From cbada80ce00951bfe48429e2488a90c468732a03 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 19 Dec 2024 15:26:14 -0500 Subject: [PATCH 1/9] fix ensure-header-updated, regen When we switched to `cmake` the CI task for using `cbindgen` was left behind trying to use `make` in a way that failed silently. This commit both fixes the CI test, and regenerates the .h with updates that were missed (mostly moving items around after the mod split). --- .github/workflows/test.yaml | 2 +- src/rustls.h | 1528 +++++++++++++++++------------------ 2 files changed, 765 insertions(+), 765 deletions(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 48bec2ae..a6d99aa1 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -265,7 +265,7 @@ jobs: - run: cbindgen --version - - run: make src/rustls.h + - run: cbindgen > src/rustls.h - run: git diff --exit-code diff --git a/src/rustls.h b/src/rustls.h index 1432df51..56a2be43 100644 --- a/src/rustls.h +++ b/src/rustls.h @@ -424,27 +424,6 @@ typedef struct rustls_web_pki_client_cert_verifier_builder rustls_web_pki_client */ typedef struct rustls_web_pki_server_cert_verifier_builder rustls_web_pki_server_cert_verifier_builder; -/** - * A read-only view on a Rust `&str`. - * - * The contents are guaranteed to be valid UTF-8. - * - * As an additional guarantee on top of Rust's normal UTF-8 guarantee, - * a `rustls_str` is guaranteed not to contain internal NUL bytes, so it is - * safe to interpolate into a C string or compare using strncmp. Keep in mind - * that it is not NUL-terminated. - * - * The memory exposed is available as specified by the function - * using this in its signature. For instance, when this is a parameter to a - * callback, the lifetime will usually be the duration of the callback. - * Functions that receive one of these must not dereference the data pointer - * beyond the allowed lifetime. - */ -typedef struct rustls_str { - const char *data; - size_t len; -} rustls_str; - /** * A return value for a function that may return either success (0) or a * non-zero value representing an error. @@ -481,6 +460,27 @@ typedef rustls_io_result (*rustls_read_callback)(void *userdata, size_t n, size_t *out_n); +/** + * A read-only view on a Rust `&str`. + * + * The contents are guaranteed to be valid UTF-8. + * + * As an additional guarantee on top of Rust's normal UTF-8 guarantee, + * a `rustls_str` is guaranteed not to contain internal NUL bytes, so it is + * safe to interpolate into a C string or compare using strncmp. Keep in mind + * that it is not NUL-terminated. + * + * The memory exposed is available as specified by the function + * using this in its signature. For instance, when this is a parameter to a + * callback, the lifetime will usually be the duration of the callback. + * Functions that receive one of these must not dereference the data pointer + * beyond the allowed lifetime. + */ +typedef struct rustls_str { + const char *data; + size_t len; +} rustls_str; + /** * A read-only view on a Rust byte slice. * @@ -774,13 +774,6 @@ extern const uint16_t RUSTLS_DEFAULT_VERSIONS[2]; */ extern const size_t RUSTLS_DEFAULT_VERSIONS_LEN; -/** - * Returns a static string containing the rustls-ffi version as well as the - * rustls version. The string is alive for the lifetime of the program and does - * not need to be freed. - */ -struct rustls_str rustls_version(void); - /** * Create and return a new rustls_acceptor. * @@ -1078,30 +1071,6 @@ rustls_result rustls_certificate_get_der(const struct rustls_certificate *cert, const uint8_t **out_der_data, size_t *out_der_len); -/** - * Return a 16-bit unsigned integer corresponding to this cipher suite's assignment from - * . - * - * The bytes from the assignment are interpreted in network order. - */ -uint16_t rustls_supported_ciphersuite_get_suite(const struct rustls_supported_ciphersuite *supported_ciphersuite); - -/** - * Returns the name of the ciphersuite as a `rustls_str`. - * - * If the provided ciphersuite is invalid, the `rustls_str` will contain the - * empty string. The lifetime of the `rustls_str` is the lifetime of the program, - * it does not need to be freed. - */ -struct rustls_str rustls_supported_ciphersuite_get_name(const struct rustls_supported_ciphersuite *supported_ciphersuite); - -/** - * Returns the `rustls_tls_version` of the ciphersuite. - * - * See also `RUSTLS_ALL_VERSIONS`. - */ -enum rustls_tls_version rustls_supported_ciphersuite_protocol_version(const struct rustls_supported_ciphersuite *supported_ciphersuite); - /** * Build a `rustls_certified_key` from a certificate chain and a private key * and the default process-wide crypto provider. @@ -1294,587 +1263,327 @@ void rustls_root_cert_store_builder_free(struct rustls_root_cert_store_builder * void rustls_root_cert_store_free(const struct rustls_root_cert_store *store); /** - * Free a `rustls_client_cert_verifier` previously returned from - * `rustls_client_cert_verifier_builder_build`. Calling with NULL is fine. Must not be - * called twice with the same value. + * Return a 16-bit unsigned integer corresponding to this cipher suite's assignment from + * . + * + * The bytes from the assignment are interpreted in network order. */ -void rustls_client_cert_verifier_free(struct rustls_client_cert_verifier *verifier); +uint16_t rustls_supported_ciphersuite_get_suite(const struct rustls_supported_ciphersuite *supported_ciphersuite); /** - * Create a `rustls_web_pki_client_cert_verifier_builder` using the process-wide default - * cryptography provider. + * Returns the name of the ciphersuite as a `rustls_str`. * - * Caller owns the memory and may eventually call `rustls_web_pki_client_cert_verifier_builder_free` - * to free it, whether or not `rustls_web_pki_client_cert_verifier_builder_build` was called. + * If the provided ciphersuite is invalid, the `rustls_str` will contain the + * empty string. The lifetime of the `rustls_str` is the lifetime of the program, + * it does not need to be freed. + */ +struct rustls_str rustls_supported_ciphersuite_get_name(const struct rustls_supported_ciphersuite *supported_ciphersuite); + +/** + * Returns the `rustls_tls_version` of the ciphersuite. * - * Without further modification the builder will produce a client certificate verifier that - * will require a client present a client certificate that chains to one of the trust anchors - * in the provided `rustls_root_cert_store`. The root cert store must not be empty. + * See also `RUSTLS_ALL_VERSIONS`. + */ +enum rustls_tls_version rustls_supported_ciphersuite_protocol_version(const struct rustls_supported_ciphersuite *supported_ciphersuite); + +/** + * Create a rustls_client_config_builder using the process default crypto provider. * - * Revocation checking will not be performed unless - * `rustls_web_pki_client_cert_verifier_builder_add_crl` is used to add certificate revocation - * lists (CRLs) to the builder. If CRLs are added, revocation checking will be performed - * for the entire certificate chain unless - * `rustls_web_pki_client_cert_verifier_only_check_end_entity_revocation` is used. Unknown - * revocation status for certificates considered for revocation status will be treated as - * an error unless `rustls_web_pki_client_cert_verifier_allow_unknown_revocation_status` is - * used. + * Caller owns the memory and must eventually call `rustls_client_config_builder_build`, + * then free the resulting `rustls_client_config`. * - * Unauthenticated clients will not be permitted unless - * `rustls_web_pki_client_cert_verifier_builder_allow_unauthenticated` is used. + * Alternatively, if an error occurs or, you don't wish to build a config, + * call `rustls_client_config_builder_free` to free the builder directly. * - * This copies the contents of the `rustls_root_cert_store`. It does not take - * ownership of the pointed-to data. + * This uses the process default provider's values for the cipher suites and key + * exchange groups, as well as safe defaults for protocol versions. + * + * This starts out with no trusted roots. Caller must add roots with + * rustls_client_config_builder_load_roots_from_file or provide a custom verifier. */ -struct rustls_web_pki_client_cert_verifier_builder *rustls_web_pki_client_cert_verifier_builder_new(const struct rustls_root_cert_store *store); +struct rustls_client_config_builder *rustls_client_config_builder_new(void); /** - * Create a `rustls_web_pki_client_cert_verifier_builder` using the specified - * cryptography provider. + * Create a rustls_client_config_builder using the specified crypto provider. * - * Caller owns the memory and may eventually call - * `rustls_web_pki_client_cert_verifier_builder_free` to free it, whether or - * not `rustls_web_pki_client_cert_verifier_builder_build` was called. + * Caller owns the memory and must eventually call `rustls_client_config_builder_build`, + * then free the resulting `rustls_client_config`. * - * Without further modification the builder will produce a client certificate verifier that - * will require a client present a client certificate that chains to one of the trust anchors - * in the provided `rustls_root_cert_store`. The root cert store must not be empty. + * Alternatively, if an error occurs or, you don't wish to build a config, + * call `rustls_client_config_builder_free` to free the builder directly. * - * Revocation checking will not be performed unless - * `rustls_web_pki_client_cert_verifier_builder_add_crl` is used to add certificate revocation - * lists (CRLs) to the builder. If CRLs are added, revocation checking will be performed - * for the entire certificate chain unless - * `rustls_web_pki_client_cert_verifier_only_check_end_entity_revocation` is used. Unknown - * revocation status for certificates considered for revocation status will be treated as - * an error unless `rustls_web_pki_client_cert_verifier_allow_unknown_revocation_status` is - * used. + * `tls_version` sets the TLS protocol versions to use when negotiating a TLS session. + * `tls_version` is the version of the protocol, as defined in rfc8446, + * ch. 4.2.1 and end of ch. 5.1. Some values are defined in + * `rustls_tls_version` for convenience, and the arrays + * RUSTLS_DEFAULT_VERSIONS or RUSTLS_ALL_VERSIONS can be used directly. * - * Unauthenticated clients will not be permitted unless - * `rustls_web_pki_client_cert_verifier_builder_allow_unauthenticated` is used. + * `tls_versions` will only be used during the call and the application retains + * ownership. `tls_versions_len` is the number of consecutive `uint16_t` + * pointed to by `tls_versions`. * - * This copies the contents of the `rustls_root_cert_store`. It does not take - * ownership of the pointed-to data. + * Ciphersuites are configured separately via the crypto provider. See + * `rustls_crypto_provider_builder_set_cipher_suites` for more information. */ -struct rustls_web_pki_client_cert_verifier_builder *rustls_web_pki_client_cert_verifier_builder_new_with_provider(const struct rustls_crypto_provider *provider, - const struct rustls_root_cert_store *store); +rustls_result rustls_client_config_builder_new_custom(const struct rustls_crypto_provider *provider, + const uint16_t *tls_versions, + size_t tls_versions_len, + struct rustls_client_config_builder **builder_out); /** - * Add one or more certificate revocation lists (CRLs) to the client certificate verifier - * builder by reading the CRL content from the provided buffer of PEM encoded content. + * Set a custom server certificate verifier using the builder crypto provider. + * Returns rustls_result::NoDefaultCryptoProvider if no process default crypto + * provider has been set, and the builder was not constructed with an explicit + * provider choice. * - * By default revocation checking will be performed on the entire certificate chain. To only - * check the revocation status of the end entity certificate, use - * `rustls_web_pki_client_cert_verifier_only_check_end_entity_revocation`. + * The callback must not capture any of the pointers in its + * rustls_verify_server_cert_params. + * If `userdata` has been set with rustls_connection_set_userdata, it + * will be passed to the callback. Otherwise the userdata param passed to + * the callback will be NULL. * - * This function returns an error if the provided buffer is not valid PEM encoded content. - */ -rustls_result rustls_web_pki_client_cert_verifier_builder_add_crl(struct rustls_web_pki_client_cert_verifier_builder *builder, - const uint8_t *crl_pem, - size_t crl_pem_len); - -/** - * When CRLs are provided with `rustls_web_pki_client_cert_verifier_builder_add_crl`, only - * check the revocation status of end entity certificates, ignoring any intermediate certificates - * in the chain. + * The callback must be safe to call on any thread at any time, including + * multiple concurrent calls. So, for instance, if the callback mutates + * userdata (or other shared state), it must use synchronization primitives + * to make such mutation safe. + * + * The callback receives certificate chain information as raw bytes. + * Currently this library offers no functions to parse the certificates, + * so you'll need to bring your own certificate parsing library + * if you need to parse them. + * + * If the custom verifier accepts the certificate, it should return + * RUSTLS_RESULT_OK. Otherwise, it may return any other rustls_result error. + * Feel free to use an appropriate error from the RUSTLS_RESULT_CERT_* + * section. + * + * */ -rustls_result rustls_web_pki_client_cert_verifier_only_check_end_entity_revocation(struct rustls_web_pki_client_cert_verifier_builder *builder); +rustls_result rustls_client_config_builder_dangerous_set_certificate_verifier(struct rustls_client_config_builder *config_builder, + rustls_verify_server_cert_callback callback); /** - * When CRLs are provided with `rustls_web_pki_client_cert_verifier_builder_add_crl`, and it - * isn't possible to determine the revocation status of a considered certificate, do not treat - * it as an error condition. + * Configure the server certificate verifier. * - * Overrides the default behavior where unknown revocation status is considered an error. + * This increases the reference count of `verifier` and does not take ownership. */ -rustls_result rustls_web_pki_client_cert_verifier_allow_unknown_revocation_status(struct rustls_web_pki_client_cert_verifier_builder *builder); +void rustls_client_config_builder_set_server_verifier(struct rustls_client_config_builder *builder, + const struct rustls_server_cert_verifier *verifier); /** - * Allow unauthenticated anonymous clients in addition to those that present a client - * certificate that chains to one of the verifier's configured trust anchors. + * Set the ALPN protocol list to the given protocols. + * + * `protocols` must point to a buffer of `rustls_slice_bytes` (built by the caller) with `len` + * elements. + * + * Each element of the buffer must be a rustls_slice_bytes whose + * data field points to a single ALPN protocol ID. + * + * Standard ALPN protocol IDs are defined at + * . + * + * This function makes a copy of the data in `protocols` and does not retain + * any pointers, so the caller can free the pointed-to memory after calling. + * + * */ -rustls_result rustls_web_pki_client_cert_verifier_builder_allow_unauthenticated(struct rustls_web_pki_client_cert_verifier_builder *builder); +rustls_result rustls_client_config_builder_set_alpn_protocols(struct rustls_client_config_builder *builder, + const struct rustls_slice_bytes *protocols, + size_t len); /** - * Clear the list of trust anchor hint subjects. - * - * By default, the client cert verifier will use the subjects provided by the root cert - * store configured for client authentication. Calling this function will remove these - * hint subjects, indicating the client should make a free choice of which certificate - * to send. + * Enable or disable SNI. + * */ -rustls_result rustls_web_pki_client_cert_verifier_clear_root_hint_subjects(struct rustls_web_pki_client_cert_verifier_builder *builder); +void rustls_client_config_builder_set_enable_sni(struct rustls_client_config_builder *config, + bool enable); /** - * Add additional distinguished names to the list of trust anchor hint subjects. + * Provide the configuration a list of certificates where the connection + * will select the first one that is compatible with the server's signature + * verification capabilities. * - * By default, the client cert verifier will use the subjects provided by the root cert - * store configured for client authentication. Calling this function will add to these - * existing hint subjects. Calling this function with an empty `store` will have no - * effect, use `rustls_web_pki_client_cert_verifier_clear_root_hint_subjects` to clear - * the subject hints. - */ -rustls_result rustls_web_pki_client_cert_verifier_add_root_hint_subjects(struct rustls_web_pki_client_cert_verifier_builder *builder, - const struct rustls_root_cert_store *store); - -/** - * Create a new client certificate verifier from the builder. + * Clients that want to support both ECDSA and RSA certificates will want the + * ECSDA to go first in the list. * - * The builder is consumed and cannot be used again, but must still be freed. + * The built configuration will keep a reference to all certified keys + * provided. The client may `rustls_certified_key_free()` afterwards + * without the configuration losing them. The same certified key may also + * be used in multiple configs. * - * The verifier can be used in several `rustls_server_config` instances and must be - * freed by the application when no longer needed. See the documentation of - * `rustls_web_pki_client_cert_verifier_builder_free` for details about lifetime. + * EXPERIMENTAL: installing a client authentication callback will replace any + * configured certified keys and vice versa. */ -rustls_result rustls_web_pki_client_cert_verifier_builder_build(struct rustls_web_pki_client_cert_verifier_builder *builder, - struct rustls_client_cert_verifier **verifier_out); +rustls_result rustls_client_config_builder_set_certified_key(struct rustls_client_config_builder *builder, + const struct rustls_certified_key *const *certified_keys, + size_t certified_keys_len); /** - * Free a `rustls_client_cert_verifier_builder` previously returned from - * `rustls_client_cert_verifier_builder_new`. + * Log key material to the file specified by the `SSLKEYLOGFILE` environment variable. * - * Calling with NULL is fine. Must not be called twice with the same value. + * The key material will be logged in the NSS key log format, + * and is + * compatible with tools like Wireshark. + * + * Secrets logged in this manner are **extremely sensitive** and can break the security + * of past, present and future sessions. + * + * For more control over which secrets are logged, or to customize the format, prefer + * `rustls_client_config_builder_set_key_log`. */ -void rustls_web_pki_client_cert_verifier_builder_free(struct rustls_web_pki_client_cert_verifier_builder *builder); +rustls_result rustls_client_config_builder_set_key_log_file(struct rustls_client_config_builder *builder); /** - * Create a `rustls_web_pki_server_cert_verifier_builder` using the process-wide default - * crypto provider. Caller owns the memory and may free it with + * Provide callbacks to manage logging key material. * - * Caller owns the memory and may free it with `rustls_web_pki_server_cert_verifier_builder_free`, - * regardless of whether `rustls_web_pki_server_cert_verifier_builder_build` was called. + * The `log_cb` argument is mandatory and must not be `NULL` or a `NullParameter` error is + * returned. The `log_cb` will be invoked with a `client_random` to identify the relevant session, + * a `label` to identify the purpose of the `secret`, and the `secret` itself. See the + * Rustls documentation of the `KeyLog` trait for more information on possible labels: + * * - * Without further modification the builder will produce a server certificate verifier that - * will require a server present a certificate that chains to one of the trust anchors - * in the provided `rustls_root_cert_store`. The root cert store must not be empty. + * The `will_log_cb` may be `NULL`, in which case all key material will be provided to + * the `log_cb`. By providing a custom `will_log_cb` you may return `0` for labels you don't + * wish to log, and non-zero for labels you _do_ wish to log as a performance optimization. * - * Revocation checking will not be performed unless - * `rustls_web_pki_server_cert_verifier_builder_add_crl` is used to add certificate revocation - * lists (CRLs) to the builder. If CRLs are added, revocation checking will be performed - * for the entire certificate chain unless - * `rustls_web_pki_server_cert_verifier_only_check_end_entity_revocation` is used. Unknown - * revocation status for certificates considered for revocation status will be treated as - * an error unless `rustls_web_pki_server_cert_verifier_allow_unknown_revocation_status` is - * used. + * Both callbacks **must** be thread-safe. Arguments provided to the callback live only for as + * long as the callback is executing and are not valid after the callback returns. The + * callbacks must not retain references to the provided data. * - * This copies the contents of the `rustls_root_cert_store`. It does not take - * ownership of the pointed-to data. + * Secrets provided to the `log_cb` are **extremely sensitive** and can break the security + * of past, present and future sessions. + * + * See also `rustls_client_config_builder_set_key_log_file` for a simpler way to log + * to a file specified by the `SSLKEYLOGFILE` environment variable. */ -struct rustls_web_pki_server_cert_verifier_builder *rustls_web_pki_server_cert_verifier_builder_new(const struct rustls_root_cert_store *store); +rustls_result rustls_client_config_builder_set_key_log(struct rustls_client_config_builder *builder, + rustls_keylog_log_callback log_cb, + rustls_keylog_will_log_callback will_log_cb); /** - * Create a `rustls_web_pki_server_cert_verifier_builder` using