Add aws_lc_rs feature and set it as default (#56)
This commit is contained in:
parent
2a3ea513a7
commit
a9c8fc4dbc
|
@ -21,12 +21,17 @@ jobs:
|
||||||
|
|
||||||
runs-on: ${{ matrix.os }}
|
runs-on: ${{ matrix.os }}
|
||||||
|
|
||||||
|
env:
|
||||||
|
AWS_LC_SYS_NO_ASM: 1
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v4
|
||||||
- uses: dtolnay/rust-toolchain@master
|
- uses: dtolnay/rust-toolchain@master
|
||||||
with:
|
with:
|
||||||
toolchain: ${{ matrix.rust }}
|
toolchain: ${{ matrix.rust }}
|
||||||
- run: cargo test --all-features --all-targets
|
- run: cargo check
|
||||||
|
- run: cargo test
|
||||||
|
- run: cargo test --no-default-features --features hyper-rustls,aws-lc-rs
|
||||||
|
|
||||||
msrv:
|
msrv:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
|
14
Cargo.toml
14
Cargo.toml
|
@ -12,15 +12,19 @@ keywords = ["letsencrypt", "acme"]
|
||||||
categories = ["web-programming", "api-bindings"]
|
categories = ["web-programming", "api-bindings"]
|
||||||
|
|
||||||
[features]
|
[features]
|
||||||
default = ["hyper-rustls"]
|
default = ["hyper-rustls", "ring"]
|
||||||
|
ring = ["dep:ring", "hyper-rustls?/ring", "rcgen/ring"]
|
||||||
|
aws-lc-rs = ["dep:aws-lc-rs", "hyper-rustls?/aws-lc-rs", "rcgen/aws_lc_rs"]
|
||||||
|
fips = ["aws-lc-rs", "aws-lc-rs?/fips"]
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
|
aws-lc-rs = { version = "1.8.0", optional = true }
|
||||||
base64 = "0.21.0"
|
base64 = "0.21.0"
|
||||||
hyper = { version = "1.3.1", features = ["client", "http1", "http2"] }
|
hyper = { version = "1.3.1", features = ["client", "http1", "http2"] }
|
||||||
hyper-rustls = { version = "0.27", default-features = false, features = ["http1", "http2", "native-tokio", "tls12", "rustls-native-certs", "ring"], optional = true }
|
hyper-rustls = { version = "0.27", default-features = false, features = ["http1", "http2", "native-tokio", "tls12", "rustls-native-certs"], optional = true }
|
||||||
hyper-util = { version = "0.1.5", features = ["client", "client-legacy", "http1", "http2", "tokio"]}
|
hyper-util = { version = "0.1.5", features = ["client", "client-legacy", "http1", "http2", "tokio"] }
|
||||||
http-body-util = "0.1.2"
|
http-body-util = "0.1.2"
|
||||||
ring = { version = "0.17", features = ["std"] }
|
ring = { version = "0.17", features = ["std"], optional = true }
|
||||||
rustls-pki-types = "1.1.0"
|
rustls-pki-types = "1.1.0"
|
||||||
serde = { version = "1.0.104", features = ["derive"] }
|
serde = { version = "1.0.104", features = ["derive"] }
|
||||||
serde_json = "1.0.78"
|
serde_json = "1.0.78"
|
||||||
|
@ -29,7 +33,7 @@ thiserror = "1.0.30"
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
anyhow = "1.0.66"
|
anyhow = "1.0.66"
|
||||||
clap = { version = "4.0.29", features = ["derive"] }
|
clap = { version = "4.0.29", features = ["derive"] }
|
||||||
rcgen = "0.12"
|
rcgen = { version = "0.12", default-features = false, features = ["pem"] }
|
||||||
tokio = { version = "1.22.0", features = ["macros", "rt", "rt-multi-thread", "time"] }
|
tokio = { version = "1.22.0", features = ["macros", "rt", "rt-multi-thread", "time"] }
|
||||||
tracing = "0.1.37"
|
tracing = "0.1.37"
|
