project: default to aws-lc-rs, offer ring feature

This commit: * Makes the `*ring*` dep optional, behind a `ring` feature flag * Adds an optional (but default) dep on `aws-lc-rs` behind a `aws-lc-rs` feature flag. * Adds `nasm` to the Windows build runners for the `aws-lc-rs` default crypto provider. This build requirement may be relaxed in the future depending on whether the upstream project chooses to take a ring-like strategy of distributing pre-built content. * Updates the cbindgen config to respect these new features. * Updates Makefile/Makefile.pkg-config and CMake build systems to support specifying which crypto provider to use, piping through the correct Rust features and C defines to make it all work. * One acceptor unit test is updated: the list of expected supported ciphersuites differs between `ring` and `aws-lc-rs`, with the latter also offering a P-521 suite that isn't present in `*ring*`. * The client/server examples use the implied default and so require no adjustments.
author: Daniel McCarney <daniel@binaryparadox.net> 2024-07-05 17:02:29 -0400
committer: Daniel McCarney <daniel@binaryparadox.net> 2024-09-09 11:42:49 -0400
commit: d3aec7c746560e30e81257b91d57e84d20abcf66 (patch)
tree: e77a50e2e594514a7721afd60ee9f6bb763f4cfb
parent: 18253ebbcbabbc96d6abbf7f3d82f8432d06710c (diff)
11 files changed, 368 insertions, 13 deletions
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index 92d3f77..5502309 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -81,6 +81,8 @@ jobs:
           persist-credentials: false
       - name: Install nightly rust toolchain
         uses: dtolnay/rust-toolchain@nightly
+      - name: Install NASM for aws-lc-rs
+        uses: ilammy/setup-nasm@v1
       - name: Configure CMake
         run: cmake -S . -B build
       - name: Build, debug configuration
@@ -100,6 +102,8 @@ jobs:
           persist-credentials: false
       - name: Install nightly rust toolchain
         uses: dtolnay/rust-toolchain@nightly
+      - name: Install NASM for aws-lc-rs
+        uses: ilammy/setup-nasm@v1
       - name: Configure CMake
         run: cmake -S . -B build
       - name: Build, release configuration
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 5aa7749..eb884b6 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1,6 +1,20 @@
 cmake_minimum_required(VERSION 3.15)
 
 project(rustls-ffi)
+
+set(CRYPTO_PROVIDER "aws-lc-rs" CACHE STRING "Crypto provider to use (aws-lc-rs or ring)")
+
+if (NOT (CRYPTO_PROVIDER STREQUAL "aws-lc-rs" OR CRYPTO_PROVIDER STREQUAL "ring"))
+    message(FATAL_ERROR "Invalid crypto provider specified: ${CRYPTO_PROVIDER}. Must be 'aws-lc-rs' or 'ring'.")
+endif ()
+
+set(CARGO_FEATURES --no-default-features)
+if (CRYPTO_PROVIDER STREQUAL "aws-lc-rs")
+    list(APPEND CARGO_FEATURES --features=aws-lc-rs)
+elseif (CRYPTO_PROVIDER STREQUAL "ring")
+    list(APPEND CARGO_FEATURES --features=ring)
+endif ()
+
 add_subdirectory(tests)
 
 include(ExternalProject)
@@ -11,7 +25,7 @@ ExternalProject_Add(
         DOWNLOAD_COMMAND ""
         CONFIGURE_COMMAND ""
         BUILD_COMMAND ""
-        COMMAND cargo build --locked "$<IF:$<CONFIG:Release>,--release,-->"
+        COMMAND cargo build --locked ${CARGO_FEATURES} "$<IF:$<CONFIG:Release>,--release,-->"
         # Rely on cargo checking timestamps, rather than tell CMake where every
         # output is.
         BUILD_ALWAYS true
@@ -20,5 +34,5 @@ ExternalProject_Add(
         # of "error" in stdout as an error, and we have some test functions that
         # end in "_error". Quiet mode suppresses test names, so this is a
         # sufficient workaround.
-        TEST_COMMAND cargo test --locked "$<IF:$<CONFIG:Release>,--release,-->" --quiet
+        TEST_COMMAND cargo test --locked ${CARGO_FEATURES} "$<IF:$<CONFIG:Release>,--release,-->" --quiet
 )
diff --git a/Cargo.lock b/Cargo.lock
index 5bdf036..ae96332 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -18,18 +18,74 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f1fdabc7756949593fe60f30ec81974b613357de856987752631dea1e3394c80"
 
