From f510085fd401216c93fb9171218b2d0451879ef3 Mon Sep 17 00:00:00 2001 From: Isabel Atkinson Date: Tue, 15 Mar 2022 16:07:13 -0400 Subject: [PATCH 1/6] bump MSRV to 1.50.0 --- .evergreen/config.yml | 4 ++-- README.md | 4 ++-- src/lib.rs | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index e924b877b..f601c1da0 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -1283,9 +1283,9 @@ axes: - id: "extra-rust-versions" values: - id: "min" - display_name: "1.49 (minimum supported version)" + display_name: "1.50 (minimum supported version)" variables: - RUST_VERSION: "1.49.0" + RUST_VERSION: "1.50.0" - id: "nightly" display_name: "nightly" variables: diff --git a/README.md b/README.md index 4e62493b3..bc5aa1a76 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,7 @@ This repository contains the officially supported MongoDB Rust driver, a client ## Installation ### Requirements -- Rust 1.49+ +- Rust 1.50+ - MongoDB 3.6+ ### Importing @@ -358,7 +358,7 @@ Commits to master are run automatically on [evergreen](https://evergreen.mongodb ## Minimum supported Rust version (MSRV) -The MSRV for this crate is currently 1.49.0. This will be rarely be increased, and if it ever is, +The MSRV for this crate is currently 1.50.0. This will be rarely be increased, and if it ever is, it will only happen in a minor or major version release. ## License diff --git a/src/lib.rs b/src/lib.rs index df6183742..d687ff52b 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -8,7 +8,7 @@ //! # Installation //! //! ## Requirements -//! - Rust 1.49+ +//! - Rust 1.50+ //! - MongoDB 3.6+ //! //! ## Importing @@ -283,7 +283,7 @@ //! //! ## Minimum supported Rust version (MSRV) //! -//! The MSRV for this crate is currently 1.49.0. This will be rarely be increased, and if it ever is, +//! The MSRV for this crate is currently 1.50.0. This will be rarely be increased, and if it ever is, //! it will only happen in a minor or major version release. #![warn(missing_docs)] From 619c0b15c9666f290be48fbd5f5221799d7d0699 Mon Sep 17 00:00:00 2001 From: Isabel Atkinson Date: Tue, 15 Mar 2022 16:11:31 -0400 Subject: [PATCH 2/6] bump dependencies --- Cargo.toml | 31 +++++++++++++++---------------- src/client/auth/mod.rs | 8 ++++---- src/client/auth/scram.rs | 16 ++++++++++------ src/client/options/mod.rs | 9 ++++++++- src/runtime/stream.rs | 3 +++ 5 files changed, 40 insertions(+), 27 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index e63d6c72d..c62512436 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -57,18 +57,18 @@ futures-io = "0.3.14" futures-util = { version = "0.3.14", features = ["io"] } futures-executor = "0.3.14" hex = "0.4.0" -hmac = "0.11" +hmac = "0.12.1" lazy_static = "1.4.0" -md-5 = "0.9.1" +md-5 = "0.10.1" openssl = { version = "0.10.38", optional = true } openssl-probe = { version = "0.1.5", optional = true } os_info = { version = "3.0.1", default-features = false } percent-encoding = "2.0.0" rand = { version = "0.8.3", features = ["small_rng"] } -rustls-pemfile = "0.2.1" +rustls-pemfile = "0.3.0" serde_with = "1.3.1" -sha-1 = "0.9.4" -sha2 = "0.9.3" +sha-1 = "0.10.0" +sha2 = "0.10.2" snap = { version = "1.0.5", optional = true} socket2 = "0.4.0" stringprep = "0.1.2" @@ -78,22 +78,21 @@ thiserror = "1.0.24" tokio-openssl = { version = "0.6.3", optional = true } trust-dns-proto = "0.20.0" trust-dns-resolver = "0.20.0" -typed-builder = "0.9.0" +typed-builder = "0.10.0" version_check = "0.9.1" -webpki = "0.21.0" -webpki-roots = "0.21.0" -zstd = { version = "0.10", optional = true } +webpki-roots = "0.22.2" +zstd = { version = "0.11.0", optional = true } [dependencies.async-std] version = "1.9.0" optional = true [dependencies.async-std-resolver] -version = "0.20.1" +version = "0.21.1" optional = true [dependencies.pbkdf2] -version = "0.8" +version = "0.10.1" default-features = false [dependencies.reqwest] @@ -103,7 +102,7 @@ default-features = false features = ["json", "rustls-tls"] [dependencies.rustls] -version = "0.19.0" +version = "0.20.4" features = ["dangerous_configuration"] [dependencies.serde] @@ -119,11 +118,11 @@ version = "1.4.0" features = ["io-util", "sync", "macros"] [dependencies.tokio-rustls] -version = "0.22.0" +version = "0.23.2" features = ["dangerous_configuration"] [dependencies.tokio-util] -version = "0.6.5" +version = "0.7.0" features = ["io"] [dependencies.uuid] @@ -131,12 +130,12 @@ version = "0.8.2" features = ["v4"] [dev-dependencies] -approx = "0.4.0" +approx = "0.5.1" derive_more = "0.99.13" function_name = "0.2.0" futures = "0.3" home = "0.5" -pretty_assertions = "0.7.1" +pretty_assertions = "1.1.0" serde_json = "1.0.64" semver = "1.0.0" diff --git a/src/client/auth/mod.rs b/src/client/auth/mod.rs index f2b436da5..c5ffa37af 100644 --- a/src/client/auth/mod.rs +++ b/src/client/auth/mod.rs @@ -12,7 +12,7 @@ mod x509; use std::{borrow::Cow, fmt::Debug, str::FromStr}; -use hmac::{Mac, NewMac}; +use hmac::{digest::KeyInit, Mac}; use rand::Rng; use serde::Deserialize; use typed_builder::TypedBuilder; @@ -515,13 +515,13 @@ pub(crate) fn generate_nonce() -> String { base64::encode(&result) } -fn mac( +fn mac( key: &[u8], input: &[u8], auth_mechanism: &str, ) -> Result> { - let mut mac = - M::new_from_slice(key).map_err(|_| Error::unknown_authentication_error(auth_mechanism))?; + let mut mac = ::new_from_slice(key) + .map_err(|_| Error::unknown_authentication_error(auth_mechanism))?; mac.update(input); Ok(mac.finalize().into_bytes()) } diff --git a/src/client/auth/scram.rs b/src/client/auth/scram.rs index 6c88e8093..fa5ef97a6 100644 --- a/src/client/auth/scram.rs +++ b/src/client/auth/scram.rs @@ -6,7 +6,11 @@ use std::{ str, }; -use hmac::{digest::Digest, Hmac, Mac, NewMac}; +use hmac::{ + digest::{Digest, FixedOutput, KeyInit}, + Hmac, + Mac, +}; use lazy_static::lazy_static; use md5::Md5; use sha1::Sha1; @@ -352,11 +356,11 @@ fn xor(lhs: &[u8], rhs: &[u8]) -> Vec { .collect() } -fn mac_verify(key: &[u8], input: &[u8], signature: &[u8]) -> Result<()> { - let mut mac = - M::new_from_slice(key).map_err(|_| Error::unknown_authentication_error("SCRAM"))?; +fn mac_verify(key: &[u8], input: &[u8], signature: &[u8]) -> Result<()> { + let mut mac = ::new_from_slice(key) + .map_err(|_| Error::unknown_authentication_error("SCRAM"))?; mac.update(input); - match mac.verify(signature) { + match mac.verify_slice(signature) { Ok(_) => Ok(()), Err(_) => Err(Error::authentication_error( "SCRAM", @@ -371,7 +375,7 @@ fn hash(val: &[u8]) -> Vec { hash.finalize().to_vec() } -fn h_i( +fn h_i( str: &str, salt: &[u8], iterations: u32, diff --git a/src/client/options/mod.rs b/src/client/options/mod.rs index 8902a671e..a009960df 100644 --- a/src/client/options/mod.rs +++ b/src/client/options/mod.rs @@ -11,11 +11,18 @@ use std::{ path::PathBuf, str::FromStr, sync::Arc, - time::Duration, + time::{Duration, SystemTime}, }; use derivative::Derivative; use lazy_static::lazy_static; +use rustls::{ + client::{ClientConfig, ServerCertVerified, ServerCertVerifier, ServerName}, + Certificate, + OwnedTrustAnchor, + RootCertStore, +}; +use rustls_pemfile::{certs, read_one, Item}; use serde::{ de::{Error, Unexpected}, Deserialize, diff --git a/src/runtime/stream.rs b/src/runtime/stream.rs index 0bbde1c8f..ab82731f6 100644 --- a/src/runtime/stream.rs +++ b/src/runtime/stream.rs @@ -1,4 +1,5 @@ use std::{ + convert::TryFrom, net::SocketAddr, ops::DerefMut, pin::Pin, @@ -7,7 +8,9 @@ use std::{ }; use futures_io::{AsyncRead, AsyncWrite}; +use rustls::client::ServerName; use tokio::io::{AsyncRead as TokioAsyncRead, AsyncWrite as TokioAsyncWrite, ReadBuf}; +use tokio_rustls::TlsConnector; use crate::{ cmap::options::StreamOptions, From 638d23592fc75150236903a7ee7fc2822c6a256c Mon Sep 17 00:00:00 2001 From: Isabel Atkinson Date: Mon, 21 Mar 2022 12:34:20 -0400 Subject: [PATCH 3/6] fix async std --- Cargo.toml | 4 ++-- src/srv.rs | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index c62512436..6846663de 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -76,8 +76,8 @@ strsim = "0.10.0" take_mut = "0.2.2" thiserror = "1.0.24" tokio-openssl = { version = "0.6.3", optional = true } -trust-dns-proto = "0.20.0" -trust-dns-resolver = "0.20.0" +trust-dns-proto = "0.21.1" +trust-dns-resolver = "0.21.1" typed-builder = "0.10.0" version_check = "0.9.1" webpki-roots = "0.22.2" diff --git a/src/srv.rs b/src/srv.rs index 1c444270c..6789b2486 100644 --- a/src/srv.rs +++ b/src/srv.rs @@ -80,8 +80,8 @@ impl SrvResolver { let mut min_ttl = u32::MAX; for record in srv_lookup.as_lookup().record_iter() { - let srv = match record.rdata() { - RData::SRV(s) => s, + let srv = match record.data() { + Some(RData::SRV(s)) => s, _ => continue, }; From 367c47c0be644086256fc91ab177b9fb10bd11ed Mon Sep 17 00:00:00 2001 From: Isabel Atkinson Date: Mon, 21 Mar 2022 12:57:34 -0400 Subject: [PATCH 4/6] rebase cleanup --- src/client/options/mod.rs | 9 +---- src/runtime/stream.rs | 3 -- src/runtime/tls_rustls.rs | 84 +++++++++++++++++++++++---------------- 3 files changed, 50 insertions(+), 46 deletions(-) diff --git a/src/client/options/mod.rs b/src/client/options/mod.rs index a009960df..8902a671e 100644 --- a/src/client/options/mod.rs +++ b/src/client/options/mod.rs @@ -11,18 +11,11 @@ use std::{ path::PathBuf, str::FromStr, sync::Arc, - time::{Duration, SystemTime}, + time::Duration, }; use derivative::Derivative; use lazy_static::lazy_static; -use rustls::{ - client::{ClientConfig, ServerCertVerified, ServerCertVerifier, ServerName}, - Certificate, - OwnedTrustAnchor, - RootCertStore, -}; -use rustls_pemfile::{certs, read_one, Item}; use serde::{ de::{Error, Unexpected}, Deserialize, diff --git a/src/runtime/stream.rs b/src/runtime/stream.rs index ab82731f6..0bbde1c8f 100644 --- a/src/runtime/stream.rs +++ b/src/runtime/stream.rs @@ -1,5 +1,4 @@ use std::{ - convert::TryFrom, net::SocketAddr, ops::DerefMut, pin::Pin, @@ -8,9 +7,7 @@ use std::{ }; use futures_io::{AsyncRead, AsyncWrite}; -use rustls::client::ServerName; use tokio::io::{AsyncRead as TokioAsyncRead, AsyncWrite as TokioAsyncWrite, ReadBuf}; -use