feat(tls): Support rustls-rustcrypto provider

Author: nabetti1720

Cargo.lock

@@ -266,7 +266,7 @@ deploy:
 	cd example/infrastructure && yarn deploy --require-approval never
 
 check:
-	cargo clippy --all-targets --features "lambda,macro,no-sdk,uncompressed,crypto-rust,tls-ring" -- -D warnings
+	cargo clippy --all-targets --features "lambda,macro,no-sdk,uncompressed,crypto-rust,tls-rust" -- -D warnings
 
 check-crates:
 	cargo metadata --no-deps --format-version 1 --quiet | \

Makefile

@@ -11,7 +11,8 @@ name = "llrt_test_tls"
 path = "src/lib.rs"
 
 [features]
-default = ["tls-ring"]
+default = ["tls-rust"]
+tls-rust = ["dep:rustls-rustcrypto"]
 tls-ring = ["rustls/ring"]
 tls-aws-lc = ["rustls/aws_lc_rs"]
 tls-graviola = ["dep:rustls-graviola"]
@@ -28,6 +29,7 @@ http = { version = "1", default-features = false }
 rustls = { version = "0.23", features = [
   "tls12",
 ], default-features = false }
+rustls-rustcrypto = { git = "https://github.com/RustCrypto/rustls-rustcrypto.git", version = "0.0.2-alpha", optional = true }
 rustls-graviola = { version = "0.3", optional = true }
 openssl = { version = "0.10", optional = true }
 tokio-openssl = { version = "0.6", optional = true }

libs/llrt_test_tls/Cargo.toml

@@ -4,14 +4,35 @@
 // FIXME this library is only needed until TLS is natively supported in wiremock.
 // See https://github.com/LukeMathWalker/wiremock-rs/issues/58
 
+#[cfg(all(feature = "tls-rust", feature = "tls-ring"))]
+compile_error!("Features `tls-rust` and `tls-ring` are mutually exclusive");
+
+#[cfg(all(feature = "tls-rust", feature = "tls-aws-lc"))]
+compile_error!("Features `tls-rust` and `tls-aws-lc` are mutually exclusive");
+
+#[cfg(all(feature = "tls-rust", feature = "tls-graviola"))]
+compile_error!("Features `tls-rust` and `tls-graviola` are mutually exclusive");
+
+#[cfg(all(feature = "tls-rust", feature = "tls-openssl"))]
+compile_error!("Features `tls-rust` and `tls-openssl` are mutually exclusive");
+
 #[cfg(all(feature = "tls-ring", feature = "tls-aws-lc"))]
-compile_error!("Features 'tls-ring' and 'tls-aws-lc' are mutually exclusive");
+compile_error!("Features `tls-ring` and `tls-aws-lc` are mutually exclusive");
 
 #[cfg(all(feature = "tls-ring", feature = "tls-graviola"))]
-compile_error!("Features 'tls-ring' and 'tls-graviola' are mutually exclusive");
+compile_error!("Features `tls-ring` and `tls-graviola` are mutually exclusive");
+
+#[cfg(all(feature = "tls-ring", feature = "tls-openssl"))]
+compile_error!("Features `tls-ring` and `tls-openssl` are mutually exclusive");
 
 #[cfg(all(feature = "tls-aws-lc", feature = "tls-graviola"))]
-compile_error!("Features 'tls-aws-lc' and 'tls-graviola' are mutually exclusive");
+compile_error!("Features `tls-aws-lc` and `tls-graviola` are mutually exclusive");
+
+#[cfg(all(feature = "tls-aws-lc", feature = "tls-openssl"))]
+compile_error!("Features `tls-aws-lc` and `tls-openssl` are mutually exclusive");
+
+#[cfg(all(feature = "tls-graviola", feature = "tls-openssl"))]
+compile_error!("Features `tls-graviola` and `tls-openssl` are mutually exclusive");
 
 use std::net::{Ipv4Addr, SocketAddr};
 

libs/llrt_test_tls/src/lib.rs

@@ -1,28 +1,37 @@
-#[cfg(any(feature = "tls-ring", feature = "tls-aws-lc", feature = "tls-graviola"))]
+#[cfg(any(
+    feature = "tls-rust",
+    feature = "tls-ring",
+    feature = "tls-aws-lc",
+    feature = "tls-graviola"
+))]
 use std::sync::Arc;
 
