diff options
author | Daniel McCarney <daniel@binaryparadox.net> | 2024-07-05 17:02:29 -0400 |
---|---|---|
committer | Daniel McCarney <daniel@binaryparadox.net> | 2024-09-09 11:42:49 -0400 |
commit | d3aec7c746560e30e81257b91d57e84d20abcf66 (patch) | |
tree | e77a50e2e594514a7721afd60ee9f6bb763f4cfb | |
parent | 18253ebbcbabbc96d6abbf7f3d82f8432d06710c (diff) |
project: default to aws-lc-rs, offer ring feature
This commit:
* Makes the `*ring*` dep optional, behind a `ring` feature flag
* Adds an optional (but default) dep on `aws-lc-rs` behind
a `aws-lc-rs` feature flag.
* Adds `nasm` to the Windows build runners for the `aws-lc-rs` default
crypto provider. This build requirement may be relaxed in the future
depending on whether the upstream project chooses to take a ring-like
strategy of distributing pre-built content.
* Updates the cbindgen config to respect these new features.
* Updates Makefile/Makefile.pkg-config and CMake build systems to
support specifying which crypto provider to use, piping through the
correct Rust features and C defines to make it all work.
* One acceptor unit test is updated: the list of expected supported
ciphersuites differs between `ring` and `aws-lc-rs`, with the latter
also offering a P-521 suite that isn't present in `*ring*`.
* The client/server examples use the implied default and so require no
adjustments.
-rw-r--r-- | .github/workflows/test.yaml | 4 | ||||
-rw-r--r-- | CMakeLists.txt | 18 | ||||
-rw-r--r-- | Cargo.lock | 268 | ||||
-rw-r--r-- | Cargo.toml | 7 | ||||
-rw-r--r-- | Makefile | 9 | ||||
-rw-r--r-- | Makefile.pkg-config | 9 | ||||
-rw-r--r-- | cbindgen.toml | 4 | ||||
-rw-r--r-- | src/acceptor.rs | 9 | ||||
-rw-r--r-- | src/crypto_provider.rs | 35 | ||||
-rw-r--r-- | src/rustls.h | 12 | ||||
-rw-r--r-- | tests/CMakeLists.txt | 6 |
11 files changed, 368 insertions, 13 deletions
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 92d3f77..5502309 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -81,6 +81,8 @@ jobs: persist-credentials: false - name: Install nightly rust toolchain uses: dtolnay/rust-toolchain@nightly + - name: Install NASM for aws-lc-rs + uses: ilammy/setup-nasm@v1 - name: Configure CMake run: cmake -S . -B build - name: Build, debug configuration @@ -100,6 +102,8 @@ jobs: persist-credentials: false - name: Install nightly rust toolchain uses: dtolnay/rust-toolchain@nightly + - name: Install NASM for aws-lc-rs + uses: ilammy/setup-nasm@v1 - name: Configure CMake run: cmake -S . -B build - name: Build, release configuration diff --git a/CMakeLists.txt b/CMakeLists.txt index 5aa7749..eb884b6 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,6 +1,20 @@ cmake_minimum_required(VERSION 3.15) project(rustls-ffi) + +set(CRYPTO_PROVIDER "aws-lc-rs" CACHE STRING "Crypto provider to use (aws-lc-rs or ring)") + +if (NOT (CRYPTO_PROVIDER STREQUAL "aws-lc-rs" OR CRYPTO_PROVIDER STREQUAL "ring")) + message(FATAL_ERROR "Invalid crypto provider specified: ${CRYPTO_PROVIDER}. Must be 'aws-lc-rs' or 'ring'.") +endif () + +set(CARGO_FEATURES --no-default-features) +if (CRYPTO_PROVIDER STREQUAL "aws-lc-rs") + list(APPEND CARGO_FEATURES --features=aws-lc-rs) +elseif (CRYPTO_PROVIDER STREQUAL "ring") + list(APPEND CARGO_FEATURES --features=ring) +endif () + add_subdirectory(tests) include(ExternalProject) @@ -11,7 +25,7 @@ ExternalProject_Add( DOWNLOAD_COMMAND "" CONFIGURE_COMMAND "" BUILD_COMMAND "" - COMMAND cargo build --locked "$<IF:$<CONFIG:Release>,--release,-->" + COMMAND cargo build --locked ${CARGO_FEATURES} "$<IF:$<CONFIG:Release>,--release,-->" # Rely on cargo checking timestamps, rather than tell CMake where every # output is. BUILD_ALWAYS true @@ -20,5 +34,5 @@ ExternalProject_Add( # of "error" in stdout as an error, and we have some test functions that # end in "_error". Quiet mode suppresses test names, so this is a # sufficient workaround. - TEST_COMMAND cargo test --locked "$<IF:$<CONFIG:Release>,--release,-->" --quiet + TEST_COMMAND cargo test --locked ${CARGO_FEATURES} "$<IF:$<CONFIG:Release>,--release,-->" --quiet ) @@ -18,18 +18,74 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f1fdabc7756949593fe60f30ec81974b613357de856987752631dea1e3394c80" [[package]] +name = "aws-lc-rs" +version = "1.