From 04e12f8d71939b039e74fd94fa7350e64c296557 Mon Sep 17 00:00:00 2001 From: discord9 Date: Wed, 18 Sep 2024 12:24:12 +0800 Subject: [PATCH 01/11] chore: version skew --- Cargo.lock | 84 ++++++++++++++++++++++++++++++++---------- Cargo.toml | 2 +- src/servers/Cargo.toml | 10 +++-- 3 files changed, 72 insertions(+), 24 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index c5b8fc016a5b..bb6455026561 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -811,6 +811,34 @@ dependencies = [ "cc", ] +[[package]] +name = "aws-lc-rs" +version = "1.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2f95446d919226d587817a7d21379e6eb099b97b45110a7f272a444ca5c54070" +dependencies = [ + "aws-lc-sys", + "mirai-annotations", + "paste", + "untrusted 0.7.1", + "zeroize", +] + +[[package]] +name = "aws-lc-sys" +version = "0.21.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5055edc4a9a1b2a917a818258cdfb86a535947feebd9981adc99667a062c6f85" +dependencies = [ + "bindgen", + "cc", + "cmake", + "dunce", + "fs_extra", + "libc", + "paste", +] + [[package]] name = "axum" version = "0.6.20" @@ -989,12 +1017,15 @@ dependencies = [ "itertools 0.12.1", "lazy_static", "lazycell", + "log", + "prettyplease", "proc-macro2", "quote", "regex", "rustc-hash 1.1.0", "shlex", "syn 2.0.66", + "which", ] [[package]] @@ -1236,9 +1267,9 @@ checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" [[package]] name = "bytes" -version = "1.6.0" +version = "1.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "514de17de45fdb8dc022b1a7975556c53c86f9f0aa5f534b98977b171857c2c9" +checksum = "8318a53db07bb3f8dca91a600466bdb3f2eaadeedfdbcf02e1accbad9271ba50" dependencies = [ "serde", ] @@ -1379,13 +1410,13 @@ dependencies = [ [[package]] name = "cc" -version = "1.0.99" +version = "1.1.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "96c51067fd44124faa7f870b4b1c969379ad32b2ba805aa959430ceaa384f695" +checksum = "45bcde016d64c21da4be18b655631e5ab6d3107607e71a73a9f53eb48aae23fb" dependencies = [ "jobserver", "libc", - "once_cell", + "shlex", ] [[package]] @@ -3515,6 +3546,12 @@ version = "1.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "75b325c5dbd37f80359721ad39aca5a29fb04c89279657cffdda8736d0c0b9d2" +[[package]] +name = "dunce" +version = "1.0.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813" + [[package]] name = "duration-str" version = "0.11.2" @@ -4073,6 +4110,12 @@ dependencies = [ "windows-sys 0.52.0", ] +[[package]] +name = "fs_extra" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c" + [[package]] name = "fsevent-sys" version = "4.1.0" @@ -6391,6 +6434,12 @@ dependencies = [ "windows-sys 0.48.0", ] +[[package]] +name = "mirai-annotations" +version = "1.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c9be0862c1b3f26a88803c4a49de6889c10e608b3ee9344e6ef5b45fb37ad3d1" + [[package]] name = "mito2" version = "0.9.3" @@ -7141,17 +7190,17 @@ dependencies = [ [[package]] name = "opensrv-mysql" version = "0.7.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4148ab944991b0a33be74d2636a815268974578812a9e4cf7dc785325e858154" +source = "git+https://github.com/discord9/opensrv?branch=fix_uaf#6992f3253a24058ea7a737a4920ce9bff3e3ba58" dependencies = [ "async-trait", "byteorder", + "bytes", "chrono", "mysql_common 0.32.4", "nom", "pin-project-lite", "tokio", - "tokio-rustls 0.25.0", + "tokio-rustls 0.26.0", ] [[package]] @@ -7765,29 +7814,24 @@ dependencies = [ [[package]] name = "pgwire" -version = "0.20.0" +version = "0.22.