From 6bc2de8e9bc57e935bfd9b81b1156791e770242d Mon Sep 17 00:00:00 2001 From: Jordan Gonzalez <30836115+duncanista@users.noreply.github.com> Date: Fri, 27 Mar 2026 17:10:43 -0400 Subject: [PATCH] feat(crypto): switch to ring for non-FIPS builds, bump libdatadog Switch the default crypto backend from aws-lc-rs to ring for non-FIPS builds, reducing the release binary size by ~15% (8.7MB -> 7.4MB on macOS arm64). FIPS builds continue to use aws-lc-rs via rustls/fips. - Bump libdatadog to 18a02650 (ring for non-FIPS) - Switch rustls features from aws-lc-rs to ring - Update crypto provider init to use ring::default_provider() - Adapt ObfuscationConfig to new nested struct API --- bottlecap/Cargo.lock | 169 +++++++++++++++--------- bottlecap/Cargo.toml | 14 +- bottlecap/LICENSE-3rdparty.csv | 4 + bottlecap/src/bin/bottlecap/main.rs | 18 ++- bottlecap/src/traces/http_client.rs | 6 +- bottlecap/src/traces/trace_processor.rs | 2 +- 6 files changed, 132 insertions(+), 81 deletions(-) diff --git a/bottlecap/Cargo.lock b/bottlecap/Cargo.lock index 14297c30e..ab8a04a0e 100644 --- a/bottlecap/Cargo.lock +++ b/bottlecap/Cargo.lock @@ -467,6 +467,12 @@ dependencies = [ "piper", ] +[[package]] +name = "borrow-or-share" +version = "0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dc0b364ead1874514c8c2855ab558056ebfeb775653e7ae45ff72f28f8f3166c" + [[package]] name = "bottlecap" version = "0.1.0" @@ -498,12 +504,12 @@ dependencies = [ "indexmap", "itertools 0.14.0", "lazy_static", - "libdd-common 1.1.0", - "libdd-trace-normalization 1.0.0", + "libdd-common 3.0.1", + "libdd-trace-normalization 1.0.3", "libdd-trace-obfuscation", - "libdd-trace-protobuf 1.0.0", - "libdd-trace-stats 1.0.0", - "libdd-trace-utils 1.0.0", + "libdd-trace-protobuf 3.0.0", + "libdd-trace-stats 1.0.4", + "libdd-trace-utils 3.0.0", "libddwaf", "log", "mime", @@ -1067,6 +1073,17 @@ dependencies = [ "num-traits", ] +[[package]] +name = "fluent-uri" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bc74ac4d8359ae70623506d512209619e5cf8f347124910440dbc221714b328e" +dependencies = [ + "borrow-or-share", + "ref-cast", + "serde", +] + [[package]] name = "fnv" version = "1.0.7" @@ -1855,8 +1872,9 @@ checksum = "b5b646652bf6661599e1da8901b3b9522896f01e736bad5f723fe7a3a27f899d" [[package]] name = "libdd-common" -version = "1.1.0" -source = "git+https://github.com/DataDog/libdatadog?rev=c8121f422d2c8d219f8d421ff3cdb1fcbe9e8b09#c8121f422d2c8d219f8d421ff3cdb1fcbe9e8b09" +version = "2.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e5593b91f61eee38cddc9fdcbc99c9fad697b5d925e226bd500d86b4295380b" dependencies = [ "anyhow", "bytes", @@ -1870,28 +1888,23 @@ dependencies = [ "http-body 1.0.1", "http-body-util", "hyper 1.8.1", - "hyper-rustls", "hyper-util", "libc", "nix 0.29.0", "pin-project", "regex", - "rustls", - "rustls-native-certs", "serde", "static_assertions", "thiserror 1.0.69", "tokio", - "tokio-rustls", "tower-service", "windows-sys 0.52.0", ] [[package]] name = "libdd-common" -version = "2.0.