Relatively uninteresting test/examples changes for previous commit

rustls · Sep 13, 2023 · f5ca822 · f5ca822
1 parent fb59fd4
commit f5ca822
Show file tree

Hide file tree

Showing 16 changed files with 120 additions and 151 deletions.
diff --git a/ci-bench/src/main.rs b/ci-bench/src/main.rs
@@ -14,7 +14,6 @@ use itertools::Itertools;
 use rayon::iter::Either;
 use rayon::prelude::*;
 use rustls::client::Resumption;
-use rustls::crypto::ring::Ring;
 use rustls::server::{NoServerSessionStorage, ServerSessionMemoryCache, WebPkiClientVerifier};
 use rustls::{
     ClientConfig, ClientConnection, ProtocolVersion, RootCertStore, ServerConfig, ServerConnection,
@@ -345,11 +344,11 @@ struct StepperIO<'a> {
 struct ClientSideStepper<'a> {
     io: StepperIO<'a>,
     resumption_kind: ResumptionKind,
-    config: Arc<ClientConfig<Ring>>,
+    config: Arc<ClientConfig>,
 }
 
 impl ClientSideStepper<'_> {
-    fn make_config(params: &BenchmarkParams, resume: ResumptionKind) -> Arc<ClientConfig<Ring>> {
+    fn make_config(params: &BenchmarkParams, resume: ResumptionKind) -> Arc<ClientConfig> {
         assert_eq!(params.ciphersuite.version(), params.version);
         let mut root_store = RootCertStore::empty();
         let mut rootbuf =
@@ -422,11 +421,11 @@ impl BenchStepper for ClientSideStepper<'_> {
 /// A benchmark stepper for the server-side of the connection
 struct ServerSideStepper<'a> {
     io: StepperIO<'a>,
-    config: Arc<ServerConfig<Ring>>,
+    config: Arc<ServerConfig>,
 }
 
 impl ServerSideStepper<'_> {
-    fn make_config(params: &BenchmarkParams, resume: ResumptionKind) -> Arc<ServerConfig<Ring>> {
+    fn make_config(params: &BenchmarkParams, resume: ResumptionKind) -> Arc<ServerConfig> {
         assert_eq!(params.ciphersuite.version(), params.version);
 
         let mut cfg = ServerConfig::builder()

diff --git a/examples/src/bin/limitedclient.rs b/examples/src/bin/limitedclient.rs
@@ -6,8 +6,6 @@ use std::io::{stdout, Read, Write};
 use std::net::TcpStream;
 use std::sync::Arc;
 
-use rustls::crypto::ring::Ring;
-
 fn main() {
     let mut root_store = rustls::RootCertStore::empty();
     root_store.extend(
@@ -16,7 +14,7 @@ fn main() {
             .cloned(),
     );
 
-    let config = rustls::ClientConfig::<Ring>::builder()
+    let config = rustls::ClientConfig::builder()
         .with_cipher_suites(&[rustls::cipher_suite::TLS13_CHACHA20_POLY1305_SHA256])
         .with_kx_groups(&[rustls::kx_group::X25519])
         .with_protocol_versions(&[&rustls::version::TLS13])

diff --git a/examples/src/bin/server_acceptor.rs b/examples/src/bin/server_acceptor.rs
@@ -16,7 +16,6 @@ use docopt::Docopt;
 use pki_types::{CertificateDer, CertificateRevocationListDer, PrivateKeyDer, PrivatePkcs8KeyDer};
 use serde_derive::Deserialize;
 
-use rustls::crypto::CryptoProvider;
 use rustls::server::{Acceptor, ClientHello, ServerConfig, WebPkiClientVerifier};
 use rustls::RootCertStore;
 
@@ -123,8 +122,7 @@ fn main() {
 
         // Generate a server config for the accepted connection, optionally customizing the
         // configuration based on the client hello.
-        let config = test_pki
-            .server_config::<rustls::crypto::ring::Ring>(&crl_path, accepted.client_hello());
+        let config = test_pki.server_config(&crl_path, accepted.client_hello());
         let mut conn = accepted
             .into_connection(config)
             .unwrap();
@@ -210,11 +208,7 @@ impl TestPki {
     ///
     /// Since the presented client certificate is not available in the `ClientHello` the server
     /// must know ahead of time which CRLs it cares about.
-    fn server_config<C: CryptoProvider>(
-        &self,
-        crl_path: &str,
-        _hello: ClientHello,
-    ) -> Arc<ServerConfig<C>> {
+    fn server_config(&self, crl_path: &str, _hello: ClientHello) -> Arc<ServerConfig> {
         // Read the latest CRL from disk. The CRL is being periodically updated by the crl_updater
         // thread.
         let mut crl_file = File::open(crl_path).unwrap();

diff --git a/examples/src/bin/simple_0rtt_client.rs b/examples/src/bin/simple_0rtt_client.rs
@@ -2,11 +2,9 @@ use std::io::{BufRead, BufReader, Write};
 use std::net::TcpStream;
 use std::sync::Arc;
 
