Replace ring with aws-lc-rs#24
Merged
Merged
Conversation
Contributor
Author
|
Since the cargo feature |
Swap the optional `ring`/`ring-compat` dependency for `aws-lc-rs`, which wraps the actively maintained AWS-LC C library and delivers comparable (or better) AEAD/HKDF throughput without pulling in `ring`. The cargo feature is renamed from `ring` to `faster-crypto` so downstream users express intent (a faster crypto backend) rather than the specific implementation. Platforms not covered by aws-lc-rs (e.g. WASM, exotic targets) must leave the feature off and fall back to the pure-Rust path. The AEAD code under the feature gate now calls aws-lc-rs natively via `LessSafeKey` / `UnboundKey` / `Nonce` / `Aad` / `seal_in_place_separate_tag` / `open_in_place`. The HKDF-SHA1 path switches from `ring_compat::ring::hkdf` to `aws_lc_rs::hkdf`, which exposes the same `Salt` / `Prk` / `Okm` / `KeyType` surface, so that block is a near-verbatim import swap. The pure-Rust `else` branches are untouched apart from moving the struct + impl blocks inside the `cfg_if!` so each backend is self-contained. MSRV is bumped from 1.63 to 1.71 to match aws-lc-rs 1.16. The Windows CI job also needs NASM preinstalled because aws-lc-sys assembles its x86_64 kernels with it; the clippy job already did this, so the build and test job gets the same `ilammy/setup-nasm@v1` step.
faern
force-pushed
the
replace-ring-with-aws-lc-rs
branch
from
5ac29b7 to
52add5f
Compare
Contributor
Author
|
Thanks for merging the cleanup PR. This has now been rebased on top of |
Contributor
Author
|
I built this on a Windows 10 machine and both |
Collaborator
|
I would prefer to use |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This fixes #22.
I have not actually tested this on Windows since I don't currently have access to a Windows machine. But the CI seem to pass.
MSRV is bumped from 1.63 to 1.71 to match aws-lc-rs 1.16. The Windows CI job also needs NASM preinstalled because aws-lc-sys assembles its x86_64 kernels with it; the clippy job already did this, so the build and test job gets the same ilammy/setup-nasm@v1 step.
This branch builds on top of the cleanup branch in #23. I wanted to make sure the entire CI passed before I was confident in this cryptographic change. So I fixed everything the CI errored on. But I also submitted that as a separate PR in case you want to merge them separately (easier to read the diff if we can make this PR only focus on the ring migration)