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a8a47f2fb521b70c11ce7369a6c5fa4bd6af7e5d62ec06303875bafe7c6ba245" +dependencies = [ + "aws-lc-sys", + "mirai-annotations", + "paste", + "zeroize", +] + +[[package]] +name = "aws-lc-sys" +version = "0.19.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2927c7af777b460b7ccd95f8b67acd7b4c04ec8896bf0c8e80ba30523cffc057" +dependencies = [ + "bindgen", + "cc", + "cmake", + "dunce", + "fs_extra", + "libc", + "paste", +] + +[[package]] name = "base64" version = "0.22.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9475866fec1451be56a3c2400fd081ff546538961565ccb5b7142cbd22bc7a51" [[package]] +name = "bindgen" +version = "0.69.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a00dc851838a2120612785d195287475a3ac45514741da670b735818822129a0" +dependencies = [ + "bitflags 2.6.0", + "cexpr", + "clang-sys", + "itertools", + "lazy_static", + "lazycell", + "log", + "prettyplease", + "proc-macro2", + "quote", + "regex", + "rustc-hash", + "shlex", + "syn", + "which", +] + +[[package]] name = "bitflags" version = "1.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" [[package]] +name = "bitflags" +version = "2.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b048fb63fd8b5923fc5aa7b340d8e156aec7ec02f0c78fa8a6ddc2613f6f71de" + +[[package]] name = "bytes" version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -41,6 +97,7 @@ version = "1.0.83" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f1174fb0b6ec23863f8b971027804a42614e347eafb0a95bf0b12cdae21fc4d0" dependencies = [ + "jobserver", "libc", ] @@ -51,12 +108,41 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6d43a04d8753f35258c91f8ec639f792891f748a1edbd759cf1dcea3382ad83c" [[package]] +name = "cexpr" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766" +dependencies = [ + "nom", +] + +[[package]] name = "cfg-if" version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] +name = "clang-sys" +version = "1.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4" +dependencies = [ + "glob", + "libc", + "libloading", +] + +[[package]] +name = "cmake" +version = "0.1.50" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a31c789563b815f77f4250caee12365734369f942439b7defd71e18a48197130" +dependencies = [ + "cc", +] + +[[package]] name = "combine" version = "4.6.6" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -83,6 +169,34 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "06ea2b9bc92be3c2baa9334a323ebca2d6f074ff852cd1d7b11064035cd3868f" [[package]] +name = "dunce" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "56ce8c6da7551ec6c462cbaf3bfbc75131ebbfa1c944aeaa9dab51ca1c5f0c3b" + +[[package]] +name = "either" +version = "1.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "60b1af1c220855b6ceac025d3f6ecdd2b7c4894bfe9cd9bda4fbb4bc7c0d4cf0" + +[[package]] +name = "errno" +version = "0.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "534c5cf6194dfab3db3242765c03bbe257cf92f22b38f6bc0c58d59108a820ba" +dependencies = [ + "libc", + "windows-sys 0.52.0", +] + +[[package]] +name = "fs_extra" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c" + +[[package]] name = "getrandom" version = "0.2.11" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -94,12 +208,27 @@ dependencies = [ ] [[package]] +name = "glob" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b" + +[[package]] name = "hashbrown" version = "0.12.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888" [[package]] +name = "home" +version = "0.5.