From 09bb44b62bc0ab8aa90ba15700f1a92f13711f7f Mon Sep 17 00:00:00 2001 From: Jiahao XU Date: Fri, 21 Apr 2023 15:19:44 +1000 Subject: [PATCH] Rm dep openssl pulled in by dist-server Signed-off-by: Jiahao XU --- Cargo.lock | 408 +++++++++++++++++++++++++--- Cargo.toml | 14 +- src/bin/sccache-dist/token_check.rs | 19 +- src/dist/http.rs | 148 +++++----- 4 files changed, 457 insertions(+), 132 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index f46b7971f5..6119de4a3b 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -8,6 +8,41 @@ version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" +[[package]] +name = "aead" +version = "0.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b613b8e1e3cf911a086f53f03bf286f52fd7a7258e4fa606f0ef220d39d8877" +dependencies = [ + "generic-array", +] + +[[package]] +name = "aes" +version = "0.7.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9e8b47f52ea9bae42228d07ec09eb676433d7c4ed1ebdf0f1d1c29ed446f1ab8" +dependencies = [ + "cfg-if 1.0.0", + "cipher", + "cpufeatures", + "opaque-debug", +] + +[[package]] +name = "aes-gcm" +version = "0.9.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "df5f85a83a7d8b0442b6aa7b504b8212c1733da07b98aae43d4bc21b2cb3cdf6" +dependencies = [ + "aead", + "aes", + "cipher", + "ctr", + "ghash", + "subtle", +] + [[package]] name = "ahash" version = "0.7.6" @@ -124,6 +159,15 @@ dependencies = [ "syn 2.0.13", ] +[[package]] +name = "autocfg" +version = "0.1.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0dde43e75fd43e8a1bf86103336bc699aa8d17ad1be60c76c0bdfd4828e19b78" +dependencies = [ + "autocfg 1.1.0", +] + [[package]] name = "autocfg" version = "1.1.0" @@ -205,7 +249,17 @@ dependencies = [ "cc", "cfg-if 1.0.0", "constant_time_eq", - "digest", + "digest 0.10.6", +] + +[[package]] +name = "block-buffer" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4152116fd6e9dadb291ae18fc1ec3575ed6d84c29642d97890f4b4a3417297e4" +dependencies = [ + "block-padding", + "generic-array", ] [[package]] @@ -217,6 +271,12 @@ dependencies = [ "generic-array", ] +[[package]] +name = "block-padding" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8d696c370c750c948ada61c69a0ee2cbbb9c50b1019ddb86d9317157a99c2cae" + [[package]] name = "bstr" version = "1.0.1" @@ -300,6 +360,15 @@ version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fff857943da45f546682664a79488be82e69e43c1a7a2307679ab9afb3a66d2e" +[[package]] +name = "cipher" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7ee52072ec15386f770805afd189a01c8841be8696bed250fa2f13c4c0d6dfb7" +dependencies = [ + "generic-array", +] + [[package]] name = "clap" version = "4.1.11" @@ -428,6 +497,15 @@ dependencies = [ "typenum", ] +[[package]] +name = "ctr" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "049bb91fb4aaf0e3c7efa6cd5ef877dbbbd15b39dad06d9948de4ec8a75761ea" +dependencies = [ + "cipher", +] + [[package]] name = "daemonize" version = "0.5.0" @@ -473,13 +551,22 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6184e33543162437515c2e2b48714794e37845ec9851711914eec9d308f6ebe8" +[[package]] +name = "digest" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3dd60d1080a57a05ab032377049e0591415d2b31afd7028356dbf3cc6dcb066" +dependencies = [ + "generic-array", +] + [[package]] name = "digest" version = "0.10.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8168378f4e5023e7218c89c891c0fd8ecdb5e5e4f18cb78f38cf245dd021e76f" dependencies = [ - "block-buffer", + "block-buffer 0.10.3", "const-oid", "crypto-common", "subtle", @@ -889,6 +976,16 @@ dependencies = [ "wasm-bindgen", ] +[[package]] +name = "ghash" +version = "0.4.