Feature request : optionnaly use aws-lc-rs instead of ring

[nicolaspernoud]

Hello,

Thanks for this useful crate. A lot of the ecosystem seems to be moving from ring to aws-lc-rs as default cryptographic library (like https://github.com/rustls/rustls/blob/a2c21fe0509f634431e72bffe8803fca1f892d56/rustls/Cargo.toml#L31) . Maybe it would be nice to propose the alternative.

Best regards.

[Keats]

See https://github.com/Keats/jsonwebtoken/pull/377

It seems there are issues building it on Windows?

[nicolaspernoud]

Well, maybe the best would be to offer the choice between ring and aws-lc-rs, defaulting to ring on windows ?

[Keats]

I'd rather not have multiple backend if possible

[nicolaspernoud]

Understandable, but that seems to be the tendency in all the librairies switching from ring to aws-lc-rs... I guess that the alternative is to wait for aws-lc-rs to build properly on windows. Closing for now...

[GlenDC]

FWIW @Keats @nicolaspernoud made a fork where I replace ring with aws-lc-rs

https://crates.io/crates/jsonwebtoken-aws-lc

Having done the work I realized that it is really trivial for you to support both backends.

In pseudo code it would be as simple as:

// private: src/crypto.rs

#[not wasm and not windows and aws-lc-rs]
pub(crate) use aws_lc_rs::{...};

#[wasm or windows or not aws-lc-rs]
pub(crate) use ring::{...};

The ring API surface that you touch on with your library is 100% compatible with aws-lc-rs, so it would be as simple as using crate::crypto instead of ::ring in your codebase, and given this ring-compatibility is by design and the fact you do not really expose ring for anything important, it seems like a save thing to do?

Either way... didn't want to pressure you into anything. It is your project and crate @Keats so I fully respect whatever you wish to do with it. If you do like it I do not mind making a ticket and PR for it. Either way, without any pressure or demand I did want to unblock myself (and possibly others) as I needed this crate for several projects and this was still the only project using ring...

(I have nothing against ring btw... I actually like it. But the rustls ecosystem seems to have moved in favour of aws-lc-rs so like a good sheep I'm just following it in this instance... And Yes sure they allow to use ring, but it gets harder for deps of deps and deps of deps of deps, etc...)

[Keats]

I don't mind that switch too much if it's easy to build on Windows. Another thing to consider is https://github.com/Keats/jsonwebtoken/pull/318 which removes Ring entirely and uses rust-crypto crates instead. Easier to build and we can probably add EcDSA. It's definitely possible to support both of those backends, it just needs some work from someone to expose a facade API that can be used with aws-ls-rc and rust-crypto stuff. I would love a PR for it.

[GlenDC]

I can make it happen for sure, the PR that is. Would you want me to wait until #318 is done and merged by the ongoing people, or how do you see it?

[Keats]

I'm not sure what's the best way to go at it. #318 removes ring but we want to add a facade so maybe it could be done as starting a branch, merging that PR on it (squashing commits) and then adding the facade by taking back the ring code from master? Not sure, do as you see fit.

[GlenDC]

Ok going to open a PR now. Can we re-open this issue or you want to create a new issue with a different/updated scope? Even though seems pretty much like the feature that is requested above.

[artob]

Just to note, the most recent PR for this is #428 by @sulami

[dsykes16]

v10 introduced rust_crypto or aws_lc_rs feature support (#428), so I believe this is resolved. @Keats