From 13eb268616fcaeef36ef91cb5269fa1a7cf80ee1 Mon Sep 17 00:00:00 2001 From: 0x676e67 Date: Thu, 23 Jan 2025 10:08:15 +0800 Subject: [PATCH] feat: replace once_cell with LazyLock (#38) * RTG-3333 Support X25519MLKEM768 by default, but don't sent it as client X25519MLKEM768 is the standardised successor of the preliminary X25519Kyber768Draft00. Latest browsers have switched to X25519MLKEM768. Cloudflare supports both on the edge. We've had support for X25519MLKEM768 in this crate for a while, but didn't enable by default. We're now enabling serverside support by default. We also let clients advertise support when set to kx-client-pq-supported. We don't enable support by default yet for clients set to kx-client-pq-preferred, as that would cause an extra round-trip due to HelloRetryRequest if the server doesn't support X25519MLKEM768 yet. BoringSSL against which we build must support X25519MLKEM768, otherwise this will fail. * replace once_cell with LazyLock We can drop the once_cell dependency since the same functionality is implemented in std now. Requires bumping MSRV to 1.80. * fix manual_c_str_literals clippy warning --------- Co-authored-by: Bas Westerbaan Co-authored-by: Alessandro Ghedini --- Cargo.toml | 1 - boring/Cargo.toml | 3 +-- boring/src/ssl/async_callbacks.rs | 23 ++++++++++++----------- boring/src/ssl/bio.rs | 2 +- boring/src/ssl/mod.rs | 16 +++++++++------- boring/src/ssl/test/private_key_method.rs | 6 ++---- hyper-boring/Cargo.toml | 2 +- hyper-boring/src/lib.rs | 6 +++--- tokio-boring/Cargo.toml | 1 - 9 files changed, 29 insertions(+), 31 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 474cce05..19f47d68 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -44,7 +44,6 @@ hyper1 = { package = "hyper", version = "1" } hyper-util = "0.1.6" hyper0 = { package = "hyper", version = "0.14", default-features = false } linked_hash_set = "0.1" -once_cell = "1.0" openssl-macros = "0.1.1" tower = { version = "0.4", default-features = false, features = ["util"] } tower-layer = "0.3" diff --git a/boring/Cargo.toml b/boring/Cargo.toml index e8afa4d5..79c69441 100644 --- a/boring/Cargo.toml +++ b/boring/Cargo.toml @@ -10,7 +10,7 @@ readme = "README.md" keywords = ["crypto", "tls", "ssl", "dtls"] categories = ["cryptography", "api-bindings"] edition = { workspace = true } -rust-version = "1.70" +rust-version = "1.80" [package.metadata.docs.rs] features = ["pq-experimental", "underscore-wildcards"] @@ -74,7 +74,6 @@ kx-client-nist-required = ["kx-safe-default"] [dependencies] bitflags = { workspace = true } foreign-types = { workspace = true } -once_cell = { workspace = true } openssl-macros = { workspace = true } libc = { workspace = true } boring-sys = { workspace = true } diff --git a/boring/src/ssl/async_callbacks.rs b/boring/src/ssl/async_callbacks.rs index db674e9a..93226b48 100644 --- a/boring/src/ssl/async_callbacks.rs +++ b/boring/src/ssl/async_callbacks.rs @@ -5,10 +5,10 @@ use super::{ SslVerifyMode, }; use crate::ex_data::Index; -use once_cell::sync::Lazy; use std::convert::identity; use std::future::Future; use