the specified - * crypto provider. Caller owns the memory and may free it with - * `rustls_web_pki_server_cert_verifier_builder_free`, regardless of whether - * `rustls_web_pki_server_cert_verifier_builder_build` was called. + * Configure the client for Encrypted Client Hello (ECH). * - * Without further modification the builder will produce a server certificate verifier that - * will require a server present a certificate that chains to one of the trust anchors - * in the provided `rustls_root_cert_store`. The root cert store must not be empty. + * This requires providing a TLS encoded list of ECH configurations that should + * have been retrieved from the DNS HTTPS record for the domain you intend to connect to. + * This should be done using DNS-over-HTTPS to avoid leaking the domain name you are + * connecting to ahead of the TLS handshake. * - * Revocation checking will not be performed unless - * `rustls_web_pki_server_cert_verifier_builder_add_crl` is used to add certificate revocation - * lists (CRLs) to the builder. If CRLs are added, revocation checking will be performed - * for the entire certificate chain unless - * `rustls_web_pki_server_cert_verifier_only_check_end_entity_revocation` is used. Unknown - * revocation status for certificates considered for revocation status will be treated as - * an error unless `rustls_web_pki_server_cert_verifier_allow_unknown_revocation_status` is - * used. Expired CRLs will not be treated as an error unless - * `rustls_web_pki_server_cert_verifier_enforce_revocation_expiry` is used. + * At least one of the ECH configurations must be compatible with the provided `rustls_hpke` + * instance. See `rustls_supported_hpke()` for more information. * - * This copies the contents of the `rustls_root_cert_store`. It does not take - * ownership of the pointed-to data. - */ -struct rustls_web_pki_server_cert_verifier_builder *rustls_web_pki_server_cert_verifier_builder_new_with_provider(const struct rustls_crypto_provider *provider, - const struct rustls_root_cert_store *store); - -/** - * Add one or more certificate revocation lists (CRLs) to the server certificate verifier - * builder by reading the CRL content from the provided buffer of PEM encoded content. + * Calling this function will replace any existing ECH configuration set by + * previous calls to `rustls_client_config_builder_enable_ech()` or + * `rustls_client_config_builder_enable_ech_grease()`. * - * By default revocation checking will be performed on the entire certificate chain. To only - * check the revocation status of the end entity certificate, use - * `rustls_web_pki_server_cert_verifier_only_check_end_entity_revocation`. + * The provided `ech_config_list_bytes` and `rustls_hpke` must not be NULL or an + * error will be returned. The caller maintains ownership of the ECH config list TLS bytes + * and `rustls_hpke` instance. This function does not retain any reference to + * `ech_config_list_bytes`. * - * This function returns an error if the provided buffer is not valid PEM encoded content. - */ -rustls_result rustls_web_pki_server_cert_verifier_builder_add_crl(struct rustls_web_pki_server_cert_verifier_builder *builder, - const uint8_t *crl_pem, - size_t crl_pem_len); - -/** - * When CRLs are provided with `rustls_web_pki_server_cert_verifier_builder_add_crl`, only - * check the revocation status of end entity certificates, ignoring any intermediate certificates - * in the chain. + * A `RUSTLS_RESULT_BUILDER_INCOMPATIBLE_TLS_VERSIONS` error is returned if the builder's + * TLS versions have been customized via `rustls_client_config_builder_new_custom()` + * and the customization isn't "only TLS 1.3". ECH may only be used with TLS 1.3. */ -rustls_result rustls_web_pki_server_cert_verifier_only_check_end_entity_revocation(struct rustls_web_pki_server_cert_verifier_builder *builder); +rustls_result rustls_client_config_builder_enable_ech(struct rustls_client_config_builder *builder, + const uint8_t *ech_config_list_bytes, + size_t ech_config_list_bytes_size, + const struct rustls_hpke *hpke); /** - * When CRLs are provided with `rustls_web_pki_server_cert_verifier_builder_add_crl`, and it - * isn't possible to determine the revocation status of a considered certificate, do not treat - * it as an error condition. + * Configure the client for GREASE Encrypted Client Hello (ECH). * - * Overrides the default behavior where unknown revocation status is considered an error. + * This is a feature to prevent ossification of the TLS handshake by acting as though + * ECH were configured for an imaginary ECH config generated with one of the + * `rustls_hpke` supported suites, chosen at random. + * + * The provided `rustls_client_config_builder` and `rustls_hpke` must not be NULL or an + * error will be returned. The caller maintains ownership of both the + * `rustls_client_config_builder` and the `rustls_hpke` instance. + * + * Calling this function will replace any existing ECH configuration set by + * previous calls to `rustls_client_config_builder_enable_ech()` or + * `rustls_client_config_builder_enable_ech_grease()`. + * + * A `RUSTLS_RESULT_BUILDER_INCOMPATIBLE_TLS_VERSIONS` error is returned if the builder's + * TLS versions have been customized via `rustls_client_config_builder_new_custom()` + * and the customization isn't "only TLS 1.3". ECH may only be used with TLS 1.3. */ -rustls_result rustls_web_pki_server_cert_verifier_allow_unknown_revocation_status(struct rustls_web_pki_server_cert_verifier_builder *builder); +rustls_result rustls_client_config_builder_enable_ech_grease(struct rustls_client_config_builder *builder, + const struct rustls_hpke *hpke); /** - * When CRLs are provided with `rustls_web_pki_server_cert_verifier_builder_add_crl`, and the - * CRL nextUpdate field is in the past, treat it as an error condition. - * - * Overrides the default behavior where CRL expiration is ignored. + * Turn a *rustls_client_config_builder (mutable) into a const *rustls_client_config + * (read-only). */ -rustls_result rustls_web_pki_server_cert_verifier_enforce_revocation_expiry(struct rustls_web_pki_server_cert_verifier_builder *builder); +rustls_result rustls_client_config_builder_build(struct rustls_client_config_builder *builder, + const struct rustls_client_config **config_out); /** - * Create a new server certificate verifier from the builder. + * "Free" a client_config_builder without building it into a rustls_client_config. * - * The builder is consumed and cannot be used again, but must still be freed. + * Normally builders are built into rustls_client_config via `rustls_client_config_builder_build` + * and may not be free'd or otherwise used afterwards. * - * The verifier can be used in several `rustls_client_config` instances and must be - * freed by the application when no longer needed. See the documentation of - * `rustls_web_pki_server_cert_verifier_builder_free` for details about lifetime. + * Use free only when the building of a config has to be aborted before a config + * was created. */ -rustls_result rustls_web_pki_server_cert_verifier_builder_build(struct rustls_web_pki_server_cert_verifier_builder *builder, - struct rustls_server_cert_verifier **verifier_out); +void rustls_client_config_builder_free(struct rustls_client_config_builder *config); /** - * Free a `rustls_server_cert_verifier_builder` previously returned from - * `rustls_server_cert_verifier_builder_new`. + * Returns true if a `rustls_connection` created from the `rustls_client_config` will + * operate in FIPS mode. * - * Calling with NULL is fine. Must not be called twice with the same value. + * This is different from `rustls_crypto_provider_fips` which is concerned + * only with cryptography, whereas this also covers TLS-level configuration that NIST + * recommends, as well as ECH HPKE suites if applicable. */ -void rustls_web_pki_server_cert_verifier_builder_free(struct rustls_web_pki_server_cert_verifier_builder *builder); +bool rustls_client_config_fips(const struct rustls_client_config *config); /** - * Create a verifier that uses the default behavior for the current platform. + * "Free" a `rustls_client_config` previously returned from + * `rustls_client_config_builder_build`. * - * This uses [`rustls-platform-verifier`][]. + * Since `rustls_client_config` is actually an atomically reference-counted pointer, + * extant client connections may still hold an internal reference to the Rust object. * - * The verifier can be used in several `rustls_client_config` instances and must be freed by - * the application using `rustls_server_cert_verifier_free` when no longer needed. + * However, C code must consider this pointer unusable after "free"ing it. * - * [`rustls-platform-verifier`]: https://github.com/rustls/rustls-platform-verifier + * Calling with NULL is fine. Must not be called twice with the same value. */ -rustls_result rustls_platform_server_cert_verifier(struct rustls_server_cert_verifier **verifier_out); +void rustls_client_config_free(const struct rustls_client_config *config); /** - * Create a verifier that uses the default behavior for the current platform. + * Create a new rustls_connection containing a client connection and return + * it in the output parameter `conn_out`. * - * This uses [`rustls-platform-verifier`][] and the specified crypto provider. + * If this returns an error code, the memory pointed to by `conn_out` remains + * unchanged. * - * The verifier can be used in several `rustls_client_config` instances and must be freed by - * the application using `rustls_server_cert_verifier_free` when no longer needed. + * If this returns a non-error, the memory pointed to by `conn_out` + * is modified to point at a valid `rustls_connection`. The caller now owns + * the `rustls_connection` and must call `rustls_connection_free` when done with it. * - * [`rustls-platform-verifier`]: https://github.com/rustls/rustls-platform-verifier + * The server_name parameter can contain a hostname or an IP address in + * textual form (IPv4 or IPv6). This function will return an error if it + * cannot be parsed as one of those types. */ -struct rustls_server_cert_verifier *rustls_platform_server_cert_verifier_with_provider(const struct rustls_crypto_provider *provider); +rustls_result rustls_client_connection_new(const struct rustls_client_config *config, + const char *server_name, + struct rustls_connection **conn_out); /** - * Free a `rustls_server_cert_verifier` previously returned from - * `rustls_server_cert_verifier_builder_build` or `rustls_platform_server_cert_verifier`. - * - * Calling with NULL is fine. Must not be called twice with the same value. + * Set the userdata pointer associated with this connection. This will be passed + * to any callbacks invoked by the connection, if you've set up callbacks in the config. + * The pointed-to data must outlive the connection. */ -void rustls_server_cert_verifier_free(struct rustls_server_cert_verifier *verifier); +void rustls_connection_set_userdata(struct rustls_connection *conn, void *userdata); /** - * Create a rustls_client_config_builder using the process default crypto provider. - * - * Caller owns the memory and must eventually call `rustls_client_config_builder_build`, - * then free the resulting `rustls_client_config`. - * - * Alternatively, if an error occurs or, you don't wish to build a config, - * call `rustls_client_config_builder_free` to free the builder directly. - * - * This uses the process default provider's values for the cipher suites and key - * exchange groups, as well as safe defaults for protocol versions. - * - * This starts out with no trusted roots. Caller must add roots with - * rustls_client_config_builder_load_roots_from_file or provide a custom verifier. + * Set the logging callback for this connection. The log callback will be invoked + * with the userdata parameter previously set by rustls_connection_set_userdata, or + * NULL if no userdata was set. */ -struct rustls_client_config_builder *rustls_client_config_builder_new(void); - -/** - * Create a rustls_client_config_builder using the specified crypto provider. - * - * Caller owns the memory and must eventually call `rustls_client_config_builder_build`, - * then free the resulting `rustls_client_config`. - * - * Alternatively, if an error occurs or, you don't wish to build a config, - * call `rustls_client_config_builder_free` to free the builder directly. - * - * `tls_version` sets the TLS protocol versions to use when negotiating a TLS session. - * `tls_version` is the version of the protocol, as defined in rfc8446, - * ch. 4.2.1 and end of ch. 5.1. Some values are defined in - * `rustls_tls_version` for convenience, and the arrays - * RUSTLS_DEFAULT_VERSIONS or RUSTLS_ALL_VERSIONS can be used directly. - * - * `tls_versions` will only be used during the call and the application retains - * ownership. `tls_versions_len` is the number of consecutive `uint16_t` - * pointed to by `tls_versions`. - * - * Ciphersuites are configured separately via the crypto provider. See - * `rustls_crypto_provider_builder_set_cipher_suites` for more information. - */ -rustls_result rustls_client_config_builder_new_custom(const struct rustls_crypto_provider *provider, - const uint16_t *tls_versions, - size_t tls_versions_len, - struct rustls_client_config_builder **builder_out); - -/** - * Set a custom server certificate verifier using the builder crypto provider. - * Returns rustls_result::NoDefaultCryptoProvider if no process default crypto - * provider has been set, and the builder was not constructed with an explicit - * provider choice. - * - * The callback must not capture any of the pointers in its - * rustls_verify_server_cert_params. - * If `userdata` has been set with rustls_connection_set_userdata, it - * will be passed to the callback. Otherwise the userdata param passed to - * the callback will be NULL. - * - * The callback must be safe to call on any thread at any time, including - * multiple concurrent calls. So, for instance, if the callback mutates - * userdata (or other shared state), it must use synchronization primitives - * to make such mutation safe. - * - * The callback receives certificate chain information as raw bytes. - * Currently this library offers no functions to parse the certificates, - * so you'll need to bring your own certificate parsing library - * if you need to parse them. - * - * If the custom verifier accepts the certificate, it should return - * RUSTLS_RESULT_OK. Otherwise, it may return any other rustls_result error. - * Feel free to use an appropriate error from the RUSTLS_RESULT_CERT_* - * section. - * - * - */ -rustls_result rustls_client_config_builder_dangerous_set_certificate_verifier(struct rustls_client_config_builder *config_builder, - rustls_verify_server_cert_callback callback); - -/** - * Configure the server certificate verifier. - * - * This increases the reference count of `verifier` and does not take ownership. - */ -void rustls_client_config_builder_set_server_verifier(struct rustls_client_config_builder *builder, - const struct rustls_server_cert_verifier *verifier); - -/** - * Set the ALPN protocol list to the given protocols. - * - * `protocols` must point to a buffer of `rustls_slice_bytes` (built by the caller) with `len` - * elements. - * - * Each element of the buffer must be a rustls_slice_bytes whose - * data field points to a single ALPN protocol ID. - * - * Standard ALPN protocol IDs are defined at - * . - * - * This function makes a copy of the data in `protocols` and does not retain - * any pointers, so the caller can free the pointed-to memory after calling. - * - * - */ -rustls_result rustls_client_config_builder_set_alpn_protocols(struct rustls_client_config_builder *builder, - const struct rustls_slice_bytes *protocols, - size_t len); - -/** - * Enable or disable SNI. - * - */ -void rustls_client_config_builder_set_enable_sni(struct rustls_client_config_builder *config, - bool enable); - -/** - * Provide the configuration a list of certificates where the connection - * will select the first one that is compatible with the server's signature - * verification capabilities. - * - * Clients that want to support both ECDSA and RSA certificates will want the - * ECSDA to go first in the list. - * - * The built configuration will keep a reference to all certified keys - * provided. The client may `rustls_certified_key_free()` afterwards - * without the configuration losing them. The same certified key may also - * be used in multiple configs. - * - * EXPERIMENTAL: installing a client authentication callback will replace any - * configured certified keys and vice versa. - */ -rustls_result rustls_client_config_builder_set_certified_key(struct rustls_client_config_builder *builder, - const struct rustls_certified_key *const *certified_keys, - size_t certified_keys_len); - -/** - * Log key material to the file specified by the `SSLKEYLOGFILE` environment variable. - * - * The key material will be logged in the NSS key log format, - * and is - * compatible with tools like Wireshark. - * - * Secrets logged in this manner are **extremely sensitive** and can break the security - * of past, present and future sessions. - * - * For more control over which secrets are logged, or to customize the format, prefer - * `rustls_client_config_builder_set_key_log`. - */ -rustls_result rustls_client_config_builder_set_key_log_file(struct rustls_client_config_builder *builder); - -/** - * Provide callbacks to manage logging key material. - * - * The `log_cb` argument is mandatory and must not be `NULL` or a `NullParameter` error is - * returned. The `log_cb` will be invoked with a `client_random` to identify the relevant session, - * a `label` to identify the purpose of the `secret`, and the `secret` itself. See the - * Rustls documentation of the `KeyLog` trait for more information on possible labels: - * - * - * The `will_log_cb` may be `NULL`, in which case all key material will be provided to - * the `log_cb`. By providing a custom `will_log_cb` you may return `0` for labels you don't - * wish to log, and non-zero for labels you _do_ wish to log as a performance optimization. - * - * Both callbacks **must** be thread-safe. Arguments provided to the callback live only for as - * long as the callback is executing and are not valid after the callback returns. The - * callbacks must not retain references to the provided data. - * - * Secrets provided to the `log_cb` are **extremely sensitive** and can break the security - * of past, present and future sessions. - * - * See also `rustls_client_config_builder_set_key_log_file` for a simpler way to log - * to a file specified by the `SSLKEYLOGFILE` environment variable. - */ -rustls_result rustls_client_config_builder_set_key_log(struct rustls_client_config_builder *builder, - rustls_keylog_log_callback log_cb, - rustls_keylog_will_log_callback will_log_cb); - -/** - * Configure the client for Encrypted Client Hello (ECH). - * - * This requires providing a TLS encoded list of ECH configurations that should - * have been retrieved from the DNS HTTPS record for the domain you intend to connect to. - * This should be done using DNS-over-HTTPS to avoid leaking the domain name you are - * connecting to ahead of the TLS handshake. - * - * At least one of the ECH configurations must be compatible with the provided `rustls_hpke` - * instance. See `rustls_supported_hpke()` for more information. - * - * Calling this function will replace any existing ECH configuration set by - * previous calls to `rustls_client_config_builder_enable_ech()` or - * `rustls_client_config_builder_enable_ech_grease()`. - * - * The provided `ech_config_list_bytes` and `rustls_hpke` must not be NULL or an - * error will be returned. The caller maintains ownership of the ECH config list TLS bytes - * and `rustls_hpke` instance. This function does not retain any reference to - * `ech_config_list_bytes`. - * - * A `RUSTLS_RESULT_BUILDER_INCOMPATIBLE_TLS_VERSIONS` error is returned if the builder's - * TLS versions have been customized via `rustls_client_config_builder_new_custom()` - * and the customization isn't "only TLS 1.3". ECH may only be used with TLS 1.3. - */ -rustls_result rustls_client_config_builder_enable_ech(struct rustls_client_config_builder *builder, - const uint8_t *ech_config_list_bytes, - size_t ech_config_list_bytes_size, - const struct rustls_hpke *hpke); - -/** - * Configure the client for GREASE Encrypted Client Hello (ECH). - * - * This is a feature to prevent ossification of the TLS handshake by acting as though - * ECH were configured for an imaginary ECH config generated with one of the - * `rustls_hpke` supported suites, chosen at random. - * - * The provided `rustls_client_config_builder` and `rustls_hpke` must not be NULL or an - * error will be returned. The caller maintains ownership of both the - * `rustls_client_config_builder` and the `rustls_hpke` instance. - * - * Calling this function will replace any existing ECH configuration set by - * previous calls to `rustls_client_config_builder_enable_ech()` or - * `rustls_client_config_builder_enable_ech_grease()`. - * - * A `RUSTLS_RESULT_BUILDER_INCOMPATIBLE_TLS_VERSIONS` error is returned if the builder's - * TLS versions have been customized via `rustls_client_config_builder_new_custom()` - * and the customization isn't "only TLS 1.3". ECH may only be used with TLS 1.3. - */ -rustls_result rustls_client_config_builder_enable_ech_grease(struct rustls_client_config_builder *builder, - const struct rustls_hpke *hpke); - -/** - * Turn a *rustls_client_config_builder (mutable) into a const *rustls_client_config - * (read-only). - */ -rustls_result rustls_client_config_builder_build(struct rustls_client_config_builder *builder, - const struct rustls_client_config **config_out); - -/** - * "Free" a client_config_builder without building it into a rustls_client_config. - * - * Normally builders are built into rustls_client_config via `rustls_client_config_builder_build` - * and may not be free'd or otherwise used