diff --git a/Cargo.lock b/Cargo.lock index c5b8fc016a5b..28e349f9709f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -811,6 +811,33 @@ dependencies = [ "cc", ] +[[package]] +name = "aws-lc-rs" +version = "1.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2f95446d919226d587817a7d21379e6eb099b97b45110a7f272a444ca5c54070" +dependencies = [ + "aws-lc-sys", + "mirai-annotations", + "paste", + "zeroize", +] + +[[package]] +name = "aws-lc-sys" +version = "0.21.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5055edc4a9a1b2a917a818258cdfb86a535947feebd9981adc99667a062c6f85" +dependencies = [ + "bindgen", + "cc", + "cmake", + "dunce", + "fs_extra", + "libc", + "paste", +] + [[package]] name = "axum" version = "0.6.20" @@ -986,15 +1013,18 @@ dependencies = [ "bitflags 2.5.0", "cexpr", "clang-sys", - "itertools 0.12.1", + "itertools 0.10.5", "lazy_static", "lazycell", + "log", + "prettyplease", "proc-macro2", "quote", "regex", "rustc-hash 1.1.0", "shlex", "syn 2.0.66", + "which", ] [[package]] @@ -1236,9 +1266,9 @@ checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" [[package]] name = "bytes" -version = "1.6.0" +version = "1.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "514de17de45fdb8dc022b1a7975556c53c86f9f0aa5f534b98977b171857c2c9" +checksum = "8318a53db07bb3f8dca91a600466bdb3f2eaadeedfdbcf02e1accbad9271ba50" dependencies = [ "serde", ] @@ -1379,13 +1409,13 @@ dependencies = [ [[package]] name = "cc" -version = "1.0.99" +version = "1.1.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "96c51067fd44124faa7f870b4b1c969379ad32b2ba805aa959430ceaa384f695" +checksum = "45bcde016d64c21da4be18b655631e5ab6d3107607e71a73a9f53eb48aae23fb" dependencies = [ "jobserver", "libc", - "once_cell", + "shlex", ] [[package]] @@ -3515,6 +3545,12 @@ version = "1.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "75b325c5dbd37f80359721ad39aca5a29fb04c89279657cffdda8736d0c0b9d2" +[[package]] +name = "dunce" +version = "1.0.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813" + [[package]] name = "duration-str" version = "0.11.2" @@ -4073,6 +4109,12 @@ dependencies = [ "windows-sys 0.52.0", ] +[[package]] +name = "fs_extra" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c" + [[package]] name = "fsevent-sys" version = "4.1.0" @@ -4778,7 +4820,7 @@ dependencies = [ "httpdate", "itoa", "pin-project-lite", - "socket2 0.5.7", + "socket2 0.4.10", "tokio", "tower-service", "tracing", @@ -6391,6 +6433,12 @@ dependencies = [ "windows-sys 0.48.0", ] +[[package]] +name = "mirai-annotations" +version = "1.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c9be0862c1b3f26a88803c4a49de6889c10e608b3ee9344e6ef5b45fb37ad3d1" + [[package]] name = "mito2" version = "0.9.3" @@ -7141,17 +7189,17 @@ dependencies = [ [[package]] name = "opensrv-mysql" version = "0.7.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4148ab944991b0a33be74d2636a815268974578812a9e4cf7dc785325e858154" +source = "git+https://github.com/datafuselabs/opensrv?rev=6bbc3b65e6b19212c4f7fc4f40c20daf6f452deb#6bbc3b65e6b19212c4f7fc4f40c20daf6f452deb" dependencies = [ "async-trait", "byteorder", + "bytes", "chrono", "mysql_common 0.32.4", "nom", "pin-project-lite", "tokio", - "tokio-rustls 0.25.0", + "tokio-rustls 0.26.0", ] [[package]] @@ -7765,29 +7813,24 @@ dependencies = [ [[package]] name = "pgwire" -version = "0.20.0" +version = "0.22.