no process-level CryptoProvider available -- call CryptoProvider::install_default() before this point

[Jonathan-Landeed]

Related to snapview/tokio-tungstenite#336

I solved it by adding rustls = ">=0.23.x" to my Cargo.toml and let _ = rustls::crypto::aws_lc_rs::default_provider().install_default(); before calling slack morphism stuff, but that doesn't seem ideal.

[abdolence]

Hey, thanks for letting me know there are some issues.
I've removed my Cargo.lock to verify it with the latest builds (rustls v0.27.2 there) and It seems working with socket_mode example without changing anything. I would guess it is related to some specific features configuration in your app?

[Jonathan-Landeed]

I think it might be when tonic v0.12.1 enables the ring feature, but I'm a bit over my head on this.

I also have multiple versions of rustls installed because aws-smithy-runtime is still on rustls v0.21.12, but that shouldn't matter.

[jiangxiaoqiang]

add this code to fixed this:

rustls::crypto::ring::default_provider().install_default().expect("Failed to install rustls crypto provider");

[abcdabcd987]

I also run into this issue. After introducing slack-morphism to one project, the other project in the same Cargo workspace run into this problem.

I think the reason is that -- by default, rustls crate installs aws-lc-rs crate but not ring crate. When only one of them exists, rustls can automatically use it as the default. On the other hand, when both exists, it requires users to explicitly setup the default provider, hence @jiangxiaoqiang 's fix is required.

I guess most applications don't explicitly depend on rustls, ring, or aws-lc-rs. Rather, rustls are pulled in by other dependencies (and subsequently aws-lc-rs). When use slack-morphism with hyper feature, since signature_verifier.rs uses ring, ring got pulled in.

I'd say this would really be a big surprise for users.

I wonder if you'd consider using other crates to implement signature_verifier.rs and drop the dependency of ring? For example, you can use a combination of hmac::{Hmac, Mac}, sha2::Sha256, hex, subtle::ConstantTimeEq.

[abdolence]

I think the reason is that -- by default, rustls crate installs aws-lc-rs crate but not ring crate. When only one of them exists, rustls can automatically use it as the default. On the other hand, when both exists, it requires users to explicitly setup the default provider, hence @jiangxiaoqiang 's fix is required.

I see, now it least it understandable why it affects only some of us. Thanks for digging!

I wonder if you'd consider using other crates to implement signature_verifier.rs and drop the dependency of ring? For example, you can use a combination of hmac::{Hmac, Mac}, sha2::Sha256, hex, subtle::ConstantTimeEq.

I need to verify those links first, let me do some due diligence of those dependencies and will check the PR. I have no objections against simplifying people's life in general, just need to understand the consequences of new deps.

[abdolence]

Thanks for the contributions and digging again @abcdabcd987 👍🏻