RUST-1220 Bump outdated dependencies (#596)

isabelatkinson · web-flow · commit b7af2e5204e7 · 2022-03-21T16:35:18.000-04:00
diff --git a/.evergreen/config.yml b/.evergreen/config.yml
@@ -1283,9 +1283,9 @@ axes:
   - id: "extra-rust-versions"
     values:
       - id: "min"
-        display_name: "1.49 (minimum supported version)"
+        display_name: "1.51 (minimum supported version)"
         variables:
-          RUST_VERSION: "1.49.0"
+          RUST_VERSION: "1.51.0"
       - id: "nightly"
         display_name: "nightly"
         variables:
diff --git a/Cargo.toml b/Cargo.toml
@@ -57,43 +57,42 @@ futures-io = "0.3.14"
 futures-util = { version = "0.3.14", features = ["io"] }
 futures-executor = "0.3.14"
 hex = "0.4.0"
-hmac = "0.11"
+hmac = "0.12.1"
 lazy_static = "1.4.0"
-md-5 = "0.9.1"
+md-5 = "0.10.1"
 openssl = { version = "0.10.38", optional = true }
 openssl-probe = { version = "0.1.5", optional = true }
 os_info = { version = "3.0.1", default-features = false }
 percent-encoding = "2.0.0"
 rand = { version = "0.8.3", features = ["small_rng"] }
-rustls-pemfile = "0.2.1"
+rustls-pemfile = "0.3.0"
 serde_with = "1.3.1"
-sha-1 = "0.9.4"
-sha2 = "0.9.3"
+sha-1 = "0.10.0"
+sha2 = "0.10.2"
 snap = { version = "1.0.5", optional = true}
 socket2 = "0.4.0"
 stringprep = "0.1.2"
 strsim = "0.10.0"
 take_mut = "0.2.2"
 thiserror = "1.0.24"
 tokio-openssl = { version = "0.6.3", optional = true }
-trust-dns-proto = "0.20.0"
-trust-dns-resolver = "0.20.0"
-typed-builder = "0.9.0"
+trust-dns-proto = "0.21.1"
+trust-dns-resolver = "0.21.1"
+typed-builder = "0.10.0"
 version_check = "0.9.1"
-webpki = "0.21.0"
-webpki-roots = "0.21.0"
-zstd = { version = "0.10", optional = true }
+webpki-roots = "0.22.2"
+zstd = { version = "0.11.0", optional = true }
 
 [dependencies.async-std]
 version = "1.9.0"
 optional = true
 
 [dependencies.async-std-resolver]
-version = "0.20.1"
+version = "0.21.1"
 optional = true
 
 [dependencies.pbkdf2]
-version = "0.8"
+version = "0.10.1"
 default-features = false
 
 [dependencies.reqwest]
@@ -103,7 +102,7 @@ default-features = false
 features = ["json", "rustls-tls"]
 
 [dependencies.rustls]
-version = "0.19.0"
+version = "0.20.4"
 features = ["dangerous_configuration"]
 
 [dependencies.serde]
@@ -119,24 +118,24 @@ version = "1.4.0"
 features = ["io-util", "sync", "macros"]
 
 [dependencies.tokio-rustls]
-version = "0.22.0"
+version = "0.23.2"
 features = ["dangerous_configuration"]
 
 [dependencies.tokio-util]
-version = "0.6.5"
+version = "0.7.0"
 features = ["io"]
 
 [dependencies.uuid]
 version = "0.8.2"
 features = ["v4"]
 
 [dev-dependencies]
-approx = "0.4.0"
+approx = "0.5.1"
 derive_more = "0.99.13"
 function_name = "0.2.0"
 futures = "0.3"
 home = "0.5"
-pretty_assertions = "0.7.1"
+pretty_assertions = "1.1.0"
 serde_json = "1.0.64"
 semver = "1.0.0"
 
diff --git a/README.md b/README.md
@@ -29,7 +29,7 @@ This repository contains the officially supported MongoDB Rust driver, a client
 
 ## Installation
 ### Requirements
-- Rust 1.49+
+- Rust 1.51+
 - MongoDB 3.6+
 
 ### Importing
@@ -358,7 +358,7 @@ Commits to master are run automatically on [evergreen](https://evergreen.mongodb
 
 ## Minimum supported Rust version (MSRV)
 
-The MSRV for this crate is currently 1.49.0. This will be rarely be increased, and if it ever is,
+The MSRV for this crate is currently 1.51.0. This will be rarely be increased, and if it ever is,
 it will only happen in a minor or major version release.
 
 ## License
diff --git a/src/client/auth/mod.rs b/src/client/auth/mod.rs
@@ -12,7 +12,7 @@ mod x509;
 
 use std::{borrow::Cow, fmt::Debug, str::FromStr};
 
-use hmac::{Mac, NewMac};
+use hmac::{digest::KeyInit, Mac};
 use rand::Rng;
 use serde::Deserialize;
 use typed_builder::TypedBuilder;
@@ -515,13 +515,13 @@ pub(crate) fn generate_nonce() -> String {
     base64::encode(&result)
 }
 
-fn mac<M: Mac + NewMac>(
+fn mac<M: Mac + KeyInit>(
     key: &[u8],
     input: &[u8],
     auth_mechanism: &str,
 ) -> Result<impl AsRef<[u8]>> {
-    let mut mac =
-        M::new_from_slice(key).map_err(|_| Error::unknown_authentication_error(auth_mechanism))?;
+    let mut mac = <M as Mac>::new_from_slice(key)
+        .map_err(|_| Error::unknown_authentication_error(auth_mechanism))?;
     mac.update(input);
     Ok(mac.finalize().into_bytes())
 }
diff --git a/src/client/auth/scram.rs b/src/client/auth/scram.rs
@@ -6,7 +6,11 @@ use std::{
     str,
 };
 
-use hmac::{digest::Digest, Hmac, Mac, NewMac};
+use hmac::{
+    digest::{Digest, FixedOutput, KeyInit},
+    Hmac,
+    Mac,
+};
 use lazy_static::lazy_static;
 use md5::Md5;
 use sha1::Sha1;
@@ -352,11 +356,11 @@ fn xor(lhs: &[u8], rhs: &[u8]) -> Vec<u8> {
         .collect()
 }
 
-fn mac_verify<M: Mac + NewMac>(key: &[u8], input: &[u8], signature: &[u8]) -> Result<()> {
-    let mut mac =
-        M::new_from_slice(key).map_err(|_| Error::unknown_authentication_error("SCRAM"))?;
+fn mac_verify<M: Mac + KeyInit>(key: &[u8], input: &[u8], signature: &[u8]) -> Result<()> {
+    let mut mac = <M as Mac>::new_from_slice(key)
+        .map_err(|_| Error::unknown_authentication_error("SCRAM"))?;
     mac.update(input);
-    match mac.verify(signature) {
+    match mac.verify_slice(signature) {
         Ok(_) => Ok(()),
         Err(_) => Err(Error::authentication_error(
             "SCRAM",
@@ -371,7 +375,7 @@ fn hash<D: Digest>(val: &[u8]) -> Vec<u8> {
     hash.finalize().to_vec()
 }
 
-fn h_i<M: Mac + NewMac + Sync>(
+fn h_i<M: KeyInit + FixedOutput + Mac + Sync + Clone>(
     str: &str,
     salt: &[u8],
     iterations: u32,
diff --git a/src/lib.rs b/src/lib.rs
@@ -8,7 +8,7 @@
 //! # Installation
 //!
 //! ## Requirements
-//! - Rust 1.49+
+//! - Rust 1.51+
 //! - MongoDB 3.6+
 //!
 //! ## Importing
@@ -283,7 +283,7 @@
 //!
 //! ## Minimum supported Rust version (MSRV)
 //!
-//! The MSRV for this crate is currently 1.49.0. This will be rarely be increased, and if it ever is,
+//! The MSRV for this crate is currently 1.51.0. This will be rarely be increased, and if it ever is,
 //! it will only happen in a minor or major version release.
 
 #![warn(missing_docs)]
diff --git a/src/runtime/tls_rustls.rs b/src/runtime/tls_rustls.rs
@@ -1,24 +1,24 @@
 use std::{
+    convert::TryFrom,
     fs::File,
     io::{BufReader, Seek, SeekFrom},
     pin::Pin,
     sync::Arc,
     task::{Context, Poll},
+    time::SystemTime,
 };
 
 use futures_io::{AsyncRead, AsyncWrite};
 use rustls::{
-    internal::pemfile,
+    client::{ClientConfig, ServerCertVerified, ServerCertVerifier, ServerName},
     Certificate,
+    Error as TlsError,
+    OwnedTrustAnchor,
     RootCertStore,
-    ServerCertVerified,
-    ServerCertVerifier,
-    TLSError,
 };
-use rustls_pemfile::{read_one, Item};
+use rustls_pemfile::{certs, read_one, Item};
 use tokio::io::AsyncWrite as TokioAsyncWrite;
 use tokio_rustls::TlsConnector;
-use webpki::DNSNameRef;
 use webpki_roots::TLS_SERVER_ROOTS;
 
 use crate::{
@@ -39,7 +39,7 @@ impl AsyncTlsStream {
         tcp_stream: AsyncTcpStream,
         cfg: TlsOptions,
     ) -> Result<Self> {
-        let name = DNSNameRef::try_from_ascii_str(host).map_err(|e| ErrorKind::DnsResolve {
+        let name = ServerName::try_from(host).map_err(|e| ErrorKind::DnsResolve {
             message: format!("could not resolve {:?}: {}", host, e),
         })?;
         let mut tls_config = make_rustls_config(cfg)?;
@@ -82,39 +82,38 @@ impl AsyncWrite for AsyncTlsStream {
 
