Skip to content

feat: Modular crypto #1292

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
richarddavison merged 77 commits into from
Feb 4, 2026
Merged

feat: Modular crypto #1292

Show file tree
Hide file tree
Changes from 68 commits
Commits
Show all changes
77 commits
Select commit Hold shift + click to select a range
2787cf8
WIP
richarddavison Sep 29, 2025
9731ce5
Refactor crypto and HTTP modules to support multiple TLS backends
richarddavison Dec 15, 2025
434bc5e
CI
richarddavison Dec 15, 2025
46821d8
Allow all features
richarddavison Dec 15, 2025
2776c60
Fix fixtures
richarddavison Dec 16, 2025
0554c9c
pkg-config
richarddavison Dec 16, 2025
be186c3
Vendored openssl
richarddavison Dec 16, 2025
410ba93
Fix
richarddavison Dec 16, 2025
d3c8e3d
Cleanup features
richarddavison Dec 16, 2025
779e83a
Tweak features
richarddavison Dec 17, 2025
e9200b4
Do not use macos-14
richarddavison Dec 17, 2025
bf4de09
Adjust features
richarddavison Dec 17, 2025
15810ad
Fix flags
richarddavison Dec 17, 2025
1a39c39
Cleanup CI
richarddavison Dec 17, 2025
08da665
Cleanups
richarddavison Dec 18, 2025
5baa875
Fix check
richarddavison Dec 18, 2025
3951df9
Features
richarddavison Dec 18, 2025
abf8e1e
Allow deadcode for providers with missing algos
richarddavison Dec 19, 2025
dd53fd1
AES CPU feature detection
richarddavison Dec 19, 2025
1fcfc92
Format
richarddavison Dec 19, 2025
a54f174
Clippy
richarddavison Dec 19, 2025
2dc0a10
Disable test
richarddavison Dec 19, 2025
d77fcd2
Disable some tests
richarddavison Dec 19, 2025
01e5bb4
Disable tests
richarddavison Dec 19, 2025
accc3ca
Gates
richarddavison Dec 19, 2025
7a6622e
Ignore if kill fails due to process already killed
richarddavison Dec 21, 2025
2b6dd99
Fix CI
richarddavison Dec 22, 2025
f003f97
address some feedback
richarddavison Jan 27, 2026
b690808
adjust tag length calculation and update public key retrieval method
richarddavison Jan 27, 2026
797a659
Correct modules
richarddavison Jan 28, 2026
7720541
Add crypto tests to build as well
richarddavison Jan 28, 2026
fc22f3c
Potential fix for code scanning alert no. 13: Workflow does not conta…
richarddavison Jan 28, 2026
530f2f0
Trigger CI
richarddavison Jan 28, 2026
f93ba64
Fix CI matrix - use explicit includes
richarddavison Jan 28, 2026
dda2642
Fix permissions placement in build-modules.yml
richarddavison Jan 28, 2026
30fedfa
Trigger CI
richarddavison Jan 28, 2026
89b06e0
Revert ci.yml to main - crypto matrix needs build.yml merged first
richarddavison Jan 28, 2026
9b9e312
Revert all workflows to main - will add crypto matrix after merge
richarddavison Jan 28, 2026
231fa5d
Reset Cargo.lock to fix RustCrypto version conflicts
richarddavison Jan 28, 2026
2c5bcd0
Add crypto provider matrix to CI
richarddavison Jan 28, 2026
cd6ee78
Gate
richarddavison Jan 28, 2026
7d32b23
Use default features for clippy
richarddavison Jan 28, 2026
386ba1b
Fix feature
richarddavison Jan 28, 2026
c042d2d
Temporary disable fail fast
richarddavison Jan 28, 2026
0e47c91
Enhance TLS support by adding openssl-vendored feature and updating d…
richarddavison Jan 28, 2026
226a645
Do not fail fast
richarddavison Jan 28, 2026
389c4ab
Refactor CI workflows to conditionally include openssl-vendored featu…
richarddavison Jan 29, 2026
e270c75
Refactor module imports and streamline feature conditionals for bette…
richarddavison Jan 29, 2026
ed1a47a
remove redundant 'lambda' feature from cargo features
richarddavison Jan 29, 2026
5f07fea
Implement OpenSSL-native SubtleCrypto export/import/wrap/unwrap
richarddavison Jan 29, 2026
175852d
Format code
richarddavison Jan 29, 2026
33d60d9
Fix OpenSSL EC key format and Windows CI shell
richarddavison Jan 29, 2026
c6908cb
Format code
richarddavison Jan 29, 2026
1495c40
Fix OpenSSL import_ec_jwk to return SEC1 for public keys
richarddavison Jan 29, 2026
c12175c
Unify export/import/wrap key implementations using provider trait
richarddavison Jan 29, 2026
98d6e52
Fix OpenSSL export_ec_jwk for public keys
richarddavison Jan 29, 2026
2a489f7
remove macos x86 from tests
richarddavison Jan 29, 2026
25efa7f
Add MSYS2 OpenSSL setup for Windows modules job
richarddavison Jan 29, 2026
0c24735
Re-trigger CI (flaky child_process test)
richarddavison Jan 29, 2026
d658162
fix race
richarddavison Jan 29, 2026
b53da61
Fix haning test
richarddavison Jan 30, 2026
fe2b11c
Skip test - debug
richarddavison Jan 30, 2026
45cd73c
Add back test
richarddavison Jan 30, 2026
aa08e2c
Debug set worker to 1 and use destroy instead of close
richarddavison Jan 30, 2026
76c2e5d
Debug tests
richarddavison Feb 2, 2026
62dd237
Debug
richarddavison Feb 2, 2026
a069241
fix
richarddavison Feb 2, 2026
b460a01
Use CPU count
richarddavison Feb 2, 2026
b674e0e
Refactor crypto module based on Sytten's review comments
Feb 3, 2026
7f1514c
Revert "Refactor crypto module based on Sytten's review comments"
Feb 3, 2026
199696b
- Replace ShaAlgorithm with unified HashAlgorithm enum
richarddavison Feb 3, 2026
1f0f5e7
Use miniz
richarddavison Feb 3, 2026
198c1a8
Refactor
richarddavison Feb 3, 2026
9e8dd86
Move gate to lib
richarddavison Feb 3, 2026
7fbf1a5
Cleanup test feature
richarddavison Feb 3, 2026
8c992fe
Use cow and avoid clone data
richarddavison Feb 3, 2026
1d4e5a2
Correct names
richarddavison Feb 3, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
81 changes: 77 additions & 4 deletions .github/workflows/build-modules.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,17 @@ on:
toolchain:
required: true
type: string
crypto:
required: false
type: string
default: "ring"

