From 546a85d91277a1009d199aa1e2829ecf153e2631 Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Wed, 28 Feb 2024 09:10:20 +0000 Subject: [PATCH] Format imports with `cargo +nightly fmt-unstable` Run with nightly-2024-02-21 --- ci-bench/src/util.rs | 6 +- connect-tests/tests/ech.rs | 1 - examples/src/bin/limitedclient.rs | 3 +- examples/src/bin/server_acceptor.rs | 3 +- examples/src/bin/tlsclient-mio.rs | 3 +- examples/src/bin/tlsserver-mio.rs | 3 +- openssl-tests/src/ffdhe_kx_with_openssl.rs | 3 +- rustls/benches/benchmarks.rs | 8 +-- rustls/examples/internal/bench_impl.rs | 15 ++-- rustls/examples/internal/bogo_shim_impl.rs | 25 +++---- rustls/src/bs_debug.rs | 3 +- rustls/src/builder.rs | 10 +-- rustls/src/client/builder.rs | 18 +++-- rustls/src/client/client_conn.rs | 44 +++++------- rustls/src/client/common.rs | 11 ++- rustls/src/client/handy.rs | 19 +++-- rustls/src/client/hs.rs | 45 ++++++------ rustls/src/client/tls12.rs | 40 +++++------ rustls/src/client/tls13.rs | 52 ++++++-------- rustls/src/common_state.rs | 16 ++--- rustls/src/conn.rs | 24 +++---- rustls/src/crypto/aws_lc_rs/mod.rs | 25 +++---- rustls/src/crypto/aws_lc_rs/sign.rs | 27 +++---- rustls/src/crypto/aws_lc_rs/tls12.rs | 8 +-- rustls/src/crypto/aws_lc_rs/tls13.rs | 6 +- rustls/src/crypto/cipher.rs | 4 +- rustls/src/crypto/hash.rs | 4 +- rustls/src/crypto/mod.rs | 23 +++--- rustls/src/crypto/ring/hash.rs | 4 +- rustls/src/crypto/ring/hmac.rs | 4 +- rustls/src/crypto/ring/kx.rs | 11 ++- rustls/src/crypto/ring/mod.rs | 17 ++--- rustls/src/crypto/ring/quic.rs | 7 +- rustls/src/crypto/ring/sign.rs | 29 ++++---- rustls/src/crypto/ring/ticketer.rs | 23 +++--- rustls/src/crypto/ring/tls12.rs | 7 +- rustls/src/crypto/ring/tls13.rs | 5 +- rustls/src/crypto/signer.rs | 10 +-- rustls/src/crypto/tls12.rs | 7 +- rustls/src/crypto/tls13.rs | 13 ++-- rustls/src/error.rs | 14 ++-- rustls/src/hash_hs.rs | 8 +-- rustls/src/key_log_file.rs | 17 +++-- rustls/src/lib.rs | 24 +++---- rustls/src/msgs/alert.rs | 4 +- rustls/src/msgs/base.rs | 8 +-- rustls/src/msgs/codec.rs | 10 +-- rustls/src/msgs/deframer.rs | 3 +- rustls/src/msgs/enums.rs | 3 +- rustls/src/msgs/fragmenter.rs | 13 ++-- rustls/src/msgs/handshake.rs | 20 +++--- rustls/src/msgs/handshake_test.rs | 13 ++-- rustls/src/msgs/message/inbound.rs | 4 +- rustls/src/msgs/message/mod.rs | 4 +- rustls/src/msgs/message/outbound.rs | 4 +- rustls/src/msgs/message_test.rs | 13 ++-- rustls/src/msgs/persist.rs | 16 ++--- rustls/src/quic.rs | 34 ++++----- rustls/src/rand.rs | 4 +- rustls/src/record_layer.rs | 6 +- rustls/src/server/builder.rs | 18 +++-- rustls/src/server/common.rs | 4 +- rustls/src/server/handy.rs | 38 +++++----- rustls/src/server/hs.rs | 33 +++++---- rustls/src/server/server_conn.rs | 53 +++++++------- rustls/src/server/tls12.rs | 51 ++++++------- rustls/src/server/tls13.rs | 83 +++++++++------------- rustls/src/stream.rs | 7 +- rustls/src/suites.rs | 4 +- rustls/src/ticketer.rs | 11 ++- rustls/src/tls12/mod.rs | 14 ++-- rustls/src/tls13/key_schedule.rs | 9 ++- rustls/src/tls13/mod.rs | 6 +- rustls/src/verifybench.rs | 6 +- rustls/src/webpki/anchors.rs | 1 + rustls/src/webpki/client_verifier.rs | 11 ++- rustls/src/webpki/mod.rs | 8 +-- rustls/src/webpki/server_verifier.rs | 7 +- rustls/src/webpki/verify.rs | 4 +- rustls/src/x509.rs | 3 +- rustls/tests/common/mod.rs | 13 ++-- rustls/tests/ech.rs | 1 - rustls/tests/key_log_file_env.rs | 6 +- rustls/tests/process_provider.rs | 5 +- 84 files changed, 552 insertions(+), 652 deletions(-) diff --git a/ci-bench/src/util.rs b/ci-bench/src/util.rs index e20680be..49be6fbd 100644 --- a/ci-bench/src/util.rs +++ b/ci-bench/src/util.rs @@ -401,10 +401,12 @@ pub mod transport { //! but that doesn't matter (we are measuring performance differences, and overhead is automatically //! ignored as long as it remains constant). - use super::async_io::{AsyncRead, AsyncWrite}; + use std::io::{Cursor, Read, Write}; + use byteorder::{BigEndian, ReadBytesExt, WriteBytesExt}; use rustls::{ClientConnection, ConnectionCommon, ServerConnection, SideData}; - use std::io::{Cursor, Read, Write}; + + use super::async_io::{AsyncRead, AsyncWrite}; /// Sends one side's handshake data to the other side in one go. /// diff --git a/connect-tests/tests/ech.rs b/connect-tests/tests/ech.rs index 3cadb730..12ac1346 100644 --- a/connect-tests/tests/ech.rs +++ b/connect-tests/tests/ech.rs @@ -3,7 +3,6 @@ mod ech_config { use hickory_resolver::proto::rr::rdata::svcb::{SvcParamKey, SvcParamValue}; use hickory_resolver::proto::rr::{RData, RecordType}; use hickory_resolver::Resolver; - use rustls::internal::msgs::codec::{Codec, Reader}; use rustls::internal::msgs::enums::EchVersion; use rustls::internal::msgs::handshake::EchConfig; diff --git a/examples/src/bin/limitedclient.rs b/examples/src/bin/limitedclient.rs index abe85cbd..62443cae 100644 --- a/examples/src/bin/limitedclient.rs +++ b/examples/src/bin/limitedclient.rs @@ -2,11 +2,12 @@ //! so that unused cryptography in rustls can be discarded by the linker. You can //! observe using `nm` that the binary of this program does not contain any AES code. -use rustls::crypto::{aws_lc_rs as provider, CryptoProvider}; use std::io::{stdout, Read, Write}; use std::net::TcpStream; use std::sync::Arc; +use rustls::crypto::{aws_lc_rs as provider, CryptoProvider}; + fn main() { let root_store = rustls::RootCertStore::from_iter( webpki_roots::TLS_SERVER_ROOTS diff --git a/examples/src/bin/server_acceptor.rs b/examples/src/bin/server_acceptor.rs index 595b92b6..093080fb 100644 --- a/examples/src/bin/server_acceptor.rs +++ b/examples/src/bin/server_acceptor.rs @@ -13,13 +13,12 @@ use std::time::Duration; use std::{fs, thread}; use docopt::Docopt; -use serde_derive::Deserialize; - use rustls::pki_types::{ CertificateDer, CertificateRevocationListDer, PrivateKeyDer, PrivatePkcs8KeyDer, }; use rustls::server::{Acceptor, ClientHello, ServerConfig, WebPkiClientVerifier}; use rustls::RootCertStore; +use serde_derive::Deserialize; fn main() { let version = concat!( diff --git a/examples/src/bin/tlsclient-mio.rs b/examples/src/bin/tlsclient-mio.rs index 265bf6ea..d4b51dbd 100644 --- a/examples/src/bin/tlsclient-mio.rs +++ b/examples/src/bin/tlsclient-mio.rs @@ -26,11 +26,10 @@ use std::{fs, process, str}; use docopt::Docopt; use mio::net::TcpStream; -use serde::Deserialize; - use rustls::crypto::{aws_lc_rs as provider, CryptoProvider}; use rustls::pki_types::{CertificateDer, PrivateKeyDer, ServerName}; use rustls::RootCertStore; +use serde::Deserialize; const CLIENT: mio::Token = mio::Token(0); diff --git a/examples/src/bin/tlsserver-mio.rs b/examples/src/bin/tlsserver-mio.rs index 1b415578..08ecae5a 100644 --- a/examples/src/bin/tlsserver-mio.rs +++ b/examples/src/bin/tlsserver-mio.rs @@ -27,12 +27,11 @@ use std::{fs, net}; use docopt::Docopt; use log::{debug, error}; use mio::net::{TcpListener, TcpStream}; -use serde::Deserialize; - use rustls::crypto::{aws_lc_rs as provider, CryptoProvider}; use rustls::pki_types::{CertificateDer, CertificateRevocationListDer, PrivateKeyDer}; use rustls::server::WebPkiClientVerifier; use rustls::RootCertStore; +use serde::Deserialize; // Token for our listening socket. const LISTENER: mio::Token = mio::Token(0); diff --git a/openssl-tests/src/ffdhe_kx_with_openssl.rs b/openssl-tests/src/ffdhe_kx_with_openssl.rs index 0a20a697..9d7e1963 100644 --- a/openssl-tests/src/ffdhe_kx_with_openssl.rs +++ b/openssl-tests/src/ffdhe_kx_with_openssl.rs @@ -4,6 +4,7 @@ use std::net::{TcpListener, TcpStream}; use std::sync::Arc; use std::{str, thread}; +use openssl::ssl::{SslAcceptor, SslFiletype, SslMethod}; use rustls::crypto::{aws_lc_rs as provider, CryptoProvider}; use rustls::version::{TLS12, TLS13}; use rustls::{ClientConfig, RootCertStore, ServerConfig, SupportedProtocolVersion}; @@ -13,8 +14,6 @@ use rustls_pki_types::{CertificateDer, PrivateKeyDer}; use crate::ffdhe::{self, FfdheKxGroup}; use crate::utils::verify_openssl3_available; -use openssl::ssl::{SslAcceptor, SslFiletype, SslMethod}; - #[test] fn rustls_server_with_ffdhe_kx_tls13() { test_rustls_server_with_ffdhe_kx(&TLS13, 1) diff --git a/rustls/benches/benchmarks.rs b/rustls/benches/benchmarks.rs index 27b59593..82582e6d 100644 --- a/rustls/benches/benchmarks.rs +++ b/rustls/benches/benchmarks.rs @@ -1,18 +1,16 @@ #![cfg(feature = "ring")] use bencher::{benchmark_group, benchmark_main, Bencher}; - use rustls::crypto::ring as provider; #[path = "../tests/common/mod.rs"] mod test_utils; -use test_utils::*; - -use rustls::ServerConnection; - use std::io; use std::sync::Arc; +use rustls::ServerConnection; +use test_utils::*; + fn bench_ewouldblock(c: &mut Bencher) { let server_config = make_server_config(KeyType::Rsa); let mut server = ServerConnection::new(Arc::new(server_config)).unwrap(); diff --git a/rustls/examples/internal/bench_impl.rs b/rustls/examples/internal/bench_impl.rs index 160db031..13c9eb5c 100644 --- a/rustls/examples/internal/bench_impl.rs +++ b/rustls/examples/internal/bench_impl.rs @@ -3,16 +3,13 @@ // Note: we don't use any of the standard 'cargo bench', 'test::Bencher', // etc. because it's unstable at the time of writing. -use std::env; -use std::fs; use std::io::{self, Read, Write}; -use std::ops::Deref; -use std::ops::DerefMut; +use std::ops::{Deref, DerefMut}; use std::sync::Arc; use std::time::{Duration, Instant}; +use std::{env, fs}; use pki_types::{CertificateDer, PrivateKeyDer}; - use rustls::client::Resumption; #[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))] use rustls::crypto::aws_lc_rs as provider; @@ -24,10 +21,10 @@ use rustls::crypto::ring as provider; use rustls::crypto::ring::{cipher_suite, Ticketer}; use rustls::crypto::CryptoProvider; use rustls::server::{NoServerSessionStorage, ServerSessionMemoryCache, WebPkiClientVerifier}; -use rustls::RootCertStore; -use rustls::{ClientConfig, ClientConnection}; -use rustls::{ConnectionCommon, SideData}; -use rustls::{ServerConfig, ServerConnection}; +use rustls::{ + ClientConfig, ClientConnection, ConnectionCommon, RootCertStore, ServerConfig, + ServerConnection, SideData, +}; pub fn main() { let mut args = std::env::args(); diff --git a/rustls/examples/internal/bogo_shim_impl.rs b/rustls/examples/internal/bogo_shim_impl.rs index 2dfa2dfd..9edf1c53 100644 --- a/rustls/examples/internal/bogo_shim_impl.rs +++ b/rustls/examples/internal/bogo_shim_impl.rs @@ -4,8 +4,19 @@ // https://boringssl.googlesource.com/boringssl/+/master/ssl/test // +use std::fmt::{Debug, Formatter}; +use std::io::{self, BufReader, Read, Write}; +use std::sync::Arc; +use std::{env, fs, net, process, thread, time}; + +use base64::prelude::{Engine, BASE64_STANDARD}; +use pki_types::{CertificateDer, PrivateKeyDer, ServerName, UnixTime}; use rustls::client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier}; use rustls::client::{ClientConfig, ClientConnection, Resumption, WebPkiServerVerifier}; +#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))] +use rustls::crypto::aws_lc_rs as provider; +#[cfg(feature = "ring")] +use rustls::crypto::ring as provider; use rustls::crypto::{CryptoProvider, SupportedKxGroup}; use rustls::internal::msgs::codec::Codec; use rustls::internal::msgs::persist::ServerSessionValue; @@ -18,20 +29,6 @@ use rustls::{ SupportedProtocolVersion, }; -#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))] -use rustls::crypto::aws_lc_rs as