mirror of https://github.com/ctz/rustls
examples: take provider references through alias
This commit is contained in:
Joseph Birr-Pixton
Joe Birr-Pixton
parent
c469593c90
commit
abbc1bb501
|
|
@ -2,7 +2,7 @@
|
|||
//! so that unused cryptography in rustls can be discarded by the linker. You can
|
||||
//! observe using `nm` that the binary of this program does not contain any AES code.
|
||||
|
||||
use rustls::crypto::{ring, CryptoProvider};
|
||||
use rustls::crypto::{ring as provider, CryptoProvider};
|
||||
use std::io::{stdout, Read, Write};
|
||||
use std::net::TcpStream;
|
||||
use std::sync::Arc;
|
||||
|
|
@ -16,9 +16,9 @@ fn main() {
|
|||
|
||||
let config = rustls::ClientConfig::builder_with_provider(
|
||||
CryptoProvider {
|
||||
cipher_suites: vec![ring::cipher_suite::TLS13_CHACHA20_POLY1305_SHA256],
|
||||
kx_groups: vec![ring::kx_group::X25519],
|
||||
..ring::default_provider()
|
||||
cipher_suites: vec![provider::cipher_suite::TLS13_CHACHA20_POLY1305_SHA256],
|
||||
kx_groups: vec![provider::kx_group::X25519],
|
||||
..provider::default_provider()
|
||||
}
|
||||
.into(),
|
||||
)
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@ use docopt::Docopt;
|
|||
use mio::net::TcpStream;
|
||||
use serde::Deserialize;
|
||||
|
||||
use rustls::crypto::CryptoProvider;
|
||||
use rustls::crypto::{ring as provider, CryptoProvider};
|
||||
use rustls::pki_types::{CertificateDer, PrivateKeyDer, ServerName};
|
||||
use rustls::RootCertStore;
|
||||
|
||||
|
|
@ -258,7 +258,7 @@ struct Args {
|
|||
|
||||
/// Find a ciphersuite with the given name
|
||||
fn find_suite(name: &str) -> Option<rustls::SupportedCipherSuite> {
|
||||
for suite in rustls::crypto::ring::ALL_CIPHER_SUITES {
|
||||
for suite in provider::ALL_CIPHER_SUITES {
|
||||
let sname = format!("{:?}", suite.suite()).to_lowercase();
|
||||
|
||||
if sname == name.to_string().to_lowercase() {
|
||||
|
|
@ -417,7 +417,7 @@ fn make_config(args: &Args) -> Arc<rustls::ClientConfig> {
|
|||
let suites = if !args.flag_suite.is_empty() {
|
||||
lookup_suites(&args.flag_suite)
|
||||
} else {
|
||||
rustls::crypto::ring::DEFAULT_CIPHER_SUITES.to_vec()
|
||||
provider::DEFAULT_CIPHER_SUITES.to_vec()
|
||||
};
|
||||
|
||||
let versions = if !args.flag_protover.is_empty() {
|
||||
|
|
@ -429,7 +429,7 @@ fn make_config(args: &Args) -> Arc<rustls::ClientConfig> {
|
|||
let config = rustls::ClientConfig::builder_with_provider(
|
||||
CryptoProvider {
|
||||
cipher_suites: suites,
|
||||
..rustls::crypto::ring::default_provider()
|
||||
..provider::default_provider()
|
||||
}
|
||||
.into(),
|
||||
)
|
||||
|
|
@ -474,7 +474,7 @@ fn make_config(args: &Args) -> Arc<rustls::ClientConfig> {
|
|||
config
|
||||
.dangerous()
|
||||
.set_certificate_verifier(Arc::new(danger::NoCertificateVerification::new(
|
||||
rustls::crypto::ring::default_provider(),
|
||||
provider::default_provider(),
|
||||
)));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ use log::{debug, error};
|
|||
use mio::net::{TcpListener, TcpStream};
|
||||
use serde::Deserialize;
|
||||
|
||||
use rustls::crypto::{ring, CryptoProvider};
|
||||
use rustls::crypto::{ring as provider, CryptoProvider};
|
||||
use rustls::pki_types::{CertificateDer, CertificateRevocationListDer, PrivateKeyDer};
|
||||
use rustls::server::WebPkiClientVerifier;
|
||||
use rustls::{self, RootCertStore};
|
||||
|
|
@ -479,7 +479,7 @@ struct Args {
|
|||
}
|
||||
|
||||
fn find_suite(name: &str) -> Option<rustls::SupportedCipherSuite> {
|
||||
for suite in rustls::crypto::ring::ALL_CIPHER_SUITES {
|
||||
for suite in provider::ALL_CIPHER_SUITES {
|
||||
let sname = format!("{:?}", suite.suite()).to_lowercase();
|
||||
|
