From 5b25d56b8ae0f259b0989a7647034bd2f783d40d Mon Sep 17 00:00:00 2001 From: Marko Malenic Date: Thu, 19 Sep 2024 17:19:40 +1000 Subject: [PATCH] fix: explicitly choose aws_lc_rs as the crypto provider --- Cargo.lock | 3 +++ htsget-actix/Cargo.toml | 1 + htsget-actix/src/lib.rs | 3 +++ htsget-actix/src/main.rs | 8 +++++++- htsget-axum/Cargo.toml | 1 + htsget-axum/src/main.rs | 5 +++++ htsget-axum/src/server/data.rs | 5 +++++ htsget-axum/src/server/ticket.rs | 3 +++ htsget-config/src/config/mod.rs | 5 ++--- htsget-config/src/tls/mod.rs | 3 +++ htsget-lambda/Cargo.toml | 1 + htsget-lambda/src/main.rs | 9 +++++++-- 12 files changed, 41 insertions(+), 6 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 508fab7d..7feb1a5c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2233,6 +2233,7 @@ dependencies = [ "http 0.2.12", "http 1.1.0", "reqwest", + "rustls 0.23.13", "rustls-pemfile 2.1.3", "serde", "serde_json", @@ -2259,6 +2260,7 @@ dependencies = [ "hyper 1.4.1", "hyper-util", "reqwest", + "rustls 0.23.13", "tempfile", "thiserror", "tokio", @@ -2328,6 +2330,7 @@ dependencies = [ "mime", "query_map", "regex", + "rustls 0.23.13", "serde", "serde_json", "tempfile", diff --git a/htsget-actix/Cargo.toml b/htsget-actix/Cargo.toml index b8c511b1..a36315d6 100644 --- a/htsget-actix/Cargo.toml +++ b/htsget-actix/Cargo.toml @@ -24,6 +24,7 @@ default = [] [dependencies] actix-web = { version = "4", features = ["rustls-0_23"] } +rustls = "0.23" actix-cors = "0.7" http_1 = { package = "http", version = "1" } http = "0.2" diff --git a/htsget-actix/src/lib.rs b/htsget-actix/src/lib.rs index 323ef1c4..2d7efb2b 100644 --- a/htsget-actix/src/lib.rs +++ b/htsget-actix/src/lib.rs @@ -147,6 +147,7 @@ mod tests { use actix_web::dev::ServiceResponse; use actix_web::{test, web, App}; use async_trait::async_trait; + use rustls::crypto::aws_lc_rs; use tempfile::TempDir; use htsget_axum::server::BindServer; @@ -261,6 +262,8 @@ mod tests { impl ActixTestServer { fn new_with_tls>(path: P) -> Self { + let _ = aws_lc_rs::default_provider().install_default(); + Self { config: config_with_tls(path), } diff --git a/htsget-actix/src/main.rs b/htsget-actix/src/main.rs index b71c5b0a..7a904370 100644 --- a/htsget-actix/src/main.rs +++ b/htsget-actix/src/main.rs @@ -1,3 +1,5 @@ +use rustls::crypto::aws_lc_rs; +use std::io; use tokio::select; use tracing::debug; @@ -7,7 +9,11 @@ use htsget_axum::server::data; use htsget_config::command; #[actix_web::main] -async fn main() -> std::io::Result<()> { +async fn main() -> io::Result<()> { + aws_lc_rs::default_provider() + .install_default() + .map_err(|_| io::Error::other("setting crypto provider"))?; + if let Some(path) = Config::parse_args_with_command(command!())? { let config = Config::from_path(&path)?; diff --git a/htsget-axum/Cargo.toml b/htsget-axum/Cargo.toml index 3d081fdd..15e20263 100644 --- a/htsget-axum/Cargo.toml +++ b/htsget-axum/Cargo.toml @@ -35,6 +35,7 @@ default = [] [dependencies] # Axum server hyper = { version = "1", features = ["http1", "http2", "server"] } +rustls = "0.23" hyper-util = "0.1" tower-http = { version = "0.5", features = ["trace", "cors", "fs"] } http = "1" diff --git a/htsget-axum/src/main.rs b/htsget-axum/src/main.rs index 5a41e2ff..291d861f 100644 --- a/htsget-axum/src/main.rs +++ b/htsget-axum/src/main.rs @@ -1,3 +1,4 @@ +use rustls::crypto::aws_lc_rs; use std::io; use tokio::select; use tracing::debug; @@ -8,6 +9,10 @@ use htsget_config::config::Config; #[tokio::main] async fn main() -> io::Result<()> { + aws_lc_rs::default_provider() + .install_default() + .map_err(|_| io::Error::other("setting crypto provider"))?; + if let Some(path) = Config::parse_args_with_command(command!