mirror of https://github.com/ctz/rustls
b92fd839e3
This commit replaces the existing `CryptoProvider` trait with a `CryptoProvider` struct. This has several advantages: * it consolidates all of the cryptography related settings into one API surface, the `CryptoProvider` struct members. Previously the provider had methods to suggest default ciphersuites, key exchanges etc, but the builder API methods could override them in confusing ways. * it allows removing the `WantsCipherSuites` and `WantsKxGroups` builder states - the "safe defaults" are automatically supplied by the choice of a crypto provider. Customization is achieved by overriding the provider's struct fields. Having fewer builder states makes the API easier to understand and document. * it makes customization easier: the end user can rely on "struct update syntax"[0] to only specify fields values for the required customization, and defer the rest to an existing `CryptoProvider`. Achieving this requires a couple of additional changes: * The cipher suite and key exchange groups are now expressed as `Vec` elements. This avoids imposing a `&'static` lifetime that would preclude runtime customization (e.g. the tls*-mio examples that build the list of ciphersuites at runtime based on command line flags). * As a result of the `Vec` members we can no longer offer the concrete `CryptoProvider`s as `static` members of their respective modules. Instead we add `pub fn default_provider() -> CryptoProvider` methods to the `ring` and `aws-lc-rs` module that construct the `CryptoProvider` with the safe defaults, ready for further customization. [0]: https://doc.rust-lang.org/book/ch05-01-defining-structs.html#creating-instances-from-other-instances-with-struct-update-syntax |
||
---|---|---|
.. | ||
bench.rs | ||
bench_impl.rs | ||
bogo_shim.rs | ||
bogo_shim_impl.rs |