permissions:
contents: read

jobs:
build:
name: ${{ inputs.arch }}-${{ inputs.platform }}
name: ${{ inputs.arch }}-${{ inputs.platform }}-${{ inputs.crypto }}
runs-on: ${{ inputs.os }}
steps:
- name: Checkout
Expand All @@ -26,19 +33,85 @@ jobs:
uses: actions-rust-lang/setup-rust-toolchain@v1
with:
toolchain: ${{ inputs.toolchain }}
- name: Install Windows OpenSSL
if: inputs.platform == 'windows' && inputs.crypto == 'openssl'
uses: msys2/setup-msys2@v2
with:
msystem: MINGW64
update: true
path-type: inherit
install: >-
mingw-w64-x86_64-openssl
mingw-w64-x86_64-pkgconf
- name: Set OpenSSL env for Windows
if: inputs.platform == 'windows' && inputs.crypto == 'openssl'
shell: bash
run: |
echo "OPENSSL_DIR=D:/a/_temp/msys64/mingw64" >> $GITHUB_ENV
echo "OPENSSL_LIB_DIR=D:/a/_temp/msys64/mingw64/lib" >> $GITHUB_ENV
echo "OPENSSL_INCLUDE_DIR=D:/a/_temp/msys64/mingw64/include" >> $GITHUB_ENV
- name: Map crypto feature to TLS and crypto features
id: features
shell: bash
run: |
case "${{ inputs.crypto }}" in
graviola)
echo "tls_feature=tls-graviola" >> $GITHUB_OUTPUT
echo "crypto_feature=crypto-graviola" >> $GITHUB_OUTPUT
;;
ring)
echo "tls_feature=tls-ring" >> $GITHUB_OUTPUT
echo "crypto_feature=crypto-ring" >> $GITHUB_OUTPUT
;;
openssl)
echo "tls_feature=tls-openssl" >> $GITHUB_OUTPUT
echo "crypto_feature=crypto-openssl" >> $GITHUB_OUTPUT
if [ "${{ inputs.platform }}" != "windows" ]; then
echo "extra_features=,openssl-vendored" >> $GITHUB_OUTPUT
fi
;;
aws-lc)
echo "tls_feature=tls-aws-lc" >> $GITHUB_OUTPUT
echo "crypto_feature=crypto-ring" >> $GITHUB_OUTPUT
;;
*)
echo "Unknown crypto feature: ${{ inputs.crypto }}"
exit 1
;;
esac
- name: Run build crates
shell: bash
env:
RUSTFLAGS: ""
TLS_FEATURE: ${{ steps.features.outputs.tls_feature }}
CRYPTO_FEATURE: ${{ steps.features.outputs.crypto_feature }}
run: |
crates=$(cargo metadata --no-deps --format-version 1 --quiet | jq -r '.packages[] | select(.manifest_path | contains("modules/")) | .name')
for crate in $crates; do
echo "Compiling crate: $crate"
cargo build -p "$crate"
if [ "$crate" = "llrt_fetch" ]; then
cargo build -p "$crate" --no-default-features --features "http1,http2,webpki-roots,compression-rust,$TLS_FEATURE"
elif [ "$crate" = "llrt_http" ]; then
cargo build -p "$crate" --no-default-features --features "http1,http2,webpki-roots,$TLS_FEATURE"
elif [ "$crate" = "llrt_crypto" ]; then
cargo build -p "$crate" --no-default-features --features "$CRYPTO_FEATURE"
else
cargo build -p "$crate"
fi
done
- name: Run build all
shell: bash
env:
TLS_FEATURE: ${{ steps.features.outputs.tls_feature }}
CRYPTO_FEATURE: ${{ steps.features.outputs.crypto_feature }}
EXTRA_FEATURES: ${{ steps.features.outputs.extra_features }}
run: |
cargo build -p llrt_modules
cargo build -p llrt_modules --no-default-features --features "base,$TLS_FEATURE,$CRYPTO_FEATURE$EXTRA_FEATURES"
- name: Run tests all
shell: bash
env:
TLS_FEATURE: ${{ steps.features.outputs.tls_feature }}
CRYPTO_FEATURE: ${{ steps.features.outputs.crypto_feature }}
EXTRA_FEATURES: ${{ steps.features.outputs.extra_features }}
run: |
cargo test -p llrt_modules
cargo test -p llrt_modules --no-default-features --features "base,$TLS_FEATURE,$CRYPTO_FEATURE$EXTRA_FEATURES"
37 changes: 36 additions & 1 deletion .github/workflows/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,11 +18,15 @@ on:
required: false
type: string
default: "nightly"
crypto:
required: false
type: string
default: ""