||||||
tracing-subscriber = "0.3.16"
|
tracing-subscriber = "0.3.16"
|
||||||
|
|
27
src/lib.rs
27
src/lib.rs
|
@ -3,6 +3,10 @@
|
||||||
#![warn(unreachable_pub)]
|
#![warn(unreachable_pub)]
|
||||||
#![warn(missing_docs)]
|
#![warn(missing_docs)]
|
||||||
|
|
||||||
|
#[cfg(feature = "aws-lc-rs")]
|
||||||
|
pub(crate) use aws_lc_rs as ring_like;
|
||||||
|
#[cfg(all(feature = "ring", not(feature = "aws-lc-rs")))]
|
||||||
|
pub(crate) use ring as ring_like;
|
||||||
use std::fmt;
|
use std::fmt;
|
||||||
use std::future::Future;
|
use std::future::Future;
|
||||||
use std::pin::Pin;
|
use std::pin::Pin;
|
||||||
|
@ -13,14 +17,14 @@ use http_body_util::{BodyExt, Full};
|
||||||
use hyper::body::{Bytes, Incoming};
|
use hyper::body::{Bytes, Incoming};
|
||||||
use hyper::header::{CONTENT_TYPE, LOCATION};
|
use hyper::header::{CONTENT_TYPE, LOCATION};
|
||||||
use hyper::{Method, Request, Response, StatusCode};
|
use hyper::{Method, Request, Response, StatusCode};
|
||||||
#[cfg(feature = "hyper-rustls")]
|
use hyper_util::client::legacy::connect::Connect;
|
||||||
use hyper_util::client::legacy::connect::{Connect, HttpConnector};
|
|
||||||
use hyper_util::client::legacy::Client as HyperClient;
|
use hyper_util::client::legacy::Client as HyperClient;
|
||||||
use hyper_util::rt::TokioExecutor;
|
#[cfg(feature = "hyper-rustls")]
|
||||||
use ring::digest::{digest, SHA256};
|
use hyper_util::{client::legacy::connect::HttpConnector, rt::TokioExecutor};
|
||||||
use ring::rand::SystemRandom;
|
use ring_like::digest::{digest, SHA256};
|
||||||
use ring::signature::{EcdsaKeyPair, ECDSA_P256_SHA256_FIXED_SIGNING};
|
use ring_like::rand::SystemRandom;
|
||||||
use ring::{hmac, pkcs8};
|
use ring_like::signature::{EcdsaKeyPair, ECDSA_P256_SHA256_FIXED_SIGNING};
|
||||||
|
use ring_like::{hmac, pkcs8};
|
||||||
use serde::de::DeserializeOwned;
|
use serde::de::DeserializeOwned;
|
||||||
use serde::Serialize;
|
use serde::Serialize;
|
||||||
|
|
||||||
|
@ -555,7 +559,10 @@ impl Key {
|
||||||
fn generate() -> Result<(Self, pkcs8::Document), Error> {
|
fn generate() -> Result<(Self, pkcs8::Document), Error> {
|
||||||
let rng = SystemRandom::new();
|
let rng = SystemRandom::new();
|
||||||
let pkcs8 = EcdsaKeyPair::generate_pkcs8(&ECDSA_P256_SHA256_FIXED_SIGNING, &rng)?;
|
let pkcs8 = EcdsaKeyPair::generate_pkcs8(&ECDSA_P256_SHA256_FIXED_SIGNING, &rng)?;
|
||||||
|
#[cfg(all(feature = "ring", not(feature = "aws-lc-rs")))]
|
||||||
let key = EcdsaKeyPair::from_pkcs8(&ECDSA_P256_SHA256_FIXED_SIGNING, pkcs8.as_ref(), &rng)?;
|
let key = EcdsaKeyPair::from_pkcs8(&ECDSA_P256_SHA256_FIXED_SIGNING, pkcs8.as_ref(), &rng)?;
|
||||||
|
#[cfg(feature = "aws-lc-rs")]
|
||||||
|
let key = EcdsaKeyPair::from_pkcs8(&ECDSA_P256_SHA256_FIXED_SIGNING, pkcs8.as_ref())?;
|
||||||
let thumb = BASE64_URL_SAFE_NO_PAD.encode(Jwk::thumb_sha256(&key)?);
|
let thumb = BASE64_URL_SAFE_NO_PAD.encode(Jwk::thumb_sha256(&key)?);
|
||||||
|
|
||||||
Ok((
|
Ok((
|
||||||
|
@ -571,7 +578,11 @@ impl Key {
|
||||||
|
|
||||||
fn from_pkcs8_der(pkcs8_der: &[u8]) -> Result<Self, Error> {
|
fn from_pkcs8_der(pkcs8_der: &[u8]) -> Result<Self, Error> {
|
||||||
let rng = SystemRandom::new();