afterwards. - * - * Use free only when the building of a config has to be aborted before a config - * was created. - */ -void rustls_client_config_builder_free(struct rustls_client_config_builder *config); - -/** - * Returns true if a `rustls_connection` created from the `rustls_client_config` will - * operate in FIPS mode. - * - * This is different from `rustls_crypto_provider_fips` which is concerned - * only with cryptography, whereas this also covers TLS-level configuration that NIST - * recommends, as well as ECH HPKE suites if applicable. - */ -bool rustls_client_config_fips(const struct rustls_client_config *config); - -/** - * "Free" a `rustls_client_config` previously returned from - * `rustls_client_config_builder_build`. - * - * Since `rustls_client_config` is actually an atomically reference-counted pointer, - * extant client connections may still hold an internal reference to the Rust object. - * - * However, C code must consider this pointer unusable after "free"ing it. - * - * Calling with NULL is fine. Must not be called twice with the same value. - */ -void rustls_client_config_free(const struct rustls_client_config *config); - -/** - * Create a new rustls_connection containing a client connection and return - * it in the output parameter `conn_out`. - * - * If this returns an error code, the memory pointed to by `conn_out` remains - * unchanged. - * - * If this returns a non-error, the memory pointed to by `conn_out` - * is modified to point at a valid `rustls_connection`. The caller now owns - * the `rustls_connection` and must call `rustls_connection_free` when done with it. - * - * The server_name parameter can contain a hostname or an IP address in - * textual form (IPv4 or IPv6). This function will return an error if it - * cannot be parsed as one of those types. - */ -rustls_result rustls_client_connection_new(const struct rustls_client_config *config, - const char *server_name, - struct rustls_connection **conn_out); - -/** - * Set the userdata pointer associated with this connection. This will be passed - * to any callbacks invoked by the connection, if you've set up callbacks in the config. - * The pointed-to data must outlive the connection. - */ -void rustls_connection_set_userdata(struct rustls_connection *conn, void *userdata); - -/** - * Set the logging callback for this connection. The log callback will be invoked - * with the userdata parameter previously set by rustls_connection_set_userdata, or - * NULL if no userdata was set. - */ -void rustls_connection_set_log_callback(struct rustls_connection *conn, rustls_log_callback cb); +void rustls_connection_set_log_callback(struct rustls_connection *conn, rustls_log_callback cb); /** * Read some TLS bytes from the network into internal buffers. The actual network @@ -2395,336 +2104,627 @@ void rustls_signing_key_free(struct rustls_signing_key *signing_key); * * HPKE is only supported with the `aws-lc-rs` cryptography provider. * - * The returned pointer has a static lifetime equal to that of the program and does not - * need to be freed. + * The returned pointer has a static lifetime equal to that of the program and does not + * need to be freed. + */ +const struct rustls_hpke *rustls_supported_hpke(void); + +/** + * Convert a `rustls_handshake_kind` to a string with a friendly description of the kind + * of handshake. + * + * The returned `rustls_str` has a static lifetime equal to that of the program and does + * not need to be manually freed. + */ +struct rustls_str rustls_handshake_kind_str(enum rustls_handshake_kind kind); + +/** + * After a rustls function returns an error, you may call + * this to get a pointer to a buffer containing a detailed error + * message. + * + * The contents of the error buffer will be out_n bytes long, + * UTF-8 encoded, and not NUL-terminated. + */ +void rustls_error(unsigned int result, char *buf, size_t len, size_t *out_n); + +bool rustls_result_is_cert_error(unsigned int result); + +/** + * Return a rustls_str containing the stringified version of a log level. + */ +struct rustls_str rustls_log_level_str(rustls_log_level level); + +/** + * Return the length of the outer slice. If the input pointer is NULL, + * returns 0. + */ +size_t rustls_slice_slice_bytes_len(const struct rustls_slice_slice_bytes *input); + +/** + * Retrieve the nth element from the input slice of slices. + * + * If the input pointer is NULL, or n is greater than the length + * of the `rustls_slice_slice_bytes`, returns rustls_slice_bytes{NULL, 0}. + */ +struct rustls_slice_bytes rustls_slice_slice_bytes_get(const struct rustls_slice_slice_bytes *input, + size_t n); + +/** + * Return the length of the outer slice. + * + * If the input pointer is NULL, returns 0. + */ +size_t rustls_slice_str_len(const struct rustls_slice_str *input); + +/** + * Retrieve the nth element from the input slice of `&str`s. + * + * If the input pointer is NULL, or n is greater than the length of the + * rustls_slice_str, returns rustls_str{NULL, 0}. + */ +struct rustls_str rustls_slice_str_get(const struct rustls_slice_str *input, size_t n); + +/** + * Create a rustls_server_config_builder using the process default crypto provider. + * + * Caller owns the memory and must eventually call rustls_server_config_builder_build, + * then free the resulting rustls_server_config. + * + * Alternatively, if an error occurs or, you don't wish to build a config, call + * `rustls_server_config_builder_free` to free the builder directly. + * + * This uses the process default provider's values for the cipher suites and key exchange + * groups, as well as safe defaults for protocol versions. + */ +struct rustls_server_config_builder *rustls_server_config_builder_new(void); + +/** + * Create a rustls_server_config_builder using the specified crypto provider. + * + * Caller owns the memory and must eventually call rustls_server_config_builder_build, + * then free the resulting rustls_server_config. + * + * Alternatively, if an error occurs or, you don't wish to build a config, call + * `rustls_server_config_builder_free` to free the builder directly. + * + * `tls_versions` set the TLS protocol versions to use when negotiating a TLS session. + * + * `tls_versions` is the version of the protocol, as defined in rfc8446, + * ch. 4.2.1 and end of ch. 5.1. Some values are defined in + * `rustls_tls_version` for convenience. + * + * `tls_versions` will only be used during the call and the application retains + * ownership. `tls_versions_len` is the number of consecutive `uint16_t` pointed + * to by `tls_versions`. + * + * Ciphersuites are configured separately via the crypto provider. See + * `rustls_crypto_provider_builder_set_cipher_suites` for more information. + */ +rustls_result rustls_server_config_builder_new_custom(const struct rustls_crypto_provider *provider, + const uint16_t *tls_versions, + size_t tls_versions_len, + struct rustls_server_config_builder **builder_out); + +/** + * Create a rustls_server_config_builder for TLS sessions that may verify client + * certificates. + * + * This increases the refcount of `verifier` and doesn't take ownership. + */ +void rustls_server_config_builder_set_client_verifier(struct rustls_server_config_builder *builder, + const struct rustls_client_cert_verifier *verifier); + +/** + * Log key material to the file specified by the `SSLKEYLOGFILE` environment variable. + * + * The key material will be logged in the NSS key log format, + * and is + * compatible with tools like Wireshark. + * + * Secrets logged in this manner are **extremely sensitive** and can break the security + * of past, present and future sessions. + * + * For more control over which secrets are logged, or to customize the format, prefer + * `rustls_server_config_builder_set_key_log`. + */ +rustls_result rustls_server_config_builder_set_key_log_file(struct rustls_server_config_builder *builder); + +/** + * Provide callbacks to manage logging key material. + * + * The `log_cb` argument is mandatory and must not be `NULL` or a `NullParameter` error is + * returned. The `log_cb` will be invoked with a `client_random` to identify the relevant session, + * a `label` to identify the purpose of the `secret`, and the `secret` itself. See the + * Rustls documentation of the `KeyLog` trait for more information on possible labels: + * + * + * The `will_log_cb` may be `NULL`, in which case all key material will be provided to + * the `log_cb`. By providing a custom `will_log_cb` you may return `0` for labels you don't + * wish to log, and non-zero for labels you _do_ wish to log as a performance optimization. + * + * Both callbacks **must** be thread-safe. Arguments provided to the callback live only for as + * long as the callback is executing and are not valid after the callback returns. The + * callbacks must not retain references to the provided data. + * + * Secrets provided to the `log_cb` are **extremely sensitive** and can break the security + * of past, present and future sessions. + * + * See also `rustls_server_config_builder_set_key_log_file` for a simpler way to log + * to a file specified by the `SSLKEYLOGFILE` environment variable. + */ +rustls_result rustls_server_config_builder_set_key_log(struct rustls_server_config_builder *builder, + rustls_keylog_log_callback log_cb, + rustls_keylog_will_log_callback will_log_cb); + +/** + * "Free" a server_config_builder without building it into a rustls_server_config. + * + * Normally builders are built into rustls_server_configs via `rustls_server_config_builder_build` + * and may not be free'd or otherwise used afterwards. + * + * Use free only when the building of a config has to be aborted before a config + * was created. + */ +void rustls_server_config_builder_free(struct rustls_server_config_builder *config); + +/** + * With `ignore` != 0, the server will ignore the client ordering of cipher + * suites, aka preference, during handshake and respect its own ordering + * as configured. + * + */ +rustls_result rustls_server_config_builder_set_ignore_client_order(struct rustls_server_config_builder *builder, + bool ignore); + +/** + * Set the ALPN protocol list to the given protocols. + * + * `protocols` must point to a buffer of `rustls_slice_bytes` (built by the caller) + * with `len` elements. Each element of the buffer must point to a slice of bytes that + * contains a single ALPN protocol from + * . + * + * This function makes a copy of the data in `protocols` and does not retain + * any pointers, so the caller can free the pointed-to memory after calling. + * + * + */ +rustls_result rustls_server_config_builder_set_alpn_protocols(struct rustls_server_config_builder *builder, + const struct rustls_slice_bytes *protocols, + size_t len); + +/** + * Provide the configuration a list of certificates where the connection + * will select the first one that is compatible with the client's signature + * verification capabilities. + * + * Servers that want to support both ECDSA and RSA certificates will want + * the ECSDA to go first in the list. + * + * The built configuration will keep a reference to all certified keys + * provided. The client may `rustls_certified_key_free()` afterwards + * without the configuration losing them. The same certified key may also + * be used in multiple configs. + * + * EXPERIMENTAL: installing a client_hello callback will replace any + * configured certified keys and vice versa. + */ +rustls_result rustls_server_config_builder_set_certified_keys(struct rustls_server_config_builder *builder, + const struct rustls_certified_key *const *certified_keys, + size_t certified_keys_len); + +/** + * Turn a *rustls_server_config_builder (mutable) into a const *rustls_server_config + * (read-only). The constructed `rustls_server_config` will be written to the `config_out` + * pointer when this function returns `rustls_result::Ok`. + * + * This function may return an error if no process default crypto provider has been set + * and the builder was constructed using `rustls_server_config_builder_new`, or if no + * certificate resolver was set. + */ +rustls_result rustls_server_config_builder_build(struct rustls_server_config_builder *builder, + const struct rustls_server_config **config_out); + +/** + * Returns true if a `rustls_connection` created from the `rustls_server_config` will + * operate in FIPS mode. + * + * This is different from `rustls_crypto_provider_fips` which is concerned + * only with cryptography, whereas this also covers TLS-level configuration that NIST + * recommends, as well as ECH HPKE suites if applicable. */ -const struct rustls_hpke *rustls_supported_hpke(void); +bool rustls_server_config_fips(const struct rustls_server_config *config); /** - * Convert a `rustls_handshake_kind` to a string with a friendly description of the kind - * of handshake. + * "Free" a rustls_server_config previously returned from + * rustls_server_config_builder_build. * - * The returned `rustls_str` has a static lifetime equal to that of the program and does - * not need to be manually freed. + * Since rustls_server_config is actually an + * atomically reference-counted pointer, extant server connections may still + * hold an internal reference to the Rust object. However, C code must + * consider this pointer unusable after "free"ing it. + * Calling with NULL is fine. Must not be called twice with the same value. */ -struct rustls_str rustls_handshake_kind_str(enum rustls_handshake_kind kind); +void rustls_server_config_free(const struct rustls_server_config *config); /** - * After a rustls function returns an error, you may call - * this to get a pointer to a buffer containing a detailed error - * message. + * Create a new rustls_connection containing a server connection, and return it. * - * The contents of the error buffer will be out_n bytes long, - * UTF-8 encoded, and not NUL-terminated. + * It is returned in the output parameter `conn_out`. + * + * If this returns an error code, the memory pointed to by `conn_out` remains unchanged. + * + * If this returns a non-error, the memory pointed to by `conn_out` is modified to point + * at a valid rustls_connection + * + * The caller now owns the rustls_connection and must call `rustls_connection_free` when + * done with it. */ -void rustls_error(unsigned int result, char *buf, size_t len, size_t *out_n); - -bool rustls_result_is_cert_error(unsigned int result); +rustls_result rustls_server_connection_new(const struct rustls_server_config *config, + struct rustls_connection **conn_out); /** - * Return a rustls_str containing the stringified version of a log level. + * Copy the server name from the server name indication (SNI) extension to `buf`. + * + * `buf` can hold up to `count` bytes, and the length of that server name in `out_n`. + * + * The string is stored in UTF-8 with no terminating NUL byte. + * + * Returns RUSTLS_RESULT_INSUFFICIENT_SIZE if the SNI hostname is longer than `count`. + * + * Returns Ok with *out_n == 0 if there is no SNI hostname available on this connection + * because it hasn't been processed yet, or because the client did not send SNI. + * */ -struct rustls_str rustls_log_level_str(rustls_log_level level); +rustls_result rustls_server_connection_get_server_name(const struct rustls_connection *conn, + uint8_t *buf, + size_t count, + size_t *out_n); /** - * Return the length of the outer slice. If the input pointer is NULL, - * returns 0. + * Register a callback to be invoked when a connection created from this config + * sees a TLS ClientHello message. If `userdata` has been set with + * rustls_connection_set_userdata, it will be passed to the callback. + * Otherwise the userdata param passed to the callback will be NULL. + * + * Any existing `ResolvesServerCert` implementation currently installed in the + * `rustls_server_config` will be replaced. This also means registering twice + * will overwrite the first registration. It is not permitted to pass a NULL + * value for `callback`. + * + * EXPERIMENTAL: this feature of rustls-ffi is likely to change in the future, as + * the rustls library is re-evaluating their current approach to client hello handling. + * Installing a client_hello callback will replace any configured certified keys + * and vice versa. Same holds true for the set_certified_keys variant. */ -size_t rustls_slice_slice_bytes_len(const struct rustls_slice_slice_bytes *input); +rustls_result rustls_server_config_builder_set_hello_callback(struct rustls_server_config_builder *builder, + rustls_client_hello_callback callback); /** - * Retrieve the nth element from the input slice of slices. + * Select a `rustls_certified_key` from the list that matches the cryptographic + * parameters of a TLS client hello. * - * If the input pointer is NULL, or n is greater than the length - * of the `rustls_slice_slice_bytes`, returns rustls_slice_bytes{NULL, 0}. + * Note that this does not do any SNI matching. The input certificates should + * already have been filtered to ones matching the SNI from the client hello. + * + * This is intended for servers that are configured with several keys for the + * same domain name(s), for example ECDSA and RSA types. The presented keys are + * inspected in the order given and keys first in the list are given preference, + * all else being equal. However rustls is free to choose whichever it considers + * to be the best key with its knowledge about security issues and possible future + * extensions of the protocol. + * + * Return RUSTLS_RESULT_OK if a key was selected and RUSTLS_RESULT_NOT_FOUND + * if none was suitable. */ -struct rustls_slice_bytes rustls_slice_slice_bytes_get(const struct rustls_slice_slice_bytes *input, - size_t n); +rustls_result rustls_client_hello_select_certified_key(const struct rustls_client_hello *hello, + const struct rustls_certified_key *const *certified_keys, + size_t certified_keys_len, + const struct rustls_certified_key **out_key); /** - * Return the length of the outer slice. + * Register callbacks for persistence of TLS session IDs and secrets. Both + * keys and values are highly sensitive data, containing enough information + * to break the security of the connections involved. * - * If the input pointer is NULL, returns 0. + * If `userdata` has been set with rustls_connection_set_userdata, it + * will be passed to the callbacks. Otherwise the userdata param passed to + * the callbacks will be NULL. */ -size_t rustls_slice_str_len(const struct rustls_slice_str *input); +rustls_result rustls_server_config_builder_set_persistence(struct rustls_server_config_builder *builder, + rustls_session_store_get_callback get_cb, + rustls_session_store_put_callback put_cb); /** - * Retrieve the nth element from the input slice of `&str`s. - * - * If the input pointer is NULL, or n is greater than the length of the - * rustls_slice_str, returns rustls_str{NULL, 0}. + * Free a `rustls_client_cert_verifier` previously returned from + * `rustls_client_cert_verifier_builder_build`. Calling with NULL is fine. Must not be + * called twice with the same value. */ -struct rustls_str rustls_slice_str_get(const struct rustls_slice_str *input, size_t n); +void rustls_client_cert_verifier_free(struct rustls_client_cert_verifier *verifier); /** - * Create a rustls_server_config_builder using the process default crypto provider. + * Create a `rustls_web_pki_client_cert_verifier_builder` using the process-wide default + * cryptography provider. * - * Caller owns the memory and must eventually call rustls_server_config_builder_build, - * then free the resulting rustls_server_config. + * Caller owns the memory and may eventually call `rustls_web_pki_client_cert_verifier_builder_free` + * to free it, whether or not `rustls_web_pki_client_cert_verifier_builder_build` was called. * - * Alternatively, if an error occurs or, you don't wish to build a config, call - * `rustls_server_config_builder_free` to free the builder directly. + * Without further modification the builder will produce a client certificate verifier that + * will require a client present a client certificate that chains to one of the trust anchors + * in the provided `rustls_root_cert_store`. The root cert store must not be empty. * - * This uses the process default provider's values for the cipher suites and key exchange - * groups, as well as safe defaults for protocol versions. + * Revocation checking will not be performed unless + * `rustls_web_pki_client_cert_verifier_builder_add_crl` is used to add certificate revocation + * lists (CRLs) to the builder. If CRLs are added, revocation checking will be performed + * for the entire certificate chain unless + * `rustls_web_pki_client_cert_verifier_only_check_end_entity_revocation` is used. Unknown + * revocation status for certificates considered for revocation status will be treated as + * an error unless `rustls_web_pki_client_cert_verifier_allow_unknown_revocation_status` is + * used. + * + * Unauthenticated clients will not be permitted unless + * `rustls_web_pki_client_cert_verifier_builder_allow_unauthenticated` is used. + * + * This copies the contents of the `rustls_root_cert_store`. It does not take + * ownership of the pointed-to data. */ -struct rustls_server_config_builder *rustls_server_config_builder_new(void); +struct rustls_web_pki_client_cert_verifier_builder *rustls_web_pki_client_cert_verifier_builder_new(const struct rustls_root_cert_store *store); /** - * Create a rustls_server_config_builder using the specified crypto provider. - * - * Caller owns the memory and must eventually call rustls_server_config_builder_build, - * then free the resulting rustls_server_config. + * Create a `rustls_web_pki_client_cert_verifier_builder` using the specified + * cryptography provider. * - * Alternatively, if an error occurs or, you don't wish to build a config, call - * `rustls_server_config_builder_free` to free the builder directly. + * Caller owns the memory and may eventually call + * `rustls_web_pki_client_cert_verifier_builder_free` to free it, whether or + * not `rustls_web_pki_client_cert_verifier_builder_build` was