From 3f52576f4eafcbb1e07aba718b92a5a999d976a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Garci=CC=81a?= Date: Fri, 1 Dec 2023 12:48:13 +0100 Subject: [PATCH 01/10] Support Rustls through cargo features --- Cargo.lock | 104 ++++++++++++++++++++++- crates/bitwarden-api-api/Cargo.toml | 1 + crates/bitwarden-api-identity/Cargo.toml | 1 + crates/bitwarden-json/Cargo.toml | 8 +- crates/bitwarden-py/Cargo.toml | 5 +- crates/bitwarden/Cargo.toml | 10 ++- 6 files changed, 124 insertions(+), 5 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 50e263401..5979a2bd5 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1506,6 +1506,20 @@ dependencies = [ "want", ] +[[package]] +name = "hyper-rustls" +version = "0.24.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ec3efd23720e2049821a693cbc7e65ea87c72f1c58ff2f9522ff332b1491e590" +dependencies = [ + "futures-util", + "http", + "hyper", + "rustls", + "tokio", + "tokio-rustls", +] + [[package]] name = "hyper-tls" version = "0.5.0" @@ -1679,7 +1693,7 @@ version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" dependencies = [ - "spin", + "spin 0.5.2", ] [[package]] @@ -2558,6 +2572,7 @@ dependencies = [ "http", "http-body", "hyper", + "hyper-rustls", "hyper-tls", "ipnet", "js-sys", @@ -2568,17 +2583,21 @@ dependencies = [ "once_cell", "percent-encoding", "pin-project-lite", + "rustls", + "rustls-pemfile", "serde", "serde_json", "serde_urlencoded", "system-configuration", "tokio", "tokio-native-tls", + "tokio-rustls", "tower-service", "url", "wasm-bindgen", "wasm-bindgen-futures", "web-sys", + "webpki-roots", "winreg", ] @@ -2597,6 +2616,20 @@ dependencies = [ "bytemuck", ] +[[package]] +name = "ring" +version = "0.17.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "684d5e6e18f669ccebf64a92236bb7db9a34f07be010e3627368182027180866" +dependencies = [ + "cc", + "getrandom 0.2.11", + "libc", + "spin 0.9.8", + "untrusted", + "windows-sys 0.48.0", +] + [[package]] name = "rsa" version = "0.9.3" @@ -2636,6 +2669,37 @@ dependencies = [ "windows-sys 0.48.0", ] +[[package]] +name = "rustls" +version = "0.21.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "629648aced5775d558af50b2b4c7b02983a04b312126d45eeead26e7caa498b9" +dependencies = [ + "log", + "ring", + "rustls-webpki", + "sct", +] + +[[package]] +name = "rustls-pemfile" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1c74cae0a4cf6ccbbf5f359f08efdf8ee7e1dc532573bf0db71968cb56b1448c" +dependencies = [ + "base64 0.21.5", +] + +[[package]] +name = "rustls-webpki" +version = "0.101.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765" +dependencies = [ + "ring", + "untrusted", +] + [[package]] name = "rustversion" version = "1.0.14" @@ -2731,6 +2795,16 @@ dependencies = [ "syn 2.0.39", ] +[[package]] +name = "sct" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414" +dependencies = [ + "ring", + "untrusted", +] + [[package]] name = "sdk-schemas" version = "0.1.0" @@ -3009,6 +3083,12 @@ version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" +[[package]] +name = "spin" +version = "0.9.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" + [[package]] name = "spki" version = "0.7.2" @@ -3285,6 +3365,16 @@ dependencies = [ "tokio", ] +[[package]] +name = "tokio-rustls" +version = "0.24.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081" +dependencies = [ + "rustls", + "tokio", +] + [[package]] name = "tokio-util" version = "0.7.10" @@ -3623,6 +3713,12 @@ version = "0.2.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f28467d3e1d3c6586d8f25fa243f544f5800fec42d97032474e17222c2b75cfa" +[[package]] +name = "untrusted" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" + [[package]] name = "url" version = "2.4.1" @@ -3807,6 +3903,12 @@ dependencies = [ "wasm-bindgen", ] +[[package]] +name = "webpki-roots" +version = "0.25.