-use rustls::crypto::ring::Ring;
-use rustls::crypto::CryptoProvider;
 use rustls::RootCertStore;
 
-fn start_connection(config: &Arc<rustls::ClientConfig<impl CryptoProvider>>, domain_name: &str) {
+fn start_connection(config: &Arc<rustls::ClientConfig>, domain_name: &str) {
     let server_name = domain_name
         .try_into()
         .expect("invalid DNS name");
@@ -65,7 +63,7 @@ fn main() {
             .cloned(),
     );
 
-    let mut config = rustls::ClientConfig::<Ring>::builder()
+    let mut config = rustls::ClientConfig::builder()
         .with_safe_defaults()
         .with_root_certificates(root_store)
         .with_no_client_auth();

diff --git a/examples/src/bin/simpleclient.rs b/examples/src/bin/simpleclient.rs
@@ -12,7 +12,6 @@ use std::io::{stdout, Read, Write};
 use std::net::TcpStream;
 use std::sync::Arc;
 
-use rustls::crypto::ring::Ring;
 use rustls::RootCertStore;
 
 fn main() {
@@ -22,7 +21,7 @@ fn main() {
             .iter()
             .cloned(),
     );
-    let mut config = rustls::ClientConfig::<Ring>::builder()
+    let mut config = rustls::ClientConfig::builder()
         .with_safe_defaults()
         .with_root_certificates(root_store)
         .with_no_client_auth();

diff --git a/examples/src/bin/tlsclient-mio.rs b/examples/src/bin/tlsclient-mio.rs
@@ -8,8 +8,6 @@ use mio::net::TcpStream;
 use pki_types::{CertificateDer, PrivateKeyDer};
 use serde::Deserialize;
 
-use rustls::crypto::ring::Ring;
-use rustls::crypto::CryptoProvider;
 use rustls::RootCertStore;
 
 const CLIENT: mio::Token = mio::Token(0);
@@ -27,7 +25,7 @@ impl TlsClient {
     fn new(
         sock: TcpStream,
         server_name: rustls::ServerName,
-        cfg: Arc<rustls::ClientConfig<impl CryptoProvider>>,
+        cfg: Arc<rustls::ClientConfig>,
     ) -> Self {
         Self {
             socket: sock,
@@ -356,22 +354,22 @@ mod danger {
 }
 
 #[cfg(feature = "dangerous_configuration")]
-fn apply_dangerous_options(args: &Args, cfg: &mut rustls::ClientConfig<impl CryptoProvider>) {
+fn apply_dangerous_options(args: &Args, cfg: &mut rustls::ClientConfig) {
     if args.flag_insecure {
         cfg.dangerous()
             .set_certificate_verifier(Arc::new(danger::NoCertificateVerification {}));
     }
 }
 
 #[cfg(not(feature = "dangerous_configuration"))]
-fn apply_dangerous_options(args: &Args, _: &mut rustls::ClientConfig<impl CryptoProvider>) {
+fn apply_dangerous_options(args: &Args, _: &mut rustls::ClientConfig) {
     if args.flag_insecure {
         panic!("This build does not support --insecure.");
     }
 }
 
 /// Build a `ClientConfig` from our arguments
-fn make_config(args: &Args) -> Arc<rustls::ClientConfig<Ring>> {
+fn make_config(args: &Args) -> Arc<rustls::ClientConfig> {
     let mut root_store = RootCertStore::empty();
 
     if args.flag_cafile.is_some() {

diff --git a/examples/src/bin/tlsserver-mio.rs b/examples/src/bin/tlsserver-mio.rs
@@ -9,7 +9,6 @@ use mio::net::{TcpListener, TcpStream};
 use pki_types::{CertificateDer, CertificateRevocationListDer, PrivateKeyDer};
 use serde::Deserialize;
 
-use rustls::crypto::ring::Ring;
 use rustls::server::WebPkiClientVerifier;
 use rustls::{self, RootCertStore};
 
@@ -36,12 +35,12 @@ struct TlsServer {
     server: TcpListener,
     connections: HashMap<mio::Token, OpenConnection>,
     next_id: usize,
-    tls_config: Arc<rustls::ServerConfig<Ring>>,
+    tls_config: Arc<rustls::ServerConfig>,
     mode: ServerMode,
 }
 
 impl TlsServer {
-    fn new(server: TcpListener, mode: ServerMode, cfg: Arc<rustls::ServerConfig<Ring>>) -> Self {
+    fn new(server: TcpListener, mode: ServerMode, cfg: Arc<rustls::ServerConfig>) -> Self {
         Self {
             server,
             connections: HashMap::new(),
@@ -557,7 +556,7 @@ fn load_crls(filenames: &[String]) -> Vec<CertificateRevocationListDer<'static>>
         .collect()
 }
 
