From b4ea7ce58b1e7a4c92d062af20a88543b9238bb5 Mon Sep 17 00:00:00 2001 From: "@brody4hire - C. Jonathan Brody" Date: Mon, 3 Feb 2025 21:10:51 -0500 Subject: [PATCH] start fork: portable-rustls (0.0.1-dev) with doc TODOs --- .github/workflows/build.yml | 18 ++-- .github/workflows/docs.yml | 35 +------ BENCHMARKING.md | 2 + CHANGELOG.md | 5 + CODE_OF_CONDUCT.md | 6 ++ CONTRIBUTING.md | 18 +++- Cargo.lock | 90 +++++++++--------- Cargo.toml | 11 +++ README.md | 50 ++++++++++ RELEASING.md | 13 +++ ROADMAP.md | 4 + SECURITY.md | 21 ++++ admin/clippy | 4 +- admin/coverage | 4 +- bogo/Cargo.toml | 3 +- ci-bench/Cargo.toml | 3 +- connect-tests/Cargo.toml | 3 +- examples/Cargo.toml | 3 +- fuzz/Cargo.lock | 28 +++--- fuzz/Cargo.toml | 7 +- openssl-tests/Cargo.toml | 3 +- provider-example/Cargo.toml | 6 +- rustls-bench/Cargo.toml | 2 +- rustls-fuzzing-provider/Cargo.toml | 6 +- rustls-post-quantum/Cargo.toml | 6 +- rustls-post-quantum/README.md | 3 + rustls-provider-test/Cargo.toml | 3 +- rustls/Cargo.toml | 11 ++- rustls/benches/benchmarks.rs | 2 + rustls/src/builder.rs | 4 + rustls/src/crypto/mod.rs | 3 + rustls/src/lib.rs | 19 +++- rustls/src/server/server_conn.rs | 1 + rustls/src/webpki/client_verifier.rs | 4 + rustls/tests/api.rs | 1 + rustls/tests/api_ffdhe.rs | 2 + rustls/tests/client_cert_verifier.rs | 1 + rustls/tests/common/mod.rs | 1 + rustls/tests/ech.rs | 1 + rustls/tests/key_log_file_env.rs | 2 + rustls/tests/process_provider.rs | 1 + rustls/tests/runners/macros.rs | 4 +- rustls/tests/server_cert_verifier.rs | 1 + rustls/tests/unbuffered.rs | 1 + test-ca/README.md | 5 +- .../website}/README.md | 0 .../website}/config.toml | 0 .../content/perf/2024-10-18-report.md | 0 .../website}/content/perf/2024-10-31-arm64.md | 0 .../perf/2024-11-28-threading/full-server.svg | 0 .../perf/2024-11-28-threading/htop-80-99.png | Bin .../perf/2024-11-28-threading/index.md | 0 .../latency-fullhs-tls12-server.svg | 0 .../latency-fullhs-tls13-server.svg | 0 .../latency-resume-tls12-server.svg | 0 .../latency-resume-tls13-server.svg | 0 .../resumed-12-server-postfix.svg | 0 .../resumed-12-server.svg | 0 .../resumed-13-server-postfix.svg | 0 .../resumed-13-server.svg | 0 .../perf/2024-12-17-pq-kx/hybrid-both.svg | 0 .../perf/2024-12-17-pq-kx/hybrid-only.svg | 0 .../perf/2024-12-17-pq-kx/hybrid-opt.svg | 0 .../content/perf/2024-12-17-pq-kx/index.md | 0 .../2024-12-17-pq-kx/microbench-amd64.svg | 0 .../2024-12-17-pq-kx/microbench-arm64.svg | 0 .../tls13-client-hs-openssl.svg | 0 .../perf/2024-12-17-pq-kx/tls13-client-hs.svg | 0 .../tls13-server-hs-openssl.svg | 0 .../website}/content/perf/_index.md | 0 .../static/2024-10-18-full-handshake.png | Bin .../static/2024-10-18-resumed-handshake.png | Bin .../website}/static/2024-10-18-transfer.png | Bin .../static/2024-10-31-full-handshake.svg | 0 .../static/2024-10-31-resumed-handshake.svg | 0 .../website}/static/2024-10-31-transfer.svg | 0 .../static/GeneralSans-Variable.woff2 | Bin .../website}/static/rustls-ferris.png | Bin .../website}/static/style.css | 0 .../website}/templates/base.html | 0 .../website}/templates/index.html | 0 .../website}/templates/macros.html | 0 .../website}/templates/report-page.html | 0 .../website}/templates/reports.html | 0 84 files changed, 288 insertions(+), 133 deletions(-) rename {website => upstream-archived/website}/README.md (100%) rename {website => upstream-archived/website}/config.toml (100%) rename {website => upstream-archived/website}/content/perf/2024-10-18-report.md (100%) rename {website => upstream-archived/website}/content/perf/2024-10-31-arm64.md (100%) rename {website => upstream-archived/website}/content/perf/2024-11-28-threading/full-server.svg (100%) rename {website => upstream-archived/website}/content/perf/2024-11-28-threading/htop-80-99.png (100%) rename {website => upstream-archived/website}/content/perf/2024-11-28-threading/index.md (100%) rename {website => upstream-archived/website}/content/perf/2024-11-28-threading/latency-fullhs-tls12-server.svg (100%) rename {website => upstream-archived/website}/content/perf/2024-11-28-threading/latency-fullhs-tls13-server.svg (100%) rename {website => upstream-archived/website}/content/perf/2024-11-28-threading/latency-resume-tls12-server.svg (100%) rename {website => upstream-archived/website}/content/perf/2024-11-28-threading/latency-resume-tls13-server.svg (100%) rename {website => upstream-archived/website}/content/perf/2024-11-28-threading/resumed-12-server-postfix.svg (100%) rename {website => upstream-archived/website}/content/perf/2024-11-28-threading/resumed-12-server.svg (100%) rename {website => upstream-archived/website}/content/perf/2024-11-28-threading/resumed-13-server-postfix.svg (100%) rename {website => upstream-archived/website}/content/perf/2024-11-28-threading/resumed-13-server.svg (100%) rename {website => upstream-archived/website}/content/perf/2024-12-17-pq-kx/hybrid-both.svg (100%) rename {website => upstream-archived/website}/content/perf/2024-12-17-pq-kx/hybrid-only.svg (100%) rename {website => upstream-archived/website}/content/perf/2024-12-17-pq-kx/hybrid-opt.svg (100%) rename {website => upstream-archived/website}/content/perf/2024-12-17-pq-kx/index.md (100%) rename {website => upstream-archived/website}/content/perf/2024-12-17-pq-kx/microbench-amd64.svg (100%) rename {website => upstream-archived/website}/content/perf/2024-12-17-pq-kx/microbench-arm64.svg (100%) rename {website => upstream-archived/website}/content/perf/2024-12-17-pq-kx/tls13-client-hs-openssl.svg (100%) rename {website => upstream-archived/website}/content/perf/2024-12-17-pq-kx/tls13-client-hs.svg (100%) rename {website => upstream-archived/website}/content/perf/2024-12-17-pq-kx/tls13-server-hs-openssl.svg (100%) rename {website => upstream-archived/website}/content/perf/_index.md (100%) rename {website => upstream-archived/website}/static/2024-10-18-full-handshake.png (100%) rename {website => upstream-archived/website}/static/2024-10-18-resumed-handshake.png (100%) rename {website => upstream-archived/website}/static/2024-10-18-transfer.png (100%) rename {website => upstream-archived/website}/static/2024-10-31-full-handshake.svg (100%) rename {website => upstream-archived/website}/static/2024-10-31-resumed-handshake.svg (100%) rename {website => upstream-archived/website}/static/2024-10-31-transfer.svg (100%) rename {website => upstream-archived/website}/static/GeneralSans-Variable.woff2 (100%) rename {website => upstream-archived/website}/static/rustls-ferris.png (100%) rename {website => upstream-archived/website}/static/style.css (100%) rename {website => upstream-archived/website}/templates/base.html (100%) rename {website => upstream-archived/website}/templates/index.html (100%) rename {website => upstream-archived/website}/templates/macros.html (100%) rename {website => upstream-archived/website}/templates/report-page.html (100%) rename {website => upstream-archived/website}/templates/reports.html (100%) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 53a01290b45..517d00c572a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -113,8 +113,8 @@ jobs: - name: cargo test (debug; rustls-provider-test; all features) run: cargo test --all-features -p rustls-provider-test - - name: cargo package --all-features -p rustls - run: cargo package --all-features -p rustls + - name: cargo package --all-features -p portable-rustls + run: cargo package --all-features -p portable-rustls msrv: name: MSRV @@ -130,13 +130,13 @@ jobs: toolchain: "1.71" # zlib-rs is optional and requires a later MSRV - - run: cargo check --locked --lib $(admin/all-features-except zlib rustls) -p rustls + - run: cargo check --locked --lib $(admin/all-features-except