Merge branch 'main' into kms-pkey-offload

.github/teams.yml

@@ -1,5 +1,4 @@
 s2n-core:
-  - '@toidiu'
   - '@lrstewart'
   - '@dougch'
   - '@goatgoose'

.github/workflows/ci_rust.yml

@@ -12,7 +12,10 @@ env:
   # Pin the nightly toolchain to prevent breakage.
   # This should be occasionally updated.
   RUST_NIGHTLY_TOOLCHAIN: nightly-2024-12-01
-  ROOT_PATH: bindings/rust
+  # Extended support MSRV
+  ROOT_PATH: bindings/rust/extended
+  # Standard support MSRV
+  STANDARD_PATH: bindings/rust/standard
   EXAMPLE_WORKSPACE: bindings/rust-examples
   PCAP_TEST_PATH: tests/pcap
 
@@ -49,6 +52,11 @@ jobs:
         working-directory: ${{env.ROOT_PATH}}
         run: cargo test
 
+      # Test the standard workspace
+      - name: Standard Workspace Tests
+        working-directory: ${{env.STANDARD_PATH}}
+        run: cargo test
+
       - name: "Feature Tests: Fingerprint, kTLS, QUIC, and PQ"
         working-directory: ${{env.ROOT_PATH}}
         # Test all features except for FIPS, which is tested separately.
@@ -59,7 +67,7 @@ jobs:
         run: cargo test --features unstable-renegotiate
 
       - name: Network-enabled integration tests
-        working-directory: ${{env.ROOT_PATH}}/integration
+        working-directory: ${{env.STANDARD_PATH}}/integration
         # no-default-features is used because network tests are hidden behind a
         # default "negative" feature. This is because we don't want network tests
         # invoked on the `cargo test --all-features` pattern.
@@ -83,7 +91,9 @@ jobs:
 
           cd ${{env.ROOT_PATH}}
           ./generate.sh
-          ldd target/debug/integration | grep libs2n.so
+          # Relative paths
+          cd ../../..
+          ldd ${{env.STANDARD_PATH}}/target/debug/integration | grep libs2n.so
 
   # our benchmark testing includes interop tests between s2n-tls, rustls, and
   # openssl
@@ -102,7 +112,7 @@ jobs:
         run: ${{env.ROOT_PATH}}/generate.sh --skip-tests
 
       - name: bench tests
-        working-directory: ${{env.ROOT_PATH}}/bench
+        working-directory: ${{env.STANDARD_PATH}}/bench
         run: cargo test
 
   s2n-tls-binding-examples:

.github/workflows/dependencies.yml

@@ -18,7 +18,7 @@ on:
     - cron: "0 18 * * *"
 
 env:
-  ROOT_PATH: bindings/rust
+  ROOT_PATH: bindings/rust/extended
 
 jobs:
   audit:

.github/workflows/regression_ci.yml

@@ -14,6 +14,9 @@ on:
     types: [checks_requested]
     branches: [main]
 
+env:
+  ROOT_PATH: bindings/rust/extended
+
 jobs:
   regression-test:
     runs-on: ubuntu-latest
@@ -54,7 +57,7 @@ jobs:
 
       # Generate bindings for main branch
       - name: Generate bindings (mainline)
-        run: ${{env.ROOT_PATH}}bindings/rust/generate.sh --skip-tests
+        run: ${{env.ROOT_PATH}}/generate.sh --skip-tests
 
       # Run performance tests using Valgrind for main branch
       - name: Run scalar performance test (mainline)
@@ -68,7 +71,7 @@ jobs:
 
       # Generate bindings for PR branch
       - name: Generate bindings (PR branch)
-        run: ${{env.ROOT_PATH}}bindings/rust/generate.sh --skip-tests
+        run: ${{env.ROOT_PATH}}/generate.sh --skip-tests
 