-fn make_config(args: &Args) -> Arc<rustls::ServerConfig<Ring>> {
+fn make_config(args: &Args) -> Arc<rustls::ServerConfig> {
     let client_auth = if args.flag_auth.is_some() {
         let roots = load_certs(args.flag_auth.as_ref().unwrap());
         let mut client_auth_roots = RootCertStore::empty();

diff --git a/provider-example/examples/client.rs b/provider-example/examples/client.rs
@@ -2,7 +2,7 @@ use std::io::{stdout, Read, Write};
 use std::net::TcpStream;
 use std::sync::Arc;
 
-use rustls_provider_example::Provider;
+use rustls_provider_example::{certificate_verifier, PROVIDER};
 
 fn main() {
     env_logger::init();
@@ -14,9 +14,9 @@ fn main() {
             .cloned(),
     );
 
-    let config = rustls::ClientConfig::<Provider>::builder()
+    let config = rustls::ClientConfig::builder_with_provider(PROVIDER)
         .with_safe_defaults()
-        .with_custom_certificate_verifier(Provider::certificate_verifier(root_store))
+        .with_custom_certificate_verifier(certificate_verifier(root_store))
         .with_no_client_auth();
 
     let server_name = "www.rust-lang.org".try_into().unwrap();

diff --git a/provider-example/src/lib.rs b/provider-example/src/lib.rs
@@ -6,36 +6,28 @@ mod hmac;
 mod kx;
 mod verify;
 
-pub struct Provider;
-
-impl Provider {
-    pub fn certificate_verifier(
-        roots: rustls::RootCertStore,
-    ) -> Arc<dyn rustls::client::ServerCertVerifier> {
-        Arc::new(rustls::client::WebPkiServerVerifier::new_with_algorithms(
-            roots,
-            verify::ALGORITHMS,
-        ))
-    }
-}
+#[derive(Debug)]
+struct Provider;
 
 impl rustls::crypto::CryptoProvider for Provider {
-    fn fill_random(bytes: &mut [u8]) -> Result<(), rustls::crypto::GetRandomFailed> {
+    fn fill_random(&self, bytes: &mut [u8]) -> Result<(), rustls::crypto::GetRandomFailed> {
         use rand_core::RngCore;
         rand_core::OsRng
             .try_fill_bytes(bytes)
             .map_err(|_| rustls::crypto::GetRandomFailed)
     }
 
-    fn default_cipher_suites() -> &'static [rustls::SupportedCipherSuite] {
+    fn default_cipher_suites(&self) -> &'static [rustls::SupportedCipherSuite] {
         ALL_CIPHER_SUITES
     }
 
-    fn default_kx_groups() -> &'static [&'static dyn rustls::SupportedKxGroup] {
-        &kx::ALL_KX_GROUPS
+    fn default_kx_groups(&self) -> &'static [&'static dyn rustls::SupportedKxGroup] {
+        kx::ALL_KX_GROUPS
     }
 }
 
+pub static PROVIDER: &'static dyn rustls::crypto::CryptoProvider = &Provider;
+
 static ALL_CIPHER_SUITES: &[rustls::SupportedCipherSuite] = &[
     TLS13_CHACHA20_POLY1305_SHA256,
     TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
@@ -65,3 +57,12 @@ pub static TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: rustls::SupportedCipherS
         hmac_provider: &hmac::Sha256Hmac,
         aead_alg: &aead::Chacha20Poly1305,
     });
+
+pub fn certificate_verifier(
+    roots: rustls::RootCertStore,
+) -> Arc<dyn rustls::client::ServerCertVerifier> {
+    Arc::new(rustls::client::WebPkiServerVerifier::new_with_algorithms(
+        roots,
+        verify::ALGORITHMS,
+    ))
+}
diff --git a/rustls/examples/internal/bench.rs b/rustls/examples/internal/bench.rs
@@ -14,7 +14,6 @@ use std::time::{Duration, Instant};
 use pki_types::{CertificateDer, PrivateKeyDer};
 
 use rustls::client::Resumption;
-use rustls::crypto::ring::Ring;
 use rustls::server::{NoServerSessionStorage, ServerSessionMemoryCache, WebPkiClientVerifier};
 use rustls::RootCertStore;
 use rustls::Ticketer;
@@ -293,7 +292,7 @@ fn make_server_config(
     client_auth: ClientAuth,
     resume: ResumptionParam,
     max_fragment_size: Option<usize>,
-) -> ServerConfig<Ring> {
+) -> ServerConfig {
     let client_auth = match client_auth {
         ClientAuth::Yes => {
             let roots = params.key_type.get_chain();
@@ -333,7 +332,7 @@ fn make_client_config(
     params: &BenchmarkParam,
     clientauth: ClientAuth,
     resume: ResumptionParam,
-) -> ClientConfig<Ring> {
+) -> ClientConfig {
     let mut root_store = RootCertStore::empty();
     let mut rootbuf =
         io::BufReader::new(fs::File::open(params.key_type.path_for("ca.cert")).unwrap());