zlib rustls) -p portable-rustls - uses: dtolnay/rust-toolchain@master with: toolchain: "1.75" - - run: cargo check --locked --lib --all-features -p rustls + - run: cargo check --locked --lib --all-features -p portable-rustls features: name: Features @@ -295,7 +295,7 @@ jobs: uses: dtolnay/rust-toolchain@nightly - name: cargo doc (rustls; all features) - run: cargo doc --locked --all-features --no-deps --document-private-items --package rustls + run: cargo doc --locked --all-features --no-deps --document-private-items --package portable-rustls env: RUSTDOCFLAGS: -Dwarnings @@ -389,8 +389,8 @@ jobs: run: cargo install cross --git https://github.com/cross-rs/cross - name: Install bindgen feature & CLI for aws-lc-sys (as needed for many cross targets) if: ${{ matrix.target != 'i686-unknown-linux-gnu' }} - run: cargo add --dev --features bindgen 'aws-lc-sys@>0.20' --package rustls --verbose && cargo install bindgen-cli --verbose - - run: cross test --package rustls --target ${{ matrix.target }} + run: cargo add --dev --features bindgen 'aws-lc-sys@>0.20' --package portable-rustls --verbose && cargo install bindgen-cli --verbose + - run: cross test --package portable-rustls --target ${{ matrix.target }} semver: name: Check semver compatibility @@ -468,7 +468,7 @@ jobs: # is only intended for the main `rustls` crate. - run: ./admin/clippy -- --deny warnings --allow clippy::disallowed_types # - Keep the main crate free of all warnings. - - run: cargo clippy -p rustls -- --deny warnings + - run: cargo clippy -p portable-rustls -- --deny warnings clippy-nightly: name: Clippy (Nightly) @@ -492,7 +492,7 @@ jobs: # is only intended for main `rustls` crate. - run: ./admin/clippy -- --allow clippy::disallowed_types # Check the main crate for any Clippy nightly warnings, but do not deny them. - - run: cargo clippy -p rustls + - run: cargo clippy -p portable-rustls check-external-types: name: Validate external types appearing in public API diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 82f7a17d9ac..60a16e4651d 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -43,40 +43,7 @@ jobs: env: RUSTDOCFLAGS: -Dwarnings --cfg=docsrs --html-after-content tag.html - - name: Generate other pages - run: | - cd website && zola build --output-dir ../target/website/ - - - name: Restore lychee cache - uses: actions/cache@v4 - with: - path: .lycheecache - key: cache-lychee-${{ github.sha }} - restore-keys: cache-lychee- - - - name: Check links - uses: lycheeverse/lychee-action@v2 - with: - args: > - --accept 200..=204,403,429,500 - --cache - --max-cache-age 1d - --exclude-path 'website/content/' - '**/*.md' - 'target/doc/**/*.html' - fail: true - - - name: Massage rustdoc output - run: | - # lockfile causes deployment step to go wrong, due to permissions - rm -f target/doc/.lock - # move the result into website root - mv target/doc/rustls target/website/docs - - - name: Package and upload artifact - uses: actions/upload-pages-artifact@v3 - with: - path: ./target/website/ + # GONE FROM THIS FORK: Generate other pages for website (etc.) deploy: name: Deploy diff --git a/BENCHMARKING.md b/BENCHMARKING.md index 2af41f8e0f3..7b724593e09 100644 --- a/BENCHMARKING.md +++ b/BENCHMARKING.md @@ -1,5 +1,7 @@ # Benchmarking + + This repository includes benchmarks for multiple use cases. They are described below, along with information on how to run them. diff --git a/CHANGELOG.md b/CHANGELOG.md index 8f9bad952dc..73a9e5c07ab 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,9 @@ # Changelog + +TODO + + diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index 3617743d41e..b4e87983514 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -1,5 +1,11 @@ # Code of conduct + + This project adopts the [Rust Code of Conduct](https://www.rust-lang.org/policies/code-of-conduct). + + +PLEASE REPORT PRIVATELY TO A MAINTAINER OF THIS FORK IN CASE OF ANY QUESTIONS, COMMENTS, OR POSSIBLE MISCONDUCT. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 8494f34780a..0ad0d584607 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,5 +1,7 @@ # Contributing + + Thanks for considering helping this project. There are many ways you can help: using the library and reporting bugs, reporting usability issues, making additions and improvements @@ -13,10 +15,13 @@ a pcap or reproduction steps. Feel free to file github issues to get help, or ask a question. + If you believe you've found a security bug please -[open a draft security advisory](https://github.com/rustls/rustls/security/advisories/new) -in GitHub, and not as a regular repository issue. See [SECURITY.md] for more -information. +- IF SPECIFIC TO THIS FORK: REPORT PRIVATELY TO A MAINTAINER OF THIS FORK, NOT VIA PUBLIC GITHUB ISSUE, DISCUSSION or PR. +- FOR `rustls` IN GENERAL: [open a draft security advisory on `rustls` in GitHub](https://github.com/rustls/rustls/security/advisories/new) ... NOT AS A REGULAR REPOSITORY ISSUE + + +SEE [SECURITY.md] FOR MORE INFORMATION. [SECURITY.md]: SECURITY.md @@ -48,8 +53,10 @@ Our default workflow is to rebase clean commit history from a PR to `main`. ## Security bugs -Please report security bugs by [opening a draft security advisory](https://github.com/rustls/rustls/security/advisories/new) -in GitHub, and not as a regular repository issue. + +AS STATED ABOVE: +- IF SPECIFIC TO THIS FORK: REPORT PRIVATELY TO A MAINTAINER OF THIS FORK, NOT VIA PUBLIC GITHUB ISSUE, DISCUSSION or PR. +- FOR `rustls` IN GENERAL: [open a draft security advisory on `rustls` in GitHub](https://github.com/rustls/rustls/security/advisories/new) ... NOT AS A REGULAR REPOSITORY ISSUE See [SECURITY.md] for more information. @@ -467,4 +474,5 @@ assist code reviewers of end-user code. ## Licensing + Contributions are made under [rustls's licenses](LICENSE). diff --git a/Cargo.lock b/Cargo.lock index 7cd00a391e0..0b3fc1467ed 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -493,7 +493,7 @@ version = "0.1.0" dependencies = [ "base64", "env_logger", - "rustls 0.23.22", + "portable-rustls", "rustls-post-quantum", ] @@ -1315,7 +1315,7 @@ dependencies = [ "ipnet", "once_cell", "rand", - "rustls 0.23.21", + "rustls", "thiserror 2.0.11", "tinyvec", "tokio", @@ -1340,7 +1340,7 @@ dependencies = [ "parking_lot", "rand", "resolv-conf", - "rustls 0.23.21", + "rustls", "smallvec", "thiserror 1.0.69", "tokio", @@ -2170,6 +2170,37 @@ dependencies = [ "universal-hash", ] +[[package]] +name = "portable-rustls" +version = "0.0.1-dev" +dependencies = [ + "aws-lc-rs", + "base64", + "bencher", + "brotli", + "brotli-decompressor", + "env_logger", + "hashbrown", + "hex", + "log", + "macro_rules_attribute", + "num-bigint", + "once_cell", + "rcgen", + "ring", + "rustls-pki-types", + "rustls-webpki", + "rustversion", + "serde", + "serde_json", + "subtle", + "time", + "webpki-roots", + "x509-parser", + "zeroize", + "zlib-rs", +] + [[package]] name = "powerfmt" version = "0.2.0" @@ -2443,43 +2474,12 @@ dependencies = [ "zeroize", ] -[[package]] -name = "rustls" -version = "0.23.22" -dependencies = [ - "aws-lc-rs", - "base64", - "bencher", - "brotli", - "brotli-decompressor", - "env_logger", - "hashbrown", - "hex", - "log", - "macro_rules_attribute", - "num-bigint", - "once_cell", - "rcgen", - "ring", - "rustls-pki-types", - "rustls-webpki", - "rustversion", - "serde", - "serde_json", - "subtle", - "time", - "webpki-roots", - "x509-parser", - "zeroize", - "zlib-rs", -] - [[package]] name = "rustls-bench" version = "0.1.0" dependencies = [ "clap", - "rustls 0.23.22", + "portable-rustls", "rustls-post-quantum", "tikv-jemallocator", ] @@ -2495,8 +2495,8 @@ dependencies = [ "crabgrind", "fxhash", "itertools 0.14.0", + "portable-rustls", "rayon", - "rustls 