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1583cc1656d7839fd3732b80cf4f38850336cdb9b8ded1cd399ca62958de3c99" +dependencies = [ + "opaque-debug", + "polyval", +] + [[package]] name = "gzp" version = "0.11.3" @@ -965,7 +1062,7 @@ version = "0.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" dependencies = [ - "digest", + "digest 0.10.6", ] [[package]] @@ -1110,7 +1207,7 @@ version = "1.9.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1885e79c1fc4b10f0e172c475f458b7f7b93061064d98c3293e98c5ba0c8b399" dependencies = [ - "autocfg", + "autocfg 1.1.0", "hashbrown", ] @@ -1209,11 +1306,20 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "09f4f04699947111ec1733e71778d763555737579e44b85844cae8e1940a1828" dependencies = [ "base64 0.13.1", - "pem", + "pem 1.1.0", "ring", "serde", "serde_json", - "simple_asn1", + "simple_asn1 0.6.2", +] + +[[package]] +name = "keccak" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3afef3b6eff9ce9d8ff9b3601125eec7f0c8cbac7abd14f355d053fa56c98768" +dependencies = [ + "cpufeatures", ] [[package]] @@ -1272,7 +1378,7 @@ version = "0.4.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "435011366fe56583b16cf956f9df0095b405b82d76425bc8981c0e22e60ec4df" dependencies = [ - "autocfg", + "autocfg 1.1.0", "scopeguard", ] @@ -1312,7 +1418,7 @@ version = "0.10.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6365506850d44bff6e2fbcb5176cf63650e48bd45ef2fe2665ae1570e0f4b9ca" dependencies = [ - "digest", + "digest 0.10.6", ] [[package]] @@ -1336,7 +1442,7 @@ version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5de893c32cde5f383baa4c04c5d6dbdd735cfd4a794b0debdb2bb1b421da5ff4" dependencies = [ - "autocfg", + "autocfg 1.1.0", ] [[package]] @@ -1460,11 +1566,30 @@ version = "0.4.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f93ab6289c7b344a8a9f60f88d80aa20032336fe78da341afc91c8a2341fc75f" dependencies = [ - "autocfg", + "autocfg 1.1.0", "num-integer", "num-traits", ] +[[package]] +name = "num-bigint-dig" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4547ee5541c18742396ae2c895d0717d0f886d8823b8399cdaf7b07d63ad0480" +dependencies = [ + "autocfg 0.1.8", + "byteorder", + "lazy_static", + "libm", + "num-integer", + "num-iter", + "num-traits", + "rand 0.8.5", + "serde", + "smallvec", + "zeroize", +] + [[package]] name = "num-bigint-dig" version = "0.8.2" @@ -1488,7 +1613,7 @@ version = "0.1.45" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "225d3389fb3509a24c93f5c29eb6bde2586b98d9f016636dff58d7c6f7569cd9" dependencies = [ - "autocfg", + "autocfg 1.1.0", "num-traits", ] @@ -1498,7 +1623,7 @@ version = "0.1.43" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7d03e6c028c5dc5cac6e2dec0efda81fc887605bb3d884578bb6d6bf7514e252" dependencies = [ - "autocfg", + "autocfg 1.1.0", "num-integer", "num-traits", ] @@ -1509,7 +1634,7 @@ version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "578ede34cf02f8924ab9447f50c28075b4d3e5b269972345e7e0372b38c6cdcd" dependencies = [ - "autocfg", + "autocfg 1.1.0", "libm", ] @@ -1538,12 +1663,27 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "830b246a0e5f20af87141b25c173cd1b609bd7779a4617d6ec582abaf90870f3" +[[package]] +name = "oid" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9c19903c598813dba001b53beeae59bb77ad4892c5c1b9b3500ce4293a0d06c2" +dependencies = [ + "serde", +] + [[package]] name = "once_cell" version = "1.17.