-
Notifications
You must be signed in to change notification settings - Fork 590
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make *ring* optional, and demonstrate how alternatives would be integrated #1405
Merged
Commits on Sep 13, 2023
-
Configuration menu - View commit details
-
Copy full SHA for e7b1a36 - Browse repository at this point
Copy the full SHA e7b1a36View commit details -
Configuration menu - View commit details
-
Copy full SHA for eeee58b - Browse repository at this point
Copy the full SHA eeee58bView commit details -
Configuration menu - View commit details
-
Copy full SHA for db7aebc - Browse repository at this point
Copy the full SHA db7aebcView commit details -
Make *ring* an optional dependency
Using the crate without this feature means something external needs to provide all the cryptography, and (eg) convenient integrated key loading APIs disappear.
Configuration menu - View commit details
-
Copy full SHA for 6ed9920 - Browse repository at this point
Copy the full SHA 6ed9920View commit details -
Allow control of which
pki_types::SignatureVerificationAlgorithm
s a……re used The prior arrangements are still available (and the default), if the crate is built with the *ring* feature. `WebPkiSupportedAlgorithms` is a new structure (designed for static construction, and direct use in webpki calls) that links `pki_types::SignatureVerificationAlgorithm`s to their corresponding TLS `SignatureScheme`. This replaces the hardcoded mappings in `fn convert_scheme` etc.
Configuration menu - View commit details
-
Copy full SHA for 19e4fa6 - Browse repository at this point
Copy the full SHA 19e4fa6View commit details -
Configuration menu - View commit details
-
Copy full SHA for 52ff7a6 - Browse repository at this point
Copy the full SHA 52ff7a6View commit details -
OpaqueMessage: privatize payload type
This removes a further need for `Payload` to be understood outside this crate. `payload()` allows immutable access as a slice, `payload_mut()` allows mutable access to the underlying vec (such as needed to decrypt the message without a copy).
Configuration menu - View commit details
-
Copy full SHA for ea5fa26 - Browse repository at this point
Copy the full SHA ea5fa26View commit details -
Configuration menu - View commit details
-
Copy full SHA for e72e155 - Browse repository at this point
Copy the full SHA e72e155View commit details -
Add demonstration of custom crypto
This is an example that builds a mostly-unchanged rustls example (simpleclient), but only using crypto from the rust-crypto project and elsewhere. This is intended to be minimalistic, and not a complete replacement for *ring*. It implements: - TLS1.3 TLS13_CHACHA20_POLY1305_SHA256 cipher suite. - TLS1.2 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 cipher suite. - X25519 key exchange. - RSA-PSS-SHA256 and RSA-PKCS1-SHA256 signature verification for verifying the server, integrated into the webpki crate. - random generation using `rand_core`. This means it can fetch www.rust-lang.org. TLS1.2 is not strictly necessary for this server, but serves to demonstrate that part of the API.
Configuration menu - View commit details
-
Copy full SHA for 78295cf - Browse repository at this point
Copy the full SHA 78295cfView commit details
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.