0.23.22", "tikv-jemallocator", ] @@ -2505,9 +2505,9 @@ name = "rustls-connect-tests" version = "0.0.1" dependencies = [ "hickory-resolver", + "portable-rustls", "regex", "ring", - "rustls 0.23.22", "tokio", ] @@ -2521,8 +2521,8 @@ dependencies = [ "hickory-resolver", "log", "mio", + "portable-rustls", "rcgen", - "rustls 0.23.22", "serde", "tokio", "webpki-roots", @@ -2533,7 +2533,7 @@ name = "rustls-fuzzing-provider" version = "0.1.0" dependencies = [ "env_logger", - "rustls 0.23.22", + "portable-rustls", "rustls-webpki", ] @@ -2546,7 +2546,7 @@ dependencies = [ "num-bigint", "once_cell", "openssl", - "rustls 0.23.22", + "portable-rustls", ] [[package]] @@ -2557,11 +2557,11 @@ checksum = "d2bf47e6ff922db3825eb750c4e2ff784c6ff8fb9e13046ef6a1d1c5401b0b37" [[package]] name = "rustls-post-quantum" -version = "0.2.2" +version = "0.3.0-dev" dependencies = [ "criterion", "env_logger", - "rustls 0.23.22", + "portable-rustls", "webpki-roots", ] @@ -2579,10 +2579,10 @@ dependencies = [ "hpke-rs-rust-crypto", "p256", "pkcs8", + "portable-rustls", "rand_core", "rcgen", "rsa", - "rustls 0.23.22", "rustls-webpki", "sha2", "signature", @@ -2595,7 +2595,7 @@ name = "rustls-provider-test" version = "0.1.0" dependencies = [ "hex", - "rustls 0.23.22", + "portable-rustls", "rustls-provider-example", "serde", "serde_json", @@ -2970,7 +2970,7 @@ version = "0.26.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5f6d0975eaace0cf0fcadee4e4aaa5da15b5c079146f2cffb67c113be122bf37" dependencies = [ - "rustls 0.23.21", + "rustls", "tokio", ] diff --git a/Cargo.toml b/Cargo.toml index ebd8877c1dd..5876fcaab46 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,26 +1,37 @@ [workspace] members = [ # Bogo test shim + # (ADAPTED to import from updated `portable-rustls` package name in this fork) "bogo", # CI benchmarks + # (ADAPTED to import from updated `portable-rustls` package name in this fork) "ci-bench", # Network-based tests + # (ADAPTED to import from updated `portable-rustls` package name in this fork) "connect-tests", # tests and example code + # (ADAPTED to import from updated `portable-rustls` package name in this fork) "examples", # Tests that require OpenSSL + # (ADAPTED to import from updated `portable-rustls` package name in this fork) "openssl-tests", # example of custom provider + # (ADAPTED to import from updated `portable-rustls` package name in this fork) "provider-example", # the main library and tests + # (with updated package name, version, etc., updated tests & updated doc tests in this fork) "rustls", # benchmarking tool + # (ADAPTED to import from updated `portable-rustls` package name in this fork) "rustls-bench", # experimental post-quantum algorithm support + # (ADAPTED to import from updated `portable-rustls` package name in this fork, with documentation updates - kept unsupported to keep CI happy) "rustls-post-quantum", # rustls cryptography provider integration tests + # (ADAPTED to import from updated `portable-rustls` package name in this fork) "rustls-provider-test", # rustls cryptography provider for fuzzing + # (ADAPTED to import from updated `portable-rustls` package name in this fork) "rustls-fuzzing-provider", ] diff --git a/README.md b/README.md index ad5303bd4ed..88bdc84faa8 100644 --- a/README.md +++ b/README.md @@ -1,13 +1,26 @@ + + +

+ +THIS IS A FORK OF UPSTREAM RUSTLS ... Rustls is a modern TLS library written in Rust.

+ +RECOMMENDED USAGE OF THIS FORK: +* USE DEPENDENCY LIKE THIS IN `Cargo.toml`: `rustls = { package = "portable-rustls", ... }` +* IMPORT AS USUAL FROM `rustls`: `use rustls;` OR `use rustls::...` + # Status + +FROM UPSTREAM RUSTLS: Rustls is used in production at many organizations and projects. We aim to maintain reasonable API surface stability but the API may evolve as we make changes to accommodate new features or performance improvements. @@ -17,27 +30,41 @@ prevent performance regressions and to let you evaluate rustls on your target ha If you'd like to help out, please see [CONTRIBUTING.md](CONTRIBUTING.md). + ## Changelog + +TODO + + # Documentation + +TODO + + # Approach + Rustls is a TLS library that aims to provide a good level of cryptographic security, requires no configuration to achieve that security, and provides no unsafe features or obsolete cryptography by default. + Rustls implements TLS1.2 and TLS1.3 for both clients and servers. See [the full list of protocol features](https://docs.rs/rustls/latest/rustls/manual/_04_features/index.html). @@ -88,6 +115,9 @@ selected. #### Third-party providers + +NOTICE: ANY THIRD-PARTY PROVIDER WOULD NEED TO BE ADAPTED TO WORK DIRECTLY WITH THIS FORK OF RUSTLS. + The community has also started developing third-party providers for Rustls: * [`rustls-mbedtls-provider`] - a provider that uses [`mbedtls`] for cryptography. @@ -114,13 +144,20 @@ from [`RustCrypto`] for cryptography. #### Custom provider + + We also provide a simple example of writing your own provider in the [`custom-provider`] example. This example implements a minimal provider using parts of the [`RustCrypto`] ecosystem. + +HIGHLY RECOMMENDED TO LOOK INTO `provider-example` SUBDIRECTORY ([`provider-example`](provider-example/)) IN THIS FORK; SEE ESPECIALLY `provider-example/Cargo.toml`. +AS DISCUSSED ABOVE, HIGHLY RECOMMENDED TO PUT DEPENDENCY LIKE THIS INTO `Cargo.toml`: `rustls = { package = "portable-rustls" ... }` + See the [Making a custom CryptoProvider] section of the documentation for more information on this topic. + [`custom-provider`]: https://github.com/rustls/rustls/tree/main/provider-example/ [`RustCrypto`]: https://github.com/RustCrypto [Making a custom CryptoProvider]: https://docs.rs/rustls/latest/rustls/crypto/struct.CryptoProvider.html#making-a-custom-cryptoprovider @@ -132,6 +169,12 @@ Our [examples] directory contains demos that show how to handle I/O using the If you're already using Tokio for an async runtime you may prefer to use [`tokio-rustls`] instead of interacting with rustls directly. + +NOTE: SOME REFERENCES MAY NEED ADAPTATION TO WORK WITH THIS FORK + + +ADDITIONAL NOTE: `tokio-rustls` WOULD NEED TO BE ADAPTED TO WORK WITH THIS FORK. + The [`mio`] based examples are the most complete, and discussed below. Users new to Rustls may prefer to look at the simple client/server examples before diving in to the more complex MIO examples. @@ -190,6 +233,7 @@ Run `cargo run --bin tlsserver-mio -- --help` for more options. # License + Rustls is distributed under the following three licenses: - Apache License version 2.0. @@ -200,6 +244,7 @@ These are included as LICENSE-APACHE, LICENSE-MIT and LICENSE-ISC respectively. You may use this software under the terms of any of these licenses, at your option. + # Code of conduct This project adopts the [Rust Code of Conduct](https://www.rust-lang.org/policies/code-of-conduct). + + +PLEASE REPORT PRIVATELY TO A MAINTAINER OF THIS FORK IN CASE OF ANY QUESTIONS, COMMENTS, OR POSSIBLE MISCONDUCT. diff --git a/RELEASING.md b/RELEASING.md index 6b80b7cf674..f99a563345b 100644 --- a/RELEASING.md +++ b/RELEASING.md @@ -1,13 +1,17 @@ ## Before making a release + + 1. Run `cargo update` followed by `cargo outdated`, to check if we have any dependency updates which are not already automatically taken by their semver specs. - If we do, take them if possible. There should be dependabot PRs submitted for these already, but if not make separate commits for these and land those first. 2. Run the daily-tests CI workflow to check if we have any unfixed regressions. + 3. Update `rustls/Cargo.toml` to set the correct version. Then run `cargo update` again in repo root and in `fuzz/` so that lock files pick the new rustls version. 