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1e5593b91f61eee38cddc9fdcbc99c9fad697b5d925e226bd500d86b4295380b" +version = "3.0.1" +source = "git+https://github.com/DataDog/libdatadog?rev=13b8202371d99753c0f84d20e2245a3cef917ddf#13b8202371d99753c0f84d20e2245a3cef917ddf" dependencies = [ "anyhow", "bytes", @@ -1905,15 +1918,19 @@ dependencies = [ "http-body 1.0.1", "http-body-util", "hyper 1.8.1", + "hyper-rustls", "hyper-util", "libc", "nix 0.29.0", "pin-project", "regex", + "rustls", + "rustls-native-certs", "serde", "static_assertions", "thiserror 1.0.69", "tokio", + "tokio-rustls", "tower-service", "windows-sys 0.52.0", ] @@ -1931,7 +1948,7 @@ dependencies = [ "http 1.4.0", "http-body-util", "libdd-common 2.0.1", - "libdd-ddsketch 1.0.1", + "libdd-ddsketch 1.0.1 (registry+https://github.com/rust-lang/crates.io-index)", "libdd-dogstatsd-client", "libdd-telemetry", "libdd-tinybytes 1.1.0 (registry+https://github.com/rust-lang/crates.io-index)", @@ -1950,8 +1967,9 @@ dependencies = [ [[package]] name = "libdd-ddsketch" -version = "1.0.0" -source = "git+https://github.com/DataDog/libdatadog?rev=c8121f422d2c8d219f8d421ff3cdb1fcbe9e8b09#c8121f422d2c8d219f8d421ff3cdb1fcbe9e8b09" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6b31b2435e2e8eaba0e35a96df3e1407b68f8ef76055383ceb2ba5a09e5a1bb5" dependencies = [ "prost 0.14.3", ] @@ -1959,8 +1977,7 @@ dependencies = [ [[package]] name = "libdd-ddsketch" version = "1.0.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6b31b2435e2e8eaba0e35a96df3e1407b68f8ef76055383ceb2ba5a09e5a1bb5" +source = "git+https://github.com/DataDog/libdatadog?rev=13b8202371d99753c0f84d20e2245a3cef917ddf#13b8202371d99753c0f84d20e2245a3cef917ddf" dependencies = [ "prost 0.14.3", ] @@ -1993,7 +2010,7 @@ dependencies = [ "http-body-util", "libc", "libdd-common 2.0.1", - "libdd-ddsketch 1.0.1", + "libdd-ddsketch 1.0.1 (registry+https://github.com/rust-lang/crates.io-index)", "serde", "serde_json", "sys-info", @@ -2016,51 +2033,52 @@ dependencies = [ [[package]] name = "libdd-tinybytes" version = "1.1.0" -source = "git+https://github.com/DataDog/libdatadog?rev=c8121f422d2c8d219f8d421ff3cdb1fcbe9e8b09#c8121f422d2c8d219f8d421ff3cdb1fcbe9e8b09" +source = "git+https://github.com/DataDog/libdatadog?rev=13b8202371d99753c0f84d20e2245a3cef917ddf#13b8202371d99753c0f84d20e2245a3cef917ddf" dependencies = [ "serde", ] [[package]] name = "libdd-trace-normalization" -version = "1.0.0" -source = "git+https://github.com/DataDog/libdatadog?rev=c8121f422d2c8d219f8d421ff3cdb1fcbe9e8b09#c8121f422d2c8d219f8d421ff3cdb1fcbe9e8b09" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a737b43f01d6a0cbd1399c5b89863a5d2663fe7b19bf1d3ea28048abab396353" dependencies = [ "anyhow", - "libdd-trace-protobuf 1.0.0", + "libdd-trace-protobuf 2.0.0", ] [[package]] name = "libdd-trace-normalization" -version = "1.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a737b43f01d6a0cbd1399c5b89863a5d2663fe7b19bf1d3ea28048abab396353" +version = "1.0.3" +source = "git+https://github.com/DataDog/libdatadog?rev=13b8202371d99753c0f84d20e2245a3cef917ddf#13b8202371d99753c0f84d20e2245a3cef917ddf" dependencies = [ "anyhow", - "libdd-trace-protobuf 2.0.0", + "libdd-trace-protobuf 3.0.0", ] [[package]] name = "libdd-trace-obfuscation" -version = "1.0.0" -source = "git+https://github.com/DataDog/libdatadog?rev=c8121f422d2c8d219f8d421ff3cdb1fcbe9e8b09#c8121f422d2c8d219f8d421ff3cdb1fcbe9e8b09" +version = "1.0.1" +source = "git+https://github.com/DataDog/libdatadog?rev=13b8202371d99753c0f84d20e2245a3cef917ddf#13b8202371d99753c0f84d20e2245a3cef917ddf" dependencies = [ "anyhow", - "libdd-common 1.1.0", - "libdd-trace-protobuf 1.0.0", - "libdd-trace-utils 1.0.0", + "fluent-uri", + "libdd-common 3.0.1", + "libdd-trace-protobuf 3.0.0", + "libdd-trace-utils 3.0.0", "log", "percent-encoding", "regex", "serde", "serde_json", - "url", ] [[package]] name = "libdd-trace-protobuf" -version = "1.0.0" -source = "git+https://github.com/DataDog/libdatadog?rev=c8121f422d2c8d219f8d421ff3cdb1fcbe9e8b09#c8121f422d2c8d219f8d421ff3cdb1fcbe9e8b09" +version = "2.