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c00492c52bb65e0421211b7f4c5d9de7586e53786a3b244efb00f74851206bf6" +checksum = "3770f56e1e8a608c6de40011b9a00c6b669c14d121024411701b4bc3b2a5be99" dependencies = [ "async-trait", - "base64 0.22.1", + "aws-lc-rs", "bytes", "chrono", "derive-new 0.6.0", "futures", "hex", - "log", "md5", "postgres-types", "rand", - "ring 0.17.8", - "stringprep", "thiserror", - "time", "tokio", - "tokio-rustls 0.25.0", + "tokio-rustls 0.26.0", "tokio-util", - "x509-certificate", ] [[package]] @@ -9554,6 +9598,7 @@ version = "0.23.10" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "05cff451f60db80f490f3c182b77c35260baace73209e9cdbbe526bfe3a4d402" dependencies = [ + "aws-lc-rs", "log", "once_cell", "ring 0.17.8", @@ -9617,6 +9662,7 @@ version = "0.102.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ff448f7e92e913c4b7d4c6d8e4540a1724b319b4152b8aef6d4cf8339712b33e" dependencies = [ + "aws-lc-rs", "ring 0.17.8", "rustls-pki-types", "untrusted 0.9.0", @@ -10453,7 +10499,7 @@ dependencies = [ "regex", "reqwest", "rust-embed", - "rustls 0.22.4", + "rustls 0.23.10", "rustls-pemfile 2.1.2", "rustls-pki-types", "schemars", @@ -10471,7 +10517,7 @@ dependencies = [ "tokio", "tokio-postgres", "tokio-postgres-rustls", - "tokio-rustls 0.25.0", + "tokio-rustls 0.26.0", "tokio-stream", "tokio-test", "tokio-util", diff --git a/Cargo.toml b/Cargo.toml index d412bf7e978e..6a5d649a6ba6 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -99,7 +99,7 @@ base64 = "0.21" bigdecimal = "0.4.2" bitflags = "2.4.1" bytemuck = "1.12" -bytes = { version = "1.5", features = ["serde"] } +bytes = { version = "1.7", features = ["serde"] } chrono = { version = "0.4", features = ["serde"] } clap = { version = "4.4", features = ["derive"] } config = "0.13.0" diff --git a/src/servers/Cargo.toml b/src/servers/Cargo.toml index 626fdaa404c2..8c7b99047bf0 100644 --- a/src/servers/Cargo.toml +++ b/src/servers/Cargo.toml @@ -65,10 +65,12 @@ notify.workspace = true object-pool = "0.5" once_cell.workspace = true openmetrics-parser = "0.4" -opensrv-mysql = "0.7.0" +# use crates.io version after https://github.com/datafuselabs/opensrv/pull/67 is merged +# opensrv-mysql = "0.7.0" +opensrv-mysql = { git = "https://github.com/discord9/opensrv", branch = "fix_uaf" } opentelemetry-proto.workspace = true parking_lot = "0.12" -pgwire = "0.20" +pgwire = "0.22" pin-project = "1.0" pipeline.workspace = true postgres-types = { version = "0.2", features = ["with-chrono-0_4", "with-serde_json-1"] } @@ -85,7 +87,7 @@ rand.workspace = true regex.workspace = true reqwest.workspace = true rust-embed = { version = "6.6", features = ["debug-embed"] } -rustls = "0.22" +rustls = "0.23" rustls-pemfile = "2.0" rustls-pki-types = "1.0" schemars.workspace = true @@ -98,7 +100,7 @@ sql.workspace = true strum.workspace = true table.workspace = true tokio.workspace = true -tokio-rustls = "0.25" +tokio-rustls = "0.26" tokio-stream = { workspace = true, features = ["net"] } tokio-util.workspace = true tonic.workspace = true From 3f4d89690ad3344514cdc659d6289090525ca963 Mon Sep 17 00:00:00 2001 From: discord9 Date: Wed, 18 Sep 2024 12:43:26 +0800 Subject: [PATCH 02/11] fix: even more version skew --- Cargo.lock | 9 ++++----- src/servers/Cargo.toml | 2 +- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index bb6455026561..84617289eba4 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -12153,16 +12153,15 @@ dependencies = [ [[package]] name = "tokio-postgres-rustls" -version = "0.11.1" +version = "0.