4. Make a commit with the new version number, something like 'Prepare $VERSION'. This @@ -25,6 +29,7 @@ * :x: omit any changes to dependency versions (unless these cause breaking changes). 7. Open a PR with the above commit and include the release notes in the description. Wait for review and CI to confirm it as green. + - Any red _should_ naturally block the release. - If rustc nightly is broken, this _may_ be acceptable if the reason is understood and does not point to a defect in rustls. eg, at the time of writing in releasing 0.20: @@ -35,10 +40,14 @@ ## Making a release +TODO + + ## After making a release @@ -48,6 +57,9 @@ ## Maintenance point releases +TODO + + diff --git a/ROADMAP.md b/ROADMAP.md index c9949e4b535..fcaf6ec1c2c 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -1,7 +1,9 @@ + # Rustls development roadmap ## Future priorities + Specific features, in rough order of priority: * **Address asynchronous handshake interruption**. @@ -26,6 +28,7 @@ General priorities: * **Rustls API Refinements**. Continue to improve the Rustls API. Aim for ease of use, clarity. + diff --git a/SECURITY.md b/SECURITY.md index 595d560d05a..59bcb4d37f9 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,7 +1,13 @@ # Security Policy + + ## Supported Versions + +TODO + + ### Minimum Supported Rust Version + +TODO + + #### MSRV of new dependencies @@ -59,9 +71,18 @@ MSRV than this policy. ## Reporting a Vulnerability + +PLEASE REPORT ANY SECURITY ISSUES SPECIFIC TO THIS FORK PRIVATELY TO A MAINTAINER OF THIS FORK, NOT VIA PUBLIC GITHUB ISSUE, DISCUSSION or PR. + + +FOR ANY SECURITY ISSUES WITH `rustls` IN GENERAL: Please report security bugs [via github](https://github.com/rustls/rustls/security/advisories/new). +AS STATED ABOVE: NOT VIA PUBLIC GITHUB ISSUE, DISCUSSION or PR. + + We'll then: + - Prepare a fix and regression tests. - Backport the fix and make a patch release for most recent release. - Submit an advisory to [rustsec/advisory-db](https://github.com/RustSec/advisory-db). diff --git a/admin/clippy b/admin/clippy index 32250254c43..1ffa0f58db6 100755 --- a/admin/clippy +++ b/admin/clippy @@ -17,8 +17,8 @@ function run_clippy() { } # because examples enable rustls' features, `--workspace --no-default-features` is not -# the same as `--package rustls --no-default-features` so run it separately -run_clippy --package rustls --no-default-features --all-targets +# the same as `--package portable-rustls --no-default-features` so run it separately +run_clippy --package portable-rustls --no-default-features --all-targets # run all workspace members (individually, because we don't want feature unification) for p in $(admin/all-workspace-members) ; do diff --git a/admin/coverage b/admin/coverage index 61360e42284..f7dc3ce411d 100755 --- a/admin/coverage +++ b/admin/coverage @@ -7,8 +7,8 @@ cargo llvm-cov clean --workspace cargo build --locked --all-targets --all-features cargo test --locked --all-features -cargo test -p rustls --locked --no-default-features --features tls12,logging,aws_lc_rs,fips,std -cargo test -p rustls --locked --no-default-features --features tls12,logging,ring,std +cargo test -p portable-rustls --locked --no-default-features --features tls12,logging,aws_lc_rs,fips,std +cargo test -p portable-rustls --locked --no-default-features --features tls12,logging,ring,std # ensure both zlib and brotli are tested, irrespective of their order cargo test --locked $(admin/all-features-except zlib rustls) diff --git a/bogo/Cargo.toml b/bogo/Cargo.toml index cc3f2d3d64d..0db4034f3d3 100644 --- a/bogo/Cargo.toml +++ b/bogo/Cargo.toml @@ -6,7 +6,8 @@ edition = "2021" [dependencies] base64 = { workspace = true } env_logger = { workspace = true } -rustls = { path = "../rustls", features = ["aws_lc_rs", "ring", "tls12"] } +# WITH ADAPTED MAIN PACKAGE NAME for this fork +rustls = { package = "portable-rustls", path = "../rustls", features = ["aws_lc_rs", "ring", "tls12"] } rustls-post-quantum = { path = "../rustls-post-quantum", optional = true } [features] diff --git a/ci-bench/Cargo.toml b/ci-bench/Cargo.toml index 6fde65b814e..52588be4021 100644 --- a/ci-bench/Cargo.toml +++ b/ci-bench/Cargo.toml @@ -14,7 +14,8 @@ clap = { workspace = true } fxhash = { workspace = true } itertools = { workspace = true } rayon = { workspace = true } -rustls = { path = "../rustls", features = ["ring", "aws_lc_rs"] } +# WITH ADAPTED MAIN PACKAGE NAME for this fork +rustls = { package = "portable-rustls", path = "../rustls", features = ["ring", "aws_lc_rs"] } [target.'cfg(not(target_env = "msvc"))'.dependencies] tikv-jemallocator = { workspace = true } diff --git a/connect-tests/Cargo.toml b/connect-tests/Cargo.toml index 548c70d946d..03de4af418f 100644 --- a/connect-tests/Cargo.toml +++ b/connect-tests/Cargo.toml @@ -7,7 +7,8 @@ description = "Rustls connectivity based integration tests." publish = false [dependencies] -rustls = { path = "../rustls", features = ["logging"] } +# WITH ADAPTED MAIN PACKAGE NAME for this fork +rustls = { package = "portable-rustls", path = "../rustls", features = ["logging"] } [dev-dependencies] hickory-resolver = { workspace = true } diff --git a/examples/Cargo.toml b/examples/Cargo.toml index cd0bad26bf5..563b869a5ea 100644 --- a/examples/Cargo.toml +++ b/examples/Cargo.toml @@ -14,7 +14,8 @@ hickory-resolver = { workspace = true } log = { workspace = true } mio = { workspace = true } rcgen = { workspace = true } -rustls = { path = "../rustls", features = ["logging"] } +# WITH ADAPTED MAIN PACKAGE NAME for this fork +rustls = { package = "portable-rustls", path = "../rustls", features = ["logging"] } serde = { workspace = true } tokio = { workspace = true } webpki-roots = { workspace = true } diff --git a/fuzz/Cargo.lock b/fuzz/Cargo.lock index a0019149e44..49de9a130cd 100644 --- a/fuzz/Cargo.lock +++ b/fuzz/Cargo.lock @@ -178,6 +178,18 @@ version = "1.20.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1261fe7e33c73b354eab43b1273a57c8f967d0391e80353e51f764ac02cf6775" +[[package]] +name = "portable-rustls" +version = "0.0.1-dev" +dependencies = [ + "log", + "once_cell", + "rustls-pki-types", + "rustls-webpki", + "subtle", + "zeroize", +] + [[package]] name = "regex" version = "1.11.1" @@ -222,25 +234,13 @@ dependencies = [ "windows-sys 0.52.0", ] -[[package]] -name = "rustls" -version = "0.23.22" -dependencies = [ - "log", - "once_cell", - "rustls-pki-types", - "rustls-webpki", - "subtle", - "zeroize", -] - [[package]] name = "rustls-fuzz" version = "0.0.1" dependencies = [ "env_logger", "libfuzzer-sys", - "rustls", + "portable-rustls", "rustls-fuzzing-provider", ] @@ -248,7 +248,7 @@ dependencies = [ name = "rustls-fuzzing-provider" version = "0.1.0" dependencies = [ - "rustls", + "portable-rustls", "rustls-webpki", ] diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml index b2884a8e10e..b88a912a132 100644 --- a/fuzz/Cargo.toml +++ b/fuzz/Cargo.toml @@ -11,7 +11,12 @@ cargo-fuzz = true [dependencies] env_logger = "0.11" libfuzzer-sys = "0.4" -rustls = { path = "../rustls", default-features = false, features = ["std", "tls12", "custom-provider"] } +# WITH ADAPTED MAIN PACKAGE NAME for this fork +rustls = { package = "portable-rustls", path = "../rustls", default-features = false, features = [ + "std", + "tls12", + "custom-provider", +] } rustls-fuzzing-provider = { path = "../rustls-fuzzing-provider" } # Prevent this from interfering with workspaces diff --git a/openssl-tests/Cargo.toml b/openssl-tests/Cargo.toml index ab2b50044ba..e4027a3c09c 100644 --- a/openssl-tests/Cargo.toml +++ b/openssl-tests/Cargo.toml @@ -11,5 +11,6 @@ asn1 = { workspace = true } base64 = { workspace = true } num-bigint = { workspace = true } once_cell = { workspace = true } -rustls = { path = "../rustls" } +# WITH ADAPTED MAIN PACKAGE NAME for this fork +rustls = { package = "portable-rustls", path = "../rustls" } openssl = { workspace = true } diff --git a/provider-example/Cargo.toml b/provider-example/Cargo.toml index f116a6c0aa8..6152d4fe60b 100644 --- a/provider-example/Cargo.toml +++ b/provider-example/Cargo.toml @@ -17,7 +17,11 @@ hpke-rs-rust-crypto = { workspace = true } p256 = { workspace = true } pkcs8 = { workspace = true } rand_core = { workspace = true } -rustls = { path = "../rustls", default-features = false, features = ["logging", "tls12"] } +# WITH ADAPTED MAIN PACKAGE NAME for this fork +rustls = { package = "portable-rustls", path = "../rustls", default-features = false, features = [ + "logging", + "tls12", +] } rsa = { workspace = true } sha2 = { workspace = true } signature = { workspace = true } diff --git a/rustls-bench/Cargo.toml b/rustls-bench/Cargo.toml index 989c75ba807..52516e5f17a 100644 --- a/rustls-bench/Cargo.toml +++ b/rustls-bench/Cargo.toml @@ -5,7 +5,7 @@ edition = "2021" [dependencies] clap = { workspace = true } -rustls = { path = "../rustls" } +rustls = { package = "portable-rustls", path = "../rustls" } rustls-post-quantum = { path = "../rustls-post-quantum", optional = true } [features] diff --git a/rustls-fuzzing-provider/Cargo.toml b/rustls-fuzzing-provider/Cargo.toml index 0307c40bfcf..086e02e7854 100644 --- a/rustls-fuzzing-provider/Cargo.toml +++ b/rustls-fuzzing-provider/Cargo.toml @@ -5,7 +5,11 @@ edition = "2021" publish = false [dependencies] -rustls = { path = "../rustls", default-features = false, features = ["logging", "std", "tls12"] } +rustls = { package = "portable-rustls", path = "../rustls", default-features = false, features = [ + "logging", + "std", + "tls12", +] } webpki = { workspace = true } [dev-dependencies] diff --git a/rustls-post-quantum/Cargo.toml b/rustls-post-quantum/Cargo.toml index 54d0798272e..27d9406063a 100644 --- a/rustls-post-quantum/Cargo.toml +++ b/rustls-post-quantum/Cargo.toml @@ -1,6 +1,7 @@ [package] name = "rustls-post-quantum" -version = "0.2.2" +# ADAPTED `rustls-post-quantum` version in this fork TO KEEP CI HAPPY +version = "0.3.0-dev" edition = "2021" rust-version = "1.71" license = "Apache-2.0 OR ISC OR MIT" @@ -12,7 +13,8 @@ categories = ["network-programming", "cryptography"] autobenches = false [dependencies] -rustls = { version = "0.23.22", features = ["aws_lc_rs", "prefer-post-quantum"], path = "../rustls" } +# WITH ADAPTED MAIN PACKAGE NAME for this fork (MISSING version - should be OK in this fork) +rustls = { features = ["aws_lc_rs", "prefer-post-quantum"], package = "portable-rustls", path = "../rustls" } [dev-dependencies] criterion = "0.5" diff --git a/rustls-post-quantum/README.md b/rustls-post-quantum/README.md index 3d4f4f573c1..d286928d62e 100644 --- a/rustls-post-quantum/README.md +++ b/rustls-post-quantum/README.md @@ -8,6 +8,9 @@ Rustls is a modern TLS library written in Rust. # rustls-post-quantum + +NOTE: THIS SEPARATE "`rustls-post-quantum`" CRATE WHICH ONLY CONTAINS ALIASES IS ONLY KEPT IN THIS FORK FOR CI TESTING PURPOSES. SEE INFO BELOW FOR HOW TO USE THIS "`rustls-post-quantum`" FUNCTIONALITY WITH THE CORE `portable-rustls` CRATE IN THIS FORK. + The functionality of this crate became part of the core rustls crate from the 0.23.22 release. When using that version of the crate, use the `prefer-post-quantum` Cargo feature to control whether to prefer diff --git a/rustls-provider-test/Cargo.toml b/rustls-provider-test/Cargo.toml index 205e391df97..b18ac580f1a 100644 --- a/rustls-provider-test/Cargo.toml +++ b/rustls-provider-test/Cargo.toml @@ -9,6 +9,7 @@ publish = false [dependencies] hex = "0.4" provider-example = { package = "rustls-provider-example", version = "0.0.1", path = "../provider-example" } -rustls = { version = "0.23.8", features = ["aws_lc_rs", "logging"], path = "../rustls" } +# WITH ADAPTED MAIN PACKAGE NAME for this fork (MISSING version - should be OK in this fork) +rustls = { features = ["aws_lc_rs", "logging"], package = "portable-rustls", path = "../rustls" } serde = { version = "1", features = ["derive"] } serde_json = "1" diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 544e80f7113..1b44f4f6cda 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -1,13 +1,14 @@ [package] -name = "rustls" -version = "0.23.22" +name = "portable-rustls" +version = "0.0.1-dev" edition = "2021" rust-version = "1.71" license = "Apache-2.0 OR ISC OR MIT" readme = "../README.md" -description = "Rustls is a modern TLS library written in Rust." -homepage = "https://github.com/rustls/rustls" -repository = "https://github.com/rustls/rustls" +description = "portable-rustls fork of rustls: a modern TLS library written in Rust." +# TODO(portable-rustls) UNCOMMENT WITH UPDATED LINKS +# homepage = "https://github.com/rustls/rustls" +# repository = "https://github.com/rustls/rustls" categories = ["network-programming", "cryptography"] autobenches = false autotests = false diff --git a/rustls/benches/benchmarks.rs b/rustls/benches/benchmarks.rs index cc8016fc7a7..886fbbf9806 100644 --- a/rustls/benches/benchmarks.rs +++ b/rustls/benches/benchmarks.rs @@ -8,6 +8,8 @@ mod test_utils; use std::io; use std::sync::Arc; +use portable_rustls as rustls; // TEST IMPORT WORKAROUND for this fork + use rustls::ServerConnection; use test_utils::*; diff --git a/rustls/src/builder.rs b/rustls/src/builder.rs index 342e3633600..d9fa1a88325 100644 --- a/rustls/src/builder.rs +++ b/rustls/src/builder.rs @@ -31,6 +31,7 @@ use crate::{ClientConfig, ServerConfig}; /// /// ``` /// # #[cfg(feature = "aws_lc_rs")] { +/// # use portable_rustls as rustls; // DOC IMPORT WORKAROUND for this fork /// # rustls::crypto::aws_lc_rs::default_provider().install_default(); /// use rustls::{ClientConfig, ServerConfig}; /// ClientConfig::builder() @@ -47,6 +48,7 @@ use crate::{ClientConfig, ServerConfig}; /// /// ```no_run /// # #[cfg(feature = "aws_lc_rs")] { +/// # use portable_rustls as rustls; // DOC IMPORT WORKAROUND for this fork /// # rustls::crypto::aws_lc_rs::default_provider().install_default(); /// # use rustls::ServerConfig; /// ServerConfig::builder_with_protocol_versions(&[&rustls::version::TLS13]) @@ -83,6 +85,7 @@ use crate::{ClientConfig, ServerConfig}; /// /// ``` /// # #[cfg(feature = "aws_lc_rs")] { +/// # use portable_rustls as rustls; // DOC IMPORT WORKAROUND for this fork /// # rustls::crypto::aws_lc_rs::default_provider().install_default(); /// # use rustls::ClientConfig; /// # let root_certs = rustls::RootCertStore::empty(); @@ -107,6 +110,7 @@ use crate::{ClientConfig, ServerConfig}; /// /// ```no_run /// # #[cfg(feature = "aws_lc_rs")] { +/// # use portable_rustls as rustls; // DOC IMPORT WORKAROUND for this fork /// # rustls::crypto::aws_lc_rs::default_provider().install_default(); /// # use rustls::ServerConfig; /// # let certs = vec![]; diff --git a/rustls/src/crypto/mod.rs b/rustls/src/crypto/mod.rs index 6a7db7a4009..5c5ec4afcae 100644 --- a/rustls/src/crypto/mod.rs +++ b/rustls/src/crypto/mod.rs @@ -124,6 +124,7 @@ pub use crate::suites::CipherSuiteCommon; /// /// ``` /// # #[cfg(feature = "aws_lc_rs")] { +/// # use portable_rustls as rustls; // DOC IMPORT WORKAROUND for this fork /// # use std::sync::Arc; /// # mod fictious_hsm_api { pub fn load_private_key(key_der: pki_types::PrivateKeyDer<'static>) -> ! { unreachable!