-
Notifications
You must be signed in to change notification settings - Fork 612
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
aws-lc-rs: consume new TLS-specific APIs #1586
Conversation
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## main #1586 +/- ##
==========================================
- Coverage 95.90% 95.73% -0.18%
==========================================
Files 77 79 +2
Lines 15742 16188 +446
==========================================
+ Hits 15098 15498 +400
- Misses 644 690 +46 ☔ View full report in Codecov by Sentry. |
looking at why the coverage is so bad for this edit: it was feature unification again :( |
37d7467
to
b96b8c3
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here's some initial comments, nothing major!
0bd10a7
to
52887f8
Compare
c994676
to
b53915b
Compare
e958880
to
77ae2c0
Compare
Hm, I think the aws-lc-sys bump in this branch broke the min versions check:
I think the upstream crate needs to specify a diff min version in https://github.com/aws/aws-lc-rs/blob/cb030a33fb22cba4441f2b2d17e3c1c702c39895/aws-lc-sys/Cargo.toml#L55C15-L55C15 ? |
Indeed -- have dropped a note on aws/aws-lc-rs@27d447f#r132855645 |
Would be good to rebase this? |
de8e6c1
to
e13d6ac
Compare
Done!
About to open a PR there for this, but in the meantime #1601 made this irrelevent. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 👍
aws-lc-rs 1.5 tracked this API change.
This became unused outside of tests, so isn't really paying its rent.
This is necessary if implementations want to keep state between calls -- (eg, *ring*'s `aead::OpeningKey`). The next commit takes advantage of this.
Because this API is not available for chacha20-poly1305, we keep the old aead::UnboundKey implementation for use by that.
This is not useful.
e13d6ac
to
2431bf1
Compare
aws-lc-rs 1.4 adds some TLS-specific APIs which are implemented inside in the FIPS boundary:
This PR moves to using those.