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e3d1354bf6b7235cb4a0576c2619fd4ed18183f689b12b006a0ee7329eeff9a5" +dependencies = [ + "windows-sys 0.52.0", +] + +[[package]] name = "indexmap" version = "1.9.3" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -110,6 +239,15 @@ dependencies = [ ] [[package]] +name = "itertools" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ba291022dbbd398a455acf126c1e341954079855bc60dfdda641363bd6922569" +dependencies = [ + "either", +] + +[[package]] name = "jni" version = "0.19.0" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -130,12 +268,49 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8eaf4bc02d17cbdd7ff4c7438cafcdf7fb9a4613313ad11b4f8fefe7d3fa0130" [[package]] +name = "jobserver" +version = "0.1.31" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d2b099aaa34a9751c5bf0878add70444e1ed2dd73f347be99003d4577277de6e" +dependencies = [ + "libc", +] + +[[package]] +name = "lazy_static" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" + +[[package]] +name = "lazycell" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" + +[[package]] name = "libc" version = "0.2.158" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d8adc4bb1803a324070e64a98ae98f38934d91957a99cfb3a43dcbc01bc56439" [[package]] +name = "libloading" +version = "0.8.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e310b3a6b5907f99202fcdb4960ff45b93735d7c7d96b760fcff8db2dc0e103d" +dependencies = [ + "cfg-if", + "windows-targets 0.48.5", +] + +[[package]] +name = "linux-raw-sys" +version = "0.4.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89" + +[[package]] name = "log" version = "0.4.22" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -148,6 +323,28 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f665ee40bc4a3c5590afb1e9677db74a508659dfd71e126420da8274909a0167" [[package]] +name = "minimal-lexical" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" + +[[package]] +name = "mirai-annotations" +version = "1.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c9be0862c1b3f26a88803c4a49de6889c10e608b3ee9344e6ef5b45fb37ad3d1" + +[[package]] +name = "nom" +version = "7.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a" +dependencies = [ + "memchr", + "minimal-lexical", +] + +[[package]] name = "nom8" version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -198,6 +395,22 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" [[package]] +name = "paste" +version = "1.0.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a" + +[[package]] +name = "prettyplease" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8d3928fb5db768cb86f891ff014f0144589297e3c6a1aba6ed7cecfdace270c7" +dependencies = [ + "proc-macro2", + "syn", +] + +[[package]] name = "proc-macro2" version = "1.0.79" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -259,11 +472,31 @@ dependencies = [ ] [[package]] +name = "rustc-hash" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" + +[[package]] +name = "rustix" +version = "0.38.34" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "70dc5ec042f7a43c4a73241207cecc9873a06d45debb38b329f8541d85c2730f" +dependencies = [ + "bitflags 2.6.0", + "errno", + "libc", + "linux-raw-sys", + "windows-sys 0.52.0", +] + +[[package]] name = "rustls" version = "0.23.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8c4d6d8ad9f2492485e13453acbb291dd08f64441b6609c491f1c2cd2c6b4fe1" dependencies = [ + "aws-lc-rs", "once_cell", "ring", "rustls-pki-types", @@ -350,6 +583,7 @@ version = "0.102.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "faaa0a62740bedb9b2ef5afa303da42764c012f743917351dc9a237ea1663610" dependencies = [ + "aws-lc-rs", "ring", "rustls-pki-types", "untrusted", @@ -385,7 +619,7 @@ version = "2.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "770452e37cad93e0a50d5abc3990d2bc351c36d0328f86cefec2f2fb206eaef6" dependencies = [ - "bitflags", + "bitflags 1.3.2", "core-foundation", "core-foundation-sys", "libc", @@ -433,6 +667,12 @@ dependencies = [ ] [[package]] +name = "shlex" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" + +[[package]] name = "spin" version = "0.9.8" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -547,6 +787,18 @@ dependencies = [ ] [[package]] +name = "which" +version = "4.