 [[package]]
+name = "aws-lc-rs"
+version = "1.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a8a47f2fb521b70c11ce7369a6c5fa4bd6af7e5d62ec06303875bafe7c6ba245"
+dependencies = [
+ "aws-lc-sys",
+ "mirai-annotations",
+ "paste",
+ "zeroize",
+]
+
+[[package]]
+name = "aws-lc-sys"
+version = "0.19.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2927c7af777b460b7ccd95f8b67acd7b4c04ec8896bf0c8e80ba30523cffc057"
+dependencies = [
+ "bindgen",
+ "cc",
+ "cmake",
+ "dunce",
+ "fs_extra",
+ "libc",
+ "paste",
+]
+
+[[package]]
 name = "base64"
 version = "0.22.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9475866fec1451be56a3c2400fd081ff546538961565ccb5b7142cbd22bc7a51"
 
 [[package]]
+name = "bindgen"
+version = "0.69.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a00dc851838a2120612785d195287475a3ac45514741da670b735818822129a0"
+dependencies = [
+ "bitflags 2.6.0",
+ "cexpr",
+ "clang-sys",
+ "itertools",
+ "lazy_static",
+ "lazycell",
+ "log",
+ "prettyplease",
+ "proc-macro2",
+ "quote",
+ "regex",
+ "rustc-hash",
+ "shlex",
+ "syn",
+ "which",
+]
+
+[[package]]
 name = "bitflags"
 version = "1.3.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
 
 [[package]]
+name = "bitflags"
+version = "2.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b048fb63fd8b5923fc5aa7b340d8e156aec7ec02f0c78fa8a6ddc2613f6f71de"
+
+[[package]]
 name = "bytes"
 version = "1.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -41,6 +97,7 @@ version = "1.0.83"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f1174fb0b6ec23863f8b971027804a42614e347eafb0a95bf0b12cdae21fc4d0"
 dependencies = [
+ "jobserver",
  "libc",
 ]
 
@@ -51,12 +108,41 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6d43a04d8753f35258c91f8ec639f792891f748a1edbd759cf1dcea3382ad83c"
 
 [[package]]
+name = "cexpr"
+version = "0.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766"
+dependencies = [
+ "nom",
+]
+
+[[package]]
 name = "cfg-if"
 version = "1.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
 
 [[package]]
+name = "clang-sys"
+version = "1.8.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4"
+dependencies = [
+ "glob",
+ "libc",
+ "libloading",
+]
+
+[[package]]
+name = "cmake"
+version = "0.1.50"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a31c789563b815f77f4250caee12365734369f942439b7defd71e18a48197130"
+dependencies = [
+ "cc",
+]
+
+[[package]]
 name = "combine"
 version = "4.6.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -83,6 +169,34 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "06ea2b9bc92be3c2baa9334a323ebca2d6f074ff852cd1d7b11064035cd3868f"
 
 [[package]]
+name = "dunce"
+version = "1.0.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "56ce8c6da7551ec6c462cbaf3bfbc75131ebbfa1c944aeaa9dab51ca1c5f0c3b"
+
+[[package]]
+name = "either"
+version = "1.13.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "60b1af1c220855b6ceac025d3f6ecdd2b7c4894bfe9cd9bda4fbb4bc7c0d4cf0"
+
+[[package]]
+name = "errno"
+version = "0.3.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "534c5cf6194dfab3db3242765c03bbe257cf92f22b38f6bc0c58d59108a820ba"
+dependencies = [
+ "libc",
+ "windows-sys 0.52.0",
+]
+
+[[package]]
+name = "fs_extra"
+version = "1.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c"
+
+[[package]]
 name = "getrandom"
 version = "0.2.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -94,12 +208,27 @@ dependencies = [
 ]
 