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5d0a54921e03174f3ff7ad8506ff9e13637e546ef0b1f369ae463eacebda8e88" dependencies = [ "prost 0.14.3", "serde", @@ -2069,9 +2087,8 @@ dependencies = [ [[package]] name = "libdd-trace-protobuf" -version = "2.0.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5d0a54921e03174f3ff7ad8506ff9e13637e546ef0b1f369ae463eacebda8e88" +version = "3.0.0" +source = "git+https://github.com/DataDog/libdatadog?rev=13b8202371d99753c0f84d20e2245a3cef917ddf#13b8202371d99753c0f84d20e2245a3cef917ddf" dependencies = [ "prost 0.14.3", "serde", @@ -2080,44 +2097,44 @@ dependencies = [ [[package]] name = "libdd-trace-stats" -version = "1.0.0" -source = "git+https://github.com/DataDog/libdatadog?rev=c8121f422d2c8d219f8d421ff3cdb1fcbe9e8b09#c8121f422d2c8d219f8d421ff3cdb1fcbe9e8b09" +version = "1.0.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ea447dc8a5d84c6b5eb6ea877c4fea4149fd29f6b45fcfc5cfd7edf82a18e056" dependencies = [ "hashbrown 0.15.5", - "libdd-ddsketch 1.0.0", - "libdd-trace-protobuf 1.0.0", - "libdd-trace-utils 1.0.0", + "libdd-ddsketch 1.0.1 (registry+https://github.com/rust-lang/crates.io-index)", + "libdd-trace-protobuf 2.0.0", + "libdd-trace-utils 2.0.2", ] [[package]] name = "libdd-trace-stats" -version = "1.0.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ea447dc8a5d84c6b5eb6ea877c4fea4149fd29f6b45fcfc5cfd7edf82a18e056" +version = "1.0.4" +source = "git+https://github.com/DataDog/libdatadog?rev=13b8202371d99753c0f84d20e2245a3cef917ddf#13b8202371d99753c0f84d20e2245a3cef917ddf" dependencies = [ "hashbrown 0.15.5", - "libdd-ddsketch 1.0.1", - "libdd-trace-protobuf 2.0.0", - "libdd-trace-utils 2.0.2", + "libdd-ddsketch 1.0.1 (git+https://github.com/DataDog/libdatadog?rev=13b8202371d99753c0f84d20e2245a3cef917ddf)", + "libdd-trace-protobuf 3.0.0", + "libdd-trace-utils 3.0.0", ] [[package]] name = "libdd-trace-utils" -version = "1.0.0" -source = "git+https://github.com/DataDog/libdatadog?rev=c8121f422d2c8d219f8d421ff3cdb1fcbe9e8b09#c8121f422d2c8d219f8d421ff3cdb1fcbe9e8b09" +version = "2.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8a59e9a0a41bb17d06fb85a70db3be04e53ddfb8f61a593939bb9677729214db" dependencies = [ "anyhow", "bytes", - "flate2", "futures", "http 1.4.0", "http-body 1.0.1", "http-body-util", "indexmap", - "libdd-common 1.1.0", - "libdd-tinybytes 1.1.0 (git+https://github.com/DataDog/libdatadog?rev=c8121f422d2c8d219f8d421ff3cdb1fcbe9e8b09)", - "libdd-trace-normalization 1.0.0", - "libdd-trace-protobuf 1.0.0", + "libdd-common 2.0.1", + "libdd-tinybytes 1.1.0 (registry+https://github.com/rust-lang/crates.io-index)", + "libdd-trace-normalization 1.0.2", + "libdd-trace-protobuf 2.0.0", "prost 0.14.3", "rand 0.8.5", "rmp", @@ -2127,26 +2144,26 @@ dependencies = [ "serde_json", "tokio", "tracing", - "zstd", ] [[package]] name = "libdd-trace-utils" -version = "2.