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1778a42e8b3b90bff8d0f5032bf22250792889a5cdc752aa0020c84abe3aaf10" + [[package]] name = "weedle2" version = "4.0.0" diff --git a/crates/bitwarden-api-api/Cargo.toml b/crates/bitwarden-api-api/Cargo.toml index 2e05088e0..ee96864dd 100644 --- a/crates/bitwarden-api-api/Cargo.toml +++ b/crates/bitwarden-api-api/Cargo.toml @@ -22,5 +22,6 @@ uuid = { version = ">=1.3.3, <2", features = ["serde"] } [dependencies.reqwest] version = ">=0.11.18, <0.12" features = ["json", "multipart"] +default-features = false [dev-dependencies] diff --git a/crates/bitwarden-api-identity/Cargo.toml b/crates/bitwarden-api-identity/Cargo.toml index 7207c5f8e..5e650a034 100644 --- a/crates/bitwarden-api-identity/Cargo.toml +++ b/crates/bitwarden-api-identity/Cargo.toml @@ -22,5 +22,6 @@ uuid = { version = ">=1.3.3, <2", features = ["serde"] } [dependencies.reqwest] version = ">=0.11.18, <0.12" features = ["json", "multipart"] +default-features = false [dev-dependencies] diff --git a/crates/bitwarden-json/Cargo.toml b/crates/bitwarden-json/Cargo.toml index f7c0fd58d..ca8f5c7e1 100644 --- a/crates/bitwarden-json/Cargo.toml +++ b/crates/bitwarden-json/Cargo.toml @@ -14,13 +14,19 @@ edition = "2021" rust-version = "1.57" [features] +default = ["use_native_tls"] + internal = ["bitwarden/internal"] # Internal testing methods secrets = ["bitwarden/secrets"] # Secrets manager API +# TLS backend selection +use_native_tls = ["bitwarden/use_native_tls"] +use_rustls = ["bitwarden/use_rustls"] + [dependencies] log = ">=0.4.18, <0.5" schemars = ">=0.8.12, <0.9" serde = { version = ">=1.0, <2.0", features = ["derive"] } serde_json = ">=1.0.96, <2.0" -bitwarden = { path = "../bitwarden" } +bitwarden = { path = "../bitwarden", default-features = false } diff --git a/crates/bitwarden-py/Cargo.toml b/crates/bitwarden-py/Cargo.toml index 94e9e6a43..d40c1f7bc 100644 --- a/crates/bitwarden-py/Cargo.toml +++ b/crates/bitwarden-py/Cargo.toml @@ -12,7 +12,10 @@ crate-type = ["cdylib"] pyo3 = { version = "0.20.0", features = ["extension-module"] } pyo3-log = "0.9.0" -bitwarden-json = { path = "../bitwarden-json", features = ["secrets"] } +bitwarden-json = { path = "../bitwarden-json", features = [ + "secrets", + "use_rustls", +], default-features = false } [build-dependencies] pyo3-build-config = { version = "0.20.0" } diff --git a/crates/bitwarden/Cargo.toml b/crates/bitwarden/Cargo.toml index aea2cfe9e..b65def061 100644 --- a/crates/bitwarden/Cargo.toml +++ b/crates/bitwarden/Cargo.toml @@ -13,12 +13,16 @@ edition = "2021" rust-version = "1.57" [features] -default = ["secrets"] +default = ["secrets", "use_native_tls"] secrets = [] # Secrets manager API internal = [] # Internal testing methods mobile = ["uniffi", "internal"] # Mobile-specific features +# TLS backend selection +use_native_tls = ["reqwest/native-tls"] +use_rustls = ["reqwest/rustls-tls"] + [dependencies] aes = ">=0.8.2, <0.9" argon2 = { version = ">=0.5.0, <0.6", features = [ @@ -43,7 +47,9 @@ num-bigint = ">=0.4, <0.5" num-traits = ">=0.2.15, <0.3" pbkdf2 = { version = ">=0.12.1, <0.13", default-features = false } rand = ">=0.8.5, <0.9" -reqwest = { version = ">=0.11, <0.12", features = ["json"] } +reqwest = { version = ">=0.11, <0.12", features = [ + "json", +], default-features = false } rsa = ">=0.9.2, <0.10" schemars = { version = ">=0.8, <0.9", features = ["uuid1", "chrono"] } serde = { version = ">=1.0, <2.0", features = ["derive"] } From 9f3d675a6cf8f1de9da668c0516a04a753d754a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Garci=CC=81a?= Date: Fri, 1 Dec 2023 14:13:54 +0100 Subject: [PATCH 02/10] Update openapi template --- support/openapi-template/Cargo.mustache | 1 + 1 file changed, 1 insertion(+) diff --git a/support/openapi-template/Cargo.mustache b/support/openapi-template/Cargo.mustache index 38885cb6f..3b89aa079 100644 --- a/support/openapi-template/Cargo.mustache +++ b/support/openapi-template/Cargo.mustache @@ -27,6 +27,7 @@ reqwest = "~0.9" [dependencies.reqwest] version = "^0.11" features = ["json", "multipart"] +default-features = false {{/supportAsync}} {{/reqwest}} {{#withAWSV4Signature}} From c70793cfa982d1e99f44e5993b526f6d4d7f8d72 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Garci=CC=81a?