||||
if sname == name.to_string().to_lowercase() {
|
||||
|
|
@ -605,7 +605,7 @@ fn make_config(args: &Args) -> Arc<rustls::ServerConfig> {
|
|||
let suites = if !args.flag_suite.is_empty() {
|
||||
lookup_suites(&args.flag_suite)
|
||||
} else {
|
||||
rustls::crypto::ring::ALL_CIPHER_SUITES.to_vec()
|
||||
provider::ALL_CIPHER_SUITES.to_vec()
|
||||
};
|
||||
|
||||
let versions = if !args.flag_protover.is_empty() {
|
||||
|
|
@ -629,7 +629,7 @@ fn make_config(args: &Args) -> Arc<rustls::ServerConfig> {
|
|||
let mut config = rustls::ServerConfig::builder_with_provider(
|
||||
CryptoProvider {
|
||||
cipher_suites: suites,
|
||||
..ring::default_provider()
|
||||
..provider::default_provider()
|
||||
}
|
||||
.into(),
|
||||
)
|
||||
|
|
@ -646,7 +646,7 @@ fn make_config(args: &Args) -> Arc<rustls::ServerConfig> {
|
|||
}
|
||||
|
||||
if args.flag_tickets {
|
||||
config.ticketer = rustls::crypto::ring::Ticketer::new().unwrap();
|
||||
config.ticketer = provider::Ticketer::new().unwrap();
|
||||
}
|
||||
|
||||
config.alpn_protocols = args
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
use num_bigint::BigUint;
|
||||
use rustls::crypto::{
|
||||
ActiveKeyExchange, CipherSuiteCommon, KeyExchangeAlgorithm, SharedSecret, SupportedKxGroup,
|
||||
ring as provider, ActiveKeyExchange, CipherSuiteCommon, KeyExchangeAlgorithm, SharedSecret,
|
||||
SupportedKxGroup,
|
||||
};
|
||||
use rustls::ffdhe_groups::FfdheGroup;
|
||||
use rustls::{CipherSuite, NamedGroup, SupportedCipherSuite, Tls12CipherSuite};
|
||||
|
|
@ -15,7 +16,7 @@ pub struct FfdheKxGroup(pub NamedGroup);
|
|||
impl SupportedKxGroup for FfdheKxGroup {
|
||||
fn start(&self) -> Result<Box<dyn ActiveKeyExchange>, rustls::Error> {
|
||||
let mut x = vec![0; 64];
|
||||
rustls::crypto::ring::default_provider()
|
||||
provider::default_provider()
|
||||
.secure_random
|
||||
.fill(&mut x)?;
|
||||
let x = BigUint::from_bytes_be(&x);
|
||||
|
|
@ -42,14 +43,14 @@ impl SupportedKxGroup for FfdheKxGroup {
|
|||
}
|
||||
|
||||
static TLS12_DHE_RSA_WITH_AES_128_GCM_SHA256: Tls12CipherSuite =
|
||||
match &rustls::crypto::ring::cipher_suite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 {
|
||||
SupportedCipherSuite::Tls12(provider) => Tls12CipherSuite {
|
||||
match &provider::cipher_suite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 {
|
||||
SupportedCipherSuite::Tls12(original) => Tls12CipherSuite {
|
||||
common: CipherSuiteCommon {
|
||||
suite: CipherSuite::TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
..provider.common
|
||||
..original.common
|
||||
},
|
||||
kx: KeyExchangeAlgorithm::DHE,
|
||||
..**provider
|
||||
..**original
|
||||
},
|
||||
_ => unreachable!(),
|
||||
};
|
||||
|
|
|
|||
|
|
@ -4,8 +4,7 @@ use std::net::{TcpListener, TcpStream};
|
|||
use std::sync::Arc;
|
||||
use std::{str, thread};
|
||||
|
||||
use rustls::crypto::ring::default_provider;
|
||||
use rustls::crypto::CryptoProvider;
|
||||
use rustls::crypto::{ring as provider, CryptoProvider};
|
||||
use rustls::version::{TLS12, TLS13};
|
||||
use rustls::{ClientConfig, RootCertStore, ServerConfig, SupportedProtocolVersion};
|
||||
use rustls_pemfile::Item;
|
||||
|
|
@ -211,10 +210,10 @@ fn ffdhe_provider() -> CryptoProvider {
|
|||
CryptoProvider {
|
||||
cipher_suites: vec![
|
||||
ffdhe::TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
rustls::crypto::ring::cipher_suite::TLS13_AES_128_GCM_SHA256,
|
||||
provider::cipher_suite::TLS13_AES_128_GCM_SHA256,
|
||||
],
|
||||
kx_groups: vec![&FfdheKxGroup(rustls::NamedGroup::FFDHE2048)],
|
||||
..default_provider()
|
||||
..provider::default_provider()
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue