Enable use of aws-lc-rs instead of ring

.github/workflows/rust.yml

@@ -55,6 +55,16 @@ jobs:
       - run: cargo test --manifest-path fuzz/Cargo.toml
         if: ${{ matrix.rust }} == "stable"
 
+  test-aws-lc-rs:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@stable
+      - uses: Swatinem/rust-cache@v2
+      # Prevent feature unification from selecting *ring* as the crypto provider
+      - run: RUST_BACKTRACE=1 cargo test --manifest-path quinn-proto/Cargo.toml --no-default-features --features rustls-aws-lc-rs
+      - run: RUST_BACKTRACE=1 cargo test --manifest-path quinn/Cargo.toml --no-default-features --features rustls-aws-lc-rs,runtime-tokio
+
   msrv:
     runs-on: ubuntu-latest
     steps:

Cargo.toml

@@ -17,6 +17,7 @@ arbitrary = { version = "1.0.1", features = ["derive"] }
 async-io = "2"
 async-std = "1.11"
 assert_matches = "1.1"
+aws-lc-rs = { version = "1.9", default-features = false }
 bencher = "0.1.5"
 bytes = "1"
 clap = { version = "4", features = ["derive"] }
@@ -33,7 +34,7 @@ rand = "0.8"
 rcgen = "0.13"
 ring = "0.17"
 rustc-hash = "2"
-rustls = { version = "0.23.5", default-features = false, features = ["ring", "std"] }
+rustls = { version = "0.23.5", default-features = false, features = ["std"] }
 rustls-pemfile = "2"
 rustls-platform-verifier = "0.3"
 serde = { version = "1.0", features = ["derive"] }

deny.toml

@@ -6,9 +6,9 @@ allow = [
     "ISC",
     "MIT",
     "MPL-2.0",
+    "OpenSSL",
     "Unicode-DFS-2016",
 ]
-exceptions = [{ allow = ["ISC", "MIT", "OpenSSL"], name = "ring" }]
 private = { ignore = true }
 
 [[licenses.clarify]]

quinn-proto/Cargo.toml

@@ -14,8 +14,14 @@ workspace = ".."
 all-features = true
 
 [features]
-default = ["rustls", "log"]
-rustls = ["dep:rustls", "ring"]
+default = ["rustls-ring", "log"]
+aws-lc-rs = ["dep:aws-lc-rs", "aws-lc-rs/aws-lc-sys", "aws-lc-rs/prebuilt-nasm"]
+# For backwards compatibility, `rustls` forwards to `rustls-ring`
+rustls = ["rustls-ring"]
+# Enable rustls with the `aws-lc-rs` crypto provider
+rustls-aws-lc-rs = ["dep:rustls", "rustls/aws-lc-rs", "aws-lc-rs"]
+# Enable rustls with the `ring` crypto provider
+rustls-ring = ["dep:rustls", "rustls/ring", "ring"]
 ring = ["dep:ring"]
 # Enable rustls ring provider and direct ring usage
 # Provides `ClientConfig::with_platform_verifier()` convenience method
@@ -25,14 +31,15 @@ log = ["tracing/log"]
 
 [dependencies]
 arbitrary = { workspace = true, optional = true }
+aws-lc-rs = { workspace = true, optional = true }
 bytes = { workspace = true }
 rustc-hash = { workspace = true }
 rand = { workspace = true }
 ring = { workspace = true, optional = true }
 rustls = { workspace = true, optional = true }
 rustls-platform-verifier = { workspace = true, optional = true }
 slab = { workspace = true }
-thiserror = { workspace= true }
+thiserror = { workspace = true }
 tinyvec = { workspace = true, features = ["alloc"] }
 tracing = { workspace = true }
 

quinn-proto/src/cid_generator.rs

@@ -171,7 +171,6 @@ mod tests {
     use super::*;
 
     #[test]
-    #[cfg(feature = "ring")]
     fn validate_keyed_cid() {
         let mut generator = HashedConnectionIdGenerator::new();
         let cid = generator.generate_cid();

quinn-proto/src/config.rs

@@ -6,16 +6,14 @@ use std::{
     time::Duration,
 };
 
