mirror of https://github.com/ctz/rustls
crypto: separate module dir, ring sub-module.
For better code organization this commit moves the generic crypto interface code from `src/crypto.rs` to `src/crypto/lib.rs`. The *ring* specific code implementing the generic interfaces is moved to `src/crypto/ring.rs` as a sub-module of `crypto. All imports are adjusted accordingly. This has the advantage of leaving `src/crypto/lib.rs` small, and without any *ring* specific imports. In the future we may choose to feature-gate the ring sub-module to allow building the crate without a dependency on ring.
This commit is contained in:
parent
d60df2c368
commit
17a7e17534
|
@ -6,7 +6,7 @@ use std::sync::Arc;
|
|||
use std::io::{stdout, Read, Write};
|
||||
use std::net::TcpStream;
|
||||
|
||||
use rustls::crypto::Ring;
|
||||
use rustls::crypto::ring::Ring;
|
||||
use rustls::OwnedTrustAnchor;
|
||||
|
||||
fn main() {
|
||||
|
|
|
@ -3,7 +3,8 @@ use std::sync::Arc;
|
|||
use std::io::{BufRead, BufReader, Write};
|
||||
use std::net::TcpStream;
|
||||
|
||||
use rustls::crypto::{CryptoProvider, Ring};
|
||||
use rustls::crypto::ring::Ring;
|
||||
use rustls::crypto::CryptoProvider;
|
||||
use rustls::{OwnedTrustAnchor, RootCertStore};
|
||||
|
||||
fn start_connection(config: &Arc<rustls::ClientConfig<impl CryptoProvider>>, domain_name: &str) {
|
||||
|
|
|
@ -12,7 +12,7 @@ use std::sync::Arc;
|
|||
use std::io::{stdout, Read, Write};
|
||||
use std::net::TcpStream;
|
||||
|
||||
use rustls::crypto::Ring;
|
||||
use rustls::crypto::ring::Ring;
|
||||
use rustls::{OwnedTrustAnchor, RootCertStore};
|
||||
|
||||
fn main() {
|
||||
|
|
|
@ -2,8 +2,8 @@ use std::process;
|
|||
use std::sync::Arc;
|
||||
|
||||
use mio::net::TcpStream;
|
||||
use rustls::crypto::ring::Ring;
|
||||
use rustls::crypto::CryptoProvider;
|
||||
use rustls::crypto::Ring;
|
||||
|
||||
use std::fs;
|
||||
use std::io;
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
use std::sync::Arc;
|
||||
|
||||
use mio::net::{TcpListener, TcpStream};
|
||||
use rustls::crypto::Ring;
|
||||
use rustls::crypto::ring::Ring;
|
||||
|
||||
#[macro_use]
|
||||
extern crate log;
|
||||
|
|
|
@ -4,7 +4,7 @@ extern crate libfuzzer_sys;
|
|||
extern crate rustls;
|
||||
extern crate webpki;
|
||||
|
||||
use rustls::crypto::Ring;
|
||||
use rustls::crypto::ring::Ring;
|
||||
use rustls::{ClientConfig, ClientConnection, RootCertStore};
|
||||
use std::io;
|
||||
use std::sync::Arc;
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
extern crate libfuzzer_sys;
|
||||
extern crate rustls;
|
||||
|
||||
use rustls::crypto::Ring;
|
||||
use rustls::crypto::ring::Ring;
|
||||
use rustls::server::ResolvesServerCert;
|
||||
use rustls::{ServerConfig, ServerConnection};
|
||||
|
||||
|
|
|
@ -12,7 +12,7 @@ use std::sync::Arc;
|
|||
use std::time::{Duration, Instant};
|
||||
|
||||
use rustls::client::Resumption;
|
||||
use rustls::crypto::Ring;
|
||||
use rustls::crypto::ring::Ring;
|
||||
use rustls::server::{
|
||||
AllowAnyAuthenticatedClient, NoClientAuth, NoServerSessionStorage, ServerSessionMemoryCache,
|
||||
};
|
||||
|
|
|
@ -5,8 +5,8 @@
|
|||
//
|
||||
|
||||
use rustls::client::{ClientConfig, ClientConnection, Resumption};
|
||||
use rustls::crypto::ring::Ring;
|
||||
use rustls::crypto::CryptoProvider;
|
||||
use rustls::crypto::Ring;
|
||||