(); } } /// use rustls::crypto::aws_lc_rs; @@ -667,6 +668,7 @@ impl From> for SharedSecret { /// /// ```rust /// # #[cfg(feature = "fips")] { +/// # use portable_rustls as rustls; // DOC IMPORT WORKAROUND for this fork /// rustls::crypto::default_fips_provider().install_default() /// .expect("default provider already set elsewhere"); /// # } @@ -676,6 +678,7 @@ impl From> for SharedSecret { /// /// ```rust /// # #[cfg(feature = "fips")] { +/// # use portable_rustls as rustls; // DOC IMPORT WORKAROUND for this fork /// # let root_store = rustls::RootCertStore::empty(); /// let config = rustls::ClientConfig::builder_with_provider( /// rustls::crypto::default_fips_provider().into() diff --git a/rustls/src/lib.rs b/rustls/src/lib.rs index 590d1776916..0b0b6acff94 100644 --- a/rustls/src/lib.rs +++ b/rustls/src/lib.rs @@ -1,9 +1,11 @@ -//! # Rustls - a modern TLS library +//! # Rustls - a modern TLS library - portable-rustls fork //! +//! //! Rustls is a TLS library that aims to provide a good level of cryptographic security, //! requires no configuration to achieve that security, and provides no unsafe features or //! obsolete cryptography by default. //! +//! //! Rustls implements TLS1.2 and TLS1.3 for both clients and servers. See [the full //! list of protocol features](manual::_04_features). //! @@ -54,6 +56,9 @@ //! //! #### Third-party providers //! +//! +//! NOTICE: ANY THIRD-PARTY PROVIDER WOULD NEED TO BE ADAPTED TO WORK DIRECTLY WITH THIS FORK OF RUSTLS. +//! //! The community has also started developing third-party providers for Rustls: //! //! * [`rustls-mbedtls-provider`] - a provider that uses [`mbedtls`] for cryptography. @@ -80,13 +85,20 @@ //! //! #### Custom provider //! +//! +//! //! We also provide a simple example of writing your own provider in the [`custom-provider`] //! example. This example implements a minimal provider using parts of the [`RustCrypto`] //! ecosystem. //! +//! +//! HIGHLY RECOMMENDED TO LOOK INTO `provider-example` SUBDIRECTORY ([`provider-example`](provider-example/)) IN THIS FORK; SEE ESPECIALLY `provider-example/Cargo.toml`. +//! AS DISCUSSED ABOVE, HIGHLY RECOMMENDED TO PUT DEPENDENCY LIKE THIS INTO `Cargo.toml`: `rustls = { package = "portable-rustls" ... }` +//! //! See the [Making a custom CryptoProvider] section of the documentation for more information //! on this topic. //! +//! //! [`custom-provider`]: https://github.com/rustls/rustls/tree/main/provider-example/ //! [`RustCrypto`]: https://github.com/RustCrypto //! [Making a custom CryptoProvider]: https://docs.rs/rustls/latest/rustls/crypto/struct.CryptoProvider.html#making-a-custom-cryptoprovider @@ -143,6 +155,7 @@ //! //! ```rust,no_run //! # #[cfg(feature = "aws-lc-rs")] { +//! # use portable_rustls as rustls; // DOC IMPORT WORKAROUND for this fork //! let root_store = rustls::RootCertStore::from_iter( //! webpki_roots::TLS_SERVER_ROOTS //! .iter() @@ -158,6 +171,7 @@ //! //! ```rust,no_run //! # #[cfg(feature = "aws_lc_rs")] { +//! # use portable_rustls as rustls; // DOC IMPORT WORKAROUND for this fork //! # let root_store: rustls::RootCertStore = panic!(); //! let config = rustls::ClientConfig::builder() //! .with_root_certificates(root_store) @@ -170,7 +184,7 @@ //! //! ```rust //! # #[cfg(feature = "aws_lc_rs")] { -//! # use rustls; +//! # use portable_rustls as rustls; // DOC IMPORT WORKAROUND for this fork //! # use webpki; //! # use std::sync::Arc; //! # rustls::crypto::aws_lc_rs::default_provider().install_default(); @@ -213,6 +227,7 @@ //! //! ```rust,no_run //! # #[cfg(feature = "aws_lc_rs")] { +//! # use portable_rustls as rustls; // DOC IMPORT WORKAROUND for this fork //! # let mut client = rustls::ClientConnection::new(panic!(), panic!()).unwrap(); //! # struct Socket { } //! # impl Socket { diff --git a/rustls/src/server/server_conn.rs b/rustls/src/server/server_conn.rs index bb790da83fc..6a366e27faa 100644 --- a/rustls/src/server/server_conn.rs +++ b/rustls/src/server/server_conn.rs @@ -719,6 +719,7 @@ mod connection { /// /// ```no_run /// # #[cfg(feature = "aws_lc_rs")] { + /// # use portable_rustls as rustls; // DOC IMPORT WORKAROUND for this fork /// # fn choose_server_config( /// # _: rustls::server::ClientHello, /// # ) -> std::sync::Arc { diff --git a/rustls/src/webpki/client_verifier.rs b/rustls/src/webpki/client_verifier.rs index 90b6f325f2e..995a5654d6e 100644 --- a/rustls/src/webpki/client_verifier.rs +++ b/rustls/src/webpki/client_verifier.rs @@ -201,6 +201,7 @@ impl ClientCertVerifierBuilder { /// To require all clients present a client certificate issued by a trusted CA: /// ```no_run /// # #[cfg(any(feature = "ring", feature = "aws_lc_rs"))] { +/// # use portable_rustls as rustls; // DOC IMPORT WORKAROUND for this fork /// # use rustls::RootCertStore; /// # use rustls::server::WebPkiClientVerifier; /// # let roots = RootCertStore::empty(); @@ -214,6 +215,7 @@ impl ClientCertVerifierBuilder { /// anonymous clients that present no client certificate: /// ```no_run /// # #[cfg(any(feature = "ring", feature = "aws_lc_rs"))] { +/// # use portable_rustls as rustls; // DOC IMPORT WORKAROUND for this fork /// # use rustls::RootCertStore; /// # use rustls::server::WebPkiClientVerifier; /// # let roots = RootCertStore::empty(); @@ -226,6 +228,7 @@ impl ClientCertVerifierBuilder { /// /// If you wish to disable advertising client authentication: /// ```no_run +/// # use portable_rustls as rustls; // DOC IMPORT WORKAROUND for this fork /// # use rustls::RootCertStore; /// # use rustls::server::WebPkiClientVerifier; /// # let roots = RootCertStore::empty(); @@ -236,6 +239,7 @@ impl ClientCertVerifierBuilder { /// client certificate revocation lists (CRLs): /// ```no_run /// # #[cfg(any(feature = "ring", feature = "aws_lc_rs"))] { +/// # use portable_rustls as rustls; // DOC IMPORT WORKAROUND for this fork /// # use rustls::RootCertStore; /// # use rustls::server::{WebPkiClientVerifier}; /// # let roots = RootCertStore::empty(); diff --git a/rustls/tests/api.rs b/rustls/tests/api.rs index 0989082d2f0..2d9a8aee84c 100644 --- a/rustls/tests/api.rs +++ b/rustls/tests/api.rs @@ -11,6 +11,7 @@ use std::{fmt, mem}; use pki_types::{CertificateDer, IpAddr, ServerName, UnixTime}; +use portable_rustls as rustls; // TEST IMPORT WORKAROUND for this fork use rustls::client::{verify_server_cert_signed_by_trust_anchor, ResolvesClientCert, Resumption}; use rustls::crypto::{ActiveKeyExchange, CryptoProvider, SharedSecret, SupportedKxGroup}; use rustls::internal::msgs::base::Payload; diff --git a/rustls/tests/api_ffdhe.rs b/rustls/tests/api_ffdhe.rs index ddfcbb75793..ba092a31c28 100644 --- a/rustls/tests/api_ffdhe.rs +++ b/rustls/tests/api_ffdhe.rs @@ -4,6 +4,7 @@ mod common; use common::*; +use portable_rustls as rustls; // TEST IMPORT WORKAROUND for this fork use rustls::crypto::CryptoProvider; use rustls::internal::msgs::base::Payload; use rustls::internal::msgs::codec::Codec; @@ -361,6 +362,7 @@ fn non_ffdhe_kx_does_not_have_ffdhe_group() { mod ffdhe { use num_bigint::BigUint; + use portable_rustls as rustls; // TEST IMPORT WORKAROUND for this fork use rustls::crypto::{ ActiveKeyExchange, CipherSuiteCommon, CryptoProvider, KeyExchangeAlgorithm, SharedSecret, SupportedKxGroup, diff --git a/rustls/tests/client_cert_verifier.rs b/rustls/tests/client_cert_verifier.rs index 9069680f667..eca58afe35b 100644 --- a/rustls/tests/client_cert_verifier.rs +++ b/rustls/tests/client_cert_verifier.rs @@ -12,6 +12,7 @@ use common::{ server_name, Arc, ErrorFromPeer, KeyType, MockClientVerifier, ALL_KEY_TYPES, }; +use portable_rustls as rustls; // TEST IMPORT WORKAROUND for this fork use rustls::server::danger::ClientCertVerified; use rustls::{ AlertDescription, ClientConnection, Error, InvalidMessage, ServerConfig, ServerConnection, diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index a66812d19d7..0f0482feb90 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -11,6 +11,7 @@ use pki_types::{ SubjectPublicKeyInfoDer, UnixTime, }; +use portable_rustls as rustls; // TEST IMPORT WORKAROUND