 [[package]]
+name = "glob"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b"
+
+[[package]]
 name = "hashbrown"
 version = "0.12.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888"
 
 [[package]]
+name = "home"
+version = "0.5.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e3d1354bf6b7235cb4a0576c2619fd4ed18183f689b12b006a0ee7329eeff9a5"
+dependencies = [
+ "windows-sys 0.52.0",
+]
+
+[[package]]
 name = "indexmap"
 version = "1.9.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -110,6 +239,15 @@ dependencies = [
 ]
 
 [[package]]
+name = "itertools"
+version = "0.12.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ba291022dbbd398a455acf126c1e341954079855bc60dfdda641363bd6922569"
+dependencies = [
+ "either",
+]
+
+[[package]]
 name = "jni"
 version = "0.19.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -130,12 +268,49 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8eaf4bc02d17cbdd7ff4c7438cafcdf7fb9a4613313ad11b4f8fefe7d3fa0130"
 
 [[package]]
+name = "jobserver"
+version = "0.1.31"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d2b099aaa34a9751c5bf0878add70444e1ed2dd73f347be99003d4577277de6e"
+dependencies = [
+ "libc",
+]
+
+[[package]]
+name = "lazy_static"
+version = "1.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe"
+
+[[package]]
+name = "lazycell"
+version = "1.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55"
+
+[[package]]
 name = "libc"
 version = "0.2.158"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d8adc4bb1803a324070e64a98ae98f38934d91957a99cfb3a43dcbc01bc56439"
 
 [[package]]
+name = "libloading"
+version = "0.8.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e310b3a6b5907f99202fcdb4960ff45b93735d7c7d96b760fcff8db2dc0e103d"
+dependencies = [
+ "cfg-if",
+ "windows-targets 0.48.5",
+]
+
+[[package]]
+name = "linux-raw-sys"
+version = "0.4.14"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89"
+
+[[package]]
 name = "log"
 version = "0.4.22"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -148,6 +323,28 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f665ee40bc4a3c5590afb1e9677db74a508659dfd71e126420da8274909a0167"
 
 [[package]]
+name = "minimal-lexical"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"
+
+[[package]]
+name = "mirai-annotations"
+version = "1.12.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c9be0862c1b3f26a88803c4a49de6889c10e608b3ee9344e6ef5b45fb37ad3d1"
+
+[[package]]
+name = "nom"
+version = "7.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a"
+dependencies = [
+ "memchr",
+ "minimal-lexical",
+]
+
+[[package]]
 name = "nom8"
 version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -198,6 +395,22 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf"
 
 [[package]]
+name = "paste"
+version = "1.0.15"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a"
+
+[[package]]
+name = "prettyplease"
+version = "0.2.17"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8d3928fb5db768cb86f891ff014f0144589297e3c6a1aba6ed7cecfdace270c7"
+dependencies = [
+ "proc-macro2",
+ "syn",
+]
+
+[[package]]
 name = "proc-macro2"
 version = "1.0.79"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -259,11 +472,31 @@ dependencies = [
 ]
 