std::pin::Pin; +use std::sync::LazyLock; use std::task::{ready, Context, Poll, Waker}; /// The type of futures to pass to [`SslContextBuilderExt::set_async_select_certificate_callback`]. @@ -42,19 +42,20 @@ pub type BoxCustomVerifyFinish = Box Result<(), SslAl /// Public for documentation purposes. pub type ExDataFuture = Pin + Send>>; -pub(crate) static TASK_WAKER_INDEX: Lazy>> = - Lazy::new(|| Ssl::new_ex_index().unwrap()); -pub(crate) static SELECT_CERT_FUTURE_INDEX: Lazy>>> = - Lazy::new(|| Ssl::new_ex_index().unwrap()); -pub(crate) static SELECT_PRIVATE_KEY_METHOD_FUTURE_INDEX: Lazy< +pub(crate) static TASK_WAKER_INDEX: LazyLock>> = + LazyLock::new(|| Ssl::new_ex_index().unwrap()); +pub(crate) static SELECT_CERT_FUTURE_INDEX: LazyLock< + Index>>, +> = LazyLock::new(|| Ssl::new_ex_index().unwrap()); +pub(crate) static SELECT_PRIVATE_KEY_METHOD_FUTURE_INDEX: LazyLock< Index>>, -> = Lazy::new(|| Ssl::new_ex_index().unwrap()); -pub(crate) static SELECT_GET_SESSION_FUTURE_INDEX: Lazy< +> = LazyLock::new(|| Ssl::new_ex_index().unwrap()); +pub(crate) static SELECT_GET_SESSION_FUTURE_INDEX: LazyLock< Index>>, -> = Lazy::new(|| Ssl::new_ex_index().unwrap()); -pub(crate) static SELECT_CUSTOM_VERIFY_FUTURE_INDEX: Lazy< +> = LazyLock::new(|| Ssl::new_ex_index().unwrap()); +pub(crate) static SELECT_CUSTOM_VERIFY_FUTURE_INDEX: LazyLock< Index>>, -> = Lazy::new(|| Ssl::new_ex_index().unwrap()); +> = LazyLock::new(|| Ssl::new_ex_index().unwrap()); impl SslContextBuilder { /// Sets a callback that is called before most [`ClientHello`] processing diff --git a/boring/src/ssl/bio.rs b/boring/src/ssl/bio.rs index 37e2866b..f3b83672 100644 --- a/boring/src/ssl/bio.rs +++ b/boring/src/ssl/bio.rs @@ -219,7 +219,7 @@ struct BIO_METHOD(*mut ffi::BIO_METHOD); impl BIO_METHOD { fn new() -> BIO_METHOD { unsafe { - let ptr = ffi::BIO_meth_new(ffi::BIO_TYPE_NONE, b"rust\0".as_ptr().cast()); + let ptr = ffi::BIO_meth_new(ffi::BIO_TYPE_NONE, c"rust".as_ptr().cast()); assert!(!ptr.is_null()); let ret = BIO_METHOD(ptr); assert!(ffi::BIO_meth_set_write(ptr, Some(bwrite::)) != 0); diff --git a/boring/src/ssl/mod.rs b/boring/src/ssl/mod.rs index 1d789997..3ab6b324 100644 --- a/boring/src/ssl/mod.rs +++ b/boring/src/ssl/mod.rs @@ -59,7 +59,6 @@ //! ``` use foreign_types::{ForeignType, ForeignTypeRef, Opaque}; use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_void}; -use once_cell::sync::Lazy; use openssl_macros::corresponds; use std::any::TypeId; use std::collections::HashMap; @@ -76,7 +75,7 @@ use std::path::Path; use std::ptr::{self, NonNull}; use std::slice; use std::str; -use std::sync::{Arc, Mutex}; +use std::sync::{Arc, LazyLock, Mutex}; use crate::dh::DhRef; use crate::ec::EcKeyRef; @@ -429,12 +428,15 @@ impl NameType { } } -static INDEXES: Lazy>> = Lazy::new(|| Mutex::new(HashMap::new())); -static SSL_INDEXES: Lazy>> = Lazy::new(|| Mutex::new(HashMap::new())); -static SESSION_CTX_INDEX: Lazy> = Lazy::new(|| Ssl::new_ex_index().unwrap()); +static INDEXES: LazyLock>> = + LazyLock::new(|| Mutex::new(HashMap::new())); +static SSL_INDEXES: LazyLock>> = + LazyLock::new(|| Mutex::new(HashMap::new())); +static SESSION_CTX_INDEX: LazyLock> = + LazyLock::new(|| Ssl::new_ex_index().unwrap()); #[cfg(feature = "rpk")] -static RPK_FLAG_INDEX: Lazy> = - Lazy::new(|| SslContext::new_ex_index().unwrap()); +static RPK_FLAG_INDEX: LazyLock> = + LazyLock::new(|| SslContext::new_ex_index().unwrap()); unsafe extern "C" fn free_data_box( _parent: *mut c_void, diff --git a/boring/src/ssl/test/private_key_method.rs b/boring/src/ssl/test/private_key_method.rs index 019a8c7c..ead0ffeb 100644 --- a/boring/src/ssl/test/private_key_method.rs +++ b/boring/src/ssl/test/private_key_method.rs @@ -1,5 +1,3 @@ -use once_cell::sync::OnceCell; - use super::server::{Builder, Server}; use super::KEY; use crate::hash::MessageDigest; @@ -12,7 +10,7 @@ use crate::ssl::{ }; use std::io::Write; use std::sync::atomic::{AtomicBool, AtomicUsize, Ordering}; -use std::sync::Arc; +use std::sync::{Arc, OnceLock}; #[allow(clippy::type_complexity)] pub(super) struct Method { @@ -233,7 +231,7 @@ fn test_sign_ok() { #[test] fn test_sign_retry_complete_ok() { - let input_cell = Arc::new(OnceCell::new()); + let input_cell = Arc::new(OnceLock::new()); let input_cell_clone = input_cell.clone(); let mut builder = builder_with_private_key_method( diff --git a/hyper-boring/Cargo.toml b/hyper-boring/Cargo.toml index f8560ff0..2b706537 100644 --- a/hyper-boring/Cargo.toml +++ b/hyper-boring/Cargo.toml @@ -9,6 +9,7 @@ repository = { workspace = true } documentation = "https://docs.rs/hyper-boring" readme = "README.md" exclude = ["test/*"] +rust-version = "1.80" [package.metadata.docs.rs] features = ["pq-experimental"] @@ -45,7 +46,6 @@ hyper1 = { workspace = true, optional = true } hyper-util = { workspace = true, optional = true, features = ["client", "client-legacy"] } hyper0 = { workspace = true, optional = true, features = ["client"] } linked_hash_set = { workspace = true } -once_cell = { workspace = true } boring = { workspace = true } tokio = { workspace = true } tokio-boring = { workspace = true } diff --git a/hyper-boring/src/lib.rs b/hyper-boring/src/lib.rs index f51dfaac..e66aa955 100644 --- a/hyper-boring/src/lib.rs +++ b/hyper-boring/src/lib.rs @@ -6,8 +6,8 @@ use crate::cache::SessionKey; use boring::error::ErrorStack; use boring::ex_data::Index; use boring::ssl::Ssl; -use once_cell::sync::OnceCell; use std::fmt; +use std::sync::LazyLock; use tokio_boring::SslStream; mod cache; @@ -21,8 +21,8 @@ mod v1; pub use self::v1::*; fn key_index() -> Result, ErrorStack> { - static IDX: OnceCell> = OnceCell::new(); - IDX.get_or_try_init(Ssl::new_ex_index).copied() + static IDX: LazyLock> = LazyLock::new(|| Ssl::new_ex_index().unwrap()); + Ok(*IDX) } /// Settings for [`HttpsLayer`] diff --git a/tokio-boring/Cargo.toml b/tokio-boring/Cargo.toml index e0b5ac69..daf0fbc6 100644 --- a/tokio-boring/Cargo.toml +++ b/tokio-boring/Cargo.toml @@ -31,7 +31,6 @@ rpk = ["boring/rpk"] [dependencies] boring = { workspace = true } boring-sys = { workspace = true } -once_cell = { workspace = true } tokio = { workspace = true } [dev-dependencies]