= Date: Wed, 13 Dec 2023 14:04:43 +0100 Subject: [PATCH 03/10] Use rustls everywhere but windows --- Cargo.lock | 28 ++++++++-------------------- crates/bitwarden-json/Cargo.toml | 6 ------ crates/bitwarden-py/Cargo.toml | 1 - crates/bitwarden-uniffi/Cargo.toml | 3 --- crates/bitwarden/Cargo.toml | 19 ++++++++++++++----- crates/bws/Cargo.toml | 3 --- crates/bws/Cross.toml | 6 ------ 7 files changed, 22 insertions(+), 44 deletions(-) delete mode 100644 crates/bws/Cross.toml diff --git a/Cargo.lock b/Cargo.lock index 5979a2bd5..60691a280 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -447,7 +447,6 @@ dependencies = [ "bitwarden", "chrono", "env_logger", - "openssl", "schemars", "uniffi", ] @@ -539,7 +538,6 @@ dependencies = [ "directories", "env_logger", "log", - "openssl", "regex", "serde", "serde_json", @@ -2072,9 +2070,9 @@ dependencies = [ [[package]] name = "openssl" -version = "0.10.59" +version = "0.10.61" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7a257ad03cd8fb16ad4172fedf8094451e1af1c4b70097636ef2eac9a5f0cc33" +checksum = "6b8419dc8cc6d866deb801274bba2e6f8f6108c1bb7fcc10ee5ab864931dbb45" dependencies = [ "bitflags 2.4.1", "cfg-if", @@ -2102,24 +2100,14 @@ version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" -[[package]] -name = "openssl-src" -version = "300.1.6+3.1.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "439fac53e092cd7442a3660c85dde4643ab3b5bd39040912388dcdabf6b88085" -dependencies = [ - "cc", -] - [[package]] name = "openssl-sys" -version = "0.9.95" +version = "0.9.97" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "40a4130519a360279579c2053038317e40eff64d13fd3f004f9e1b72b8a6aaf9" +checksum = "c3eaad34cdd97d81de97964fc7f29e2d104f483840d906ef56daa1912338460b" dependencies = [ "cc", "libc", - "openssl-src", "pkg-config", "vcpkg", ] @@ -2618,9 +2606,9 @@ dependencies = [ [[package]] name = "ring" -version = "0.17.6" +version = "0.17.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "684d5e6e18f669ccebf64a92236bb7db9a34f07be010e3627368182027180866" +checksum = "688c63d65483050968b2a8937f7995f443e27041a0f7700aa59b0822aedebb74" dependencies = [ "cc", "getrandom 0.2.11", @@ -2671,9 +2659,9 @@ dependencies = [ [[package]] name = "rustls" -version = "0.21.9" +version = "0.21.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "629648aced5775d558af50b2b4c7b02983a04b312126d45eeead26e7caa498b9" +checksum = "f9d5a6813c0759e4609cd494e8e725babae6a2ca7b62a5536a13daaec6fcb7ba" dependencies = [ "log", "ring", diff --git a/crates/bitwarden-json/Cargo.toml b/crates/bitwarden-json/Cargo.toml index ca8f5c7e1..13598eeae 100644 --- a/crates/bitwarden-json/Cargo.toml +++ b/crates/bitwarden-json/Cargo.toml @@ -14,15 +14,9 @@ edition = "2021" rust-version = "1.57" [features] -default = ["use_native_tls"] - internal = ["bitwarden/internal"] # Internal testing methods secrets = ["bitwarden/secrets"] # Secrets manager API -# TLS backend selection -use_native_tls = ["bitwarden/use_native_tls"] -use_rustls = ["bitwarden/use_rustls"] - [dependencies] log = ">=0.4.18, <0.5" schemars = ">=0.8.12, <0.9" diff --git a/crates/bitwarden-py/Cargo.toml b/crates/bitwarden-py/Cargo.toml index d40c1f7bc..41783c6f5 100644 --- a/crates/bitwarden-py/Cargo.toml +++ b/crates/bitwarden-py/Cargo.toml @@ -14,7 +14,6 @@ pyo3-log = "0.9.0" bitwarden-json = { path = "../bitwarden-json", features = [ "secrets", - "use_rustls", ], default-features = false } [build-dependencies] diff --git a/crates/bitwarden-uniffi/Cargo.toml b/crates/bitwarden-uniffi/Cargo.toml index c1a47ea29..de927319d 100644 --- a/crates/bitwarden-uniffi/Cargo.toml +++ b/crates/bitwarden-uniffi/Cargo.toml @@ -25,6 +25,3 @@ bitwarden = { path = "../bitwarden", features = ["mobile", "internal"] } [build-dependencies] uniffi = { version = "=0.25.2", features = ["build"] } - -[target.'cfg(any(target_os = "android", target_os = "ios"))'.dependencies] -openssl = { version = "0.10", features = ["vendored"] } diff --git a/crates/bitwarden/Cargo.toml b/crates/bitwarden/Cargo.toml index b65def061..ea2091257 100644 --- a/crates/bitwarden/Cargo.toml +++ b/crates/bitwarden/Cargo.toml @@ -13,16 +13,12 @@ edition = "2021" rust-version = "1.57" [features] -default = ["secrets", "use_native_tls"] +default = ["secrets"] secrets = [] # Secrets manager API internal = [] # Internal testing methods mobile = ["uniffi", "internal"] # Mobile-specific features -# TLS backend selection -use_native_tls = ["reqwest/native-tls"] -use_rustls = ["reqwest/rustls-tls"] - [dependencies] aes = ">=0.8.2, <0.9" argon2 = { version = ">=0.5.0, <0.6", features = [ @@ -63,6 +59,19 @@ thiserror = ">=1.0.40, <2.0" uniffi = { version = "=0.25.2", optional = true } uuid = { version = ">=1.3.3, <2.0", features = ["serde"] } +[target.'cfg(not(windows))'.dependencies] +# On non-windows platforms, we use rustls as the TLS stack, and for the moment we include webpki-roots to provide a default set of root certificates +# Ultimately we want to use the system root certificates, but native-roots doesn't support mobile platforms yet, and rustls-platform-verifier is very new +# and still going through some major changes. +reqwest = { version = "*", features = [ + "rustls-tls-webpki-roots", +], default-features = false } + +[target.'cfg(windows)'.dependencies] +# In the case of windows, we force the use of the native Windows TLS stack (scchannel) which helps with some cross-compilation issues +# This should use Windows APIs for certificate validation and so it would support user-installed certs +reqwest = { version = "*", features = ["native-tls"], default-features = false } + [dev-dependencies] rand_chacha = "0.3.1" tokio = { version = "1.34.0", features = ["rt", "macros"] } diff --git a/crates/bws/Cargo.toml b/crates/bws/Cargo.toml index 95dbef003..a57ea1e3c 100644 --- a/crates/bws/Cargo.toml +++ b/crates/bws/Cargo.toml @@ -44,6 +44,3 @@ bitwarden = { path = "../bitwarden", version = "0.3.1", features = ["secrets"] } [dev-dependencies] tempfile = "3.8.1" - -[target.'cfg(target_os = "linux")'.dependencies] -openssl = { version = "0.10", features = ["vendored"] } diff --git a/crates/bws/Cross.toml b/crates/bws/Cross.toml deleted file mode 100644 index 79b22e7f8..000000000 --- a/crates/bws/Cross.toml +++ /dev/null @@ -1,6 +0,0 @@ -# Install OpenSSL -[target.aarch64-unknown-linux-gnu] -pre-build = [ - "dpkg --add-architecture $CROSS_DEB_ARCH", - "apt-get update && apt-get install --assume-yes libssl-dev:$CROSS_DEB_ARCH", -] From ad77e7b0eccdf5e80206bc7b848a68b3c795ce9a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Garci=CC=81a?= Date: Wed, 13 Dec 2023 14:06:53 +0100 Subject: [PATCH 04/10] Remove unneeded no-default-features --- crates/bitwarden-json/Cargo.toml | 2 +- crates/bitwarden-py/Cargo.toml | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/crates/bitwarden-json/Cargo.toml b/crates/bitwarden-json/Cargo.toml index 13598eeae..f7c0fd58d 100644 --- a/crates/bitwarden-json/Cargo.toml +++ b/crates/bitwarden-json/Cargo.toml @@ -23,4 +23,4 @@ schemars = ">=0.8.12, <0.9" serde = { version = ">=1.0, <2.0", features = ["derive"] } serde_json = ">=1.0.96, <2.0" -bitwarden = { path = "../bitwarden", default-features = false } +bitwarden = { path = "../bitwarden" } diff --git a/crates/bitwarden-py/Cargo.toml b/crates/bitwarden-py/Cargo.toml index 4ab7f5a9e..3a7c5ca58 100644 --- a/crates/bitwarden-py/Cargo.toml +++ b/crates/bitwarden-py/Cargo.toml @@ -12,9 +12,7 @@ crate-type = ["cdylib"] pyo3 = { version = "0.20.0", features = ["extension-module"] } pyo3-log = "0.9.0" -bitwarden-json = { path = "../bitwarden-json", features = [ - "secrets", -], default-features = false } +bitwarden-json = { path = "../bitwarden-json", features = ["secrets"] } [build-dependencies] pyo3-build-config = { version = "0.20.0" } From ba81eb1a8ae29f63c247bd7ed0d074a501e3caa2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Garci=CC=81a?= Date: Wed, 13 Dec 2023 14:42:29 +0100 Subject: [PATCH 05/10] Enable cargo about workaround for ring, and add license to accepted --- about.toml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/about.toml b/about.toml index 2ed67c7cc..bd56148af 100644 --- a/about.toml +++ b/about.toml @@ -8,4 +8,9 @@ accepted = [ "MPL-2.0", "LGPL-3.0", "Unicode-DFS-2016", + "OpenSSL", ] + +# Ring has all the licenses combined into a single file, which causes cargo about to +# be confused about it. Thankfully it includes a workaround for this that we can enable. +workarounds = ["ring"] From 0c1e7df26a6598b74103ed472041ab10f169f6f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Garci=CC=81a?