From df41f0a071f7db9e0b29f6eef03cd14c50d02ab1 Mon Sep 17 00:00:00 2001 From: asonix Date: Mon, 24 Jun 2024 10:32:06 -0500 Subject: [PATCH] Switch back to ring --- Cargo.lock | 248 +++++-------------------------------------- Cargo.toml | 5 +- deny.toml | 6 +- src/lib.rs | 2 +- src/repo/postgres.rs | 12 +-- src/tls.rs | 2 +- 6 files changed, 40 insertions(+), 235 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index b38446c..8258e3f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -344,9 +344,12 @@ dependencies = [ [[package]] name = "atomic" -version = "0.5.3" +version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c59bdb34bc650a32731b31bd8f0829cc15d24a708ee31559e0bb34f2bc320cba" +checksum = "8d818003e740b63afc82337e3160717f4f63078720a810b7b903e70a5d1d2994" +dependencies = [ + "bytemuck", +] [[package]] name = "atomic-waker" @@ -360,34 +363,6 @@ version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0c4b4d0bd25bd0b74681c0ad21497610ce1b7c91b1022cd21c80c6fbdd9476b0" -[[package]] -name = "aws-lc-rs" -version = "1.7.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bf7d844e282b4b56750b2d4e893b2205581ded8709fddd2b6aa5418c150ca877" -dependencies = [ - "aws-lc-sys", - "mirai-annotations", - "paste", - "untrusted 0.7.1", - "zeroize", -] - -[[package]] -name = "aws-lc-sys" -version = "0.18.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c3a2c29203f6bf296d01141cc8bb9dbd5ecd4c27843f2ee0767bcd5985a927da" -dependencies = [ - "bindgen", - "cc", - "cmake", - "dunce", - "fs_extra", - "libc", - "paste", -] - [[package]] name = "axum" version = "0.6.20" @@ -484,29 +459,6 @@ dependencies = [ "tokio", ] -[[package]] -name = "bindgen" -version = "0.69.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a00dc851838a2120612785d195287475a3ac45514741da670b735818822129a0" -dependencies = [ - "bitflags 2.5.0", - "cexpr", - "clang-sys", - "itertools", - "lazy_static", - "lazycell", - "log", - "prettyplease", - "proc-macro2", - "quote", - "regex", - "rustc-hash", - "shlex", - "syn", - "which", -] - [[package]] name = "bitflags" version = "1.3.2" @@ -543,6 +495,12 @@ version = "3.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "79296716171880943b8470b5f8d03aa55eb2e645a4874bdbb28adb49162e012c" +[[package]] +name = "bytemuck" +version = "1.16.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b236fc92302c97ed75b38da1f4917b5cdda4984745740f153a5d3059e48d725e" + [[package]] name = "byteorder" version = "1.5.0" @@ -566,23 +524,9 @@ dependencies = [ [[package]] name = "cc" -version = "1.0.99" +version = "1.0.100" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "96c51067fd44124faa7f870b4b1c969379ad32b2ba805aa959430ceaa384f695" -dependencies = [ - "jobserver", - "libc", - "once_cell", -] - -[[package]] -name = "cexpr" -version = "0.6.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766" -dependencies = [ - "nom", -] +checksum = "c891175c3fb232128f48de6590095e59198bbeb8620c310be349bfc3afd12c7b" [[package]] name = "cfg-if" @@ -590,17 +534,6 @@ version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" -[[package]] -name = "clang-sys" -version = "1.8.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4" -dependencies = [ - "glob", - "libc", - "libloading", -] - [[package]] name = "clap" version = "4.5.7" @@ -641,15 +574,6 @@ version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4b82cf0babdbd58558212896d1a4272303a57bdb245c2bf1147185fb45640e70" -[[package]] -name = "cmake" -version = "0.1.50" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a31c789563b815f77f4250caee12365734369f942439b7defd71e18a48197130" -dependencies = [ - "cc", -] - [[package]] name = "color-eyre" version = "0.6.3" @@ -935,12 +859,6 @@ dependencies = [ "subtle", ] -[[package]] -name = "dunce" -version = "1.0.