use rustls::internal::msgs::codec::Codec;
|
||||
use rustls::internal::msgs::persist;
|
||||
use rustls::server::{ClientHello, ServerConfig, ServerConnection};
|
||||
|
|
|
@ -21,7 +21,7 @@ use std::marker::PhantomData;
|
|||
///
|
||||
/// ```no_run
|
||||
/// # use rustls::ServerConfig;
|
||||
/// # use rustls::crypto::Ring;
|
||||
/// # use rustls::crypto::ring::Ring;
|
||||
/// # let certs = vec![];
|
||||
/// # let private_key = rustls::PrivateKey(vec![]);
|
||||
/// ServerConfig::<Ring>::builder()
|
||||
|
@ -38,7 +38,7 @@ use std::marker::PhantomData;
|
|||
///
|
||||
/// ```no_run
|
||||
/// # use rustls::ServerConfig;
|
||||
/// # use rustls::crypto::Ring;
|
||||
/// # use rustls::crypto::ring::Ring;
|
||||
/// # let certs = vec![];
|
||||
/// # let private_key = rustls::PrivateKey(vec![]);
|
||||
/// ServerConfig::<Ring>::builder()
|
||||
|
@ -52,7 +52,7 @@ use std::marker::PhantomData;
|
|||
///
|
||||
/// ```no_run
|
||||
/// # use rustls::ClientConfig;
|
||||
/// # use rustls::crypto::Ring;
|
||||
/// # use rustls::crypto::ring::Ring;
|
||||
/// # let root_certs = rustls::RootCertStore::empty();
|
||||
/// # let certs = vec![];
|
||||
/// # let private_key = rustls::PrivateKey(vec![]);
|
||||
|
@ -70,7 +70,7 @@ use std::marker::PhantomData;
|
|||
///
|
||||
/// ```
|
||||
/// # use rustls::ClientConfig;
|
||||
/// # use rustls::crypto::Ring;
|
||||
/// # use rustls::crypto::ring::Ring;
|
||||
/// # let root_certs = rustls::RootCertStore::empty();
|
||||
/// ClientConfig::<Ring>::builder()
|
||||
/// .with_safe_defaults()
|
||||
|
|
|
@ -0,0 +1,14 @@
|
|||
use crate::rand::GetRandomFailed;
|
||||
use crate::server::ProducesTickets;
|
||||
|
||||
/// *ring* based CryptoProvider.
|
||||
pub mod ring;
|
||||
|
||||
/// Pluggable crypto galore.
|
||||
pub trait CryptoProvider: Send + Sync + 'static {
|
||||
/// Build a ticket generator.
|
||||
fn ticket_generator() -> Result<Box<dyn ProducesTickets>, GetRandomFailed>;
|
||||
|
||||
/// Fill the given buffer with random bytes.
|
||||
fn fill_random(buf: &mut [u8]) -> Result<(), GetRandomFailed>;
|
||||
}
|
|
@ -1,18 +1,10 @@
|
|||
use crate::crypto::CryptoProvider;
|
||||
use crate::rand::GetRandomFailed;
|
||||
use crate::server::ProducesTickets;
|
||||
|
||||
use ring::aead;
|
||||
use ring::rand::{SecureRandom, SystemRandom};
|
||||
|
||||
/// Pluggable crypto galore.
|
||||
pub trait CryptoProvider: Send + Sync + 'static {
|
||||
/// Build a ticket generator.
|
||||
fn ticket_generator() -> Result<Box<dyn ProducesTickets>, GetRandomFailed>;
|
||||
|
||||
/// Fill the given buffer with random bytes.
|
||||
fn fill_random(buf: &mut [u8]) -> Result<(), GetRandomFailed>;
|
||||
}
|
||||
|
||||
/// Default crypto provider.
|
||||
pub struct Ring;
|
||||
|
||||
|
@ -61,7 +53,7 @@ impl ProducesTickets for AeadTicketer {
|
|||
// Random nonce, because a counter is a privacy leak.
|
||||
let mut nonce_buf = [0u8; 12];
|
||||
Ring::fill_random(&mut nonce_buf).ok()?;
|
||||
let nonce = ring::aead::Nonce::assume_unique_for_key(nonce_buf);
|
||||
let nonce = aead::Nonce::assume_unique_for_key(nonce_buf);
|
||||
let aad = ring::aead::Aad::empty();
|
||||
|
||||
let mut ciphertext =
|
||||
|
@ -84,7 +76,7 @@ impl ProducesTickets for AeadTicketer {
|
|||
let ciphertext = ciphertext.get(nonce.len()..)?;
|
||||
|
||||
// This won't fail since `nonce` has the required length.
