add rustls-ring feature to make ring optional

bytedance · Nov 13, 2024 · edd68ef · edd68ef
1 parent 770e591
commit edd68ef
Show file tree

Hide file tree

Showing 19 changed files with 47 additions and 37 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -150,8 +150,8 @@ async-recursion = "1.1"
 pin-project-lite = "0.2"
 #
 rustls-pki-types = { version = "1", default-features = false }
-rustls = { version = "0.23.15", default-features = false, features = ["std", "tls12", "ring", "brotli"] }
-tokio-rustls = { version = "0.26", default-features = false, features = ["tls12", "ring"] }
+rustls = { version = "0.23.15", default-features = false, features = ["std", "tls12", "brotli"] }
+tokio-rustls = { version = "0.26", default-features = false, features = ["tls12"] }
 quinn = { version = "0.11", default-features = false, features = ["runtime-tokio"] }
 quinn-udp = { version = "0.5.6", default-features = false, features = ["fast-apple-datapath"] }
 #

diff --git a/g3bench/Cargo.toml b/g3bench/Cargo.toml
@@ -55,9 +55,10 @@ g3-hickory-client.workspace = true
 g3-build-env.workspace = true
 
 [features]
-default = ["quic"]
+default = ["quic", "rustls-ring"]
 quic = ["g3-types/quic", "g3-socks/quic", "g3-io-ext/quic", "g3-hickory-client/quic", "dep:quinn", "dep:h3", "dep:h3-quinn"]
-rustls-aws-lc = ["rustls/aws-lc-rs"]
+rustls-ring = ["rustls/ring", "quinn?/rustls-ring"]
+rustls-aws-lc = ["rustls/aws-lc-rs", "quinn?/rustls-aws-lc-rs"]
 vendored-openssl = ["openssl/vendored", "openssl-probe"]
 vendored-tongsuo = ["openssl/tongsuo", "openssl-probe", "g3-types/tongsuo"]
 vendored-aws-lc = ["rustls-aws-lc", "openssl/aws-lc", "openssl-probe", "g3-types/aws-lc", "g3-tls-cert/aws-lc", "g3-openssl/aws-lc"]

diff --git a/g3bench/debian/rules b/g3bench/debian/rules
@@ -15,7 +15,7 @@ override_dh_auto_clean:
 override_dh_auto_build:
 	G3_PACKAGE_VERSION=$(DEB_VERSION) \
 	  cargo build --frozen --offline --profile $(BUILD_PROFILE) \
-	    --no-default-features --features $(SSL_FEATURE),quic \
+	    --no-default-features --features $(SSL_FEATURE),rustls-ring,quic \
 	    --package g3bench
 
 override_dh_auto_install:

diff --git a/g3bench/g3bench.spec b/g3bench/g3bench.spec
@@ -31,7 +31,7 @@ G3 Benchmark Tool
 G3_PACKAGE_VERSION="%{version}-%{release}"
 export G3_PACKAGE_VERSION
 SSL_FEATURE=$(sh scripts/package/detect_openssl_feature.sh)
-cargo build --frozen --offline --profile %{build_profile} --no-default-features --features $SSL_FEATURE,quic --package g3bench
+cargo build --frozen --offline --profile %{build_profile} --no-default-features --features $SSL_FEATURE,rustls-ring,quic --package g3bench
 
 
 %install

diff --git a/g3proxy/Cargo.toml b/g3proxy/Cargo.toml
@@ -100,7 +100,7 @@ tokio-stream.workspace = true
 g3-build-env.workspace = true
 