       # Run performance tests using Valgrind for PR branch
       - name: Run scalar performance test (PR branch)

CMakeLists.txt

@@ -246,7 +246,7 @@ if (COVERAGE)
     # on LLVM compilers. GCC would fail with "unrecognized compile options"
     # on -fprofile-instr-generate -fcoverage-mapping flags.
     if (NOT ${CMAKE_C_COMPILER_ID} MATCHES Clang)
-        message(FATAL_ERROR "This project requires clang for coverage support")
+        message(FATAL_ERROR "This project requires clang for coverage support. You are currently using " ${CMAKE_C_COMPILER_ID})
     endif()
     target_compile_options(${PROJECT_NAME} PUBLIC -fprofile-instr-generate -fcoverage-mapping)
     target_link_options(${PROJECT_NAME} PUBLIC -fprofile-instr-generate -fcoverage-mapping)
@@ -667,7 +667,6 @@ if (BUILD_TESTING)
     if(S2N_FUZZ_TEST)
         message(STATUS "Fuzz build enabled")
         set(SCRIPT_PATH "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz/runFuzzTest.sh")
-        set(BUILD_DIR_PATH "${CMAKE_CURRENT_SOURCE_DIR}/build")
         file(GLOB FUZZ_TEST_SRCS "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz/*.c")
 
         file(GLOB TESTLIB_SRC "tests/testlib/*.c")
@@ -684,18 +683,6 @@ if (BUILD_TESTING)
             set(FUZZ_TIMEOUT_SEC 60)
         endif()
 
-        if(DEFINED ENV{CORPUS_UPLOAD_LOC})
-            set(CORPUS_UPLOAD_LOC $ENV{CORPUS_UPLOAD_LOC})
-        else()
-            set(CORPUS_UPLOAD_LOC "none")
-        endif()
-
-        if(DEFINED ENV{ARTIFACT_UPLOAD_LOC})
-            set(ARTIFACT_UPLOAD_LOC $ENV{ARTIFACT_UPLOAD_LOC})
-        else()
-            set(ARTIFACT_UPLOAD_LOC "none")
-        endif()
-
         # Build LD_PRELOAD shared libraries
         file(GLOB LIBRARY_SRCS "${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz/LD_PRELOAD/*.c")
         foreach(SRC ${LIBRARY_SRCS})
@@ -729,9 +716,7 @@ if (BUILD_TESTING)
                     bash ${SCRIPT_PATH} 
                     ${TEST_NAME} 
                     ${FUZZ_TIMEOUT_SEC} 
-                    ${BUILD_DIR_PATH} 
-                    ${CORPUS_UPLOAD_LOC} 
-                    ${ARTIFACT_UPLOAD_LOC}
+                    ${CMAKE_CURRENT_SOURCE_DIR}
                 WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/tests/fuzz
             )
             set_property(TEST ${TEST_NAME} PROPERTY LABELS "fuzz")

bindings/README.md

@@ -0,0 +1,13 @@
+# s2n-tls rust workspaces
+
+### Rust
+
+Contains the bindings and other integrations, in two workspaces based on MSRV.
+
+### Rust Examples
+
+The current MSRV for the Rust Examples workspace is [stable](https://releases.rs/).
+
+
+
+

bindings/rust-examples/client-hello-config-resolution/Cargo.toml

@@ -8,6 +8,6 @@ edition.workspace = true
 
 [dependencies]
 clap = { version = "4", features = ["derive"] }
-s2n-tls = { path = "../../rust/s2n-tls" }
-s2n-tls-tokio = { path = "../../rust/s2n-tls-tokio" }
+s2n-tls = { path = "../../rust/extended/s2n-tls" }
+s2n-tls-tokio = { path = "../../rust/extended/s2n-tls-tokio" }
 tokio = { version = "1", features = ["full"] }

