Migrate webauthn-rs-demo to OpenSSL

Question

Migrate webauthn-rs-demo to OpenSSL

Closed this issue a year ago · 0 comments

Is your feature request related to a problem? Please describe.

At the moment, webauthn-rs-demo depends on rustls, which depends on ring 0.16 (which is outdated). ring v0.16 has a lot of issues with cross-compiling, and flat-out won't build on aarch64-pc-windows-msvc (and builds it with a HostX86 toolchain!):

PS C:\Users\michael\Documents\dev\webauthn-rs> cargo build
[...]
   Compiling ring v0.16.20
error: failed to run custom build command for `ring v0.16.20`

Caused by:
  process didn't exit successfully: `C:\Users\michael\Documents\dev\webauthn-rs\target\debug\build\ring-eaa32766ac89f048\build-script-build` (exit code: 101)
  --- stdout
  OPT_LEVEL = Some("0")
  TARGET = Some("aarch64-pc-windows-msvc")
  HOST = Some("aarch64-pc-windows-msvc")
  cargo:rerun-if-env-changed=CC_aarch64-pc-windows-msvc
  CC_aarch64-pc-windows-msvc = None
  cargo:rerun-if-env-changed=CC_aarch64_pc_windows_msvc
  CC_aarch64_pc_windows_msvc = None
  cargo:rerun-if-env-changed=HOST_CC
  HOST_CC = None
  cargo:rerun-if-env-changed=CC
  CC = None
  cargo:rerun-if-env-changed=CFLAGS_aarch64-pc-windows-msvc
  CFLAGS_aarch64-pc-windows-msvc = None
  cargo:rerun-if-env-changed=CFLAGS_aarch64_pc_windows_msvc
  CFLAGS_aarch64_pc_windows_msvc = None
  cargo:rerun-if-env-changed=HOST_CFLAGS
  HOST_CFLAGS = None
  cargo:rerun-if-env-changed=CFLAGS
  CFLAGS = None
  cargo:rerun-if-env-changed=CRATE_CC_NO_DEFAULTS
  CRATE_CC_NO_DEFAULTS = None
  CARGO_CFG_TARGET_FEATURE = Some("neon")
  DEBUG = Some("true")
  montgomery.c
  C:\Users\michael\.cargo\registry\src\index.crates.io-6f17d22bba15001f\ring-0.16.20\crypto\fipsmodule\bn\internal.h(191): error C2065: 'BN_ULLONG': undeclared identifier
  C:\Users\michael\.cargo\registry\src\index.crates.io-6f17d22bba15001f\ring-0.16.20\crypto\fipsmodule\bn\internal.h(191): error C2146: syntax error: missing ';' before identifier 'result'
  C:\Users\michael\.cargo\registry\src\index.crates.io-6f17d22bba15001f\ring-0.16.20\crypto\fipsmodule\bn\internal.h(191): warning C4555: result of expression not used
  C:\Users\michael\.cargo\registry\src\index.crates.io-6f17d22bba15001f\ring-0.16.20\crypto\fipsmodule\bn\internal.h(191): error C2065: 'result': undeclared identifier
  C:\Users\michael\.cargo\registry\src\index.crates.io-6f17d22bba15001f\ring-0.16.20\crypto\fipsmodule\bn\internal.h(191): error C2146: syntax error: missing ';' before identifier 'a'
  C:\Users\michael\.cargo\registry\src\index.crates.io-6f17d22bba15001f\ring-0.16.20\crypto\fipsmodule\bn\internal.h(191): warning C4552: '*': result of expression not used
  C:\Users\michael\.cargo\registry\src\index.crates.io-6f17d22bba15001f\ring-0.16.20\crypto\fipsmodule\bn\internal.h(192): error C2065: 'result': undeclared identifier
  C:\Users\michael\.cargo\registry\src\index.crates.io-6f17d22bba15001f\ring-0.16.20\crypto\fipsmodule\bn\internal.h(193): error C2065: 'result': undeclared identifier
  C:\Users\michael\.cargo\registry\src\index.crates.io-6f17d22bba15001f\ring-0.16.20\crypto\fipsmodule\bn\internal.h(193): warning C4293: '>>': shift count negative or too big, undefined behavior
  C:\Users\michael\.cargo\registry\src\index.crates.io-6f17d22bba15001f\ring-0.16.20\crypto\fipsmodule\bn\../../limbs/limbs.inl(38): warning C4163: '_addcarry_u64': not available as an intrinsic function
  C:\Users\michael\.cargo\registry\src\index.crates.io-6f17d22bba15001f\ring-0.16.20\crypto\fipsmodule\bn\../../limbs/limbs.inl(38): warning C4163: '_subborrow_u64': not available as an intrinsic function
  C:\Users\michael\.cargo\registry\src\index.crates.io-6f17d22bba15001f\ring-0.16.20\crypto\fipsmodule\bn\../../limbs/limbs.inl(62): warning C4013: '_addcarry_u64' undefined; assuming extern returning int
  C:\Users\michael\.cargo\registry\src\index.crates.io-6f17d22bba15001f\ring-0.16.20\crypto\fipsmodule\bn\../../limbs/limbs.inl(62): warning C4242: '=': conversion from 'int' to 'Carry', possible loss of data
  C:\Users\michael\.cargo\registry\src\index.crates.io-6f17d22bba15001f\ring-0.16.20\crypto\fipsmodule\bn\../../limbs/limbs.inl(76): warning C4242: '=': conversion from 'int' to 'Carry', possible loss of data
  C:\Users\michael\.cargo\registry\src\index.crates.io-6f17d22bba15001f\ring-0.16.20\crypto\fipsmodule\bn\../../limbs/limbs.inl(92): warning C4013: '_subborrow_u64' undefined; assuming extern returning int
  C:\Users\michael\.cargo\registry\src\index.crates.io-6f17d22bba15001f\ring-0.16.20\crypto\fipsmodule\bn\../../limbs/limbs.inl(92): warning C4242: '=': conversion from 'int' to 'Carry', possible loss of data
  C:\Users\michael\.cargo\registry\src\index.crates.io-6f17d22bba15001f\ring-0.16.20\crypto\fipsmodule\bn\../../limbs/limbs.inl(106): warning C4242: '=': conversion from 'int' to 'Carry', possible loss of data

