diff --git a/Cargo.lock b/Cargo.lock index d3ea67fd..f6a63914 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -26,7 +26,7 @@ dependencies = [ "cfg-if", "once_cell", "version_check", - "zerocopy", + "zerocopy 0.7.35", ] [[package]] @@ -441,7 +441,7 @@ version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766" dependencies = [ - "nom", + "nom 7.1.3", ] [[package]] @@ -660,18 +660,18 @@ dependencies = [ [[package]] name = "derive_more" -version = "1.0.0" +version = "2.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4a9b99b9cbbe49445b21764dc0625032a89b145a2642e67603e1c936f5458d05" +checksum = "093242cf7570c207c83073cf82f79706fe7b8317e98620a47d5be7c3d8497678" dependencies = [ "derive_more-impl", ] [[package]] name = "derive_more-impl" -version = "1.0.0" +version = "2.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cb7330aeadfbe296029522e6c40f315320aba36fc43a5b3632f3795348f3bd22" +checksum = "bda628edc44c4bb645fbe0f758797143e4e07926f7ebf4e9bdfbd3d2ce621df3" dependencies = [ "proc-macro2", "quote", @@ -1185,7 +1185,7 @@ dependencies = [ "idna", "ipnet", "once_cell", - "rand", + "rand 0.8.5", "thiserror", "tinyvec", "tokio", @@ -1205,7 +1205,7 @@ dependencies = [ "lru-cache", "once_cell", "parking_lot", - "rand", + "rand 0.8.5", "smallvec", "thiserror", "tokio", @@ -1777,7 +1777,7 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3ffa00dec017b5b1a8b7cf5e2c008bfda1aa7e0697ac1508b491fdf2622fb4d8" dependencies = [ - "rand", + "rand 0.8.5", ] [[package]] @@ -1799,6 +1799,15 @@ dependencies = [ "minimal-lexical", ] +[[package]] +name = "nom" +version = "8.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "df9761775871bdef83bee530e60050f7e54b1105350d6884eb0fb4f46c2f9405" +dependencies = [ + "memchr", +] + [[package]] name = "nu-ansi-term" version = "0.46.0" @@ -1920,7 +1929,7 @@ dependencies = [ "glob", "opentelemetry", "percent-encoding", - "rand", + "rand 0.8.5", "serde_json", "thiserror", "tokio", @@ -2040,7 +2049,7 @@ version = "0.2.20" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "77957b295656769bb8ad2b6a6b09d897d94f05c41b069aede1fcdaa675eaea04" dependencies = [ - "zerocopy", + "zerocopy 0.7.35", ] [[package]] @@ -2093,7 +2102,7 @@ checksum = "588f6378e4dd99458b60ec275b4477add41ce4fa9f64dcba6f15adccb19b50d6" dependencies = [ "env_logger 0.8.4", "log", - "rand", + "rand 0.8.5", ] [[package]] @@ -2321,7 +2330,7 @@ dependencies = [ "rama-error", "rama-http-types", "rama-utils", - "rand", + "rand 0.9.0", "serde_json", "slab", "smallvec", @@ -2383,7 +2392,7 @@ dependencies = [ "ipnet", "itertools 0.14.0", "md5", - "nom", + "nom 8.0.0", "opentelemetry", "pin-project-lite", "quickcheck", @@ -2497,8 +2506,19 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" dependencies = [ "libc", - "rand_chacha", - "rand_core", + "rand_chacha 0.3.1", + "rand_core 0.6.4", +] + +[[package]] +name = "rand" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3779b94aeb87e8bd4e834cee3650289ee9e0d5677f976ecdb6d219e5f4f6cd94" +dependencies = [ + "rand_chacha 0.9.0", + "rand_core 0.9.0", + "zerocopy 0.8.16", ] [[package]] @@ -2508,7 +2528,17 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" dependencies = [ "ppv-lite86", - "rand_core", + "rand_core 0.6.4", +] + +[[package]] +name = "rand_chacha" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb" +dependencies = [ + "ppv-lite86", + "rand_core 0.9.0", ] [[package]] @@ -2520,6 +2550,16 @@ dependencies = [ "getrandom 0.2.15", ] +[[package]] +name = "rand_core" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b08f3c9802962f7e1b25113931d94f43ed9725bebc59db9d0c3e9a23b67e15ff" +dependencies = [ + "getrandom 0.3.1", + "zerocopy 0.8.16", +] + [[package]] name = "rcgen" version = "0.13.2" @@ -3206,7 +3246,7 @@ dependencies = [ "indexmap 1.9.3", "pin-project", "pin-project-lite", - "rand", + "rand 0.8.5", "slab", "tokio", "tokio-util", @@ -3411,7 +3451,7 @@ checksum = "42ed0d279917911e77093bb5f6a86870c5420cf288e2393c70bcc3a802f0fa63" dependencies = [ "bitvec", "hashbrown 0.14.5", - "rand", + "rand 0.8.5", "venndb-macros", ] @@ -3791,7 +3831,16 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1b9b4fd18abc82b8136838da5d50bae7bdea537c574d8dc1a34ed098d6c166f0" dependencies = [ "byteorder", - "zerocopy-derive", + "zerocopy-derive 0.7.35", +] + +[[package]] +name = "zerocopy" +version = "0.8.16" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7b8c07a70861ce02bad1607b5753ecb2501f67847b9f9ada7c160fff0ec6300c" +dependencies = [ + "zerocopy-derive 0.8.16", ] [[package]] @@ -3805,6 +3854,17 @@ dependencies = [ "syn", ] +[[package]] +name = "zerocopy-derive" +version = "0.8.16" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5226bc9a9a9836e7428936cde76bb6b22feea1a8bfdbc0d241136e4d13417e25" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "zerofrom" version = "0.1.5" diff --git a/Cargo.toml b/Cargo.toml index ea9bd6cf..c6ba006c 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -74,7 +74,7 @@ proc-macro2 = "1.0" opentelemetry = { version = "0.27.0", default-features = false, features = [ "trace", ] } -nom = "7.1.3" +nom = "8.0.0" opentelemetry-otlp = { version = "0.27.0", features = ["tokio"] } opentelemetry_sdk = { version = "0.27.0", default-features = false, features = [ "trace", @@ -93,7 +93,7 @@ rustls = { version = "0.23", default-features = false, features = [ "tls12", "aws_lc_rs", ] } -derive_more = "1.0.0" +derive_more = "2.0.1" rustls-native-certs = "0.8.0" rustls-pemfile = "2.1" rustversion = "1.0.9" @@ -139,7 +139,7 @@ futures-sink = "0.3" fnv = "1.0.5" slab = "0.4.2" indexmap = "2" -rand = "0.8.4" +rand = "0.9.0" walkdir = "2.3.2" env_logger = "0.11.6" httparse = "1.8" diff --git a/examples/tls_boring_dynamic_certs.rs b/examples/tls_boring_dynamic_certs.rs index 671e4cd5..b91ec24c 100644 --- a/examples/tls_boring_dynamic_certs.rs +++ b/examples/tls_boring_dynamic_certs.rs @@ -101,7 +101,6 @@ async fn main() { let tls_server_config = ServerConfig::new(ServerAuth::CertIssuer(ServerCertIssuerData { kind: issuer.into(), cache_kind: CacheKind::Disabled, - ..Default::default() })); let acceptor_data = TlsAcceptorData::try_from(tls_server_config).expect("create acceptor data"); diff --git a/rama-http-core/src/h2/hpack/test/fuzz.rs b/rama-http-core/src/h2/hpack/test/fuzz.rs index a660cc50..789d087a 100644 --- a/rama-http-core/src/h2/hpack/test/fuzz.rs +++ b/rama-http-core/src/h2/hpack/test/fuzz.rs @@ -4,9 +4,9 @@ use rama_http_types::{HeaderName, HeaderValue}; use bytes::BytesMut; use quickcheck::{Arbitrary, Gen, QuickCheck, TestResult}; -use rand::distributions::Slice; +use rand::distr::slice::Choose; use rand::rngs::StdRng; -use rand::{thread_rng, Rng, SeedableRng}; +use rand::{rng, Rng, SeedableRng}; use std::io::Cursor; @@ -60,12 +60,12 @@ impl FuzzHpack { } // Actual test run headers - let num: usize = rng.gen_range(40..500); + let