provider; -#[cfg(feature = "ring")] -use rustls::crypto::ring as provider; - -use base64::prelude::{Engine, BASE64_STANDARD}; -use pki_types::{CertificateDer, PrivateKeyDer, ServerName, UnixTime}; - -use std::fmt::{Debug, Formatter}; -use std::io::{self, BufReader, Read, Write}; -use std::sync::Arc; -use std::time; -use std::{env, fs, net, process, thread}; - static BOGO_NACK: i32 = 89; macro_rules! println_err( diff --git a/rustls/src/bs_debug.rs b/rustls/src/bs_debug.rs index 18915280..858e8bdc 100644 --- a/rustls/src/bs_debug.rs +++ b/rustls/src/bs_debug.rs @@ -41,10 +41,11 @@ impl<'a> fmt::Debug for BsDebug<'a> { #[cfg(test)] mod tests { - use super::BsDebug; use std::format; use std::prelude::v1::*; + use super::BsDebug; + #[test] fn debug() { let vec: Vec<_> = (0..0x100).map(|b| b as u8).collect(); diff --git a/rustls/src/builder.rs b/rustls/src/builder.rs index 4ccd82b8..8a114003 100644 --- a/rustls/src/builder.rs +++ b/rustls/src/builder.rs @@ -1,14 +1,14 @@ -use crate::error::Error; -use crate::time_provider::TimeProvider; -use crate::versions; -use crate::{crypto::CryptoProvider, msgs::handshake::ALL_KEY_EXCHANGE_ALGORITHMS}; - use alloc::format; use alloc::sync::Arc; use alloc::vec::Vec; use core::fmt; use core::marker::PhantomData; +use crate::crypto::CryptoProvider; +use crate::error::Error; +use crate::msgs::handshake::ALL_KEY_EXCHANGE_ALGORITHMS; +use crate::time_provider::TimeProvider; +use crate::versions; #[cfg(doc)] use crate::{ClientConfig, ServerConfig}; diff --git a/rustls/src/client/builder.rs b/rustls/src/client/builder.rs index ac2df168..eaa265b5 100644 --- a/rustls/src/client/builder.rs +++ b/rustls/src/client/builder.rs @@ -1,6 +1,12 @@ +use alloc::sync::Arc; +use alloc::vec::Vec; +use core::marker::PhantomData; + +use pki_types::{CertificateDer, PrivateKeyDer}; + +use super::client_conn::Resumption; use crate::builder::{ConfigBuilder, WantsVerifier}; -use crate::client::handy; -use crate::client::{ClientConfig, ResolvesClientCert}; +use crate::client::{handy, ClientConfig, ResolvesClientCert}; use crate::crypto::CryptoProvider; use crate::error::Error; use crate::key_log::NoKeyLog; @@ -9,14 +15,6 @@ use crate::time_provider::TimeProvider; use crate::webpki::{self, WebPkiServerVerifier}; use crate::{verify, versions}; -use super::client_conn::Resumption; - -use pki_types::{CertificateDer, PrivateKeyDer}; - -use alloc::sync::Arc; -use alloc::vec::Vec; -use core::marker::PhantomData; - impl ConfigBuilder { /// Choose how to verify server certificates. /// diff --git a/rustls/src/client/client_conn.rs b/rustls/src/client/client_conn.rs index 7addc82e..ddcb58ba 100644 --- a/rustls/src/client/client_conn.rs +++ b/rustls/src/client/client_conn.rs @@ -1,3 +1,13 @@ +use alloc::sync::Arc; +use alloc::vec::Vec; +use core::marker::PhantomData; +use core::ops::{Deref, DerefMut}; +use core::{fmt, mem}; + +use pki_types::{ServerName, UnixTime}; + +use super::handy::NoClientSessionStorage; +use super::hs; use crate::builder::ConfigBuilder; use crate::common_state::{CommonState, Protocol, Side}; use crate::conn::{ConnectionCore, UnbufferedConnectionCommon}; @@ -9,32 +19,16 @@ use crate::log::trace; use crate::msgs::enums::NamedGroup; use crate::msgs::handshake::ClientExtension; use crate::msgs::persist; -use crate::sign; use crate::suites::SupportedCipherSuite; #[cfg(feature = "std")] use crate::time_provider::DefaultTimeProvider; use crate::time_provider::TimeProvider; use crate::unbuffered::{EncryptError, TransmitTlsData}; -use crate::versions; -use crate::KeyLog; #[cfg(feature = "std")] use crate::WantsVerifier; -use crate::{verify, WantsVersions}; - -use super::handy::NoClientSessionStorage; -use super::hs; - -use pki_types::{ServerName, UnixTime}; - -use alloc::sync::Arc; -use alloc::vec::Vec; -use core::fmt; -use core::marker::PhantomData; -use core::mem; -use core::ops::{Deref, DerefMut}; - #[cfg(doc)] use crate::{crypto, DistinguishedName}; +use crate::{sign, verify, versions, KeyLog, WantsVersions}; /// A trait for the ability to store client session data, so that sessions /// can be resumed in future connections. @@ -584,22 +578,20 @@ impl EarlyData { #[cfg(feature = "std")] mod connection { - use crate::common_state::Protocol; - use crate::conn::ConnectionCommon; - use crate::conn::ConnectionCore; - use crate::error::Error; - use crate::suites::ExtractedSecrets; - use crate::ClientConfig; - - use pki_types::ServerName; - use alloc::sync::Arc; use alloc::vec::Vec; use core::fmt; use core::ops::{Deref, DerefMut}; use std::io; + use pki_types::ServerName; + use super::ClientConnectionData; + use crate::common_state::Protocol; + use crate::conn::{ConnectionCommon, ConnectionCore}; + use crate::error::Error; + use crate::suites::ExtractedSecrets; + use crate::ClientConfig; /// Stub that implements io::Write and dispatches to `write_early_data`. pub struct WriteEarlyData<'a> { diff --git a/rustls/src/client/common.rs b/rustls/src/client/common.rs index 52daa411..86a6ce5c 100644 --- a/rustls/src/client/common.rs +++ b/rustls/src/client/common.rs @@ -1,15 +1,14 @@ +use alloc::boxed::Box; +use alloc::sync::Arc; +use alloc::vec::Vec; + use super::ResolvesClientCert; #[cfg(feature = "logging")] use crate::log::{debug, trace}; use crate::msgs::enums::ExtensionType; -use crate::msgs::handshake::ServerExtension; -use crate::msgs::handshake::{CertificateChain, DistinguishedName}; +use crate::msgs::handshake::{CertificateChain, DistinguishedName, ServerExtension}; use crate::{sign, SignatureScheme}; -use alloc::boxed::Box; -use alloc::sync::Arc; -use alloc::vec::Vec; - #[derive(Debug)] pub(super) struct ServerCertDetails<'a> { pub(super) cert_chain: CertificateChain<'a>, diff --git a/rustls/src/client/handy.rs b/rustls/src/client/handy.rs index af2dc2e2..8ce7745a 100644 --- a/rustls/src/client/handy.rs +++ b/rustls/src/client/handy.rs @@ -1,14 +1,12 @@ -use crate::client; +use alloc::sync::Arc; + +use pki_types::ServerName; + use crate::enums::SignatureScheme; use crate::error::Error; use crate::msgs::handshake::CertificateChain; use crate::msgs::persist; -use crate::sign; -use crate::NamedGroup; - -use pki_types::ServerName; - -use alloc::sync::Arc; +use crate::{client, sign, NamedGroup}; /// An implementer of `ClientSessionStore` which does nothing. #[derive(Debug)] @@ -42,12 +40,11 @@ mod cache { use core::fmt; use std::sync::Mutex; - use crate::limited_cache; - use crate::msgs::persist; - use crate::NamedGroup; - use pki_types::ServerName; + use crate::msgs::persist; + use crate::{limited_cache, NamedGroup}; + const MAX_TLS13_TICKETS_PER_SERVER: usize = 8; struct ServerData { diff --git a/rustls/src/client/hs.rs b/rustls/src/client/hs.rs index ed6e8525..b1accd5d 100644 --- a/rustls/src/client/hs.rs +++ b/rustls/src/client/hs.rs @@ -1,6 +1,21 @@ +use alloc::borrow::ToOwned; +use alloc::boxed::Box; +use alloc::sync::Arc; +use alloc::vec; +use alloc::vec::Vec; +use core::ops::Deref; + +use pki_types::ServerName; + +#[cfg(feature = "tls12")] +use super::tls12; +use super::Tls12Resumption; #[cfg(feature = "logging")] use crate::bs_debug; use crate::check::inappropriate_handshake_message; +use crate::client::client_conn::ClientConnectionData; +use crate::client::common::ClientHelloDetails; +use crate::client::{tls13, ClientConfig}; use crate::common_state::{CommonState, State}; use crate::conn::ConnectionRandoms; use crate::crypto::{ActiveKeyExchange, KeyExchangeAlgorithm}; @@ -10,35 +25,17 @@ use crate::hash_hs::HandshakeHashBuffer; #[cfg(feature = "logging")] use crate::log::{debug, trace}; use crate::msgs::base::Payload; -use crate::msgs::enums::{Compression, ExtensionType}; -use crate::msgs::enums::{ECPointFormat, PSKKeyExchangeMode}; -use crate::msgs::handshake::ConvertProtocolNameList; -use crate::msgs::handshake::{CertificateStatusRequest, ClientSessionTicket}; -use crate::msgs::handshake::{ClientExtension, HasServerExtensions}; -use crate::msgs::handshake::{ClientHelloPayload, HandshakeMessagePayload, HandshakePayload}; -use crate::msgs::handshake::{HelloRetryRequest, KeyShareEntry}; -use crate::msgs::handshake::{Random, SessionId}; +use crate::msgs::enums::{Compression, ECPointFormat, ExtensionType, PSKKeyExchangeMode}; +use crate::msgs::handshake::{ + CertificateStatusRequest, ClientExtension, ClientHelloPayload, ClientSessionTicket, + ConvertProtocolNameList, HandshakeMessagePayload, HandshakePayload, HasServerExtensions, + HelloRetryRequest, KeyShareEntry, Random, SessionId, +}; use crate::msgs::message::{Message, MessagePayload}; use crate::msgs::persist; use crate::tls13::key_schedule::KeyScheduleEarly; use crate::SupportedCipherSuite; -#[cfg(feature = "tls12")] -use super::tls12; -use super::Tls12Resumption; -use crate::client::client_conn::ClientConnectionData; -use crate::client::common::ClientHelloDetails; -use crate::client::{tls13, ClientConfig}; - -use pki_types::ServerName; - -use alloc::borrow::ToOwned; -use alloc::boxed::Box; -use alloc::sync::Arc; -use alloc::vec; -use alloc::vec::Vec; -use core::ops::Deref; - pub(super) type NextState<'a> = Box + 'a>; pub(super) type NextStateOrError<'a> = Result, Error>; pub(super) type ClientContext<'a> = crate::common_state::Context<'a, ClientConnectionData>; diff --git a/rustls/src/client/tls12.rs b/rustls/src/client/tls12.rs index 65ffbb42..46e9e50f 100644 --- a/rustls/src/client/tls12.rs +++ b/rustls/src/client/tls12.rs @@ -1,9 +1,22 @@ +use alloc::borrow::ToOwned; +use alloc::boxed::Box; +use alloc::sync::Arc; +use alloc::vec; +use alloc::vec::Vec; + +use pki_types::ServerName; +pub(super) use server_hello::CompleteServerHelloHandling; +use subtle::ConstantTimeEq; + +use super::client_conn::ClientConnectionData; +use super::hs::ClientContext; use crate::check::{inappropriate_handshake_message, inappropriate_message}; +use crate::client::common::{ClientAuthDetails, ServerCertDetails}; +use crate::client::{hs, ClientConfig}; use crate::common_state::{CommonState, Side, State}; use crate::conn::ConnectionRandoms; use crate::crypto::KeyExchangeAlgorithm; -use crate::enums::ProtocolVersion; -use crate::enums::{AlertDescription, ContentType, HandshakeType}; +use crate::enums::{AlertDescription, ContentType, HandshakeType, ProtocolVersion}; use crate::error::{Error, InvalidMessage, PeerIncompatible, PeerMisbehaved}; use crate::hash_hs::HandshakeHash; #[cfg(feature = "logging")] @@ -22,29 +35,10 @@ use crate::suites::{PartiallyExtractedSecrets, SupportedCipherSuite}; use crate::tls12::{self, ConnectionSecrets, Tls12CipherSuite}; use crate::verify::{self, DigitallySignedStruct}; -use super::client_conn::ClientConnectionData; -use super::hs::ClientContext; -use crate::client::common::ClientAuthDetails; -use crate::client::common::ServerCertDetails; -use crate::client::{hs, ClientConfig}; - -use pki_types::ServerName; -use subtle::ConstantTimeEq; - -use alloc::borrow::ToOwned; -use alloc::boxed::Box; -use alloc::sync::Arc; -use alloc::vec; -use alloc::vec::Vec; - -pub(super) use server_hello::CompleteServerHelloHandling; - mod server_hello { - use crate::msgs::enums::ExtensionType; - use crate::msgs::handshake::HasServerExtensions; - use crate::msgs::handshake::ServerHelloPayload; - use super::*; + use crate::msgs::enums::ExtensionType; + use crate::msgs::handshake::{HasServerExtensions, ServerHelloPayload}; pub(in crate::client) struct CompleteServerHelloHandling { pub(in crate::client) config: Arc, diff --git