 /// Converts `TlsOptions` into a rustls::ClientConfig.
 fn make_rustls_config(cfg: TlsOptions) -> Result<rustls::ClientConfig> {
-    let mut config = rustls::ClientConfig::new();
-
-    if let Some(true) = cfg.allow_invalid_certificates {
-        config
-            .dangerous()
-            .set_certificate_verifier(Arc::new(NoCertVerifier {}));
-    }
-
     let mut store = RootCertStore::empty();
     if let Some(path) = cfg.ca_file_path {
-        store
-            .add_pem_file(&mut BufReader::new(File::open(&path)?))
-            .map_err(|_| ErrorKind::InvalidTlsConfig {
+        let ders = certs(&mut BufReader::new(File::open(&path)?)).map_err(|_| {
+            ErrorKind::InvalidTlsConfig {
                 message: format!(
                     "Unable to parse PEM-encoded root certificate from {}",
                     path.display()
                 ),
-            })?;
+            }
+        })?;
+        store.add_parsable_certificates(&ders);
     } else {
-        store.add_server_trust_anchors(&TLS_SERVER_ROOTS);
+        let trust_anchors = TLS_SERVER_ROOTS.0.iter().map(|ta| {
+            OwnedTrustAnchor::from_subject_spki_name_constraints(
+                ta.subject,
+                ta.spki,
+                ta.name_constraints,
+            )
+        });
+        store.add_server_trust_anchors(trust_anchors);
     }
 
-    config.root_store = store;
-
-    if let Some(path) = cfg.cert_key_file_path {
+    let mut config = if let Some(path) = cfg.cert_key_file_path {
         let mut file = BufReader::new(File::open(&path)?);
-        let certs = match pemfile::certs(&mut file) {
-            Ok(certs) => certs,
-            Err(()) => {
+        let certs = match certs(&mut file) {
+            Ok(certs) => certs.into_iter().map(Certificate).collect(),
+            Err(error) => {
                 return Err(ErrorKind::InvalidTlsConfig {
                     message: format!(
-                        "Unable to parse PEM-encoded client certificate from {}",
-                        path.display()
+                        "Unable to parse PEM-encoded client certificate from {}: {}",
+                        path.display(),
+                        error,
                     ),
                 }
                 .into())
@@ -146,11 +145,24 @@ fn make_rustls_config(cfg: TlsOptions) -> Result<rustls::ClientConfig> {
             }
         };
 
+        ClientConfig::builder()
+            .with_safe_defaults()
+            .with_root_certificates(store)
+            .with_single_cert(certs, key)
+            .map_err(|error| ErrorKind::InvalidTlsConfig {
+                message: error.to_string(),
+            })?
+    } else {
+        ClientConfig::builder()
+            .with_safe_defaults()
+            .with_root_certificates(store)
+            .with_no_client_auth()
+    };
+
+    if let Some(true) = cfg.allow_invalid_certificates {
         config
-            .set_single_client_cert(certs, key)
-            .map_err(|e| ErrorKind::InvalidTlsConfig {
-                message: e.to_string(),
-            })?;
+            .dangerous()
+            .set_certificate_verifier(Arc::new(NoCertVerifier {}));
     }
 
     Ok(config)
@@ -161,11 +173,13 @@ struct NoCertVerifier {}
 impl ServerCertVerifier for NoCertVerifier {
     fn verify_server_cert(
         &self,
-        _: &RootCertStore,
+        _: &Certificate,
         _: &[Certificate],
-        _: webpki::DNSNameRef,
+        _: &ServerName,
+        _: &mut dyn Iterator<Item = &[u8]>,
         _: &[u8],
-    ) -> std::result::Result<ServerCertVerified, TLSError> {
+        _: SystemTime,
+    ) -> std::result::Result<ServerCertVerified, TlsError> {
         Ok(ServerCertVerified::assertion())
     }
 }
diff --git a/src/srv.rs b/src/srv.rs
@@ -80,8 +80,8 @@ impl SrvResolver {
         let mut min_ttl = u32::MAX;
 
         for record in srv_lookup.as_lookup().record_iter() {
-            let srv = match record.rdata() {
-                RData::SRV(s) => s,
+            let srv = match record.data() {
+                Some(RData::SRV(s)) => s,
                 _ => continue,
             };
 
