Switch back to ring

2024-06-24 10:32:06 -05:00 · 2024-06-24 10:32:06 -05:00 · df41f0a071
parent cbc14810ec
commit df41f0a071
6 changed files with 40 additions and 235 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -344,9 +344,12 @@ dependencies = [

 [[package]]
 name = "atomic"
-version = "0.5.3"
+version = "0.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c59bdb34bc650a32731b31bd8f0829cc15d24a708ee31559e0bb34f2bc320cba"
+checksum = "8d818003e740b63afc82337e3160717f4f63078720a810b7b903e70a5d1d2994"
+dependencies = [
+ "bytemuck",
+]

 [[package]]
 name = "atomic-waker"
@ -360,34 +363,6 @@ version = "1.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0c4b4d0bd25bd0b74681c0ad21497610ce1b7c91b1022cd21c80c6fbdd9476b0"

-[[package]]
-name = "aws-lc-rs"
-version = "1.7.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bf7d844e282b4b56750b2d4e893b2205581ded8709fddd2b6aa5418c150ca877"
-dependencies = [
- "aws-lc-sys",
- "mirai-annotations",
- "paste",
- "untrusted 0.7.1",
- "zeroize",
-]
-
-[[package]]
-name = "aws-lc-sys"
-version = "0.18.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c3a2c29203f6bf296d01141cc8bb9dbd5ecd4c27843f2ee0767bcd5985a927da"
-dependencies = [
- "bindgen",
- "cc",
- "cmake",
- "dunce",
- "fs_extra",
- "libc",
- "paste",
-]
-
 [[package]]
 name = "axum"
 version = "0.6.20"
@ -484,29 +459,6 @@ dependencies = [
 "tokio",
 ]

-[[package]]
-name = "bindgen"
-version = "0.69.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a00dc851838a2120612785d195287475a3ac45514741da670b735818822129a0"
-dependencies = [
- "bitflags 2.5.0",
- "cexpr",
- "clang-sys",
- "itertools",
- "lazy_static",
- "lazycell",
- "log",
- "prettyplease",
- "proc-macro2",
- "quote",
- "regex",
- "rustc-hash",
- "shlex",
- "syn",
- "which",
-]
-
 [[package]]
 name = "bitflags"
 version = "1.3.2"
@ -543,6 +495,12 @@ version = "3.16.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "79296716171880943b8470b5f8d03aa55eb2e645a4874bdbb28adb49162e012c"

+[[package]]
+name = "bytemuck"
+version = "1.16.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b236fc92302c97ed75b38da1f4917b5cdda4984745740f153a5d3059e48d725e"
+
 [[package]]
 name = "byteorder"
 version = "1.5.0"
@ -566,23 +524,9 @@ dependencies = [

 [[package]]
 name = "cc"
-version = "1.0.99"
+version = "1.0.100"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "96c51067fd44124faa7f870b4b1c969379ad32b2ba805aa959430ceaa384f695"
-dependencies = [
- "jobserver",
- "libc",
- "once_cell",
-]
-
-[[package]]
-name = "cexpr"
-version = "0.6.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766"
-dependencies = [
- "nom",
-]
+checksum = "c891175c3fb232128f48de6590095e59198bbeb8620c310be349bfc3afd12c7b"

 [[package]]
 name = "cfg-if"
@ -590,17 +534,6 @@ version = "1.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"

-[[package]]
-name = "clang-sys"
-version = "1.8.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4"
-dependencies = [
- "glob",
- "libc",
- "libloading",
-]
-
 [[package]]
 name = "clap"
 version = "4.5.7"
@ -641,15 +574,6 @@ version = "0.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4b82cf0babdbd58558212896d1a4272303a57bdb245c2bf1147185fb45640e70"

-[[package]]
-name = "cmake"
-version = "0.1.50"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a31c789563b815f77f4250caee12365734369f942439b7defd71e18a48197130"
-dependencies = [
- "cc",
-]
-
 [[package]]
 name = "color-eyre"
 version = "0.6.3"
@ -935,12 +859,6 @@ dependencies = [
 "subtle",
 ]

-[[package]]
-name = "dunce"
-version = "1.0.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "56ce8c6da7551ec6c462cbaf3bfbc75131ebbfa1c944aeaa9dab51ca1c5f0c3b"
-
 [[package]]
 name = "either"
 version = "1.12.0"
@ -962,16 +880,6 @@ version = "1.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5"