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7" +dependencies = [ + "either", + "home", + "once_cell", + "rustix", +] + +[[package]] name = "winapi" version = "0.3.9" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -714,3 +966,17 @@ name = "zeroize" version = "1.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d" +dependencies = [ + "zeroize_derive", +] + +[[package]] +name = "zeroize_derive" +version = "1.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] @@ -12,6 +12,7 @@ links = "rustls_ffi" rust-version = "1.64" [features] +default = ["aws-lc-rs"] # Enable this feature when building as Rust dependency. It inhibits the # default behavior of capturing the global logger, which only works when # built using the Makefile, which passes -C metadata=rustls-ffi to avoid @@ -20,12 +21,14 @@ rust-version = "1.64" no_log_capture = [] read_buf = ["rustls/read_buf"] capi = [] +ring = ["rustls/ring", "webpki/ring"] +aws-lc-rs = ["rustls/aws-lc-rs", "webpki/aws_lc_rs"] [dependencies] # Keep in sync with RUSTLS_CRATE_VERSION in build.rs -rustls = { version = "0.23.4", default-features = false, features = ["ring", "std", "tls12"] } +rustls = { version = "0.23.4", default-features = false, features = ["std", "tls12"] } pki-types = { package = "rustls-pki-types", version = "1", features = ["std"] } -webpki = { package = "rustls-webpki", version = "0.102.0", default-features = false, features = ["ring", "std"] } +webpki = { package = "rustls-webpki", version = "0.102.0", default-features = false, features = ["std"] } libc = "0.2" rustls-pemfile = "2" log = "0.4.22" @@ -9,6 +9,7 @@ CARGOFLAGS += --locked CFLAGS := -Werror -Wall -Wextra -Wpedantic -g -I src/ PROFILE := release +CRYPTO_PROVIDER := aws-lc-rs DESTDIR=/usr/local ifeq ($(PROFILE), debug) @@ -26,6 +27,14 @@ ifneq (,$(TARGET)) CARGOFLAGS += --target $(TARGET) endif +ifeq ($(CRYPTO_PROVIDER), aws-lc-rs) + CFLAGS += -D DEFINE_AWS_LC_RS + CARGOFLAGS += --no-default-features --features aws-lc-rs +else ifeq ($(CRYPTO_PROVIDER), ring) + CFLAGS += -D DEFINE_RING + CARGOFLAGS += --no-default-features --features ring +endif + all: target/client target/server test: all diff --git a/Makefile.pkg-config b/Makefile.pkg-config index bfdcd3b..fe25c92 100644 --- a/Makefile.pkg-config +++ b/Makefile.pkg-config @@ -13,6 +13,7 @@ CARGOFLAGS += --locked CFLAGS := -Werror -Wall -Wextra -Wpedantic -g -I src/ PROFILE := release +CRYPTO_PROVIDER := aws-lc-rs PREFIX=/usr/local ifeq ($(PROFILE), debug) @@ -25,6 +26,14 @@ ifeq ($(PROFILE), release) CARGOFLAGS += --release endif +ifeq ($(CRYPTO_PROVIDER), aws-lc-rs) + CFLAGS += -D DEFINE_AWS_LC_RS + CARGOFLAGS += --no-default-features --features aws-lc-rs +else ifeq ($(CRYPTO_PROVIDER), ring) + CFLAGS += -D DEFINE_RING + CARGOFLAGS += --no-default-features --features ring +endif + all: target/client target/server integration: all diff --git a/cbindgen.toml b/cbindgen.toml index 335688d..b2bf782 100644 --- a/cbindgen.toml +++ b/cbindgen.toml @@ -12,7 +12,9 @@ include = ["rustls_tls_version"] [defines] "feature = read_buf" = "DEFINE_READ_BUF" +"feature = aws-lc-rs" = "DEFINE_AWS_LC_RS" +"feature = ring" = "DEFINE_RING" [parse.expand] crates = ["rustls-ffi"] -features = ["read_buf"] +features = ["read_buf", "aws-lc-rs", "ring"] diff --git a/src/acceptor.rs b/src/acceptor.rs index 327bb6c..a01dbb2 100644 --- a/src/acceptor.rs +++ b/src/acceptor.rs @@ -750,10 +750,11 @@ mod tests { } // Sort to ensure consistent comparison signature_schemes.sort(); - assert_eq!( - &signature_schemes, - &[1025, 1027, 1281, 1283, 1537, 2052, 2053, 2054, 2055] - ); + #[cfg(feature = "aws-lc-rs")] // aws-lc-rs includes P-521. + let expected_schemes = &[1025, 1027, 1281, 1283, 1537, 1539, 2052, 2053, 2054, 2055]; + #[cfg(all(feature = "ring", not(feature = "aws-lc-rs")))] + let expected_schemes = &[1025, 1027, 1281, 1283, 1537, 2052, 2053, 2054, 2055]; + assert_eq!