= Date: Wed, 13 Dec 2023 15:24:01 +0100 Subject: [PATCH 06/10] Rust platform verifier for non-android --- Cargo.lock | 69 +++++++++++++++++++++++++++ crates/bitwarden/Cargo.toml | 16 +++++-- crates/bitwarden/src/client/client.rs | 12 +++-- 3 files changed, 88 insertions(+), 9 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index e7ef5923c..1a1ccb016 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -351,6 +351,7 @@ dependencies = [ "rand_chacha 0.3.1", "reqwest", "rsa", + "rustls-platform-verifier", "schemars", "serde", "serde_json", @@ -631,6 +632,12 @@ dependencies = [ "libc", ] +[[package]] +name = "cesu8" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6d43a04d8753f35258c91f8ec639f792891f748a1edbd759cf1dcea3382ad83c" + [[package]] name = "cfg-if" version = "1.0.0" @@ -756,6 +763,16 @@ version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "acbf1af155f9b9ef647e42cdc158db4b64a1b61f743629225fde6f3e0be2a7c7" +[[package]] +name = "combine" +version = "4.6.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "35ed6e9d84f0b51a7f52daf1c7d71dd136fd7a3f41a8462b8cdb8c78d920fad4" +dependencies = [ + "bytes", + "memchr", +] + [[package]] name = "comfy-table" version = "7.1.0" @@ -1691,6 +1708,26 @@ version = "1.0.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "af150ab688ff2122fcef229be89cb50dd66af9e01a4ff320cc137eecc9bacc38" +[[package]] +name = "jni" +version = "0.19.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c6df18c2e3db7e453d3c6ac5b3e9d5182664d28788126d39b91f2d1e22b017ec" +dependencies = [ + "cesu8", + "combine", + "jni-sys", + "log", + "thiserror", + "walkdir", +] + +[[package]] +name = "jni-sys" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8eaf4bc02d17cbdd7ff4c7438cafcdf7fb9a4613313ad11b4f8fefe7d3fa0130" + [[package]] name = "js-sys" version = "0.3.66" @@ -2684,6 +2721,18 @@ dependencies = [ "sct", ] +[[package]] +name = "rustls-native-certs" +version = "0.6.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a9aace74cb666635c918e9c12bc0d348266037aa8eb599b5cba565709a8dff00" +dependencies = [ + "openssl-probe", + "rustls-pemfile", + "schannel", + "security-framework", +] + [[package]] name = "rustls-pemfile" version = "1.0.4" @@ -2693,6 +2742,25 @@ dependencies = [ "base64 0.21.5", ] +[[package]] +name = "rustls-platform-verifier" +version = "0.1.0" +source = "git+https://github.com/rustls/rustls-platform-verifier/?rev=e4194174f2b4b235ed13fc057ce89b19894321e6#e4194174f2b4b235ed13fc057ce89b19894321e6" +dependencies = [ + "core-foundation", + "core-foundation-sys", + "jni", + "log", + "once_cell", + "rustls", + "rustls-native-certs", + "rustls-webpki", + "security-framework", + "security-framework-sys", + "webpki-roots", + "winapi", +] + [[package]] name = "rustls-webpki" version = "0.101.7" @@ -2831,6 +2899,7 @@ dependencies = [ "core-foundation", "core-foundation-sys", "libc", + "num-bigint", "security-framework-sys", ] diff --git a/crates/bitwarden/Cargo.toml b/crates/bitwarden/Cargo.toml index bc2c7848d..4f37d9359 100644 --- a/crates/bitwarden/Cargo.toml +++ b/crates/bitwarden/Cargo.toml @@ -62,15 +62,21 @@ thiserror = ">=1.0.40, <2.0" uniffi = { version = "=0.25.2", optional = true, features = ["tokio"] } uuid = { version = ">=1.3.3, <2.0", features = ["serde"] } -[target.'cfg(not(windows))'.dependencies] -# On non-windows platforms, we use rustls as the TLS stack, and for the moment we include webpki-roots to provide a default set of root certificates -# Ultimately we want to use the system root certificates, but native-roots doesn't support mobile platforms yet, and rustls-platform-verifier is very new -# and still going through some major changes. +[target.'cfg(all(not(target_os = "windows"), not(target_os = "android")))'.dependencies] +# On non-windows/android platforms, we use rustls as the TLS stack, and rust-platform-verifier to support user-installed root certificates +reqwest = { version = "*", features = [ + "rustls-tls-manual-roots", +], default-features = false } +rustls-platform-verifier = { git = "https://github.com/rustls/rustls-platform-verifier/", rev = "e4194174f2b4b235ed13fc057ce89b19894321e6" } + +[target.'cfg(target_os = "android")'.dependencies] +# On android, the use of rustls-platform-verifier