 [[package]]
+name = "rustc-hash"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2"
+
+[[package]]
+name = "rustix"
+version = "0.38.34"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "70dc5ec042f7a43c4a73241207cecc9873a06d45debb38b329f8541d85c2730f"
+dependencies = [
+ "bitflags 2.6.0",
+ "errno",
+ "libc",
+ "linux-raw-sys",
+ "windows-sys 0.52.0",
+]
+
+[[package]]
 name = "rustls"
 version = "0.23.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8c4d6d8ad9f2492485e13453acbb291dd08f64441b6609c491f1c2cd2c6b4fe1"
 dependencies = [
+ "aws-lc-rs",
  "once_cell",
  "ring",
  "rustls-pki-types",
@@ -350,6 +583,7 @@ version = "0.102.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "faaa0a62740bedb9b2ef5afa303da42764c012f743917351dc9a237ea1663610"
 dependencies = [
+ "aws-lc-rs",
  "ring",
  "rustls-pki-types",
  "untrusted",
@@ -385,7 +619,7 @@ version = "2.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "770452e37cad93e0a50d5abc3990d2bc351c36d0328f86cefec2f2fb206eaef6"
 dependencies = [
- "bitflags",
+ "bitflags 1.3.2",
  "core-foundation",
  "core-foundation-sys",
  "libc",
@@ -433,6 +667,12 @@ dependencies = [
 ]
 
 [[package]]
+name = "shlex"
+version = "1.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64"
+
+[[package]]
 name = "spin"
 version = "0.9.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -547,6 +787,18 @@ dependencies = [
 ]
 
 [[package]]
+name = "which"
+version = "4.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7"
+dependencies = [
+ "either",
+ "home",
+ "once_cell",
+ "rustix",
+]
+
+[[package]]
 name = "winapi"
 version = "0.3.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -714,3 +966,17 @@ name = "zeroize"
 version = "1.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d"
+dependencies = [
+ "zeroize_derive",
+]
+
+[[package]]
+name = "zeroize_derive"
+version = "1.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
diff --git a/Cargo.toml b/Cargo.toml
index 2df7c77..11eb863 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -12,6 +12,7 @@ links = "rustls_ffi"
 rust-version = "1.64"
 
 [features]
+default = ["aws-lc-rs"]
 # Enable this feature when building as Rust dependency. It inhibits the
 # default behavior of capturing the global logger, which only works when
 # built using the Makefile, which passes -C metadata=rustls-ffi to avoid
@@ -20,12 +21,14 @@ rust-version = "1.64"
 no_log_capture = []
 read_buf = ["rustls/read_buf"]
 capi = []
+ring = ["rustls/ring", "webpki/ring"]
+aws-lc-rs = ["rustls/aws-lc-rs", "webpki/aws_lc_rs"]
 
 [dependencies]
 # Keep in sync with RUSTLS_CRATE_VERSION in build.rs
-rustls = { version = "0.23.4", default-features = false, features = ["ring", "std", "tls12"] }
+rustls = { version = "0.23.4", default-features = false, features = ["std", "tls12"] }
 pki-types = { package = "rustls-pki-types", version = "1", features = ["std"] }
-webpki = { package = "rustls-webpki", version = "0.102.0", default-features = false, features = ["ring", "std"] }
+webpki = { package = "rustls-webpki", version = "0.102.0", default-features = false, features = ["std"] }
 libc = "0.2"
 rustls-pemfile = "2"
 log = "0.4.22"
diff --git a/Makefile b/Makefile
index c76bdc8..0199d87 100644
--- a/Makefile
+++ b/Makefile
@@ -9,6 +9,7 @@ CARGOFLAGS += --locked
 
 CFLAGS := -Werror -Wall -Wextra -Wpedantic -g -I src/
 PROFILE := release
+CRYPTO_PROVIDER := aws-lc-rs
 DESTDIR=/usr/local
 
 ifeq ($(PROFILE), debug)
@@ -26,6 +27,14 @@ ifneq (,$(TARGET))
 	CARGOFLAGS += --target $(TARGET)
 endif
 
+ifeq ($(CRYPTO_PROVIDER), aws-lc-rs)
+	CFLAGS += -D DEFINE_AWS_LC_RS
+	CARGOFLAGS += --no-default-features --features aws-lc-rs
+else ifeq ($(CRYPTO_PROVIDER), ring)
+	CFLAGS += -D DEFINE_RING
+	CARGOFLAGS += --no-default-features --features ring
+endif
+
 all: target/client target/server
 
 test: all
diff --git a/Makefile.pkg-config b/Makefile.pkg-config
index bfdcd3b..fe25c92 100644
--- a/Makefile.pkg-config
+++ b/Makefile.pkg-config
@@ -13,6 +13,7 @@ CARGOFLAGS += --locked
 
