crypto/hmac: Deprecate hmac.NewMD5, hmac.NewSHA1 and hmac.NewSHA256

Remove NewMD5, NewSHA1 and NewSHA256 in favor of using New and
explicitly importing the used hash-function. This way when using, for
example, HMAC with RIPEMD there's no md5, sha1 and sha256 linked in
through the hmac package.

A gofix rule is included, and applied to the standard library (3 files
altered).

This change is the result of a discussion at
https://golang.org/cl/5550043/ to pull the discussion about
deprecating these functions out of that issue.

R=golang-dev, agl
CC=golang-dev, r, rsc
https://golang.org/cl/5556058

src/cmd/gofix/Makefile

@@ -12,6 +12,7 @@ GOFILES=\
 	go1pkgrename.go\
 	googlecode.go\
 	hashsum.go\
+	hmacnew.go\
 	htmlerr.go\
 	httpfinalurl.go\
 	httpfs.go\

src/cmd/gofix/hmacnew.go

@@ -0,0 +1,61 @@
+// Copyright 2011 The Go Authors.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package main
+
+import "go/ast"
+
+func init() {
+	register(hmacNewFix)
+}
+
+var hmacNewFix = fix{
+	"hmacnew",
+	"2012-01-19",
+	hmacnew,
+	`Deprecate hmac.NewMD5, hmac.NewSHA1 and hmac.NewSHA256.
+
+This fix rewrites code using hmac.NewMD5, hmac.NewSHA1 and hmac.NewSHA256 to
+use hmac.New:
+
+	hmac.NewMD5(key) -> hmac.New(md5.New, key)
+	hmac.NewSHA1(key) -> hmac.New(sha1.New, key)
+	hmac.NewSHA256(key) -> hmac.New(sha256.New, key)
+
+`,
+}
+
+func hmacnew(f *ast.File) (fixed bool) {
+	if !imports(f, "crypto/hmac") {
+		return
+	}
+
+	walk(f, func(n interface{}) {
+		ce, ok := n.(*ast.CallExpr)
+		if !ok {
+			return
+		}
+
+		var pkg string
+		switch {
+		case isPkgDot(ce.Fun, "hmac", "NewMD5"):
+			pkg = "md5"
+		case isPkgDot(ce.Fun, "hmac", "NewSHA1"):
+			pkg = "sha1"
+		case isPkgDot(ce.Fun, "hmac", "NewSHA256"):
+			pkg = "sha256"
+		default:
+			return
+		}
+
+		addImport(f, "crypto/"+pkg)
+
+		ce.Fun = ast.NewIdent("hmac.New")
+		ce.Args = append([]ast.Expr{ast.NewIdent(pkg + ".New")}, ce.Args...)
+
+		fixed = true
+	})
+
+	return
+}

src/cmd/gofix/hmacnew_test.go

@@ -0,0 +1,107 @@
+// Copyright 2011 The Go Authors.  All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package main
+
+func init() {
+	addTestCases(hmacNewTests, hmacnew)
+}
+
+var hmacNewTests = []testCase{
+	{
+		Name: "hmacnew.0",
+		In: `package main
+
+import "crypto/hmac"
+
+var f = hmac.NewSHA1([]byte("some key"))
+`,
+		Out: `package main
+
+import (
+	"crypto/hmac"
+	"crypto/sha1"
+)
+
+var f = hmac.New(sha1.New, []byte("some key"))
+`,
+	},
+	{
+		Name: "hmacnew.1",
+		In: `package main
+
+import "crypto/hmac"
+
+var key = make([]byte, 8)
+var f = hmac.NewSHA1(key)
+`,
+		Out: `package main
+
+import (
+	"crypto/hmac"
+	"crypto/sha1"
+)
+
+var key = make([]byte, 8)
+var f = hmac.New(sha1.New, key)
+`,
+	},
+	{
+		Name: "hmacnew.2",
+		In: `package main
+
+import "crypto/hmac"
+
+var f = hmac.NewMD5([]byte("some key"))
+`,
+		Out: `package main
+
+import (
+	"crypto/hmac"
+	"crypto/md5"
+)
+
+var f = hmac.New(md5.New, []byte("some key"))
+`,
+	},
+	{
+		Name: "hmacnew.3",
+		In: `package main
+
+import "crypto/hmac"
+
+var f = hmac.NewSHA256([]byte("some key"))
+`,
+		Out: `package main
+
+import (
+	"crypto/hmac"
+	"crypto/sha256"
+)
+
+var f = hmac.New(sha256.New, []byte("some key"))
+`,
+	},
+	{
+		Name: "hmacnew.4",
+		In: `package main
+
+import (
+	"crypto/hmac"
+	"crypto/sha1"
+)
+
+var f = hmac.New(sha1.New, []byte("some key"))
+`,
+		Out: `package main
+
+import (
+	"crypto/hmac"
+	"crypto/sha1"
+)
+
+var f = hmac.New(sha1.New, []byte("some key"))
+`,
+	},
+}