a/rustls/src/client/tls13.rs b/rustls/src/client/tls13.rs index d9ddd65c..698e8dd7 100644 --- a/rustls/src/client/tls13.rs +++ b/rustls/src/client/tls13.rs @@ -1,8 +1,18 @@ +use alloc::boxed::Box; +use alloc::sync::Arc; +use alloc::vec; +use alloc::vec::Vec; + +use pki_types::ServerName; +use subtle::ConstantTimeEq; + +use super::client_conn::ClientConnectionData; +use super::hs::ClientContext; use crate::check::inappropriate_handshake_message; -use crate::common_state::Protocol; -use crate::common_state::{CommonState, Side, State}; +use crate::client::common::{ClientAuthDetails, ClientHelloDetails, ServerCertDetails}; +use crate::client::{hs, ClientConfig, ClientSessionStore}; +use crate::common_state::{CommonState, Protocol, Side, State}; use crate::conn::ConnectionRandoms; -use crate::crypto; use crate::crypto::ActiveKeyExchange; use crate::enums::{ AlertDescription, ContentType, HandshakeType, ProtocolVersion, SignatureScheme, @@ -13,40 +23,24 @@ use crate::hash_hs::{HandshakeHash, HandshakeHashBuffer}; use crate::log::{debug, trace, warn}; use crate::msgs::base::{Payload, PayloadU8}; use crate::msgs::ccs::ChangeCipherSpecPayload; -use crate::msgs::enums::ExtensionType; -use crate::msgs::enums::KeyUpdateRequest; -use crate::msgs::handshake::NewSessionTicketPayloadTls13; -use crate::msgs::handshake::{CertificateEntry, CertificatePayloadTls13}; -use crate::msgs::handshake::{ClientExtension, ServerExtension}; -use crate::msgs::handshake::{HandshakeMessagePayload, HandshakePayload}; -use crate::msgs::handshake::{HasServerExtensions, ServerHelloPayload}; -use crate::msgs::handshake::{PresharedKeyIdentity, PresharedKeyOffer}; +use crate::msgs::enums::{ExtensionType, KeyUpdateRequest}; +use crate::msgs::handshake::{ + CertificateEntry, CertificatePayloadTls13, ClientExtension, HandshakeMessagePayload, + HandshakePayload, HasServerExtensions, NewSessionTicketPayloadTls13, PresharedKeyIdentity, + PresharedKeyOffer, ServerExtension, ServerHelloPayload, +}; use crate::msgs::message::{Message, MessagePayload}; use crate::msgs::persist; use crate::sign::{CertifiedKey, Signer}; use crate::suites::PartiallyExtractedSecrets; -use crate::tls13::construct_client_verify_message; -use crate::tls13::construct_server_verify_message; use crate::tls13::key_schedule::{ KeyScheduleEarly, KeyScheduleHandshake, KeySchedulePreHandshake, KeyScheduleTraffic, }; -use crate::tls13::Tls13CipherSuite; +use crate::tls13::{ + construct_client_verify_message, construct_server_verify_message, Tls13CipherSuite, +}; use crate::verify::{self, DigitallySignedStruct}; -use crate::KeyLog; - -use super::client_conn::ClientConnectionData; -use super::hs::ClientContext; -use crate::client::common::ServerCertDetails; -use crate::client::common::{ClientAuthDetails, ClientHelloDetails}; -use crate::client::{hs, ClientConfig, ClientSessionStore}; - -use pki_types::ServerName; -use subtle::ConstantTimeEq; - -use alloc::boxed::Box; -use alloc::sync::Arc; -use alloc::vec; -use alloc::vec::Vec; +use crate::{crypto, KeyLog}; // Extensions we expect in plaintext in the ServerHello. static ALLOWED_PLAINTEXT_EXTS: &[ExtensionType] = &[ diff --git a/rustls/src/common_state.rs b/rustls/src/common_state.rs index b3815379..5ef47763 100644 --- a/rustls/src/common_state.rs +++ b/rustls/src/common_state.rs @@ -1,3 +1,8 @@ +use alloc::boxed::Box; +use alloc::vec::Vec; + +use pki_types::CertificateDer; + use crate::enums::{AlertDescription, ContentType, HandshakeType, ProtocolVersion}; use crate::error::{Error, InvalidMessage, PeerMisbehaved}; #[cfg(feature = "logging")] @@ -11,19 +16,12 @@ use crate::msgs::message::{ Message, MessagePayload, OutboundChunks, OutboundOpaqueMessage, OutboundPlainMessage, PlainMessage, }; -use crate::quic; -use crate::record_layer; -use crate::suites::PartiallyExtractedSecrets; -use crate::suites::SupportedCipherSuite; +use crate::suites::{PartiallyExtractedSecrets, SupportedCipherSuite}; #[cfg(feature = "tls12")] use crate::tls12::ConnectionSecrets; use crate::unbuffered::{EncryptError, InsufficientSizeError}; use crate::vecbuf::ChunkVecBuffer; - -use alloc::boxed::Box; -use alloc::vec::Vec; - -use pki_types::CertificateDer; +use crate::{quic, record_layer}; /// Connection state common to both client and server connections. pub struct CommonState { diff --git a/rustls/src/conn.rs b/rustls/src/conn.rs index 42d15894..6968cae7 100644 --- a/rustls/src/conn.rs +++ b/rustls/src/conn.rs @@ -1,3 +1,10 @@ +use alloc::boxed::Box; +use core::fmt::Debug; +use core::mem; +use core::ops::{Deref, DerefMut}; +#[cfg(feature = "std")] +use std::io; + use crate::common_state::{CommonState, Context, IoState, State, DEFAULT_BUFFER_LIMIT}; use crate::enums::{AlertDescription, ContentType}; use crate::error::{Error, PeerMisbehaved}; @@ -9,17 +16,15 @@ use crate::msgs::message::{InboundPlainMessage, Message, MessagePayload}; use crate::suites::{ExtractedSecrets, PartiallyExtractedSecrets}; use crate::vecbuf::ChunkVecBuffer; -use alloc::boxed::Box; -use core::fmt::Debug; -use core::mem; -use core::ops::{Deref, DerefMut}; -#[cfg(feature = "std")] -use std::io; - pub(crate) mod unbuffered; #[cfg(feature = "std")] mod connection { + use alloc::vec::Vec; + use core::fmt::Debug; + use core::ops::{Deref, DerefMut}; + use std::io; + use crate::common_state::{CommonState, IoState}; use crate::error::Error; use crate::msgs::message::OutboundChunks; @@ -27,11 +32,6 @@ mod connection { use crate::vecbuf::ChunkVecBuffer; use crate::ConnectionCommon; - use alloc::vec::Vec; - use core::fmt::Debug; - use core::ops::{Deref, DerefMut}; - use std::io; - /// A client or server connection. #[derive(Debug)] pub enum Connection { diff --git a/rustls/src/crypto/aws_lc_rs/mod.rs b/rustls/src/crypto/aws_lc_rs/mod.rs index 10632b9a..d8f90e53 100644 --- a/rustls/src/crypto/aws_lc_rs/mod.rs +++ b/rustls/src/crypto/aws_lc_rs/mod.rs @@ -1,14 +1,3 @@ -use crate::crypto::{CryptoProvider, KeyProvider, SecureRandom}; -use crate::enums::SignatureScheme; -use crate::rand::GetRandomFailed; -use crate::sign::SigningKey; -use crate::suites::SupportedCipherSuite; -use crate::webpki::WebPkiSupportedAlgorithms; -use crate::Error; - -use pki_types::PrivateKeyDer; -use webpki::aws_lc_rs as webpki_algs; - use alloc::sync::Arc; use alloc::vec::Vec; @@ -17,6 +6,16 @@ use alloc::vec::Vec; // ring-compatible crate, and `super::ring_shim` to bridge the gaps where they are // small. pub(crate) use aws_lc_rs as ring_like; +use pki_types::PrivateKeyDer; +use webpki::aws_lc_rs as webpki_algs; + +use crate::crypto::{CryptoProvider, KeyProvider, SecureRandom}; +use crate::enums::SignatureScheme; +use crate::rand::GetRandomFailed; +use crate::sign::SigningKey; +use crate::suites::SupportedCipherSuite; +use crate::webpki::WebPkiSupportedAlgorithms; +use crate::Error; /// Using software keys for authentication. pub mod sign; @@ -219,9 +218,7 @@ static SUPPORTED_SIG_ALGS: WebPkiSupportedAlgorithms = WebPkiSupportedAlgorithms /// /// [`ALL_KX_GROUPS`] is provided as an array of all of these values. pub mod kx_group { - pub use super::kx::SECP256R1; - pub use super::kx::SECP384R1; - pub use super::kx::X25519; + pub use super::kx::{SECP256R1, SECP384R1, X25519}; } pub use kx::ALL_KX_GROUPS; diff --git a/rustls/src/crypto/aws_lc_rs/sign.rs b/rustls/src/crypto/aws_lc_rs/sign.rs index 79397ef9..859afa35 100644 --- a/rustls/src/crypto/aws_lc_rs/sign.rs +++ b/rustls/src/crypto/aws_lc_rs/sign.rs @@ -1,20 +1,19 @@ #![allow(clippy::duplicate_mod)] -use crate::enums::{SignatureAlgorithm, SignatureScheme}; -use crate::error::Error; -use crate::sign::{Signer, SigningKey}; +use alloc::boxed::Box; +use alloc::string::ToString; +use alloc::sync::Arc; +use alloc::vec::Vec; +use alloc::{format, vec}; +use core::fmt::{self, Debug, Formatter}; + +use pki_types::{PrivateKeyDer, PrivatePkcs8KeyDer}; use super::ring_like::rand::SystemRandom; use super::ring_like::signature::{self, EcdsaKeyPair, Ed25519KeyPair, RsaKeyPair}; -use pki_types::{PrivateKeyDer, PrivatePkcs8KeyDer}; - -use alloc::boxed::Box; -use alloc::format; -use alloc::string::ToString; -use alloc::sync::Arc; -use alloc::vec; -use alloc::vec::Vec; -use core::fmt::{self, Debug, Formatter}; +use crate::enums::{SignatureAlgorithm, SignatureScheme}; +use crate::error::Error; +use crate::sign::{Signer, SigningKey}; /// Parse `der` as any supported key encoding/type, returning /// the first which works. @@ -370,10 +369,12 @@ impl Debug for Ed25519Signer { #[cfg(test)] mod tests { - use super::*; use alloc::format; + use pki_types::{PrivatePkcs1KeyDer, PrivateSec1KeyDer}; + use super::*; + #[test] fn can_load_ecdsa_nistp256_pkcs8() { let key = diff --git a/rustls/src/crypto/aws_lc_rs/tls12.rs b/rustls/src/crypto/aws_lc_rs/tls12.rs index 39aae7c7..af513794 100644 --- a/rustls/src/crypto/aws_lc_rs/tls12.rs +++ b/rustls/src/crypto/aws_lc_rs/tls12.rs @@ -1,3 +1,7 @@ +use alloc::boxed::Box; + +use aws_lc_rs::{aead, tls_prf}; + use crate::crypto::cipher::{ make_tls12_aad, AeadKey, InboundOpaqueMessage, Iv, KeyBlockShape, MessageDecrypter, MessageEncrypter, Nonce, Tls12AeadAlgorithm, UnsupportedOperationError, NONCE_LEN, @@ -14,10 +18,6 @@ use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipher use crate::tls12::Tls12CipherSuite; use crate::version::TLS12; -use alloc::boxed::Box; - -use aws_lc_rs::{aead, tls_prf}; - /// The TLS1.2 ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256. pub static TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = SupportedCipherSuite::Tls12(&Tls12CipherSuite { diff --git a/rustls/src/crypto/aws_lc_rs/tls13.rs b/rustls/src/crypto/aws_lc_rs/tls13.rs index 711ba709..d18c5dcc 100644 --- a/rustls/src/crypto/aws_lc_rs/tls13.rs +++ b/rustls/src/crypto/aws_lc_rs/tls13.rs @@ -1,5 +1,8 @@ use alloc::boxed::Box; +use aws_lc_rs::hkdf::KeyType; +use aws_lc_rs::{aead, hkdf, hmac}; + use crate::crypto; use crate::crypto::cipher::{ make_tls13_aad, AeadKey, InboundOpaqueMessage, Iv, MessageDecrypter, MessageEncrypter, Nonce, @@ -14,9 +17,6 @@ use crate::msgs::message::{ use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipherSuite}; use crate::tls13::Tls13CipherSuite; -use aws_lc_rs::hkdf::KeyType; -use aws_lc_rs::{aead, hkdf, hmac}; - /// The TLS1.3 ciphersuite TLS_CHACHA20_POLY1305_SHA256 pub static TLS13_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = SupportedCipherSuite::Tls13(TLS13_CHACHA20_POLY1305_SHA256_INTERNAL); diff --git a/rustls/src/crypto/cipher.rs b/rustls/src/crypto/cipher.rs index ae1827b6..ec8eecd7 100644 --- a/rustls/src/crypto/cipher.rs +++ b/rustls/src/crypto/cipher.rs @@ -2,6 +2,8 @@ use alloc::boxed::Box; use alloc::string::ToString; use core::fmt; +use zeroize::Zeroize; + use crate::enums::{ContentType, ProtocolVersion}; use crate::error::Error; use crate::msgs::codec; @@ -11,8 +13,6 @@ pub use crate::msgs::message::{ }; use crate::suites::ConnectionTrafficSecrets; -use zeroize::Zeroize; - /// Factory trait for building `MessageEncrypter` and `MessageDecrypter` for a TLS1.3 cipher suite. pub trait Tls13AeadAlgorithm: Send + Sync { /// Build a `MessageEncrypter` for the given key/iv. diff --git a/rustls/src/crypto/hash.rs b/rustls/src/crypto/hash.rs index 6c07f7f4..214dad4e 100644 --- a/rustls/src/crypto/hash.rs +++ b/rustls/src/crypto/hash.rs @@ -1,7 +1,7 @@ -pub use crate::msgs::enums::HashAlgorithm; - use alloc::boxed::Box; +pub use crate::msgs::enums::HashAlgorithm; + /// Describes a