 CFLAGS := -Werror -Wall -Wextra -Wpedantic -g -I src/
 PROFILE := release
+CRYPTO_PROVIDER := aws-lc-rs
 PREFIX=/usr/local
 
 ifeq ($(PROFILE), debug)
@@ -25,6 +26,14 @@ ifeq ($(PROFILE), release)
 	CARGOFLAGS += --release
 endif
 
+ifeq ($(CRYPTO_PROVIDER), aws-lc-rs)
+	CFLAGS += -D DEFINE_AWS_LC_RS
+	CARGOFLAGS += --no-default-features --features aws-lc-rs
+else ifeq ($(CRYPTO_PROVIDER), ring)
+	CFLAGS += -D DEFINE_RING
+	CARGOFLAGS += --no-default-features --features ring
+endif
+
 all: target/client target/server
 
 integration: all
diff --git a/cbindgen.toml b/cbindgen.toml
index 335688d..b2bf782 100644
--- a/cbindgen.toml
+++ b/cbindgen.toml
@@ -12,7 +12,9 @@ include = ["rustls_tls_version"]
 
 [defines]
 "feature = read_buf" = "DEFINE_READ_BUF"
+"feature = aws-lc-rs" = "DEFINE_AWS_LC_RS"
+"feature = ring" = "DEFINE_RING"
 
 [parse.expand]
 crates = ["rustls-ffi"]
-features = ["read_buf"]
+features = ["read_buf", "aws-lc-rs", "ring"]
diff --git a/src/acceptor.rs b/src/acceptor.rs
index 327bb6c..a01dbb2 100644
--- a/src/acceptor.rs
+++ b/src/acceptor.rs
@@ -750,10 +750,11 @@ mod tests {
         }
         // Sort to ensure consistent comparison
         signature_schemes.sort();
-        assert_eq!(
-            &signature_schemes,
-            &[1025, 1027, 1281, 1283, 1537, 2052, 2053, 2054, 2055]
-        );
+        #[cfg(feature = "aws-lc-rs")] // aws-lc-rs includes P-521.
+        let expected_schemes = &[1025, 1027, 1281, 1283, 1537, 1539, 2052, 2053, 2054, 2055];
+        #[cfg(all(feature = "ring", not(feature = "aws-lc-rs")))]
+        let expected_schemes = &[1025, 1027, 1281, 1283, 1537, 2052, 2053, 2054, 2055];
+        assert_eq!(&signature_schemes, expected_schemes);
 
         let mut alpn = vec![];
         for i in 0.. {
diff --git a/src/crypto_provider.rs b/src/crypto_provider.rs
index 3aa00fe..e61e36d 100644
--- a/src/crypto_provider.rs
+++ b/src/crypto_provider.rs
@@ -3,6 +3,9 @@ use std::io::Cursor;
 use std::slice;
 use std::sync::Arc;
 
+#[cfg(feature = "aws-lc-rs")]
+use rustls::crypto::aws_lc_rs;
+#[cfg(feature = "ring")]
 use rustls::crypto::ring;
 use rustls::crypto::CryptoProvider;
 use rustls::sign::SigningKey;
@@ -222,14 +225,26 @@ pub extern "C" fn rustls_crypto_provider_builder_free(
 ///
 /// The caller owns the returned `rustls_crypto_provider` and must free it using
 /// `rustls_crypto_provider_free`.
-// TODO(@cpu): Add a feature gate when we add support for other crypto providers.
 #[no_mangle]
+#[cfg(feature = "ring")]
 pub extern "C" fn rustls_ring_crypto_provider() -> *const rustls_crypto_provider {
     ffi_panic_boundary! {
         Arc::into_raw(Arc::new(ring::default_provider())) as *const rustls_crypto_provider
     }
 }
 