 [features]
-default = ["lua54", "python", "c-ares", "hickory", "quic"]
+default = ["lua54", "python", "c-ares", "hickory", "quic", "rustls-ring"]
 lua = ["mlua"]
 luajit = ["lua", "mlua/luajit"]
 lua51 = ["lua", "mlua/lua51"]
@@ -110,7 +110,8 @@ python = ["pyo3"]
 c-ares = ["g3-resolver/c-ares"]
 hickory = ["g3-resolver/hickory"]
 quic = ["g3-daemon/quic", "g3-resolver/quic", "g3-yaml/quinn", "g3-types/quinn", "g3-dpi/quic", "dep:quinn"]
-rustls-aws-lc = ["rustls/aws-lc-rs"]
+rustls-ring = ["g3-types/rustls-ring", "rustls/ring", "quinn?/rustls-ring"]
+rustls-aws-lc = ["g3-types/rustls-aws-lc", "rustls/aws-lc-rs", "quinn?/rustls-aws-lc-rs"]
 vendored-openssl = ["openssl/vendored", "openssl-probe"]
 vendored-tongsuo = ["openssl/tongsuo", "openssl-probe", "g3-yaml/tongsuo", "g3-json/tongsuo", "g3-cert-agent/tongsuo"]
 vendored-aws-lc = ["rustls-aws-lc", "openssl/aws-lc", "openssl-probe", "g3-types/aws-lc", "g3-openssl/aws-lc"]

diff --git a/g3proxy/debian/rules b/g3proxy/debian/rules
@@ -17,7 +17,7 @@ override_dh_auto_clean:
 override_dh_auto_build:
 	G3_PACKAGE_VERSION=$(DEB_VERSION) \
 	  cargo build --frozen --profile $(BUILD_PROFILE) \
-	    --no-default-features --features $(LUA_FEATURE),$(SSL_FEATURE),quic,$(CARES_FEATURE),hickory \
+	    --no-default-features --features $(LUA_FEATURE),$(SSL_FEATURE),rustls-ring,quic,$(CARES_FEATURE),hickory \
 	    --package g3proxy --package g3proxy-ctl --package g3proxy-lua
 	cargo build --frozen --profile $(BUILD_PROFILE) --package g3proxy-ftp
 	sh $(PACKAGE_NAME)/service/generate_systemd.sh

diff --git a/g3proxy/docker/alpine.Dockerfile b/g3proxy/docker/alpine.Dockerfile
@@ -4,7 +4,7 @@ COPY . .
 RUN apk add --no-cache musl-dev cmake capnproto-dev openssl-dev c-ares-dev
 ENV RUSTFLAGS="-Ctarget-feature=-crt-static"
 RUN cargo build --profile release-lto \
- --no-default-features --features quic,c-ares,hickory \
+ --no-default-features --features rustls-ring,quic,c-ares,hickory \
  -p g3proxy -p g3proxy-ctl
 
 FROM alpine:latest

diff --git a/g3proxy/docker/debian.Dockerfile b/g3proxy/docker/debian.Dockerfile
@@ -3,7 +3,7 @@ WORKDIR /usr/src/g3
 COPY . .
 RUN apt-get update && apt-get install -y libclang-dev cmake capnproto
 RUN cargo build --profile release-lto \
- --no-default-features --features vendored-boringssl,quic,vendored-c-ares,hickory \
+ --no-default-features --features vendored-boringssl,rustls-ring,quic,vendored-c-ares,hickory \
  -p g3proxy -p g3proxy-ctl
 
 FROM debian:bookworm-slim

diff --git a/g3proxy/docker/lua.alpine.Dockerfile b/g3proxy/docker/lua.alpine.Dockerfile
@@ -11,7 +11,7 @@ RUN apk add --no-cache musl-dev cmake capnproto-dev openssl-dev c-ares-dev lua5.
 ENV PKG_CONFIG_PATH=/usr/lib/pkgconfig
 ENV RUSTFLAGS="-Ctarget-feature=-crt-static"
 RUN cargo build --profile release-lto \
- --no-default-features --features quic,c-ares,hickory,lua54 \
+ --no-default-features --features rustls-ring,quic,c-ares,hickory,lua54 \
  -p g3proxy -p g3proxy-ctl -p g3proxy-lua
 