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b7e5500299e16ebb147ae15a00a942af264cf3688f47923b8fc2cd5858f23ad3" +[[package]] +name = "opaque-debug" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" + [[package]] name = "opendal" version = "0.29.1" @@ -1612,25 +1752,15 @@ version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" -[[package]] -name = "openssl-src" -version = "111.25.1+1.1.1t" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1ef9a9cc6ea7d9d5e7c4a913dc4b48d0e359eddf01af1dfec96ba7064b4aba10" -dependencies = [ - "cc", -] - [[package]] name = "openssl-sys" version = "0.9.83" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "666416d899cf077260dac8698d60a60b435a46d57e82acb1be3d0dad87284e5b" dependencies = [ - "autocfg", + "autocfg 1.1.0", "cc", "libc", - "openssl-src", "pkg-config", "vcpkg", ] @@ -1688,6 +1818,17 @@ dependencies = [ "windows-sys 0.42.0", ] +[[package]] +name = "pem" +version = "0.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fd56cbd21fea48d0c440b41cd69c589faacade08c992d9a54e471b79d0fd13eb" +dependencies = [ + "base64 0.13.1", + "once_cell", + "regex", +] + [[package]] name = "pem" version = "1.1.0" @@ -1712,6 +1853,67 @@ version = "2.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "478c572c3d73181ff3c2539045f6eb99e5491218eae919370993b890cdbdd98e" +[[package]] +name = "picky" +version = "6.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fd6b25b296bb2a45678748f61c51f5a548ea56b25b0ad4966183709b386eaecf" +dependencies = [ + "aes-gcm", + "base64 0.13.1", + "digest 0.9.0", + "http", + "num-bigint-dig 0.7.0", + "oid", + "picky-asn1", + "picky-asn1-der", + "picky-asn1-x509", + "rand 0.8.5", + "rsa 0.4.0", + "serde", + "serde_json", + "sha-1", + "sha2 0.9.9", + "sha3", + "thiserror", +] + +[[package]] +name = "picky-asn1" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "889bbb26c80acf919e89980dfc8e04eb19df272d8a9893ec9b748d3a1675abde" +dependencies = [ + "oid", + "serde", + "serde_bytes", +] + +[[package]] +name = "picky-asn1-der" +version = "0.2.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "acbbd5390ab967396cc7473e6e0848684aec7166e657c6088604e07b54a73dbe" +dependencies = [ + "picky-asn1", + "serde", + "serde_bytes", +] + +[[package]] +name = "picky-asn1-x509" +version = "0.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f3033675030de806aba1d5470949701b7c9f1dbf77e3bb17bd12e5f945e560ba" +dependencies = [ + "base64 0.13.1", + "num-bigint-dig 0.7.0", + "oid", + "picky-asn1", + "picky-asn1-der", + "serde", +] + [[package]] name = "pin-project" version = "1.0.12" @@ -1772,6 +1974,18 @@ version = "0.3.26" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6ac9a59f73473f1b8d852421e59e64809f025994837ef743615c6d0c5b305160" +[[package]] +name = "polyval" +version = "0.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8419d2b623c7c0896ff2d5d96e2cb4ede590fed28fcc34934f4c33c036e620a1" +dependencies = [ + "cfg-if 1.0.0", + "cpufeatures", + "opaque-debug", + "universal-hash", +] + [[package]] name = "ppv-lite86" version = "0.2.17" @@ -2034,12 +2248,12 @@ dependencies = [ "percent-encoding", "quick-xml 0.28.1", "rand 0.8.5", - "rsa", + "rsa 0.8.2", "rust-ini", "serde", "serde_json", "sha1", - "sha2", + "sha2 0.10.6", "time 0.3.17", "ureq", ] @@ -2072,7 +2286,7 @@ dependencies = [ "pin-project-lite", "rustls", "rustls-native-certs", - "rustls-pemfile", + "rustls-pemfile 1.0.1", "serde", "serde_json", "serde_urlencoded", @@ -2148,6 +2362,26 @@ dependencies = [ "url", ] +[[package]] +name = "rsa" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "68ef841a26fc5d040ced0417c6c6a64ee851f42489df11cdf0218e545b6f8d28" +dependencies = [ + "byteorder", + "digest 0.9.0", + "lazy_static", + "num-bigint-dig 0.7.0", + "num-integer", + "num-iter", + "num-traits", + "pem 0.8.3", + "rand 0.8.5", + "simple_asn1 0.5.4", + "subtle", + "zeroize", +] + [[package]] name = "rsa" version = "0.8.2" @@ -2155,15 +2389,15 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "55a77d189da1fee555ad95b7e50e7457d91c0e089ec68ca69ad2989413bbdab4" dependencies = [ "byteorder", - "digest", - "num-bigint-dig", + "digest 0.10.6", + "num-bigint-dig 0.8.2", "num-integer", "num-iter", "num-traits", "pkcs1", "pkcs8", "rand_core 0.6.4", - "sha2", + "sha2 0.10.6", "signature", "subtle", "zeroize", @@ -2226,11 +2460,20 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0167bac7a9f490495f3c33013e7722b53cb087ecbe082fb0c6387c96f634ea50" dependencies = [ "openssl-probe", - "rustls-pemfile", + "rustls-pemfile 1.0.1", "schannel", "security-framework", ] +[[package]] +name = "rustls-pemfile" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5eebeaeb360c87bfb72e84abdb3447159c0eaececf1bef2aecd65a8be949d1c9" +dependencies = [ + "base64 0.13.1", +] + [[package]] name = "rustls-pemfile" version = "1.0.1" @@ -2303,8 +2546,8 @@ dependencies = [ "number_prefix", "once_cell", "opendal", - "openssl", "parity-tokio-ipc", + "picky", "predicates", "rand 0.8.5", "regex", @@ -2312,11 +2555,12 @@ dependencies = [ "reqwest", "retry", "rouille", + "rsa 0.8.2", "semver", "serde", "serde_json", "serial_test", - "sha2", + "sha2 0.10.6", "strip-ansi-escapes", "syslog", "tar", @@ -2403,6 +2647,15 @@ dependencies = [ "serde_derive", ] +[[package]] +name = "serde_bytes" +version = "0.11.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "416bda436f9aab92e02c8e10d49a15ddd339cea90b6e340fe51ed97abb548294" +dependencies = [ + "serde", +] + [[package]] name = "serde_derive" version = "1.0.155" @@ -2483,6 +2736,19 @@ dependencies = [ "syn 2.0.13", ] +[[package]] +name = "sha-1" +version = "0.9.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "99cd6713db3cf16b6c84e06321e049a9b9f699826e16096d23bbcc44d15d51a6" +dependencies = [ + "block-buffer 0.9.0", + "cfg-if 1.0.0", + "cpufeatures", + "digest 0.9.0", + "opaque-debug", +] + [[package]] name = "sha1" version = "0.10.5" @@ -2491,7 +2757,7 @@ checksum = "f04293dc80c3993519f2d7f6f511707ee7094fe0c6d3406feb330cdb3540eba3" dependencies = [ "cfg-if 1.0.0", "cpufeatures", - "digest", + "digest 0.10.6", ] [[package]] @@ -2500,6 +2766,19 @@ version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ae1a47186c03a32177042e55dbc5fd5aee900b8e0069a8d70fba96a9375cd012" +[[package]] +name = "sha2" +version = "0.9.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4d58a1e1bf39749807d89cf2d98ac2dfa0ff1cb3faa38fbb64dd88ac8013d800" +dependencies = [ + "block-buffer 0.9.0", + "cfg-if 1.0.0", + "cpufeatures", + "digest 0.9.0", + "opaque-debug", +] + [[package]] name = "sha2" version = "0.10.6" @@ -2508,7 +2787,19 @@ checksum = "82e6b795fe2e3b1e845bafcb27aa35405c4d47cdfc92af5fc8d3002f76cebdc0" dependencies = [ "cfg-if 1.0.0", "cpufeatures", - "digest", + "digest 0.10.6", +] + +[[package]] +name = "sha3" +version = "0.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f81199417d4e5de3f04b1e871023acea7389672c4135918f05aa9cbf2f2fa809" +dependencies = [ + "block-buffer 0.9.0", + "digest 0.9.0", + "keccak", + "opaque-debug", ] [[package]] @@ -2526,10 +2817,22 @@ version = "2.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8fe458c98333f9c8152221191a77e2a44e8325d0193484af2e9421a53019e57d" dependencies = [ - "digest", + "digest 0.10.6", "rand_core 0.6.4", ] +[[package]] +name = "simple_asn1" +version = "0.5.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8eb4ea60fb301dc81dfc113df680571045d375ab7345d171c5dc7d7e13107a80" +dependencies = [ + "chrono", + "num-bigint", + "num-traits", + "thiserror", +] + [[package]] name = "simple_asn1" version = "0.6.2" @@ -2548,7 +2851,7 @@ version = "0.4.