|
let rng = SystemRandom::new();
|
||||||
|
#[cfg(all(feature = "ring", not(feature = "aws-lc-rs")))]
|
||||||
let key = EcdsaKeyPair::from_pkcs8(&ECDSA_P256_SHA256_FIXED_SIGNING, pkcs8_der, &rng)?;
|
let key = EcdsaKeyPair::from_pkcs8(&ECDSA_P256_SHA256_FIXED_SIGNING, pkcs8_der, &rng)?;
|
||||||
|
#[cfg(feature = "aws-lc-rs")]
|
||||||
|
let key = EcdsaKeyPair::from_pkcs8(&ECDSA_P256_SHA256_FIXED_SIGNING, pkcs8_der)?;
|
||||||
|
|
||||||
let thumb = BASE64_URL_SAFE_NO_PAD.encode(Jwk::thumb_sha256(&key)?);
|
let thumb = BASE64_URL_SAFE_NO_PAD.encode(Jwk::thumb_sha256(&key)?);
|
||||||
|
|
||||||
Ok(Self {
|
Ok(Self {
|
||||||
|
@ -584,7 +595,7 @@ impl Key {
|
||||||
}
|
}
|
||||||
|
|
||||||
impl Signer for Key {
|
impl Signer for Key {
|
||||||
type Signature = ring::signature::Signature;
|
type Signature = ring_like::signature::Signature;
|
||||||
|
|
||||||
fn header<'n, 'u: 'n, 's: 'u>(&'s self, nonce: Option<&'n str>, url: &'u str) -> Header<'n> {
|
fn header<'n, 'u: 'n, 's: 'u>(&'s self, nonce: Option<&'n str>, url: &'u str) -> Header<'n> {
|
||||||
debug_assert!(nonce.is_some());
|
debug_assert!(nonce.is_some());
|
||||||
|
|
12
src/types.rs
12
src/types.rs
|
@ -1,11 +1,15 @@
|
||||||
use std::fmt;
|
use std::fmt;
|
||||||
|
|
||||||
|
#[cfg(feature = "aws-lc-rs")]
|
||||||
|
pub(crate) use aws_lc_rs as ring_like;
|
||||||
use base64::prelude::{Engine, BASE64_URL_SAFE_NO_PAD};
|
use base64::prelude::{Engine, BASE64_URL_SAFE_NO_PAD};
|
||||||
use http_body_util::BodyExt;
|
use http_body_util::BodyExt;
|
||||||
use hyper::body::Incoming;
|
use hyper::body::Incoming;
|
||||||
use hyper::Response;
|
use hyper::Response;
|
||||||
use ring::digest::{digest, Digest, SHA256};
|
#[cfg(all(feature = "ring", not(feature = "aws-lc-rs")))]
|
||||||
use ring::signature::{EcdsaKeyPair, KeyPair};
|
pub(crate) use ring as ring_like;
|
||||||
|
use ring_like::digest::{digest, Digest, SHA256};
|
||||||
|
use ring_like::signature::{EcdsaKeyPair, KeyPair};
|
||||||
use rustls_pki_types::CertificateDer;
|
use rustls_pki_types::CertificateDer;
|
||||||
use serde::de::DeserializeOwned;
|
use serde::de::DeserializeOwned;
|
||||||
use serde::ser::SerializeMap;
|
use serde::ser::SerializeMap;
|
||||||
|
@ -25,10 +29,10 @@ pub enum Error {
|
||||||
Base64(#[from] base64::DecodeError),
|
Base64(#[from] base64::DecodeError),
|
||||||
/// Failed from cryptographic operations
|
/// Failed from cryptographic operations
|
||||||
#[error("cryptographic operation failed: {0}")]
|
#[error("cryptographic operation failed: {0}")]
|
||||||
Crypto(#[from] ring::error::Unspecified),
|
Crypto(#[from] ring_like::error::Unspecified),
|
||||||
/// Failed to instantiate a private key
|
/// Failed to instantiate a private key
|
||||||
#[error("invalid key bytes: {0}")]
|
#[error("invalid key bytes: {0}")]
|
||||||
CryptoKey(#[from] ring::error::KeyRejected),
|
CryptoKey(#[from] ring_like::error::KeyRejected),
|
||||||
/// HTTP failure
|
/// HTTP failure
|
||||||
#[error("HTTP request failure: {0}")]
|
#[error("HTTP request failure: {0}")]
|
||||||
Http(#[from] hyper::http::Error),
|
Http(#[from] hyper::http::Error),
|
||||||
|
|
Loading…
Reference in New Issue