-#[cfg(feature = "ring")]
-use rand::RngCore;
-#[cfg(feature = "rustls")]
+#[cfg(any(feature = "rustls-aws-lc-rs", feature = "rustls-ring"))]
 use rustls::client::WebPkiServerVerifier;
-#[cfg(feature = "rustls")]
+#[cfg(any(feature = "rustls-aws-lc-rs", feature = "rustls-ring"))]
 use rustls::pki_types::{CertificateDer, PrivateKeyDer};
 use thiserror::Error;
 
-#[cfg(feature = "rustls")]
-use crate::crypto::rustls::QuicServerConfig;
+#[cfg(any(feature = "rustls-aws-lc-rs", feature = "rustls-ring"))]
+use crate::crypto::rustls::{configured_provider, QuicServerConfig};
 use crate::{
     cid_generator::{ConnectionIdGenerator, HashedConnectionIdGenerator},
     congestion,
@@ -759,16 +757,19 @@ impl fmt::Debug for EndpointConfig {
     }
 }
 
-#[cfg(feature = "ring")]
+#[cfg(any(feature = "aws-lc-rs", feature = "ring"))]
 impl Default for EndpointConfig {
     fn default() -> Self {
+        #[cfg(all(feature = "aws-lc-rs", not(feature = "ring")))]
+        use aws_lc_rs::hmac;
+        use rand::RngCore;
+        #[cfg(feature = "ring")]
+        use ring::hmac;
+
         let mut reset_key = [0; 64];
         rand::thread_rng().fill_bytes(&mut reset_key);
 
-        Self::new(Arc::new(ring::hmac::Key::new(
-            ring::hmac::HMAC_SHA256,
-            &reset_key,
-        )))
+        Self::new(Arc::new(hmac::Key::new(hmac::HMAC_SHA256, &reset_key)))
     }
 }
 
@@ -919,7 +920,7 @@ impl ServerConfig {
     }
 }
 
-#[cfg(feature = "rustls")]
+#[cfg(any(feature = "rustls-aws-lc-rs", feature = "rustls-ring"))]
 impl ServerConfig {
     /// Create a server config with the given certificate chain to be presented to clients
     ///
@@ -934,16 +935,22 @@ impl ServerConfig {
     }
 }
 
-#[cfg(feature = "ring")]
+#[cfg(any(feature = "aws-lc-rs", feature = "ring"))]
 impl ServerConfig {
     /// Create a server config with the given [`crypto::ServerConfig`]
     ///
     /// Uses a randomized handshake token key.
     pub fn with_crypto(crypto: Arc<dyn crypto::ServerConfig>) -> Self {
+        #[cfg(all(feature = "aws-lc-rs", not(feature = "ring")))]
+        use aws_lc_rs::hkdf;
+        use rand::RngCore;
+        #[cfg(feature = "ring")]
+        use ring::hkdf;
+
         let rng = &mut rand::thread_rng();
         let mut master_key = [0u8; 64];
         rng.fill_bytes(&mut master_key);
-        let master_key = ring::hkdf::Salt::new(ring::hkdf::HKDF_SHA256, &[]).extract(&master_key);
+        let master_key = hkdf::Salt::new(hkdf::HKDF_SHA256, &[]).extract(&master_key);
 
         Self::new(crypto, Arc::new(master_key))
     }
@@ -1030,7 +1037,7 @@ impl ClientConfig {
     }
 }
 
-#[cfg(feature = "rustls")]
+#[cfg(any(feature = "rustls-aws-lc-rs", feature = "rustls-ring"))]
 impl ClientConfig {
     /// Create a client configuration that trusts the platform's native roots
     #[cfg(feature = "platform-verifier")]
@@ -1045,7 +1052,7 @@ impl ClientConfig {
         roots: Arc<rustls::RootCertStore>,
     ) -> Result<Self, rustls::client::VerifierBuilderError> {
         Ok(Self::new(Arc::new(crypto::rustls::QuicClientConfig::new(
-            WebPkiServerVerifier::builder(roots).build()?,
+            WebPkiServerVerifier::builder_with_provider(roots, configured_provider()).build()?,
         ))))
     }
 }

quinn-proto/src/crypto.rs

@@ -18,10 +18,10 @@ use crate::{
 };
 
 /// Cryptography interface based on *ring*
-#[cfg(feature = "ring")]
-pub(crate) mod ring;
+#[cfg(any(feature = "aws-lc-rs", feature = "ring"))]
+pub(crate) mod ring_like;
 /// TLS interface based on rustls
-#[cfg(feature = "rustls")]
+#[cfg(any(feature = "rustls-aws-lc-rs", feature = "rustls-ring"))]
 pub mod rustls;
 
