"
 rusoto_s3 = "0.35.0"
@@ -63,6 +62,7 @@ warp = "0.1.9"
 winapi = "0.3"
 log = "0.4.6"
 env_logger = "0.6.0"
+openssl = "0.10.16"
 
 [dev-dependencies]
 assert_cmd = "0.10.1"
diff --git a/src/server/routes/webhooks/mod.rs b/src/server/routes/webhooks/mod.rs
@@ -9,10 +9,10 @@ use crate::server::Data;
 use bytes::buf::Buf;
 use http::{HeaderMap, Response, StatusCode};
 use hyper::Body;
-use ring;
 use serde_json;
 use std::str::FromStr;
 use std::sync::Arc;
+use openssl::{hash::MessageDigest, pkey::PKey, sign::Signer};
 use warp::{self, filters::body::FullBody, Filter, Rejection};
 
 fn process_webhook(
@@ -131,6 +131,15 @@ fn process_command(
 }
 
 fn verify_signature(secret: &str, payload: &[u8], raw_signature: &str) -> bool {
+    macro_rules! try_false {
+        ($expr:expr) => {
+            match $expr {
+                Ok(res) => res,
+                Err(_) => return false,
+            }
+        }
+    };
+
     // The signature must have a =
     if !raw_signature.contains('=') {
         return false;
@@ -156,16 +165,17 @@ fn verify_signature(secret: &str, payload: &[u8], raw_signature: &str) -> bool {
 
     // Get the correct digest
     let digest = match *algorithm {
-        "sha1" => &ring::digest::SHA1,
-        _ => {
-            // Unknown digest, return false
-            return false;
-        }
+        "sha1" => MessageDigest::sha1(),
+        // Unknown digest, return false
+        _ => return false,
     };
 
-    // Verify the HMAC signature
-    let key = ring::hmac::VerificationKey::new(digest, secret.as_bytes());
-    ring::hmac::verify(&key, payload, &signature).is_ok()
+    // Verify the HMAC using OpenSSL
+    let key = try_false!(PKey::hmac(secret.as_bytes()));
+    let mut signer = try_false!(Signer::new(digest, &key));
+    try_false!(signer.update(payload));
+    let hmac = try_false!(signer.sign_to_vec());
+    openssl::memcmp::eq(&hmac, &signature)
 }
 
 fn receive_endpoint(data: Arc<Data>, headers: HeaderMap, body: FullBody) -> Fallible<()> {