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c00492c52bb65e0421211b7f4c5d9de7586e53786a3b244efb00f74851206bf6" +checksum = "3770f56e1e8a608c6de40011b9a00c6b669c14d121024411701b4bc3b2a5be99" dependencies = [ "async-trait", - "base64 0.22.1", "bytes", "chrono", "derive-new 0.6.0", "futures", "hex", - "log", "md5", "postgres-types", "rand", "ring 0.17.8", - "stringprep", "thiserror", - "time", "tokio", - "tokio-rustls 0.25.0", + "tokio-rustls 0.26.0", "tokio-util", - "x509-certificate", ] [[package]] @@ -8378,7 +8421,7 @@ checksum = "22505a5c94da8e3b7c2996394d1c933236c4d743e81a410bcca4e6989fc066a4" dependencies = [ "bytes", "heck 0.5.0", - "itertools 0.12.1", + "itertools 0.10.5", "log", "multimap", "once_cell", @@ -8430,7 +8473,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "81bddcdb20abf9501610992b6759a4c888aef7d1a7247ef75e2404275ac24af1" dependencies = [ "anyhow", - "itertools 0.12.1", + "itertools 0.10.5", "proc-macro2", "quote", "syn 2.0.66", @@ -8590,7 +8633,7 @@ dependencies = [ "indoc", "libc", "memoffset 0.9.1", - "parking_lot 0.12.3", + "parking_lot 0.11.2", "portable-atomic", "pyo3-build-config", "pyo3-ffi", @@ -9554,6 +9597,7 @@ version = "0.23.10" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "05cff451f60db80f490f3c182b77c35260baace73209e9cdbbe526bfe3a4d402" dependencies = [ + "aws-lc-rs", "log", "once_cell", "ring 0.17.8", @@ -9617,6 +9661,7 @@ version = "0.102.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ff448f7e92e913c4b7d4c6d8e4540a1724b319b4152b8aef6d4cf8339712b33e" dependencies = [ + "aws-lc-rs", "ring 0.17.8", "rustls-pki-types", "untrusted 0.9.0", @@ -10389,6 +10434,7 @@ dependencies = [ "arrow-schema", "async-trait", "auth", + "aws-lc-sys", "axum", "axum-macros", "base64 0.21.7", @@ -10453,7 +10499,7 @@ dependencies = [ "regex", "reqwest", "rust-embed", - "rustls 0.22.4", + "rustls 0.23.10", "rustls-pemfile 2.1.2", "rustls-pki-types", "schemars", @@ -10471,7 +10517,7 @@ dependencies = [ "tokio", "tokio-postgres", "tokio-postgres-rustls", - "tokio-rustls 0.25.0", + "tokio-rustls 0.26.0", "tokio-stream", "tokio-test", "tokio-util", @@ -12107,16 +12153,15 @@ dependencies = [ [[package]] name = "tokio-postgres-rustls" -version = "0.11.1" +version = "0.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0ea13f22eda7127c827983bdaf0d7fff9df21c8817bab02815ac277a21143677" +checksum = "04fb792ccd6bbcd4bba408eb8a292f70fc4a3589e5d793626f45190e6454b6ab" dependencies = [ - "futures", "ring 0.17.8", - "rustls 0.22.4", + "rustls 0.23.10", "tokio", "tokio-postgres", - "tokio-rustls 0.25.0", + "tokio-rustls 0.26.0", "x509-certificate", ] diff --git a/Cargo.toml b/Cargo.toml index d412bf7e978e..6a5d649a6ba6 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -99,7 +99,7 @@ base64 = "0.21" bigdecimal = "0.4.2" bitflags = "2.4.1" bytemuck = "1.12" -bytes = { version = "1.5", features = ["serde"] } +bytes = { version = "1.7", features = ["serde"] } chrono = { version = "0.4", features = ["serde"] } clap = { version = "4.4", features = ["derive"] } config = "0.13.0" diff --git a/src/cmd/src/bin/greptime.rs b/src/cmd/src/bin/greptime.rs index f36d0f1331f8..54659833fa15 100644 --- a/src/cmd/src/bin/greptime.rs +++ b/src/cmd/src/bin/greptime.rs @@ -15,10 +15,11 @@ #![doc = include_str!