bindings/rust-examples/tokio-server-client/Cargo.toml

@@ -7,7 +7,7 @@ license.workspace = true
 edition.workspace = true
 
 [dependencies]
-s2n-tls = { path = "../../rust/s2n-tls" }
-s2n-tls-tokio = { path = "../../rust/s2n-tls-tokio" }
+s2n-tls = { path = "../../rust/extended/s2n-tls" }
+s2n-tls-tokio = { path = "../../rust/extended/s2n-tls-tokio" }
 tokio = { version = "1", features = ["full"] }
 clap = { version = "4", features = ["derive"] }

bindings/rust/README.md

@@ -1,4 +1,4 @@
-# s2n-tls rust bindings
+# s2n-tls Rust Bindings
 
 **NOTICE: These bindings are currently subject to change and should not be used without the expectation
 of future breakage.**
@@ -17,15 +17,21 @@ In order to generate rust bindings for s2n-tls, you need to have the following i
 Generating rust bindings can be accomplished by running the `generate.sh` script:
 
 ```
-$ ./bindings/rust/generate.sh
+$ ./bindings/rust/extended/generate.sh
 ```
 
 This script generates the low-level bindings in the crate `s2n-tls-sys`, which is used by the `s2n-tls` crate to provide higher-level bindings.
 See [s2n-tls-sys](https://github.com/aws/s2n-tls/blob/main/bindings/rust/s2n-tls-sys/README.md) for more information on `s2n-tls-sys` crate.
 
 ## Minimum Supported Rust Version (MSRV)
 
-`s2n-tls` will maintain a rolling MSRV (minimum supported rust version) policy of at least 6 months. The current s2n-quic version is not guaranteed to build on Rust versions earlier than the MSRV.
+There are two rust bindings workspaces that have different MSRV policies. Crates in `standard` maintain a rolling MSRV policy of at least 6 months. Crates in `extended` maintain an older MSRV for increased support.
 
-The current MSRV is [1.63.0][msrv-url].
+### Extended
+
+Crates in the `extended` workspace currently support an "extended" MSRV of [1.63.0](https://releases.rs/docs/1.63.0/). This is a temporary state. Customers must not rely on `s2n-tls` crates maintaining this level of stability. We expect to revert back to the mentioned standard policy shortly.
+
+### Standard
+
+We will maintain a rolling MSRV (minimum supported rust version) policy of at least 6 months. The current s2n-tls version is not guaranteed to build on Rust versions earlier than the MSRV.
 

bindings/rust/Cargo.toml → bindings/rust/extended/Cargo.toml

@@ -1,10 +1,8 @@
 [workspace]
 members = [
-    "integration",
     "s2n-tls",
     "s2n-tls-sys",
-    "s2n-tls-tokio",
-    "s2n-tls-hyper",
+    "s2n-tls-tokio"
 ]
 # generate can't be included in the workspace because of a bootstrapping problem
 # s2n-tls-sys/Cargo.toml (part of the workspace) is generated by

bindings/rust/extended/certs

@@ -0,0 +1 @@
+../certs

bindings/rust/generate.sh → bindings/rust/extended/generate.sh

@@ -16,21 +16,21 @@ mkdir -p s2n-tls-sys/src/features
 # we copy the C sources into the `lib` directory so they get published in the
 # actual crate artifact.
 cp -r \
-  ../../api \
-  ../../crypto \
-  ../../error \
-  ../../stuffer \
-  ../../tls \
-  ../../utils \
+  ../../../api \
+  ../../../crypto \
+  ../../../error \
+  ../../../stuffer \
+  ../../../tls \
+  ../../../utils \
   s2n-tls-sys/lib/
 
 cp -r \
-  ../../tests/features \
+  ../../../tests/features \
   s2n-tls-sys/lib/tests/
 
 cp -r \
-  ../../CMakeLists.txt \
-  ../../cmake \
+  ../../../CMakeLists.txt \
+  ../../../cmake \
   s2n-tls-sys/lib/
 
 # generate the bindings modules from the copied sources
@@ -52,7 +52,7 @@ cargo publish --dry-run --allow-dirty
 cargo publish --dry-run --allow-dirty --all-features
 popd
 