src/pkg/crypto/hmac/hmac.go

@@ -9,9 +9,6 @@
 package hmac
 
 import (
-	"crypto/md5"
-	"crypto/sha1"
-	"crypto/sha256"
 	"hash"
 )
 
@@ -63,7 +60,7 @@ func (h *hmac) Reset() {
 	h.inner.Write(h.tmp[0:h.blocksize])
 }
 
-// New returns a new HMAC hash using the given crypto.Hash type and key.
+// New returns a new HMAC hash using the given hash.Hash type and key.
 func New(h func() hash.Hash, key []byte) hash.Hash {
 	hm := new(hmac)
 	hm.outer = h()
@@ -81,12 +78,3 @@ func New(h func() hash.Hash, key []byte) hash.Hash {
 	hm.Reset()
 	return hm
 }
-
-// NewMD5 returns a new HMAC-MD5 hash using the given key.
-func NewMD5(key []byte) hash.Hash { return New(md5.New, key) }
-
-// NewSHA1 returns a new HMAC-SHA1 hash using the given key.
-func NewSHA1(key []byte) hash.Hash { return New(sha1.New, key) }
-
-// NewSHA256 returns a new HMAC-SHA256 hash using the given key.
-func NewSHA256(key []byte) hash.Hash { return New(sha256.New, key) }

src/pkg/crypto/tls/cipher_suites.go

@@ -91,7 +91,7 @@ func macSHA1(version uint16, key []byte) macFunction {
 		copy(mac.key, key)
 		return mac
 	}
-	return tls10MAC{hmac.NewSHA1(key)}
+	return tls10MAC{hmac.New(sha1.New, key)}
 }
 
 type macFunction interface {

src/pkg/exp/ssh/transport.go

@@ -9,6 +9,7 @@ import (
 	"crypto"
 	"crypto/cipher"
 	"crypto/hmac"
+	"crypto/sha1"
 	"crypto/subtle"
 	"errors"
 	"hash"
@@ -266,7 +267,7 @@ func (c *common) setupKeys(d direction, K, H, sessionId []byte, hashFunc crypto.
 	generateKeyMaterial(key, d.keyTag, K, H, sessionId, h)
 	generateKeyMaterial(macKey, d.macKeyTag, K, H, sessionId, h)
 
-	c.mac = truncatingMAC{12, hmac.NewSHA1(macKey)}
+	c.mac = truncatingMAC{12, hmac.New(sha1.New, macKey)}
 
 	cipher, err := cipherMode.createCipher(key, iv)
 	if err != nil {

src/pkg/net/smtp/auth.go

@@ -6,6 +6,7 @@ package smtp
 
 import (
 	"crypto/hmac"
+	"crypto/md5"
 	"errors"
 	"fmt"
 )
@@ -88,7 +89,7 @@ func (a *cramMD5Auth) Start(server *ServerInfo) (string, []byte, error) {
 
 func (a *cramMD5Auth) Next(fromServer []byte, more bool) ([]byte, error) {
 	if more {
-		d := hmac.NewMD5([]byte(a.secret))
+		d := hmac.New(md5.New, []byte(a.secret))
 		d.Write(fromServer)
 		s := make([]byte, 0, d.Size())
 		return []byte(fmt.Sprintf("%s %x", a.username, d.Sum(s))), nil