New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use dynamic dispatch for CryptoProvider
#1448
Conversation
Codecov Report
@@ Coverage Diff @@
## main #1448 +/- ##
==========================================
+ Coverage 96.43% 96.46% +0.03%
==========================================
Files 72 71 -1
Lines 15161 15232 +71
==========================================
+ Hits 14620 14694 +74
+ Misses 541 538 -3
... and 5 files with indirect coverage changes 📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
847d74c
to
d204c06
Compare
94d79cf
to
941b132
Compare
937bb0c
to
78295cf
Compare
069057b
to
f5ca822
Compare
This is pretty good. I already hacked around hyper-rustls and tokio-rustls to target this patchset as a proof-of-concept to demonstrate how this would impact existing code, and how to port them. |
a0dec93
to
11fd16d
Compare
0a02600
to
cd84676
Compare
This turns `SupportedKxGroup` into a trait, which can tell you which `NamedGroup` it is, and `start()` an `ActiveKeyExchange`. An `ActiveKeyExchange` represents the need for the peer's public key which can be passed to `ActiveKeyExchange::complete`. Unfortunately we can't be generic at compile-time over the various uses of the resulting shared secret, so define a further type which encapsulates the resulting shared secret. Predefined key exchange algorithms (eg `rustls::kx_group::X25519`) are now `&'static dyn rustls::SupportedKxGroup`. The remainder of this commit is noise as much code ceased needing to be generic of CryptoProvider (for its `KeyExchange` associated type).
Instead of the type `rustls::crypto::ring::Ring`, the value `rustls::crypto::ring::RING` implements this, and is more entertaining to write. `ServerConfig::builder()` references this by default, and is equivalent to `ServerConfig::builder_with_provider(crypto::ring::RING)`.
cd84676
to
a5cc25b
Compare
The
ClientConfig::builder()
API is restored and suitable for most uses, but now is conditional on thering
crate feature.ClientConfig::builder_with_provider(&'static dyn CryptoProvider)
is unconditionally provided for being explicit or use with custom providers.Consumers can make their choice explicit:
(this is durable to changes in our defaults changing the meaning of
ClientConfig::builder()
.)fixes #1409