tokio_rustls::TlsConnector; use crate::{ cmap::options::StreamOptions, diff --git a/src/runtime/tls_rustls.rs b/src/runtime/tls_rustls.rs index 2459a10c3..0e08e19a6 100644 --- a/src/runtime/tls_rustls.rs +++ b/src/runtime/tls_rustls.rs @@ -1,24 +1,24 @@ use std::{ + convert::TryFrom, fs::File, io::{BufReader, Seek, SeekFrom}, pin::Pin, sync::Arc, task::{Context, Poll}, + time::SystemTime, }; use futures_io::{AsyncRead, AsyncWrite}; use rustls::{ - internal::pemfile, + client::{ClientConfig, ServerCertVerified, ServerCertVerifier, ServerName}, Certificate, + Error as TlsError, + OwnedTrustAnchor, RootCertStore, - ServerCertVerified, - ServerCertVerifier, - TLSError, }; -use rustls_pemfile::{read_one, Item}; +use rustls_pemfile::{certs, read_one, Item}; use tokio::io::AsyncWrite as TokioAsyncWrite; use tokio_rustls::TlsConnector; -use webpki::DNSNameRef; use webpki_roots::TLS_SERVER_ROOTS; use crate::{ @@ -39,7 +39,7 @@ impl AsyncTlsStream { tcp_stream: AsyncTcpStream, cfg: TlsOptions, ) -> Result { - let name = DNSNameRef::try_from_ascii_str(host).map_err(|e| ErrorKind::DnsResolve { + let name = ServerName::try_from(host).map_err(|e| ErrorKind::DnsResolve { message: format!("could not resolve {:?}: {}", host, e), })?; let mut tls_config = make_rustls_config(cfg)?; @@ -82,39 +82,38 @@ impl AsyncWrite for AsyncTlsStream { /// Converts `TlsOptions` into a rustls::ClientConfig. fn make_rustls_config(cfg: TlsOptions) -> Result { - let mut config = rustls::ClientConfig::new(); - - if let Some(true) = cfg.allow_invalid_certificates { - config - .dangerous() - .set_certificate_verifier(Arc::new(NoCertVerifier {})); - } - let mut store = RootCertStore::empty(); if let Some(path) = cfg.ca_file_path { - store - .add_pem_file(&mut BufReader::new(File::open(&path)?)) - .map_err(|_| ErrorKind::InvalidTlsConfig { + let ders = certs(&mut BufReader::new(File::open(&path)?)).map_err(|_| { + ErrorKind::InvalidTlsConfig { message: format!( "Unable to parse PEM-encoded root certificate from {}", path.display() ), - })?; + } + })?; + store.add_parsable_certificates(&ders); } else { - store.add_server_trust_anchors(&TLS_SERVER_ROOTS); + let trust_anchors = TLS_SERVER_ROOTS.0.iter().map(|ta| { + OwnedTrustAnchor::from_subject_spki_name_constraints( + ta.subject, + ta.spki, + ta.name_constraints, + ) + }); + store.add_server_trust_anchors(trust_anchors); } - config.root_store = store; - - if let Some(path) = cfg.cert_key_file_path { + let mut config = if let Some(path) = cfg.cert_key_file_path { let mut file = BufReader::new(File::open(&path)?); - let certs = match pemfile::certs(&mut file) { - Ok(certs) => certs, - Err(()) => { + let certs = match certs(&mut file) { + Ok(certs) => certs.into_iter().map(Certificate).collect(), + Err(error) => { return Err(ErrorKind::InvalidTlsConfig { message: format!( - "Unable to parse PEM-encoded client certificate from {}", - path.display() + "Unable to parse PEM-encoded client certificate from {}: {}", + path.display(), + error.to_string(), ), } .into()) @@ -146,11 +145,24 @@ fn make_rustls_config(cfg: TlsOptions) -> Result { } }; + ClientConfig::builder() + .with_safe_defaults() + .with_root_certificates(store) + .with_single_cert(certs, key) + .map_err(|error| ErrorKind::InvalidTlsConfig { + message: error.to_string(), + })? + } else { + ClientConfig::builder() + .with_safe_defaults() + .with_root_certificates(store) + .with_no_client_auth() + }; + + if let Some(true) = cfg.allow_invalid_certificates { config - .set_single_client_cert(certs, key) - .map_err(|e| ErrorKind::InvalidTlsConfig { - message: e.to_string(), - })?; + .dangerous() + .set_certificate_verifier(Arc::new(NoCertVerifier {})); } Ok(config) @@ -161,11 +173,13 @@ struct NoCertVerifier {} impl ServerCertVerifier for NoCertVerifier { fn verify_server_cert( &self, - _: &RootCertStore, + _: &Certificate, _: &[Certificate], - _: webpki::DNSNameRef, + _: &ServerName, + _: &mut dyn Iterator, _: &[u8], - ) -> std::result::Result { + _: SystemTime, + ) -> std::result::Result { Ok(ServerCertVerified::assertion()) } } From 6c5fe8f477379428e7acf31e2019986558206d63 Mon Sep 17 00:00:00 2001 From: Isabel Atkinson Date: Mon, 21 Mar 2022 13:46:57 -0400 Subject: [PATCH 5/6] clippy --- src/runtime/tls_rustls.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/runtime/tls_rustls.rs b/src/runtime/tls_rustls.rs index 0e08e19a6..d778e31d1 100644 --- a/src/runtime/tls_rustls.rs +++ b/src/runtime/tls_rustls.rs @@ -113,7 +113,7 @@ fn make_rustls_config(cfg: TlsOptions) -> Result { message: format!( "Unable to parse PEM-encoded client certificate from {}: {}", path.display(), - error.to_string(), + error, ), } .into()) From 3e9fe59066909a5d30cef15a0eaf34c4ac6837c5 Mon Sep 17 00:00:00 2001 From: Isabel Atkinson Date: Mon, 21 Mar 2022 14:47:02 -0400 Subject: [PATCH 6/6] bump to 1.51 --- .evergreen/config.yml | 4 ++-- README.md | 4 ++-- src/lib.rs | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.evergreen/config.yml b/.evergreen/config.yml index f601c1da0..fd2c6716d 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -1283,9 +1283,9 @@ axes: - id: "extra-rust-versions" values: - id: "min" - display_name: "1.50 (minimum supported version)" + display_name: "1.51 (minimum supported version)" variables: - RUST_VERSION: "1.50.0" + RUST_VERSION: "1.51.0" - id: "nightly" display_name: "nightly" variables: diff --git a/README.md b/README.md index bc5aa1a76..e7a709a61 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,7 @@ This repository contains the officially supported MongoDB Rust driver, a client ## Installation ### Requirements -- Rust 1.50+ +- Rust 1.51+ - MongoDB 3.6+ ### Importing @@ -358,7 +358,7 @@ Commits to master are run automatically on [evergreen](https://evergreen.mongodb ## Minimum supported Rust version (MSRV) -The MSRV for this crate is currently 1.50.0. This will be rarely be increased, and if it ever is, +The MSRV for this crate is currently 1.51.0. This will be rarely be increased, and if it ever is, it will only happen in a minor or major version release. ## License diff --git a/src/lib.rs b/src/lib.rs index d687ff52b..75dd7abfa 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -8,7 +8,7 @@ //! # Installation //! //! ## Requirements -//! - Rust 1.50+ +//! - Rust 1.51+ //! - MongoDB 3.6+ //! //! ## Importing @@ -283,7 +283,7 @@ //! //! ## Minimum supported Rust version (MSRV) //! -//! The MSRV for this crate is currently 1.50.0. This will be rarely be increased, and if it ever is, +//! The MSRV for this crate is currently 1.51.0. This will be rarely be increased, and if it ever is, //! it will only happen in a minor or major version release. #![warn(missing_docs)]