Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RUST-1220 Bump outdated dependencies #596

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .evergreen/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -1283,9 +1283,9 @@ axes:
- id: "extra-rust-versions"
values:
- id: "min"
display_name: "1.49 (minimum supported version)"
display_name: "1.51 (minimum supported version)"
variables:
RUST_VERSION: "1.49.0"
RUST_VERSION: "1.51.0"
- id: "nightly"
display_name: "nightly"
variables:
Expand Down
35 changes: 17 additions & 18 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -57,43 +57,42 @@ futures-io = "0.3.14"
futures-util = { version = "0.3.14", features = ["io"] }
futures-executor = "0.3.14"
hex = "0.4.0"
hmac = "0.11"
hmac = "0.12.1"
lazy_static = "1.4.0"
md-5 = "0.9.1"
md-5 = "0.10.1"
openssl = { version = "0.10.38", optional = true }
openssl-probe = { version = "0.1.5", optional = true }
os_info = { version = "3.0.1", default-features = false }
percent-encoding = "2.0.0"
rand = { version = "0.8.3", features = ["small_rng"] }
rustls-pemfile = "0.2.1"
rustls-pemfile = "0.3.0"
serde_with = "1.3.1"
sha-1 = "0.9.4"
sha2 = "0.9.3"
sha-1 = "0.10.0"
sha2 = "0.10.2"
snap = { version = "1.0.5", optional = true}
socket2 = "0.4.0"
stringprep = "0.1.2"
strsim = "0.10.0"
take_mut = "0.2.2"
thiserror = "1.0.24"
tokio-openssl = { version = "0.6.3", optional = true }
trust-dns-proto = "0.20.0"
trust-dns-resolver = "0.20.0"
typed-builder = "0.9.0"
trust-dns-proto = "0.21.1"
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I ended up needing to bump these rather than waiting for #591 because the older versions were incompatible with the new version of async-std-resolver.

trust-dns-resolver = "0.21.1"
typed-builder = "0.10.0"
version_check = "0.9.1"
webpki = "0.21.0"
webpki-roots = "0.21.0"
zstd = { version = "0.10", optional = true }
webpki-roots = "0.22.2"
zstd = { version = "0.11.0", optional = true }

[dependencies.async-std]
version = "1.9.0"
optional = true

[dependencies.async-std-resolver]
version = "0.20.1"
version = "0.21.1"
optional = true

[dependencies.pbkdf2]
version = "0.8"
version = "0.10.1"
default-features = false

[dependencies.reqwest]
Expand All @@ -103,7 +102,7 @@ default-features = false
features = ["json", "rustls-tls"]

[dependencies.rustls]
version = "0.19.0"
version = "0.20.4"
features = ["dangerous_configuration"]

[dependencies.serde]
Expand All @@ -119,24 +118,24 @@ version = "1.4.0"
features = ["io-util", "sync", "macros"]

[dependencies.tokio-rustls]
version = "0.22.0"
version = "0.23.2"
features = ["dangerous_configuration"]

[dependencies.tokio-util]
version = "0.6.5"
version = "0.7.0"
features = ["io"]

[dependencies.uuid]
version = "0.8.2"
features = ["v4"]

[dev-dependencies]
approx = "0.4.0"
approx = "0.5.1"
derive_more = "0.99.13"
function_name = "0.2.0"
futures = "0.3"
home = "0.5"
pretty_assertions = "0.7.1"
pretty_assertions = "1.1.0"
serde_json = "1.0.64"
semver = "1.0.0"

Expand Down
4 changes: 2 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ This repository contains the officially supported MongoDB Rust driver, a client

## Installation
### Requirements
- Rust 1.49+
- Rust 1.51+
- MongoDB 3.6+

### Importing
Expand Down Expand Up @@ -358,7 +358,7 @@ Commits to master are run automatically on [evergreen](https://evergreen.mongodb

## Minimum supported Rust version (MSRV)

The MSRV for this crate is currently 1.49.0. This will be rarely be increased, and if it ever is,
The MSRV for this crate is currently 1.51.0. This will be rarely be increased, and if it ever is,
it will only happen in a minor or major version release.