single cryptographic hash function. /// /// This interface can do both one-shot and incremental hashing, using diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index f67420f1..a5e424c5 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -1,7 +1,3 @@ -use crate::sign::SigningKey; -use crate::{suites, ProtocolVersion, SupportedProtocolVersion}; -use crate::{Error, NamedGroup}; - use alloc::boxed::Box; use alloc::sync::Arc; use alloc::vec::Vec; @@ -11,10 +7,13 @@ use core::fmt::Debug; use once_cell::race::OnceBox; #[cfg(feature = "std")] use once_cell::sync::OnceCell; - use pki_types::PrivateKeyDer; use zeroize::Zeroize; +use crate::sign::SigningKey; +pub use crate::webpki::{ + verify_tls12_signature, verify_tls13_signature, WebPkiSupportedAlgorithms, +}; #[cfg(all(doc, feature = "tls12"))] use crate::Tls12CipherSuite; #[cfg(doc)] @@ -22,10 +21,7 @@ use crate::{ client, crypto, server, sign, ClientConfig, ConfigBuilder, ServerConfig, SupportedCipherSuite, Tls13CipherSuite, }; - -pub use crate::webpki::{ - verify_tls12_signature, verify_tls13_signature, WebPkiSupportedAlgorithms, -}; +use crate::{suites, Error, NamedGroup, ProtocolVersion, SupportedProtocolVersion}; /// *ring* based CryptoProvider. #[cfg(feature = "ring")] @@ -59,11 +55,9 @@ pub mod hpke; // avoid having two import paths to the same types. pub(crate) mod signer; -pub use crate::rand::GetRandomFailed; - -pub use crate::suites::CipherSuiteCommon; - pub use crate::msgs::handshake::KeyExchangeAlgorithm; +pub use crate::rand::GetRandomFailed; +pub use crate::suites::CipherSuiteCommon; /// Controls core cryptography used by rustls. /// @@ -552,9 +546,10 @@ pub fn default_fips_provider() -> CryptoProvider { #[cfg(test)] mod tests { - use super::SharedSecret; use std::vec; + use super::SharedSecret; + #[test] fn test_shared_secret_strip_leading_zeros() { let test_cases = [ diff --git a/rustls/src/crypto/ring/hash.rs b/rustls/src/crypto/ring/hash.rs index 41f40981..220dc536 100644 --- a/rustls/src/crypto/ring/hash.rs +++ b/rustls/src/crypto/ring/hash.rs @@ -1,11 +1,11 @@ #![allow(clippy::duplicate_mod)] +use alloc::boxed::Box; + use super::ring_like::digest; use crate::crypto; use crate::msgs::enums::HashAlgorithm; -use alloc::boxed::Box; - pub(crate) static SHA256: Hash = Hash(&digest::SHA256, HashAlgorithm::SHA256); pub(crate) static SHA384: Hash = Hash(&digest::SHA384, HashAlgorithm::SHA384); diff --git a/rustls/src/crypto/ring/hmac.rs b/rustls/src/crypto/ring/hmac.rs index 8e93d2f8..9bc814de 100644 --- a/rustls/src/crypto/ring/hmac.rs +++ b/rustls/src/crypto/ring/hmac.rs @@ -1,10 +1,10 @@ #![allow(clippy::duplicate_mod)] +use alloc::boxed::Box; + use super::ring_like; use crate::crypto; -use alloc::boxed::Box; - #[cfg(feature = "tls12")] pub(crate) static HMAC_SHA256: Hmac = Hmac(&ring_like::hmac::HMAC_SHA256); #[cfg(feature = "tls12")] diff --git a/rustls/src/crypto/ring/kx.rs b/rustls/src/crypto/ring/kx.rs index 3466cd9c..db8734d9 100644 --- a/rustls/src/crypto/ring/kx.rs +++ b/rustls/src/crypto/ring/kx.rs @@ -1,16 +1,15 @@ #![allow(clippy::duplicate_mod)] +use alloc::boxed::Box; +use core::fmt; + +use super::ring_like::agreement; +use super::ring_like::rand::SystemRandom; use crate::crypto::{ActiveKeyExchange, SharedSecret, SupportedKxGroup}; use crate::error::{Error, PeerMisbehaved}; use crate::msgs::enums::NamedGroup; use crate::rand::GetRandomFailed; -use super::ring_like::agreement; -use super::ring_like::rand::SystemRandom; - -use alloc::boxed::Box; -use core::fmt; - /// A key-exchange group supported by *ring*. /// /// All possible instances of this class are provided by the library in diff --git a/rustls/src/crypto/ring/mod.rs b/rustls/src/crypto/ring/mod.rs index 81754173..ca197f42 100644 --- a/rustls/src/crypto/ring/mod.rs +++ b/rustls/src/crypto/ring/mod.rs @@ -1,3 +1,9 @@ +use alloc::sync::Arc; + +use pki_types::PrivateKeyDer; +pub(crate) use ring as ring_like; +use webpki::ring as webpki_algs; + use crate::crypto::{CryptoProvider, KeyProvider, SecureRandom}; use crate::enums::SignatureScheme; use crate::rand::GetRandomFailed; @@ -6,13 +12,6 @@ use crate::suites::SupportedCipherSuite; use crate::webpki::WebPkiSupportedAlgorithms; use crate::Error; -use pki_types::PrivateKeyDer; -use webpki::ring as webpki_algs; - -use alloc::sync::Arc; - -pub(crate) use ring as ring_like; - /// Using software keys for authentication. pub mod sign; @@ -167,9 +166,7 @@ static SUPPORTED_SIG_ALGS: WebPkiSupportedAlgorithms = WebPkiSupportedAlgorithms /// /// [`ALL_KX_GROUPS`] is provided as an array of all of these values. pub mod kx_group { - pub use super::kx::SECP256R1; - pub use super::kx::SECP384R1; - pub use super::kx::X25519; + pub use super::kx::{SECP256R1, SECP384R1, X25519}; } pub use kx::ALL_KX_GROUPS; diff --git a/rustls/src/crypto/ring/quic.rs b/rustls/src/crypto/ring/quic.rs index 2b216302..2ac9d014 100644 --- a/rustls/src/crypto/ring/quic.rs +++ b/rustls/src/crypto/ring/quic.rs @@ -1,12 +1,11 @@ #![allow(clippy::duplicate_mod)] -use crate::crypto::cipher::{AeadKey, Iv, Nonce}; -use crate::error::Error; -use crate::quic; - use alloc::boxed::Box; use super::ring_like::aead; +use crate::crypto::cipher::{AeadKey, Iv, Nonce}; +use crate::error::Error; +use crate::quic; pub(crate) struct HeaderProtectionKey(aead::quic::HeaderProtectionKey); diff --git a/rustls/src/crypto/ring/sign.rs b/rustls/src/crypto/ring/sign.rs index 2506dfe0..69248368 100644 --- a/rustls/src/crypto/ring/sign.rs +++ b/rustls/src/crypto/ring/sign.rs @@ -1,22 +1,21 @@ #![allow(clippy::duplicate_mod)] -use crate::enums::{SignatureAlgorithm, SignatureScheme}; -use crate::error::Error; -use crate::sign::{Signer, SigningKey}; -use crate::x509::{asn1_wrap, wrap_in_sequence}; +use alloc::boxed::Box; +use alloc::string::ToString; +use alloc::sync::Arc; +use alloc::vec::Vec; +use alloc::{format, vec}; +use core::fmt::{self, Debug, Formatter}; + +use pki_types::{PrivateKeyDer, PrivatePkcs8KeyDer}; use super::ring_like::io::der; use super::ring_like::rand::{SecureRandom, SystemRandom}; use super::ring_like::signature::{self, EcdsaKeyPair, Ed25519KeyPair, RsaKeyPair}; -use pki_types::{PrivateKeyDer, PrivatePkcs8KeyDer}; - -use alloc::boxed::Box; -use alloc::format; -use alloc::string::ToString; -use alloc::sync::Arc; -use alloc::vec; -use alloc::vec::Vec; -use core::fmt::{self, Debug, Formatter}; +use crate::enums::{SignatureAlgorithm, SignatureScheme}; +use crate::error::Error; +use crate::sign::{Signer, SigningKey}; +use crate::x509::{asn1_wrap, wrap_in_sequence}; /// Parse `der` as any supported key encoding/type, returning /// the first which works. @@ -408,10 +407,12 @@ impl Debug for Ed25519Signer { #[cfg(test)] mod tests { - use super::*; use alloc::format; + use pki_types::{PrivatePkcs1KeyDer, PrivateSec1KeyDer}; + use super::*; + #[test] fn can_load_ecdsa_nistp256_pkcs8() { let key = diff --git a/rustls/src/crypto/ring/ticketer.rs b/rustls/src/crypto/ring/ticketer.rs index 89d4cbc9..d13407cc 100644 --- a/rustls/src/crypto/ring/ticketer.rs +++ b/rustls/src/crypto/ring/ticketer.rs @@ -1,19 +1,18 @@ #![allow(clippy::duplicate_mod)] -use crate::error::Error; -use crate::rand::GetRandomFailed; -use crate::server::ProducesTickets; - -use super::ring_like::aead; -use super::ring_like::rand::{SecureRandom, SystemRandom}; -use super::TICKETER_AEAD; - use alloc::boxed::Box; use alloc::sync::Arc; use alloc::vec::Vec; use core::fmt; use core::fmt::{Debug, Formatter}; +use super::ring_like::aead; +use super::ring_like::rand::{SecureRandom, SystemRandom}; +use super::TICKETER_AEAD; +use crate::error::Error; +use crate::rand::GetRandomFailed; +use crate::server::ProducesTickets; + /// A concrete, safe ticket creation mechanism. pub struct Ticketer {} @@ -121,11 +120,12 @@ impl Debug for AeadTicketer { #[cfg(test)] mod tests { - use super::*; - use core::time::Duration; + use pki_types::UnixTime; + use super::*; + #[test] fn basic_pairwise_test() { let t = Ticketer::new().unwrap(); @@ -198,9 +198,10 @@ mod tests { #[test] fn aeadticketer_is_debug_and_producestickets() { - use super::*; use alloc::format; + use super::*; + let t = make_ticket_generator().unwrap(); let expect = format!("AeadTicketer {{ alg: {TICKETER_AEAD:?}, lifetime: 43200 }}"); diff --git a/rustls/src/crypto/ring/tls12.rs b/rustls/src/crypto/ring/tls12.rs index 88458df8..1630a827 100644 --- a/rustls/src/crypto/ring/tls12.rs +++ b/rustls/src/crypto/ring/tls12.rs @@ -1,3 +1,6 @@ +use alloc::boxed::Box; + +use super::ring_like::aead; use crate::crypto::cipher::{ make_tls12_aad, AeadKey, InboundOpaqueMessage, Iv, KeyBlockShape, MessageDecrypter, MessageEncrypter, Nonce, Tls12AeadAlgorithm, UnsupportedOperationError, NONCE_LEN, @@ -13,10 +16,6 @@ use crate::msgs::message::{ use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipherSuite}; use crate::tls12::Tls12CipherSuite; -use alloc::boxed::Box; - -use super::ring_like::aead; - /// The TLS1.2 ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256. pub static TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = SupportedCipherSuite::Tls12(&Tls12CipherSuite { diff --git a/rustls/src/crypto/ring/tls13.rs b/rustls/src/crypto/ring/tls13.rs index fadefb95..3c67b5c5 100644 --- a/rustls/src/crypto/ring/tls13.rs +++ b/rustls/src/crypto/ring/tls13.rs @@ -1,5 +1,7 @@ use alloc::boxed::Box; +use super::ring_like::hkdf::KeyType; +use super::ring_like::{aead, hkdf, hmac}; use crate::crypto; use crate::crypto::cipher::{ make_tls13_aad, AeadKey, InboundOpaqueMessage, Iv, MessageDecrypter, MessageEncrypter, Nonce, @@ -14,9 +16,6 @@ use crate::msgs::message::{ use crate::suites::{CipherSuiteCommon, ConnectionTrafficSecrets, SupportedCipherSuite}; use crate::tls13::Tls13CipherSuite; -use super::ring_like::hkdf::KeyType; -use super::ring_like::{aead, hkdf, hmac}; - /// The TLS1.3 ciphersuite TLS_CHACHA20_POLY1305_SHA256 pub static TLS13_CHACHA20_POLY1305_SHA256: SupportedCipherSuite = SupportedCipherSuite::Tls13(TLS13_CHACHA20_POLY1305_SHA256_INTERNAL); diff --git a/rustls/src/crypto/signer.rs b/rustls/src/crypto/signer.rs index 560aea09..b6f65747 100644 --- a/rustls/src/crypto/signer.rs +++ b/rustls/src/crypto/signer.rs @@ -1,13 +1,13 @@ -use crate::enums::{SignatureAlgorithm, SignatureScheme}; -use crate::error::Error; - -use pki_types::CertificateDer; - use alloc::boxed::Box; use alloc::sync::Arc; use alloc::vec::Vec; use core::fmt::Debug; +use pki_types::CertificateDer; + +use crate::enums::{SignatureAlgorithm, SignatureScheme}; +use crate::error::Error; + /// An abstract signing key. /// /// This interface is used by rustls to use a private signing key diff --git a/rustls/src/crypto/tls12.rs b/rustls/src/crypto/tls12.rs index ac853c0d..4943a606 100644 --- a/rustls/src/crypto/tls12.rs +++ b/rustls/src/crypto/tls12.rs @@ -1,10 +1,9 @@ -use super::hmac; -use super::ActiveKeyExchange; +use alloc::boxed::Box; + +use super::{hmac, ActiveKeyExchange}; use crate::error::Error; use crate::version::TLS12; -use alloc::boxed::Box; - /// Implements [`Prf`] using a [`hmac::Hmac`]. pub struct PrfUsingHmac<'a>(pub &'a dyn hmac::Hmac); diff --git a/rustls/src/crypto/tls13.rs b/rustls/src/crypto/tls13.rs index a0ec5f32..e6fd4230 100644 --- a/rustls/src/crypto/tls13.rs +++ b/rustls/src/crypto/tls13.rs @@ -1,11 +1,11 @@ -use super::hmac; -use super::ActiveKeyExchange; +use alloc::boxed::Box; + +use zeroize::Zeroize; + +use super::{hmac, ActiveKeyExchange}; use