  --- stderr
  running "C:\\Program Files\\Microsoft Visual Studio\\2022\\Preview\\VC\\Tools\\MSVC\\14.35.32019\\bin\\HostX86\\arm64\\cl.exe" "-nologo" "-MD" "-Z7" "-Brepro" "-I" "include" "-W4" "/GS" "/Gy" "/EHsc" "/GR-" "/Zc:wchar_t" "/Zc:forScope" "/Zc:inline" "/Zc:rvalueCast" "/sdl" "/Wall" "/wd4127" "/wd4464" "/wd4514" "/wd4710" "/wd4711" "/wd4820" "/wd5045" "/Od" "/RTCsu" "-DNDEBUG" "-c" "/FoC:\\Users\\michael\\Documents\\dev\\webauthn-rs\\target\\debug\\build\\ring-1b24f999817ab6d1\\out\\montgomery.obj" "crypto/fipsmodule/bn/montgomery.c"
  thread 'main' panicked at 'execution failed', C:\Users\michael\.cargo\registry\src\index.crates.io-6f17d22bba15001f\ring-0.16.20\build.rs:656:9
  note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
warning: build failed, waiting for other jobs to finish...

webauthn-rs-demo also depends on openssl to generate a self-signed certificate at start-up, so it effectively links two crypto libraries in.

Describe the solution you'd like

webauthn-rs-demo should migrate away from rustls to something which uses openssl instead.

Other webauthn-rs packages don't have any dependency on ring 0.16:

PS C:\Users\michael\Documents\dev\webauthn-rs> cargo tree -i ring
ring v0.16.20
├── rustls v0.19.1
│   ├── async-rustls v0.2.0
│   │   └── tide-rustls v0.3.0
│   │       └── webauthn-rs-demo v0.1.0 (C:\Users\michael\Documents\dev\webauthn-rs\compat_tester\webauthn-rs-demo)
│   ├── tide-rustls v0.3.0 (*)
│   └── webauthn-rs-demo v0.1.0 (C:\Users\michael\Documents\dev\webauthn-rs\compat_tester\webauthn-rs-demo)
├── sct v0.6.1
│   └── rustls v0.19.1 (*)
└── webpki v0.21.4
    ├── async-rustls v0.2.0 (*)
    └── rustls v0.19.1 (*)

Describe alternatives you've considered

#357

Additional context

Many issues have been resolved in ring v0.17, but this has only recently been published. This has required a huge effort by ring to migrate from winapi to windows-rs, and entirely rework their build setup.

That all said, having two crypto libraries for this demo isn't great, and the rest of this project uses OpenSSL.