From 4ea49512d626d8fd379f460789496211aa2ffa07 Mon Sep 17 00:00:00 2001 From: Rodolphe Breard Date: Tue, 25 Jun 2019 11:11:50 +0200 Subject: [PATCH] Remove the standalone feature As discussed in #2, ring is not mature enough to replace OpenSSL. Hence, the standalone mode which has been made to implement such a replacement has to be removed until ring becomes usable. --- acme_common/Cargo.toml | 7 +------ acme_common/src/crypto.rs | 17 ++--------------- acme_common/src/crypto/openssl_keys.rs | 8 ++------ acme_common/src/crypto/standalone_hash.rs | 5 ----- acmed/Cargo.toml | 6 +----- tacd/Cargo.toml | 6 +----- tacd/src/main.rs | 8 +------- tacd/src/standalone_server.rs | 10 ---------- 8 files changed, 8 insertions(+), 59 deletions(-) delete mode 100644 acme_common/src/crypto/standalone_hash.rs delete mode 100644 tacd/src/standalone_server.rs diff --git a/acme_common/Cargo.toml b/acme_common/Cargo.toml index f620273..e5ba571 100644 --- a/acme_common/Cargo.toml +++ b/acme_common/Cargo.toml @@ -11,10 +11,6 @@ include = ["src/**/*", "Cargo.toml", "Licence_*.txt"] [lib] name = "acme_common" -[features] -default = ["openssl"] -standalone = ["ring"] - [dependencies] base64 = "0.10" daemonize = "0.4" @@ -22,8 +18,7 @@ env_logger = "0.6" handlebars = "2.0.0-beta.2" http_req = "0.5" log = "0.4" -openssl = { version = "0.10", optional = true } -ring = { version = "0.14", optional = true } +openssl = "0.10" serde_json = "1.0" syslog = "4.0" time = "0.1" diff --git a/acme_common/src/crypto.rs b/acme_common/src/crypto.rs index 0cd50d6..6abc4f0 100644 --- a/acme_common/src/crypto.rs +++ b/acme_common/src/crypto.rs @@ -1,24 +1,11 @@ +mod key_type; mod openssl_certificate; - -#[cfg(not(feature = "standalone"))] mod openssl_hash; -#[cfg(feature = "standalone")] -mod standalone_hash; - mod openssl_keys; -mod key_type; -#[cfg(not(feature = "standalone"))] pub const DEFAULT_ALGO: &str = "rsa2048"; -#[cfg(feature = "standalone")] -pub const DEFAULT_ALGO: &str = "ecdsa_p256"; +pub use key_type::KeyType; pub use openssl_certificate::{Csr, X509Certificate}; - -#[cfg(not(feature = "standalone"))] pub use openssl_hash::sha256; -#[cfg(feature = "standalone")] -pub use standalone_hash::sha256; - pub use openssl_keys::{gen_keypair, KeyPair}; -pub use key_type::KeyType; diff --git a/acme_common/src/crypto/openssl_keys.rs b/acme_common/src/crypto/openssl_keys.rs index f2979da..9e6ca39 100644 --- a/acme_common/src/crypto/openssl_keys.rs +++ b/acme_common/src/crypto/openssl_keys.rs @@ -60,9 +60,7 @@ impl KeyPair { pub fn sign(&self, data: &[u8]) -> Result, Error> { match self.key_type { - KeyType::Curve25519 => { - Err("Curve25519 signatures are not implemented yet".into()) - }, + KeyType::Curve25519 => Err("Curve25519 signatures are not implemented yet".into()), KeyType::EcdsaP256 | KeyType::EcdsaP384 => { let signature = EcdsaSig::sign(data, self.inner_key.ec_key()?.as_ref())?; let r = signature.r().to_vec(); @@ -81,9 +79,7 @@ impl KeyPair { pub fn get_jwk_thumbprint(&self) -> Result { // TODO: implement Curve25519 and RSA JWK thumbprint match self.key_type { - KeyType::Curve25519 => { - Err("Curve25519 thumbprint are not implemented yet".into()) - }, + KeyType::Curve25519 => Err("Curve25519 thumbprint are not implemented yet".into()), KeyType::EcdsaP256 | KeyType::EcdsaP384 => self.get_nist_ec_jwk(), KeyType::Rsa2048 | KeyType::Rsa4096 => { Err("RSA jwk thumbprint are not implemented yet".into()) diff --git a/acme_common/src/crypto/standalone_hash.rs b/acme_common/src/crypto/standalone_hash.rs deleted file mode 100644 index e52252f..0000000 --- a/acme_common/src/crypto/standalone_hash.rs +++ /dev/null @@ -1,5 +0,0 @@ -use ring::digest::{digest, SHA256}; - -pub fn sha256(data: &[u8]) -> Vec { - digest(&SHA256, data).as_ref().to_vec() -} diff --git a/acmed/Cargo.toml b/acmed/Cargo.toml index 4c06ef2..52a964f 100644 --- a/acmed/Cargo.toml +++ b/acmed/Cargo.toml @@ -11,10 +11,6 @@ license = "MIT OR Apache-2.0" include = ["src/**/*", "Cargo.toml", "LICENSE-*.txt"] build = "build.rs" -[features] -default = ["openssl-sys"] -standalone = [] - [dependencies] acme_common = { path = "../acme_common" } clap = "2.32" @@ -22,7 +18,7 @@ handlebars = "2.0.0-beta.2" http_req = "0.5" log = "0.4" nom = "5.0" -openssl-sys = { version = "0.9", optional = true } +openssl-sys = "0.9" serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" time = "0.1" diff --git a/tacd/Cargo.toml b/tacd/Cargo.toml index e6b21a8..c443c40 100644 --- a/tacd/Cargo.toml +++ b/tacd/Cargo.toml @@ -10,12 +10,8 @@ readme = "../README.md" license = "MIT OR Apache-2.0" include = ["src/**/*", "Cargo.toml", "LICENSE-*.txt"] -[features] -default = ["openssl"] -standalone = [] - [dependencies] acme_common = { path = "../acme_common" } clap = "2.32" log = "0.4" -openssl = { version = "0.10", optional = true } +openssl = "0.10" diff --git a/tacd/src/main.rs b/tacd/src/main.rs index e3c3caf..5a6ad05 100644 --- a/tacd/src/main.rs +++ b/tacd/src/main.rs @@ -1,12 +1,6 @@ -#[cfg(not(feature = "standalone"))] mod openssl_server; -#[cfg(not(feature = "standalone"))] -use openssl_server::start as server_start; -#[cfg(feature = "standalone")] -mod standalone_server; -#[cfg(feature = "standalone")] -use standalone_server::start as server_start; +use crate::openssl_server::start as server_start; use acme_common::crypto::X509Certificate; use acme_common::error::Error; use clap::{App, Arg, ArgMatches}; diff --git a/tacd/src/standalone_server.rs b/tacd/src/standalone_server.rs deleted file mode 100644 index 0e429a9..0000000 --- a/tacd/src/standalone_server.rs +++ /dev/null @@ -1,10 +0,0 @@ -use acme_common::crypto::{KeyPair, X509Certificate}; -use acme_common::error::Error; - -pub fn start( - listen_addr: &str, - certificate: &X509Certificate, - key_pair: &KeyPair, -) -> Result<(), Error> { - Err("The standalone server is not implemented yet.".into()) -}