 /// A cryptographic session (commonly TLS)

quinn-proto/src/crypto/ring.rs → quinn-proto/src/crypto/ring_like.rs

@@ -1,4 +1,7 @@
-use ring::{aead, hkdf, hmac};
+#[cfg(all(feature = "aws-lc-rs", not(feature = "ring")))]
+use aws_lc_rs::{aead, error, hkdf, hmac};
+#[cfg(feature = "ring")]
+use ring::{aead, error, hkdf, hmac};
 
 use crate::crypto::{self, CryptoError};
 
@@ -31,8 +34,8 @@ impl crypto::HandshakeTokenKey for hkdf::Prk {
 
 impl crypto::AeadKey for aead::LessSafeKey {
     fn seal(&self, data: &mut Vec<u8>, additional_data: &[u8]) -> Result<(), CryptoError> {
-        let aad = ring::aead::Aad::from(additional_data);
-        let zero_nonce = ring::aead::Nonce::assume_unique_for_key([0u8; 12]);
+        let aad = aead::Aad::from(additional_data);
+        let zero_nonce = aead::Nonce::assume_unique_for_key([0u8; 12]);
         Ok(self.seal_in_place_append_tag(zero_nonce, aad, data)?)
     }
 
@@ -41,14 +44,14 @@ impl crypto::AeadKey for aead::LessSafeKey {
         data: &'a mut [u8],
         additional_data: &[u8],
     ) -> Result<&'a mut [u8], CryptoError> {
-        let aad = ring::aead::Aad::from(additional_data);
-        let zero_nonce = ring::aead::Nonce::assume_unique_for_key([0u8; 12]);
+        let aad = aead::Aad::from(additional_data);
+        let zero_nonce = aead::Nonce::assume_unique_for_key([0u8; 12]);
         Ok(self.open_in_place(zero_nonce, aad, data)?)
     }
 }
 
-impl From<ring::error::Unspecified> for CryptoError {
-    fn from(_: ring::error::Unspecified) -> Self {
+impl From<error::Unspecified> for CryptoError {
+    fn from(_: error::Unspecified) -> Self {
         Self
     }
 }

quinn-proto/src/crypto/rustls.rs

@@ -1,6 +1,9 @@
 use std::{any::Any, io, str, sync::Arc};
 
+#[cfg(all(feature = "aws-lc-rs", not(feature = "ring")))]
+use aws_lc_rs::aead;
 use bytes::BytesMut;
+#[cfg(feature = "ring")]
 use ring::aead;
 pub use rustls::Error;
 use rustls::{
@@ -307,14 +310,12 @@ impl QuicClientConfig {
     }
 
     pub(crate) fn inner(verifier: Arc<dyn ServerCertVerifier>) -> rustls::ClientConfig {
-        let mut config = rustls::ClientConfig::builder_with_provider(
-            rustls::crypto::ring::default_provider().into(),
-        )
-        .with_protocol_versions(&[&rustls::version::TLS13])
-        .unwrap() // The *ring* default provider supports TLS 1.3
-        .dangerous()
-        .with_custom_certificate_verifier(verifier)
-        .with_no_client_auth();
+        let mut config = rustls::ClientConfig::builder_with_provider(configured_provider())
+            .with_protocol_versions(&[&rustls::version::TLS13])
+            .unwrap() // The default providers support TLS 1.3
+            .dangerous()
+            .with_custom_certificate_verifier(verifier)
+            .with_no_client_auth();
 
         config.enable_early_data = true;
         config
@@ -446,13 +447,11 @@ impl QuicServerConfig {
         cert_chain: Vec<CertificateDer<'static>>,
         key: PrivateKeyDer<'static>,
     ) -> Result<rustls::ServerConfig, rustls::Error> {
-        let mut inner = rustls::ServerConfig::builder_with_provider(
-            rustls::crypto::ring::default_provider().into(),
-        )
-        .with_protocol_versions(&[&rustls::version::TLS13])
-        .unwrap() // The *ring* default provider supports TLS 1.3
-        .with_no_client_auth()
-        .with_single_cert(cert_chain, key)?;
+        let mut inner = rustls::ServerConfig::builder_with_provider(configured_provider())
+            .with_protocol_versions(&[&rustls::version::TLS13])
+            .unwrap() // The *ring* default provider supports TLS 1.3
+            .with_no_client_auth()
+            .with_single_cert(cert_chain, key)?;
 
         inner.max_early_data_size = u32::MAX;
         Ok(inner)
@@ -549,6 +548,14 @@ pub(crate) fn initial_suite_from_provider(
         .flatten()
 }
 