for this fork use rustls::client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier}; use rustls::client::{ AlwaysResolvesClientRawPublicKeys, ServerCertVerifierBuilder, WebPkiServerVerifier, diff --git a/rustls/tests/ech.rs b/rustls/tests/ech.rs index 444f1e20494..8fd5dc8f721 100644 --- a/rustls/tests/ech.rs +++ b/rustls/tests/ech.rs @@ -1,5 +1,6 @@ use base64::prelude::{Engine, BASE64_STANDARD}; use pki_types::DnsName; +use portable_rustls as rustls; // TEST IMPORT WORKAROUND for this fork use rustls::internal::msgs::codec::{Codec, Reader}; use rustls::internal::msgs::enums::{EchVersion, HpkeAead, HpkeKdf, HpkeKem}; use rustls::internal::msgs::handshake::{ diff --git a/rustls/tests/key_log_file_env.rs b/rustls/tests/key_log_file_env.rs index 81f517c5143..3adea7e4b78 100644 --- a/rustls/tests/key_log_file_env.rs +++ b/rustls/tests/key_log_file_env.rs @@ -34,6 +34,8 @@ use common::{ transfer, Arc, KeyType, }; +use portable_rustls as rustls; // TEST IMPORT WORKAROUND for this fork + #[test] fn exercise_key_log_file_for_client() { serialized(|| { diff --git a/rustls/tests/process_provider.rs b/rustls/tests/process_provider.rs index e1ab14199b7..6164addbabf 100644 --- a/rustls/tests/process_provider.rs +++ b/rustls/tests/process_provider.rs @@ -4,6 +4,7 @@ //! executable, and runs tests in an indeterminate order. That restricts us //! to doing all the desired tests, in series, in one function. +use portable_rustls as rustls; // TEST IMPORT WORKAROUND for this fork #[cfg(all(feature = "aws_lc_rs", not(feature = "ring")))] use rustls::crypto::aws_lc_rs as provider; #[cfg(all(feature = "ring", not(feature = "aws_lc_rs")))] diff --git a/rustls/tests/runners/macros.rs b/rustls/tests/runners/macros.rs index 3a55977d42b..b0db245afcb 100644 --- a/rustls/tests/runners/macros.rs +++ b/rustls/tests/runners/macros.rs @@ -8,7 +8,7 @@ macro_rules! provider_ring { () => { #[allow(unused_imports)] - use rustls::crypto::ring as provider; + use portable_rustls::crypto::ring as provider; // TEST IMPORT WORKAROUND for this fork #[allow(dead_code)] const fn provider_is_aws_lc_rs() -> bool { false @@ -28,7 +28,7 @@ macro_rules! provider_ring { macro_rules! provider_aws_lc_rs { () => { #[allow(unused_imports)] - use rustls::crypto::aws_lc_rs as provider; + use portable_rustls::crypto::aws_lc_rs as provider; // TEST IMPORT WORKAROUND for this fork #[allow(dead_code)] const fn provider_is_aws_lc_rs() -> bool { true diff --git a/rustls/tests/server_cert_verifier.rs b/rustls/tests/server_cert_verifier.rs index 6a3ecad7042..ec7f8e3623b 100644 --- a/rustls/tests/server_cert_verifier.rs +++ b/rustls/tests/server_cert_verifier.rs @@ -15,6 +15,7 @@ use common::{ use pki_types::{CertificateDer, ServerName}; +use portable_rustls as rustls; // TEST IMPORT WORKAROUND for this fork use rustls::client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier}; use rustls::client::WebPkiServerVerifier; use rustls::internal::msgs::handshake::{ClientExtension, HandshakePayload}; diff --git a/rustls/tests/unbuffered.rs b/rustls/tests/unbuffered.rs index 7dbc2fc70d6..0c2aa0acc34 100644 --- a/rustls/tests/unbuffered.rs +++ b/rustls/tests/unbuffered.rs @@ -2,6 +2,7 @@ use std::num::NonZeroUsize; +use portable_rustls as rustls; // TEST IMPORT WORKAROUND for this fork use rustls::client::{ClientConnectionData, EarlyDataError, UnbufferedClientConnection}; use rustls::server::{ServerConnectionData, UnbufferedServerConnection}; use rustls::unbuffered::{ diff --git a/test-ca/README.md b/test-ca/README.md index e16fc2109f7..11b2dff11cd 100644 --- a/test-ca/README.md +++ b/test-ca/README.md @@ -1,5 +1,8 @@ + # Rustls Test CA + + This directory contains various test certificate authorities, intermediates, end-entity, and client certificates that are used by Rustls integration tests. @@ -7,5 +10,5 @@ You can regenerate the data in this directory by running the `rustls/examples/internal/test_ca.rs` tool: ```bash -cargo run -p rustls --example test_ca +cargo run -p portable-rustls --example test_ca ``` diff --git a/website/README.md b/upstream-archived/website/README.md similarity index 100% rename from website/README.md rename to upstream-archived/website/README.md diff --git a/website/config.toml b/upstream-archived/website/config.toml similarity index 100% rename from website/config.toml rename to upstream-archived/website/config.toml diff --git a/website/content/perf/2024-10-18-report.md b/upstream-archived/website/content/perf/2024-10-18-report.md similarity index 100% rename from website/content/perf/2024-10-18-report.md rename to upstream-archived/website/content/perf/2024-10-18-report.md diff --git a/website/content/perf/2024-10-31-arm64.md b/upstream-archived/website/content/perf/2024-10-31-arm64.md similarity index 100% rename from website/content/perf/2024-10-31-arm64.md rename to upstream-archived/website/content/perf/2024-10-31-arm64.md diff --git a/website/content/perf/2024-11-28-threading/full-server.svg b/upstream-archived/website/content/perf/2024-11-28-threading/full-server.svg similarity index 100% rename from website/content/perf/2024-11-28-threading/full-server.svg rename to upstream-archived/website/content/perf/2024-11-28-threading/full-server.svg diff --git a/website/content/perf/2024-11-28-threading/htop-80-99.png b/upstream-archived/website/content/perf/2024-11-28-threading/htop-80-99.png similarity index 100% rename from website/content/perf/2024-11-28-threading/htop-80-99.png rename to upstream-archived/website/content/perf/2024-11-28-threading/htop-80-99.png diff --git a/website/content/perf/2024-11-28-threading/index.md b/upstream-archived/website/content/perf/2024-11-28-threading/index.md similarity index 100% rename from website/content/perf/2024-11-28-threading/index.md rename to upstream-archived/website/content/perf/2024-11-28-threading/index.md diff --git a/website/content/perf/2024-11-28-threading/latency-fullhs-tls12-server.svg b/upstream-archived/website/content/perf/2024-11-28-threading/latency-fullhs-tls12-server.svg similarity index 100% rename from website/content/perf/2024-11-28-threading/latency-fullhs-tls12-server.svg rename to upstream-archived/website/content/perf/2024-11-28-threading/latency-fullhs-tls12-server.svg diff --git a/website/content/perf/2024-11-28-threading/latency-fullhs-tls13-server.svg b/upstream-archived/website/content/perf/2024-11-28-threading/latency-fullhs-tls13-server.svg similarity index 100% rename from website/content/perf/2024-11-28-threading/latency-fullhs-tls13-server.svg rename to upstream-archived/website/content/perf/2024-11-28-threading/latency-fullhs-tls13-server.svg diff --git a/website/content/perf/2024-11-28-threading/latency-resume-tls12-server.svg b/upstream-archived/website/content/perf/2024-11-28-threading/latency-resume-tls12-server.svg similarity index 100% rename from website/content/perf/2024-11-28-threading/latency-resume-tls12-server.svg rename to upstream-archived/website/content/perf/2024-11-28-threading/latency-resume-tls12-server.svg diff --git a/website/content/perf/2024-11-28-threading/latency-resume-tls13-server.svg b/upstream-archived/website/content/perf/2024-11-28-threading/latency-resume-tls13-server.svg similarity index 100% rename from website/content/perf/2024-11-28-threading/latency-resume-tls13-server.svg rename to upstream-archived/website/content/perf/2024-11-28-threading/latency-resume-tls13-server.svg diff --git a/website/content/perf/2024-11-28-threading/resumed-12-server-postfix.svg b/upstream-archived/website/content/perf/2024-11-28-threading/resumed-12-server-postfix.svg similarity index 100% rename from website/content/perf/2024-11-28-threading/resumed-12-server-postfix.svg rename to