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8a59e9a0a41bb17d06fb85a70db3be04e53ddfb8f61a593939bb9677729214db" +version = "3.0.0" +source = "git+https://github.com/DataDog/libdatadog?rev=13b8202371d99753c0f84d20e2245a3cef917ddf#13b8202371d99753c0f84d20e2245a3cef917ddf" dependencies = [ "anyhow", + "base64 0.22.1", "bytes", + "flate2", "futures", "http 1.4.0", "http-body 1.0.1", "http-body-util", "indexmap", - "libdd-common 2.0.1", - "libdd-tinybytes 1.1.0 (registry+https://github.com/rust-lang/crates.io-index)", - "libdd-trace-normalization 1.0.2", - "libdd-trace-protobuf 2.0.0", + "libdd-common 3.0.1", + "libdd-tinybytes 1.1.0 (git+https://github.com/DataDog/libdatadog?rev=13b8202371d99753c0f84d20e2245a3cef917ddf)", + "libdd-trace-normalization 1.0.3", + "libdd-trace-protobuf 3.0.0", "prost 0.14.3", "rand 0.8.5", "rmp", @@ -2156,6 +2173,7 @@ dependencies = [ "serde_json", "tokio", "tracing", + "zstd", ] [[package]] @@ -3058,6 +3076,26 @@ dependencies = [ "thiserror 1.0.69", ] +[[package]] +name = "ref-cast" +version = "1.0.25" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f354300ae66f76f1c85c5f84693f0ce81d747e2c3f21a45fef496d89c960bf7d" +dependencies = [ + "ref-cast-impl", +] + +[[package]] +name = "ref-cast-impl" +version = "1.0.25" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b7186006dcb21920990093f30e3dea63b7d6e977bf1256be20c3563a5db070da" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + [[package]] name = "regex" version = "1.12.3" @@ -3457,6 +3495,7 @@ version = "1.0.149" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "83fc039473c5595ace860d8c4fafa220ff474b3fc6bfdb4293327f1a37e94d86" dependencies = [ + "indexmap", "itoa", "memchr", "serde", diff --git a/bottlecap/Cargo.toml b/bottlecap/Cargo.toml index b74de69a7..acb633ba0 100644 --- a/bottlecap/Cargo.toml +++ b/bottlecap/Cargo.toml @@ -39,7 +39,7 @@ hmac = { version = "0.12", default-features = false } sha2 = { version = "0.10", default-features = false } hex = { version = "0.4", default-features = false, features = ["std"] } base64 = { version = "0.22", default-features = false } -rustls = { version = "0.23.18", default-features = false, features = ["aws-lc-rs"] } +rustls = { version = "0.23.18", default-features = false, features = ["ring"] } rustls-pemfile = { version = "2.0", default-features = false, features = ["std"] } rustls-pki-types = { version = "1.0", default-features = false } hyper-rustls = { version = "0.27.7", default-features = false } @@ -71,12 +71,12 @@ indexmap = {version = "2.11.0", default-features = false} # be found in the clippy.toml file adjacent to this Cargo.toml. datadog-protos = { version = "0.1.0", default-features = false, git = "https://github.com/DataDog/saluki/", rev = "f863626dbfe3c59bb390985fa6530b0621c2a0a2"} ddsketch-agent = { version = "0.1.0", default-features = false, git = "https://github.com/DataDog/saluki/", rev = "f863626dbfe3c59bb390985fa6530b0621c2a0a2"} -libdd-common = { git = "https://github.com/DataDog/libdatadog", rev = "c8121f422d2c8d219f8d421ff3cdb1fcbe9e8b09" } -libdd-trace-protobuf = { git = "https://github.com/DataDog/libdatadog", rev = "c8121f422d2c8d219f8d421ff3cdb1fcbe9e8b09" } -libdd-trace-utils = { git = "https://github.com/DataDog/libdatadog", rev = "c8121f422d2c8d219f8d421ff3cdb1fcbe9e8b09" , features = ["mini_agent"] } -libdd-trace-normalization = { git = "https://github.com/DataDog/libdatadog", rev = "c8121f422d2c8d219f8d421ff3cdb1fcbe9e8b09" } -libdd-trace-obfuscation = { git = "https://github.com/DataDog/libdatadog", rev = "c8121f422d2c8d219f8d421ff3cdb1fcbe9e8b09" } -libdd-trace-stats = { git = "https://github.com/DataDog/libdatadog", rev = "c8121f422d2c8d219f8d421ff3cdb1fcbe9e8b09" } +libdd-common = { git = "https://github.com/DataDog/libdatadog", rev = "13b8202371d99753c0f84d20e2245a3cef917ddf" } +libdd-trace-protobuf = { git = "https://github.com/DataDog/libdatadog", rev = "13b8202371d99753c0f84d20e2245a3cef917ddf" } +libdd-trace-utils = { git = "https://github.com/DataDog/libdatadog", rev = "13b8202371d99753c0f84d20e2245a3cef917ddf" , features = ["mini_agent"] } +libdd-trace-normalization = { git = "https://github.com/DataDog/libdatadog", rev = "13b8202371d99753c0f84d20e2245a3cef917ddf" } +libdd-trace-obfuscation = { git = "https://github.com/DataDog/libdatadog", rev = "13b8202371d99753c0f84d20e2245a3cef917ddf" } +libdd-trace-stats = { git = "https://github.com/DataDog/libdatadog", rev = "13b8202371d99753c0f84d20e2245a3cef917ddf" } datadog-opentelemetry = { git = "https://github.com/DataDog/dd-trace-rs", rev = "f51cefc4ad24bec81b38fb2f36b1ed93f21ae913", default-features = false } dogstatsd = { git = "https://github.com/DataDog/serverless-components", rev = "28f796bf767fff56caf08153ade5cd80c8e8f705", default-features = false } datadog-fips = { git = "https://github.com/DataDog/serverless-components", rev = "28f796bf767fff56caf08153ade5cd80c8e8f705", default-features = false } diff --git a/bottlecap/LICENSE-3rdparty.csv b/bottlecap/LICENSE-3rdparty.csv index f9da414b4..9c6816cd4 100644 --- a/bottlecap/LICENSE-3rdparty.csv +++ b/bottlecap/LICENSE-3rdparty.csv @@ -19,6 +19,7 @@ bit-set,https://github.com/contain-rs/bit-set,Apache-2.0 OR MIT,Alexis Beingessn bit-vec,https://github.com/contain-rs/bit-vec,Apache-2.0 OR MIT,Alexis Beingessner bitflags,https://github.com/bitflags/bitflags,MIT OR Apache-2.0,The Rust Project Developers block-buffer,https://github.com/RustCrypto/utils,MIT OR Apache-2.0,RustCrypto Developers +borrow-or-share,https://github.com/yescallop/borrow-or-share,MIT-0,Scallop Ye buf_redux,https://github.com/abonander/buf_redux,MIT OR Apache-2.0,Austin Bonander bumpalo,https://github.com/fitzgen/bumpalo,MIT OR Apache-2.0,Nick Fitzgerald bytemuck,https://github.com/Lokathor/bytemuck,Zlib OR Apache-2.0 OR MIT,Lokathor @@ -57,6 +58,7 @@ figment,https://github.com/SergioBenitez/Figment,MIT OR Apache-2.0,Sergio Benite find-msvc-tools,https://github.com/rust-lang/cc-rs,MIT OR Apache-2.0,The find-msvc-tools Authors flate2,https://github.com/rust-lang/flate2-rs,MIT OR Apache-2.0,"Alex Crichton , Josh Triplett " float-cmp,https://github.com/mikedilger/float-cmp,MIT,Mike Dilger +fluent-uri,https://github.com/yescallop/fluent-uri-rs,MIT,Scallop Ye fnv,https://github.com/servo/rust-fnv,Apache-2.0 OR MIT,Alex Crichton foldhash,https://github.com/orlp/foldhash,Zlib,Orson Peters form_urlencoded,https://github.com/servo/rust-url,MIT OR Apache-2.0,The rust-url developers @@ -179,6 +181,8 @@ rand_chacha,https://github.com/rust-random/rand,MIT OR Apache-2.0,"The Rand Proj rand_core,https://github.com/rust-random/rand,MIT OR Apache-2.0,"The Rand Project Developers, The Rust Project