(&signature_schemes, expected_schemes); let mut alpn = vec![]; for i in 0.. { diff --git a/src/crypto_provider.rs b/src/crypto_provider.rs index 3aa00fe..e61e36d 100644 --- a/src/crypto_provider.rs +++ b/src/crypto_provider.rs @@ -3,6 +3,9 @@ use std::io::Cursor; use std::slice; use std::sync::Arc; +#[cfg(feature = "aws-lc-rs")] +use rustls::crypto::aws_lc_rs; +#[cfg(feature = "ring")] use rustls::crypto::ring; use rustls::crypto::CryptoProvider; use rustls::sign::SigningKey; @@ -222,14 +225,26 @@ pub extern "C" fn rustls_crypto_provider_builder_free( /// /// The caller owns the returned `rustls_crypto_provider` and must free it using /// `rustls_crypto_provider_free`. -// TODO(@cpu): Add a feature gate when we add support for other crypto providers. #[no_mangle] +#[cfg(feature = "ring")] pub extern "C" fn rustls_ring_crypto_provider() -> *const rustls_crypto_provider { ffi_panic_boundary! { Arc::into_raw(Arc::new(ring::default_provider())) as *const rustls_crypto_provider } } +/// Return the `rustls_crypto_provider` backed by the `aws-lc-rs` cryptography library. +/// +/// The caller owns the returned `rustls_crypto_provider` and must free it using +/// `rustls_crypto_provider_free`. +#[no_mangle] +#[cfg(feature = "aws-lc-rs")] +pub extern "C" fn rustls_aws_lc_rs_crypto_provider() -> *const rustls_crypto_provider { + ffi_panic_boundary! { + Arc::into_raw(Arc::new(aws_lc_rs::default_provider())) as *const rustls_crypto_provider + } +} + /// Retrieve a pointer to the process default `rustls_crypto_provider`. /// /// This may return `NULL` if no process default provider has been set using @@ -413,6 +428,20 @@ pub(crate) fn get_default_or_install_from_crate_features() -> Option<Arc<CryptoP } fn provider_from_crate_features() -> Option<CryptoProvider> { - // TODO(XXX): Switch based on crate feature once ring is optional. - Some(ring::default_provider()) + // Provider default is unambiguously aws-lc-rs + #[cfg(all(feature = "aws-lc-rs", not(feature = "ring")))] + { + return Some(aws_lc_rs::default_provider()); + } + + // Provider default is unambiguously ring + #[cfg(all(feature = "ring", not(feature = "aws-lc-rs")))] + { + return Some(ring::default_provider()); + } + + // Both features activated - no clear default provider based on + // crate features. + #[allow(unreachable_code)] + None } diff --git a/src/rustls.h b/src/rustls.h index 6797364..711cb4f 100644 --- a/src/rustls.h +++ b/src/rustls.h @@ -1984,6 +1984,7 @@ rustls_result rustls_crypto_provider_builder_build_as_default(struct rustls_cryp */ void rustls_crypto_provider_builder_free(struct rustls_crypto_provider_builder *builder); +#if defined(DEFINE_RING) /** * Return the `rustls_crypto_provider` backed by the `*ring*` cryptography library. * @@ -1991,6 +1992,17 @@ void rustls_crypto_provider_builder_free(struct rustls_crypto_provider_builder * * `rustls_crypto_provider_free`. */ const struct rustls_crypto_provider *rustls_ring_crypto_provider(void); +#endif + +#if defined(DEFINE_AWS_LC_RS) +/** + * Return the `rustls_crypto_provider` backed by the `aws-lc-rs` cryptography library. + * + * The caller owns the returned `rustls_crypto_provider` and must free it using + * `rustls_crypto_provider_free`. + */ +const struct rustls_crypto_provider *rustls_aws_lc_rs_crypto_provider(void); +#endif /** * Retrieve a pointer to the process default `rustls_crypto_provider`. diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 4ba518d..a7b10a0 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -7,6 +7,12 @@ IF (WIN32) ) ENDIF (WIN32) +if (CRYPTO_PROVIDER STREQUAL "aws_lc_rs") + add_compile_definitions(DEFINE_AWS_LC_RS) +elseif (CRYPTO_PROVIDER STREQUAL "ring") + add_compile_definitions(DEFINE_RING) +endif () + add_executable(client client.c common.c) add_dependencies(client rustls-ffi) target_include_directories(client PUBLIC ${CMAKE_SOURCE_DIR}/src) |