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0ea13f22eda7127c827983bdaf0d7fff9df21c8817bab02815ac277a21143677" +checksum = "04fb792ccd6bbcd4bba408eb8a292f70fc4a3589e5d793626f45190e6454b6ab" dependencies = [ - "futures", "ring 0.17.8", - "rustls 0.22.4", + "rustls 0.23.10", "tokio", "tokio-postgres", - "tokio-rustls 0.25.0", + "tokio-rustls 0.26.0", "x509-certificate", ] diff --git a/src/servers/Cargo.toml b/src/servers/Cargo.toml index 8c7b99047bf0..73d27274a782 100644 --- a/src/servers/Cargo.toml +++ b/src/servers/Cargo.toml @@ -132,7 +132,7 @@ session = { workspace = true, features = ["testing"] } table.workspace = true tempfile = "3.0.0" tokio-postgres = "0.7" -tokio-postgres-rustls = "0.11" +tokio-postgres-rustls = "0.12" tokio-test = "0.4" [target.'cfg(not(windows))'.dev-dependencies] From 5243fc993bbee96282e59b87cc825179bc471448 Mon Sep 17 00:00:00 2001 From: discord9 Date: Wed, 18 Sep 2024 15:38:50 +0800 Subject: [PATCH 03/11] feat: use `ring` instead of `aws-lc` for remove nasm assembler on windows --- src/servers/Cargo.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/servers/Cargo.toml b/src/servers/Cargo.toml index 73d27274a782..2eb4310d7415 100644 --- a/src/servers/Cargo.toml +++ b/src/servers/Cargo.toml @@ -87,7 +87,7 @@ rand.workspace = true regex.workspace = true reqwest.workspace = true rust-embed = { version = "6.6", features = ["debug-embed"] } -rustls = "0.23" +rustls = { version = "0.23", features = ["ring", "logging", "std", "tls12"] } rustls-pemfile = "2.0" rustls-pki-types = "1.0" schemars.workspace = true @@ -100,7 +100,7 @@ sql.workspace = true strum.workspace = true table.workspace = true tokio.workspace = true -tokio-rustls = "0.26" +tokio-rustls = { version = "0.26", features = ["logging", "tls12", "ring"] } tokio-stream = { workspace = true, features = ["net"] } tokio-util.workspace = true tonic.workspace = true From 2e9404ae87ef722fb6d2909d2dfbf246bedc5c55 Mon Sep 17 00:00:00 2001 From: discord9 Date: Wed, 18 Sep 2024 15:44:53 +0800 Subject: [PATCH 04/11] feat: use `ring` for pgwire --- Cargo.lock | 11 ++++++----- src/servers/Cargo.toml | 2 +- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 84617289eba4..5dbf1c8e230e 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1014,7 +1014,7 @@ dependencies = [ "bitflags 2.5.0", "cexpr", "clang-sys", - "itertools 0.12.1", + "itertools 0.10.5", "lazy_static", "lazycell", "log", @@ -4821,7 +4821,7 @@ dependencies = [ "httpdate", "itoa", "pin-project-lite", - "socket2 0.5.7", + "socket2 0.4.10", "tokio", "tower-service", "tracing", @@ -7828,6 +7828,7 @@ dependencies = [ "md5", "postgres-types", "rand", + "ring 0.17.8", "thiserror", "tokio", "tokio-rustls 0.26.0", @@ -8422,7 +8423,7 @@ checksum = "22505a5c94da8e3b7c2996394d1c933236c4d743e81a410bcca4e6989fc066a4" dependencies = [ "bytes", "heck 0.5.0", - "itertools 0.12.1", + "itertools 0.10.5", "log", "multimap", "once_cell", @@ -8474,7 +8475,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "81bddcdb20abf9501610992b6759a4c888aef7d1a7247ef75e2404275ac24af1" dependencies = [ "anyhow", - "itertools 0.12.1", + "itertools 0.10.5", "proc-macro2", "quote", "syn 2.0.66", @@ -8634,7 +8635,7 @@ dependencies = [ "indoc", "libc", "memoffset 0.9.1", - "parking_lot 0.12.3", + "parking_lot 0.11.2", "portable-atomic", "pyo3-build-config", "pyo3-ffi", diff --git a/src/servers/Cargo.toml b/src/servers/Cargo.toml index 2eb4310d7415..c4bc87fcafd4 100644 --- a/src/servers/Cargo.toml +++ b/src/servers/Cargo.toml @@ -70,7 +70,7 @@ openmetrics-parser = "0.4" opensrv-mysql = { git = "https://github.com/discord9/opensrv", branch = "fix_uaf" } opentelemetry-proto.workspace = true parking_lot = "0.12" -pgwire = "0.22" +pgwire = { version = "0.22", features = ["server-api-ring"] } pin-project = "1.0" pipeline.workspace = true postgres-types = { version = "0.2", features = ["with-chrono-0_4", "with-serde_json-1"] } From 7e9d67f2efea2f44ab7425e320461dc116753ca6 Mon Sep 17 00:00:00 2001 From: discord9 Date: Wed, 18 Sep 2024 16:27:01 +0800 Subject: [PATCH 05/11] feat: change to use `aws-lc-sys` on windows instead --- Cargo.lock | 2 +- src/servers/Cargo.toml | 11 ++++++++--- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 5dbf1c8e230e..0f3c3fd6c2c3 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -7828,7 +7828,6 @@ dependencies = [ "md5", "postgres-types", "rand", - "ring 0.17.8", "thiserror", "tokio", "tokio-rustls 0.26.0", @@ -10436,6 +10435,7 @@ dependencies = [ "arrow-schema", "async-trait", "auth", + "aws-lc-sys", "axum", "axum-macros", "base64 0.21.7", diff --git a/src/servers/Cargo.toml b/src/servers/Cargo.toml index c4bc87fcafd4..d38342677281 100644 --- a/src/servers/Cargo.toml +++ b/src/servers/Cargo.toml @@ -70,7 +70,7 @@ openmetrics-parser = "0.4" opensrv-mysql = { git = "https://github.com/discord9/opensrv", branch = "fix_uaf" } opentelemetry-proto.workspace = true parking_lot = "0.12" -pgwire = { version = "0.22", features = ["server-api-ring"] } +pgwire = "0.22" pin-project = "1.0" pipeline.workspace = true postgres-types = { version = "0.2", features = ["with-chrono-0_4", "with-serde_json-1"] } @@ -87,7 +87,7 @@ rand.workspace = true regex.workspace = true reqwest.workspace = true rust-embed = { version = "6.6", features = ["debug-embed"] } -rustls = { version = "0.23", features = ["ring", "logging", "std", "tls12"] } +rustls = "0.23" rustls-pemfile = "2.0" rustls-pki-types = "1.0" schemars.workspace = true @@ -100,7 +100,7 @@ sql.workspace = true strum.workspace = true table.workspace = true tokio.workspace = true -tokio-rustls = { version = "0.26", features = ["logging", "tls12", "ring"] } +tokio-rustls = "0.26" tokio-stream = { workspace = true, features = ["net"] } tokio-util.workspace = true tonic.workspace = true @@ -138,6 +138,11 @@ tokio-test = "0.4" [target.'cfg(not(windows))'.dev-dependencies] pprof = { version = "0.13", features = ["criterion", "flamegraph"] } +[target.'cfg(windows)'.dependencies] +aws-lc-sys = { version = "0.21.0", features = [ + "prebuilt-nasm", +] } # use prebuilt nasm on windows per https://github.com/aws/aws-lc-rs/blob/main/aws-lc-sys/README.md#use-of-prebuilt-nasm-objects + [build-dependencies] common-version.workspace = true From ad684ce4587845a768fcf0ed84bffcd1ccf3dab6 Mon Sep 17 00:00:00 2001 From: discord9 Date: Wed, 18 Sep 2024 17:42:43 +0800 Subject: [PATCH 06/11] feat: change back to use `ring` --- src/servers/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/servers/Cargo.toml b/src/servers/Cargo.toml index d38342677281..a6b4c934e3f0 100644 --- a/src/servers/Cargo.toml +++ b/src/servers/Cargo.toml @@ -87,7 +87,7 @@ rand.workspace = true regex.workspace = true reqwest.workspace = true rust-embed = { version = "6.6", features = ["debug-embed"] } -rustls = "0.23" +rustls = { version = "0.23", default-features = false, features = ["ring", "logging", "std", "tls12"] } rustls-pemfile = "2.0" rustls-pki-types = "1.0" schemars.workspace = true From 43b2e0075a2680e7d0ea312ffe45182a337d5af3 Mon Sep 17 00:00:00 2001 From: discord9 Date: Wed, 18 Sep 2024 19:09:08 +0800 Subject: [PATCH 07/11] chore: provide CryptoProvider --- src/servers/src/tls.rs | 3 +++ src/servers/tests/mysql/mysql_server_test.rs | 2 ++ src/servers/tests/postgres/mod.rs | 3 +++ 3 files changed, 8 