upstream-archived/website/content/perf/2024-11-28-threading/resumed-12-server-postfix.svg diff --git a/website/content/perf/2024-11-28-threading/resumed-12-server.svg b/upstream-archived/website/content/perf/2024-11-28-threading/resumed-12-server.svg similarity index 100% rename from website/content/perf/2024-11-28-threading/resumed-12-server.svg rename to upstream-archived/website/content/perf/2024-11-28-threading/resumed-12-server.svg diff --git a/website/content/perf/2024-11-28-threading/resumed-13-server-postfix.svg b/upstream-archived/website/content/perf/2024-11-28-threading/resumed-13-server-postfix.svg similarity index 100% rename from website/content/perf/2024-11-28-threading/resumed-13-server-postfix.svg rename to upstream-archived/website/content/perf/2024-11-28-threading/resumed-13-server-postfix.svg diff --git a/website/content/perf/2024-11-28-threading/resumed-13-server.svg b/upstream-archived/website/content/perf/2024-11-28-threading/resumed-13-server.svg similarity index 100% rename from website/content/perf/2024-11-28-threading/resumed-13-server.svg rename to upstream-archived/website/content/perf/2024-11-28-threading/resumed-13-server.svg diff --git a/website/content/perf/2024-12-17-pq-kx/hybrid-both.svg b/upstream-archived/website/content/perf/2024-12-17-pq-kx/hybrid-both.svg similarity index 100% rename from website/content/perf/2024-12-17-pq-kx/hybrid-both.svg rename to upstream-archived/website/content/perf/2024-12-17-pq-kx/hybrid-both.svg diff --git a/website/content/perf/2024-12-17-pq-kx/hybrid-only.svg b/upstream-archived/website/content/perf/2024-12-17-pq-kx/hybrid-only.svg similarity index 100% rename from website/content/perf/2024-12-17-pq-kx/hybrid-only.svg rename to upstream-archived/website/content/perf/2024-12-17-pq-kx/hybrid-only.svg diff --git a/website/content/perf/2024-12-17-pq-kx/hybrid-opt.svg b/upstream-archived/website/content/perf/2024-12-17-pq-kx/hybrid-opt.svg similarity index 100% rename from website/content/perf/2024-12-17-pq-kx/hybrid-opt.svg rename to upstream-archived/website/content/perf/2024-12-17-pq-kx/hybrid-opt.svg diff --git a/website/content/perf/2024-12-17-pq-kx/index.md b/upstream-archived/website/content/perf/2024-12-17-pq-kx/index.md similarity index 100% rename from website/content/perf/2024-12-17-pq-kx/index.md rename to upstream-archived/website/content/perf/2024-12-17-pq-kx/index.md diff --git a/website/content/perf/2024-12-17-pq-kx/microbench-amd64.svg b/upstream-archived/website/content/perf/2024-12-17-pq-kx/microbench-amd64.svg similarity index 100% rename from website/content/perf/2024-12-17-pq-kx/microbench-amd64.svg rename to upstream-archived/website/content/perf/2024-12-17-pq-kx/microbench-amd64.svg diff --git a/website/content/perf/2024-12-17-pq-kx/microbench-arm64.svg b/upstream-archived/website/content/perf/2024-12-17-pq-kx/microbench-arm64.svg similarity index 100% rename from website/content/perf/2024-12-17-pq-kx/microbench-arm64.svg rename to upstream-archived/website/content/perf/2024-12-17-pq-kx/microbench-arm64.svg diff --git a/website/content/perf/2024-12-17-pq-kx/tls13-client-hs-openssl.svg b/upstream-archived/website/content/perf/2024-12-17-pq-kx/tls13-client-hs-openssl.svg similarity index 100% rename from website/content/perf/2024-12-17-pq-kx/tls13-client-hs-openssl.svg rename to upstream-archived/website/content/perf/2024-12-17-pq-kx/tls13-client-hs-openssl.svg diff --git a/website/content/perf/2024-12-17-pq-kx/tls13-client-hs.svg b/upstream-archived/website/content/perf/2024-12-17-pq-kx/tls13-client-hs.svg similarity index 100% rename from website/content/perf/2024-12-17-pq-kx/tls13-client-hs.svg rename to upstream-archived/website/content/perf/2024-12-17-pq-kx/tls13-client-hs.svg diff --git a/website/content/perf/2024-12-17-pq-kx/tls13-server-hs-openssl.svg b/upstream-archived/website/content/perf/2024-12-17-pq-kx/tls13-server-hs-openssl.svg similarity index 100% rename from website/content/perf/2024-12-17-pq-kx/tls13-server-hs-openssl.svg rename to upstream-archived/website/content/perf/2024-12-17-pq-kx/tls13-server-hs-openssl.svg diff --git a/website/content/perf/_index.md b/upstream-archived/website/content/perf/_index.md similarity index 100% rename from website/content/perf/_index.md rename to upstream-archived/website/content/perf/_index.md diff --git a/website/static/2024-10-18-full-handshake.png b/upstream-archived/website/static/2024-10-18-full-handshake.png similarity index 100% rename from website/static/2024-10-18-full-handshake.png rename to upstream-archived/website/static/2024-10-18-full-handshake.png diff --git a/website/static/2024-10-18-resumed-handshake.png b/upstream-archived/website/static/2024-10-18-resumed-handshake.png similarity index 100% rename from website/static/2024-10-18-resumed-handshake.png rename to upstream-archived/website/static/2024-10-18-resumed-handshake.png diff --git a/website/static/2024-10-18-transfer.png b/upstream-archived/website/static/2024-10-18-transfer.png similarity index 100% rename from website/static/2024-10-18-transfer.png rename to upstream-archived/website/static/2024-10-18-transfer.png diff --git a/website/static/2024-10-31-full-handshake.svg b/upstream-archived/website/static/2024-10-31-full-handshake.svg similarity index 100% rename from website/static/2024-10-31-full-handshake.svg rename to upstream-archived/website/static/2024-10-31-full-handshake.svg diff --git a/website/static/2024-10-31-resumed-handshake.svg b/upstream-archived/website/static/2024-10-31-resumed-handshake.svg similarity index 100% rename from website/static/2024-10-31-resumed-handshake.svg rename to upstream-archived/website/static/2024-10-31-resumed-handshake.svg diff --git a/website/static/2024-10-31-transfer.svg b/upstream-archived/website/static/2024-10-31-transfer.svg similarity index 100% rename from website/static/2024-10-31-transfer.svg rename to upstream-archived/website/static/2024-10-31-transfer.svg diff --git a/website/static/GeneralSans-Variable.woff2 b/upstream-archived/website/static/GeneralSans-Variable.woff2 similarity index 100% rename from website/static/GeneralSans-Variable.woff2 rename to upstream-archived/website/static/GeneralSans-Variable.woff2 diff --git a/website/static/rustls-ferris.png b/upstream-archived/website/static/rustls-ferris.png similarity index 100% rename from website/static/rustls-ferris.png rename to upstream-archived/website/static/rustls-ferris.png diff --git a/website/static/style.css b/upstream-archived/website/static/style.css similarity index 100% rename from website/static/style.css rename to upstream-archived/website/static/style.css diff --git a/website/templates/base.html b/upstream-archived/website/templates/base.html similarity index 100% rename from website/templates/base.html rename to upstream-archived/website/templates/base.html diff --git a/website/templates/index.html b/upstream-archived/website/templates/index.html similarity index 100% rename from website/templates/index.html rename to upstream-archived/website/templates/index.html diff --git a/website/templates/macros.html b/upstream-archived/website/templates/macros.html similarity index 100% rename from website/templates/macros.html rename to upstream-archived/website/templates/macros.html diff --git a/website/templates/report-page.html b/upstream-archived/website/templates/report-page.html similarity index 100% rename from website/templates/report-page.html rename to upstream-archived/website/templates/report-page.html diff --git a/website/templates/reports.html b/upstream-archived/website/templates/reports.html similarity index 100% rename from website/templates/reports.html rename to upstream-archived/website/templates/reports.html