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "56ce8c6da7551ec6c462cbaf3bfbc75131ebbfa1c944aeaa9dab51ca1c5f0c3b" - [[package]] name = "either" version = "1.12.0" @@ -962,16 +880,6 @@ version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5" -[[package]] -name = "errno" -version = "0.3.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "534c5cf6194dfab3db3242765c03bbe257cf92f22b38f6bc0c58d59108a820ba" -dependencies = [ - "libc", - "windows-sys 0.52.0", -] - [[package]] name = "eyre" version = "0.6.12" @@ -1029,12 +937,6 @@ dependencies = [ "winapi", ] -[[package]] -name = "fs_extra" -version = "1.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c" - [[package]] name = "futures-channel" version = "0.3.30" @@ -1251,15 +1153,6 @@ dependencies = [ "digest", ] -[[package]] -name = "home" -version = "0.5.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e3d1354bf6b7235cb4a0576c2619fd4ed18183f689b12b006a0ee7329eeff9a5" -dependencies = [ - "windows-sys 0.52.0", -] - [[package]] name = "http" version = "0.2.12" @@ -1516,15 +1409,6 @@ version = "1.0.11" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "49f1f14873335454500d59611f1cf4a4b0f786f9ac11f4312a78e4cf2566695b" -[[package]] -name = "jobserver" -version = "0.1.31" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d2b099aaa34a9751c5bf0878add70444e1ed2dd73f347be99003d4577277de6e" -dependencies = [ - "libc", -] - [[package]] name = "js-sys" version = "0.3.69" @@ -1542,15 +1426,9 @@ checksum = "d4345964bb142484797b161f473a503a434de77149dd8c7427788c6e13379388" [[package]] name = "lazy_static" -version = "1.4.0" +version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" - -[[package]] -name = "lazycell" -version = "1.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" +checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" [[package]] name = "libc" @@ -1558,28 +1436,12 @@ version = "0.2.155" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c" -[[package]] -name = "libloading" -version = "0.8.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c2a198fb6b0eada2a8df47933734e6d35d350665a33a3593d7164fa52c75c19" -dependencies = [ - "cfg-if", - "windows-targets 0.52.5", -] - [[package]] name = "linked-hash-map" version = "0.5.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0717cef1bc8b636c6e1c1bbdefc09e6322da8a9321966e8928ef80d20f7f770f" -[[package]] -name = "linux-raw-sys" -version = "0.4.14" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89" - [[package]] name = "local-channel" version = "0.1.5" @@ -1662,9 +1524,9 @@ dependencies = [ [[package]] name = "metrics-exporter-prometheus" -version = "0.15.0" +version = "0.15.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "26eb45aff37b45cff885538e1dcbd6c2b462c04fe84ce0155ea469f325672c98" +checksum = "bf0af7a0d7ced10c0151f870e5e3f3f8bc9ffc5992d32873566ca1f9169ae776" dependencies = [ "base64 0.22.1", "http-body-util", @@ -1728,12 +1590,6 @@ dependencies = [ "windows-sys 0.48.0", ] -[[package]] -name = "mirai-annotations" -version = "1.12.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c9be0862c1b3f26a88803c4a49de6889c10e608b3ee9344e6ef5b45fb37ad3d1" - [[package]] name = "mutually_exclusive_features" version = "0.0.3" @@ -2148,16 +2004,6 @@ version = "0.2.17" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" -[[package]] -name = "prettyplease" -version = "0.2.20" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f12335488a2f3b0a83b14edad48dca9879ce89b2edd10e80237e4e852dd645e" -dependencies = [ - "proc-macro2", - "syn", -] - [[package]] name = "proc-macro2" version = "1.0.86" @@ -2479,7 +2325,7 @@ dependencies = [ "getrandom", "libc", "spin", - "untrusted 0.9.0", + "untrusted", "windows-sys 0.52.0", ] @@ -2510,12 +2356,6 @@ version = "0.1.24" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f" -[[package]] -name = "rustc-hash" -version = "1.