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4614a76b2a8be0058caa9dbbaf66d988527d86d003c11a94fbd335d7661edcef" dependencies = [ - "autocfg", + "autocfg 1.1.0", ] [[package]] @@ -2827,7 +3130,8 @@ dependencies = [ "chunked_transfer", "httpdate", "log", - "openssl", + "rustls", + "rustls-pemfile 0.2.1", "zeroize", ] @@ -2852,7 +3156,7 @@ version = "1.26.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "03201d01c3c27a29c8a5cee5b55a93ddae1ccf6f08f65365c2c918f8c1b76f64" dependencies = [ - "autocfg", + "autocfg 1.1.0", "bytes", "libc", "memchr", @@ -3036,7 +3340,7 @@ dependencies = [ "rand 0.8.5", "ring", "rustls", - "rustls-pemfile", + "rustls-pemfile 1.0.1", "smallvec", "thiserror", "tinyvec", @@ -3122,6 +3426,16 @@ dependencies = [ "tinyvec", ] +[[package]] +name = "universal-hash" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9f214e8f697e925001e66ec2c6e37a4ef93f0f78c2eed7814394e10c62025b05" +dependencies = [ + "generic-array", + "subtle", +] + [[package]] name = "untrusted" version = "0.7.1" @@ -3577,6 +3891,20 @@ name = "zeroize" version = "1.5.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c394b5bd0c6f669e7275d9c20aa90ae064cb22e75a1cad54e1b34088034b149f" +dependencies = [ + "zeroize_derive", +] + +[[package]] +name = "zeroize_derive" +version = "1.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.13", +] [[package]] name = "zip" diff --git a/Cargo.toml b/Cargo.toml index afa17ac300..86b32bbe80 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -53,7 +53,6 @@ linked-hash-map = "0.5" log = "0.4" num_cpus = "1.15" number_prefix = "0.4" -openssl = { version = "0.10.48", optional = true } rand = "0.8.4" regex = "1.7.3" reqwest = { version = "0.11", features = ["json", "blocking", "stream", "rustls-tls", "trust-dns"], optional = true } @@ -83,10 +82,13 @@ zstd = "0.12" # dist-server only nix = { version = "0.26.2", optional = true } -rouille = { version = "3.5", optional = true, default-features = false, features = ["ssl"] } +rouille = { version = "3.5", optional = true, default-features = false, features = ["rustls"] } syslog = { version = "6", optional = true } void = { version = "1", optional = true } version-compare = { version = "0.1.1", optional = true } +rsa = { version = "0.8.2", optional = true } +chrono = { version = "0.4.24", default-features = false, features = ["std", "clock"], optional = true } +picky = { version = "6.3.0", optional = true } [dev-dependencies] assert_cmd = "2.0.10" @@ -128,16 +130,14 @@ webdav = ["opendal"] memcached = ["opendal/services-memcached"] native-zlib = [] redis = ["url", "opendal/services-redis"] -# Enable features that will build a vendored version of openssl and -# statically linked with it, instead of linking against the system-wide openssl -# dynamically or statically. -vendored-openssl = ["openssl?/vendored"] +# Dummy features for backwards compatibility. +vendored-openssl = [] # Enable features that require unstable features of Nightly Rust. unstable = [] # Enables distributed support in the sccache client dist-client = ["flate2", "hyper", "reqwest", "url", "sha2"] # Enables the sccache-dist binary -dist-server = ["jwt", "flate2", "libmount", "nix", "openssl", "reqwest", "rouille", "syslog", "void", "version-compare"] +dist-server = ["jwt", "flate2", "libmount", "nix", "rsa", "chrono", "picky", "sha2", "reqwest", "rouille", "syslog", "void", "version-compare"] # Enables dist tests with external requirements dist-tests = ["dist-client", "dist-server"] diff --git a/src/bin/sccache-dist/token_check.rs b/src/bin/sccache-dist/token_check.rs index e335ae313e..baac1e975f 100644 --- a/src/bin/sccache-dist/token_check.rs +++ b/src/bin/sccache-dist/token_check.rs @@ -1,5 +1,6 @@ use anyhow::{bail, Context, Result}; use base64::Engine; +use rsa::pkcs1; use sccache::dist::http::{ClientAuthCheck, ClientVisibleMsg}; use sccache::util::{new_reqwest_blocking_client, BASE64_URL_SAFE_ENGINE}; use serde::{Deserialize, Serialize}; @@ -36,14 +37,16 @@ impl Jwk { let e = BASE64_URL_SAFE_ENGINE .decode(&self.e) .context("Failed to base64 decode e")?; - let n_bn = openssl::bn::BigNum::from_slice(&n) - .context("Failed to create openssl bignum from n")?; - let e_bn = openssl::bn::BigNum::from_slice(&e) - .context("Failed to create openssl bignum from e")?; - let pubkey = openssl::rsa::Rsa::from_public_components(n_bn, e_bn) - .context("Failed to create pubkey from n and e")?; - let der: Vec = pubkey - .public_key_to_der_pkcs1() + + let n_bn = pkcs1::UIntRef::new(&n).context("Failed to create pkcs1 bignum from n")?; + let e_bn = pkcs1::UIntRef::new(&e).context("Failed to create pkcs1 bignum from e")?; + + let pubkey = pkcs1::RsaPublicKey { + modulus: n_bn, + public_exponent: e_bn, + }; + + let der: Vec = pkcs1::der::Encode::to_vec(&pubkey) .context("Failed to convert public key to der pkcs1")?; Ok(der) } diff --git a/src/dist/http.rs b/src/dist/http.rs index 3b59b4ad62..66a2961012 100644 --- a/src/dist/http.rs +++ b/src/dist/http.rs @@ -252,14 +252,23 @@ pub mod urls { mod server { use crate::util::new_reqwest_blocking_client; use byteorder::{BigEndian, ReadBytesExt}; + use chrono::Datelike; + use chrono::Timelike; use flate2::read::ZlibDecoder as ZlibReadDecoder; use lazy_static::lazy_static; + use picky::key::{PrivateKey, PublicKey}; + use picky::x509::certificate::CertificateBuilder; + use picky::x509::date::UTCDate; + use picky::x509::extension::ExtendedKeyUsage; + use picky::x509::name::{DirectoryName, GeneralNames}; + use picky::{hash::HashAlgorithm, signature::SignatureAlgorithm}; use rand::{rngs::OsRng, RngCore}; use rouille::accept; use serde::Serialize; + use sha2::Digest; use std::collections::HashMap; use std::io::Read; - use std::net::SocketAddr; + use std::net::{IpAddr, SocketAddr}; use std::result::Result as StdResult; use std::sync::atomic; use std::sync::Mutex; @@ -306,82 +315,67 @@ mod server { } fn create_https_cert_and_privkey(addr: SocketAddr) -> Result<(Vec, Vec, Vec)> { - let rsa_key = openssl::rsa::Rsa::::generate(2048) - .context("failed to generate rsa privkey")?; - let privkey_pem = rsa_key - .private_key_to_pem() - .context("failed to create pem from rsa privkey")?; - let privkey: openssl::pkey::PKey = - openssl::pkey::PKey::from_rsa(rsa_key) - .context("failed to create openssl pkey from rsa privkey")?; - let mut builder = - openssl::x509::X509::builder().context("failed to create x509 builder")?; - - // Populate the certificate with the necessary parts, mostly from mkcert in openssl - builder - .set_version(2) - .context("failed to set x509 version")?; - let serial_number = openssl::bn::BigNum::from_u32(0) - .and_then(|bn| bn.to_asn1_integer()) - .context("failed to create openssl asn1 0")?; - builder - .set_serial_number(serial_number.as_ref()) - .context("failed to set x509 serial number")?; - let not_before = openssl::asn1::Asn1Time::days_from_now(0) - .context("failed to create openssl not before asn1")?; - builder - .set_not_before(not_before.as_ref()) - .context("failed to set not before on x509")?; - let not_after = openssl::asn1::Asn1Time::days_from_now(365) - .context("failed to create openssl not after asn1")?; - builder - .set_not_after(not_after.as_ref()) - .context("failed to set not after on x509")?; - builder - .set_pubkey(privkey.as_ref()) - .context("failed to set pubkey for x509")?; - - let mut name = openssl::x509::X509Name::builder()?; - name.append_entry_by_nid(openssl::nid::Nid::COMMONNAME, &addr.to_string())?; - let name = name.build(); - - builder - .set_subject_name(&name) - .context("failed to set subject name")?; - builder - .set_issuer_name(&name) - .context("failed to set issuer name")?; - - // Add the SubjectAlternativeName - let extension = openssl::x509::extension::SubjectAlternativeName::new() - .ip(&addr.ip().to_string()) - .build(&builder.x509v3_context(None, None)) - .context("failed to build SAN extension for x509")?; - builder - .append_extension(extension) - .context("failed to append SAN extension for x509")?; - - // Add ExtendedKeyUsage - let ext_key_usage = openssl::x509::extension::ExtendedKeyUsage::new() - .server_auth() - .build() - .context("failed to build EKU extension for x509")?; - builder - .append_extension(ext_key_usage) - .context("fails to append EKU extension for x509")?; - - // Finish the certificate - builder - .sign(&privkey, openssl::hash::MessageDigest::sha1()) - .context("failed to sign x509 with sha1")?; - let cert: openssl::x509::X509 = builder.build(); - let cert_pem = cert.to_pem().context("failed to create pem from x509")?; - let cert_digest = cert - .digest(openssl::hash::MessageDigest::sha256()) - .context("failed to create digest of x509 certificate")? - .as_ref() - .to_owned(); - + let mut rng = OsRng; + let bits = 2048; + let rsa_key = rsa::RsaPrivateKey::new(&mut rng, bits)?; + + let line_ending = rsa::pkcs8::LineEnding::CRLF; + let sk_pkcs8 = rsa::pkcs8::EncodePrivateKey::to_pkcs8_pem(&rsa_key, line_ending)?; + let pk_pkcs8 = rsa::pkcs8::EncodePublicKey::to_public_key_pem(&*rsa_key, line_ending)?; + + // convert to picky + let sk = PrivateKey::from_pem_str(sk_pkcs8.as_str())?; + let pk = PublicKey::from_pem_str(pk_pkcs8.as_str())?; + let today = chrono::Utc::now().naive_utc(); + let expires = today + chrono::Duration::days(365); + let start = UTCDate::new( + today.year() as u16, + today.month() as u8, + today.day() as u8, + today.time().hour() as u8, + today.time().minute() as u8, + today.time().second() as u8, + ) + .unwrap(); + let end = UTCDate::new( + expires.year() as u16, + expires.month() as u8, + expires.day() as u8, + expires.time().hour() as u8, + expires.time().minute() as u8, + expires.time().second() as u8, + ) + .unwrap(); + let extended_key_usage = ExtendedKeyUsage::new(vec![picky::oids::kp_server_auth()]); + let name = addr.to_string(); + let issuer_name = DirectoryName::new_common_name(name.clone()); + let subject_name = DirectoryName::new_common_name(name); + let octets = match addr.ip() { + IpAddr::V4(inner) => inner.octets().to_vec(), + IpAddr::V6(inner) => inner.octets().to_vec(), + }; + let subject_alt_name = GeneralNames::new(picky::x509::name::GeneralName::IpAddress(octets)); + let cert = CertificateBuilder::new() + .ca(false) + .validity(start, end) + .subject(subject_name, pk) + .subject_alt_name(subject_alt_name) + .serial_number(vec![1]) // cannot be 0 according to picky internal notes + .signature_hash_type(SignatureAlgorithm::RsaPkcs1v15(HashAlgorithm::SHA1)) + .extended_key_usage(extended_key_usage) + .self_signed(issuer_name, &sk) + .build()?; + let cert_digest = { + let der = cert.to_der()?; + let mut state = sha2::Sha256::new(); + state.update(&der); + state.finalize() + } + .as_slice() + .to_vec(); + let cert_pem = cert.to_pem()?; + let cert_pem = cert_pem.to_string().as_bytes().to_vec(); + let privkey_pem = sk_pkcs8.as_bytes().to_vec(); Ok((cert_digest, cert_pem, privkey_pem)) }