jobs:
build:
runs-on: ${{ inputs.os }}
name: build ${{ inputs.arch }}-${{ inputs.platform }}
name: build ${{ inputs.arch }}-${{ inputs.platform }}${{ inputs.crypto && format('-{0}', inputs.crypto) || '' }}
steps:
- name: Checkout
uses: actions/checkout@v6
Expand Down Expand Up @@ -79,13 +83,44 @@ jobs:
uses: actions-rust-lang/setup-rust-toolchain@v1
with:
toolchain: ${{ inputs.toolchain }}
- name: Map crypto to features
id: features
if: inputs.crypto != ''
shell: bash
run: |
case "${{ inputs.crypto }}" in
graviola)
echo "cargo_features=--no-default-features --features macro,crypto-graviola-rust,tls-graviola" >> $GITHUB_OUTPUT
;;
ring)
echo "cargo_features=--no-default-features --features macro,crypto-ring-rust,tls-ring" >> $GITHUB_OUTPUT
;;
openssl)
if [ "${{ inputs.platform }}" = "windows" ]; then
echo "cargo_features=--no-default-features --features macro,crypto-openssl,tls-openssl" >> $GITHUB_OUTPUT
else
echo "cargo_features=--no-default-features --features macro,crypto-openssl,tls-openssl,openssl-vendored" >> $GITHUB_OUTPUT
fi
;;
aws-lc)
echo "cargo_features=--no-default-features --features macro,crypto-rust,tls-aws-lc" >> $GITHUB_OUTPUT
;;
*)
echo "Unknown crypto: ${{ inputs.crypto }}"
exit 1
;;
esac
- name: Run tests
if: inputs.platform != 'windows'
env:
CARGO_FEATURES: ${{ steps.features.outputs.cargo_features }}
run: |
make test-ci 2>&1
- name: Run tests on windows
if: inputs.platform == 'windows'
shell: msys2 {0}
env:
CARGO_FEATURES: ${{ steps.features.outputs.cargo_features }}
run: |
make test-ci 2>&1
- name: Build Linux binaries
Expand Down
133 changes: 127 additions & 6 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,69 +29,190 @@ jobs:
for i in {1..5}; do
echo "console.log(123);" > "bundle/js/test$i.js"
done
cargo clippy --all-targets --all-features -- -D warnings
cargo clippy --all-targets -- -D warnings
build:
needs:
- check
strategy:
fail-fast: ${{ startsWith(github.ref, 'refs/tags/') }}
matrix:
include:
- os: windows-latest
platform: windows
# Ubuntu x64
- os: ubuntu-latest
platform: linux
arch: x86_64
toolchain: nightly-x86_64-pc-windows-gnu
toolchain: nightly
crypto: ring
- os: ubuntu-latest
platform: linux
arch: x86_64
toolchain: nightly
crypto: aws-lc
- os: ubuntu-latest
platform: linux
arch: x86_64
toolchain: nightly
crypto: graviola
- os: ubuntu-latest
platform: linux
arch: x86_64
toolchain: nightly
crypto: openssl
# Ubuntu arm64
- os: ubuntu-24.04-arm
platform: linux
arch: aarch64
toolchain: nightly
crypto: ring
- os: ubuntu-24.04-arm
platform: linux
arch: aarch64
toolchain: nightly
crypto: aws-lc
- os: ubuntu-24.04-arm
platform: linux
arch: aarch64
toolchain: nightly
crypto: graviola
- os: ubuntu-24.04-arm