## License
Expand Down
8 changes: 4 additions & 4 deletions src/client/auth/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ mod x509;

use std::{borrow::Cow, fmt::Debug, str::FromStr};

use hmac::{Mac, NewMac};
use hmac::{digest::KeyInit, Mac};
use rand::Rng;
use serde::Deserialize;
use typed_builder::TypedBuilder;
Expand Down Expand Up @@ -515,13 +515,13 @@ pub(crate) fn generate_nonce() -> String {
base64::encode(&result)
}

fn mac<M: Mac + NewMac>(
fn mac<M: Mac + KeyInit>(
key: &[u8],
input: &[u8],
auth_mechanism: &str,
) -> Result<impl AsRef<[u8]>> {
let mut mac =
M::new_from_slice(key).map_err(|_| Error::unknown_authentication_error(auth_mechanism))?;
let mut mac = <M as Mac>::new_from_slice(key)
.map_err(|_| Error::unknown_authentication_error(auth_mechanism))?;
mac.update(input);
Ok(mac.finalize().into_bytes())
}
16 changes: 10 additions & 6 deletions src/client/auth/scram.rs
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,11 @@ use std::{
str,
};

use hmac::{digest::Digest, Hmac, Mac, NewMac};
use hmac::{
digest::{Digest, FixedOutput, KeyInit},
Hmac,
Mac,
};
use lazy_static::lazy_static;
use md5::Md5;
use sha1::Sha1;
Expand Down Expand Up @@ -352,11 +356,11 @@ fn xor(lhs: &[u8], rhs: &[u8]) -> Vec<u8> {
.collect()
}

fn mac_verify<M: Mac + NewMac>(key: &[u8], input: &[u8], signature: &[u8]) -> Result<()> {
let mut mac =
M::new_from_slice(key).map_err(|_| Error::unknown_authentication_error("SCRAM"))?;
fn mac_verify<M: Mac + KeyInit>(key: &[u8], input: &[u8], signature: &[u8]) -> Result<()> {
let mut mac = <M as Mac>::new_from_slice(key)
.map_err(|_| Error::unknown_authentication_error("SCRAM"))?;
mac.update(input);
match mac.verify(signature) {
match mac.verify_slice(signature) {
Ok(_) => Ok(()),
Err(_) => Err(Error::authentication_error(
"SCRAM",
Expand All @@ -371,7 +375,7 @@ fn hash<D: Digest>(val: &[u8]) -> Vec<u8> {
hash.finalize().to_vec()
}

fn h_i<M: Mac + NewMac + Sync>(
fn h_i<M: KeyInit + FixedOutput + Mac + Sync + Clone>(
str: &str,
salt: &[u8],
iterations: u32,
Expand Down
4 changes: 2 additions & 2 deletions src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
//! # Installation
//!
//! ## Requirements
//! - Rust 1.49+
//! - Rust 1.51+
//! - MongoDB 3.6+
//!
//! ## Importing
Expand Down Expand Up @@ -283,7 +283,7 @@
//!
//! ## Minimum supported Rust version (MSRV)
//!
//! The MSRV for this crate is currently 1.49.0. This will be rarely be increased, and if it ever is,
//! The MSRV for this crate is currently 1.51.0. This will be rarely be increased, and if it ever is,
//! it will only happen in a minor or major version release.

#![warn(missing_docs)]
Expand Down
84 changes: 49 additions & 35 deletions src/runtime/tls_rustls.rs
Original file line number Diff line number Diff line change
@@ -1,24 +1,24 @@
use std::{
convert::TryFrom,
fs::File,
io::{BufReader, Seek, SeekFrom},
pin::Pin,
sync::Arc,
task::{Context, Poll},
time::SystemTime,
};

use futures_io::{AsyncRead, AsyncWrite};
use rustls::{
internal::pemfile,
client::{ClientConfig, ServerCertVerified, ServerCertVerifier, ServerName},
Certificate,
Error as TlsError,
OwnedTrustAnchor,
RootCertStore,
ServerCertVerified,
ServerCertVerifier,
TLSError,
};
use rustls_pemfile::{read_one, Item};
use rustls_pemfile::{certs, read_one, Item};
use tokio::io::AsyncWrite as TokioAsyncWrite;
use tokio_rustls::TlsConnector;
use webpki::DNSNameRef;
use webpki_roots::TLS_SERVER_ROOTS;

use crate::{
Expand All @@ -39,7 +39,7 @@ impl AsyncTlsStream {
tcp_stream: AsyncTcpStream,
cfg: TlsOptions,
) -> Result<Self> {
let name = DNSNameRef::try_from_ascii_str(host).map_err(|e| ErrorKind::DnsResolve {
let name = ServerName::try_from(host).map_err(|e| ErrorKind::DnsResolve {
message: format!("could not resolve {:?}: {}", host, e),
})?;
let mut tls_config = make_rustls_config(cfg)?;
Expand Down Expand Up @@ -82,39 +82,38 @@ impl AsyncWrite for AsyncTlsStream {

