diff --git a/Cargo.lock b/Cargo.lock index b47d10f887b..e84cd6ffaee 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -332,6 +332,31 @@ version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26" +[[package]] +name = "aws-lc-rs" +version = "1.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1ea835662a0af02443aa1396d39be523bbf8f11ee6fad20329607c480bea48c3" +dependencies = [ + "aws-lc-sys", + "paste", + "zeroize", +] + +[[package]] +name = "aws-lc-sys" +version = "0.25.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "71b2ddd3ada61a305e1d8bb6c005d1eaa7d14d903681edfc400406d523a9b491" +dependencies = [ + "bindgen 0.69.5", + "cc", + "cmake", + "dunce", + "fs_extra", + "paste", +] + [[package]] name = "background_hang_monitor" version = "0.0.1" @@ -412,6 +437,29 @@ dependencies = [ "serde", ] +[[package]] +name = "bindgen" +version = "0.69.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "271383c67ccabffb7381723dea0672a673f292304fcb45c01cc648c7a8d58088" +dependencies = [ + "bitflags 2.8.0", + "cexpr", + "clang-sys", + "itertools 0.10.5", + "lazy_static", + "lazycell", + "log", + "prettyplease", + "proc-macro2", + "quote", + "regex", + "rustc-hash 1.1.0", + "shlex", + "syn", + "which", +] + [[package]] name = "bindgen" version = "0.71.1" @@ -898,6 +946,15 @@ dependencies = [ "error-code", ] +[[package]] +name = "cmake" +version = "0.1.52" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c682c223677e0e5b6b7f63a64b9351844c3f1b1678a68b7ee617e30fb082620e" +dependencies = [ + "cc", +] + [[package]] name = "cocoa" version = "0.25.0" @@ -1652,6 +1709,12 @@ dependencies = [ "dtoa", ] +[[package]] +name = "dunce" +version = "1.0.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813" + [[package]] name = "dwrote" version = "0.11.2" @@ -2146,6 +2209,12 @@ dependencies = [ "pkg-config", ] +[[package]] +name = "fs_extra" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c" + [[package]] name = "futf" version = "0.1.5" @@ -3059,6 +3128,15 @@ version = "0.1.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "503574f5cbf4ac5e16d20369e85e1562a567e77cf45369fb7e8e06a2cfd7934b" +[[package]] +name = "home" +version = "0.5.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "589533453244b0995c858700322199b2becb13b627df2851f64a2775d024abcf" +dependencies = [ + "windows-sys 0.59.0", +] + [[package]] name = "html5ever" version = "0.29.0" @@ -4109,6 +4187,12 @@ version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" +[[package]] +name = "lazycell" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" + [[package]] name = "leak" version = "0.1.2" @@ -4556,7 +4640,7 @@ version = "0.5.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0ab823731ea6297e7280dade983df955d1a8209d2deb44f505932b8873168992" dependencies = [ - "bindgen", + "bindgen 0.71.1", "cc", "gl_generator", "libz-sys", @@ -4568,7 +4652,7 @@ name = "mozjs" version = "0.14.1" source = "git+https://github.com/servo/mozjs#0081fc4a3f5fc9891d4377844a874651f7c46041" dependencies = [ - "bindgen", + "bindgen 0.71.1", "cc", "lazy_static", "libc", @@ -4581,7 +4665,7 @@ name = "mozjs_sys" version = "0.128.6-1" source = "git+https://github.com/servo/mozjs#0081fc4a3f5fc9891d4377844a874651f7c46041" dependencies = [ - "bindgen", + "bindgen 0.71.1", "cc", "encoding_c", "encoding_c_mem", @@ -5658,6 +5742,16 @@ version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e8cf8e6a8aa66ce33f63993ffc4ea4271eb5b0530a9002db8455ea6050c77bfa" +[[package]] +name = "prettyplease" +version = "0.2.29" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6924ced06e1f7dfe3fa48d57b9f74f55d8915f5036121bef647ef4b204895fac" +dependencies = [ + "proc-macro2", + "syn", +] + [[package]] name = "proc-macro-crate" version = "3.2.0" @@ -6043,9 +6137,9 @@ version = "0.23.21" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8f287924602bf649d949c63dc8ac8b235fa5387d394020705b80c4eb597ce5b8" dependencies = [ + "aws-lc-rs", "log", "once_cell", - "ring", "rustls-pki-types", "rustls-webpki", "subtle", @@ -6073,6 +6167,7 @@ version = "0.102.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "64ca1bc8749bd4cf37b5ce386cc146580777b4e8572c7b97baf22c83f444bee9" dependencies = [ + "aws-lc-rs", "ring", "rustls-pki-types", "untrusted", @@ -6122,6 +6217,7 @@ dependencies = [ "app_units", "arrayvec", "atomic_refcell", + "aws-lc-rs", "background_hang_monitor_api", "backtrace", "base", @@ -6184,7 +6280,6 @@ dependencies = [ "range", "ref_filter_map", "regex", - "ring", "script_bindings", "script_layout_interface", "script_traits", @@ -8600,6 +8695,18 @@ dependencies = [ "web-sys", ] +[[package]] +name = "which" +version = "4.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7" +dependencies = [ + "either", + "home", + "once_cell", + "rustix", +] + [[package]] name = "winapi" version = "0.3.9" diff --git a/Cargo.toml b/Cargo.toml index 87164c6fb94..fe153823e0d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -23,6 +23,7 @@ aes-gcm = "0.10.3" app_units = "0.7" arrayvec = "0.7" async-tungstenite = { version = "0.28", features = ["tokio-rustls-webpki-roots"] } +aws-lc-rs = { version = "1.12", default-features = false } atomic_refcell = "0.1.13" background_hang_monitor_api = { path = "components/shared/background_hang_monitor" } backtrace = "0.3" @@ -106,7 +107,6 @@ rand_core = "0.6" rand_isaac = "0.3" rayon = "1" regex = "1.11" -ring = "0.17.8" rustls = { version = "0.23", default-features = false, features = ["logging", "std", "tls12"] } rustls-pemfile = "2.0" rustls-pki-types = "1.11" diff --git a/components/net/Cargo.toml b/components/net/Cargo.toml index 9c38a462917..e4d83fdb827 100644 --- a/components/net/Cargo.toml +++ b/components/net/Cargo.toml @@ -78,7 +78,7 @@ flate2 = "1" futures = { version = "0.3", features = ["compat"] } hyper = { workspace = true, features = ["full"] } hyper-util = { workspace = true, features = ["server-graceful"] } -rustls = { workspace = true, features = ["ring"] } +rustls = { workspace = true } [[test]] name = "main" diff --git a/components/net/tests/main.rs b/components/net/tests/main.rs index ef18bef2427..0bbbde9cf59 100644 --- a/components/net/tests/main.rs +++ b/components/net/tests/main.rs @@ -149,7 +149,7 @@ fn receive_credential_prompt_msgs( } fn create_http_state(fc: Option) -> HttpState { - let _ = rustls::crypto::ring::default_provider().install_default(); + let _ = rustls::crypto::aws_lc_rs::default_provider().install_default(); let override_manager = net::connector::CertificateErrorOverrideManager::new(); HttpState { diff --git a/components/script/Cargo.toml b/components/script/Cargo.toml index 1bf4a276787..8fcb4a197c3 100644 --- a/components/script/Cargo.toml +++ b/components/script/Cargo.toml @@ -93,7 +93,7 @@ profile_traits = { workspace = true } range = { path = "../range" } ref_filter_map = "1.0.1" regex = { workspace = true } -ring = { workspace = true } +aws-lc-rs = { workspace = true } script_bindings = { path = "../script_bindings" } script_layout_interface = { workspace = true } script_traits = { workspace = true } diff --git a/components/script/dom/subtlecrypto.rs b/components/script/dom/subtlecrypto.rs index dc05ae822b3..fa1fe4e9c8d 100644 --- a/components/script/dom/subtlecrypto.rs +++ b/components/script/dom/subtlecrypto.rs @@ -12,6 +12,7 @@ use aes::cipher::{BlockDecryptMut, BlockEncryptMut, KeyIvInit, StreamCipher}; use aes::{Aes128, Aes192, Aes256}; use aes_gcm::{AeadInPlace, AesGcm, KeyInit}; use aes_kw::{KekAes128, KekAes192, KekAes256}; +use aws_lc_rs::{digest, hkdf, hmac, pbkdf2}; use base64::prelude::*; use cipher::consts::{U12, U16, U32}; use dom_struct::dom_struct; @@ -20,7 +21,6 @@ use js::jsapi::{JSObject, JS_NewObject}; use js::jsval::ObjectValue; use js::rust::MutableHandleObject; use js::typedarray::ArrayBufferU8; -use ring::{digest, hkdf, hmac, pbkdf2}; use servo_rand::{RngCore, ServoRng}; use crate::dom::bindings::buffer_source::create_buffer_source; diff --git a/components/servo/Cargo.toml b/components/servo/Cargo.toml index 9db597a8324..eed717bded1 100644 --- a/components/servo/Cargo.toml +++ b/components/servo/Cargo.toml @@ -109,6 +109,6 @@ gaol = "0.2.1" [dev-dependencies] libservo = { path = ".", features = ["tracing"] } -rustls = { version = "0.23", default-features = false, features = ["ring"] } +rustls = { version = "0.23", default-features = false, features = ["aws-lc-rs"] } tracing = { workspace = true } winit = "0.30.8" diff --git a/components/servo/examples/winit_minimal.rs b/components/servo/examples/winit_minimal.rs index 95a4dfd9d23..bf23c74c532 100644 --- a/components/servo/examples/winit_minimal.rs +++ b/components/servo/examples/winit_minimal.rs @@ -25,7 +25,7 @@ use winit::raw_window_handle::{HasDisplayHandle, HasWindowHandle}; use winit::window::Window; fn main() -> Result<(), Box> { - rustls::crypto::ring::default_provider() + rustls::crypto::aws_lc_rs::default_provider() .install_default() .expect("Failed to install crypto provider"); diff --git a/deny.toml b/deny.toml index a82459c407a..f04b11d81b7 100644 --- a/deny.toml +++ b/deny.toml @@ -53,18 +53,6 @@ confidence-threshold = 0.8 exceptions = [ ] -# Some crates don't have (easily) machine readable licensing information, -# adding a clarification entry for it allows you to manually specify the -# licensing information -[[licenses.clarify]] -crate = "ring" -# The SPDX expression for the license requirements of the crate -expression = "MIT AND ISC AND OpenSSL" -license-files = [ - # Each entry is a crate relative path, and the (opaque) hash of its contents - { path = "LICENSE", hash = 0xbd0eed23 }, -] - # This section is considered when running `cargo deny check bans`. # More documentation about the 'bans' section can be found here: @@ -103,6 +91,9 @@ skip = [ "wasi", "wayland-sys", + # Duplicated by aws-lc-rs + "bindgen", + # New versions of these dependencies is pulled in by GStreamer / GLib. "itertools", "toml", diff --git a/ports/servoshell/Cargo.toml b/ports/servoshell/Cargo.toml index f8246f72782..0ce645879f9 100644 --- a/ports/servoshell/Cargo.toml +++ b/ports/servoshell/Cargo.toml @@ -67,7 +67,7 @@ getopts = { workspace = true } hitrace = { workspace = true, optional = true } mime_guess = { workspace = true } url = { workspace = true } -rustls = { version = "0.23", default-features = false, features = ["ring"] } +rustls = { workspace = true, features = ["aws-lc-rs"] } tokio = { workspace = true } tracing = { workspace = true, optional = true } tracing-subscriber = { workspace = true, optional = true, features = ["env-filter"] } diff --git a/ports/servoshell/lib.rs b/ports/servoshell/lib.rs index 607540b7637..4c624c8535c 100644 --- a/ports/servoshell/lib.rs +++ b/ports/servoshell/lib.rs @@ -39,7 +39,7 @@ pub fn main() { } pub fn init_crypto() { - rustls::crypto::ring::default_provider() + rustls::crypto::aws_lc_rs::default_provider() .install_default() .expect("Error initializing crypto provider"); }