called. * - * `tls_versions` set the TLS protocol versions to use when negotiating a TLS session. + * Without further modification the builder will produce a client certificate verifier that + * will require a client present a client certificate that chains to one of the trust anchors + * in the provided `rustls_root_cert_store`. The root cert store must not be empty. * - * `tls_versions` is the version of the protocol, as defined in rfc8446, - * ch. 4.2.1 and end of ch. 5.1. Some values are defined in - * `rustls_tls_version` for convenience. + * Revocation checking will not be performed unless + * `rustls_web_pki_client_cert_verifier_builder_add_crl` is used to add certificate revocation + * lists (CRLs) to the builder. If CRLs are added, revocation checking will be performed + * for the entire certificate chain unless + * `rustls_web_pki_client_cert_verifier_only_check_end_entity_revocation` is used. Unknown + * revocation status for certificates considered for revocation status will be treated as + * an error unless `rustls_web_pki_client_cert_verifier_allow_unknown_revocation_status` is + * used. * - * `tls_versions` will only be used during the call and the application retains - * ownership. `tls_versions_len` is the number of consecutive `uint16_t` pointed - * to by `tls_versions`. + * Unauthenticated clients will not be permitted unless + * `rustls_web_pki_client_cert_verifier_builder_allow_unauthenticated` is used. * - * Ciphersuites are configured separately via the crypto provider. See - * `rustls_crypto_provider_builder_set_cipher_suites` for more information. + * This copies the contents of the `rustls_root_cert_store`. It does not take + * ownership of the pointed-to data. */ -rustls_result rustls_server_config_builder_new_custom(const struct rustls_crypto_provider *provider, - const uint16_t *tls_versions, - size_t tls_versions_len, - struct rustls_server_config_builder **builder_out); +struct rustls_web_pki_client_cert_verifier_builder *rustls_web_pki_client_cert_verifier_builder_new_with_provider(const struct rustls_crypto_provider *provider, + const struct rustls_root_cert_store *store); /** - * Create a rustls_server_config_builder for TLS sessions that may verify client - * certificates. + * Add one or more certificate revocation lists (CRLs) to the client certificate verifier + * builder by reading the CRL content from the provided buffer of PEM encoded content. * - * This increases the refcount of `verifier` and doesn't take ownership. + * By default revocation checking will be performed on the entire certificate chain. To only + * check the revocation status of the end entity certificate, use + * `rustls_web_pki_client_cert_verifier_only_check_end_entity_revocation`. + * + * This function returns an error if the provided buffer is not valid PEM encoded content. */ -void rustls_server_config_builder_set_client_verifier(struct rustls_server_config_builder *builder, - const struct rustls_client_cert_verifier *verifier); +rustls_result rustls_web_pki_client_cert_verifier_builder_add_crl(struct rustls_web_pki_client_cert_verifier_builder *builder, + const uint8_t *crl_pem, + size_t crl_pem_len); /** - * Log key material to the file specified by the `SSLKEYLOGFILE` environment variable. - * - * The key material will be logged in the NSS key log format, - * and is - * compatible with tools like Wireshark. - * - * Secrets logged in this manner are **extremely sensitive** and can break the security - * of past, present and future sessions. - * - * For more control over which secrets are logged, or to customize the format, prefer - * `rustls_server_config_builder_set_key_log`. + * When CRLs are provided with `rustls_web_pki_client_cert_verifier_builder_add_crl`, only + * check the revocation status of end entity certificates, ignoring any intermediate certificates + * in the chain. */ -rustls_result rustls_server_config_builder_set_key_log_file(struct rustls_server_config_builder *builder); +rustls_result rustls_web_pki_client_cert_verifier_only_check_end_entity_revocation(struct rustls_web_pki_client_cert_verifier_builder *builder); /** - * Provide callbacks to manage logging key material. - * - * The `log_cb` argument is mandatory and must not be `NULL` or a `NullParameter` error is - * returned. The `log_cb` will be invoked with a `client_random` to identify the relevant session, - * a `label` to identify the purpose of the `secret`, and the `secret` itself. See the - * Rustls documentation of the `KeyLog` trait for more information on possible labels: - * - * - * The `will_log_cb` may be `NULL`, in which case all key material will be provided to - * the `log_cb`. By providing a custom `will_log_cb` you may return `0` for labels you don't - * wish to log, and non-zero for labels you _do_ wish to log as a performance optimization. + * When CRLs are provided with `rustls_web_pki_client_cert_verifier_builder_add_crl`, and it + * isn't possible to determine the revocation status of a considered certificate, do not treat + * it as an error condition. * - * Both callbacks **must** be thread-safe. Arguments provided to the callback live only for as - * long as the callback is executing and are not valid after the callback returns. The - * callbacks must not retain references to the provided data. + * Overrides the default behavior where unknown revocation status is considered an error. + */ +rustls_result rustls_web_pki_client_cert_verifier_allow_unknown_revocation_status(struct rustls_web_pki_client_cert_verifier_builder *builder); + +/** + * Allow unauthenticated anonymous clients in addition to those that present a client + * certificate that chains to one of the verifier's configured trust anchors. + */ +rustls_result rustls_web_pki_client_cert_verifier_builder_allow_unauthenticated(struct rustls_web_pki_client_cert_verifier_builder *builder); + +/** + * Clear the list of trust anchor hint subjects. * - * Secrets provided to the `log_cb` are **extremely sensitive** and can break the security - * of past, present and future sessions. + * By default, the client cert verifier will use the subjects provided by the root cert + * store configured for client authentication. Calling this function will remove these + * hint subjects, indicating the client should make a free choice of which certificate + * to send. + */ +rustls_result rustls_web_pki_client_cert_verifier_clear_root_hint_subjects(struct rustls_web_pki_client_cert_verifier_builder *builder); + +/** + * Add additional distinguished names to the list of trust anchor hint subjects. * - * See also `rustls_server_config_builder_set_key_log_file` for a simpler way to log - * to a file specified by the `SSLKEYLOGFILE` environment variable. + * By default, the client cert verifier will use the subjects provided by the root cert + * store configured for client authentication. Calling this function will add to these + * existing hint subjects. Calling this function with an empty `store` will have no + * effect, use `rustls_web_pki_client_cert_verifier_clear_root_hint_subjects` to clear + * the subject hints. */ -rustls_result rustls_server_config_builder_set_key_log(struct rustls_server_config_builder *builder, - rustls_keylog_log_callback log_cb, - rustls_keylog_will_log_callback will_log_cb); +rustls_result rustls_web_pki_client_cert_verifier_add_root_hint_subjects(struct rustls_web_pki_client_cert_verifier_builder *builder, + const struct rustls_root_cert_store *store); /** - * "Free" a server_config_builder without building it into a rustls_server_config. + * Create a new client certificate verifier from the builder. * - * Normally builders are built into rustls_server_configs via `rustls_server_config_builder_build` - * and may not be free'd or otherwise used afterwards. + * The builder is consumed and cannot be used again, but must still be freed. * - * Use free only when the building of a config has to be aborted before a config - * was created. + * The verifier can be used in several `rustls_server_config` instances and must be + * freed by the application when no longer needed. See the documentation of + * `rustls_web_pki_client_cert_verifier_builder_free` for details about lifetime. */ -void rustls_server_config_builder_free(struct rustls_server_config_builder *config); +rustls_result rustls_web_pki_client_cert_verifier_builder_build(struct rustls_web_pki_client_cert_verifier_builder *builder, + struct rustls_client_cert_verifier **verifier_out); /** - * With `ignore` != 0, the server will ignore the client ordering of cipher - * suites, aka preference, during handshake and respect its own ordering - * as configured. - * + * Free a `rustls_client_cert_verifier_builder` previously returned from + * `rustls_client_cert_verifier_builder_new`. + * + * Calling with NULL is fine. Must not be called twice with the same value. */ -rustls_result rustls_server_config_builder_set_ignore_client_order(struct rustls_server_config_builder *builder, - bool ignore); +void rustls_web_pki_client_cert_verifier_builder_free(struct rustls_web_pki_client_cert_verifier_builder *builder); /** - * Set the ALPN protocol list to the given protocols. + * Create a `rustls_web_pki_server_cert_verifier_builder` using the process-wide default + * crypto provider. Caller owns the memory and may free it with * - * `protocols` must point to a buffer of `rustls_slice_bytes` (built by the caller) - * with `len` elements. Each element of the buffer must point to a slice of bytes that - * contains a single ALPN protocol from - * . + * Caller owns the memory and may free it with `rustls_web_pki_server_cert_verifier_builder_free`, + * regardless of whether `rustls_web_pki_server_cert_verifier_builder_build` was called. * - * This function makes a copy of the data in `protocols` and does not retain - * any pointers, so the caller can free the pointed-to memory after calling. + * Without further modification the builder will produce a server certificate verifier that + * will require a server present a certificate that chains to one of the trust anchors + * in the provided `rustls_root_cert_store`. The root cert store must not be empty. * - * + * Revocation checking will not be performed unless + * `rustls_web_pki_server_cert_verifier_builder_add_crl` is used to add certificate revocation + * lists (CRLs) to the builder. If CRLs are added, revocation checking will be performed + * for the entire certificate chain unless + * `rustls_web_pki_server_cert_verifier_only_check_end_entity_revocation` is used. Unknown + * revocation status for certificates considered for revocation status will be treated as + * an error unless `rustls_web_pki_server_cert_verifier_allow_unknown_revocation_status` is + * used. + * + * This copies the contents of the `rustls_root_cert_store`. It does not take + * ownership of the pointed-to data. */ -rustls_result rustls_server_config_builder_set_alpn_protocols(struct rustls_server_config_builder *builder, - const struct rustls_slice_bytes *protocols, - size_t len); +struct rustls_web_pki_server_cert_verifier_builder *rustls_web_pki_server_cert_verifier_builder_new(const struct rustls_root_cert_store *store); /** - * Provide the configuration a list of certificates where the connection - * will select the first one that is compatible with the client's signature - * verification capabilities. + * Create a `rustls_web_pki_server_cert_verifier_builder` using the specified + * crypto provider. Caller owns the memory and may free it with + * `rustls_web_pki_server_cert_verifier_builder_free`, regardless of whether + * `rustls_web_pki_server_cert_verifier_builder_build` was called. * - * Servers that want to support both ECDSA and RSA certificates will want - * the ECSDA to go first in the list. + * Without further modification the builder will produce a server certificate verifier that + * will require a server present a certificate that chains to one of the trust anchors + * in the provided `rustls_root_cert_store`. The root cert store must not be empty. * - * The built configuration will keep a reference to all certified keys - * provided. The client may `rustls_certified_key_free()` afterwards - * without the configuration losing them. The same certified key may also - * be used in multiple configs. + * Revocation checking will not be performed unless + * `rustls_web_pki_server_cert_verifier_builder_add_crl` is used to add certificate revocation + * lists (CRLs) to the builder. If CRLs are added, revocation checking will be performed + * for the entire certificate chain unless + * `rustls_web_pki_server_cert_verifier_only_check_end_entity_revocation` is used. Unknown + * revocation status for certificates considered for revocation status will be treated as + * an error unless `rustls_web_pki_server_cert_verifier_allow_unknown_revocation_status` is + * used. Expired CRLs will not be treated as an error unless + * `rustls_web_pki_server_cert_verifier_enforce_revocation_expiry` is used. * - * EXPERIMENTAL: installing a client_hello callback will replace any - * configured certified keys and vice versa. + * This copies the contents of the `rustls_root_cert_store`. It does not take + * ownership of the pointed-to data. */ -rustls_result rustls_server_config_builder_set_certified_keys(struct rustls_server_config_builder *builder, - const struct rustls_certified_key *const *certified_keys, - size_t certified_keys_len); +struct rustls_web_pki_server_cert_verifier_builder *rustls_web_pki_server_cert_verifier_builder_new_with_provider(const struct rustls_crypto_provider *provider, + const struct rustls_root_cert_store *store); /** - * Turn a *rustls_server_config_builder (mutable) into a const *rustls_server_config - * (read-only). The constructed `rustls_server_config` will be written to the `config_out` - * pointer when this function returns `rustls_result::Ok`. + * Add one or more certificate revocation lists (CRLs) to the server certificate verifier + * builder by reading the CRL content from the provided buffer of PEM encoded content. * - * This function may return an error if no process default crypto provider has been set - * and the builder was constructed using `rustls_server_config_builder_new`, or if no - * certificate resolver was set. + * By default revocation checking will be performed on the entire certificate chain. To only + * check the revocation status of the end entity certificate, use + * `rustls_web_pki_server_cert_verifier_only_check_end_entity_revocation`. + * + * This function returns an error if the provided buffer is not valid PEM encoded content. */ -rustls_result rustls_server_config_builder_build(struct rustls_server_config_builder *builder, - const struct rustls_server_config **config_out); +rustls_result rustls_web_pki_server_cert_verifier_builder_add_crl(struct rustls_web_pki_server_cert_verifier_builder *builder, + const uint8_t *crl_pem, + size_t crl_pem_len); /** - * Returns true if a `rustls_connection` created from the `rustls_server_config` will - * operate in FIPS mode. - * - * This is different from `rustls_crypto_provider_fips` which is concerned - * only with cryptography, whereas this also covers TLS-level configuration that NIST - * recommends, as well as ECH HPKE suites if applicable. + * When CRLs are provided with `rustls_web_pki_server_cert_verifier_builder_add_crl`, only + * check the revocation status of end entity certificates, ignoring any intermediate certificates + * in the chain. */ -bool rustls_server_config_fips(const struct rustls_server_config *config); +rustls_result rustls_web_pki_server_cert_verifier_only_check_end_entity_revocation(struct rustls_web_pki_server_cert_verifier_builder *builder); /** - * "Free" a rustls_server_config previously returned from - * rustls_server_config_builder_build. + * When CRLs are provided with `rustls_web_pki_server_cert_verifier_builder_add_crl`, and it + * isn't possible to determine the revocation status of a considered certificate, do not treat + * it as an error condition. * - * Since rustls_server_config is actually an - * atomically reference-counted pointer, extant server connections may still - * hold an internal reference to the Rust object. However, C code must - * consider this pointer unusable after "free"ing it. - * Calling with NULL is fine. Must not be called twice with the same value. + * Overrides the default behavior where unknown revocation status is considered an error. */ -void rustls_server_config_free(const struct rustls_server_config *config); +rustls_result rustls_web_pki_server_cert_verifier_allow_unknown_revocation_status(struct rustls_web_pki_server_cert_verifier_builder *builder); /** - * Create a new rustls_connection containing a server connection, and return it. - * - * It is returned in the output parameter `conn_out`. - * - * If this returns an error code, the memory pointed to by `conn_out` remains unchanged. - * - * If this returns a non-error, the memory pointed to by `conn_out` is modified to point - * at a valid rustls_connection + * When CRLs are provided with `rustls_web_pki_server_cert_verifier_builder_add_crl`, and the + * CRL nextUpdate field is in the past, treat it as an error condition. * - * The caller now owns the rustls_connection and must call `rustls_connection_free` when - * done with it. + * Overrides the default behavior where CRL expiration is ignored. */ -rustls_result rustls_server_connection_new(const struct rustls_server_config *config, - struct rustls_connection **conn_out); +rustls_result rustls_web_pki_server_cert_verifier_enforce_revocation_expiry(struct rustls_web_pki_server_cert_verifier_builder *builder); /** - * Copy the server name from the server name indication (SNI) extension to `buf`. - * - * `buf` can hold up to `count` bytes, and the length of that server name in `out_n`. + * Create a new server certificate verifier from the builder. * - * The string is stored in UTF-8 with no terminating NUL byte. + * The builder is consumed and cannot be used again, but must still be freed. * - * Returns RUSTLS_RESULT_INSUFFICIENT_SIZE if the SNI hostname is longer than `count`. + * The verifier can be used in several `rustls_client_config` instances and must be + * freed by the application when no longer needed. See the documentation of + * `rustls_web_pki_server_cert_verifier_builder_free` for details about lifetime. + */ +rustls_result rustls_web_pki_server_cert_verifier_builder_build(struct rustls_web_pki_server_cert_verifier_builder *builder, + struct rustls_server_cert_verifier **verifier_out); + +/** + * Free a `rustls_server_cert_verifier_builder` previously returned from + * `rustls_server_cert_verifier_builder_new`. * - * Returns Ok with *out_n == 0 if there is no SNI hostname available on this connection - * because it hasn't been processed yet, or because the client did not send SNI. - * + * Calling with NULL is fine. Must not be called twice with the same value. */ -rustls_result rustls_server_connection_get_server_name(const struct rustls_connection *conn, - uint8_t *buf, - size_t count, - size_t *out_n); +void rustls_web_pki_server_cert_verifier_builder_free(struct rustls_web_pki_server_cert_verifier_builder *builder); /** - * Register a callback to be invoked when a connection created from this config - * sees a TLS ClientHello message. If `userdata` has been set with - * rustls_connection_set_userdata, it will be passed to the callback. - * Otherwise the userdata param passed to the callback will be NULL. + * Create a verifier that uses the default behavior for the current platform. * - * Any existing `ResolvesServerCert` implementation currently installed in the - * `rustls_server_config` will be replaced. This also means registering twice - * will overwrite the first registration. It is not permitted to pass a NULL - * value for `callback`. + * This uses [`rustls-platform-verifier`][]. * - * EXPERIMENTAL: this feature of rustls-ffi is likely to change in the future, as - * the rustls library is re-evaluating their current approach to client hello handling. - * Installing a client_hello callback will replace any configured certified keys - * and vice versa. Same holds true for the set_certified_keys variant. + * The verifier can be used in several `rustls_client_config` instances and must be freed by + * the application using `rustls_server_cert_verifier_free` when no longer needed. + * + * [`rustls-platform-verifier`]: https://github.com/rustls/rustls-platform-verifier */ -rustls_result rustls_server_config_builder_set_hello_callback(struct rustls_server_config_builder *builder, - rustls_client_hello_callback callback); +rustls_result rustls_platform_server_cert_verifier(struct rustls_server_cert_verifier **verifier_out); /** - * Select a `rustls_certified_key` from the list that matches the cryptographic - * parameters of a TLS client hello. + * Create a verifier that uses the default behavior for the current platform. * - * Note that this does not do any SNI matching. The input certificates should - * already have been filtered to ones matching the SNI from the client hello. + * This uses [`rustls-platform-verifier`][] and the specified crypto provider. * - * This is intended for servers that are configured with several keys for the - * same domain name(s), for example ECDSA and RSA types. The presented keys are - * inspected in the order given and keys first in the list are given preference, - * all else being equal. However rustls is free to choose whichever it considers - * to be the best key with its knowledge about security issues and possible future - * extensions of the protocol. + * The verifier can be used in several `rustls_client_config` instances and must be freed by + * the application using `rustls_server_cert_verifier_free` when no longer needed. * - * Return RUSTLS_RESULT_OK if a key was selected and RUSTLS_RESULT_NOT_FOUND - * if none was suitable. + * [`rustls-platform-verifier`]: https://github.com/rustls/rustls-platform-verifier */ -rustls_result rustls_client_hello_select_certified_key(const struct rustls_client_hello *hello, - const struct rustls_certified_key *const *certified_keys, - size_t certified_keys_len, - const struct rustls_certified_key **out_key); +struct rustls_server_cert_verifier *rustls_platform_server_cert_verifier_with_provider(const struct rustls_crypto_provider *provider); /** - * Register callbacks for persistence of TLS session IDs and secrets. Both - * keys and values are highly sensitive data, containing enough information - * to break the security of the connections involved. + * Free a `rustls_server_cert_verifier` previously returned from + * `rustls_server_cert_verifier_builder_build` or `rustls_platform_server_cert_verifier`. * - * If `userdata` has been set with rustls_connection_set_userdata, it - * will be passed to the callbacks. Otherwise the userdata param passed to - * the callbacks will be NULL. + * Calling with NULL is fine. Must not be called twice with the same value. */ -rustls_result rustls_server_config_builder_set_persistence(struct rustls_server_config_builder *builder, - rustls_session_store_get_callback get_cb, - rustls_session_store_put_callback put_cb); +void rustls_server_cert_verifier_free(struct rustls_server_cert_verifier *verifier); + +/** + * Returns a static string containing the rustls-ffi version as well as the + * rustls version. The string is alive for the lifetime of the program and does + * not need to be freed. + */ +struct rustls_str rustls_version(void); #endif /* RUSTLS_H */ From 26af00d31871f17d92137b8c327ee89c2cbcf846 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 19 Dec 2024 15:02:07 -0500 Subject: [PATCH 2/9] switch project to a cargo workspace This commit moves the existing crate into a `librustls` sub-crate in a workspace. Using a workspace will give us more flexibility for introducing helper code without having to awkwardly jam it into integration test binaries or examples. --- .github/workflows/test.yaml | 17 +- .gitignore | 3 +- Cargo.lock | 345 +-- Cargo.toml | 82 +- CMakeLists.txt => librustls/CMakeLists.txt | 0 librustls/Cargo.lock | 2171 +++++++++++++++++ librustls/Cargo.toml | 72 + librustls/LICENSE | 1 + librustls/LICENSE-APACHE | 1 + librustls/LICENSE-MIT | 1 + build.rs => librustls/build.rs | 0 cbindgen.toml => librustls/cbindgen.toml | 0 .../cmake}/custom_function_defs.txt | 0 {cmake => librustls/cmake}/format.cmake | 0 {cmake => librustls/cmake}/options.cmake | 0 {cmake => librustls/cmake}/rust.cmake | 0 {src => librustls/src}/acceptor.rs | 0 {src => librustls/src}/certificate.rs | 0 {src => librustls/src}/cipher.rs | 0 {src => librustls/src}/client.rs | 0 {src => librustls/src}/connection.rs | 0 {src => librustls/src}/crypto_provider.rs | 0 {src => librustls/src}/enums.rs | 0 {src => librustls/src}/error.rs | 0 {src => librustls/src}/ffi.rs | 0 {src => librustls/src}/io.rs | 0 {src => librustls/src}/keylog.rs | 0 {src => librustls/src}/lib.rs | 0 {src => librustls/src}/log.rs | 0 {src => librustls/src}/panic.rs | 0 {src => librustls/src}/rslice.rs | 0 {src => librustls/src}/rustls.h | 0 {src => librustls/src}/server.rs | 0 {src => librustls/src}/session.rs | 0 {src => librustls/src}/userdata.rs | 0 {src => librustls/src}/verifier.rs | 0 {src => librustls/src}/version.rs | 0 .../testdata}/example.com/cert.pem | 0 .../testdata}/example.com/key.pem | 0 .../testdata}/localhost/cert.pem | 0 .../testdata}/localhost/key.pem | 0 .../testdata}/minica-key.pem | 0 {testdata => librustls/testdata}/minica.pem | 0 {testdata => librustls/testdata}/test.crl.pem | 0 {tests => librustls/tests}/CMakeLists.txt | 0 {tests => librustls/tests}/client.c | 0 {tests => librustls/tests}/client.h | 0 {tests => librustls/tests}/client_server.rs | 0 {tests => librustls/tests}/common.c | 0 {tests => librustls/tests}/common.h | 0 {tests => librustls/tests}/ech_fetch.rs | 0 {tests => librustls/tests}/rustls_version.rs | 0 {tests => librustls/tests}/server.c | 0 {tests => librustls/tests}/server.h | 0 {tests => librustls/tests}/static_libs.rs | 0 55 files changed, 2442 insertions(+), 251 deletions(-) rename CMakeLists.txt => librustls/CMakeLists.txt (100%) create mode 100644 librustls/Cargo.lock create mode 100644 librustls/Cargo.toml create mode 120000 librustls/LICENSE create mode 120000 librustls/LICENSE-APACHE create mode 120000 librustls/LICENSE-MIT rename build.rs => librustls/build.rs (100%) rename cbindgen.toml => librustls/cbindgen.toml (100%) rename {cmake => librustls/cmake}/custom_function_defs.txt (100%) rename {cmake => librustls/cmake}/format.cmake (100%) rename {cmake => librustls/cmake}/options.cmake (100%) rename {cmake => librustls/cmake}/rust.cmake (100%) rename {src => librustls/src}/acceptor.rs (100%) rename {src => librustls/src}/certificate.rs (100%) rename {src => librustls/src}/cipher.rs (100%) rename {src => librustls/src}/client.rs (100%) rename {src => librustls/src}/connection.rs (100%) rename {src => librustls/src}/crypto_provider.rs (100%) rename {src => librustls/src}/enums.rs (100%) rename {src => librustls/src}/error.rs (100%) rename {src => librustls/src}/ffi.rs (100%) rename {src => librustls/src}/io.rs (100%) rename {src => librustls/src}/keylog.rs (100%) rename {src => librustls/src}/lib.rs (100%) rename {src => librustls/src}/log.rs (100%) rename {src => librustls/src}/panic.rs (100%) rename {src => librustls/src}/rslice.rs (100%) rename {src => librustls/src}/rustls.h (100%) rename {src => librustls/src}/server.rs (100%) rename {src => librustls/src}/session.rs (100%) rename {src => librustls/src}/userdata.rs (100%) rename {src => librustls/src}/verifier.rs (100%) rename {src => librustls/src}/version.rs (100%) rename {testdata => librustls/testdata}/example.com/cert.pem (100%) rename {testdata => librustls/testdata}/example.com/key.pem (100%) rename {testdata => librustls/testdata}/localhost/cert.pem (100%) rename {testdata => librustls/testdata}/localhost/key.pem (100%) rename {testdata => librustls/testdata}/minica-key.pem (100%) rename {testdata => librustls/testdata}/minica.pem (100%) rename {testdata => librustls/testdata}/test.crl.pem (100%) rename {tests => librustls/tests}/CMakeLists.txt (100%) rename {tests => librustls/tests}/client.c (100%) rename {tests => librustls/tests}/client.h (100%) rename {tests => librustls/tests}/client_server.rs (100%) rename {tests => librustls/tests}/common.c (100%) rename {tests => librustls/tests}/common.h (100%) rename {tests => librustls/tests}/ech_fetch.rs (100%) rename {tests => librustls/tests}/rustls_version.rs (100%) rename {tests => librustls/tests}/server.c (100%) rename {tests => librustls/tests}/server.h (100%) rename {tests => librustls/tests}/static_libs.rs (100%) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index a6d99aa1..51292daf 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -100,7 +100,7 @@ jobs: -DDYN_LINK=${{matrix.dyn_link}} \ -DCMAKE_BUILD_TYPE=Debug \ ${{ matrix.os == 'macos-latest' && '-DCMAKE_OSX_DEPLOYMENT_TARGET=14.5' || '' }} \ - -S . -B build + -S librustls -B build - name: Build run: cmake --build build @@ -120,7 +120,7 @@ jobs: - name: Build release binaries run: | cmake --build build -- clean - CC=${{matrix.cc}} CXX=${{matrix.cc}} cmake -S . -B build -DCRYPTO_PROVIDER=${{matrix.crypto}} -DCMAKE_BUILD_TYPE=Release + CC=${{matrix.cc}} CXX=${{matrix.cc}} cmake -S librustls -B build -DCRYPTO_PROVIDER=${{matrix.crypto}} -DCMAKE_BUILD_TYPE=Release cmake --build build - name: Verify release builds were not using ASAN @@ -154,7 +154,7 @@ jobs: curl -L $LINK/$CARGO_C_FILE | tar xz -C ~/.cargo/bin - name: Setup cmake build - run: cmake -S . -B build -DCMAKE_BUILD_TYPE=Release # No ASAN w/ Valgrind + run: cmake -S librustls -B build -DCMAKE_BUILD_TYPE=Release # No ASAN w/ Valgrind - run: VALGRIND=valgrind cmake --build build --target integration-test @@ -186,7 +186,7 @@ jobs: cmake \ -DFIPS=true \ -DCMAKE_BUILD_TYPE=Release \ - -S . -B build + -S librustls -B build - name: Integration tests run: cmake --build build --target integration-test @@ -236,7 +236,7 @@ jobs: powershell -Command "Expand-Archive -Path cargo-c-windows-msvc.zip -DestinationPath $env:USERPROFILE\\.cargo\\bin -Force" - name: Configure CMake - run: cmake -DCRYPTO_PROVIDER="${{ matrix.crypto }}" -DCERT_COMPRESSION="${{ matrix.cert_compression }}" -DDYN_LINK="${{ matrix.dyn_link }}" -S . -B build + run: cmake -DCRYPTO_PROVIDER="${{ matrix.crypto }}" -DCERT_COMPRESSION="${{ matrix.cert_compression }}" -DDYN_LINK="${{ matrix.dyn_link }}" -S librustls -B build - name: Build run: cmake --build build --config "${{ matrix.config }}" @@ -246,6 +246,9 @@ jobs: ensure-header-updated: runs-on: ubuntu-latest + defaults: + run: + working-directory: librustls steps: - uses: actions/checkout@v4 with: @@ -323,7 +326,7 @@ jobs: run: pip install gersemi - name: Setup cmake build - run: cmake -S . -B build + run: cmake -S librustls -B build - name: Check formatting run: cmake --build build --target format-check @@ -387,7 +390,7 @@ jobs: persist-credentials: false - name: Clang tidy - run: clang-tidy tests/*.c -- -I src/ + run: clang-tidy librustls/tests/*.c -- -I librustls/src/ miri: name: Miri diff --git a/.gitignore b/.gitignore index 11b3a029..b675f021 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,6 @@ target /build +librustls/cmake-build* .idea .venv -.vs \ No newline at end of file +.vs diff --git a/Cargo.lock b/Cargo.lock index 1a0ea319..a4a8518d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4,24 +4,24 @@ version = 3 [[package]] name = "addr2line" -version = "0.22.0" +version = "0.24.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e4503c46a5c0c7844e948c9a4d6acd9f50cccb4de1c48eb9e291ea17470c678" +checksum = "dfbe277e56a376000877090da837660b4427aad530e3028d44e0bffe4f89a1c1" dependencies = [ "gimli", ] [[package]] -name = "adler" -version = "1.0.2" +name = "adler2" +version = "2.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" +checksum = "512761e0bb2578dd7380c6baaa0f4ce03e84f95e960231d1dec8bf4d7d6e2627" [[package]] name = "aho-corasick" -version = "1.1.1" +version = "1.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ea5d730647d4fadd988536d06fecce94b7b4f2a7efdae548f1cf4b63205518ab" +checksum = "8e60d3430d3a69478ad0993f19238d2df97c507009a52b3c10addcd7f6bcb916" dependencies = [ "memchr", ] @@ -71,15 +71,15 @@ checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0" [[package]] name = "autocfg" -version = "1.2.0" +version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f1fdabc7756949593fe60f30ec81974b613357de856987752631dea1e3394c80" +checksum = "ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26" [[package]] name = "aws-lc-fips-sys" -version = "0.12.13" +version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bf12b67bc9c5168f68655aadb2a12081689a58f1d9b1484705e4d1810ed6e4ac" +checksum = "59057b878509d88952425fe694a2806e468612bde2d71943f3cd8034935b5032" dependencies = [ "bindgen", "cc", @@ -88,26 +88,26 @@ dependencies = [ "fs_extra", "libc", "paste", + "regex", ] [[package]] name = "aws-lc-rs" -version = "1.9.0" +version = "1.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2f95446d919226d587817a7d21379e6eb099b97b45110a7f272a444ca5c54070" +checksum = "f409eb70b561706bf8abba8ca9c112729c481595893fd06a2dd9af8ed8441148" dependencies = [ "aws-lc-fips-sys", "aws-lc-sys", - "mirai-annotations", "paste", "zeroize", ] [[package]] name = "aws-lc-sys" -version = "0.21.1" +version = "0.24.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "234314bd569802ec87011d653d6815c6d7b9ffb969e9fee5b8b20ef860e8dce9" +checksum = "8478a5c29ead3f3be14aff8a202ad965cf7da6856860041bfca271becf8ba48b" dependencies = [ "bindgen", "cc", @@ -120,24 +120,24 @@ dependencies = [ [[package]] name = "backtrace" -version = "0.3.73" +version = "0.3.74" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5cc23269a4f8976d0a4d2e7109211a419fe30e8d88d677cd60b6bc79c5732e0a" +checksum = "8d82cb332cdfaed17ae235a638438ac4d4839913cc2af585c3c6746e8f8bee1a" dependencies = [ "addr2line", - "cc", "cfg-if", "libc", "miniz_oxide", "object", "rustc-demangle", + "windows-targets 0.52.6", ] [[package]] name = "bindgen" -version = "0.69.4" +version = "0.69.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a00dc851838a2120612785d195287475a3ac45514741da670b735818822129a0" +checksum = "271383c67ccabffb7381723dea0672a673f292304fcb45c01cc648c7a8d58088" dependencies = [ "bitflags", "cexpr", @@ -197,15 +197,15 @@ checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" [[package]] name = "bytes" -version = "1.6.0" +version = "1.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "514de17de45fdb8dc022b1a7975556c53c86f9f0aa5f534b98977b171857c2c9" +checksum = "325918d6fe32f23b19878fe4b34794ae41fc19ddbe53b10571a4874d44ffd39b" [[package]] name = "cc" -version = "1.1.18" +version = "1.2.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b62ac837cdb5cb22e10a256099b4fc502b1dfe560cb282963a974d7abd80e476" +checksum = "c31a0499c1dc64f458ad13872de75c0eb7e3fdb0e67964610c914b034fc5956e" dependencies = [ "jobserver", "libc", @@ -246,18 +246,18 @@ dependencies = [ [[package]] name = "cmake" -version = "0.1.50" +version = "0.1.52" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a31c789563b815f77f4250caee12365734369f942439b7defd71e18a48197130" +checksum = "c682c223677e0e5b6b7f63a64b9351844c3f1b1678a68b7ee617e30fb082620e" dependencies = [ "cc", ] [[package]] name = "combine" -version = "4.6.6" +version = "4.6.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "35ed6e9d84f0b51a7f52daf1c7d71dd136fd7a3f41a8462b8cdb8c78d920fad4" +checksum = "ba5a308b75df32fe02788e748662718f03fde005016435c444eea572398219fd" dependencies = [ "bytes", "memchr", @@ -281,9 +281,9 @@ checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b" [[package]] name = "crossbeam-channel" -version = "0.5.13" +version = "0.5.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "33480d6946193aa8033910124896ca395333cae7e2d1113d1fef6c3272217df2" +checksum = "06ba6d68e24814cb8de6bb986db8222d3a027d15872cabc0d18817bc3c0e4471" dependencies = [ "crossbeam-utils", ] @@ -299,9 +299,9 @@ dependencies = [ [[package]] name = "crossbeam-utils" -version = "0.8.20" +version = "0.8.21" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "22ec99545bb0ed0ea7bb9b8e1e9122ea386ff8a48c0922e43f36d45ab09e0e80" +checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28" [[package]] name = "data-encoding" @@ -322,9 +322,9 @@ dependencies = [ [[package]] name = "dunce" -version = "1.0.4" +version = "1.0.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "56ce8c6da7551ec6c462cbaf3bfbc75131ebbfa1c944aeaa9dab51ca1c5f0c3b" +checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813" [[package]] name = "either" @@ -352,12 +352,12 @@ checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5" [[package]] name = "errno" -version = "0.3.9" +version = "0.3.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "534c5cf6194dfab3db3242765c03bbe257cf92f22b38f6bc0c58d59108a820ba" +checksum = "33d852cb9b869c2a9b3df2f71a3074817f01e1844f839a144f5fcef059a4eb5d" dependencies = [ "libc", - "windows-sys 0.52.0", + "windows-sys 0.59.0", ] [[package]] @@ -429,9 +429,9 @@ dependencies = [ [[package]] name = "getrandom" -version = "0.2.11" +version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fe9006bed769170c11f845cf00c7c1e9092aeb3f268e007c3e760ac68008070f" +checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7" dependencies = [ "cfg-if", "libc", @@ -440,9 +440,9 @@ dependencies = [ [[package]] name = "gimli" -version = "0.29.0" +version = "0.31.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "40ecd4077b5ae9fd2e9e169b102c6c330d0605168eb0e8bf79952b256dbefffd" +checksum = "07e28edb80900c19c28f1072f2e8aeca7fa06b23cd4169cefe1af5aa3260783f" [[package]] name = "glob" @@ -462,7 +462,7 @@ dependencies = [ "futures-core", "futures-sink", "http", - "indexmap 2.6.0", + "indexmap 2.7.0", "slab", "tokio", "tokio-util", @@ -487,12 +487,6 @@ version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" -[[package]] -name = "hermit-abi" -version = "0.3.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d231dfb89cfffdbc30e7fc41579ed6066ad03abda9e567ccafae602b97ec5024" - [[package]] name = "hickory-proto" version = "0.25.0-alpha.4" @@ -515,7 +509,7 @@ dependencies = [ "once_cell", "rand", "rustls", - "thiserror 2.0.6", + "thiserror 2.0.8", "tinyvec", "tokio", "tokio-rustls", @@ -541,7 +535,7 @@ dependencies = [ "resolv-conf", "rustls", "smallvec", - "thiserror 2.0.6", + "thiserror 2.0.8", "tokio", "tokio-rustls", "tracing", @@ -550,11 +544,11 @@ dependencies = [ [[package]] name = "home" -version = "0.5.9" +version = "0.5.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e3d1354bf6b7235cb4a0576c2619fd4ed18183f689b12b006a0ee7329eeff9a5" +checksum = "589533453244b0995c858700322199b2becb13b627df2851f64a2775d024abcf" dependencies = [ - "windows-sys 0.52.0", + "windows-sys 0.59.0", ] [[package]] @@ -570,9 +564,9 @@ dependencies = [ [[package]] name = "http" -version = "1.1.0" +version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "21b9ddb458710bc376481b842f5da65cdf31522de232c1ca8146abce2a358258" +checksum = "f16ca2af56261c99fba8bac40a10251ce8188205a4c448fbb745a2e4daa76fea" dependencies = [ "bytes", "fnv", @@ -730,9 +724,9 @@ dependencies = [ [[package]] name = "indexmap" -version = "2.6.0" +version = "2.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "707907fe3c25f5424cce2cb7e1cbcafee6bdbe735ca90ef77c29e84591e5b9da" +checksum = "62f822373a4fe84d4bb149bf54e584a7f4abec90e072ed49cda0edea5b95471f" dependencies = [ "equivalent", "hashbrown 0.15.2", @@ -782,7 +776,7 @@ dependencies = [ "combine", "jni-sys", "log", - "thiserror 1.0.58", + "thiserror 1.0.69", "walkdir", "windows-sys 0.45.0", ] @@ -795,9 +789,9 @@ checksum = "8eaf4bc02d17cbdd7ff4c7438cafcdf7fb9a4613313ad11b4f8fefe7d3fa0130" [[package]] name = "jobserver" -version = "0.1.31" +version = "0.1.32" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d2b099aaa34a9751c5bf0878add70444e1ed2dd73f347be99003d4577277de6e" +checksum = "48d1dbcbbeb6a7fec7e059840aa538bd62aaccf972c7346c4d9d2059312853d0" dependencies = [ "libc", ] @@ -826,18 +820,18 @@ checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" [[package]] name = "libc" -version = "0.2.168" +version = "0.2.169" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5aaeb2981e0606ca11d79718f8bb01164f1d6ed75080182d3abf017e6d244b6d" +checksum = "b5aba8db14291edd000dfcc4d620c7ebfb122c613afb886ca8803fa4e128a20a" [[package]] name = "libloading" -version = "0.8.4" +version = "0.8.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e310b3a6b5907f99202fcdb4960ff45b93735d7c7d96b760fcff8db2dc0e103d" +checksum = "fc2f4eb4bc735547cfed7c0a4922cbd04a4655978c09b54f1f7b228750664c34" dependencies = [ "cfg-if", - "windows-targets 0.52.4", + "windows-targets 0.52.6", ] [[package]] @@ -876,9 +870,9 @@ checksum = "ffbee8634e0d45d258acb448e7eaab3fce7a0a467395d4d9f228e3c1f01fb2e4" [[package]] name = "memchr" -version = "2.6.4" +version = "2.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f665ee40bc4a3c5590afb1e9677db74a508659dfd71e126420da8274909a0167" +checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" [[package]] name = "minimal-lexical" @@ -888,31 +882,24 @@ checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" [[package]] name = "miniz_oxide" -version = "0.7.4" +version = "0.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b8a240ddb74feaf34a79a7add65a741f3167852fba007066dcac1ca548d89c08" +checksum = "4ffbe83022cedc1d264172192511ae958937694cd57ce297164951b8b3568394" dependencies = [ - "adler", + "adler2", ] [[package]] name = "mio" -version = "1.0.2" +version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "80e04d1dcff3aae0704555fe5fee3bcfaf3d1fdf8a7e521d5b9d2b42acb52cec" +checksum = "2886843bf800fba2e3377cff24abf6379b4c4d5c6681eaf9ea5b0d15090450bd" dependencies = [ - "hermit-abi", "libc", "wasi", "windows-sys 0.52.0", ] -[[package]] -name = "mirai-annotations" -version = "1.12.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c9be0862c1b3f26a88803c4a49de6889c10e608b3ee9344e6ef5b45fb37ad3d1" - [[package]] name = "moka" version = "0.12.8" @@ -928,7 +915,7 @@ dependencies = [ "rustc_version", "smallvec", "tagptr", - "thiserror 1.0.58", + "thiserror 1.0.69", "triomphe", "uuid", ] @@ -993,7 +980,7 @@ dependencies = [ "libc", "redox_syscall", "smallvec", - "windows-targets 0.52.4", + "windows-targets 0.52.6", ] [[package]] @@ -1031,9 +1018,9 @@ dependencies = [ [[package]] name = "prettyplease" -version = "0.2.17" +version = "0.2.25" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8d3928fb5db768cb86f891ff014f0144589297e3c6a1aba6ed7cecfdace270c7" +checksum = "64d1ec885c64d0457d564db4ec299b2dae3f9c02808b8ad9c3a089c591b18033" dependencies = [ "proc-macro2", "syn", @@ -1071,9 +1058,9 @@ checksum = "a1d01941d82fa2ab50be1e79e6714289dd7cde78eba4c074bc5a4374f650dfe0" [[package]] name = "quote" -version = "1.0.35" +version = "1.0.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "291ec9ab5efd934aaf503a6466c5d5251535d108ee747472c3977cc5acc868ef" +checksum = "b5b9d34b8991d19d98081b46eacdd8eb58c6f2b201139f7c5f643cc155a633af" dependencies = [ "proc-macro2", ] @@ -1119,18 +1106,18 @@ dependencies = [ [[package]] name = "redox_syscall" -version = "0.5.7" +version = "0.5.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9b6dfecf2c74bce2466cabf93f6664d6998a69eb21e39f4207930065b27b771f" +checksum = "03a862b389f93e68874fbf580b9de08dd02facb9a788ebadaf4a3fd33cf58834" dependencies = [ "bitflags", ] [[package]] name = "regex" -version = "1.9.6" +version = "1.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ebee201405406dbf528b8b672104ae6d6d63e6d118cb10e4d51abbc7b58044ff" +checksum = "b544ef1b4eac5dc2db33ea63606ae9ffcfac26c1416a2806ae0bf5f56b201191" dependencies = [ "aho-corasick", "memchr", @@ -1140,9 +1127,9 @@ dependencies = [ [[package]] name = "regex-automata" -version = "0.3.9" +version = "0.4.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "59b23e92ee4318893fa3fe3e6fb365258efbfe6ac6ab30f090cdcbb7aa37efa9" +checksum = "809e8dc61f6de73b46c85f4c96486310fe304c434cfa43669d7b40f711150908" dependencies = [ "aho-corasick", "memchr", @@ -1151,9 +1138,9 @@ dependencies = [ [[package]] name = "regex-syntax" -version = "0.7.5" +version = "0.8.