crate::error::Error; use crate::version::TLS13; -use alloc::boxed::Box; -use zeroize::Zeroize; - /// Implementation of `HkdfExpander` via `hmac::Key`. pub struct HkdfExpanderUsingHmac(Box); @@ -247,11 +247,12 @@ pub struct OutputLengthError; #[cfg(all(test, feature = "ring"))] mod tests { + use std::prelude::v1::*; + use super::{expand, Hkdf, HkdfUsingHmac}; // nb: crypto::aws_lc_rs provider doesn't provide (or need) hmac, // so cannot be used for this test. use crate::crypto::ring::hmac; - use std::prelude::v1::*; struct ByteArray([u8; N]); diff --git a/rustls/src/error.rs b/rustls/src/error.rs index a0b298cd..7b85d79e 100644 --- a/rustls/src/error.rs +++ b/rustls/src/error.rs @@ -1,7 +1,3 @@ -use crate::enums::{AlertDescription, ContentType, HandshakeType}; -use crate::msgs::handshake::KeyExchangeAlgorithm; -use crate::rand; - use alloc::format; use alloc::string::String; use alloc::vec::Vec; @@ -9,6 +5,10 @@ use core::fmt; #[cfg(feature = "std")] use std::time::SystemTimeError; +use crate::enums::{AlertDescription, ContentType, HandshakeType}; +use crate::msgs::handshake::KeyExchangeAlgorithm; +use crate::rand; + /// rustls reports protocol errors using this type. #[non_exhaustive] #[derive(Debug, PartialEq, Clone)] @@ -600,12 +600,12 @@ pub use other_error::OtherError; #[cfg(test)] mod tests { - use super::{Error, InvalidMessage}; - use crate::error::CertRevocationListError; - use crate::error::OtherError; use std::prelude::v1::*; use std::{println, vec}; + use super::{Error, InvalidMessage}; + use crate::error::{CertRevocationListError, OtherError}; + #[test] fn certificate_error_equality() { use super::CertificateError::*; diff --git a/rustls/src/hash_hs.rs b/rustls/src/hash_hs.rs index 71b6cbf8..7b11eb24 100644 --- a/rustls/src/hash_hs.rs +++ b/rustls/src/hash_hs.rs @@ -1,13 +1,13 @@ +use alloc::boxed::Box; +use alloc::vec::Vec; +use core::mem; + use crate::crypto::hash; use crate::msgs::codec::Codec; use crate::msgs::enums::HashAlgorithm; use crate::msgs::handshake::HandshakeMessagePayload; use crate::msgs::message::{Message, MessagePayload}; -use alloc::boxed::Box; -use alloc::vec::Vec; -use core::mem; - /// Early stage buffering of handshake payloads. /// /// Before we know the hash algorithm to use to verify the handshake, we just buffer the messages. diff --git a/rustls/src/key_log_file.rs b/rustls/src/key_log_file.rs index 2d69769c..99b65161 100644 --- a/rustls/src/key_log_file.rs +++ b/rustls/src/key_log_file.rs @@ -1,16 +1,15 @@ +use alloc::vec::Vec; +use core::fmt::{Debug, Formatter}; +use std::ffi::OsString; +use std::fs::{File, OpenOptions}; +use std::io::Write; +use std::sync::Mutex; +use std::{env, io}; + #[cfg(feature = "logging")] use crate::log::warn; use crate::KeyLog; -use alloc::vec::Vec; -use core::fmt::{Debug, Formatter}; -use std::env; -use std::ffi::OsString; -use std::fs::{File, OpenOptions}; -use std::io; -use std::io::Write; -use std::sync::Mutex; - // Internal mutable state for KeyLogFile struct KeyLogFileInner { file: Option, diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index e460c5b4..b88b63e7 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -360,13 +360,13 @@ extern crate std; #[allow(unused_extern_crates)] extern crate test; -#[cfg(doc)] -use crate::crypto::CryptoProvider; - // log for logging (optional). #[cfg(feature = "logging")] use log; +#[cfg(doc)] +use crate::crypto::CryptoProvider; + #[cfg(not(feature = "logging"))] #[macro_use] mod log { @@ -554,13 +554,11 @@ pub mod client { pub use crate::verify::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier}; } + pub use crate::msgs::persist::{Tls12ClientSessionValue, Tls13ClientSessionValue}; pub use crate::webpki::{ verify_server_cert_signed_by_trust_anchor, verify_server_name, ServerCertVerifierBuilder, VerifierBuilderError, WebPkiServerVerifier, }; - - pub use crate::msgs::persist::Tls12ClientSessionValue; - pub use crate::msgs::persist::Tls13ClientSessionValue; } pub use client::ClientConfig; @@ -578,23 +576,23 @@ pub mod server { mod tls12; mod tls13; - pub use crate::verify::NoClientAuth; - pub use crate::webpki::{ - ClientCertVerifierBuilder, ParsedCertificate, VerifierBuilderError, WebPkiClientVerifier, - }; pub use builder::WantsServerCert; pub use handy::NoServerSessionStorage; #[cfg(feature = "std")] pub use handy::ResolvesServerCertUsingSni; #[cfg(feature = "std")] pub use handy::ServerSessionMemoryCache; - pub use server_conn::StoresServerSessions; pub use server_conn::{ - Accepted, ServerConfig, ServerConnectionData, UnbufferedServerConnection, + Accepted, ClientHello, ProducesTickets, ResolvesServerCert, ServerConfig, + ServerConnectionData, StoresServerSessions, UnbufferedServerConnection, }; #[cfg(feature = "std")] pub use server_conn::{AcceptedAlert, Acceptor, ReadEarlyData, ServerConnection}; - pub use server_conn::{ClientHello, ProducesTickets, ResolvesServerCert}; + + pub use crate::verify::NoClientAuth; + pub use crate::webpki::{ + ClientCertVerifierBuilder, ParsedCertificate, VerifierBuilderError, WebPkiClientVerifier, + }; /// Dangerous configuration that should be audited and used with extreme care. pub mod danger { diff --git a/rustls/src/msgs/alert.rs b/rustls/src/msgs/alert.rs index c4a78bfe..3ee5c975 100644 --- a/rustls/src/msgs/alert.rs +++ b/rustls/src/msgs/alert.rs @@ -1,10 +1,10 @@ +use alloc::vec::Vec; + use crate::enums::AlertDescription; use crate::error::InvalidMessage; use crate::msgs::codec::{Codec, Reader}; use crate::msgs::enums::AlertLevel; -use alloc::vec::Vec; - #[derive(Debug)] pub struct AlertMessagePayload { pub level: AlertLevel, diff --git a/rustls/src/msgs/base.rs b/rustls/src/msgs/base.rs index a2bb63d4..b05e1068 100644 --- a/rustls/src/msgs/base.rs +++ b/rustls/src/msgs/base.rs @@ -1,13 +1,13 @@ -use crate::error::InvalidMessage; -use crate::msgs::codec; -use crate::msgs::codec::{Codec, Reader}; - use alloc::vec::Vec; use core::fmt; use pki_types::CertificateDer; use zeroize::Zeroize; +use crate::error::InvalidMessage; +use crate::msgs::codec; +use crate::msgs::codec::{Codec, Reader}; + /// An externally length'd payload #[derive(Clone, Eq, PartialEq)] pub enum Payload<'a> { diff --git a/rustls/src/msgs/codec.rs b/rustls/src/msgs/codec.rs index 84ac606b..dc7be141 100644 --- a/rustls/src/msgs/codec.rs +++ b/rustls/src/msgs/codec.rs @@ -1,7 +1,8 @@ -use crate::error::InvalidMessage; - use alloc::vec::Vec; -use core::{fmt::Debug, mem}; +use core::fmt::Debug; +use core::mem; + +use crate::error::InvalidMessage; /// Wrapper over a slice of bytes that allows reading chunks from /// with the current position state held using a cursor. @@ -377,10 +378,11 @@ impl<'a> Drop for LengthPrefixedBuffer<'a> { #[cfg(test)] mod tests { - use super::*; use std::prelude::v1::*; use std::vec; + use super::*; + #[test] fn interrupted_length_prefixed_buffer_leaves_maximum_length() { let mut buf = Vec::new(); diff --git a/rustls/src/msgs/deframer.rs b/rustls/src/msgs/deframer.rs index 4e1098b3..4734c376 100644 --- a/rustls/src/msgs/deframer.rs +++ b/rustls/src/msgs/deframer.rs @@ -712,11 +712,10 @@ mod tests { use std::prelude::v1::*; use std::vec; + use super::*; use crate::crypto::cipher::PlainMessage; use crate::msgs::message::Message; - use super::*; - #[test] fn check_incremental() { let mut d = BufferedDeframer::default(); diff --git a/rustls/src/msgs/enums.rs b/rustls/src/msgs/enums.rs index 2c66620d..53bab994 100644 --- a/rustls/src/msgs/enums.rs +++ b/rustls/src/msgs/enums.rs @@ -349,9 +349,10 @@ pub(crate) mod tests { //! These tests are intended to provide coverage and //! check panic-safety of relatively unused values. - use super::*; use std::prelude::v1::*; + use super::*; + #[test] fn test_enums() { test_enum8::(HashAlgorithm::NONE, HashAlgorithm::SHA512); diff --git a/rustls/src/msgs/fragmenter.rs b/rustls/src/msgs/fragmenter.rs index b1a25d02..85bc755a 100644 --- a/rustls/src/msgs/fragmenter.rs +++ b/rustls/src/msgs/fragmenter.rs @@ -1,5 +1,4 @@ -use crate::enums::ContentType; -use crate::enums::ProtocolVersion; +use crate::enums::{ContentType, ProtocolVersion}; use crate::msgs::message::{OutboundChunks, OutboundPlainMessage, PlainMessage}; use crate::Error; pub(crate) const MAX_FRAGMENT_LEN: usize = 16384; @@ -105,14 +104,14 @@ impl<'a> ExactSizeIterator for Chunker<'a> { #[cfg(test)] mod tests { - use super::{MessageFragmenter, PACKET_OVERHEAD}; - use crate::enums::ContentType; - use crate::enums::ProtocolVersion; - use crate::msgs::base::Payload; - use crate::msgs::message::{OutboundChunks, OutboundPlainMessage, PlainMessage}; use std::prelude::v1::*; use std::vec; + use super::{MessageFragmenter, PACKET_OVERHEAD}; + use crate::enums::{ContentType, ProtocolVersion}; + use crate::msgs::base::Payload; + use crate::msgs::message::{OutboundChunks, OutboundPlainMessage, PlainMessage}; + fn msg_eq( m: &OutboundPlainMessage, total_len: usize, diff --git a/rustls/src/msgs/handshake.rs b/rustls/src/msgs/handshake.rs index 776a8000..131dbcce 100644 --- a/rustls/src/msgs/handshake.rs +++ b/rustls/src/msgs/handshake.rs @@ -1,5 +1,15 @@ #![allow(non_camel_case_types)] +use alloc::collections::BTreeSet; +#[cfg(feature = "logging")] +use alloc::string::String; +use alloc::vec; +use alloc::vec::Vec; +use core::fmt; +use core::ops::Deref; + +use pki_types::{CertificateDer, DnsName}; + #[cfg(feature = "tls12")] use crate::crypto::ActiveKeyExchange; use crate::crypto::SecureRandom; @@ -20,16 +30,6 @@ use crate::rand; use crate::verify::DigitallySignedStruct; use crate::x509::wrap_in_sequence; -use pki_types::{CertificateDer, DnsName}; - -use alloc::collections::BTreeSet; -#[cfg(feature = "logging")] -use alloc::string::String; -use alloc::vec; -use alloc::vec::Vec; -use core::fmt; -use core::ops::Deref; - /// Create a newtype wrapper around a given type. /// /// This is used to create newtypes for the various TLS message types which is used to wrap diff --git a/rustls/src/msgs/handshake_test.rs b/rustls/src/msgs/handshake_test.rs index fa505142..2f94de39 100644 --- a/rustls/src/msgs/handshake_test.rs +++ b/rustls/src/msgs/handshake_test.rs @@ -1,3 +1,9 @@ +use std::prelude::v1::*; +use std::{format, println, vec}; + +use pki_types::{CertificateDer, DnsName}; + +use super::handshake::{ServerDhParams, ServerKeyExchange, ServerKeyExchangeParams}; use crate::enums::{CipherSuite, HandshakeType, ProtocolVersion, SignatureScheme}; use crate::msgs::base::{Payload, PayloadU16, PayloadU24, PayloadU8}; use crate::msgs::codec::{put_u16, Codec, Reader}; @@ -18,13 +24,6 @@ use crate::msgs::handshake::{ }; use crate::verify::DigitallySignedStruct; -use pki_types::{CertificateDer, DnsName}; - -use super::handshake::{ServerDhParams, ServerKeyExchange, ServerKeyExchangeParams}; - -use std::prelude::v1::*; -use std::{format, println, vec}; - #[test] fn rejects_short_random() { let bytes = [0x01; 31]; diff --git a/rustls/src/msgs/message/inbound.rs b/rustls/src/msgs/message/inbound.rs index cd5979eb..4fb28042 100644 --- a/rustls/src/msgs/message/inbound.rs +++ b/rustls/src/msgs/message/inbound.rs @@ -1,3 +1,5 @@ +use core::ops::{Deref, DerefMut}; + use super::outbound::read_opaque_message_header; use super::MessageError; use crate::enums::{ContentType, ProtocolVersion}; @@ -5,8 +7,6 @@ use crate::error::{Error, PeerMisbehaved}; use crate::msgs::codec::ReaderMut; use crate::msgs::fragmenter::MAX_FRAGMENT_LEN; -use core::ops::{Deref, DerefMut}; - /// A