is more complicated and going through some changes at the moment, so we fall back to using webpki-roots +# This means that for the moment android won't support self-signed certificates, even if they are included in the OS trust store reqwest = { version = "*", features = [ "rustls-tls-webpki-roots", ], default-features = false } -[target.'cfg(windows)'.dependencies] +[target.'cfg(target_os = "windows")'.dependencies] # In the case of windows, we force the use of the native Windows TLS stack (scchannel) which helps with some cross-compilation issues # This should use Windows APIs for certificate validation and so it would support user-installed certs reqwest = { version = "*", features = ["native-tls"], default-features = false } diff --git a/crates/bitwarden/src/client/client.rs b/crates/bitwarden/src/client/client.rs index 0c69ba917..9c1a3d2af 100644 --- a/crates/bitwarden/src/client/client.rs +++ b/crates/bitwarden/src/client/client.rs @@ -86,10 +86,14 @@ impl Client { let headers = header::HeaderMap::new(); - let client = reqwest::Client::builder() - .default_headers(headers) - .build() - .unwrap(); + let mut client_builder = reqwest::Client::builder().default_headers(headers); + #[cfg(all(not(target_os = "windows"), not(target_os = "android")))] + { + client_builder = + client_builder.use_preconfigured_tls(rustls_platform_verifier::tls_config()); + } + + let client = client_builder.build().unwrap(); let identity = bitwarden_api_identity::apis::configuration::Configuration { base_path: settings.identity_url, From 95b194c3d979832a83ade98daa13aedc9a6e339e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Garci=CC=81a?= Date: Wed, 13 Dec 2023 16:06:58 +0100 Subject: [PATCH 07/10] Filter out wasm --- crates/bitwarden/Cargo.toml | 8 ++++++-- crates/bitwarden/src/client/client.rs | 8 +++++++- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/crates/bitwarden/Cargo.toml b/crates/bitwarden/Cargo.toml index 4f37d9359..a866d1015 100644 --- a/crates/bitwarden/Cargo.toml +++ b/crates/bitwarden/Cargo.toml @@ -62,8 +62,12 @@ thiserror = ">=1.0.40, <2.0" uniffi = { version = "=0.25.2", optional = true, features = ["tokio"] } uuid = { version = ">=1.3.3, <2.0", features = ["serde"] } -[target.'cfg(all(not(target_os = "windows"), not(target_os = "android")))'.dependencies] -# On non-windows/android platforms, we use rustls as the TLS stack, and rust-platform-verifier to support user-installed root certificates +[target.'cfg(all(not(target_os = "windows"), not(target_os = "android"), not(target_arch="wasm32")))'.dependencies] +# By default, we use rustls as the TLS stack and rust-platform-verifier to support user-installed root certificates +# There are a few exceptions to this: +# - Windows uses the native TLS stack +# - WASM doesn't require a TLS stack, as it just uses the browsers/node fetch +# - Android uses webpki-roots for the moment reqwest = { version = "*", features = [ "rustls-tls-manual-roots", ], default-features = false } diff --git a/crates/bitwarden/src/client/client.rs b/crates/bitwarden/src/client/client.rs index 9c1a3d2af..8dda74301 100644 --- a/crates/bitwarden/src/client/client.rs +++ b/crates/bitwarden/src/client/client.rs @@ -86,8 +86,14 @@ impl Client { let headers = header::HeaderMap::new(); + #[allow(unused_mut)] let mut client_builder = reqwest::Client::builder().default_headers(headers); - #[cfg(all(not(target_os = "windows"), not(target_os = "android")))] + + #[cfg(all( + not(target_os = "windows"), + not(target_os = "android"), + not(target_arch = "wasm32") + ))] { client_builder = client_builder.use_preconfigured_tls(rustls_platform_verifier::tls_config()); From b20976eb5a568ead7a6659fb4fa88523d522d5fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Garci=CC=81a?= Date: Thu, 14 Dec 2023 15:43:32 +0100 Subject: [PATCH 08/10] Remove windows special case for now --- Cargo.lock | 103 -------------------------- crates/bitwarden/Cargo.toml | 8 +- crates/bitwarden/src/client/client.rs | 6 +- 3 files changed, 2 insertions(+), 115 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 1a1ccb016..0cc674fd8 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1155,21 +1155,6 @@ version = "1.0.