-pushd integration
+pushd ../standard/integration
 cargo run
 popd
 

bindings/rust/s2n-tls-sys/templates/Cargo.template → bindings/rust/extended/s2n-tls-sys/templates/Cargo.template

@@ -1,7 +1,7 @@
 [package]
 name = "s2n-tls-sys"
 description = "A C99 implementation of the TLS/SSL protocols"
-version = "0.3.8"
+version = "0.3.9"
 authors = ["AWS s2n"]
 edition = "2021"
 rust-version = "1.63.0"

bindings/rust/s2n-tls-tokio/Cargo.toml → bindings/rust/extended/s2n-tls-tokio/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "s2n-tls-tokio"
 description = "An implementation of TLS streams for Tokio built on top of s2n-tls"
-version = "0.3.8"
+version = "0.3.9"
 authors = ["AWS s2n"]
 edition = "2021"
 rust-version = "1.63.0"
@@ -15,7 +15,7 @@ default = []
 errno = { version = "0.3" }
 libc = { version = "0.2" }
 pin-project-lite = { version = "0.2" }
-s2n-tls = { version = "=0.3.8", path = "../s2n-tls" }
+s2n-tls = { version = "=0.3.9", path = "../s2n-tls" }
 tokio = { version = "1", features = ["net", "time"] }
 
 [dev-dependencies]

bindings/rust/s2n-tls/Cargo.toml → bindings/rust/extended/s2n-tls/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "s2n-tls"
 description = "A C99 implementation of the TLS/SSL protocols"
-version = "0.3.8"
+version = "0.3.9"
 authors = ["AWS s2n"]
 edition = "2021"
 rust-version = "1.63.0"
@@ -21,7 +21,7 @@ unstable-testing = []
 [dependencies]
 errno = { version = "0.3" }
 libc = "0.2"
-s2n-tls-sys = { version = "=0.3.8", path = "../s2n-tls-sys", features = ["internal"] }
+s2n-tls-sys = { version = "=0.3.9", path = "../s2n-tls-sys", features = ["internal"] }
 pin-project-lite = "0.2"
 hex = "0.4"
 

bindings/rust/s2n-tls/src/testing.rs → bindings/rust/extended/s2n-tls/src/testing.rs

@@ -97,7 +97,7 @@ impl Default for CertKeyPair {
 impl CertKeyPair {
     /// This is the directory holding all of the pems used for s2n-tls unit tests
     const TEST_PEMS_PATH: &'static str =
-        concat!(env!("CARGO_MANIFEST_DIR"), "/../../../tests/pems/");
+        concat!(env!("CARGO_MANIFEST_DIR"), "/../../../../tests/pems/");
 
     /// Create a test CertKeyPair
     /// * `prefix`: The *relative* prefix from the s2n-tls/tests/pems/ folder.

bindings/rust/standard/.gitignore

@@ -0,0 +1,2 @@
+target/
+Cargo.lock

bindings/rust/standard/Cargo.toml

@@ -0,0 +1,6 @@
+[workspace]
+members = [
+    "bench",
+    "integration",
+    "s2n-tls-hyper"
+]

bindings/rust/bench/Cargo.toml → bindings/rust/standard/bench/Cargo.toml

@@ -4,7 +4,7 @@ version = "0.1.0"
 edition = "2021"
 
 [dependencies]
-s2n-tls = { path = "../s2n-tls" }
+s2n-tls = { path = "../../extended/s2n-tls" }
 errno = "0.3"
 libc = "0.2"
 strum = { version = "0.25", features = ["derive"] }
@@ -14,7 +14,7 @@ openssl = { version = "0.10", features = ["vendored"] }
 
 [dev-dependencies]
 criterion = "0.5"
-pprof = { version = "0.12", features = ["criterion", "flamegraph"] }
+pprof = { version = "0.14", features = ["criterion", "flamegraph"] }
 # env_logger and log are used to enable logging for rustls, which can help with
 # debugging interop failures
 env_logger = "0.10"