TLS frame, named TLSPlaintext in the standard. /// /// This inbound type borrows its encrypted payload from a `[MessageDeframer]`. diff --git a/rustls/src/msgs/message/mod.rs b/rustls/src/msgs/message/mod.rs index f36606d9..c37b9868 100644 --- a/rustls/src/msgs/message/mod.rs +++ b/rustls/src/msgs/message/mod.rs @@ -11,10 +11,10 @@ mod inbound; pub use inbound::{BorrowedPayload, InboundOpaqueMessage, InboundPlainMessage}; mod outbound; -pub use outbound::{OutboundChunks, OutboundOpaqueMessage, OutboundPlainMessage, PrefixedPayload}; - use alloc::vec::Vec; +pub use outbound::{OutboundChunks, OutboundOpaqueMessage, OutboundPlainMessage, PrefixedPayload}; + #[derive(Debug)] pub enum MessagePayload<'a> { Alert(AlertMessagePayload), diff --git a/rustls/src/msgs/message/outbound.rs b/rustls/src/msgs/message/outbound.rs index 825647cc..4b41e2b8 100644 --- a/rustls/src/msgs/message/outbound.rs +++ b/rustls/src/msgs/message/outbound.rs @@ -1,11 +1,11 @@ +use alloc::vec::Vec; + use super::{MessageError, PlainMessage, HEADER_SIZE, MAX_PAYLOAD}; use crate::enums::{ContentType, ProtocolVersion}; use crate::internal::record_layer::RecordLayer; use crate::msgs::base::Payload; use crate::msgs::codec::{Codec, Reader}; -use alloc::vec::Vec; - /// A TLS frame, named `TLSPlaintext` in the standard. /// /// This outbound type borrows its "to be encrypted" payload from the "user". diff --git a/rustls/src/msgs/message_test.rs b/rustls/src/msgs/message_test.rs index bc40c4f4..3bcb2ae6 100644 --- a/rustls/src/msgs/message_test.rs +++ b/rustls/src/msgs/message_test.rs @@ -1,15 +1,14 @@ -use crate::enums::{AlertDescription, HandshakeType}; -use crate::msgs::base::{PayloadU16, PayloadU24, PayloadU8}; +use std::io::Read; +use std::path::{Path, PathBuf}; +use std::prelude::v1::*; +use std::{format, fs, println, vec}; use super::base::Payload; use super::codec::Reader; use super::enums::AlertLevel; use super::message::{Message, OutboundOpaqueMessage, PlainMessage}; - -use std::io::Read; -use std::path::{Path, PathBuf}; -use std::prelude::v1::*; -use std::{format, fs, println, vec}; +use crate::enums::{AlertDescription, HandshakeType}; +use crate::msgs::base::{PayloadU16, PayloadU24, PayloadU8}; #[test] fn test_read_fuzz_corpus() { diff --git a/rustls/src/msgs/persist.rs b/rustls/src/msgs/persist.rs index c1a61b62..05fba56f 100644 --- a/rustls/src/msgs/persist.rs +++ b/rustls/src/msgs/persist.rs @@ -1,3 +1,11 @@ +use alloc::vec::Vec; +use core::cmp; +#[cfg(feature = "tls12")] +use core::mem; + +use pki_types::{DnsName, UnixTime}; +use zeroize::Zeroizing; + use crate::enums::{CipherSuite, ProtocolVersion}; use crate::error::InvalidMessage; use crate::msgs::base::{PayloadU16, PayloadU8}; @@ -9,14 +17,6 @@ use crate::msgs::handshake::SessionId; use crate::tls12::Tls12CipherSuite; use crate::tls13::Tls13CipherSuite; -use pki_types::{DnsName, UnixTime}; -use zeroize::Zeroizing; - -use alloc::vec::Vec; -use core::cmp; -#[cfg(feature = "tls12")] -use core::mem; - pub(crate) struct Retrieved { pub(crate) value: T, retrieved_at: UnixTime, diff --git a/rustls/src/quic.rs b/rustls/src/quic.rs index dccdff16..96f0f83d 100644 --- a/rustls/src/quic.rs +++ b/rustls/src/quic.rs @@ -1,3 +1,9 @@ +use alloc::boxed::Box; +use alloc::collections::VecDeque; +use alloc::vec::Vec; +#[cfg(feature = "std")] +use core::fmt::Debug; + /// This module contains optional APIs for implementing QUIC TLS. use crate::common_state::Side; use crate::crypto::cipher::{AeadKey, Iv}; @@ -9,14 +15,17 @@ use crate::tls13::key_schedule::{ }; use crate::tls13::Tls13CipherSuite; -use alloc::boxed::Box; -use alloc::collections::VecDeque; -use alloc::vec::Vec; -#[cfg(feature = "std")] -use core::fmt::Debug; - #[cfg(feature = "std")] mod connection { + use alloc::sync::Arc; + use alloc::vec; + use alloc::vec::Vec; + use core::fmt::{self, Debug}; + use core::ops::{Deref, DerefMut}; + + use pki_types::ServerName; + + use super::{DirectionalKeys, KeyChange, Version}; use crate::client::{ClientConfig, ClientConnectionData}; use crate::common_state::{CommonState, Protocol, DEFAULT_BUFFER_LIMIT}; use crate::conn::{ConnectionCore, SideData}; @@ -27,16 +36,6 @@ mod connection { use crate::server::{ServerConfig, ServerConnectionData}; use crate::vecbuf::ChunkVecBuffer; - use pki_types::ServerName; - - use alloc::sync::Arc; - use alloc::vec; - use alloc::vec::Vec; - use core::fmt::{self, Debug}; - use core::ops::{Deref, DerefMut}; - - use super::{DirectionalKeys, KeyChange, Version}; - /// A QUIC client or server connection. #[derive(Debug)] pub enum Connection { @@ -966,9 +965,10 @@ impl Default for Version { #[cfg(test)] mod tests { + use std::prelude::v1::*; + use super::PacketKey; use crate::quic::HeaderProtectionKey; - use std::prelude::v1::*; #[test] fn auto_traits() { diff --git a/rustls/src/rand.rs b/rustls/src/rand.rs index 2f2c3795..23593863 100644 --- a/rustls/src/rand.rs +++ b/rustls/src/rand.rs @@ -1,10 +1,10 @@ //! The single place where we generate random material for our own use. -use crate::crypto::SecureRandom; - use alloc::vec; use alloc::vec::Vec; +use crate::crypto::SecureRandom; + /// Make a [`Vec`] of the given size containing random material. pub(crate) fn random_vec( secure_random: &dyn SecureRandom, diff --git a/rustls/src/record_layer.rs b/rustls/src/record_layer.rs index ab6f5dec..fe391ddd 100644 --- a/rustls/src/record_layer.rs +++ b/rustls/src/record_layer.rs @@ -1,13 +1,11 @@ +use alloc::boxed::Box; use core::num::NonZeroU64; use crate::crypto::cipher::{InboundOpaqueMessage, MessageDecrypter, MessageEncrypter}; use crate::error::Error; -use crate::msgs::message::{InboundPlainMessage, OutboundOpaqueMessage, OutboundPlainMessage}; - #[cfg(feature = "logging")] use crate::log::trace; - -use alloc::boxed::Box; +use crate::msgs::message::{InboundPlainMessage, OutboundOpaqueMessage, OutboundPlainMessage}; static SEQ_SOFT_LIMIT: u64 = 0xffff_ffff_ffff_0000u64; static SEQ_HARD_LIMIT: u64 = 0xffff_ffff_ffff_fffeu64; diff --git a/rustls/src/server/builder.rs b/rustls/src/server/builder.rs index 11ea41ab..cd5bdb87 100644 --- a/rustls/src/server/builder.rs +++ b/rustls/src/server/builder.rs @@ -1,19 +1,17 @@ +use alloc::sync::Arc; +use alloc::vec::Vec; +use core::marker::PhantomData; + +use pki_types::{CertificateDer, PrivateKeyDer}; + use crate::builder::{ConfigBuilder, WantsVerifier}; use crate::crypto::CryptoProvider; use crate::error::Error; use crate::msgs::handshake::CertificateChain; -use crate::server::handy; -use crate::server::{ResolvesServerCert, ServerConfig}; +use crate::server::{handy, ResolvesServerCert, ServerConfig}; use crate::time_provider::TimeProvider; use crate::verify::{ClientCertVerifier, NoClientAuth}; -use crate::versions; -use crate::NoKeyLog; - -use pki_types::{CertificateDer, PrivateKeyDer}; - -use alloc::sync::Arc; -use alloc::vec::Vec; -use core::marker::PhantomData; +use crate::{versions, NoKeyLog}; impl ConfigBuilder { /// Choose how to verify client certificates. diff --git a/rustls/src/server/common.rs b/rustls/src/server/common.rs index 5e41ed42..973bfe51 100644 --- a/rustls/src/server/common.rs +++ b/rustls/src/server/common.rs @@ -1,7 +1,7 @@ -use crate::sign; - use pki_types::CertificateDer; +use crate::sign; + /// ActiveCertifiedKey wraps [`sign::CertifiedKey`] and tracks OSCP state in a single handshake. pub(super) struct ActiveCertifiedKey<'a> { key: &'a sign::CertifiedKey, diff --git a/rustls/src/server/handy.rs b/rustls/src/server/handy.rs index dbf86041..49a49878 100644 --- a/rustls/src/server/handy.rs +++ b/rustls/src/server/handy.rs @@ -1,12 +1,11 @@ -use crate::msgs::handshake::CertificateChain; -use crate::server; -use crate::server::ClientHello; -use crate::sign; - use alloc::sync::Arc; use alloc::vec::Vec; use core::fmt::Debug; +use crate::msgs::handshake::CertificateChain; +use crate::server::ClientHello; +use crate::{server, sign}; + /// Something which never stores sessions. #[derive(Debug)] pub struct NoServerSessionStorage {} @@ -28,14 +27,13 @@ impl server::StoresServerSessions for NoServerSessionStorage { #[cfg(feature = "std")] mod cache { - use crate::limited_cache; - use crate::server; - use alloc::sync::Arc; use alloc::vec::Vec; use core::fmt::{Debug, Formatter}; use std::sync::Mutex; + use crate::{limited_cache, server}; + /// An implementer of `StoresServerSessions` that stores everything /// in memory. If enforces a limit on the number of stored sessions /// to bound memory usage. @@ -89,9 +87,10 @@ mod cache { #[cfg(test)] mod tests { + use std::vec; + use super::*; use crate::server::StoresServerSessions; - use std::vec; #[test] fn test_serversessionmemorycache_accepts_put() { @@ -198,19 +197,18 @@ impl server::ResolvesServerCert for AlwaysResolvesChain { #[cfg(feature = "std")] mod sni_resolver { - use crate::error::Error; - use crate::server; - use crate::server::ClientHello; - use crate::sign; - use crate::webpki::{verify_server_name, ParsedCertificate}; - - use pki_types::{DnsName, ServerName}; - use alloc::string::{String, ToString}; use alloc::sync::Arc; use core::fmt::Debug; use std::collections::HashMap; + use pki_types::{DnsName, ServerName}; + + use crate::error::Error; + use crate::server::ClientHello; + use crate::webpki::{verify_server_name, ParsedCertificate}; + use crate::{server, sign}; + /// Something that resolves do different cert chains/keys based /// on client-supplied server name (via SNI). #[derive(Debug)] @@ -302,11 +300,11 @@ pub use sni_resolver::ResolvesServerCertUsingSni; #[cfg(test)] mod tests { - use super::*; - use crate::server::ProducesTickets; - use crate::server::StoresServerSessions; use std::vec; + use super::*; + use crate::server::{ProducesTickets, StoresServerSessions}; + #[test] fn test_noserversessionstorage_drops_put() { let c = NoServerSessionStorage {}; diff --git a/rustls/src/server/hs.rs b/rustls/src/server/hs.rs index 797c8e8b..fed76e28 100644 --- a/rustls/src/server/hs.rs +++ b/rustls/src/server/hs.rs @@ -1,3 +1,13 @@ +use alloc::borrow::ToOwned; +use alloc::boxed::Box; +use alloc::sync::Arc; +use alloc::vec::Vec; + +use pki_types::DnsName; + +use super::server_conn::ServerConnectionData; +#[cfg(feature = "tls12")] +use super::tls12; use crate::common_state::{Protocol, State}; use crate::conn::ConnectionRandoms; use crate::crypto::SupportedKxGroup; @@ -12,26 +22,15 @@ use crate::log::{debug, trace}; use crate::msgs::enums::{Compression, ExtensionType, NamedGroup}; #[cfg(feature = "tls12")] use crate::msgs::handshake::SessionId; -use crate::msgs::handshake::{ClientHelloPayload, KeyExchangeAlgorithm, Random, ServerExtension}; -use crate::msgs::handshake::{ConvertProtocolNameList, ConvertServerNameList, HandshakePayload}; +use crate::msgs::handshake::{ + ClientHelloPayload, ConvertProtocolNameList, ConvertServerNameList, HandshakePayload, + KeyExchangeAlgorithm, Random, ServerExtension, +}; use crate::msgs::message::{Message, MessagePayload}; use crate::msgs::persist; -use crate::server::{ClientHello, ServerConfig}; -use crate::suites; -use crate::SupportedCipherSuite; - -use super::server_conn::ServerConnectionData; -#[cfg(feature = "tls12")] -use super::tls12; use crate::server::common::ActiveCertifiedKey; -use crate::server::tls13; - -use pki_types::DnsName; - -use alloc::borrow::ToOwned; -use alloc::boxed::Box; -use alloc::sync::Arc; -use alloc::vec::Vec; +use crate::server::{tls13, ClientHello, ServerConfig}; +use