+pub(crate) fn configured_provider() -> Arc<rustls::crypto::CryptoProvider> {
+    #[cfg(all(feature = "aws-lc-rs", not(feature = "ring")))]
+    let provider = rustls::crypto::aws_lc_rs::default_provider();
+    #[cfg(feature = "ring")]
+    let provider = rustls::crypto::ring::default_provider();
+    Arc::new(provider)
+}
+
 fn to_vec(params: &TransportParameters) -> Vec<u8> {
     let mut bytes = Vec::new();
     params.write(&mut bytes);

quinn-proto/src/lib.rs

@@ -32,7 +32,7 @@ mod cid_queue;
 pub mod coding;
 mod constant_time;
 mod range_set;
-#[cfg(all(test, feature = "rustls"))]
+#[cfg(all(test, any(feature = "rustls-aws-lc-rs", feature = "rustls-ring")))]
 mod tests;
 pub mod transport_parameters;
 mod varint;

quinn-proto/src/packet.rs

@@ -898,8 +898,6 @@ impl SpaceId {
 #[cfg(test)]
 mod tests {
     use super::*;
-    #[cfg(feature = "rustls")]
-    use crate::DEFAULT_SUPPORTED_VERSIONS;
     use hex_literal::hex;
     use std::io;
 
@@ -936,7 +934,7 @@ mod tests {
         }
     }
 
-    #[cfg(feature = "rustls")]
+    #[cfg(any(feature = "rustls-aws-lc-rs", feature = "rustls-ring"))]
     #[test]
     fn header_encoding() {
         use crate::crypto::rustls::{initial_keys, initial_suite_from_provider};
@@ -955,7 +953,7 @@ mod tests {
             src_cid: ConnectionId::new(&[]),
             dst_cid: dcid,
             token: Bytes::new(),
-            version: DEFAULT_SUPPORTED_VERSIONS[0],
+            version: crate::DEFAULT_SUPPORTED_VERSIONS[0],
         });
         let encode = header.encode(&mut buf);
         let header_len = buf.len();
@@ -979,7 +977,7 @@ mod tests {
         );
 
         let server = initial_keys(Version::V1, &dcid, Side::Server, &suite);
-        let supported_versions = DEFAULT_SUPPORTED_VERSIONS.to_vec();
+        let supported_versions = crate::DEFAULT_SUPPORTED_VERSIONS.to_vec();
         let decode = PartialDecode::new(
             buf.as_slice().into(),
             &FixedLengthConnectionIdParser::new(0),

quinn-proto/src/tests/mod.rs

@@ -7,9 +7,12 @@ use std::{
 };
 
 use assert_matches::assert_matches;
+#[cfg(all(feature = "aws-lc-rs", not(feature = "ring")))]
+use aws_lc_rs::hmac;
 use bytes::{Bytes, BytesMut};
 use hex_literal::hex;
 use rand::RngCore;
+#[cfg(feature = "ring")]
 use ring::hmac;
 use rustls::{
     pki_types::{CertificateDer, PrivateKeyDer, PrivatePkcs8KeyDer},

quinn-proto/src/tests/util.rs

@@ -21,7 +21,7 @@ use rustls::{
 };
 use tracing::{info_span, trace};
 
-use super::crypto::rustls::{QuicClientConfig, QuicServerConfig};
+use super::crypto::rustls::{configured_provider, QuicClientConfig, QuicServerConfig};
 use super::*;
 
 pub(super) const DEFAULT_MTU: usize = 1452;
@@ -640,7 +640,7 @@ fn client_crypto_inner(
     }
 
     let mut inner = QuicClientConfig::inner(
-        WebPkiServerVerifier::builder(Arc::new(roots))
+        WebPkiServerVerifier::builder_with_provider(Arc::new(roots), configured_provider())
             .build()
             .unwrap(),
     );