 FROM alpine:latest

diff --git a/g3proxy/g3proxy.spec b/g3proxy/g3proxy.spec
@@ -43,7 +43,7 @@ LUA_FEATURE=lua$LUA_VERSION
 SSL_FEATURE=$(sh scripts/package/detect_openssl_feature.sh)
 CARES_FEATURE=$(sh scripts/package/detect_c-ares_feature.sh)
 export CMAKE="%{cmake_real}"
-cargo build --frozen --profile %{build_profile} --no-default-features --features $LUA_FEATURE,$SSL_FEATURE,quic,$CARES_FEATURE,hickory --package g3proxy --package g3proxy-ctl --package g3proxy-lua
+cargo build --frozen --profile %{build_profile} --no-default-features --features $LUA_FEATURE,$SSL_FEATURE,rustls-ring,quic,$CARES_FEATURE,hickory --package g3proxy --package g3proxy-ctl --package g3proxy-lua
 cargo build --frozen --profile %{build_profile} --package g3proxy-ftp
 sh %{name}/service/generate_systemd.sh
 

diff --git a/g3proxy/src/main.rs b/g3proxy/src/main.rs
@@ -30,7 +30,7 @@ fn main() -> anyhow::Result<()> {
     rustls::crypto::aws_lc_rs::default_provider()
         .install_default()
         .unwrap();
-    #[cfg(not(feature = "rustls-aws-lc"))]
+    #[cfg(feature = "rustls-ring")]
     rustls::crypto::ring::default_provider()
         .install_default()
         .unwrap();

diff --git a/g3tiles/Cargo.toml b/g3tiles/Cargo.toml
@@ -58,9 +58,10 @@ g3tiles-proto = { path = "proto" }
 g3-build-env.workspace = true
 
 [features]
-default = ["quic"]
+default = ["quic", "rustls-ring"]
 quic = ["g3-daemon/quic", "g3-yaml/quinn", "g3-types/quinn", "dep:quinn"]
-rustls-aws-lc = ["rustls/aws-lc-rs"]
+rustls-ring = ["rustls/ring", "quinn?/rustls-ring"]
+rustls-aws-lc = ["rustls/aws-lc-rs", "quinn?/rustls-aws-lc-rs"]
 vendored-openssl = ["openssl/vendored", "openssl-probe"]
 vendored-tongsuo = ["openssl/tongsuo", "openssl-probe", "g3-yaml/tongsuo", "g3-types/tongsuo"]
 vendored-aws-lc = ["rustls-aws-lc", "openssl/aws-lc", "openssl-probe", "g3-types/aws-lc", "g3-openssl/aws-lc"]

diff --git a/g3tiles/debian/rules b/g3tiles/debian/rules
@@ -15,7 +15,7 @@ override_dh_auto_clean:
 override_dh_auto_build:
 	G3_PACKAGE_VERSION=$(DEB_VERSION) \
 	  cargo build --frozen --offline --profile $(BUILD_PROFILE) \
-	    --no-default-features --features $(SSL_FEATURE),quic \
+	    --no-default-features --features $(SSL_FEATURE),rustls-ring,quic \
 	    --package g3tiles --package g3tiles-ctl
 	sh $(PACKAGE_NAME)/service/generate_systemd.sh
 

diff --git a/g3tiles/g3tiles.spec b/g3tiles/g3tiles.spec
@@ -37,7 +37,7 @@ Generic reverse proxy for G3 Project
 G3_PACKAGE_VERSION="%{version}-%{release}"
 export G3_PACKAGE_VERSION
 SSL_FEATURE=$(sh scripts/package/detect_openssl_feature.sh)
-cargo build --frozen --offline --profile %{build_profile} --no-default-features --features $SSL_FEATURE,quic --package g3tiles --package g3tiles-ctl
+cargo build --frozen --offline --profile %{build_profile} --no-default-features --features $SSL_FEATURE,rustls-ring,quic --package g3tiles --package g3tiles-ctl
 sh %{name}/service/generate_systemd.sh
 