insertions(+) diff --git a/src/servers/src/tls.rs b/src/servers/src/tls.rs index b2b35505968f..b1a4aab2e446 100644 --- a/src/servers/src/tls.rs +++ b/src/servers/src/tls.rs @@ -392,6 +392,9 @@ mod tests { #[test] fn test_tls_file_change_watch() { common_telemetry::init_default_ut_logging(); + let _ = rustls::crypto::CryptoProvider::install_default( + rustls::crypto::ring::default_provider(), + ); let dir = tempfile::tempdir().unwrap(); let cert_path = dir.path().join("serevr.crt"); diff --git a/src/servers/tests/mysql/mysql_server_test.rs b/src/servers/tests/mysql/mysql_server_test.rs index e077409a62df..f434e2447476 100644 --- a/src/servers/tests/mysql/mysql_server_test.rs +++ b/src/servers/tests/mysql/mysql_server_test.rs @@ -45,6 +45,8 @@ struct MysqlOpts<'a> { } fn create_mysql_server(table: TableRef, opts: MysqlOpts<'_>) -> Result> { + let _ = + rustls::crypto::CryptoProvider::install_default(rustls::crypto::ring::default_provider()); let query_handler = create_testing_sql_query_handler(table); let io_runtime = RuntimeBuilder::default() .worker_threads(4) diff --git a/src/servers/tests/postgres/mod.rs b/src/servers/tests/postgres/mod.rs index ad135dd9d0c3..2b4be5e6c5b5 100644 --- a/src/servers/tests/postgres/mod.rs +++ b/src/servers/tests/postgres/mod.rs @@ -357,6 +357,9 @@ async fn test_extended_query() -> Result<()> { async fn start_test_server(server_tls: TlsOption) -> Result { common_telemetry::init_default_ut_logging(); + + let _ = + rustls::crypto::CryptoProvider::install_default(rustls::crypto::ring::default_provider()); let table = MemTable::default_numbers_table(); let pg_server = create_postgres_server(table, false, server_tls, None)?; let listening = "127.0.0.1:0".parse::().unwrap(); From 007f3e75627aa34125fec25e89332e9488014bd9 Mon Sep 17 00:00:00 2001 From: discord9 Date: Thu, 19 Sep 2024 10:48:10 +0800 Subject: [PATCH 08/11] feat: use upstream repo --- Cargo.lock | 2 +- src/servers/Cargo.toml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 0f3c3fd6c2c3..33e048033f56 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -7190,7 +7190,7 @@ dependencies = [ [[package]] name = "opensrv-mysql" version = "0.7.0" -source = "git+https://github.com/discord9/opensrv?branch=fix_uaf#6992f3253a24058ea7a737a4920ce9bff3e3ba58" +source = "git+https://github.com/datafuselabs/opensrv?rev=6bbc3b65e6b19212c4f7fc4f40c20daf6f452deb#6bbc3b65e6b19212c4f7fc4f40c20daf6f452deb" dependencies = [ "async-trait", "byteorder", diff --git a/src/servers/Cargo.toml b/src/servers/Cargo.toml index a6b4c934e3f0..345dbc62148d 100644 --- a/src/servers/Cargo.toml +++ b/src/servers/Cargo.toml @@ -65,9 +65,9 @@ notify.workspace = true object-pool = "0.5" once_cell.workspace = true openmetrics-parser = "0.4" -# use crates.io version after https://github.com/datafuselabs/opensrv/pull/67 is merged +# use crates.io version after current revision is merged in next release # opensrv-mysql = "0.7.0" -opensrv-mysql = { git = "https://github.com/discord9/opensrv", branch = "fix_uaf" } +opensrv-mysql = { git = "https://github.com/datafuselabs/opensrv", rev = "6bbc3b65e6b19212c4f7fc4f40c20daf6f452deb" } opentelemetry-proto.workspace = true parking_lot = "0.12" pgwire = "0.22" From 6a798465fb25f282eba6c20f05ffe7116950e2ed Mon Sep 17 00:00:00 2001 From: discord9 Date: Thu, 19 Sep 2024 11:21:30 +0800 Subject: [PATCH 09/11] feat: install ring crypto lib in main --- src/cmd/src/bin/greptime.rs | 4 +++- src/cmd/src/error.rs | 13 ++++++++++--- src/servers/src/lib.rs | 16 ++++++++++++++++ 3 files changed, 29 insertions(+), 4 deletions(-) diff --git a/src/cmd/src/bin/greptime.rs b/src/cmd/src/bin/greptime.rs index f36d0f1331f8..54659833fa15 100644 --- a/src/cmd/src/bin/greptime.rs +++ b/src/cmd/src/bin/greptime.rs @@ -15,10 +15,11 @@ #![doc = include_str!