platform: linux
arch: aarch64
toolchain: nightly
crypto: openssl
# macOS arm64
- os: macos-latest
platform: darwin
arch: x86_64
arch: aarch64
toolchain: nightly
crypto: ring
- os: macos-latest
platform: darwin
arch: aarch64
toolchain: nightly
crypto: aws-lc
- os: macos-latest
platform: darwin
arch: aarch64
toolchain: nightly
crypto: graviola
- os: macos-latest
platform: darwin
arch: aarch64
toolchain: nightly
crypto: openssl
# Windows x64 (ring, openssl, graviola - no aws-lc)
- os: windows-latest
platform: windows
arch: x86_64
toolchain: nightly-x86_64-pc-windows-gnu
crypto: ring
- os: windows-latest
platform: windows
arch: x86_64
toolchain: nightly-x86_64-pc-windows-gnu
crypto: openssl
- os: windows-latest
platform: windows
arch: x86_64
toolchain: nightly-x86_64-pc-windows-gnu
crypto: graviola
uses: ./.github/workflows/build.yml
with:
os: ${{ matrix.os }}
platform: ${{ matrix.platform }}
arch: ${{ matrix.arch }}
toolchain: ${{ matrix.toolchain }}
crypto: ${{ matrix.crypto }}
modules:
needs:
- check
strategy:
fail-fast: false
matrix:
include:
# Ubuntu x64
- os: ubuntu-latest
platform: linux
arch: x86_64
toolchain: stable
crypto: ring
- os: ubuntu-latest
platform: linux
arch: x86_64
toolchain: stable
crypto: aws-lc
- os: ubuntu-latest
platform: linux
arch: x86_64
toolchain: stable
crypto: graviola
- os: ubuntu-latest
platform: linux
arch: x86_64
toolchain: stable
crypto: openssl
# Ubuntu arm64
- os: ubuntu-24.04-arm
platform: linux
arch: aarch64
toolchain: stable
crypto: ring
- os: ubuntu-24.04-arm
platform: linux
arch: aarch64
toolchain: stable
crypto: aws-lc
- os: ubuntu-24.04-arm
platform: linux
arch: aarch64
toolchain: stable
crypto: graviola
- os: ubuntu-24.04-arm
platform: linux
arch: aarch64
toolchain: stable
crypto: openssl
# macOS arm64
- os: macos-latest
platform: darwin
arch: x86_64
arch: aarch64
toolchain: stable
crypto: ring
- os: macos-latest
platform: darwin
arch: aarch64
toolchain: stable
crypto: aws-lc
- os: macos-latest
platform: darwin
arch: aarch64
toolchain: stable
crypto: graviola
- os: macos-latest
platform: darwin
arch: aarch64
toolchain: stable
crypto: openssl
# Windows x64 (ring, openssl, graviola - no aws-lc)
- os: windows-latest
platform: windows
arch: x86_64
toolchain: stable-x86_64-pc-windows-gnu
crypto: ring
- os: windows-latest
platform: windows
arch: x86_64
toolchain: stable-x86_64-pc-windows-gnu
crypto: openssl
- os: windows-latest
platform: windows
arch: x86_64
toolchain: stable-x86_64-pc-windows-gnu
crypto: graviola
uses: ./.github/workflows/build-modules.yml
with:
os: ${{ matrix.os }}
platform: ${{ matrix.platform }}
arch: ${{ matrix.arch }}
toolchain: ${{ matrix.toolchain }}
crypto: ${{ matrix.crypto }}
Loading