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dbb5fb1acd8a1a18b3dd5be62d25485eb770e05afb408a9627d14d451bae12da" +checksum = "2b15c43186be67a4fd63bee50d0303afffcef381492ebe2c5d87f324e1b8815c" [[package]] name = "resolv-conf" @@ -1167,16 +1154,17 @@ dependencies = [ [[package]] name = "ring" -version = "0.17.5" +version = "0.17.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fb0205304757e5d899b9c2e448b867ffd03ae7f988002e47cd24954391394d0b" +checksum = "c17fa4cb658e3583423e915b9f3acc01cceaee1860e33d59ebae66adc3a2dc0d" dependencies = [ "cc", + "cfg-if", "getrandom", "libc", "spin", "untrusted", - "windows-sys 0.48.0", + "windows-sys 0.52.0", ] [[package]] @@ -1202,22 +1190,22 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.34" +version = "0.38.42" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "70dc5ec042f7a43c4a73241207cecc9873a06d45debb38b329f8541d85c2730f" +checksum = "f93dc38ecbab2eb790ff964bb77fa94faf256fd3e73285fd7ba0903b76bedb85" dependencies = [ "bitflags", "errno", "libc", "linux-raw-sys", - "windows-sys 0.52.0", + "windows-sys 0.59.0", ] [[package]] name = "rustls" -version = "0.23.18" +version = "0.23.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9c9cc1d47e243d655ace55ed38201c19ae02c148ae56412ab8750e8f0166ab7f" +checksum = "5065c3f250cbd332cd894be57c40fa52387247659b14a2d6041d121547903b1b" dependencies = [ "aws-lc-rs", "brotli", @@ -1264,9 +1252,9 @@ dependencies = [ [[package]] name = "rustls-pki-types" -version = "1.10.0" +version = "1.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "16f1201b3c9a7ee8039bcadc17b7e605e2945b27eee7631788c1bd2b0643674b" +checksum = "d2bf47e6ff922db3825eb750c4e2ff784c6ff8fb9e13046ef6a1d1c5401b0b37" [[package]] name = "rustls-platform-verifier" @@ -1309,9 +1297,9 @@ dependencies = [ [[package]] name = "rustversion" -version = "1.0.14" +version = "1.0.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7ffc183a10b4478d04cbbbfc96d0873219d962dd5accaff2ffbd4ceb7df837f4" +checksum = "0e819f2bc632f285be6d7cd36e25940d45b2391dd6d9b939e79de557f7014248" [[package]] name = "same-file" @@ -1324,11 +1312,11 @@ dependencies = [ [[package]] name = "schannel" -version = "0.1.23" +version = "0.1.27" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fbc91545643bcf3a0bbb6569265615222618bdf33ce4ffbbd13c4bbd4c093534" +checksum = "1f29ebaa345f945cec9fbbc532eb307f0fdad8161f281b6369539c8d84876b3d" dependencies = [ - "windows-sys 0.52.0", + "windows-sys 0.59.0", ] [[package]] @@ -1368,18 +1356,18 @@ checksum = "3cb6eb87a131f756572d7fb904f6e7b68633f09cca868c5df1c4b8d1a694bbba" [[package]] name = "serde" -version = "1.0.203" +version = "1.0.216" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7253ab4de971e72fb7be983802300c30b5a7f0c2e56fab8abfc6a214307c0094" +checksum = "0b9781016e935a97e8beecf0c933758c97a5520d32930e460142b4cd80c6338e" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.203" +version = "1.0.216" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "500cbc0ebeb6f46627f50f3f5811ccf6bf00643be300b4c3eabc0ef55dc5b5ba" +checksum = "46f859dbbf73865c6627ed570e78961cd3ac92407a2d117204c49232485da55e" dependencies = [ "proc-macro2", "quote", @@ -1388,9 +1376,9 @@ dependencies = [ [[package]] name = "serde_spanned" -version = "0.6.0" +version = "0.6.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2c68e921cef53841b8925c2abadd27c9b891d9613bdc43d6b823062866df38e8" +checksum = "87607cb1398ed59d48732e575a4c28a7a8ebf2454b964fe3f224f2afc07909e1" dependencies = [ "serde", ] @@ -1418,9 +1406,9 @@ checksum = "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67" [[package]] name = "socket2" -version = "0.5.7" +version = "0.5.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ce305eb0b4296696835b71df73eb912e0f1ffd2556a501fcede6e0c50349191c" +checksum = "c970269d99b64e60ec3bd6ad27270092a5394c4e309314b18ae3fe575695fbe8" dependencies = [ "libc", "windows-sys 0.52.0", @@ -1440,9 +1428,9 @@ checksum = "a8f112729512f8e442d81f95a8a7ddf2b7c6b8a1a6f509a95864142b30cab2d3" [[package]] name = "subtle" -version = "2.5.0" +version = "2.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" +checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" [[package]] name = "syn" @@ -1474,27 +1462,27 @@ checksum = "7b2093cf4c8eb1e67749a6762251bc9cd836b6fc171623bd0a9d324d37af2417" [[package]] name = "thiserror" -version = "1.0.58" +version = "1.0.69" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "03468839009160513471e86a034bb2c5c0e4baae3b43f79ffc55c4a5427b3297" +checksum = "b6aaf5339b578ea85b50e080feb250a3e8ae8cfcdff9a461c9ec2904bc923f52" dependencies = [ - "thiserror-impl 1.0.58", + "thiserror-impl 1.0.69", ] [[package]] name = "thiserror" -version = "2.0.6" +version = "2.0.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8fec2a1820ebd077e2b90c4df007bebf344cd394098a13c563957d0afc83ea47" +checksum = "08f5383f3e0071702bf93ab5ee99b52d26936be9dedd9413067cbdcddcb6141a" dependencies = [ - "thiserror-impl 2.0.6", + "thiserror-impl 2.0.8", ] [[package]] name = "thiserror-impl" -version = "1.0.58" +version = "1.0.69" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c61f3ba182994efc43764a46c018c347bc492c79f024e705f46567b418f6d4f7" +checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1" dependencies = [ "proc-macro2", "quote", @@ -1503,9 +1491,9 @@ dependencies = [ [[package]] name = "thiserror-impl" -version = "2.0.6" +version = "2.0.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d65750cab40f4ff1929fb1ba509e9914eb756131cef4210da8d5d700d26f6312" +checksum = "f2f357fcec90b3caef6623a099691be676d033b40a058ac95d2a6ade6fa0c943" dependencies = [ "proc-macro2", "quote", @@ -1566,20 +1554,19 @@ dependencies = [ [[package]] name = "tokio-rustls" -version = "0.26.0" +version = "0.26.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c7bc40d0e5a97695bb96e27995cd3a08538541b0a846f65bba7a359f36700d4" +checksum = "5f6d0975eaace0cf0fcadee4e4aaa5da15b5c079146f2cffb67c113be122bf37" dependencies = [ "rustls", - "rustls-pki-types", "tokio", ] [[package]] name = "tokio-util" -version = "0.7.12" +version = "0.7.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "61e7c3654c13bcd040d4a03abee2c75b1d14a37b423cf5a813ceae1cc903ec6a" +checksum = "d7fcaa8d55a2bdd6b83ace262b016eca0d79ee02818c5c1bcdf0305114081078" dependencies = [ "bytes", "futures-core", @@ -1624,9 +1611,9 @@ dependencies = [ [[package]] name = "tracing" -version = "0.1.40" +version = "0.1.41" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c3523ab5a71916ccf420eebdf5521fcef02141234bbc0b8a49f2fdc4544364ef" +checksum = "784e0ac535deb450455cbfa28a6f0df145ea1bb7ae51b821cf5e7927fdcfbdd0" dependencies = [ "pin-project-lite", "tracing-attributes", @@ -1661,9 +1648,9 @@ checksum = "859eb650cfee7434994602c3a68b25d77ad9e68c8a6cd491616ef86661382eb3" [[package]] name = "unicode-ident" -version = "1.0.12" +version = "1.0.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" +checksum = "adb9e6ca4f869e1180728b7950e35922a7fc6397f7b641499e8f3ef06e50dc83" [[package]] name = "untrusted" @@ -1785,9 +1772,9 @@ dependencies = [ [[package]] name = "webpki-root-certs" -version = "0.26.6" +version = "0.26.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e8c6dfa3ac045bc517de14c7b1384298de1dbd229d38e08e169d9ae8c170937c" +checksum = "9cd5da49bdf1f30054cfe0b8ce2958b8fbeb67c4d82c8967a598af481bef255c" dependencies = [ "rustls-pki-types", ] @@ -1837,11 +1824,11 @@ checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" [[package]] name = "winapi-util" -version = "0.1.6" +version = "0.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f29e6f9198ba0d26b4c9f07dbe6f9ed633e1f3d5b8b414090084349e46a52596" +checksum = "cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb" dependencies = [ - "winapi", + "windows-sys 0.59.0", ] [[package]] @@ -1874,7 +1861,16 @@ version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" dependencies = [ - "windows-targets 0.52.4", + "windows-targets 0.52.6", +] + +[[package]] +name = "windows-sys" +version = "0.59.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b" +dependencies = [ + "windows-targets 0.52.6", ] [[package]] @@ -1909,17 +1905,18 @@ dependencies = [ [[package]] name = "windows-targets" -version = "0.52.4" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7dd37b7e5ab9018759f893a1952c9420d060016fc19a472b4bb20d1bdd694d1b" +checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973" dependencies = [ - "windows_aarch64_gnullvm 0.52.4", - "windows_aarch64_msvc 0.52.4", - "windows_i686_gnu 0.52.4", - "windows_i686_msvc 0.52.4", - "windows_x86_64_gnu 0.52.4", - "windows_x86_64_gnullvm 0.52.4", - "windows_x86_64_msvc 0.52.4", + "windows_aarch64_gnullvm 0.52.6", + "windows_aarch64_msvc 0.52.6", + "windows_i686_gnu 0.52.6", + "windows_i686_gnullvm", + "windows_i686_msvc 0.52.6", + "windows_x86_64_gnu 0.52.6", + "windows_x86_64_gnullvm 0.52.6", + "windows_x86_64_msvc 0.52.6", ] [[package]] @@ -1936,9 +1933,9 @@ checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" [[package]] name = "windows_aarch64_gnullvm" -version = "0.52.4" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bcf46cf4c365c6f2d1cc93ce535f2c8b244591df96ceee75d8e83deb70a9cac9" +checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" [[package]] name = "windows_aarch64_msvc" @@ -1954,9 +1951,9 @@ checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" [[package]] name = "windows_aarch64_msvc" -version = "0.52.4" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "da9f259dd3bcf6990b55bffd094c4f7235817ba4ceebde8e6d11cd0c5633b675" +checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" [[package]] name = "windows_i686_gnu" @@ -1972,9 +1969,15 @@ checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" [[package]] name = "windows_i686_gnu" -version = "0.52.4" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b474d8268f99e0995f25b9f095bc7434632601028cf86590aea5c8a5cb7801d3" +checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" [[package]] name = "windows_i686_msvc" @@ -1990,9 +1993,9 @@ checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" [[package]] name = "windows_i686_msvc" -version = "0.52.4" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1515e9a29e5bed743cb4415a9ecf5dfca648ce85ee42e15873c3cd8610ff8e02" +checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" [[package]] name = "windows_x86_64_gnu" @@ -2008,9 +2011,9 @@ checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" [[package]] name = "windows_x86_64_gnu" -version = "0.52.4" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5eee091590e89cc02ad514ffe3ead9eb6b660aedca2183455434b93546371a03" +checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" [[package]] name = "windows_x86_64_gnullvm" @@ -2026,9 +2029,9 @@ checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" [[package]] name = "windows_x86_64_gnullvm" -version = "0.52.4" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "77ca79f2451b49fa9e2af39f0747fe999fcda4f5e241b2898624dca97a1f2177" +checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" [[package]] name = "windows_x86_64_msvc" @@ -2044,9 +2047,9 @@ checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" [[package]] name = "windows_x86_64_msvc" -version = "0.52.4" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "32b752e52a2da0ddfbdbcc6fceadfeede4c939ed16d13e648833a61dfb611ed8" +checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" [[package]] name = "winreg" @@ -2138,9 +2141,9 @@ dependencies = [ [[package]] name = "zeroize" -version = "1.7.0" +version = "1.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d" +checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde" [[package]] name = "zerovec" @@ -2166,6 +2169,6 @@ dependencies = [ [[package]] name = "zlib-rs" -version = "0.4.0" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2ca4a9dc6566c9224cc161dedc5577bd81f4a9ee0f9fbe80592756d096b07ee5" +checksum = "aada01553a9312bad4b9569035a1f12b05e5ec9770a1a4b323757356928944f8" diff --git a/Cargo.toml b/Cargo.toml index a4bc763f..1f915ed8 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,72 +1,10 @@ -[package] -name = "rustls-ffi" -version = "0.15.0" -license = "Apache-2.0 OR ISC OR MIT" -readme = "README-crates.io.md" -description = "Rustls bindings for non-Rust languages" -homepage = "https://github.com/rustls/rustls-ffi" -repository = "https://github.com/rustls/rustls-ffi" -categories = ["network-programming", "cryptography"] -edition = "2021" -links = "rustls_ffi" -rust-version = "1.71" - -[features] -default = ["aws-lc-rs"] -# Enable this feature when building as Rust dependency. It inhibits the -# default behavior of capturing the global logger, which only works when -# built using the Makefile, which passes -C metadata=rustls-ffi to avoid -# interfering with copies of the global logger brought in by other Rust -# libraries. -no_log_capture = [] -read_buf = ["rustls/read_buf"] -capi = [] -ring = ["rustls/ring", "webpki/ring"] -aws-lc-rs = ["rustls/aws-lc-rs", "webpki/aws_lc_rs"] -cert_compression = ["rustls/brotli", "rustls/zlib"] -fips = ["aws-lc-rs", "rustls/fips"] - -[dependencies] -# Keep in sync with RUSTLS_CRATE_VERSION in build.rs -rustls = { version = "0.23.18", default-features = false, features = ["std", "tls12"] } -pki-types = { package = "rustls-pki-types", version = "1.10", features = ["std"] } -webpki = { package = "rustls-webpki", version = "0.102.0", default-features = false, features = ["std"] } -libc = "0.2" -log = "0.4.22" -rustls-platform-verifier = "0.5" -rand = "0.8" - -[lib] -name = "rustls_ffi" -crate-type = ["lib", "staticlib"] - -[dev-dependencies] -regex = "1.9.6" -toml = { version = "0.6.0", default-features = false, features = ["parse"] } -hickory-resolver = { version = "=0.25.0-alpha.4", features = ["dns-over-https-rustls", "webpki-roots"] } -tokio = { version = "1.42.0", features = ["io-util", "macros", "net", "rt"] } - -[package.metadata.capi.header] -name = "rustls" -subdirectory = false -generation = false # Prefer a vendored .h - -[package.metadata.capi.library] -name = "rustls" -version_suffix_components = 3 -rustflags = "-Cmetadata=rustls-ffi" - -[package.metadata.capi.pkg_config] -name = "rustls" -filename = "rustls" - -[package.metadata.capi.install.include] -asset = [{ from = "src/rustls.h", to = "" }] - -# The ech_fetch test is a utility to fetch ECH configurations from DNS -# to use with the client.c example. We disable the harness to be able -# to parse CLI args. -[[test]] -name = "ech_fetch" -harness = false -test = false \ No newline at end of file +[workspace] +members = [ + # FFI bindings for Rustls + "librustls" +] + +default-members = [ + "librustls", +] +resolver = "2" diff --git a/CMakeLists.txt b/librustls/CMakeLists.txt similarity index 100% rename from CMakeLists.txt rename to librustls/CMakeLists.txt diff --git a/librustls/Cargo.lock b/librustls/Cargo.lock new file mode 100644 index 00000000..1a0ea319 --- /dev/null +++ b/librustls/Cargo.lock @@ -0,0 +1,2171 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 3 + +[[package]] +name = "addr2line" +version = "0.22.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6e4503c46a5c0c7844e948c9a4d6acd9f50cccb4de1c48eb9e291ea17470c678" +dependencies = [ + "gimli", +] + +[[package]] +name = "adler" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" + +[[package]] +name = "aho-corasick" +version = "1.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ea5d730647d4fadd988536d06fecce94b7b4f2a7efdae548f1cf4b63205518ab" +dependencies = [ + "memchr", +] + +[[package]] +name = "alloc-no-stdlib" +version = "2.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cc7bb162ec39d46ab1ca8c77bf72e890535becd1751bb45f64c597edb4c8c6b3" + +[[package]] +name = "alloc-stdlib" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "94fb8275041c72129eb51b7d0322c29b8387a0386127718b096429201a5d6ece" +dependencies = [ + "alloc-no-stdlib", +] + +[[package]] +name = "async-recursion" +version = "1.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3b43422f69d8ff38f95f1b2bb76517c91589a924d1559a0e935d7c8ce0274c11" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "async-trait" +version = "0.1.83" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "721cae7de5c34fbb2acd27e21e6d2cf7b886dce0c27388d46c4e6c47ea4318dd" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "atomic-waker" +version = "1.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0" + +[[package]] +name = "autocfg" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f1fdabc7756949593fe60f30ec81974b613357de856987752631dea1e3394c80" + +[[package]] +name = "aws-lc-fips-sys" +version = "0.12.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bf12b67bc9c5168f68655aadb2a12081689a58f1d9b1484705e4d1810ed6e4ac" +dependencies = [ + "bindgen", + "cc", + "cmake", + "dunce", + "fs_extra", + "libc", + "paste", +] + +[[package]] +name = "aws-lc-rs" +version = "1.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2f95446d919226d587817a7d21379e6eb099b97b45110a7f272a444ca5c54070" +dependencies = [ + "aws-lc-fips-sys", + "aws-lc-sys", + "mirai-annotations", + "paste", + "zeroize", +] + +[[package]] +name = "aws-lc-sys" +version = "0.21.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "234314bd569802ec87011d653d6815c6d7b9ffb969e9fee5b8b20ef860e8dce9" +dependencies = [ + "bindgen", + "cc", + "cmake", + "dunce", + "fs_extra", + "libc", + "paste", +] + +[[package]] +name = "backtrace" +version = "0.3.73" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5cc23269a4f8976d0a4d2e7109211a419fe30e8d88d677cd60b6bc79c5732e0a" +dependencies = [ + "addr2line", + "cc", + "cfg-if", + "libc", + "miniz_oxide", + "object", + "rustc-demangle", +] + +[[package]] +name = "bindgen" +version = "0.69.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a00dc851838a2120612785d195287475a3ac45514741da670b735818822129a0" +dependencies = [ + "bitflags", + "cexpr", + "clang-sys", + "itertools", + "lazy_static", + "lazycell", + "log", + "prettyplease", + "proc-macro2", + "quote", + "regex", + "rustc-hash", + "shlex", + "syn", + "which", +] + +[[package]] +name = "bitflags" +version = "2.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b048fb63fd8b5923fc5aa7b340d8e156aec7ec02f0c78fa8a6ddc2613f6f71de" + +[[package]] +name = "brotli" +version = "7.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cc97b8f16f944bba54f0433f07e30be199b6dc2bd25937444bbad560bcea29bd" +dependencies = [ + "alloc-no-stdlib", + "alloc-stdlib", + "brotli-decompressor", +] + +[[package]] +name = "brotli-decompressor" +version = "4.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9a45bd2e4095a8b518033b128020dd4a55aab1c0a381ba4404a472630f4bc362" +dependencies = [ + "alloc-no-stdlib", + "alloc-stdlib", +] + +[[package]] +name = "bumpalo" +version = "3.16.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "79296716171880943b8470b5f8d03aa55eb2e645a4874bdbb28adb49162e012c" + +[[package]] +name = "byteorder" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" + +[[package]] +name = "bytes" +version = "1.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "514de17de45fdb8dc022b1a7975556c53c86f9f0aa5f534b98977b171857c2c9" + +[[package]] +name = "cc" +version = "1.1.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b62ac837cdb5cb22e10a256099b4fc502b1dfe560cb282963a974d7abd80e476" +dependencies = [ + "jobserver", + "libc", + "shlex", +] + +[[package]] +name = "cesu8" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6d43a04d8753f35258c91f8ec639f792891f748a1edbd759cf1dcea3382ad83c" + +[[package]] +name = "cexpr" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766" +dependencies = [ + "nom", +] + +[[package]] +name = "cfg-if" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" + +[[package]] +name = "clang-sys" +version = "1.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4" +dependencies = [ + "glob", + "libc", + "libloading", +] + +[[package]] +name = "cmake" +version = "0.1.50" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a31c789563b815f77f4250caee12365734369f942439b7defd71e18a48197130" +dependencies = [ + "cc", +] + +[[package]] +name = "combine" +version = "4.6.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "35ed6e9d84f0b51a7f52daf1c7d71dd136fd7a3f41a8462b8cdb8c78d920fad4" +dependencies = [ + "bytes", + "memchr", +] + +[[package]] +name = "core-foundation" +version = "0.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b55271e5c8c478ad3f38ad24ef34923091e0548492a266d19b3c0b4d82574c63" +dependencies = [ + "core-foundation-sys", + "libc", +] + +[[package]] +name = "core-foundation-sys" +version = "0.8.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b" + +[[package]] +name = "crossbeam-channel" +version = "0.5.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "33480d6946193aa8033910124896ca395333cae7e2d1113d1fef6c3272217df2" +dependencies = [ + "crossbeam-utils", +] + +[[package]] +name = "crossbeam-epoch" +version = "0.9.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5b82ac4a3c2ca9c3460964f020e1402edd5753411d7737aa39c3714ad1b5420e" +dependencies = [ + "crossbeam-utils", +] + +[[package]] +name = "crossbeam-utils" +version = "0.8.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "22ec99545bb0ed0ea7bb9b8e1e9122ea386ff8a48c0922e43f36d45ab09e0e80" + +[[package]] +name = "data-encoding" +version = "2.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e8566979429cf69b49a5c740c60791108e86440e8be149bbea4fe54d2c32d6e2" + +[[package]] +name = "displaydoc" +version = "0.2.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "dunce" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "56ce8c6da7551ec6c462cbaf3bfbc75131ebbfa1c944aeaa9dab51ca1c5f0c3b" + +[[package]] +name = "either" +version = "1.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "60b1af1c220855b6ceac025d3f6ecdd2b7c4894bfe9cd9bda4fbb4bc7c0d4cf0" + +[[package]] +name = "enum-as-inner" +version = "0.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a1e6a265c649f3f5979b601d26f1d05ada116434c87741c9493cb56218f76cbc" +dependencies = [ + "heck", + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "equivalent" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5" + +[[package]] +name = "errno" +version = "0.