("../../../../README.md")] use clap::{Parser, Subcommand}; -use cmd::error::Result; +use cmd::error::{InitTlsProviderSnafu, Result}; use cmd::options::GlobalOptions; use cmd::{cli, datanode, flownode, frontend, metasrv, standalone, App}; use common_version::version; +use servers::install_ring_crypto_provider; #[derive(Parser)] #[command(name = "greptime", author, version, long_version = version(), about)] @@ -94,6 +95,7 @@ async fn main() -> Result<()> { async fn main_body() -> Result<()> { setup_human_panic(); + install_ring_crypto_provider().map_err(|msg| InitTlsProviderSnafu { msg }.build())?; start(Command::parse()).await } diff --git a/src/cmd/src/error.rs b/src/cmd/src/error.rs index 08c81c414c99..f042b48478d4 100644 --- a/src/cmd/src/error.rs +++ b/src/cmd/src/error.rs @@ -24,6 +24,12 @@ use snafu::{Location, Snafu}; #[snafu(visibility(pub))] #[stack_trace_debug] pub enum Error { + #[snafu(display("Failed to install ring crypto provider: {}", msg))] + InitTlsProvider { + #[snafu(implicit)] + location: Location, + msg: String, + }, #[snafu(display("Failed to create default catalog and schema"))] InitMetadata { #[snafu(implicit)] @@ -369,9 +375,10 @@ impl ErrorExt for Error { } Error::SubstraitEncodeLogicalPlan { source, .. } => source.status_code(), - Error::SerdeJson { .. } | Error::FileIo { .. } | Error::SpawnThread { .. } => { - StatusCode::Unexpected - } + Error::SerdeJson { .. } + | Error::FileIo { .. } + | Error::SpawnThread { .. } + | Error::InitTlsProvider { .. } => StatusCode::Unexpected, Error::Other { source, .. } => source.status_code(), diff --git a/src/servers/src/lib.rs b/src/servers/src/lib.rs index a8f97877bdda..ff1af967fa2f 100644 --- a/src/servers/src/lib.rs +++ b/src/servers/src/lib.rs @@ -55,3 +55,19 @@ pub struct SqlPlan { plan: Option, schema: Option, } + +/// Install the ring crypto provider for rustls process-wide. see: +/// +/// https://docs.rs/rustls/latest/rustls/crypto/struct.CryptoProvider.html#using-the-per-process-default-cryptoprovider +/// +/// for more information. +pub fn install_ring_crypto_provider() -> Result<(), String> { + rustls::crypto::CryptoProvider::install_default(rustls::crypto::ring::default_provider()) + .map_err(|ret| { + format!( + "CryptoProvider already installed as: {:?}, but providing {:?}", + rustls::crypto::CryptoProvider::get_default(), + ret + ) + }) +} From 93452e67cc49679093f9b724ed7336e2abd2cd00 Mon Sep 17 00:00:00 2001 From: discord9 Date: Thu, 19 Sep 2024 11:35:06 +0800 Subject: [PATCH 10/11] chore: use same fn to install in tests --- src/servers/src/tls.rs | 5 ++--- src/servers/tests/mysql/mysql_server_test.rs | 4 ++-- src/servers/tests/postgres/mod.rs | 4 ++-- 3 files changed, 6 insertions(+), 7 deletions(-) diff --git a/src/servers/src/tls.rs b/src/servers/src/tls.rs index b1a4aab2e446..70c2be5d9d31 100644 --- a/src/servers/src/tls.rs +++ b/src/servers/src/tls.rs @@ -239,6 +239,7 @@ pub fn maybe_watch_tls_config(tls_server_config: Arc) #[cfg(test)] mod tests { use super::*; + use crate::install_ring_crypto_provider; use crate::tls::TlsMode::Disable; #[test] @@ -392,9 +393,7 @@ mod tests { #[test] fn test_tls_file_change_watch() { common_telemetry::init_default_ut_logging(); - let _ = rustls::crypto::CryptoProvider::install_default( - rustls::crypto::ring::default_provider(), - ); + let _ = install_ring_crypto_provider(); let