drop ring

Author: klensy

Cargo.lock

@@ -26,7 +26,8 @@ http = "0.2"
 rmp-serde = "1.1"
 brotli = "3.3.3"
 semver = "1.0"
-ring = "0.16.10"
+hmac = "0.12"
+sha1 = "0.10"
 hex = "0.4.2"
 regex = "1"
 toml = "0.7"

site/Cargo.toml

@@ -1,5 +1,6 @@
 use brotli::enc::BrotliEncoderParams;
 use brotli::BrotliCompress;
+use hmac::{Hmac, Mac};
 use std::collections::HashMap;
 use std::net::SocketAddr;
 use std::path::Path;
@@ -15,9 +16,9 @@ use http::header::CACHE_CONTROL;
 use hyper::StatusCode;
 use log::{debug, error, info};
 use parking_lot::{Mutex, RwLock};
-use ring::hmac;
 use serde::de::DeserializeOwned;
 use serde::Serialize;
+use sha1::Sha1;
 use uuid::Uuid;
 
 pub use crate::api::{
@@ -699,13 +700,15 @@ fn verify_gh(config: &Config, req: &http::request::Parts, body: &[u8]) -> bool {
 }
 
 fn verify_gh_sig(cfg: &Config, header: &str, body: &[u8]) -> Option<bool> {
-    let key = hmac::Key::new(
-        hmac::HMAC_SHA1_FOR_LEGACY_USE_ONLY,
-        cfg.keys.github_webhook_secret.as_ref().unwrap().as_bytes(),
-    );
+    type HmacSha1 = Hmac<Sha1>;
+
+    let mut mac =
+        HmacSha1::new_from_slice(cfg.keys.github_webhook_secret.as_ref().unwrap().as_bytes())
+            .expect("HMAC can take key of any size");
+    mac.update(body);
     let sha = header.get(5..)?; // strip sha1=
     let sha = hex::decode(sha).ok()?;
-    if let Ok(()) = hmac::verify(&key, body, &sha) {
+    if let Ok(()) = mac.verify_slice(&sha) {
         return Some(true);
     }