diff --git a/Cargo.lock b/Cargo.lock index d9be74e84..cc8b5f515 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -382,6 +382,28 @@ dependencies = [ "arrayvec", ] +[[package]] +name = "aws-lc-rs" +version = "1.16.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0ec6fb3fe69024a75fa7e1bfb48aa6cf59706a101658ea01bfd33b2b248a038f" +dependencies = [ + "aws-lc-sys", + "zeroize", +] + +[[package]] +name = "aws-lc-sys" +version = "0.40.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f50037ee5e1e41e7b8f9d161680a725bd1626cb6f8c7e901f91f942850852fe7" +dependencies = [ + "cc", + "cmake", + "dunce", + "fs_extra", +] + [[package]] name = "axum" version = "0.8.9" @@ -876,6 +898,15 @@ dependencies = [ "http", ] +[[package]] +name = "cmake" +version = "0.1.58" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c0f78a02292a74a88ac736019ab962ece0bc380e3f977bf72e376c5d78ff0678" +dependencies = [ + "cc", +] + [[package]] name = "cmov" version = "0.5.3" @@ -931,6 +962,7 @@ dependencies = [ name = "conduwuit" version = "0.5.7" dependencies = [ + "aws-lc-rs", "clap", "conduwuit_admin", "conduwuit_api", @@ -949,6 +981,8 @@ dependencies = [ "opentelemetry-otlp", "opentelemetry_sdk", "parking_lot", + "reqwest 0.13.2", + "rustls", "sentry", "sentry-tower", "sentry-tracing", @@ -1771,6 +1805,12 @@ version = "0.0.13" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2647271c92754afcb174e758003cfd1cbf1e43e5a7853d7b1813e63e19e39a73" +[[package]] +name = "dunce" +version = "1.0.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813" + [[package]] name = "ed25519" version = "2.2.3" @@ -2047,6 +2087,12 @@ dependencies = [ "tokio", ] +[[package]] +name = "fs_extra" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c" + [[package]] name = "futf" version = "0.1.5" @@ -2168,8 +2214,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ff2abc00be7fca6ebc474524697ae276ad847ad0a6b3faa4bcb027e9a4614ad0" dependencies = [ "cfg-if", + "js-sys", "libc", "wasi", + "wasm-bindgen", ] [[package]] @@ -2260,6 +2308,34 @@ dependencies = [ "tracing", ] +[[package]] +name = "h3" +version = "0.0.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "10872b55cfb02a821b69dc7cf8dc6a71d6af25eb9a79662bec4a9d016056b3be" +dependencies = [ + "bytes", + "fastrand", + "futures-util", + "http", + "pin-project-lite", + "tokio", +] + +[[package]] +name = "h3-quinn" +version = "0.0.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8b2e732c8d91a74731663ac8479ab505042fbf547b9a207213ab7fbcbfc4f8b4" +dependencies = [ + "bytes", + "futures", + "h3", + "quinn", + "tokio", + "tokio-util", +] + [[package]] name = "half" version = "2.7.1" @@ -3162,6 +3238,12 @@ dependencies = [ "linked-hash-map", ] +[[package]] +name = "lru-slab" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "112b39cec0b298b6c1999fee3e31427f74f676e4cb9879ed1a121b43661a4154" + [[package]] name = "lz4-sys" version = "1.11.1+lz4-1.10.0" @@ -4208,6 +4290,63 @@ version = "2.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a993555f31e5a609f617c12db6250dedcac1b0a85076912c436e6fc9b2c8e6a3" +[[package]] +name = "quinn" +version = "0.11.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b9e20a958963c291dc322d98411f541009df2ced7b5a4f2bd52337638cfccf20" +dependencies = [ + "bytes", + "cfg_aliases", + "futures-io", + "pin-project-lite", + "quinn-proto", + "quinn-udp", + "rustc-hash", + "rustls", + "socket2", + "thiserror 2.0.18", + "tokio", + "tracing", + "web-time", +] + +[[package]] +name = "quinn-proto" +version = "0.11.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "434b42fec591c96ef50e21e886936e66d3cc3f737104fdb9b737c40ffb94c098" +dependencies = [ + "aws-lc-rs", + "bytes", + "getrandom 0.3.4", + "lru-slab", + "rand 0.9.4", + "ring", + "rustc-hash", + "rustls", + "rustls-pki-types", + "slab", + "thiserror 2.0.18", + "tinyvec", + "tracing", + "web-time", +] + +[[package]] +name = "quinn-udp" +version = "0.5.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "addec6a0dcad8a8d96a771f815f0eaf55f9d1805756410b39f5fa81332574cbd" +dependencies = [ + "cfg_aliases", + "libc", + "once_cell", + "socket2", + "tracing", + "windows-sys 0.52.0", +] + [[package]] name = "quote" version = "1.0.45" @@ -4464,6 +4603,8 @@ dependencies = [ "futures-core", "futures-util", "h2", + "h3", + "h3-quinn", "hickory-resolver", "http", "http-body", @@ -4476,6 +4617,7 @@ dependencies = [ "once_cell", "percent-encoding", "pin-project-lite", + "quinn", "rustls", "rustls-pki-types", "rustls-platform-verifier", @@ -4797,6 +4939,7 @@ version = "0.23.39" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7c2c118cb077cca2822033836dfb1b975355dfb784b5e8da48f7b6c5db74e60e" dependencies = [ + "aws-lc-rs", "log", "once_cell", "ring", @@ -4824,6 +4967,7 @@ version = "1.