crypto panic https web silently failing

[davegullo]

FIX for:

thread 'tokio-runtime-worker' (8) panicked at /root/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/rustls-0.23.35/src/crypto/mod.rs:249:14:

Could not automatically determine the process-level CryptoProvider from Rustls crate features.
Call CryptoProvider::install_default() before this point to select a provider manually, or make sure exactly one of the 'aws-lc-rs' and 'ring' features is enabled.

[coderabbitai]

Walkthrough

The pull request adds rustls = { version = "0.23", features = ["aws-lc-rs"] } to rs/moq-relay/Cargo.toml. It also updates rs/moq-relay/src/main.rs to install the rustls default crypto provider using the aws-lc-rs implementation at startup (calling rustls::crypto::CryptoProvider::install_default(rustls::crypto::aws_lc_rs::default_provider())) before existing configuration loading and server setup. No other dependency or public API changes were introduced.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.
Title check	❓ Inconclusive	The title is vague and does not clearly summarize the main change; it uses non-descriptive terms like 'crypto panic https web' that lack specific meaning about the fix.	Consider a clearer title like 'Fix rustls CryptoProvider panic by installing default provider' that directly describes the fix being implemented.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description check	✅ Passed	The description directly addresses the rustls panic error and explains the context, clearly relating to the changeset which adds RustLS initialization.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7b8e2d9 and d4a6e43.

📒 Files selected for processing (1)

• rs/moq-relay/Cargo.toml

🚧 Files skipped from review as they are similar to previous changes (1)

• rs/moq-relay/Cargo.toml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Check

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

rs/moq-native/src/crypto.rs (1)

26-48: Add inline tests for sha256() in crypto.rs.

The sha256() function lacks inline test coverage. Per the coding guidelines, Rust tests should be integrated within source files using inline test modules. Add a test module to verify sha256() works correctly with the configured crypto provider(s).

🧹 Nitpick comments (3)

rs/moq-native/src/crypto.rs (3)

10-24: Add a compile-time check when neither crypto feature is enabled.

If both aws-lc-rs and ring features are disabled, the function body after the early return on line 9 becomes empty, resulting in a compile error with an unclear message. Consider adding a compile_error! directive to surface a helpful message:

🔎 Proposed fix

 	#[cfg(feature = "ring")]
 	{
 		let provider_inner = rustls::crypto::ring::default_provider();
 		let _ = rustls::crypto::CryptoProvider::install_default(provider_inner.clone());
 		return Arc::new(provider_inner);
 	}
+
+	#[cfg(not(any(feature = "aws-lc-rs", feature = "ring")))]
+	compile_error!("Either 'aws-lc-rs' or 'ring' feature must be enabled for crypto support");
 }

---

14-14: Consider handling the install_default result to avoid returning a stale provider.

install_default returns Err if another thread already installed a different provider between the get_default() check and this call. By discarding the result with let _ =, you may return a provider that isn't actually the process-level default. Consider re-fetching the installed default on failure:

🔎 Proposed fix (example for aws-lc-rs block)

 	#[cfg(feature = "aws-lc-rs")]
 	{
 		let provider_inner = rustls::crypto::aws_lc_rs::default_provider();
-		let _ = rustls::crypto::CryptoProvider::install_default(provider_inner.clone());
-		return Arc::new(provider_inner);
+		match rustls::crypto::CryptoProvider::install_default(provider_inner.clone()) {
+			Ok(()) => return Arc::new(provider_inner),
+			Err(_) => return rustls::crypto::CryptoProvider::get_default()
+				.cloned()
+				.expect("provider was just installed by another thread"),
+		}
 	}

Also applies to: 21-21

---

31-48: Consider returning Result instead of panicking.

Panicking on missing hash provider (line 47) is abrupt for library code. Callers cannot gracefully handle this failure. A Result<hash::Output, CryptoError> return type would allow callers to decide how to handle the error.

That said, if the provider is guaranteed to include SHA-256 suites when properly configured (which is typical for both aws-lc-rs and ring defaults), the panic may be acceptable as an "unreachable" safeguard. If you keep the panic, consider using unreachable! with a more descriptive message to clarify this is a configuration bug.

🔎 Alternative: use unreachable! for clarity

-	panic!("SHA-256 hash provider not found");
+	unreachable!("SHA-256 hash provider not found; ensure the crypto provider includes TLS 1.3 cipher suites with SHA-256")

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9dec508 and 2289d4c.

📒 Files selected for processing (1)

• rs/moq-native/src/crypto.rs

🧰 Additional context used

📓 Path-based instructions (1)

**/*.rs

📄 CodeRabbit inference engine (CLAUDE.md)

In Rust crates, tests should be integrated within source files using inline test modules

Files:

• rs/moq-native/src/crypto.rs

🧬 Code graph analysis (1)

rs/moq-native/src/crypto.rs (2)

rs/moq-native/src/server.rs (2)

• new (89-142)
• new (324-332)

rs/moq-native/src/client.rs (2)

• new (73-139)
• new (254-256)

[kixelated]

Fixed in #804