dir = tempfile::tempdir().unwrap(); let cert_path = dir.path().join("serevr.crt"); diff --git a/src/servers/tests/mysql/mysql_server_test.rs b/src/servers/tests/mysql/mysql_server_test.rs index f434e2447476..ba2cdbdab27d 100644 --- a/src/servers/tests/mysql/mysql_server_test.rs +++ b/src/servers/tests/mysql/mysql_server_test.rs @@ -28,6 +28,7 @@ use mysql_async::{Conn, Row, SslOpts}; use rand::rngs::StdRng; use rand::Rng; use servers::error::Result; +use servers::install_ring_crypto_provider; use servers::mysql::server::{MysqlServer, MysqlSpawnConfig, MysqlSpawnRef}; use servers::server::Server; use servers::tls::{ReloadableTlsServerConfig, TlsOption}; @@ -45,8 +46,7 @@ struct MysqlOpts<'a> { } fn create_mysql_server(table: TableRef, opts: MysqlOpts<'_>) -> Result> { - let _ = - rustls::crypto::CryptoProvider::install_default(rustls::crypto::ring::default_provider()); + let _ = install_ring_crypto_provider(); let query_handler = create_testing_sql_query_handler(table); let io_runtime = RuntimeBuilder::default() .worker_threads(4) diff --git a/src/servers/tests/postgres/mod.rs b/src/servers/tests/postgres/mod.rs index 2b4be5e6c5b5..f3ff827db435 100644 --- a/src/servers/tests/postgres/mod.rs +++ b/src/servers/tests/postgres/mod.rs @@ -27,6 +27,7 @@ use rustls::client::danger::{ServerCertVerified, ServerCertVerifier}; use rustls::{Error, SignatureScheme}; use rustls_pki_types::{CertificateDer, ServerName}; use servers::error::Result; +use servers::install_ring_crypto_provider; use servers::postgres::PostgresServer; use servers::server::Server; use servers::tls::{ReloadableTlsServerConfig, TlsOption}; @@ -357,9 +358,8 @@ async fn test_extended_query() -> Result<()> { async fn start_test_server(server_tls: TlsOption) -> Result { common_telemetry::init_default_ut_logging(); + let _ = install_ring_crypto_provider(); - let _ = - rustls::crypto::CryptoProvider::install_default(rustls::crypto::ring::default_provider()); let table = MemTable::default_numbers_table(); let pg_server = create_postgres_server(table, false, server_tls, None)?; let listening = "127.0.0.1:0".parse::().unwrap(); From b0d3feca5cd85cb5b28f9f7ec3f023265585a5d1 Mon Sep 17 00:00:00 2001 From: discord9 Date: Thu, 19 Sep 2024 11:53:23 +0800 Subject: [PATCH 11/11] feat: make pgwire use `ring` --- Cargo.lock | 3 +-- src/servers/Cargo.toml | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 33e048033f56..28e349f9709f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -820,7 +820,6 @@ dependencies = [ "aws-lc-sys", "mirai-annotations", "paste", - "untrusted 0.7.1", "zeroize", ] @@ -7819,7 +7818,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3770f56e1e8a608c6de40011b9a00c6b669c14d121024411701b4bc3b2a5be99" dependencies = [ "async-trait", - "aws-lc-rs", "bytes", "chrono", "derive-new 0.6.0", @@ -7828,6 +7826,7 @@ dependencies = [ "md5", "postgres-types", "rand", + "ring 0.17.8", "thiserror", "tokio", "tokio-rustls 0.26.0", diff --git a/src/servers/Cargo.toml b/src/servers/Cargo.toml index 345dbc62148d..d088961e731c 100644 --- a/src/servers/Cargo.toml +++ b/src/servers/Cargo.toml @@ -70,7 +70,7 @@ openmetrics-parser = "0.4" opensrv-mysql = { git = "https://github.com/datafuselabs/opensrv", rev = "6bbc3b65e6b19212c4f7fc4f40c20daf6f452deb" } opentelemetry-proto.workspace = true parking_lot = "0.12" -pgwire = "0.22" +pgwire = { version = "0.22", default-features = false, features = ["server-api-ring"] } pin-project = "1.0" pipeline.workspace = true postgres-types = { version = "0.2", features = ["with-chrono-0_4", "with-serde_json-1"] }