()).expect("expected valid command parsing") { diff --git a/htsget-axum/src/server/data.rs b/htsget-axum/src/server/data.rs index ff641c81..ea269ee5 100644 --- a/htsget-axum/src/server/data.rs +++ b/htsget-axum/src/server/data.rs @@ -90,6 +90,7 @@ mod tests { use http::header::HeaderName; use http::{HeaderMap, Method}; use reqwest::{Client, ClientBuilder, RequestBuilder}; + use rustls::crypto::aws_lc_rs; use tempfile::{tempdir, TempDir}; use tokio::fs::{create_dir, File}; use tokio::io::AsyncWriteExt; @@ -209,6 +210,8 @@ mod tests { #[tokio::test] async fn test_tls_server() { + let _ = aws_lc_rs::default_provider().install_default(); + let (_, base_path) = create_local_test_files().await; let config = config_with_tls(base_path.path()).data_server().clone(); let server_config = config.into_tls().unwrap(); @@ -261,6 +264,8 @@ mod tests { } fn tls_formatter() -> BindServer { + let _ = aws_lc_rs::default_provider().install_default(); + let tmp_dir = tempdir().unwrap(); let config = config_with_tls(tmp_dir.path()).data_server().clone(); let server_config = config.into_tls().unwrap(); diff --git a/htsget-axum/src/server/ticket.rs b/htsget-axum/src/server/ticket.rs index 4d10427a..7f965cf5 100644 --- a/htsget-axum/src/server/ticket.rs +++ b/htsget-axum/src/server/ticket.rs @@ -118,6 +118,7 @@ mod tests { }; use http::header::HeaderName; use http::{Method, Request}; + use rustls::crypto::aws_lc_rs; use tempfile::TempDir; use tower::ServiceExt; @@ -208,6 +209,8 @@ mod tests { impl AxumTestServer { fn new_with_tls>(path: P) -> Self { + let _ = aws_lc_rs::default_provider().install_default(); + Self { config: config_with_tls(path), } diff --git a/htsget-config/src/config/mod.rs b/htsget-config/src/config/mod.rs index 4c9ac9ba..c2223c50 100644 --- a/htsget-config/src/config/mod.rs +++ b/htsget-config/src/config/mod.rs @@ -494,12 +494,11 @@ pub(crate) mod tests { use std::fmt::Display; use crate::config::parser::from_str; - use figment::Jail; - use http::uri::Authority; - use crate::storage::Storage; use crate::tls::tests::with_test_certificates; use crate::types::Scheme::Http; + use figment::Jail; + use http::uri::Authority; use super::*; diff --git a/htsget-config/src/tls/mod.rs b/htsget-config/src/tls/mod.rs index 30838140..e925a645 100644 --- a/htsget-config/src/tls/mod.rs +++ b/htsget-config/src/tls/mod.rs @@ -203,6 +203,7 @@ pub(crate) mod tests { use std::path::Path; use rcgen::generate_simple_self_signed; + use rustls::crypto::aws_lc_rs; use rustls_pemfile::{certs, pkcs8_private_keys}; use tempfile::TempDir; @@ -245,6 +246,8 @@ pub(crate) mod tests { where F: FnOnce(&Path, PrivateKeyDer<'static>, CertificateDer<'static>), { + let _ = aws_lc_rs::default_provider().install_default(); + let tmp_dir = TempDir::new().unwrap(); let key_path = tmp_dir.path().join("key.pem"); diff --git a/htsget-lambda/Cargo.toml b/htsget-lambda/Cargo.toml index 00968d12..85ca4430 100644 --- a/htsget-lambda/Cargo.toml +++ b/htsget-lambda/Cargo.toml @@ -25,6 +25,7 @@ default = [] [dependencies] tokio = { version = "1", features = ["macros", "rt-multi-thread"] } tower-http = { version = "0.5", features = ["cors"] } +rustls = "0.23" lambda_http = { version = "0.13" } lambda_runtime = { version = "0.13" } serde = { version = "1" } diff --git a/htsget-lambda/src/main.rs b/htsget-lambda/src/main.rs index 9187f09e..562c7a73 100644 --- a/htsget-lambda/src/main.rs +++ b/htsget-lambda/src/main.rs @@ -1,13 +1,18 @@ -use std::env::set_var; - use htsget_axum::server::ticket::TicketServer; use htsget_config::command; use htsget_config::config::Config; use lambda_http::{run, Error}; +use rustls::crypto::aws_lc_rs; +use std::env::set_var; +use std::io; use tracing::debug; #[tokio::main] async fn main() -> Result<(), Error> { + aws_lc_rs::default_provider() + .install_default() + .map_err(|_| io::Error::other("setting crypto provider"))?; + // Ignore the API gateway stage. // See https://github.com/awslabs/aws-lambda-rust-runtime/tree/main/lambda-http#integration-with-api-gateway-stages set_var("AWS_LAMBDA_HTTP_IGNORE_STAGE_IN_PATH", "true");