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "534c5cf6194dfab3db3242765c03bbe257cf92f22b38f6bc0c58d59108a820ba" +dependencies = [ + "libc", + "windows-sys 0.52.0", +] + +[[package]] +name = "fnv" +version = "1.0.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" + +[[package]] +name = "form_urlencoded" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e13624c2627564efccf4934284bdd98cbaa14e79b0b5a141218e507b3a823456" +dependencies = [ + "percent-encoding", +] + +[[package]] +name = "fs_extra" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c" + +[[package]] +name = "futures-channel" +version = "0.3.31" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2dff15bf788c671c1934e366d07e30c1814a8ef514e1af724a602e8a2fbe1b10" +dependencies = [ + "futures-core", +] + +[[package]] +name = "futures-core" +version = "0.3.31" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "05f29059c0c2090612e8d742178b0580d2dc940c837851ad723096f87af6663e" + +[[package]] +name = "futures-io" +version = "0.3.31" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9e5c1b78ca4aae1ac06c48a526a655760685149f0d465d21f37abfe57ce075c6" + +[[package]] +name = "futures-sink" +version = "0.3.31" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e575fab7d1e0dcb8d0c7bcf9a63ee213816ab51902e6d244a95819acacf1d4f7" + +[[package]] +name = "futures-task" +version = "0.3.31" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f90f7dce0722e95104fcb095585910c0977252f286e354b5e3bd38902cd99988" + +[[package]] +name = "futures-util" +version = "0.3.31" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9fa08315bb612088cc391249efdc3bc77536f16c91f6cf495e6fbe85b20a4a81" +dependencies = [ + "futures-core", + "futures-task", + "pin-project-lite", + "pin-utils", + "slab", +] + +[[package]] +name = "getrandom" +version = "0.2.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fe9006bed769170c11f845cf00c7c1e9092aeb3f268e007c3e760ac68008070f" +dependencies = [ + "cfg-if", + "libc", + "wasi", +] + +[[package]] +name = "gimli" +version = "0.29.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "40ecd4077b5ae9fd2e9e169b102c6c330d0605168eb0e8bf79952b256dbefffd" + +[[package]] +name = "glob" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b" + +[[package]] +name = "h2" +version = "0.4.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ccae279728d634d083c00f6099cb58f01cc99c145b84b8be2f6c74618d79922e" +dependencies = [ + "atomic-waker", + "bytes", + "fnv", + "futures-core", + "futures-sink", + "http", + "indexmap 2.6.0", + "slab", + "tokio", + "tokio-util", + "tracing", +] + +[[package]] +name = "hashbrown" +version = "0.12.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888" + +[[package]] +name = "hashbrown" +version = "0.15.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bf151400ff0baff5465007dd2f3e717f3fe502074ca563069ce3a6629d07b289" + +[[package]] +name = "heck" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" + +[[package]] +name = "hermit-abi" +version = "0.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d231dfb89cfffdbc30e7fc41579ed6066ad03abda9e567ccafae602b97ec5024" + +[[package]] +name = "hickory-proto" +version = "0.25.0-alpha.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d063c0692ee669aa6d261988aa19ca5510f1cc40e4f211024f50c888499a35d7" +dependencies = [ + "async-recursion", + "async-trait", + "bytes", + "cfg-if", + "data-encoding", + "enum-as-inner", + "futures-channel", + "futures-io", + "futures-util", + "h2", + "http", + "idna", + "ipnet", + "once_cell", + "rand", + "rustls", + "thiserror 2.0.6", + "tinyvec", + "tokio", + "tokio-rustls", + "tracing", + "url", + "webpki-roots", +] + +[[package]] +name = "hickory-resolver" +version = "0.25.0-alpha.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42bc352e4412fb657e795f79b4efcf2bd60b59ee5ca0187f3554194cd1107a27" +dependencies = [ + "cfg-if", + "futures-util", + "hickory-proto", + "ipconfig", + "moka", + "once_cell", + "parking_lot", + "rand", + "resolv-conf", + "rustls", + "smallvec", + "thiserror 2.0.6", + "tokio", + "tokio-rustls", + "tracing", + "webpki-roots", +] + +[[package]] +name = "home" +version = "0.5.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e3d1354bf6b7235cb4a0576c2619fd4ed18183f689b12b006a0ee7329eeff9a5" +dependencies = [ + "windows-sys 0.52.0", +] + +[[package]] +name = "hostname" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3c731c3e10504cc8ed35cfe2f1db4c9274c3d35fa486e3b31df46f068ef3e867" +dependencies = [ + "libc", + "match_cfg", + "winapi", +] + +[[package]] +name = "http" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "21b9ddb458710bc376481b842f5da65cdf31522de232c1ca8146abce2a358258" +dependencies = [ + "bytes", + "fnv", + "itoa", +] + +[[package]] +name = "icu_collections" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "db2fa452206ebee18c4b5c2274dbf1de17008e874b4dc4f0aea9d01ca79e4526" +dependencies = [ + "displaydoc", + "yoke", + "zerofrom", + "zerovec", +] + +[[package]] +name = "icu_locid" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "13acbb8371917fc971be86fc8057c41a64b521c184808a698c02acc242dbf637" +dependencies = [ + "displaydoc", + "litemap", + "tinystr", + "writeable", + "zerovec", +] + +[[package]] +name = "icu_locid_transform" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "01d11ac35de8e40fdeda00d9e1e9d92525f3f9d887cdd7aa81d727596788b54e" +dependencies = [ + "displaydoc", + "icu_locid", + "icu_locid_transform_data", + "icu_provider", + "tinystr", + "zerovec", +] + +[[package]] +name = "icu_locid_transform_data" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fdc8ff3388f852bede6b579ad4e978ab004f139284d7b28715f773507b946f6e" + +[[package]] +name = "icu_normalizer" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "19ce3e0da2ec68599d193c93d088142efd7f9c5d6fc9b803774855747dc6a84f" +dependencies = [ + "displaydoc", + "icu_collections", + "icu_normalizer_data", + "icu_properties", + "icu_provider", + "smallvec", + "utf16_iter", + "utf8_iter", + "write16", + "zerovec", +] + +[[package]] +name = "icu_normalizer_data" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8cafbf7aa791e9b22bec55a167906f9e1215fd475cd22adfcf660e03e989516" + +[[package]] +name = "icu_properties" +version = "1.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "93d6020766cfc6302c15dbbc9c8778c37e62c14427cb7f6e601d849e092aeef5" +dependencies = [ + "displaydoc", + "icu_collections", + "icu_locid_transform", + "icu_properties_data", + "icu_provider", + "tinystr", + "zerovec", +] + +[[package]] +name = "icu_properties_data" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "67a8effbc3dd3e4ba1afa8ad918d5684b8868b3b26500753effea8d2eed19569" + +[[package]] +name = "icu_provider" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6ed421c8a8ef78d3e2dbc98a973be2f3770cb42b606e3ab18d6237c4dfde68d9" +dependencies = [ + "displaydoc", + "icu_locid", + "icu_provider_macros", + "stable_deref_trait", + "tinystr", + "writeable", + "yoke", + "zerofrom", + "zerovec", +] + +[[package]] +name = "icu_provider_macros" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1ec89e9337638ecdc08744df490b221a7399bf8d164eb52a665454e60e075ad6" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "idna" +version = "1.0.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "686f825264d630750a544639377bae737628043f20d38bbc029e8f29ea968a7e" +dependencies = [ + "idna_adapter", + "smallvec", + "utf8_iter", +] + +[[package]] +name = "idna_adapter" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "daca1df1c957320b2cf139ac61e7bd64fed304c5040df000a745aa1de3b4ef71" +dependencies = [ + "icu_normalizer", + "icu_properties", +] + +[[package]] +name = "indexmap" +version = "1.9.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bd070e393353796e801d209ad339e89596eb4c8d430d18ede6a1cced8fafbd99" +dependencies = [ + "autocfg", + "hashbrown 0.12.3", +] + +[[package]] +name = "indexmap" +version = "2.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "707907fe3c25f5424cce2cb7e1cbcafee6bdbe735ca90ef77c29e84591e5b9da" +dependencies = [ + "equivalent", + "hashbrown 0.15.2", +] + +[[package]] +name = "ipconfig" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b58db92f96b720de98181bbbe63c831e87005ab460c1bf306eb2622b4707997f" +dependencies = [ + "socket2", + "widestring", + "windows-sys 0.48.0", + "winreg", +] + +[[package]] +name = "ipnet" +version = "2.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ddc24109865250148c2e0f3d25d4f0f479571723792d3802153c60922a4fb708" + +[[package]] +name = "itertools" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ba291022dbbd398a455acf126c1e341954079855bc60dfdda641363bd6922569" +dependencies = [ + "either", +] + +[[package]] +name = "itoa" +version = "1.0.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d75a2a4b1b190afb6f5425f10f6a8f959d2ea0b9c2b1d79553551850539e4674" + +[[package]] +name = "jni" +version = "0.21.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1a87aa2bb7d2af34197c04845522473242e1aa17c12f4935d5856491a7fb8c97" +dependencies = [ + "cesu8", + "cfg-if", + "combine", + "jni-sys", + "log", + "thiserror 1.0.58", + "walkdir", + "windows-sys 0.45.0", +] + +[[package]] +name = "jni-sys" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8eaf4bc02d17cbdd7ff4c7438cafcdf7fb9a4613313ad11b4f8fefe7d3fa0130" + +[[package]] +name = "jobserver" +version = "0.1.31" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d2b099aaa34a9751c5bf0878add70444e1ed2dd73f347be99003d4577277de6e" +dependencies = [ + "libc", +] + +[[package]] +name = "js-sys" +version = "0.3.76" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6717b6b5b077764fb5966237269cb3c64edddde4b14ce42647430a78ced9e7b7" +dependencies = [ + "once_cell", + "wasm-bindgen", +] + +[[package]] +name = "lazy_static" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" + +[[package]] +name = "lazycell" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" + +[[package]] +name = "libc" +version = "0.2.168" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5aaeb2981e0606ca11d79718f8bb01164f1d6ed75080182d3abf017e6d244b6d" + +[[package]] +name = "libloading" +version = "0.8.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e310b3a6b5907f99202fcdb4960ff45b93735d7c7d96b760fcff8db2dc0e103d" +dependencies = [ + "cfg-if", + "windows-targets 0.52.4", +] + +[[package]] +name = "linux-raw-sys" +version = "0.4.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89" + +[[package]] +name = "litemap" +version = "0.7.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4ee93343901ab17bd981295f2cf0026d4ad018c7c31ba84549a4ddbb47a45104" + +[[package]] +name = "lock_api" +version = "0.4.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "07af8b9cdd281b7915f413fa73f29ebd5d55d0d3f0155584dade1ff18cea1b17" +dependencies = [ + "autocfg", + "scopeguard", +] + +[[package]] +name = "log" +version = "0.4.22" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a7a70ba024b9dc04c27ea2f0c0548feb474ec5c54bba33a7f72f873a39d07b24" + +[[package]] +name = "match_cfg" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ffbee8634e0d45d258acb448e7eaab3fce7a0a467395d4d9f228e3c1f01fb2e4" + +[[package]] +name = "memchr" +version = "2.6.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f665ee40bc4a3c5590afb1e9677db74a508659dfd71e126420da8274909a0167" + +[[package]] +name = "minimal-lexical" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" + +[[package]] +name = "miniz_oxide" +version = "0.7.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b8a240ddb74feaf34a79a7add65a741f3167852fba007066dcac1ca548d89c08" +dependencies = [ + "adler", +] + +[[package]] +name = "mio" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "80e04d1dcff3aae0704555fe5fee3bcfaf3d1fdf8a7e521d5b9d2b42acb52cec" +dependencies = [ + "hermit-abi", + "libc", + "wasi", + "windows-sys 0.52.0", +] + +[[package]] +name = "mirai-annotations" +version = "1.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c9be0862c1b3f26a88803c4a49de6889c10e608b3ee9344e6ef5b45fb37ad3d1" + +[[package]] +name = "moka" +version = "0.12.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32cf62eb4dd975d2dde76432fb1075c49e3ee2331cf36f1f8fd4b66550d32b6f" +dependencies = [ + "crossbeam-channel", + "crossbeam-epoch", + "crossbeam-utils", + "once_cell", + "parking_lot", + "quanta", + "rustc_version", + "smallvec", + "tagptr", + "thiserror 1.0.58", + "triomphe", + "uuid", +] + +[[package]] +name = "nom" +version = "7.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a" +dependencies = [ + "memchr", + "minimal-lexical", +] + +[[package]] +name = "nom8" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ae01545c9c7fc4486ab7debaf2aad7003ac19431791868fb2e8066df97fad2f8" +dependencies = [ + "memchr", +] + +[[package]] +name = "object" +version = "0.36.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "aedf0a2d09c573ed1d8d85b30c119153926a2b36dce0ab28322c09a117a4683e" +dependencies = [ + "memchr", +] + +[[package]] +name = "once_cell" +version = "1.20.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1261fe7e33c73b354eab43b1273a57c8f967d0391e80353e51f764ac02cf6775" + +[[package]] +name = "openssl-probe" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" + +[[package]] +name = "parking_lot" +version = "0.12.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f1bf18183cf54e8d6059647fc3063646a1801cf30896933ec2311622cc4b9a27" +dependencies = [ + "lock_api", + "parking_lot_core", +] + +[[package]] +name = "parking_lot_core" +version = "0.9.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e401f977ab385c9e4e3ab30627d6f26d00e2c73eef317493c4ec6d468726cf8" +dependencies = [ + "cfg-if", + "libc", + "redox_syscall", + "smallvec", + "windows-targets 0.52.4", +] + +[[package]] +name = "paste" +version = "1.0.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a" + +[[package]] +name = "percent-encoding" +version = "2.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e" + +[[package]] +name = "pin-project-lite" +version = "0.2.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "915a1e146535de9163f3987b8944ed8cf49a18bb0056bcebcdcece385cece4ff" + +[[package]] +name = "pin-utils" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" + +[[package]] +name = "ppv-lite86" +version = "0.2.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77957b295656769bb8ad2b6a6b09d897d94f05c41b069aede1fcdaa675eaea04" +dependencies = [ + "zerocopy", +] + +[[package]] +name = "prettyplease" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8d3928fb5db768cb86f891ff014f0144589297e3c6a1aba6ed7cecfdace270c7" +dependencies = [ + "proc-macro2", + "syn", +] + +[[package]] +name = "proc-macro2" +version = "1.0.92" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "37d3544b3f2748c54e147655edb5025752e2303145b5aefb3c3ea2c78b973bb0" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "quanta" +version = "0.12.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "773ce68d0bb9bc7ef20be3536ffe94e223e1f365bd374108b2659fac0c65cfe6" +dependencies = [ + "crossbeam-utils", + "libc", + "once_cell", + "raw-cpuid", + "wasi", + "web-sys", + "winapi", +] + +[[package]] +name = "quick-error" +version = "1.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a1d01941d82fa2ab50be1e79e6714289dd7cde78eba4c074bc5a4374f650dfe0" + +[[package]] +name = "quote" +version = "1.0.35" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "291ec9ab5efd934aaf503a6466c5d5251535d108ee747472c3977cc5acc868ef" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "rand" +version = "0.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" +dependencies = [ + "libc", + "rand_chacha", + "rand_core", +] + +[[package]] +name = "rand_chacha" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" +dependencies = [ + "ppv-lite86", + "rand_core", +] + +[[package]] +name = "rand_core" +version = "0.6.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" +dependencies = [ + "getrandom", +] + +[[package]] +name = "raw-cpuid" +version = "11.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1ab240315c661615f2ee9f0f2cd32d5a7343a84d5ebcccb99d46e6637565e7b0" +dependencies = [ + "bitflags", +] + +[[package]] +name = "redox_syscall" +version = "0.5.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9b6dfecf2c74bce2466cabf93f6664d6998a69eb21e39f4207930065b27b771f" +dependencies = [ + "bitflags", +] + +[[package]] +name = "regex" +version = "1.9.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ebee201405406dbf528b8b672104ae6d6d63e6d118cb10e4d51abbc7b58044ff" +dependencies = [ + "aho-corasick", + "memchr", + "regex-automata", + "regex-syntax", +] + +[[package]] +name = "regex-automata" +version = "0.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "59b23e92ee4318893fa3fe3e6fb365258efbfe6ac6ab30f090cdcbb7aa37efa9" +dependencies = [ + "aho-corasick", + "memchr", + "regex-syntax", +] + +[[package]] +name = "regex-syntax" +version = "0.7.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dbb5fb1acd8a1a18b3dd5be62d25485eb770e05afb408a9627d14d451bae12da" + +[[package]] +name = "resolv-conf" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "52e44394d2086d010551b14b53b1f24e31647570cd1deb0379e2c21b329aba00" +dependencies = [ + "hostname", + "quick-error", +] + +[[package]] +name = "ring" +version = "0.17.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fb0205304757e5d899b9c2e448b867ffd03ae7f988002e47cd24954391394d0b" +dependencies = [ + "cc", + "getrandom", + "libc", + "spin", + "untrusted", + "windows-sys 0.48.0", +] + +[[package]] +name = "rustc-demangle" +version = "0.1.24" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f" + +[[package]] +name = "rustc-hash" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" + +[[package]] +name = "rustc_version" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cfcb3a22ef46e85b45de6ee7e79d063319ebb6594faafcf1c225ea92ab6e9b92" +dependencies = [ + "semver", +] + +[[package]] +name = "rustix" +version = "0.38.34" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "70dc5ec042f7a43c4a73241207cecc9873a06d45debb38b329f8541d85c2730f" +dependencies = [ + "bitflags", + "errno", + "libc", + "linux-raw-sys", + "windows-sys 0.52.0", +] + +[[package]] +name = "rustls" +version = "0.23.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9c9cc1d47e243d655ace55ed38201c19ae02c148ae56412ab8750e8f0166ab7f" +dependencies = [ + "aws-lc-rs", + "brotli", + "brotli-decompressor", + "log", + "once_cell", + "ring", + "rustls-pki-types", + "rustls-webpki", + "rustversion", + "subtle", + "zeroize", + "zlib-rs", +] + +[[package]] +name = "rustls-ffi" +version = "0.15.0" +dependencies = [ + "hickory-resolver", + "libc", + "log", + "rand", + "regex", + "rustls", + "rustls-pki-types", + "rustls-platform-verifier", + "rustls-webpki", + "tokio", + "toml", +] + +[[package]] +name = "rustls-native-certs" +version = "0.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7fcff2dd52b58a8d98a70243663a0d234c4e2b79235637849d15913394a247d3" +dependencies = [ + "openssl-probe", + "rustls-pki-types", + "schannel", + "security-framework", +] + +[[package]] +name = "rustls-pki-types" +version = "1.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "16f1201b3c9a7ee8039bcadc17b7e605e2945b27eee7631788c1bd2b0643674b" + +[[package]] +name = "rustls-platform-verifier" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e012c45844a1790332c9386ed4ca3a06def221092eda277e6f079728f8ea99da" +dependencies = [ + "core-foundation", + "core-foundation-sys", + "jni", + "log", + "once_cell", + "rustls", + "rustls-native-certs", + "rustls-platform-verifier-android", + "rustls-webpki", + "security-framework", + "security-framework-sys", + "webpki-root-certs", + "windows-sys 0.52.0", +] + +[[package]] +name = "rustls-platform-verifier-android" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f87165f0995f63a9fbeea62b64d10b4d9d8e78ec6d7d51fb2125fda7bb36788f" + +[[package]] +name = "rustls-webpki" +version = "0.102.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "64ca1bc8749bd4cf37b5ce386cc146580777b4e8572c7b97baf22c83f444bee9" +dependencies = [ + "aws-lc-rs", + "ring", + "rustls-pki-types", + "untrusted", +] + +[[package]] +name = "rustversion" +version = "1.0.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7ffc183a10b4478d04cbbbfc96d0873219d962dd5accaff2ffbd4ceb7df837f4" + +[[package]] +name = "same-file" +version = "1.0.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "93fc1dc3aaa9bfed95e02e6eadabb4baf7e3078b0bd1b4d7b6b0b68378900502" +dependencies = [ + "winapi-util", +] + +[[package]] +name = "schannel" +version = "0.1.23" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fbc91545643bcf3a0bbb6569265615222618bdf33ce4ffbbd13c4bbd4c093534" +dependencies = [ + "windows-sys 0.52.0", +] + +[[package]] +name = "scopeguard" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" + +[[package]] +name = "security-framework" +version = "3.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "81d3f8c9bfcc3cbb6b0179eb57042d75b1582bdc65c3cb95f3fa999509c03cbc" +dependencies = [ + "bitflags", + "core-foundation", + "core-foundation-sys", + "libc", + "security-framework-sys", +] + +[[package]] +name = "security-framework-sys" +version = "2.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1863fd3768cd83c56a7f60faa4dc0d403f1b6df0a38c3c25f44b7894e45370d5" +dependencies = [ + "core-foundation-sys", + "libc", +] + +[[package]] +name = "semver" +version = "1.0.24" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3cb6eb87a131f756572d7fb904f6e7b68633f09cca868c5df1c4b8d1a694bbba" + +[[package]] +name = "serde" +version = "1.0.203" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7253ab4de971e72fb7be983802300c30b5a7f0c2e56fab8abfc6a214307c0094" +dependencies = [ + "serde_derive", +] + +[[package]] +name = "serde_derive" +version = "1.0.203" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "500cbc0ebeb6f46627f50f3f5811ccf6bf00643be300b4c3eabc0ef55dc5b5ba" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "serde_spanned" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2c68e921cef53841b8925c2abadd27c9b891d9613bdc43d6b823062866df38e8" +dependencies = [ + "serde", +] + +[[package]] +name = "shlex" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" + +[[package]] +name = "slab" +version = "0.4.