diff --git a/rustls/examples/internal/bogo_shim.rs b/rustls/examples/internal/bogo_shim.rs
@@ -7,8 +7,6 @@
 use rustls::client::{
     ClientConfig, ClientConnection, HandshakeSignatureValid, Resumption, WebPkiServerVerifier,
 };
-use rustls::crypto::ring::Ring;
-use rustls::crypto::CryptoProvider;
 use rustls::internal::msgs::codec::Codec;
 use rustls::internal::msgs::persist;
 use rustls::server::{ClientHello, ServerConfig, ServerConnection};
@@ -427,7 +425,7 @@ impl server::StoresServerSessions for ServerCacheWithResumptionDelay {
     }
 }
 
-fn make_server_cfg(opts: &Options) -> Arc<ServerConfig<Ring>> {
+fn make_server_cfg(opts: &Options) -> Arc<ServerConfig> {
     let client_auth =
         if opts.verify_peer || opts.offer_no_client_cas || opts.require_any_client_cert {
             Arc::new(DummyClientAuth {
@@ -555,7 +553,7 @@ impl client::ClientSessionStore for ClientCacheWithoutKxHints {
     }
 }
 
-fn make_client_cfg(opts: &Options) -> Arc<ClientConfig<Ring>> {
+fn make_client_cfg(opts: &Options) -> Arc<ClientConfig> {
     let kx_groups = if let Some(curves) = &opts.curves {
         curves
             .iter()
@@ -1237,8 +1235,8 @@ fn main() {
 
     fn make_session(
         opts: &Options,
-        scfg: &Option<Arc<ServerConfig<impl CryptoProvider>>>,
-        ccfg: &Option<Arc<ClientConfig<impl CryptoProvider>>>,
+        scfg: &Option<Arc<ServerConfig>>,
+        ccfg: &Option<Arc<ClientConfig>>,
     ) -> Connection {
         assert!(opts.quic_transport_params.is_empty());
         assert!(opts

diff --git a/rustls/src/builder.rs b/rustls/src/builder.rs
@@ -165,21 +165,14 @@ pub struct ConfigBuilder<Side: ConfigSide, State> {
 impl<Side: ConfigSide, State: fmt::Debug> fmt::Debug for ConfigBuilder<Side, State> {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
         let side_name = core::any::type_name::<Side>();
-        let (ty, param) = side_name
+        let (ty, _) = side_name
             .split_once('<')
             .unwrap_or((side_name, ""));
         let (_, name) = ty.rsplit_once("::").unwrap_or(("", ty));
-        let (_, param) = param
-            .rsplit_once("::")
-            .unwrap_or(("", param));
 
-        f.debug_struct(&format!(
-            "ConfigBuilder<{}<{}>, _>",
-            name,
-            param.trim_end_matches('>')
-        ))
-        .field("state", &self.state)
-        .finish()
+        f.debug_struct(&format!("ConfigBuilder<{}, _>", name,))
+            .field("state", &self.state)
+            .finish()
     }
 }
 

diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs
@@ -119,7 +119,7 @@
 //! ```rust,no_run
 //! # #[cfg(feature = "ring")] {
 //! # let root_store: rustls::RootCertStore = panic!();
-//! let config = rustls::ClientConfig::<rustls::crypto::ring::Ring>::builder()
+//! let config = rustls::ClientConfig::builder()
 //!     .with_safe_defaults()
 //!     .with_root_certificates(root_store)
 //!     .with_no_client_auth();
@@ -140,7 +140,7 @@
 //! #      .iter()
 //! #      .cloned()
 //! # );
-//! # let config = rustls::ClientConfig::<rustls::crypto::ring::Ring>::builder()
+//! # let config = rustls::ClientConfig::builder()
 //! #     .with_safe_defaults()
 //! #     .with_root_certificates(root_store)
 //! #     .with_no_client_auth();
@@ -175,7 +175,7 @@
 //!
 //! ```rust,no_run
 //! # #[cfg(feature = "ring")] {
-//! # let mut client = rustls::ClientConnection::new::<rustls::crypto::ring::Ring>(panic!(), panic!()).unwrap();
+//! # let mut client = rustls::ClientConnection::new(panic!(), panic!()).unwrap();
 //! # struct Socket { }
 //! # impl Socket {
 //! #   fn ready_for_write(&self) -> bool { false }