 

diff --git a/lib/g3-build-env/src/rustls.rs b/lib/g3-build-env/src/rustls.rs
@@ -17,10 +17,10 @@
 use std::env;
 
 pub fn check_rustls_provider() {
-    let provider = if env::var("CARGO_FEATURE_RUSTLS_AWS_LC").is_ok() {
-        "aws-lc"
-    } else {
-        "ring"
-    };
-    println!("cargo:rustc-env=G3_RUSTLS_PROVIDER={provider}");
+    if env::var("CARGO_FEATURE_RUSTLS_RING").is_ok() {
+        println!("cargo:rustc-env=G3_RUSTLS_PROVIDER=ring");
+    }
+    if env::var("CARGO_FEATURE_RUSTLS_AWS_LC").is_ok() {
+        println!("cargo:rustc-env=G3_RUSTLS_PROVIDER=aws-lc");
+    }
 }
diff --git a/lib/g3-msgpack/Cargo.toml b/lib/g3-msgpack/Cargo.toml
@@ -13,7 +13,6 @@ rmpv.workspace = true
 uuid.workspace = true
 atoi.workspace = true
 chrono = { workspace = true, features = ["std"] }
-rustls = { workspace = true, optional = true }
 rustls-pki-types = { workspace = true, optional = true, features = ["std"] }
 openssl = { workspace = true, optional = true }
 ip_network = { workspace = true, optional = true }
@@ -22,6 +21,6 @@ g3-geoip-types = { workspace = true, optional = true }
 
 [features]
 default = []
-rustls = ["g3-types/rustls", "dep:rustls", "dep:rustls-pki-types"]
+rustls = ["g3-types/rustls", "dep:rustls-pki-types"]
 openssl = ["g3-types/openssl", "dep:openssl"]
 geoip = ["dep:g3-geoip-types", "dep:ip_network"]
diff --git a/lib/g3-types/Cargo.toml b/lib/g3-types/Cargo.toml
@@ -59,10 +59,12 @@ quic = []
 auth-crypt = ["dep:digest", "dep:md-5", "dep:sha-1", "dep:blake3", "dep:hex"]
 resolve = ["dep:radix_trie", "dep:fastrand"]
 quinn = ["dep:quinn", "quic"]
-rustls = ["dep:rustls", "dep:rustls-pki-types", "dep:webpki-roots", "dep:rustls-native-certs", "dep:lru", "quinn?/rustls"]
+rustls = ["dep:rustls", "dep:rustls-pki-types", "dep:webpki-roots", "dep:rustls-native-certs", "dep:lru"]
+rustls-ring = ["rustls", "rustls/ring", "quinn?/rustls-ring"]
+rustls-aws-lc = ["rustls", "rustls/aws-lc-rs", "quinn?/rustls-aws-lc-rs"]
 openssl = ["dep:openssl", "dep:lru", "dep:bytes"]
 tongsuo = ["openssl", "openssl/tongsuo", "dep:brotli"]
-aws-lc = ["openssl", "openssl/aws-lc", "rustls?/aws-lc-rs", "dep:brotli"]
+aws-lc = ["openssl", "openssl/aws-lc", "dep:brotli"]
 boringssl = ["openssl", "openssl/boringssl", "dep:brotli"]
 acl-rule = ["resolve", "dep:ip_network", "dep:ip_network_table", "dep:regex", "dep:radix_trie"]
 http = ["dep:http", "dep:bytes", "dep:base64"]

diff --git a/lib/g3-types/src/net/rustls/ext.rs b/lib/g3-types/src/net/rustls/ext.rs
@@ -17,9 +17,9 @@
 use std::sync::Arc;
 
 use anyhow::anyhow;
-#[cfg(feature = "aws-lc")]
+#[cfg(feature = "rustls-aws-lc")]
 use rustls::crypto::aws_lc_rs::Ticketer;
-#[cfg(not(feature = "aws-lc"))]
+#[cfg(feature = "rustls-ring")]
 use rustls::crypto::ring::Ticketer;
 use rustls::server::{NoServerSessionStorage, ProducesTickets};
 use rustls::{ClientConnection, HandshakeKind, ServerConfig, ServerConnection};