num: usize = rng.random_range(40..500); let mut frames: Vec = vec![]; let mut added = 0; - let skew: i32 = rng.gen_range(1..5); + let skew: i32 = rng.random_range(1..5); // Rough number of headers to add while added < num { @@ -74,24 +74,24 @@ impl FuzzHpack { headers: vec![], }; - match rng.gen_range(0..20) { + match rng.random_range(0..20) { 0 => { // Two resizes - let high = rng.gen_range(128..MAX_CHUNK * 2); - let low = rng.gen_range(0..high); + let high = rng.random_range(128..MAX_CHUNK * 2); + let low = rng.random_range(0..high); frame.resizes.extend([low, high]); } 1..=3 => { - frame.resizes.push(rng.gen_range(128..MAX_CHUNK * 2)); + frame.resizes.push(rng.random_range(128..MAX_CHUNK * 2)); } _ => {} } let mut is_name_required = true; - for _ in 0..rng.gen_range(1..(num - added) + 1) { - let x: f64 = rng.gen_range(0.0..1.0); + for _ in 0..rng.random_range(1..(num - added) + 1) { + let x: f64 = rng.random_range(0.0..1.0); let x = x.powi(skew); let i = (x * source.len() as f64) as usize; @@ -180,30 +180,30 @@ impl FuzzHpack { impl Arbitrary for FuzzHpack { fn arbitrary(_: &mut Gen) -> Self { - FuzzHpack::new(thread_rng().gen()) + FuzzHpack::new(rng().random()) } } fn gen_header(g: &mut StdRng) -> Header> { use rama_http_types::{Method, StatusCode}; - if g.gen_ratio(1, 10) { - match g.gen_range(0u32..5) { + if g.random_ratio(1, 10) { + match g.random_range(0u32..5) { 0 => { let value = gen_string(g, 4, 20); Header::Authority(to_shared(value)) } 1 => { - let method = match g.gen_range(0u32..6) { + let method = match g.random_range(0u32..6) { 0 => Method::GET, 1 => Method::POST, 2 => Method::PUT, 3 => Method::PATCH, 4 => Method::DELETE, 5 => { - let n: usize = g.gen_range(3..7); + let n: usize = g.random_range(3..7); let bytes: Vec = (0..n) - .map(|_| *g.sample(Slice::new(b"ABCDEFGHIJKLMNOPQRSTUVWXYZ").unwrap())) + .map(|_| *g.sample(Choose::new(b"ABCDEFGHIJKLMNOPQRSTUVWXYZ").unwrap())) .collect(); Method::from_bytes(&bytes).unwrap() @@ -214,7 +214,7 @@ fn gen_header(g: &mut StdRng) -> Header> { Header::Method(method) } 2 => { - let value = match g.gen_range(0u32..2) { + let value = match g.random_range(0u32..2) { 0 => "http", 1 => "https", _ => unreachable!(), @@ -223,7 +223,7 @@ fn gen_header(g: &mut StdRng) -> Header> { Header::Scheme(to_shared(value.to_owned())) } 3 => { - let value = match g.gen_range(0u32..100) { + let value = match g.random_range(0u32..100) { 0 => "/".to_owned(), 1 => "/index.html".to_owned(), _ => gen_string(g, 2, 20), @@ -232,21 +232,21 @@ fn gen_header(g: &mut StdRng) -> Header> { Header::Path(to_shared(value)) } 4 => { - let status = (g.gen::() % 500) + 100; + let status = (g.random::() % 500) + 100; Header::Status(StatusCode::from_u16(status).unwrap()) } _ => unreachable!(), } } else { - let name = if g.gen_ratio(1, 10) { + let name = if g.random_ratio(1, 10) { None } else { Some(gen_header_name(g)) }; let mut value = gen_header_value(g); - if g.gen_ratio(1, 30) { + if g.random_ratio(1, 30) { value.set_sensitive(true); } @@ -257,9 +257,9 @@ fn gen_header(g: &mut StdRng) -> Header> { fn gen_header_name(g: &mut StdRng) -> HeaderName { use rama_http_types::header; - if g.gen_ratio(1, 2) { + if g.random_ratio(1, 2) { g.sample( - Slice::new(&[ + Choose::new(&[ header::ACCEPT, header::ACCEPT_CHARSET, header::ACCEPT_ENCODING, @@ -353,7 +353,7 @@ fn gen_string(g: &mut StdRng, min: usize, max: usize) -> String { let bytes: Vec<_> = (min..max) .map(|_| { // Chars to pick from - *g.sample(Slice::new(b"ABCDEFGHIJKLMNOPQRSTUVabcdefghilpqrstuvwxyz----").unwrap()) + *g.sample(Choose::new(b"ABCDEFGHIJKLMNOPQRSTUVabcdefghilpqrstuvwxyz----").unwrap()) }) .collect(); diff --git a/rama-net/src/tls/client/parser.rs b/rama-net/src/tls/client/parser.rs index d752f053..7128be7b 100644 --- a/rama-net/src/tls/client/parser.rs +++ b/rama-net/src/tls/client/parser.rs @@ -14,7 +14,7 @@ use nom::{ error::{make_error, ErrorKind}, multi::{length_data, many0}, number::streaming::{be_u16, be_u8}, - IResult, + IResult, Parser, }; use rama_core::error::OpaqueError; use std::str; @@ -40,13 +40,13 @@ pub(crate) fn parse_client_hello(i: &[u8]) -> Result { fn parse_client_hello_inner(i: &[u8]) -> IResult<&[u8], ClientHello> { let (i, version) = be_u16(i)?; let (i, _random) = take(32usize)(i)?; - let (i, sidlen) = verify(be_u8, |&n| n <= 32)(i)?; - let (i, _sid) = cond(sidlen > 0, take(sidlen as usize))(i)?; + let (i, sidlen) = verify(be_u8, |&n| n <= 32).parse(i)?; + let (i, _sid) = cond(sidlen > 0, take(sidlen as usize)).parse(i)?; let (i, ciphers_len) = be_u16(i)?; let (i, cipher_suites) = parse_cipher_suites(i, ciphers_len as usize)?; let (i, comp_len) = be_u8(i)?; let (i, compression_algorithms) = parse_compressions_algs(i, comp_len as usize)?; - let (i, opt_ext) = opt(complete(length_data(be_u16)))(i)?; + let (i, opt_ext) = opt(complete(length_data(be_u16))).parse(i)?; let mut extensions = vec![]; if let Some(mut i) = opt_ext { @@ -99,7 +99,7 @@ fn parse_compressions_algs(i: &[u8], len: usize) -> IResult<&[u8], Vec IResult<&[u8], ClientHelloExtension> { let (i, ext_type) = be_u16(i)?; let id = ExtensionId::from(ext_type); - let (i, ext_data) = length_data(be_u16)(i)?; + let (i, ext_data) = length_data(be_u16).parse(i)?; let ext_len = ext_data.len() as u16; @@ -139,7 +139,8 @@ fn parse_tls_extension_sni_content(i: &[u8]) -> IResult<&[u8], ClientHelloExtens let (i, mut v) = map_parser( take(list_len), many0(complete(parse_tls_extension_sni_hostname)), - )(i)?; + ) + .parse(i)?; if v.len() > 1 { return Err(nom::Err::Error(nom::error::Error::new( i, @@ -166,7 +167,7 @@ fn parse_tls_extension_sni_hostname(i: &[u8]) -> IResult<&[u8], Host> { if nt != 0 { return Err(nom::Err::Error(nom::error::Error::new(i, ErrorKind::IsNot))); } - let (i, v) = length_data(be_u16)(i)?; + let (i, v) = length_data(be_u16).parse(i)?; let host = str::from_utf8(v) .map_err(|_| nom::Err::Error(nom::error::Error::new(i, ErrorKind::Not)))? .parse() @@ -179,14 +180,16 @@ fn parse_tls_extension_elliptic_curves_content(i: &[u8]) -> IResult<&[u8], Clien map_parser( length_data(be_u16), map(parse_u16_type, ClientHelloExtension::SupportedGroups), - )(i) + ) + .parse(i) } fn parse_tls_extension_ec_point_formats_content(i: &[u8]) -> IResult<&[u8], ClientHelloExtension> { map_parser( length_data(be_u8), map(parse_u8_type, ClientHelloExtension::ECPointFormats), - )(i) + ) + .parse(i) } // TLS 1.3 draft 23 @@ -208,13 +211,14 @@ fn parse_tls_extension_supported_versions_content( if ext_len == 2 { map(be_u16, |x| { ClientHelloExtension::SupportedVersions(vec![ProtocolVersion::from(x)]) - })(i) + }) + .parse(i) } else { let (i, _) = be_u8(i)?; if ext_len == 0 { return Err(nom::Err::Error(make_error(i, ErrorKind::Verify))); } - let (i, l) = map_parser(take(ext_len - 1), parse_u16_type)(i)?; + let (i, l) = map_parser(take(ext_len - 1), parse_u16_type).parse(i)?; Ok((i, ClientHelloExtension::SupportedVersions(l))) } } @@ -226,7 +230,8 @@ fn parse_tls_extension_signature_algorithms_content( map_parser( length_data(be_u16), map(parse_u16_type, ClientHelloExtension::SignatureAlgorithms), - )(i) + ) + .parse(i) } /// Defined in [RFC7301] @@ -237,13 +242,14 @@ fn parse_tls_extension_alpn_content(i: &[u8]) -> IResult<&[u8], ClientHelloExten parse_protocol_name_list, ClientHelloExtension::ApplicationLayerProtocolNegotiation, ), - )(i) + ) + .parse(i) } fn parse_protocol_name_list(mut i: &[u8]) -> IResult<&[u8], Vec> { let mut v = vec![]; while !i.is_empty() { - let (n, alpn) = map_parser(length_data(be_u8), parse_protocol_name)(i)?; + let (n, alpn) = map_parser(length_data(be_u8), parse_protocol_name).parse(i)?; v.push(alpn); i = n; } diff --git a/rama-net/src/tls/server/config.rs b/rama-net/src/tls/server/config.rs index 089f4ce5..1127828e 100644 --- a/rama-net/src/tls/server/config.rs +++ b/rama-net/src/tls/server/config.rs @@ -151,9 +151,9 @@ pub struct DynamicIssuer { impl DynamicIssuer { pub fn new(issuer: T) -> Self { - return Self { + Self { issuer: Arc::new(issuer), - }; + } } pub async fn issue_cert( diff --git a/rama-tls/src/boring/server/acceptor_data.rs b/rama-tls/src/boring/server/acceptor_data.rs index d50c7049..f042f266 100644 --- a/rama-tls/src/boring/server/acceptor_data.rs +++ b/rama-tls/src/boring/server/acceptor_data.rs @@ -147,7 +147,7 @@ impl TlsCertSource { let mut client_hello = client_hello; let ssl_ref = client_hello.ssl_mut(); - let host = to_host(&ssl_ref, &server_name).map_err(|err| { + let host = to_host(ssl_ref, &server_name).map_err(|err| { tracing::error!(error = %err, "boring: failed getting host"); SelectCertError::ERROR })?; @@ -196,7 +196,7 @@ impl TlsCertSource { } let ssl_ref = client_hello.ssl_mut(); - let host = to_host(&ssl_ref, &server_name).map_err(|err| { + let host = to_host(ssl_ref, &server_name).map_err(|err| { tracing::error!(error = %err, "boring: failed getting host"); AsyncSelectCertError{} })?; @@ -393,7 +393,7 @@ fn server_auth_data_to_private_key_and_ca_chain( DataEncoding::Der(raw_data) => vec![X509::from_der(&raw_data[..]) .context("boring/TlsAcceptorData: parse x509 server cert from DER content")?], DataEncoding::DerStack(raw_data_list) => raw_data_list - .into_iter() + .iter() .map(|raw_data| { X509::from_der(&raw_data[..]) .context("boring/TlsAcceptorData: parse x509 server cert from DER content") @@ -460,7 +460,7 @@ fn add_issued_cert_to_ssl_ref( .context("boring add issue cert to ssl ref: set certificate")?; } else { builder - .add_chain_cert(&ca_cert) + .add_chain_cert(ca_cert) .context("boring add issue cert to ssl ref: add chain certificate")?; } } diff --git a/tests/integration/examples/example_tests/tls_boring_dynamic_certs.rs b/tests/integration/examples/example_tests/tls_boring_dynamic_certs.rs index 2986710d..4f369eb7 100644 --- a/tests/integration/examples/example_tests/tls_boring_dynamic_certs.rs +++ b/tests/integration/examples/example_tests/tls_boring_dynamic_certs.rs @@ -103,7 +103,7 @@ where ..Default::default() }); - let client = ( + ( MapResultLayer::new(map_internal_client_error), TraceLayer::new_for_http(), #[cfg(feature = "compression")] @@ -123,9 +123,7 @@ where AddRequiredRequestHeadersLayer::default(), ) .layer(inner_client) - .boxed(); - - client + .boxed() } fn map_internal_client_error(