("../../../../README.md")] use clap::{Parser, Subcommand}; -use cmd::error::Result; +use cmd::error::{InitTlsProviderSnafu, Result}; use cmd::options::GlobalOptions; use cmd::{cli, datanode, flownode, frontend, metasrv, standalone, App}; use common_version::version; +use servers::install_ring_crypto_provider; #[derive(Parser)] #[command(name = "greptime", author, version, long_version = version(), about)] @@ -94,6 +95,7 @@ async fn main() -> Result<()> { async fn main_body() -> Result<()> { setup_human_panic(); + install_ring_crypto_provider().map_err(|msg| InitTlsProviderSnafu { msg }.build())?; start(Command::parse()).await } diff --git a/src/cmd/src/error.rs b/src/cmd/src/error.rs index 08c81c414c99..f042b48478d4 100644 --- a/src/cmd/src/error.rs +++ b/src/cmd/src/error.rs @@ -24,6 +24,12 @@ use snafu::{Location, Snafu}; #[snafu(visibility(pub))] #[stack_trace_debug] pub enum Error { + #[snafu(display("Failed to install ring crypto provider: {}", msg))] + InitTlsProvider { + #[snafu(implicit)] + location: Location, + msg: String, + }, #[snafu(display("Failed to create default catalog and schema"))] InitMetadata { #[snafu(implicit)] @@ -369,9 +375,10 @@ impl ErrorExt for Error { } Error::SubstraitEncodeLogicalPlan { source, .. } => source.status_code(), - Error::SerdeJson { .. } | Error::FileIo { .. } | Error::SpawnThread { .. } => { - StatusCode::Unexpected - } + Error::SerdeJson { .. } + | Error::FileIo { .. } + | Error::SpawnThread { .. } + | Error::InitTlsProvider { .. } => StatusCode::Unexpected, Error::Other { source, .. } => source.status_code(), diff --git a/src/servers/Cargo.toml b/src/servers/Cargo.toml index 626fdaa404c2..d088961e731c 100644 --- a/src/servers/Cargo.toml +++ b/src/servers/Cargo.toml @@ -65,10 +65,12 @@ notify.workspace = true object-pool = "0.5" once_cell.workspace = true openmetrics-parser = "0.4" -opensrv-mysql = "0.7.0" +# use crates.io version after current revision is merged in next release +# opensrv-mysql = "0.7.0" +opensrv-mysql = { git = "https://github.com/datafuselabs/opensrv", rev = "6bbc3b65e6b19212c4f7fc4f40c20daf6f452deb" } opentelemetry-proto.workspace = true parking_lot = "0.12" -pgwire = "0.20" +pgwire = { version = "0.22", default-features = false, features = ["server-api-ring"] } pin-project = "1.0" pipeline.workspace = true postgres-types = { version = "0.2", features = ["with-chrono-0_4", "with-serde_json-1"] } @@ -85,7 +87,7 @@ rand.workspace = true regex.workspace = true reqwest.workspace = true rust-embed = { version = "6.6", features = ["debug-embed"] } -rustls = "0.22" +rustls = { version = "0.23", default-features = false, features = ["ring", "logging", "std", "tls12"] } rustls-pemfile = "2.0" rustls-pki-types = "1.0" schemars.workspace = true @@ -98,7 +100,7 @@ sql.workspace = true strum.workspace = true table.workspace = true tokio.workspace = true -tokio-rustls = "0.25" +tokio-rustls = "0.26" tokio-stream = { workspace = true, features = ["net"] } tokio-util.workspace = true tonic.workspace = true @@ -130,12 +132,17 @@ session = { workspace = true, features = ["testing"] } table.workspace = true tempfile = "3.0.0" tokio-postgres = "0.7" -tokio-postgres-rustls = "0.11" +tokio-postgres-rustls = "0.12" tokio-test = "0.4" [target.'cfg(not(windows))'.dev-dependencies] pprof = { version = "0.13", features = ["criterion", "flamegraph"] } +[target.'cfg(windows)'.dependencies] +aws-lc-sys = { version = "0.21.0", features = [ + "prebuilt-nasm", +] } # use prebuilt nasm