-[[package]]
-name = "errno"
-version = "0.3.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "534c5cf6194dfab3db3242765c03bbe257cf92f22b38f6bc0c58d59108a820ba"
-dependencies = [
- "libc",
- "windows-sys 0.52.0",
-]
-
 [[package]]
 name = "eyre"
 version = "0.6.12"
@ -1029,12 +937,6 @@ dependencies = [
 "winapi",
 ]

-[[package]]
-name = "fs_extra"
-version = "1.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c"
-
 [[package]]
 name = "futures-channel"
 version = "0.3.30"
@ -1251,15 +1153,6 @@ dependencies = [
 "digest",
 ]

-[[package]]
-name = "home"
-version = "0.5.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e3d1354bf6b7235cb4a0576c2619fd4ed18183f689b12b006a0ee7329eeff9a5"
-dependencies = [
- "windows-sys 0.52.0",
-]
-
 [[package]]
 name = "http"
 version = "0.2.12"
@ -1516,15 +1409,6 @@ version = "1.0.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "49f1f14873335454500d59611f1cf4a4b0f786f9ac11f4312a78e4cf2566695b"

-[[package]]
-name = "jobserver"
-version = "0.1.31"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d2b099aaa34a9751c5bf0878add70444e1ed2dd73f347be99003d4577277de6e"
-dependencies = [
- "libc",
-]
-
 [[package]]
 name = "js-sys"
 version = "0.3.69"
@ -1542,15 +1426,9 @@ checksum = "d4345964bb142484797b161f473a503a434de77149dd8c7427788c6e13379388"

 [[package]]
 name = "lazy_static"
-version = "1.4.0"
+version = "1.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
-
-[[package]]
-name = "lazycell"
-version = "1.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55"
+checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe"

 [[package]]
 name = "libc"
@ -1558,28 +1436,12 @@ version = "0.2.155"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c"

-[[package]]
-name = "libloading"
-version = "0.8.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0c2a198fb6b0eada2a8df47933734e6d35d350665a33a3593d7164fa52c75c19"
-dependencies = [
- "cfg-if",
- "windows-targets 0.52.5",
-]
-
 [[package]]
 name = "linked-hash-map"
 version = "0.5.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0717cef1bc8b636c6e1c1bbdefc09e6322da8a9321966e8928ef80d20f7f770f"

-[[package]]
-name = "linux-raw-sys"
-version = "0.4.14"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89"
-
 [[package]]
 name = "local-channel"
 version = "0.1.5"
@ -1662,9 +1524,9 @@ dependencies = [

 [[package]]
 name = "metrics-exporter-prometheus"
-version = "0.15.0"
+version = "0.15.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "26eb45aff37b45cff885538e1dcbd6c2b462c04fe84ce0155ea469f325672c98"
+checksum = "bf0af7a0d7ced10c0151f870e5e3f3f8bc9ffc5992d32873566ca1f9169ae776"
 dependencies = [
 "base64 0.22.1",
 "http-body-util",
@ -1728,12 +1590,6 @@ dependencies = [
 "windows-sys 0.48.0",
 ]

-[[package]]
-name = "mirai-annotations"
-version = "1.12.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c9be0862c1b3f26a88803c4a49de6889c10e608b3ee9344e6ef5b45fb37ad3d1"
-
 [[package]]
 name = "mutually_exclusive_features"
 version = "0.0.3"
@ -2148,16 +2004,6 @@ version = "0.2.17"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de"

-[[package]]
-name = "prettyplease"
-version = "0.2.20"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5f12335488a2f3b0a83b14edad48dca9879ce89b2edd10e80237e4e852dd645e"
-dependencies = [
- "proc-macro2",
- "syn",
-]
-
 [[package]]
 name = "proc-macro2"
 version = "1.0.86"
@ -2479,7 +2325,7 @@ dependencies = [
 "getrandom",
 "libc",
 "spin",
- "untrusted 0.9.0",
+ "untrusted",
 "windows-sys 0.52.0",
 ]

@ -2510,12 +2356,6 @@ version = "0.1.24"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f"

-[[package]]
-name = "rustc-hash"
-version = "1.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2"
-
 [[package]]
 name = "rustc_version"
 version = "0.4.0"
@ -2525,28 +2365,15 @@ dependencies = [
 "semver",
 ]