+/// Return the `rustls_crypto_provider` backed by the `aws-lc-rs` cryptography library.
+///
+/// The caller owns the returned `rustls_crypto_provider` and must free it using
+/// `rustls_crypto_provider_free`.
+#[no_mangle]
+#[cfg(feature = "aws-lc-rs")]
+pub extern "C" fn rustls_aws_lc_rs_crypto_provider() -> *const rustls_crypto_provider {
+    ffi_panic_boundary! {
+        Arc::into_raw(Arc::new(aws_lc_rs::default_provider())) as *const rustls_crypto_provider
+    }
+}
+
 /// Retrieve a pointer to the process default `rustls_crypto_provider`.
 ///
 /// This may return `NULL` if no process default provider has been set using
@@ -413,6 +428,20 @@ pub(crate) fn get_default_or_install_from_crate_features() -> Option<Arc<CryptoP
 }
 
 fn provider_from_crate_features() -> Option<CryptoProvider> {
-    // TODO(XXX): Switch based on crate feature once ring is optional.
-    Some(ring::default_provider())
+    // Provider default is unambiguously aws-lc-rs
+    #[cfg(all(feature = "aws-lc-rs", not(feature = "ring")))]
+    {
+        return Some(aws_lc_rs::default_provider());
+    }
+
+    // Provider default is unambiguously ring
+    #[cfg(all(feature = "ring", not(feature = "aws-lc-rs")))]
+    {
+        return Some(ring::default_provider());
+    }
+
+    // Both features activated - no clear default provider based on
+    // crate features.
+    #[allow(unreachable_code)]
+    None
 }
diff --git a/src/rustls.h b/src/rustls.h
index 6797364..711cb4f 100644
--- a/src/rustls.h
+++ b/src/rustls.h
@@ -1984,6 +1984,7 @@ rustls_result rustls_crypto_provider_builder_build_as_default(struct rustls_cryp
  */
 void rustls_crypto_provider_builder_free(struct rustls_crypto_provider_builder *builder);
 
+#if defined(DEFINE_RING)
 /**
  * Return the `rustls_crypto_provider` backed by the `*ring*` cryptography library.
  *
@@ -1991,6 +1992,17 @@ void rustls_crypto_provider_builder_free(struct rustls_crypto_provider_builder *
  * `rustls_crypto_provider_free`.
  */
 const struct rustls_crypto_provider *rustls_ring_crypto_provider(void);
+#endif
+
+#if defined(DEFINE_AWS_LC_RS)
+/**
+ * Return the `rustls_crypto_provider` backed by the `aws-lc-rs` cryptography library.
+ *
+ * The caller owns the returned `rustls_crypto_provider` and must free it using
+ * `rustls_crypto_provider_free`.
+ */
+const struct rustls_crypto_provider *rustls_aws_lc_rs_crypto_provider(void);
+#endif
 
 /**
  * Retrieve a pointer to the process default `rustls_crypto_provider`.
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 4ba518d..a7b10a0 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -7,6 +7,12 @@ IF (WIN32)
     )
 ENDIF (WIN32)
 
+if (CRYPTO_PROVIDER STREQUAL "aws_lc_rs")
+    add_compile_definitions(DEFINE_AWS_LC_RS)
+elseif (CRYPTO_PROVIDER STREQUAL "ring")
+    add_compile_definitions(DEFINE_RING)
+endif ()
+
 add_executable(client client.c common.c)
 add_dependencies(client rustls-ffi)
 target_include_directories(client PUBLIC ${CMAKE_SOURCE_DIR}/src)
author	Daniel McCarney <daniel@binaryparadox.net>	2024-07-05 17:02:29 -0400
committer	Daniel McCarney <daniel@binaryparadox.net>	2024-09-09 11:42:49 -0400
commit	d3aec7c746560e30e81257b91d57e84d20abcf66 (patch)
tree	e77a50e2e594514a7721afd60ee9f6bb763f4cfb
parent	18253ebbcbabbc96d6abbf7f3d82f8432d06710c (diff)