From 2b884ab42b21f1982be8958a80e654cf283589be Mon Sep 17 00:00:00 2001
From: "dependabot-preview[bot]"
 <27856297+dependabot-preview[bot]@users.noreply.github.com>
Date: Fri, 19 Jul 2019 05:29:19 +0000
Subject: [PATCH 1/3] Update ring requirement from 0.14.6 to 0.16.0

Updates the requirements on [ring](https://github.com/briansmith/ring) to permit the latest version.
- [Release notes](https://github.com/briansmith/ring/releases)
- [Commits](https://github.com/briansmith/ring/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
---
 Cargo.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Cargo.toml b/Cargo.toml
index 477663b..030047d 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -21,7 +21,7 @@ use_openssl = ["openssl"]
 
 [dependencies]
 base64 = "0.10.1"
-ring = { version = "0.14.6", optional = true }
+ring = { version = "0.16.0", optional = true }
 openssl = { version = "0.10.20", optional = true }
 url = "1.7.2"
 rand = "0.7.0"

From 9ba3f24888885d4cc05c5190519c993732b1a7b9 Mon Sep 17 00:00:00 2001
From: "Dustin J. Mitchell" <dustin@mozilla.com>
Date: Fri, 19 Jul 2019 14:13:21 +0000
Subject: [PATCH 2/3] upgrade to latest stable rust

---
 .taskcluster.yml               | 2 +-
 docker/rust-hawk-test.sh       | 2 +-
 docker/rust-hawk-test/setup.sh | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.taskcluster.yml b/.taskcluster.yml
index a4457f7..ac6e048 100644
--- a/.taskcluster.yml
+++ b/.taskcluster.yml
@@ -12,7 +12,7 @@ tasks:
           - pull_request.synchronize
     payload:
       maxRunTime: 3600
-      image: djmitche/rust-hawk-test:1.35.0@sha256:b4d60deff348ed8091fd1e431ac7d497aa6881b7fcbee56bf6272cb540f4b35a
+      image: djmitche/rust-hawk-test:1.36.0@sha256:b4040d92f34183cf218d222f90e91206ff4fc6ed94d68222fb2b2042a53373a0
       command:
         - /bin/bash
         - '-c'
diff --git a/docker/rust-hawk-test.sh b/docker/rust-hawk-test.sh
index ed05417..dbbf0e9 100755
--- a/docker/rust-hawk-test.sh
+++ b/docker/rust-hawk-test.sh
@@ -2,4 +2,4 @@
 
 set -e
 
-docker build -t djmitche/rust-hawk-test:1.34.0 rust-hawk-test
+docker build -t djmitche/rust-hawk-test:1.36.0 rust-hawk-test
diff --git a/docker/rust-hawk-test/setup.sh b/docker/rust-hawk-test/setup.sh
index 4d31466..963fdbf 100644
--- a/docker/rust-hawk-test/setup.sh
+++ b/docker/rust-hawk-test/setup.sh
@@ -20,7 +20,7 @@ chmod +x rustup-init
 ./rustup-init -y --no-modify-path
 
 # install stable
-/root/.cargo/bin/rustup install 1.34.0
+/root/.cargo/bin/rustup install 1.36.0
 /root/.cargo/bin/rustup component add clippy
 /root/.cargo/bin/rustup component add rustfmt
 

From f5cce625ef2395677936819a2982c14269a95373 Mon Sep 17 00:00:00 2001
From: "Dustin J. Mitchell" <dustin@mozilla.com>
Date: Fri, 19 Jul 2019 15:08:27 +0000
Subject: [PATCH 3/3] guess-and-check to update ring implementation

---
 src/crypto/ring.rs | 27 +++++++++++++++++++++++----
 1 file changed, 23 insertions(+), 4 deletions(-)

diff --git a/src/crypto/ring.rs b/src/crypto/ring.rs
index b1a71e6..be5e94b 100644
--- a/src/crypto/ring.rs
+++ b/src/crypto/ring.rs
@@ -11,14 +11,20 @@ impl From<ring::error::Unspecified> for CryptoError {
     }
 }
 
+impl From<std::convert::Infallible> for CryptoError {
+    fn from(_: std::convert::Infallible) -> Self {
+        unreachable!()
+    }
+}
+
 pub struct RingCryptographer;
 
-struct RingHmacKey(hmac::SigningKey);
+struct RingHmacKey(hmac::Key);
 
 impl HmacKey for RingHmacKey {
     fn sign(&self, data: &[u8]) -> Result<Vec<u8>, CryptoError> {
         let digest = hmac::sign(&self.0, data);
-        let mut mac = vec![0; self.0.digest_algorithm().output_len];
+        let mut mac = vec![0; self.0.algorithm().digest_algorithm().output_len];
         mac.copy_from_slice(digest.as_ref());
         Ok(mac)
     }
@@ -45,7 +51,8 @@ impl Hasher for RingHasher {
 impl Cryptographer for RingCryptographer {
     fn rand_bytes(&self, output: &mut [u8]) -> Result<(), CryptoError> {
         use ring::rand::SecureRandom;
-        ring::rand::SystemRandom.fill(output)?;
+        let rnd = ring::rand::SystemRandom::new();
+        rnd.fill(output)?;
         Ok(())
     }
 
@@ -54,7 +61,7 @@ impl Cryptographer for RingCryptographer {
         algorithm: DigestAlgorithm,
         key: &[u8],
     ) -> Result<Box<dyn HmacKey>, CryptoError> {
-        let k = hmac::SigningKey::new(algorithm.try_into()?, key);
+        let k = hmac::Key::new(algorithm.try_into()?, key);
         Ok(Box::new(RingHmacKey(k)))
     }
 
@@ -79,3 +86,15 @@ impl TryFrom<DigestAlgorithm> for &'static digest::Algorithm {
         }
     }
 }
+
+impl TryFrom<DigestAlgorithm> for hmac::Algorithm {
+    type Error = CryptoError;
+    fn try_from(algorithm: DigestAlgorithm) -> Result<Self, CryptoError> {
+        match algorithm {
+            DigestAlgorithm::Sha256 => Ok(hmac::HMAC_SHA256),
+            DigestAlgorithm::Sha384 => Ok(hmac::HMAC_SHA384),
+            DigestAlgorithm::Sha512 => Ok(hmac::HMAC_SHA512),
+            algo => Err(CryptoError::UnsupportedDigest(algo)),
+        }
+    }
+}