|
||||
let nonce = ring::aead::Nonce::try_assume_unique_for_key(nonce).ok()?;
|
||||
let nonce = aead::Nonce::try_assume_unique_for_key(nonce).ok()?;
|
||||
|
||||
let mut out = Vec::from(ciphertext);
|
||||
|
|
@ -122,7 +122,7 @@
|
|||
//!
|
||||
//! ```rust,no_run
|
||||
//! # let root_store: rustls::RootCertStore = panic!();
|
||||
//! let config = rustls::ClientConfig::<rustls::crypto::Ring>::builder()
|
||||
//! let config = rustls::ClientConfig::<rustls::crypto::ring::Ring>::builder()
|
||||
//! .with_safe_defaults()
|
||||
//! .with_root_certificates(root_store)
|
||||
//! .with_no_client_auth();
|
||||
|
@ -148,7 +148,7 @@
|
|||
//! # )
|
||||
//! # })
|
||||
//! # );
|
||||
//! # let config = rustls::ClientConfig::<rustls::crypto::Ring>::builder()
|
||||
//! # let config = rustls::ClientConfig::<rustls::crypto::ring::Ring>::builder()
|
||||
//! # .with_safe_defaults()
|
||||
//! # .with_root_certificates(root_store)
|
||||
//! # .with_no_client_auth();
|
||||
|
@ -181,7 +181,7 @@
|
|||
//! errors.
|
||||
//!
|
||||
//! ```rust,no_run
|
||||
//! # let mut client = rustls::ClientConnection::new::<rustls::crypto::Ring>(panic!(), panic!()).unwrap();
|
||||
//! # let mut client = rustls::ClientConnection::new::<rustls::crypto::ring::Ring>(panic!(), panic!()).unwrap();
|
||||
//! # struct Socket { }
|
||||
//! # impl Socket {
|
||||
//! # fn ready_for_write(&self) -> bool { false }
|
||||
|
|
|
@ -554,7 +554,7 @@ impl From<ServerConnection> for crate::Connection {
|
|||
/// };
|
||||
///
|
||||
/// // For some user-defined choose_server_config:
|
||||
/// let config = choose_server_config::<rustls::crypto::Ring>(accepted.client_hello());
|
||||
/// let config = choose_server_config::<rustls::crypto::ring::Ring>(accepted.client_hello());
|
||||
/// let conn = accepted
|
||||
/// .into_connection(config)
|
||||
/// .unwrap();
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
use crate::crypto::CryptoProvider;
|
||||
#[cfg(test)]
|
||||
use crate::crypto::Ring;
|
||||
use crate::crypto::ring::Ring;
|
||||
use crate::crypto::CryptoProvider;
|
||||
use crate::rand;
|
||||
use crate::server::ProducesTickets;
|
||||
use crate::Error;
|
||||
|
|
|
@ -10,7 +10,8 @@ use std::sync::Arc;
|
|||
use std::sync::Mutex;
|
||||
|
||||
use rustls::client::{ResolvesClientCert, Resumption};
|
||||
use rustls::crypto::{CryptoProvider, Ring};
|
||||
use rustls::crypto::ring::Ring;
|
||||
use rustls::crypto::CryptoProvider;
|
||||
use rustls::internal::msgs::base::Payload;
|
||||
use rustls::internal::msgs::codec::Codec;
|
||||
use rustls::server::{AllowAnyAnonymousOrAuthenticatedClient, ClientHello, ResolvesServerCert};
|
||||
|
|
|
@ -10,7 +10,7 @@ use crate::common::{
|
|||
make_pair_for_arc_configs, server_name, ErrorFromPeer, KeyType, ALL_KEY_TYPES,
|
||||
};
|
||||
use rustls::client::WebPkiVerifier;
|
||||
use rustls::crypto::Ring;
|
||||
use rustls::crypto::ring::Ring;
|
||||
use rustls::internal::msgs::handshake::DistinguishedName;
|
||||
use rustls::server::{ClientCertVerified, ClientCertVerifier};
|
||||
use rustls::{
|
||||
|
|
|
@ -4,7 +4,8 @@ use std::io;
|
|||
use std::ops::{Deref, DerefMut};
|
||||
use std::sync::Arc;
|
||||
|
||||
use rustls::crypto::{CryptoProvider, Ring};
|
||||
use rustls::crypto::ring::Ring;
|
||||
use rustls::crypto::CryptoProvider;
|
||||
use rustls::internal::msgs::codec::Reader;
|
||||
use rustls::internal::msgs::message::{Message, OpaqueMessage, PlainMessage};
|
||||
use rustls::server::{
|
||||
|
|
Loading…
Reference in New Issue