 #[cfg(any(
+    feature = "tls-rust",
     feature = "tls-ring",
     feature = "tls-aws-lc",
     feature = "tls-graviola",
     feature = "tls-openssl"
 ))]
 use hyper::service::service_fn;
 #[cfg(any(
+    feature = "tls-rust",
     feature = "tls-ring",
     feature = "tls-aws-lc",
     feature = "tls-graviola",
     feature = "tls-openssl"
 ))]
 use hyper_util::rt::{TokioExecutor, TokioIo};
 #[cfg(any(
+    feature = "tls-rust",
     feature = "tls-ring",
     feature = "tls-aws-lc",
     feature = "tls-graviola",
     feature = "tls-openssl"
 ))]
 use hyper_util::server::conn::auto::Builder;
 #[cfg(any(
+    feature = "tls-rust",
     feature = "tls-ring",
     feature = "tls-aws-lc",
     feature = "tls-graviola",
@@ -31,13 +40,19 @@ use hyper_util::server::conn::auto::Builder;
 use tokio::net::TcpListener;
 
 #[cfg(any(
+    feature = "tls-rust",
     feature = "tls-ring",
     feature = "tls-aws-lc",
     feature = "tls-graviola",
     feature = "tls-openssl"
 ))]
 use crate::MockServerCerts;
 
+#[cfg(feature = "tls-rust")]
+fn get_crypto_provider() -> Arc<rustls::crypto::CryptoProvider> {
+    Arc::new(rustls_rustcrypto::provider())
+}
+
 #[cfg(feature = "tls-ring")]
 fn get_crypto_provider() -> Arc<rustls::crypto::CryptoProvider> {
     Arc::new(rustls::crypto::ring::default_provider())
@@ -53,7 +68,12 @@ fn get_crypto_provider() -> Arc<rustls::crypto::CryptoProvider> {
     Arc::new(rustls_graviola::default_provider())
 }
 
-#[cfg(any(feature = "tls-ring", feature = "tls-aws-lc", feature = "tls-graviola"))]
+#[cfg(any(
+    feature = "tls-rust",
+    feature = "tls-ring",
+    feature = "tls-aws-lc",
+    feature = "tls-graviola"
+))]
 pub(super) async fn run(
     listener: TcpListener,
     certs: MockServerCerts,

libs/llrt_test_tls/src/server.rs

@@ -5,14 +5,15 @@ edition = "2021"
 license-file = "LICENSE"
 
 [features]
-default = ["macro", "tls-ring", "crypto-rust"]
+default = ["macro", "tls-rust", "crypto-rust"]
 macro = ["llrt_core/macro"]
 lambda = ["llrt_core/lambda"]
 no-sdk = ["llrt_core/no-sdk"]
 uncompressed = ["llrt_core/uncompressed"]
 bindgen = ["llrt_core/bindgen"]
 
 # TLS crypto backend features
+tls-rust = ["llrt_core/tls-rust"]
 tls-ring = ["llrt_core/tls-ring"]
 tls-aws-lc = ["llrt_core/tls-aws-lc"]
 tls-graviola = ["llrt_core/tls-graviola"]

llrt/Cargo.toml

@@ -5,14 +5,15 @@ edition = "2021"
 license-file = "LICENSE"
 
 [features]
-default = ["macro", "tls-ring", "crypto-rust"]
+default = ["macro", "tls-rust", "crypto-rust"]
 lambda = []
 no-sdk = []
 uncompressed = []
 macro = ["rquickjs/macro"]
 bindgen = ["rquickjs/bindgen"]
 
 # TLS crypto backend features
+tls-rust = ["llrt_modules/tls-rust"]
 tls-ring = ["rustls/ring", "llrt_modules/tls-ring"]
 tls-aws-lc = ["rustls/aws_lc_rs", "llrt_modules/tls-aws-lc"]
 tls-graviola = ["llrt_modules/tls-graviola"]

llrt_core/Cargo.toml

@@ -7,13 +7,28 @@ use tracing::warn;
 use crate::environment;
 use crate::modules::https::{set_http_version, set_pool_idle_timeout_seconds, HttpVersion};
 
-#[cfg(any(feature = "tls-ring", feature = "tls-aws-lc", feature = "tls-graviola"))]
+#[cfg(any(
+    feature = "tls-rust",
+    feature = "tls-ring",
+    feature = "tls-aws-lc",
+    feature = "tls-graviola"
+))]
 use std::{fs::File, io};
 