crate::{suites, SupportedCipherSuite}; pub(super) type NextState<'a> = Box + 'a>; pub(super) type NextStateOrError<'a> = Result, Error>; diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index b89c6a7d..a897220b 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -1,8 +1,23 @@ +use alloc::boxed::Box; +use alloc::sync::Arc; +use alloc::vec::Vec; +use core::fmt; +use core::fmt::{Debug, Formatter}; +use core::marker::PhantomData; +use core::ops::{Deref, DerefMut}; +#[cfg(feature = "std")] +use std::io; + +use pki_types::{DnsName, UnixTime}; + +use super::hs; use crate::builder::ConfigBuilder; #[cfg(feature = "std")] use crate::common_state::Protocol; use crate::common_state::{CommonState, Side, State}; use crate::conn::{ConnectionCommon, ConnectionCore, UnbufferedConnectionCommon}; +#[cfg(doc)] +use crate::crypto; use crate::crypto::CryptoProvider; use crate::enums::{CipherSuite, ProtocolVersion, SignatureScheme}; use crate::error::Error; @@ -15,29 +30,9 @@ use crate::msgs::message::Message; use crate::time_provider::DefaultTimeProvider; use crate::time_provider::TimeProvider; use crate::vecbuf::ChunkVecBuffer; -use crate::verify; -use crate::versions; -use crate::KeyLog; #[cfg(feature = "std")] use crate::WantsVerifier; -use crate::{sign, WantsVersions}; - -use super::hs; - -use pki_types::{DnsName, UnixTime}; - -use alloc::boxed::Box; -use alloc::sync::Arc; -use alloc::vec::Vec; -use core::fmt; -use core::fmt::{Debug, Formatter}; -use core::marker::PhantomData; -use core::ops::{Deref, DerefMut}; -#[cfg(feature = "std")] -use std::io; - -#[cfg(doc)] -use crate::crypto; +use crate::{sign, verify, versions, KeyLog, WantsVersions}; /// A trait for the ability to store server session data. /// @@ -503,13 +498,6 @@ impl ServerConfig { #[cfg(feature = "std")] mod connection { - use crate::common_state::{CommonState, Context, Side}; - use crate::conn::{ConnectionCommon, ConnectionCore}; - use crate::error::Error; - use crate::server::hs; - use crate::suites::ExtractedSecrets; - use crate::vecbuf::ChunkVecBuffer; - use alloc::boxed::Box; use alloc::sync::Arc; use alloc::vec::Vec; @@ -519,6 +507,12 @@ mod connection { use std::io; use super::{Accepted, Accepting, EarlyDataState, ServerConfig, ServerConnectionData}; + use crate::common_state::{CommonState, Context, Side}; + use crate::conn::{ConnectionCommon, ConnectionCore}; + use crate::error::Error; + use crate::server::hs; + use crate::suites::ExtractedSecrets; + use crate::vecbuf::ChunkVecBuffer; /// Allows reading of early data in resumed TLS1.3 connections. /// @@ -1099,9 +1093,10 @@ impl crate::conn::SideData for ServerConnectionData {} #[cfg(feature = "std")] #[cfg(test)] mod tests { - use super::*; use std::format; + use super::*; + // these branches not reachable externally, unless something else goes wrong. #[test] fn test_read_in_new_state() { diff --git a/rustls/src/server/tls12.rs b/rustls/src/server/tls12.rs index 808484f6..1b337f17 100644 --- a/rustls/src/server/tls12.rs +++ b/rustls/src/server/tls12.rs @@ -1,9 +1,22 @@ +use alloc::borrow::ToOwned; +use alloc::boxed::Box; +use alloc::string::ToString; +use alloc::sync::Arc; +use alloc::vec; +use alloc::vec::Vec; + +pub(super) use client_hello::CompleteClientHelloHandling; +use pki_types::UnixTime; +use subtle::ConstantTimeEq; + +use super::common::ActiveCertifiedKey; +use super::hs::{self, ServerContext}; +use super::server_conn::{ProducesTickets, ServerConfig, ServerConnectionData}; use crate::check::inappropriate_message; use crate::common_state::{CommonState, Side, State}; use crate::conn::ConnectionRandoms; use crate::crypto::ActiveKeyExchange; -use crate::enums::ProtocolVersion; -use crate::enums::{AlertDescription, ContentType, HandshakeType}; +use crate::enums::{AlertDescription, ContentType, HandshakeType, ProtocolVersion}; use crate::error::{Error, PeerIncompatible, PeerMisbehaved}; use crate::hash_hs::HandshakeHash; #[cfg(feature = "logging")] @@ -13,47 +26,29 @@ use crate::msgs::ccs::ChangeCipherSpecPayload; use crate::msgs::codec::Codec; use crate::msgs::handshake::{ CertificateChain, ClientKeyExchangeParams, HandshakeMessagePayload, HandshakePayload, + NewSessionTicketPayload, SessionId, }; -use crate::msgs::handshake::{NewSessionTicketPayload, SessionId}; use crate::msgs::message::{Message, MessagePayload}; use crate::msgs::persist; use crate::suites::PartiallyExtractedSecrets; use crate::tls12::{self, ConnectionSecrets, Tls12CipherSuite}; use crate::verify; -use super::common::ActiveCertifiedKey; -use super::hs::{self, ServerContext}; -use super::server_conn::{ProducesTickets, ServerConfig, ServerConnectionData}; - -use pki_types::UnixTime; -use subtle::ConstantTimeEq; - -use alloc::borrow::ToOwned; -use alloc::boxed::Box; -use alloc::string::ToString; -use alloc::sync::Arc; -use alloc::vec; -use alloc::vec::Vec; - -pub(super) use client_hello::CompleteClientHelloHandling; - mod client_hello { use pki_types::CertificateDer; + use super::*; use crate::crypto::SupportedKxGroup; use crate::enums::SignatureScheme; - use crate::msgs::enums::ECPointFormat; - use crate::msgs::enums::{ClientCertificateType, Compression}; - use crate::msgs::handshake::CertificateStatus; - use crate::msgs::handshake::{CertificateRequestPayload, ClientSessionTicket, Random}; - use crate::msgs::handshake::{ClientExtension, ClientHelloPayload, ServerHelloPayload}; - use crate::msgs::handshake::{ServerExtension, ServerKeyExchangePayload}; - use crate::msgs::handshake::{ServerKeyExchange, ServerKeyExchangeParams}; + use crate::msgs::enums::{ClientCertificateType, Compression, ECPointFormat}; + use crate::msgs::handshake::{ + CertificateRequestPayload, CertificateStatus, ClientExtension, ClientHelloPayload, + ClientSessionTicket, Random, ServerExtension, ServerHelloPayload, ServerKeyExchange, + ServerKeyExchangeParams, ServerKeyExchangePayload, + }; use crate::sign; use crate::verify::DigitallySignedStruct; - use super::*; - pub(in crate::server) struct CompleteClientHelloHandling { pub(in crate::server) config: Arc, pub(in crate::server) transcript: HandshakeHash, diff --git a/rustls/src/server/tls13.rs b/rustls/src/server/tls13.rs index e1f73f0b..1391f2ed 100644 --- a/rustls/src/server/tls13.rs +++ b/rustls/src/server/tls13.rs @@ -1,66 +1,51 @@ -use crate::check::inappropriate_handshake_message; -use crate::check::inappropriate_message; -use crate::common_state::Protocol; -use crate::common_state::{CommonState, Side, State}; -use crate::conn::ConnectionRandoms; -use crate::enums::ProtocolVersion; -use crate::enums::{AlertDescription, ContentType, HandshakeType}; -use crate::error::{Error, PeerIncompatible, PeerMisbehaved}; -use crate::hash_hs::HandshakeHash; -#[cfg(feature = "logging")] -use crate::log::{debug, trace, warn}; -use crate::msgs::codec::Codec; -use crate::msgs::enums::KeyUpdateRequest; -use crate::msgs::handshake::CertificateChain; -use crate::msgs::handshake::HandshakeMessagePayload; -use crate::msgs::handshake::HandshakePayload; -use crate::msgs::handshake::{NewSessionTicketExtension, NewSessionTicketPayloadTls13}; -use crate::msgs::message::{Message, MessagePayload}; -use crate::msgs::persist; -use crate::rand; -use crate::server::ServerConfig; -use crate::suites::PartiallyExtractedSecrets; -use crate::tls13::construct_client_verify_message; -use crate::tls13::construct_server_verify_message; -use crate::tls13::key_schedule::{KeyScheduleTraffic, KeyScheduleTrafficWithClientFinishedPending}; -use crate::tls13::Tls13CipherSuite; -use crate::verify; - -use super::hs::{self, HandshakeHashOrBuffer, ServerContext}; -use super::server_conn::ServerConnectionData; - use alloc::borrow::ToOwned; use alloc::boxed::Box; use alloc::sync::Arc; use alloc::vec; use alloc::vec::Vec; +pub(super) use client_hello::CompleteClientHelloHandling; use pki_types::{CertificateDer, UnixTime}; use subtle::ConstantTimeEq; -pub(super) use client_hello::CompleteClientHelloHandling; +use super::hs::{self, HandshakeHashOrBuffer, ServerContext}; +use super::server_conn::ServerConnectionData; +use crate::check::{inappropriate_handshake_message, inappropriate_message}; +use crate::common_state::{CommonState, Protocol, Side, State}; +use crate::conn::ConnectionRandoms; +use crate::enums::{AlertDescription, ContentType, HandshakeType, ProtocolVersion}; +use crate::error::{Error, PeerIncompatible, PeerMisbehaved}; +use crate::hash_hs::HandshakeHash; +#[cfg(feature = "logging")] +use crate::log::{debug, trace, warn}; +use crate::msgs::codec::Codec; +use crate::msgs::enums::KeyUpdateRequest; +use crate::msgs::handshake::{ + CertificateChain, HandshakeMessagePayload, HandshakePayload, NewSessionTicketExtension, + NewSessionTicketPayloadTls13, +}; +use crate::msgs::message::{Message, MessagePayload}; +use crate::msgs::persist; +use crate::server::ServerConfig; +use crate::suites::PartiallyExtractedSecrets; +use crate::tls13::key_schedule::{KeyScheduleTraffic, KeyScheduleTrafficWithClientFinishedPending}; +use crate::tls13::{ + construct_client_verify_message, construct_server_verify_message, Tls13CipherSuite, +}; +use crate::{rand, verify}; mod client_hello { + use super::*; use crate::crypto::SupportedKxGroup; use crate::enums::SignatureScheme; use crate::msgs::base::{Payload, PayloadU8}; use crate::msgs::ccs::ChangeCipherSpecPayload; - use crate::msgs::enums::NamedGroup; - use crate::msgs::enums::{Compression, PSKKeyExchangeMode}; - use crate::msgs::handshake::CertReqExtension; - use crate::msgs::handshake::CertificateEntry; - use crate::msgs::handshake::CertificateExtension; - use crate::msgs::handshake::CertificatePayloadTls13; - use crate::msgs::handshake::CertificateRequestPayloadTls13; - use crate::msgs::handshake::CertificateStatus; - use crate::msgs::handshake::ClientHelloPayload; - use crate::msgs::handshake::HelloRetryExtension; - use crate::msgs::handshake::HelloRetryRequest; - use crate::msgs::handshake::KeyShareEntry; - use crate::msgs::handshake::Random; - use crate::msgs::handshake::ServerExtension; - use crate::msgs::handshake::ServerHelloPayload; - use crate::msgs::handshake::SessionId; + use crate::msgs::enums::{Compression, NamedGroup, PSKKeyExchangeMode}; + use crate::msgs::handshake::{ + CertReqExtension, CertificateEntry, CertificateExtension, CertificatePayloadTls13, + CertificateRequestPayloadTls13, CertificateStatus, ClientHelloPayload, HelloRetryExtension, + HelloRetryRequest, KeyShareEntry, Random, ServerExtension, ServerHelloPayload, SessionId, + }; use crate::server::common::ActiveCertifiedKey; use crate::sign; use crate::tls13::key_schedule::{ @@ -68,8 +53,6 @@ mod client_hello { }; use crate::verify::DigitallySignedStruct; - use super::*; - #[derive(PartialEq)] pub(super) enum EarlyDataDecision { Disabled, diff --git a/rustls/src/stream.rs b/rustls/src/stream.rs index ef7ee66c..a6a394a9 100644 --- a/rustls/src/stream.rs +++ b/rustls/src/stream.rs @@ -1,8 +1,8 @@ -use crate::conn::{ConnectionCommon, SideData}; - use core::ops::{Deref, DerefMut}; use std::io::{IoSlice, Read, Result, Write}; +use crate::conn::{ConnectionCommon, SideData}; + /// This type implements `io::Read` and `io::Write`, encapsulating /// a Connection `C` and an underlying transport `T`, such as a socket. /// @@ -221,10 +221,11 @@ where #[cfg(test)] mod tests { + use std::net::TcpStream; + use super::{Stream, StreamOwned}; use crate::client::ClientConnection; use crate::server::ServerConnection; - use