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" -[[package]] -name = "foreign-types" -version = "0.3.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1" -dependencies = [ - "foreign-types-shared", -] - -[[package]] -name = "foreign-types-shared" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" - [[package]] name = "form_urlencoded" version = "1.2.1" @@ -1550,19 +1535,6 @@ dependencies = [ "tokio-rustls", ] -[[package]] -name = "hyper-tls" -version = "0.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d6183ddfa99b85da61a140bea0efc93fdf56ceaa041b37d553518030827f9905" -dependencies = [ - "bytes", - "hyper", - "native-tls", - "tokio", - "tokio-native-tls", -] - [[package]] name = "iana-time-zone" version = "0.1.58" @@ -1949,24 +1921,6 @@ dependencies = [ "libloading", ] -[[package]] -name = "native-tls" -version = "0.2.11" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "07226173c32f2926027b63cce4bcd8076c3552846cbe7925f3aaffeac0a3b92e" -dependencies = [ - "lazy_static", - "libc", - "log", - "openssl", - "openssl-probe", - "openssl-sys", - "schannel", - "security-framework", - "security-framework-sys", - "tempfile", -] - [[package]] name = "newline-converter" version = "0.2.2" @@ -2120,50 +2074,12 @@ dependencies = [ "pkg-config", ] -[[package]] -name = "openssl" -version = "0.10.61" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6b8419dc8cc6d866deb801274bba2e6f8f6108c1bb7fcc10ee5ab864931dbb45" -dependencies = [ - "bitflags 2.4.1", - "cfg-if", - "foreign-types", - "libc", - "once_cell", - "openssl-macros", - "openssl-sys", -] - -[[package]] -name = "openssl-macros" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" -dependencies = [ - "proc-macro2", - "quote", - "syn 2.0.39", -] - [[package]] name = "openssl-probe" version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" -[[package]] -name = "openssl-sys" -version = "0.9.97" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c3eaad34cdd97d81de97964fc7f29e2d104f483840d906ef56daa1912338460b" -dependencies = [ - "cc", - "libc", - "pkg-config", - "vcpkg", -] - [[package]] name = "option-ext" version = "0.2.0" @@ -2613,13 +2529,11 @@ dependencies = [ "http-body", "hyper", "hyper-rustls", - "hyper-tls", "ipnet", "js-sys", "log", "mime", "mime_guess", - "native-tls", "once_cell", "percent-encoding", "pin-project-lite", @@ -2630,7 +2544,6 @@ dependencies = [ "serde_urlencoded", "system-configuration", "tokio", - "tokio-native-tls", "tokio-rustls", "tower-service", "url", @@ -3427,16 +3340,6 @@ dependencies = [ "syn 2.0.39", ] -[[package]] -name = "tokio-native-tls" -version = "0.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bbae76ab933c85776efabc971569dd6119c580d8f5d448769dec1764bf796ef2" -dependencies = [ - "native-tls", - "tokio", -] - [[package]] name = "tokio-rustls" version = "0.24.1" @@ -3825,12 +3728,6 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "830b7e5d4d90034032940e4ace0d9a9a057e7a45cd94e6c007832e39edb82f6d" -[[package]] -name = "vcpkg" -version = "0.2.15" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426" - [[package]] name = "version_check" version = "0.9.4" diff --git a/crates/bitwarden/Cargo.toml b/crates/bitwarden/Cargo.toml index a866d1015..2771395d5 100644 --- a/crates/bitwarden/Cargo.toml +++ b/crates/bitwarden/Cargo.toml @@ -62,10 +62,9 @@ thiserror = ">=1.0.40, <2.0" uniffi = { version = "=0.25.2", optional = true, features = ["tokio"] } uuid = { version = ">=1.3.3, <2.0", features = ["serde"] } -[target.'cfg(all(not(target_os = "windows"), not(target_os = "android"), not(target_arch="wasm32")))'.dependencies] +[target.'cfg(all(not(target_os = "android"), not(target_arch="wasm32")))'.dependencies] # By default, we use rustls as the TLS stack and rust-platform-verifier to support user-installed root certificates # There are a few exceptions to this: -# - Windows uses the native TLS stack # - WASM doesn't require a TLS stack, as it just uses the browsers/node fetch # - Android uses webpki-roots for the moment reqwest = { version = "*", features = [ @@ -80,11 +79,6 @@ reqwest = { version = "*", features = [ "rustls-tls-webpki-roots", ], default-features = false } -[target.'cfg(target_os = "windows")'.dependencies] -# In the case of windows, we force the use of the native Windows TLS stack (scchannel) which helps with some cross-compilation issues -# This should use Windows APIs for certificate validation and so it would support user-installed certs -reqwest = { version = "*", features = ["native-tls"], default-features = false } - [dev-dependencies] rand_chacha = "0.3.1" tokio = { version = "1.35.0", features = ["rt", "macros"] } diff --git a/crates/bitwarden/src/client/client.rs b/crates/bitwarden/src/client/client.rs index 8dda74301..ca69cbd6f 100644 --- a/crates/bitwarden/src/client/client.rs +++ b/crates/bitwarden/src/client/client.rs @@ -89,11 +89,7 @@ impl Client { #[allow(unused_mut)] let mut client_builder = reqwest::Client::builder().default_headers(headers); - #[cfg(all( - not(target_os = "windows"), - not(target_os = "android"), - not(target_arch = "wasm32") - ))] + #[cfg(all(not(target_os = "android"), not(target_arch = "wasm32")))] { client_builder = client_builder.use_preconfigured_tls(rustls_platform_verifier::tls_config()); From 38f8e5691f1d4c2fadaaea44e69acc03bee8b25d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Garci=CC=81a?= Date: Mon, 8 Jan 2024 14:43:44 +0100 Subject: [PATCH 09/10] Use crates.io version of rustls-platform-verifier --- Cargo.lock | 10 +++++++++- crates/bitwarden/Cargo.toml | 2 +- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 0cc674fd8..ae2fac74f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2658,7 +2658,8 @@ dependencies = [ [[package]] name = "rustls-platform-verifier" version = "0.1.0" -source = "git+https://github.com/rustls/rustls-platform-verifier/?rev=e4194174f2b4b235ed13fc057ce89b19894321e6#e4194174f2b4b235ed13fc057ce89b19894321e6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c573e165e19be8c9fc0264ee041d66292d4ee0439949af61d71fa747bf5df082" dependencies = [ "core-foundation", "core-foundation-sys", @@ -2667,6 +2668,7 @@ dependencies = [ "once_cell", "rustls", "rustls-native-certs", + "rustls-platform-verifier-android", "rustls-webpki", "security-framework", "security-framework-sys", @@ -2674,6 +2676,12 @@ dependencies = [ "winapi", ] +[[package]] +name = "rustls-platform-verifier-android" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "84e217e7fdc8466b5b35d30f8c0a30febd29173df4a3a0c2115d306b9c4117ad" + [[package]] name = "rustls-webpki" version = "0.101.7" diff --git a/crates/bitwarden/Cargo.toml b/crates/bitwarden/Cargo.toml index 2771395d5..72292e59c 100644 --- a/crates/bitwarden/Cargo.toml +++ b/crates/bitwarden/Cargo.toml @@ -70,7 +70,7 @@ uuid = { version = ">=1.3.3, <2.0", features = ["serde"] } reqwest = { version = "*", features = [ "rustls-tls-manual-roots", ], default-features = false } -rustls-platform-verifier = { git = "https://github.com/rustls/rustls-platform-verifier/", rev = "e4194174f2b4b235ed13fc057ce89b19894321e6" } +rustls-platform-verifier = "0.1.0" [target.'cfg(target_os = "android")'.dependencies] # On android, the use of rustls-platform-verifier is more complicated and going through some changes at the moment, so we fall back to using webpki-roots From 02730b181b78468b7035820399efbabc582333f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Garci=CC=81a?= Date: Mon, 8 Jan 2024 17:32:08 +0100 Subject: [PATCH 10/10] Update changelog --- crates/bitwarden/CHANGELOG.md | 4 ++++ crates/bws/CHANGELOG.md | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/crates/bitwarden/CHANGELOG.md b/crates/bitwarden/CHANGELOG.md index b4a57cde1..ff47c19d8 100644 --- a/crates/bitwarden/CHANGELOG.md +++ b/crates/bitwarden/CHANGELOG.md @@ -7,6 +7,10 @@ adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [Unreleased] +### Changed + +- Switched TLS backend to `rustls`, removing the dependency on `OpenSSL`. + ## [0.4.0] - 2023-12-21 ### Added diff --git a/crates/bws/CHANGELOG.md b/crates/bws/CHANGELOG.md index 007639800..d5ba27061 100644 --- a/crates/bws/CHANGELOG.md +++ b/crates/bws/CHANGELOG.md @@ -7,6 +7,10 @@ adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [Unreleased] +### Changed + +- Switched TLS backend to `rustls`, removing the dependency on `OpenSSL`. + ## [0.4.0] - 2023-12-21 ### Added