-[[package]]
-name = "rustix"
-version = "0.38.34"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "70dc5ec042f7a43c4a73241207cecc9873a06d45debb38b329f8541d85c2730f"
-dependencies = [
- "bitflags 2.5.0",
- "errno",
- "libc",
- "linux-raw-sys",
- "windows-sys 0.52.0",
-]
-
 [[package]]
 name = "rustls"
 version = "0.23.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "05cff451f60db80f490f3c182b77c35260baace73209e9cdbbe526bfe3a4d402"
 dependencies = [
- "aws-lc-rs",
 "log",
 "once_cell",
+ "ring",
 "rustls-pki-types",
 "rustls-webpki",
 "subtle",
@ -2585,10 +2412,9 @@ version = "0.102.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ff448f7e92e913c4b7d4c6d8e4540a1724b319b4152b8aef6d4cf8339712b33e"
 dependencies = [
- "aws-lc-rs",
 "ring",
 "rustls-pki-types",
- "untrusted 0.9.0",
+ "untrusted",
 ]

 [[package]]
@ -2754,12 +2580,6 @@ dependencies = [
 "lazy_static",
 ]

-[[package]]
-name = "shlex"
-version = "1.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64"
-
 [[package]]
 name = "signal-hook-registry"
 version = "1.4.2"
@ -2890,9 +2710,9 @@ checksum = "0d0208408ba0c3df17ed26eb06992cb1a1268d41b2c0e12e65203fbe3972cee5"

 [[package]]
 name = "syn"
-version = "2.0.67"
+version = "2.0.68"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ff8655ed1d86f3af4ee3fd3263786bc14245ad17c4c7e85ba7187fb3ae028c90"
+checksum = "901fa70d88b9d6c98022e23b4136f9f3e54e4662c3bc1bd1d84a42a9a0f0c1e9"
 dependencies = [
 "proc-macro2",
 "quote",
@ -3081,7 +2901,7 @@ version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c8e98c31c29b2666fb28720739e11476166be4ead1610a37dcd7414bb124413a"
 dependencies = [
- "aws-lc-rs",
+ "ring",
 "rustls",
 "tokio",
 "tokio-postgres",
@ -3389,12 +3209,6 @@ version = "0.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e4259d9d4425d9f0661581b804cb85fe66a4c631cadd8f490d1c13a35d5d9291"

-[[package]]
-name = "untrusted"
-version = "0.7.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a"
-
 [[package]]
 name = "untrusted"
 version = "0.9.0"
@ -3421,9 +3235,9 @@ checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821"

 [[package]]
 name = "uuid"
-version = "1.8.0"
+version = "1.9.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a183cf7feeba97b4dd1c0d46788634f6221d87fa961b305bed08c851829efcc0"
+checksum = "3ea73390fe27785838dcbf75b91b1d84799e28f1ce71e6f372a5dc2200c80de5"
 dependencies = [
 "atomic",
 "getrandom",
@ -3581,18 +3395,6 @@ dependencies = [
 "rustls-pki-types",
 ]

-[[package]]
-name = "which"
-version = "4.4.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7"
-dependencies = [
- "either",
- "home",
- "once_cell",
- "rustix",
-]
-
 [[package]]
 name = "whoami"
 version = "1.5.1"
--- a/Cargo.toml
+++ b/Cargo.toml
@ -41,6 +41,7 @@ metrics = "0.23.0"
 metrics-exporter-prometheus = { version = "0.15.0", default-features = false, features = ["http-listener"] }
 mime = "0.3.17"
 nanorand = { version = "0.7.0", optional = true }
+# object_store = { version = "0.10.1", features = ["aws"] }
 opentelemetry_sdk = { version = "0.23.0", features = ["rt-tokio"] }
 opentelemetry = "0.23.0"
 opentelemetry-otlp = "0.16.0"
@ -51,7 +52,7 @@ reqwest-middleware = "0.3.1"
 reqwest-tracing = "0.5.0"
 # pinned to tokio-postgres-generic-rustls
 # pinned to actix-web
-rustls = "0.23.10"
+rustls = { version = "0.23.10", default-features = false, features = ["logging", "ring", "std", "tls12"] }
 # pinned to rustls
 rustls-channel-resolver = "0.3.0"
 # pinned to rustls
@ -69,7 +70,7 @@ thiserror = "1.0.61"
 time = { version = "0.3.36", features = ["serde", "serde-well-known"] }
 tokio = { version = "1.38.0", features = ["full", "tracing"] }
 tokio-postgres = { version = "0.7.10", features = ["with-uuid-1", "with-time-0_3", "with-serde_json-1"] }
-tokio-postgres-generic-rustls = { version = "0.1.0", default-features = false, features = ["aws-lc-rs"] }
+tokio-postgres-generic-rustls = { version = "0.1.0", default-features = false, features = ["ring"] }
 tokio-uring = { version = "0.5.0", optional = true, features = ["bytes"] }
 tokio-util = { version = "0.7.11", default-features = false, features = [
  "codec",
--- a/deny.toml
+++ b/deny.toml
@ -104,12 +104,12 @@ allow = [
 # The higher the value, the more closely the license text must be to the
 # canonical license text of a valid SPDX license file.
 # [possible values: any between 0.0 and 1.0].
-confidence-threshold = 0.8
+confidence-threshold = 0.6
 # Allow 1 or more licenses on a per-crate basis, so that particular licenses
 # aren't accepted for every possible crate as with the normal allow list
 exceptions = [
    # OpenSSL license is unavoidable for BoringSSL derivatives
-    { allow = ["OpenSSL"], crate = "aws-lc-sys" },
+    { allow = ["OpenSSL"], crate = "ring" },
    # Each entry is the crate and version constraint, and its specific allow
    # list
    #{ allow = ["Zlib"], crate = "adler32" },
@ -220,9 +220,11 @@ skip = [
    "matchit",
    "parking_lot",
    "parking_lot_core",
+    "quick-xml",
    "regex-automata",
    "regex-syntax",
    "siphasher",
+    "syn",
    "sync_wrapper",
    "untrusted",