std::net::TcpStream; #[test] fn stream_can_be_created_for_connection_and_tcpstream() { diff --git a/rustls/src/suites.rs b/rustls/src/suites.rs index 36007fd1..92437d99 100644 --- a/rustls/src/suites.rs +++ b/rustls/src/suites.rs @@ -1,3 +1,5 @@ +use core::fmt; + use crate::common_state::Protocol; use crate::crypto::cipher::{AeadKey, Iv}; use crate::crypto::{self, KeyExchangeAlgorithm}; @@ -10,8 +12,6 @@ use crate::tls13::Tls13CipherSuite; use crate::versions::TLS12; use crate::versions::{SupportedProtocolVersion, TLS13}; -use core::fmt; - /// Common state for cipher suites (both for TLS 1.2 and TLS 1.3) pub struct CipherSuiteCommon { /// The TLS enumeration naming this cipher suite. diff --git a/rustls/src/ticketer.rs b/rustls/src/ticketer.rs index ddadb0ef..ad3717f6 100644 --- a/rustls/src/ticketer.rs +++ b/rustls/src/ticketer.rs @@ -1,14 +1,13 @@ -use crate::rand; -use crate::server::ProducesTickets; -use crate::Error; - -use pki_types::UnixTime; - use alloc::boxed::Box; use alloc::vec::Vec; use core::mem; use std::sync::{Mutex, MutexGuard}; +use pki_types::UnixTime; + +use crate::server::ProducesTickets; +use crate::{rand, Error}; + #[derive(Debug)] pub(crate) struct TicketSwitcherState { next: Option>, diff --git a/rustls/src/tls12/mod.rs b/rustls/src/tls12/mod.rs index 420cab5e..30e0a2cc 100644 --- a/rustls/src/tls12/mod.rs +++ b/rustls/src/tls12/mod.rs @@ -1,3 +1,10 @@ +use alloc::boxed::Box; +use alloc::vec; +use alloc::vec::Vec; +use core::fmt; + +use zeroize::Zeroize; + use crate::common_state::{CommonState, Side}; use crate::conn::ConnectionRandoms; use crate::crypto; @@ -9,13 +16,6 @@ use crate::msgs::codec::{Codec, Reader}; use crate::msgs::handshake::{KeyExchangeAlgorithm, KxDecode}; use crate::suites::{CipherSuiteCommon, PartiallyExtractedSecrets, SupportedCipherSuite}; -use alloc::boxed::Box; -use alloc::vec; -use alloc::vec::Vec; -use core::fmt; - -use zeroize::Zeroize; - /// A TLS 1.2 cipher suite supported by rustls. pub struct Tls12CipherSuite { /// Common cipher suite fields. diff --git a/rustls/src/tls13/key_schedule.rs b/rustls/src/tls13/key_schedule.rs index 3a9af558..85636b3a 100644 --- a/rustls/src/tls13/key_schedule.rs +++ b/rustls/src/tls13/key_schedule.rs @@ -1,14 +1,13 @@ +use alloc::boxed::Box; +use alloc::string::ToString; + use crate::common_state::{CommonState, Side}; use crate::crypto::cipher::{AeadKey, Iv, MessageDecrypter}; use crate::crypto::tls13::{expand, Hkdf, HkdfExpander, OkmBlock, OutputLengthError}; use crate::crypto::{hash, hmac, ActiveKeyExchange}; use crate::error::Error; -use crate::quic; use crate::suites::PartiallyExtractedSecrets; -use crate::{KeyLog, Tls13CipherSuite}; - -use alloc::boxed::Box; -use alloc::string::ToString; +use crate::{quic, KeyLog, Tls13CipherSuite}; /// Key schedule maintenance for TLS1.3 diff --git a/rustls/src/tls13/mod.rs b/rustls/src/tls13/mod.rs index b6b48f89..e41c65fe 100644 --- a/rustls/src/tls13/mod.rs +++ b/rustls/src/tls13/mod.rs @@ -1,10 +1,10 @@ +use alloc::vec::Vec; +use core::fmt; + use crate::crypto; use crate::crypto::hash; use crate::suites::{CipherSuiteCommon, SupportedCipherSuite}; -use alloc::vec::Vec; -use core::fmt; - pub(crate) mod key_schedule; /// A TLS 1.3 cipher suite supported by rustls. diff --git a/rustls/src/verifybench.rs b/rustls/src/verifybench.rs index 3cea3cb9..58fd30bb 100644 --- a/rustls/src/verifybench.rs +++ b/rustls/src/verifybench.rs @@ -6,13 +6,13 @@ use core::time::Duration; use std::prelude::v1::*; +use pki_types::{CertificateDer, ServerName, UnixTime}; +use webpki_roots; + use crate::crypto::CryptoProvider; use crate::verify::ServerCertVerifier; use crate::webpki::{RootCertStore, WebPkiServerVerifier}; -use pki_types::{CertificateDer, ServerName, UnixTime}; -use webpki_roots; - bench_for_each_provider! { use super::Context; diff --git a/rustls/src/webpki/anchors.rs b/rustls/src/webpki/anchors.rs index 1467b0bf..0e4fb005 100644 --- a/rustls/src/webpki/anchors.rs +++ b/rustls/src/webpki/anchors.rs @@ -128,6 +128,7 @@ impl fmt::Debug for RootCertStore { #[test] fn root_cert_store_debug() { use core::iter; + use pki_types::Der; let ta = TrustAnchor { diff --git a/rustls/src/webpki/client_verifier.rs b/rustls/src/webpki/client_verifier.rs index 623a8dd9..a8c42b2a 100644 --- a/rustls/src/webpki/client_verifier.rs +++ b/rustls/src/webpki/client_verifier.rs @@ -5,21 +5,20 @@ use pki_types::{CertificateDer, CertificateRevocationListDer, UnixTime}; use webpki::{CertRevocationList, RevocationCheckDepth, UnknownStatusPolicy}; use super::{pki_error, VerifierBuilderError}; +#[cfg(doc)] +use crate::crypto; use crate::crypto::{CryptoProvider, WebPkiSupportedAlgorithms}; +#[cfg(doc)] +use crate::server::ServerConfig; use crate::verify::{ ClientCertVerified, ClientCertVerifier, DigitallySignedStruct, HandshakeSignatureValid, NoClientAuth, }; use crate::webpki::parse_crls; use crate::webpki::verify::{verify_tls12_signature, verify_tls13_signature, ParsedCertificate}; -use crate::{DistinguishedName, Error, RootCertStore, SignatureScheme}; - -#[cfg(doc)] -use crate::crypto; -#[cfg(doc)] -use crate::server::ServerConfig; #[cfg(doc)] use crate::ConfigBuilder; +use crate::{DistinguishedName, Error, RootCertStore, SignatureScheme}; /// A builder for configuring a `webpki` client certificate verifier. /// diff --git a/rustls/src/webpki/mod.rs b/rustls/src/webpki/mod.rs index 0b64c2ce..73dae651 100644 --- a/rustls/src/webpki/mod.rs +++ b/rustls/src/webpki/mod.rs @@ -14,17 +14,14 @@ mod server_verifier; mod verify; pub use anchors::RootCertStore; - pub use client_verifier::{ClientCertVerifierBuilder, WebPkiClientVerifier}; pub use server_verifier::{ServerCertVerifierBuilder, WebPkiServerVerifier}; - -pub use verify::{verify_tls12_signature, verify_tls13_signature, WebPkiSupportedAlgorithms}; - // Conditionally exported from crate. #[allow(unreachable_pub)] pub use verify::{ verify_server_cert_signed_by_trust_anchor, verify_server_name, ParsedCertificate, }; +pub use verify::{verify_tls12_signature, verify_tls13_signature, WebPkiSupportedAlgorithms}; /// An error that can occur when building a certificate verifier. #[derive(Debug, Clone)] @@ -150,7 +147,8 @@ mod tests { #[test] fn crl_error_from_webpki() { - use super::{crl_error, CertRevocationListError::*}; + use super::crl_error; + use super::CertRevocationListError::*; let testcases = &[ (webpki::Error::InvalidCrlSignatureForPublicKey, BadSignature), diff --git a/rustls/src/webpki/server_verifier.rs b/rustls/src/webpki/server_verifier.rs index b7168532..9f7a9dbc 100644 --- a/rustls/src/webpki/server_verifier.rs +++ b/rustls/src/webpki/server_verifier.rs @@ -1,5 +1,3 @@ -#[cfg(feature = "logging")] -use crate::log::trace; use alloc::sync::Arc; use alloc::vec::Vec; @@ -7,6 +5,8 @@ use pki_types::{CertificateDer, CertificateRevocationListDer, ServerName, UnixTi use webpki::{CertRevocationList, RevocationCheckDepth, UnknownStatusPolicy}; use crate::crypto::{CryptoProvider, WebPkiSupportedAlgorithms}; +#[cfg(feature = "logging")] +use crate::log::trace; use crate::verify::{ DigitallySignedStruct, HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier, }; @@ -15,10 +15,9 @@ use crate::webpki::verify::{ ParsedCertificate, }; use crate::webpki::{parse_crls, verify_server_name, VerifierBuilderError}; -use crate::{Error, RootCertStore, SignatureScheme}; - #[cfg(doc)] use crate::{crypto, ConfigBuilder, ServerConfig}; +use crate::{Error, RootCertStore, SignatureScheme}; /// A builder for configuring a `webpki` server certificate verifier. /// diff --git a/rustls/src/webpki/verify.rs b/rustls/src/webpki/verify.rs index 97c24043..d7fbe6ef 100644 --- a/rustls/src/webpki/verify.rs +++ b/rustls/src/webpki/verify.rs @@ -7,7 +7,6 @@ use super::anchors::RootCertStore; use super::pki_error; use crate::enums::SignatureScheme; use crate::error::{Error, PeerMisbehaved}; - use crate::verify::{DigitallySignedStruct, HandshakeSignatureValid}; /// Verify that the end-entity certificate `end_entity` is a valid server cert @@ -228,9 +227,10 @@ pub(crate) fn verify_server_cert_signed_by_trust_anchor_impl( #[cfg(test)] mod tests { - use super::*; use std::format; + use super::*; + #[test] fn certificate_debug() { assert_eq!( diff --git a/rustls/src/x509.rs b/rustls/src/x509.rs index 31207bed..a023ac71 100644 --- a/rustls/src/x509.rs +++ b/rustls/src/x509.rs @@ -42,9 +42,10 @@ const DER_SEQUENCE_TAG: u8 = 0x30; #[cfg(test)] mod tests { - use super::*; use std::vec; + use super::*; + #[test] fn test_empty() { assert_eq!(vec![0x30, 0x00], wrap_in_sequence(&[])); diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index b2a5db3d..8a241e8a 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -6,19 +6,16 @@ use std::ops::{Deref, DerefMut}; use std::sync::Arc; use pki_types::{CertificateDer, CertificateRevocationListDer, PrivateKeyDer, ServerName}; -use webpki::anchor_from_trusted_cert; - use rustls::client::{ServerCertVerifierBuilder, WebPkiServerVerifier}; use rustls::crypto::CryptoProvider; use rustls::internal::msgs::codec::Reader; use rustls::internal::msgs::message::{Message, OutboundOpaqueMessage, PlainMessage}; use rustls::server::{ClientCertVerifierBuilder, WebPkiClientVerifier}; -use rustls::Connection; -use rustls::Error; -use rustls::RootCertStore; -use rustls::{ClientConfig, ClientConnection}; -use rustls::{ConnectionCommon, ServerConfig, ServerConnection, SideData}; -use rustls::{ProtocolVersion, SupportedCipherSuite}; +use rustls::{ + ClientConfig, ClientConnection, Connection, ConnectionCommon, Error, ProtocolVersion, + RootCertStore, ServerConfig, ServerConnection, SideData, SupportedCipherSuite, +}; +use webpki::anchor_from_trusted_cert; use super::provider; diff --git a/rustls/tests/ech.rs b/rustls/tests/ech.rs index 6e058a2f..d1f6ee25 100644 --- a/rustls/tests/ech.rs +++ b/rustls/tests/ech.rs @@ -1,6 +1,5 @@ use base64::prelude::{Engine, BASE64_STANDARD}; use pki_types::DnsName; - use rustls::internal::msgs::codec::{Codec, Reader}; use rustls::internal::msgs::enums::{EchVersion, HpkeAead, HpkeKdf, HpkeKem}; use rustls::internal::msgs::handshake::{EchConfig, HpkeKeyConfig, HpkeSymmetricCipherSuite}; diff --git a/rustls/tests/key_log_file_env.rs b/rustls/tests/key_log_file_env.rs index 831a1e7c..9e56e6a0 100644 --- a/rustls/tests/key_log_file_env.rs +++ b/rustls/tests/key_log_file_env.rs @@ -21,10 +21,8 @@ //! file was created successfully, with the right permissions, etc., and that it //! contains something like what we expect. -use std::{ - env, - sync::{Mutex, Once}, -}; +use std::env; +use std::sync::{Mutex, Once}; #[macro_use] mod macros; diff --git a/rustls/tests/process_provider.rs b/rustls/tests/process_provider.rs index ef93a296..ea5da7b0 100644 --- a/rustls/tests/process_provider.rs +++ b/rustls/tests/process_provider.rs @@ -4,15 +4,14 @@ //! executable, and runs tests in an indeterminate order. That restricts us //! to doing all the desired tests, in series, in one function. -use rustls::crypto::CryptoProvider; -use rustls::ClientConfig; - #[cfg(all(feature = "aws_lc_rs", not(feature = "ring")))] use rustls::crypto::aws_lc_rs as provider; #[cfg(all(feature = "ring", not(feature = "aws_lc_rs")))] use rustls::crypto::ring as provider; #[cfg(all(feature = "ring", feature = "aws_lc_rs"))] use rustls::crypto::ring as provider; +use rustls::crypto::CryptoProvider; +use rustls::ClientConfig; mod common; use crate::common::*;