Implement optional Hyper 1 support in hyper-boring

cloudflare · Jul 26, 2024 · cd19f06 · cd19f06
1 parent 8786cda
commit cd19f06
Show file tree

Hide file tree

Showing 16 changed files with 917 additions and 377 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -360,3 +360,5 @@ jobs:
       name: Run `rpk,underscore-wildcards` tests
     - run: cargo test --features pq-experimental,rpk,underscore-wildcards
       name: Run `pq-experimental,rpk,underscore-wildcards` tests
+    - run: cargo test -p hyper-boring --features hyper1
+      name: Run hyper 1.0 tests for hyper-boring
diff --git a/.rusty-hook.toml b/.rusty-hook.toml
diff --git a/Cargo.toml b/Cargo.toml
@@ -24,6 +24,7 @@ boring = { version = "4.8.0", path = "./boring" }
 tokio-boring = { version = "4.8.0", path = "./tokio-boring" }
 
 bindgen = { version = "0.68.1", default-features = false, features = ["runtime"] }
+bytes = "1"
 cmake = "0.1.18"
 fs_extra = "1.3.0"
 fslock = "0.2"
@@ -36,9 +37,14 @@ futures = "0.3"
 tokio = "1"
 anyhow = "1"
 antidote = "1.0.0"
-http = "0.2"
-hyper = { version = "0.14", default-features = false }
+http = "1"
+http-body-util = "0.1.2"
+http_old = { package = "http", version = "0.2" }
+hyper = "1"
+hyper-util = "0.1.6"
+hyper_old = { package = "hyper", version = "0.14", default-features = false }
 linked_hash_set = "0.1"
 once_cell = "1.0"
 tower = "0.4"
 tower-layer = "0.3"
+tower-service = "0.3"
diff --git a/boring-sys/Cargo.toml b/boring-sys/Cargo.toml
@@ -81,3 +81,6 @@ bindgen = { workspace = true }
 cmake = { workspace = true }
 fs_extra = { workspace = true }
 fslock = { workspace = true }
+
+[lints.rust]
+unexpected_cfgs = { level = "allow", check-cfg = ['cfg(const_fn)'] }
diff --git a/boring-sys/src/lib.rs b/boring-sys/src/lib.rs
@@ -16,7 +16,11 @@ use std::convert::TryInto;
 use std::ffi::c_void;
 use std::os::raw::{c_char, c_int, c_uint, c_ulong};
 
-#[allow(clippy::useless_transmute, clippy::derive_partial_eq_without_eq)]
+#[allow(
+    clippy::useless_transmute,
+    clippy::derive_partial_eq_without_eq,
+    dead_code
+)]
 mod generated {
     include!(concat!(env!("OUT_DIR"), "/bindings.rs"));
 }

diff --git a/boring/src/lib.rs b/boring/src/lib.rs
@@ -78,15 +78,15 @@
 //! agreements:
 //!
 //! - `X25519Kyber768Draft00Old` is the same as `X25519Kyber768Draft00`, but under its old codepoint.
-//! -`X25519Kyber512Draft00`. Similar to `X25519Kyber768Draft00`, but uses level 1 parameter set for
-//! Kyber. Not recommended. It's useful to test whether the shorter ClientHello upsets fewer middle
-//! boxes.
+//! - `X25519Kyber512Draft00`. Similar to `X25519Kyber768Draft00`, but uses level 1 parameter set for
+//!   Kyber. Not recommended. It's useful to test whether the shorter ClientHello upsets fewer middle
+//!   boxes.
 //! - `P256Kyber768Draft00`. Similar again to `X25519Kyber768Draft00`, but uses P256 as classical
-//! part. It uses a non-standard codepoint. Not recommended.
+//!   part. It uses a non-standard codepoint. Not recommended.
 //! - `IPDWing`. A preliminary version of
-//! [X-Wing](https://datatracker.ietf.org/doc/draft-connolly-cfrg-xwing-kem/02/).
-//! Similar to `X25519Kyber768Draft00Old`, but uses a newer (but not yet final) version of Kyber
-//! called ML-KEM-ipd. Not recommended.
+//!   [X-Wing](https://datatracker.ietf.org/doc/draft-connolly-cfrg-xwing-kem/02/).
+//!   Similar to `X25519Kyber768Draft00Old`, but uses a newer (but not yet final) version of Kyber
+//!   called ML-KEM-ipd. Not recommended.
 //!
 //! Presently all these key agreements are deployed by Cloudflare, but we do not guarantee continued
 //! support for them.

diff --git a/boring/src/ssl/test/mod.rs b/boring/src/ssl/test/mod.rs
@@ -469,7 +469,6 @@ fn refcount_ssl_context() {
 
 #[test]
 #[cfg_attr(target_os = "windows", ignore)]
-#[cfg_attr(all(target_os = "macos", feature = "vendored"), ignore)]
 fn default_verify_paths() {
     let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
     ctx.set_default_verify_paths().unwrap();

diff --git a/hyper-boring/Cargo.toml b/hyper-boring/Cargo.toml
@@ -17,7 +17,7 @@ rustdoc-args = ["--cfg", "docsrs"]
 [features]
 default = ["runtime"]
 
-runtime = ["hyper/runtime"]
+runtime = ["hyper_old/runtime"]
 
 # Use a FIPS-validated version of boringssl.
 fips = ["tokio-boring/fips"]
@@ -28,19 +28,30 @@ fips-link-precompiled = ["tokio-boring/fips-link-precompiled"]
 # Enables experimental post-quantum crypto (https://blog.cloudflare.com/post-quantum-for-all/)
 pq-experimental = ["tokio-boring/pq-experimental"]
 
+# Enable Hyper 1 support
+hyper1 = ["dep:http", "dep:hyper", "dep:hyper-util", "dep:tower-service"]
+
 [dependencies]
 antidote = { workspace = true }
-http = { workspace = true }
-hyper = { workspace = true, features = ["client"] }
+http = { workspace = true, optional = true }
+http_old = { workspace = true }
+hyper = { workspace = true, optional = true }
+hyper-util = { workspace = true, optional = true, features = ["client", "client-legacy"] }
+hyper_old = { workspace = true, features = ["client"] }
 linked_hash_set = { workspace = true }
 once_cell = { workspace = true }
 boring = { workspace = true }
 tokio = { workspace = true }
 tokio-boring = { workspace = true }
 tower-layer = { workspace = true }
+tower-service = { workspace = true, optional = true }
 
 [dev-dependencies]
-hyper = { workspace = true, features = [ "full" ] }
+bytes = { workspace = true }
+http-body-util = { workspace = true }
+hyper-util = { workspace = true, features = ["http1", "http2", "service", "tokio"] }
+hyper = { workspace = true, features = ["server"] }
+hyper_old = { workspace = true, features = [ "full" ] }
 tokio = { workspace = true, features = [ "full" ] }
 tower = { workspace = true, features = ["util"] }
 futures = { workspace = true }