Developers" rand_xorshift,https://github.com/rust-random/rngs,MIT OR Apache-2.0,"The Rand Project Developers, The Rust Project Developers" redox_syscall,https://gitlab.redox-os.org/redox-os/syscall,MIT,Jeremy Soller +ref-cast,https://github.com/dtolnay/ref-cast,MIT OR Apache-2.0,David Tolnay +ref-cast-impl,https://github.com/dtolnay/ref-cast,MIT OR Apache-2.0,David Tolnay regex,https://github.com/rust-lang/regex,MIT OR Apache-2.0,"The Rust Project Developers, Andrew Gallant " regex-automata,https://github.com/rust-lang/regex,MIT OR Apache-2.0,"The Rust Project Developers, Andrew Gallant " regex-syntax,https://github.com/rust-lang/regex,MIT OR Apache-2.0,"The Rust Project Developers, Andrew Gallant " diff --git a/bottlecap/src/bin/bottlecap/main.rs b/bottlecap/src/bin/bottlecap/main.rs index 532d206d7..f3dd88937 100644 --- a/bottlecap/src/bin/bottlecap/main.rs +++ b/bottlecap/src/bin/bottlecap/main.rs @@ -1127,11 +1127,19 @@ fn start_trace_agent( let obfuscation_config = obfuscation_config::ObfuscationConfig { tag_replace_rules: config.apm_replace_tags.clone(), - http_remove_path_digits: config.apm_config_obfuscation_http_remove_paths_with_digits, - http_remove_query_string: config.apm_config_obfuscation_http_remove_query_string, - obfuscate_memcached: false, - obfuscation_redis_enabled: false, - obfuscation_redis_remove_all_args: false, + http: obfuscation_config::HttpConfig { + remove_paths_with_digits: config.apm_config_obfuscation_http_remove_paths_with_digits, + remove_query_string: config.apm_config_obfuscation_http_remove_query_string, + }, + memcached: obfuscation_config::MemcachedConfig { + enabled: false, + ..Default::default() + }, + redis: obfuscation_config::RedisConfig { + enabled: false, + remove_all_args: false, + }, + ..Default::default() }; let trace_processor = Arc::new(trace_processor::ServerlessTraceProcessor { diff --git a/bottlecap/src/traces/http_client.rs b/bottlecap/src/traces/http_client.rs index 5a9466214..67acf9b68 100644 --- a/bottlecap/src/traces/http_client.rs +++ b/bottlecap/src/traces/http_client.rs @@ -24,11 +24,11 @@ pub type HttpClient = GenericHttpClient>; /// Initialize the crypto provider needed for setting custom root certificates. +/// Uses ring for non-FIPS builds; FIPS builds install the aws-lc-rs FIPS provider +/// in `fips::prepare_client_provider()` before this is called. fn ensure_crypto_provider_initialized() { static INIT_CRYPTO_PROVIDER: LazyLock<()> = LazyLock::new(|| { - #[cfg(unix)] - if let Err(_already_installed) = - rustls::crypto::aws_lc_rs::default_provider().install_default() + if let Err(_already_installed) = rustls::crypto::ring::default_provider().install_default() { debug!( "HTTP_CLIENT | Default CryptoProvider already installed, using existing provider" diff --git a/bottlecap/src/traces/trace_processor.rs b/bottlecap/src/traces/trace_processor.rs index 3864e4c60..c8aa741d3 100644 --- a/bottlecap/src/traces/trace_processor.rs +++ b/bottlecap/src/traces/trace_processor.rs @@ -636,7 +636,7 @@ mod tests { #[allow(clippy::unwrap_used)] #[cfg_attr(miri, ignore)] async fn test_process_trace() { - let _ = rustls::crypto::aws_lc_rs::default_provider().install_default(); + let _ = rustls::crypto::ring::default_provider().install_default(); let start = get_current_timestamp_nanos(); let tags_provider = create_tags_provider(create_test_config());