--- a/src/lib.rs
+++ b/src/lib.rs
@ -1968,7 +1968,7 @@ impl PictRsConfiguration {
    ///
    /// This would happen automatically anyway unless rustls crate features get mixed up
    pub fn install_crypto_provider(self) -> Self {
-        if rustls::crypto::aws_lc_rs::default_provider()
+        if rustls::crypto::ring::default_provider()
            .install_default()
            .is_err()
        {
--- a/src/repo/postgres.rs
+++ b/src/repo/postgres.rs
@ -26,7 +26,7 @@ use diesel_async::{
 use futures_core::Stream;
 use tokio::sync::Notify;
 use tokio_postgres::{AsyncMessage, Connection, NoTls, Notification, Socket};
-use tokio_postgres_generic_rustls::{AwsLcRsDigest, MakeRustlsConnect};
+use tokio_postgres_generic_rustls::{MakeRustlsConnect, RingDigest};
 use tracing::Instrument;
 use url::Url;
 use uuid::Uuid;
@ -211,7 +211,7 @@ impl PostgresError {

 async fn build_tls_connector(
    certificate_file: Option<PathBuf>,
-) -> Result<MakeRustlsConnect<AwsLcRsDigest>, TlsError> {
+) -> Result<MakeRustlsConnect<RingDigest>, TlsError> {
    let mut cert_store = rustls::RootCertStore {
        roots: Vec::from(webpki_roots::TLS_SERVER_ROOTS),
    };
@ -237,14 +237,14 @@ async fn build_tls_connector(
        .with_root_certificates(cert_store)
        .with_no_client_auth();

-    let tls = MakeRustlsConnect::new(config, AwsLcRsDigest);
+    let tls = MakeRustlsConnect::new(config, RingDigest);

    Ok(tls)
 }

 async fn connect_for_migrations(
    postgres_url: &Url,
-    tls_connector: Option<MakeRustlsConnect<AwsLcRsDigest>>,
+    tls_connector: Option<MakeRustlsConnect<RingDigest>>,
 ) -> Result<
    (
        tokio_postgres::Client,
@ -304,7 +304,7 @@ where
 async fn build_pool(
    postgres_url: &Url,
    tx: tokio::sync::mpsc::Sender<Notification>,
-    connector: Option<MakeRustlsConnect<AwsLcRsDigest>>,
+    connector: Option<MakeRustlsConnect<RingDigest>>,
    max_size: u32,
 ) -> Result<Pool<AsyncPgConnection>, ConnectPostgresError> {
    let mut config = ManagerConfig::default();
@ -705,7 +705,7 @@ async fn delegate_notifications(

 fn build_handler(
    sender: tokio::sync::mpsc::Sender<Notification>,
-    connector: Option<MakeRustlsConnect<AwsLcRsDigest>>,
+    connector: Option<MakeRustlsConnect<RingDigest>>,
 ) -> ConfigFn {
    Box::new(
        move |config: &str| -> BoxFuture<'_, ConnectionResult<AsyncPgConnection>> {
--- a/src/tls.rs
+++ b/src/tls.rs
@ -1,6 +1,6 @@
 use std::path::PathBuf;

-use rustls::{crypto::aws_lc_rs::sign::any_supported_type, sign::CertifiedKey, Error};
+use rustls::{crypto::ring::sign::any_supported_type, sign::CertifiedKey, Error};

 pub(super) struct Tls {
    certificate: PathBuf,