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "be040f8b0a225e40375822a563fa9524378b9d63112f53e19ffff34df5d33fdd" dependencies = [ + "web-time", "zeroize", ] @@ -4860,6 +5004,7 @@ version = "0.103.13" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "61c429a8649f110dddef65e2a5ad240f747e85f7758a6bccc7e5777bd33f756e" dependencies = [ + "aws-lc-rs", "ring", "rustls-pki-types", "untrusted", diff --git a/Cargo.toml b/Cargo.toml index 95a8fb6b4..b8f93cfcd 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -137,7 +137,6 @@ features = [ [workspace.dependencies.rustls] version = "0.23.25" default-features = false -features = ["ring"] [workspace.dependencies.reqwest] version = "0.13.2" diff --git a/docker/Dockerfile b/docker/Dockerfile index 45079f765..c2ca76bd5 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -162,7 +162,7 @@ ENV CONDUWUIT_VERSION_EXTRA=$CONDUWUIT_VERSION_EXTRA ENV CONTINUWUITY_VERSION_EXTRA=$CONTINUWUITY_VERSION_EXTRA ARG RUST_PROFILE=release -ARG CARGO_FEATURES="default,http3" +ARG CARGO_FEATURES="default" # Build the binary RUN --mount=type=cache,target=/usr/local/cargo/registry \ diff --git a/src/api/Cargo.toml b/src/api/Cargo.toml index c35f398d6..9f95c59c6 100644 --- a/src/api/Cargo.toml +++ b/src/api/Cargo.toml @@ -29,10 +29,6 @@ gzip_compression = [ "conduwuit-service/gzip_compression", "reqwest/gzip", ] -http3 = [ - "conduwuit-core/http3", - "conduwuit-service/http3", -] io_uring = [ "conduwuit-service/io_uring", ] diff --git a/src/core/Cargo.toml b/src/core/Cargo.toml index 0e2ae64fd..0436511b8 100644 --- a/src/core/Cargo.toml +++ b/src/core/Cargo.toml @@ -25,9 +25,6 @@ conduwuit_mods = [ gzip_compression = [ "reqwest/gzip", ] -http3 = [ - # "reqwest/http3", # TODO: Depends on aws-lc -] hardened_malloc = [ "dep:hardened_malloc-rs" ] diff --git a/src/main/Cargo.toml b/src/main/Cargo.toml index 02bf83325..8792add31 100644 --- a/src/main/Cargo.toml +++ b/src/main/Cargo.toml @@ -43,6 +43,7 @@ assets = [ default = [ "standard", "release_max_log_level", + "ring", "bindgen-runtime", # replace with bindgen-static on alpine ] standard = [ @@ -100,9 +101,14 @@ hardened_malloc = [ "conduwuit-core/hardened_malloc", ] http3 = [ - "conduwuit-api/http3", - "conduwuit-core/http3", - "conduwuit-service/http3", + "reqwest/http3" +] +ring = [ + "rustls/ring" +] +aws_lc_rs = [ + "rustls/aws_lc_rs", + "dep:aws-lc-rs" ] io_uring = [ "conduwuit-database/io_uring", @@ -238,6 +244,9 @@ tracing-subscriber.workspace = true tracing.workspace = true tracing-journald = { workspace = true, optional = true } parking_lot.workspace = true +reqwest = { workspace = true, default-features = false } +rustls = { workspace = true, default-features = false } +aws-lc-rs = { version = "1.16.3", default-features = false, optional = true } [target.'cfg(all(not(target_env = "msvc"), target_os = "linux"))'.dependencies] diff --git a/src/main/mod.rs b/src/main/mod.rs index c708829ec..f141b26c1 100644 --- a/src/main/mod.rs +++ b/src/main/mod.rs @@ -33,6 +33,18 @@ pub fn run_with_args(args: &Args) -> Result<()> { // Spawn deadlock detection thread deadlock::spawn(); + // Because we're not using rustls default-tls, we have to initialise a TLS + // provider + #[cfg(feature = "aws_lc_rs")] + rustls::crypto::aws_lc_rs::default_provider() + .install_default() + .expect("failed to initialise ring rustls crypto provider"); + + #[cfg(all(feature = "ring", not(feature = "aws_lc_rs")))] + rustls::crypto::ring::default_provider() + .install_default() + .expect("failed to initialise ring rustls crypto provider"); + let runtime = runtime::new(args)?; let server = Server::new(args, Some(runtime.handle()))?; diff --git a/src/router/serve/tls.rs b/src/router/serve/tls.rs index 713b5650d..55d44a3b7 100644 --- a/src/router/serve/tls.rs +++ b/src/router/serve/tls.rs @@ -24,13 +24,6 @@ pub(super) async fn serve( .key .as_ref() .ok_or_else(|| err!(Config("tls.key", "Missing required value in tls config section")))?; - - // we use ring for ruma and hashing state, but aws-lc-rs is the new default. - // without this, TLS mode will panic. - rustls::crypto::ring::default_provider() - .install_default() - .expect("failed to initialise ring rustls crypto provider"); - info!( "Note: It is strongly recommended that you use a reverse proxy instead of running \ conduwuit directly with TLS." diff --git a/src/service/Cargo.toml b/src/service/Cargo.toml index 7d9d90915..5e1822c15 100644 --- a/src/service/Cargo.toml +++ b/src/service/Cargo.toml @@ -33,9 +33,6 @@ gzip_compression = [ "conduwuit-core/gzip_compression", "reqwest/gzip", ] -http3 = [ - "conduwuit-core/http3", -] io_uring = [ "conduwuit-database/io_uring", ]