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" - [[package]] name = "rustc_version" version = "0.4.0" @@ -2525,28 +2365,15 @@ dependencies = [ "semver", ] -[[package]] -name = "rustix" -version = "0.38.34" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "70dc5ec042f7a43c4a73241207cecc9873a06d45debb38b329f8541d85c2730f" -dependencies = [ - "bitflags 2.5.0", - "errno", - "libc", - "linux-raw-sys", - "windows-sys 0.52.0", -] - [[package]] name = "rustls" version = "0.23.10" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "05cff451f60db80f490f3c182b77c35260baace73209e9cdbbe526bfe3a4d402" dependencies = [ - "aws-lc-rs", "log", "once_cell", + "ring", "rustls-pki-types", "rustls-webpki", "subtle", @@ -2585,10 +2412,9 @@ version = "0.102.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ff448f7e92e913c4b7d4c6d8e4540a1724b319b4152b8aef6d4cf8339712b33e" dependencies = [ - "aws-lc-rs", "ring", "rustls-pki-types", - "untrusted 0.9.0", + "untrusted", ] [[package]] @@ -2754,12 +2580,6 @@ dependencies = [ "lazy_static", ] -[[package]] -name = "shlex" -version = "1.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" - [[package]] name = "signal-hook-registry" version = "1.4.2" @@ -2890,9 +2710,9 @@ checksum = "0d0208408ba0c3df17ed26eb06992cb1a1268d41b2c0e12e65203fbe3972cee5" [[package]] name = "syn" -version = "2.0.67" +version = "2.0.68" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ff8655ed1d86f3af4ee3fd3263786bc14245ad17c4c7e85ba7187fb3ae028c90" +checksum = "901fa70d88b9d6c98022e23b4136f9f3e54e4662c3bc1bd1d84a42a9a0f0c1e9" dependencies = [ "proc-macro2", "quote", @@ -3081,7 +2901,7 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c8e98c31c29b2666fb28720739e11476166be4ead1610a37dcd7414bb124413a" dependencies = [ - "aws-lc-rs", + "ring", "rustls", "tokio", "tokio-postgres", @@ -3389,12 +3209,6 @@ version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e4259d9d4425d9f0661581b804cb85fe66a4c631cadd8f490d1c13a35d5d9291" -[[package]] -name = "untrusted" -version = "0.7.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" - [[package]] name = "untrusted" version = "0.9.0" @@ -3421,9 +3235,9 @@ checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821" [[package]] name = "uuid" -version = "1.8.0" +version = "1.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a183cf7feeba97b4dd1c0d46788634f6221d87fa961b305bed08c851829efcc0" +checksum = "3ea73390fe27785838dcbf75b91b1d84799e28f1ce71e6f372a5dc2200c80de5" dependencies = [ "atomic", "getrandom", @@ -3581,18 +3395,6 @@ dependencies = [ "rustls-pki-types", ] -[[package]] -name = "which" -version = "4.4.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7" -dependencies = [ - "either", - "home", - "once_cell", - "rustix", -] - [[package]] name = "whoami" version = "1.5.1" diff --git a/Cargo.toml b/Cargo.toml index e325ed5..7169298 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -41,6 +41,7 @@ metrics = "0.23.0" metrics-exporter-prometheus = { version = "0.15.0", default-features = false, features = ["http-listener"] } mime = "0.3.17" nanorand = { version = "0.7.0", optional = true } +# object_store = { version = "0.10.1", features = ["aws"] } opentelemetry_sdk = { version = "0.23.0", features = ["rt-tokio"] } opentelemetry = "0.23.0" opentelemetry-otlp = "0.16.0" @@ -51,7 +52,7 @@ reqwest-middleware = "0.3.1" reqwest-tracing = "0.5.0" # pinned to tokio-postgres-generic-rustls # pinned to actix-web -rustls = "0.23.10" +rustls = { version = "0.23.10", default-features = false, features = ["logging", "ring", "std", "tls12"] } # pinned to rustls rustls-channel-resolver = "0.3.0" # pinned to rustls @@ -69,7 +70,7 @@ thiserror = "1.0.61" time = { version = "0.3.36", features = ["serde", "serde-well-known"] } tokio = { version = "1.38.0", features = ["full", "tracing"] } tokio-postgres = { version = "0.7.10", features = ["with-uuid-1", "with-time-0_3", "with-serde_json-1"] } -tokio-postgres-generic-rustls = { version = "0.1.0", default-features = false, features = ["aws-lc-rs"] } +tokio-postgres-generic-rustls = { version = "0.1.0", default-features = false, features = ["ring"] } tokio-uring = { version = "0.5.0", optional = true, features = ["bytes"] } tokio-util = { version = "0.7.11", default-features = false, features = [ "codec", diff --git a/deny.toml b/deny.toml index b4d7670..11ab22d 100644 --- a/deny.toml +++ b/deny.toml @@ -104,12 +104,12 @@ allow = [ # The higher the value, the more closely the license text must be to the # canonical license text of a valid SPDX license file. # [possible values: any between 0.0 and 1.0]. -confidence-threshold = 0.8 +confidence-threshold = 0.6 # Allow 1 or more licenses on a per-crate basis, so that particular licenses # aren't accepted for every possible crate as with the normal allow list exceptions = [ # OpenSSL license is unavoidable for BoringSSL derivatives - { allow = ["OpenSSL"], crate = "aws-lc-sys" }, + { allow = ["OpenSSL"], crate = "ring" }, # Each entry is the crate and version constraint, and its specific allow # list #{ allow = ["Zlib"], crate = "adler32" }, @@ -220,9 +220,11 @@ skip = [ "matchit", "parking_lot", "parking_lot_core", + "quick-xml", "regex-automata", "regex-syntax", "siphasher", + "syn", "sync_wrapper", "untrusted", diff --git a/src/lib.rs b/src/lib.rs index 7b0b16f..4a516e0 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -1968,7 +1968,7 @@ impl PictRsConfiguration { /// /// This would happen automatically anyway unless rustls crate features get mixed up pub fn install_crypto_provider(self) -> Self { - if rustls::crypto::aws_lc_rs::default_provider() + if rustls::crypto::ring::default_provider() .install_default() .is_err() { diff --git a/src/repo/postgres.rs b/src/repo/postgres.rs index edd9fc8..ddea813 100644 --- a/src/repo/postgres.rs +++ b/src/repo/postgres.rs @@ -26,7 +26,7 @@ use diesel_async::{ use futures_core::Stream; use tokio::sync::Notify; use tokio_postgres::{AsyncMessage, Connection, NoTls, Notification, Socket}; -use tokio_postgres_generic_rustls::{AwsLcRsDigest, MakeRustlsConnect}; +use tokio_postgres_generic_rustls::{MakeRustlsConnect, RingDigest}; use tracing::Instrument; use url::Url; use uuid::Uuid; @@ -211,7 +211,7 @@ impl PostgresError { async fn build_tls_connector( certificate_file: Option, -) -> Result, TlsError> { +) -> Result, TlsError> { let mut cert_store = rustls::RootCertStore { roots: Vec::from(webpki_roots::TLS_SERVER_ROOTS), }; @@ -237,14 +237,14 @@ async fn build_tls_connector( .with_root_certificates(cert_store) .with_no_client_auth(); - let tls = MakeRustlsConnect::new(config, AwsLcRsDigest); + let tls = MakeRustlsConnect::new(config, RingDigest); Ok(tls) } async fn connect_for_migrations( postgres_url: &Url, - tls_connector: Option>, + tls_connector: Option>, ) -> Result< ( tokio_postgres::Client, @@ -304,7 +304,7 @@ where async fn build_pool( postgres_url: &Url, tx: tokio::sync::mpsc::Sender, - connector: Option>, + connector: Option>, max_size: u32, ) -> Result, ConnectPostgresError> { let mut config = ManagerConfig::default(); @@ -705,7 +705,7 @@ async fn delegate_notifications( fn build_handler( sender: tokio::sync::mpsc::Sender, - connector: Option>, + connector: Option>, ) -> ConfigFn { Box::new( move |config: &str| -> BoxFuture<'_, ConnectionResult> { diff --git a/src/tls.rs b/src/tls.rs index a5de197..b1842c9 100644 --- a/src/tls.rs +++ b/src/tls.rs @@ -1,6 +1,6 @@ use std::path::PathBuf; -use rustls::{crypto::aws_lc_rs::sign::any_supported_type, sign::CertifiedKey, Error}; +use rustls::{crypto::ring::sign::any_supported_type, sign::CertifiedKey, Error}; pub(super) struct Tls { certificate: PathBuf,