on windows per https://github.com/aws/aws-lc-rs/blob/main/aws-lc-sys/README.md#use-of-prebuilt-nasm-objects + [build-dependencies] common-version.workspace = true diff --git a/src/servers/src/lib.rs b/src/servers/src/lib.rs index a8f97877bdda..ff1af967fa2f 100644 --- a/src/servers/src/lib.rs +++ b/src/servers/src/lib.rs @@ -55,3 +55,19 @@ pub struct SqlPlan { plan: Option, schema: Option, } + +/// Install the ring crypto provider for rustls process-wide. see: +/// +/// https://docs.rs/rustls/latest/rustls/crypto/struct.CryptoProvider.html#using-the-per-process-default-cryptoprovider +/// +/// for more information. +pub fn install_ring_crypto_provider() -> Result<(), String> { + rustls::crypto::CryptoProvider::install_default(rustls::crypto::ring::default_provider()) + .map_err(|ret| { + format!( + "CryptoProvider already installed as: {:?}, but providing {:?}", + rustls::crypto::CryptoProvider::get_default(), + ret + ) + }) +} diff --git a/src/servers/src/tls.rs b/src/servers/src/tls.rs index b2b35505968f..70c2be5d9d31 100644 --- a/src/servers/src/tls.rs +++ b/src/servers/src/tls.rs @@ -239,6 +239,7 @@ pub fn maybe_watch_tls_config(tls_server_config: Arc) #[cfg(test)] mod tests { use super::*; + use crate::install_ring_crypto_provider; use crate::tls::TlsMode::Disable; #[test] @@ -392,6 +393,7 @@ mod tests { #[test] fn test_tls_file_change_watch() { common_telemetry::init_default_ut_logging(); + let _ = install_ring_crypto_provider(); let dir = tempfile::tempdir().unwrap(); let cert_path = dir.path().join("serevr.crt"); diff --git a/src/servers/tests/mysql/mysql_server_test.rs b/src/servers/tests/mysql/mysql_server_test.rs index e077409a62df..ba2cdbdab27d 100644 --- a/src/servers/tests/mysql/mysql_server_test.rs +++ b/src/servers/tests/mysql/mysql_server_test.rs @@ -28,6 +28,7 @@ use mysql_async::{Conn, Row, SslOpts}; use rand::rngs::StdRng; use rand::Rng; use servers::error::Result; +use servers::install_ring_crypto_provider; use servers::mysql::server::{MysqlServer, MysqlSpawnConfig, MysqlSpawnRef}; use servers::server::Server; use servers::tls::{ReloadableTlsServerConfig, TlsOption}; @@ -45,6 +46,7 @@ struct MysqlOpts<'a> { } fn create_mysql_server(table: TableRef, opts: MysqlOpts<'_>) -> Result> { + let _ = install_ring_crypto_provider(); let query_handler = create_testing_sql_query_handler(table); let io_runtime = RuntimeBuilder::default() .worker_threads(4) diff --git a/src/servers/tests/postgres/mod.rs b/src/servers/tests/postgres/mod.rs index ad135dd9d0c3..f3ff827db435 100644 --- a/src/servers/tests/postgres/mod.rs +++ b/src/servers/tests/postgres/mod.rs @@ -27,6 +27,7 @@ use rustls::client::danger::{ServerCertVerified, ServerCertVerifier}; use rustls::{Error, SignatureScheme}; use rustls_pki_types::{CertificateDer, ServerName}; use servers::error::Result; +use servers::install_ring_crypto_provider; use servers::postgres::PostgresServer; use servers::server::Server; use servers::tls::{ReloadableTlsServerConfig, TlsOption}; @@ -357,6 +358,8 @@ async fn test_extended_query() -> Result<()> { async fn start_test_server(server_tls: TlsOption) -> Result { common_telemetry::init_default_ut_logging(); + let _ = install_ring_crypto_provider(); + let table = MemTable::default_numbers_table(); let pg_server = create_postgres_server(table, false, server_tls, None)?; let listening = "127.0.0.1:0".parse::().unwrap();