/// Converts `TlsOptions` into a rustls::ClientConfig.
fn make_rustls_config(cfg: TlsOptions) -> Result<rustls::ClientConfig> {
let mut config = rustls::ClientConfig::new();

if let Some(true) = cfg.allow_invalid_certificates {
config
.dangerous()
.set_certificate_verifier(Arc::new(NoCertVerifier {}));
}

let mut store = RootCertStore::empty();
if let Some(path) = cfg.ca_file_path {
store
.add_pem_file(&mut BufReader::new(File::open(&path)?))
.map_err(|_| ErrorKind::InvalidTlsConfig {
let ders = certs(&mut BufReader::new(File::open(&path)?)).map_err(|_| {
ErrorKind::InvalidTlsConfig {
message: format!(
"Unable to parse PEM-encoded root certificate from {}",
path.display()
),
})?;
}
})?;
store.add_parsable_certificates(&ders);
} else {
store.add_server_trust_anchors(&TLS_SERVER_ROOTS);
let trust_anchors = TLS_SERVER_ROOTS.0.iter().map(|ta| {
OwnedTrustAnchor::from_subject_spki_name_constraints(
ta.subject,
ta.spki,
ta.name_constraints,
)
});
store.add_server_trust_anchors(trust_anchors);
}

config.root_store = store;

if let Some(path) = cfg.cert_key_file_path {
let mut config = if let Some(path) = cfg.cert_key_file_path {
let mut file = BufReader::new(File::open(&path)?);
let certs = match pemfile::certs(&mut file) {
Ok(certs) => certs,
Err(()) => {
let certs = match certs(&mut file) {
Ok(certs) => certs.into_iter().map(Certificate).collect(),
Err(error) => {
return Err(ErrorKind::InvalidTlsConfig {
message: format!(
"Unable to parse PEM-encoded client certificate from {}",
path.display()
"Unable to parse PEM-encoded client certificate from {}: {}",
path.display(),
error,
),
}
.into())
Expand Down Expand Up @@ -146,11 +145,24 @@ fn make_rustls_config(cfg: TlsOptions) -> Result<rustls::ClientConfig> {
}
};

ClientConfig::builder()
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ClientConfig was made mostly opaque in favor of a builder, documentation here. This branch calls with_single_cert on the builder which corresponds to the set_single_client_cert method we were calling on the config previously. The else branch uses the defaults suggested in the docs, which are also in line with the now-removed new function we were calling previously.

.with_safe_defaults()
.with_root_certificates(store)
.with_single_cert(certs, key)
.map_err(|error| ErrorKind::InvalidTlsConfig {
message: error.to_string(),
})?
} else {
ClientConfig::builder()
.with_safe_defaults()
.with_root_certificates(store)
.with_no_client_auth()
};

if let Some(true) = cfg.allow_invalid_certificates {
config
.set_single_client_cert(certs, key)
.map_err(|e| ErrorKind::InvalidTlsConfig {
message: e.to_string(),
})?;
.dangerous()
.set_certificate_verifier(Arc::new(NoCertVerifier {}));
}

Ok(config)
Expand All @@ -161,11 +173,13 @@ struct NoCertVerifier {}
impl ServerCertVerifier for NoCertVerifier {
fn verify_server_cert(
&self,
_: &RootCertStore,
_: &Certificate,
_: &[Certificate],
_: webpki::DNSNameRef,
_: &ServerName,
_: &mut dyn Iterator<Item = &[u8]>,
_: &[u8],
) -> std::result::Result<ServerCertVerified, TLSError> {
_: SystemTime,
) -> std::result::Result<ServerCertVerified, TlsError> {
Ok(ServerCertVerified::assertion())
}
}
4 changes: 2 additions & 2 deletions src/srv.rs
Original file line number Diff line number Diff line change
Expand Up @@ -80,8 +80,8 @@ impl SrvResolver {
let mut min_ttl = u32::MAX;

for record in srv_lookup.as_lookup().record_iter() {
let srv = match record.rdata() {
RData::SRV(s) => s,
let srv = match record.data() {
Some(RData::SRV(s)) => s,
_ => continue,
};

Expand Down