-#[cfg(any(feature = "tls-ring", feature = "tls-aws-lc", feature = "tls-graviola"))]
+#[cfg(any(
+    feature = "tls-rust",
+    feature = "tls-ring",
+    feature = "tls-aws-lc",
+    feature = "tls-graviola"
+))]
 use rustls::{pki_types::CertificateDer, version, SupportedProtocolVersion};
 
-#[cfg(any(feature = "tls-ring", feature = "tls-aws-lc", feature = "tls-graviola"))]
+#[cfg(any(
+    feature = "tls-rust",
+    feature = "tls-ring",
+    feature = "tls-aws-lc",
+    feature = "tls-graviola"
+))]
 use crate::modules::tls::{set_extra_ca_certs, set_tls_versions};
 
 #[cfg(feature = "tls-openssl")]
@@ -24,7 +39,12 @@ pub fn init() -> StdResult<(), Box<dyn std::error::Error + Send + Sync>> {
         set_pool_idle_timeout_seconds(pool_idle_timeout);
     }
 
-    #[cfg(any(feature = "tls-ring", feature = "tls-aws-lc", feature = "tls-graviola"))]
+    #[cfg(any(
+        feature = "tls-rust",
+        feature = "tls-ring",
+        feature = "tls-aws-lc",
+        feature = "tls-graviola"
+    ))]
     {
         if let Some(extra_ca_certs) = build_extra_ca_certs()? {
             set_extra_ca_certs(extra_ca_certs);
@@ -59,7 +79,12 @@ fn build_pool_idle_timeout() -> Option<u64> {
     Some(pool_idle_timeout)
 }
 
-#[cfg(any(feature = "tls-ring", feature = "tls-aws-lc", feature = "tls-graviola"))]
+#[cfg(any(
+    feature = "tls-rust",
+    feature = "tls-ring",
+    feature = "tls-aws-lc",
+    feature = "tls-graviola"
+))]
 fn build_extra_ca_certs() -> StdResult<Option<Vec<CertificateDer<'static>>>, io::Error> {
     if let Ok(extra_ca_certs) = env::var(environment::ENV_LLRT_EXTRA_CA_CERTS) {
         if !extra_ca_certs.is_empty() {
@@ -76,7 +101,12 @@ fn build_extra_ca_certs() -> StdResult<Option<Vec<CertificateDer<'static>>>, io:
     Ok(None)
 }
 
-#[cfg(any(feature = "tls-ring", feature = "tls-aws-lc", feature = "tls-graviola"))]
+#[cfg(any(
+    feature = "tls-rust",
+    feature = "tls-ring",
+    feature = "tls-aws-lc",
+    feature = "tls-graviola"
+))]
 fn build_tls_versions() -> Vec<&'static SupportedProtocolVersion> {
     match env::var(environment::ENV_LLRT_TLS_VERSION).as_deref() {
         Ok("1.3") => vec![&version::TLS13, &version::TLS12],

llrt_core/src/http.rs

@@ -8,10 +8,11 @@ repository = "https://github.com/awslabs/llrt"
 readme = "README.md"
 
 [features]
-default = ["base", "console", "tls-ring", "crypto-rust"]
+default = ["base", "console", "tls-rust", "crypto-rust"]
 lambda = ["base"]
 
 # TLS crypto backend features
+tls-rust = ["llrt_http?/tls-rust", "llrt_tls?/tls-rust", "llrt_fetch?/tls-rust"]
 tls-ring = ["llrt_http?/tls-ring", "llrt_tls?/tls-ring", "llrt_fetch?/tls-ring"]
 tls-aws-lc = ["llrt_http?/tls-aws-lc", "llrt_tls?/tls-aws-lc", "llrt_fetch?/tls-aws-lc"]
 tls-graviola = ["llrt_http?/tls-graviola", "llrt_tls?/tls-graviola", "llrt_fetch?/tls-graviola"]

llrt_modules/Cargo.toml

@@ -23,6 +23,7 @@ compression-rust = ["llrt_compression/all-rust"]
 webpki-roots = ["llrt_http/webpki-roots"]
 native-roots = ["llrt_http/native-roots"]
 
+tls-rust = ["llrt_http/tls-rust", "llrt_test_tls/tls-rust"]
 tls-ring = ["llrt_http/tls-ring", "llrt_test_tls/tls-ring"]
 tls-aws-lc = ["llrt_http/tls-aws-lc", "llrt_test_tls/tls-aws-lc"]
 tls-graviola = ["llrt_http/tls-graviola", "llrt_test_tls/tls-graviola"]