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f92a496fb766b417c996b9c5e57daf2f7ad3b0bebe1ccfca4856390e3d3bb67" +dependencies = [ + "autocfg", +] + +[[package]] +name = "smallvec" +version = "1.13.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67" + +[[package]] +name = "socket2" +version = "0.5.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ce305eb0b4296696835b71df73eb912e0f1ffd2556a501fcede6e0c50349191c" +dependencies = [ + "libc", + "windows-sys 0.52.0", +] + +[[package]] +name = "spin" +version = "0.9.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" + +[[package]] +name = "stable_deref_trait" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a8f112729512f8e442d81f95a8a7ddf2b7c6b8a1a6f509a95864142b30cab2d3" + +[[package]] +name = "subtle" +version = "2.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" + +[[package]] +name = "syn" +version = "2.0.90" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "919d3b74a5dd0ccd15aeb8f93e7006bd9e14c295087c9896a110f490752bcf31" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "synstructure" +version = "0.13.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c8af7666ab7b6390ab78131fb5b0fce11d6b7a6951602017c35fa82800708971" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "tagptr" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7b2093cf4c8eb1e67749a6762251bc9cd836b6fc171623bd0a9d324d37af2417" + +[[package]] +name = "thiserror" +version = "1.0.58" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "03468839009160513471e86a034bb2c5c0e4baae3b43f79ffc55c4a5427b3297" +dependencies = [ + "thiserror-impl 1.0.58", +] + +[[package]] +name = "thiserror" +version = "2.0.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8fec2a1820ebd077e2b90c4df007bebf344cd394098a13c563957d0afc83ea47" +dependencies = [ + "thiserror-impl 2.0.6", +] + +[[package]] +name = "thiserror-impl" +version = "1.0.58" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c61f3ba182994efc43764a46c018c347bc492c79f024e705f46567b418f6d4f7" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "thiserror-impl" +version = "2.0.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d65750cab40f4ff1929fb1ba509e9914eb756131cef4210da8d5d700d26f6312" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "tinystr" +version = "0.7.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9117f5d4db391c1cf6927e7bea3db74b9a1c1add8f7eda9ffd5364f40f57b82f" +dependencies = [ + "displaydoc", + "zerovec", +] + +[[package]] +name = "tinyvec" +version = "1.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "445e881f4f6d382d5f27c034e25eb92edd7c784ceab92a0937db7f2e9471b938" +dependencies = [ + "tinyvec_macros", +] + +[[package]] +name = "tinyvec_macros" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" + +[[package]] +name = "tokio" +version = "1.42.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5cec9b21b0450273377fc97bd4c33a8acffc8c996c987a7c5b319a0083707551" +dependencies = [ + "backtrace", + "bytes", + "libc", + "mio", + "pin-project-lite", + "socket2", + "tokio-macros", + "windows-sys 0.52.0", +] + +[[package]] +name = "tokio-macros" +version = "2.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "693d596312e88961bc67d7f1f97af8a70227d9f90c31bba5806eec004978d752" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "tokio-rustls" +version = "0.26.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0c7bc40d0e5a97695bb96e27995cd3a08538541b0a846f65bba7a359f36700d4" +dependencies = [ + "rustls", + "rustls-pki-types", + "tokio", +] + +[[package]] +name = "tokio-util" +version = "0.7.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "61e7c3654c13bcd040d4a03abee2c75b1d14a37b423cf5a813ceae1cc903ec6a" +dependencies = [ + "bytes", + "futures-core", + "futures-sink", + "pin-project-lite", + "tokio", +] + +[[package]] +name = "toml" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4fb9d890e4dc9298b70f740f615f2e05b9db37dce531f6b24fb77ac993f9f217" +dependencies = [ + "serde", + "serde_spanned", + "toml_datetime", + "toml_edit", +] + +[[package]] +name = "toml_datetime" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4553f467ac8e3d374bc9a177a26801e5d0f9b211aa1673fb137a403afd1c9cf5" +dependencies = [ + "serde", +] + +[[package]] +name = "toml_edit" +version = "0.18.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "56c59d8dd7d0dcbc6428bf7aa2f0e823e26e43b3c9aca15bbc9475d23e5fa12b" +dependencies = [ + "indexmap 1.9.3", + "nom8", + "serde", + "serde_spanned", + "toml_datetime", +] + +[[package]] +name = "tracing" +version = "0.1.40" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c3523ab5a71916ccf420eebdf5521fcef02141234bbc0b8a49f2fdc4544364ef" +dependencies = [ + "pin-project-lite", + "tracing-attributes", + "tracing-core", +] + +[[package]] +name = "tracing-attributes" +version = "0.1.28" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "395ae124c09f9e6918a2310af6038fba074bcf474ac352496d5910dd59a2226d" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "tracing-core" +version = "0.1.33" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e672c95779cf947c5311f83787af4fa8fffd12fb27e4993211a84bdfd9610f9c" +dependencies = [ + "once_cell", +] + +[[package]] +name = "triomphe" +version = "0.1.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "859eb650cfee7434994602c3a68b25d77ad9e68c8a6cd491616ef86661382eb3" + +[[package]] +name = "unicode-ident" +version = "1.0.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" + +[[package]] +name = "untrusted" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" + +[[package]] +name = "url" +version = "2.5.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32f8b686cadd1473f4bd0117a5d28d36b1ade384ea9b5069a1c40aefed7fda60" +dependencies = [ + "form_urlencoded", + "idna", + "percent-encoding", +] + +[[package]] +name = "utf16_iter" +version = "1.0.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c8232dd3cdaed5356e0f716d285e4b40b932ac434100fe9b7e0e8e935b9e6246" + +[[package]] +name = "utf8_iter" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b6c140620e7ffbb22c2dee59cafe6084a59b5ffc27a8859a5f0d494b5d52b6be" + +[[package]] +name = "uuid" +version = "1.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8c5f0a0af699448548ad1a2fbf920fb4bee257eae39953ba95cb84891a0446a" +dependencies = [ + "getrandom", +] + +[[package]] +name = "walkdir" +version = "2.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "29790946404f91d9c5d06f9874efddea1dc06c5efe94541a7d6863108e3a5e4b" +dependencies = [ + "same-file", + "winapi-util", +] + +[[package]] +name = "wasi" +version = "0.11.0+wasi-snapshot-preview1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" + +[[package]] +name = "wasm-bindgen" +version = "0.2.99" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a474f6281d1d70c17ae7aa6a613c87fce69a127e2624002df63dcb39d6cf6396" +dependencies = [ + "cfg-if", + "once_cell", + "wasm-bindgen-macro", +] + +[[package]] +name = "wasm-bindgen-backend" +version = "0.2.99" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5f89bb38646b4f81674e8f5c3fb81b562be1fd936d84320f3264486418519c79" +dependencies = [ + "bumpalo", + "log", + "proc-macro2", + "quote", + "syn", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-macro" +version = "0.2.99" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2cc6181fd9a7492eef6fef1f33961e3695e4579b9872a6f7c83aee556666d4fe" +dependencies = [ + "quote", + "wasm-bindgen-macro-support", +] + +[[package]] +name = "wasm-bindgen-macro-support" +version = "0.2.99" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "30d7a95b763d3c45903ed6c81f156801839e5ee968bb07e534c44df0fcd330c2" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "wasm-bindgen-backend", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-shared" +version = "0.2.99" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "943aab3fdaaa029a6e0271b35ea10b72b943135afe9bffca82384098ad0e06a6" + +[[package]] +name = "web-sys" +version = "0.3.76" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "04dd7223427d52553d3702c004d3b2fe07c148165faa56313cb00211e31c12bc" +dependencies = [ + "js-sys", + "wasm-bindgen", +] + +[[package]] +name = "webpki-root-certs" +version = "0.26.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e8c6dfa3ac045bc517de14c7b1384298de1dbd229d38e08e169d9ae8c170937c" +dependencies = [ + "rustls-pki-types", +] + +[[package]] +name = "webpki-roots" +version = "0.26.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5d642ff16b7e79272ae451b7322067cdc17cadf68c23264be9d94a32319efe7e" +dependencies = [ + "rustls-pki-types", +] + +[[package]] +name = "which" +version = "4.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7" +dependencies = [ + "either", + "home", + "once_cell", + "rustix", +] + +[[package]] +name = "widestring" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7219d36b6eac893fa81e84ebe06485e7dcbb616177469b142df14f1f4deb1311" + +[[package]] +name = "winapi" +version = "0.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" +dependencies = [ + "winapi-i686-pc-windows-gnu", + "winapi-x86_64-pc-windows-gnu", +] + +[[package]] +name = "winapi-i686-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" + +[[package]] +name = "winapi-util" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f29e6f9198ba0d26b4c9f07dbe6f9ed633e1f3d5b8b414090084349e46a52596" +dependencies = [ + "winapi", +] + +[[package]] +name = "winapi-x86_64-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" + +[[package]] +name = "windows-sys" +version = "0.45.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "75283be5efb2831d37ea142365f009c02ec203cd29a3ebecbc093d52315b66d0" +dependencies = [ + "windows-targets 0.42.2", +] + +[[package]] +name = "windows-sys" +version = "0.48.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9" +dependencies = [ + "windows-targets 0.48.5", +] + +[[package]] +name = "windows-sys" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" +dependencies = [ + "windows-targets 0.52.4", +] + +[[package]] +name = "windows-targets" +version = "0.42.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e5180c00cd44c9b1c88adb3693291f1cd93605ded80c250a75d472756b4d071" +dependencies = [ + "windows_aarch64_gnullvm 0.42.2", + "windows_aarch64_msvc 0.42.2", + "windows_i686_gnu 0.42.2", + "windows_i686_msvc 0.42.2", + "windows_x86_64_gnu 0.42.2", + "windows_x86_64_gnullvm 0.42.2", + "windows_x86_64_msvc 0.42.2", +] + +[[package]] +name = "windows-targets" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c" +dependencies = [ + "windows_aarch64_gnullvm 0.48.5", + "windows_aarch64_msvc 0.48.5", + "windows_i686_gnu 0.48.5", + "windows_i686_msvc 0.48.5", + "windows_x86_64_gnu 0.48.5", + "windows_x86_64_gnullvm 0.48.5", + "windows_x86_64_msvc 0.48.5", +] + +[[package]] +name = "windows-targets" +version = "0.52.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7dd37b7e5ab9018759f893a1952c9420d060016fc19a472b4bb20d1bdd694d1b" +dependencies = [ + "windows_aarch64_gnullvm 0.52.4", + "windows_aarch64_msvc 0.52.4", + "windows_i686_gnu 0.52.4", + "windows_i686_msvc 0.52.4", + "windows_x86_64_gnu 0.52.4", + "windows_x86_64_gnullvm 0.52.4", + "windows_x86_64_msvc 0.52.4", +] + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.42.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "597a5118570b68bc08d8d59125332c54f1ba9d9adeedeef5b99b02ba2b0698f8" + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.52.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bcf46cf4c365c6f2d1cc93ce535f2c8b244591df96ceee75d8e83deb70a9cac9" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.42.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e08e8864a60f06ef0d0ff4ba04124db8b0fb3be5776a5cd47641e942e58c4d43" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.52.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "da9f259dd3bcf6990b55bffd094c4f7235817ba4ceebde8e6d11cd0c5633b675" + +[[package]] +name = "windows_i686_gnu" +version = "0.42.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c61d927d8da41da96a81f029489353e68739737d3beca43145c8afec9a31a84f" + +[[package]] +name = "windows_i686_gnu" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" + +[[package]] +name = "windows_i686_gnu" +version = "0.52.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b474d8268f99e0995f25b9f095bc7434632601028cf86590aea5c8a5cb7801d3" + +[[package]] +name = "windows_i686_msvc" +version = "0.42.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "44d840b6ec649f480a41c8d80f9c65108b92d89345dd94027bfe06ac444d1060" + +[[package]] +name = "windows_i686_msvc" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" + +[[package]] +name = "windows_i686_msvc" +version = "0.52.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1515e9a29e5bed743cb4415a9ecf5dfca648ce85ee42e15873c3cd8610ff8e02" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.42.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8de912b8b8feb55c064867cf047dda097f92d51efad5b491dfb98f6bbb70cb36" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.52.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5eee091590e89cc02ad514ffe3ead9eb6b660aedca2183455434b93546371a03" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.42.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "26d41b46a36d453748aedef1486d5c7a85db22e56aff34643984ea85514e94a3" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.52.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77ca79f2451b49fa9e2af39f0747fe999fcda4f5e241b2898624dca97a1f2177" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.42.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9aec5da331524158c6d1a4ac0ab1541149c0b9505fde06423b02f5ef0106b9f0" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.48.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.52.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32b752e52a2da0ddfbdbcc6fceadfeede4c939ed16d13e648833a61dfb611ed8" + +[[package]] +name = "winreg" +version = "0.50.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "524e57b2c537c0f9b1e69f1965311ec12182b4122e45035b1508cd24d2adadb1" +dependencies = [ + "cfg-if", + "windows-sys 0.48.0", +] + +[[package]] +name = "write16" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d1890f4022759daae28ed4fe62859b1236caebfc61ede2f63ed4e695f3f6d936" + +[[package]] +name = "writeable" +version = "0.5.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e9df38ee2d2c3c5948ea468a8406ff0db0b29ae1ffde1bcf20ef305bcc95c51" + +[[package]] +name = "yoke" +version = "0.7.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "120e6aef9aa629e3d4f52dc8cc43a015c7724194c97dfaf45180d2daf2b77f40" +dependencies = [ + "serde", + "stable_deref_trait", + "yoke-derive", + "zerofrom", +] + +[[package]] +name = "yoke-derive" +version = "0.7.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2380878cad4ac9aac1e2435f3eb4020e8374b5f13c296cb75b4620ff8e229154" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "synstructure", +] + +[[package]] +name = "zerocopy" +version = "0.7.35" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1b9b4fd18abc82b8136838da5d50bae7bdea537c574d8dc1a34ed098d6c166f0" +dependencies = [ + "byteorder", + "zerocopy-derive", +] + +[[package]] +name = "zerocopy-derive" +version = "0.7.35" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "zerofrom" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cff3ee08c995dee1859d998dea82f7374f2826091dd9cd47def953cae446cd2e" +dependencies = [ + "zerofrom-derive", +] + +[[package]] +name = "zerofrom-derive" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "595eed982f7d355beb85837f651fa22e90b3c044842dc7f2c2842c086f295808" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "synstructure", +] + +[[package]] +name = "zeroize" +version = "1.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d" + +[[package]] +name = "zerovec" +version = "0.10.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "aa2b893d79df23bfb12d5461018d408ea19dfafe76c2c7ef6d4eba614f8ff079" +dependencies = [ + "yoke", + "zerofrom", + "zerovec-derive", +] + +[[package]] +name = "zerovec-derive" +version = "0.10.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6eafa6dfb17584ea3e2bd6e76e0cc15ad7af12b09abdd1ca55961bed9b1063c6" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "zlib-rs" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2ca4a9dc6566c9224cc161dedc5577bd81f4a9ee0f9fbe80592756d096b07ee5" diff --git a/librustls/Cargo.toml b/librustls/Cargo.toml new file mode 100644 index 00000000..5216f0e4 --- /dev/null +++ b/librustls/Cargo.toml @@ -0,0 +1,72 @@ +[package] +name = "rustls-ffi" +version = "0.15.0" +license = "Apache-2.0 OR ISC OR MIT" +readme = "../README-crates.io.md" +description = "Rustls bindings for non-Rust languages" +homepage = "https://github.com/rustls/rustls-ffi" +repository = "https://github.com/rustls/rustls-ffi" +categories = ["network-programming", "cryptography"] +edition = "2021" +links = "rustls_ffi" +rust-version = "1.71" + +[features] +default = ["aws-lc-rs"] +# Enable this feature when building as Rust dependency. It inhibits the +# default behavior of capturing the global logger, which only works when +# built using the Makefile, which passes -C metadata=rustls-ffi to avoid +# interfering with copies of the global logger brought in by other Rust +# libraries. +no_log_capture = [] +read_buf = ["rustls/read_buf"] +capi = [] +ring = ["rustls/ring", "webpki/ring"] +aws-lc-rs = ["rustls/aws-lc-rs", "webpki/aws_lc_rs"] +cert_compression = ["rustls/brotli", "rustls/zlib"] +fips = ["aws-lc-rs", "rustls/fips"] + +[dependencies] +# Keep in sync with RUSTLS_CRATE_VERSION in build.rs +rustls = { version = "0.23.18", default-features = false, features = ["std", "tls12"] } +pki-types = { package = "rustls-pki-types", version = "1.10", features = ["std"] } +webpki = { package = "rustls-webpki", version = "0.102.0", default-features = false, features = ["std"] } +libc = "0.2" +log = "0.4.22" +rustls-platform-verifier = "0.5" +rand = "0.8" + +[lib] +name = "rustls_ffi" +crate-type = ["lib", "staticlib"] + +[dev-dependencies] +regex = "1.9.6" +toml = { version = "0.6.0", default-features = false, features = ["parse"] } +hickory-resolver = { version = "=0.25.0-alpha.4", features = ["dns-over-https-rustls", "webpki-roots"] } +tokio = { version = "1.42.0", features = ["io-util", "macros", "net", "rt"] } + +[package.metadata.capi.header] +name = "rustls" +subdirectory = false +generation = false # Prefer a vendored .h + +[package.metadata.capi.library] +name = "rustls" +version_suffix_components = 3 +rustflags = "-Cmetadata=rustls-ffi" + +[package.metadata.capi.pkg_config] +name = "rustls" +filename = "rustls" + +[package.metadata.capi.install.include] +asset = [{ from = "src/rustls.h", to = "" }] + +# The ech_fetch test is a utility to fetch ECH configurations from DNS +# to use with the client.c example. We disable the harness to be able +# to parse CLI args. +[[test]] +name = "ech_fetch" +harness = false +test = false diff --git a/librustls/LICENSE b/librustls/LICENSE new file mode 120000 index 00000000..ea5b6064 --- /dev/null +++ b/librustls/LICENSE @@ -0,0 +1 @@ +../LICENSE \ No newline at end of file diff --git a/librustls/LICENSE-APACHE b/librustls/LICENSE-APACHE new file mode 120000 index 00000000..965b606f --- /dev/null +++ b/librustls/LICENSE-APACHE @@ -0,0 +1 @@ +../LICENSE-APACHE \ No newline at end of file diff --git a/librustls/LICENSE-MIT b/librustls/LICENSE-MIT new file mode 120000 index 00000000..76219eb7 --- /dev/null +++ b/librustls/LICENSE-MIT @@ -0,0 +1 @@ +../LICENSE-MIT \ No newline at end of file diff --git a/build.rs b/librustls/build.rs similarity index 100% rename from build.rs rename to librustls/build.rs diff --git a/cbindgen.toml b/librustls/cbindgen.toml similarity index 100% rename from cbindgen.toml rename to librustls/cbindgen.toml diff --git a/cmake/custom_function_defs.txt b/librustls/cmake/custom_function_defs.txt similarity index 100% rename from cmake/custom_function_defs.txt rename to librustls/cmake/custom_function_defs.txt diff --git a/cmake/format.cmake b/librustls/cmake/format.cmake similarity index 100% rename from cmake/format.cmake rename to librustls/cmake/format.cmake diff --git a/cmake/options.cmake b/librustls/cmake/options.cmake similarity index 100% rename from cmake/options.cmake rename to librustls/cmake/options.cmake diff --git a/cmake/rust.cmake b/librustls/cmake/rust.cmake similarity index 100% rename from cmake/rust.cmake rename to librustls/cmake/rust.cmake diff --git a/src/acceptor.rs b/librustls/src/acceptor.rs similarity index 100% rename from src/acceptor.rs rename to librustls/src/acceptor.rs diff --git a/src/certificate.rs b/librustls/src/certificate.rs similarity index 100% rename from src/certificate.rs rename to librustls/src/certificate.rs diff --git a/src/cipher.rs b/librustls/src/cipher.rs similarity index 100% rename from src/cipher.rs rename to librustls/src/cipher.rs diff --git a/src/client.rs b/librustls/src/client.rs similarity index 100% rename from src/client.rs rename to librustls/src/client.rs diff --git a/src/connection.rs b/librustls/src/connection.rs similarity index 100% rename from src/connection.rs rename to librustls/src/connection.rs diff --git a/src/crypto_provider.rs b/librustls/src/crypto_provider.rs similarity index 100% rename from src/crypto_provider.rs rename to librustls/src/crypto_provider.rs diff --git a/src/enums.rs b/librustls/src/enums.rs similarity index 100% rename from src/enums.rs rename to librustls/src/enums.rs diff --git a/src/error.rs b/librustls/src/error.rs similarity index 100% rename from src/error.rs rename to librustls/src/error.rs diff --git a/src/ffi.rs b/librustls/src/ffi.rs similarity index 100% rename from src/ffi.rs rename to librustls/src/ffi.rs diff --git a/src/io.rs b/librustls/src/io.rs similarity index 100% rename from src/io.rs rename to librustls/src/io.rs diff --git a/src/keylog.rs b/librustls/src/keylog.rs similarity index 100% rename from src/keylog.rs rename to librustls/src/keylog.rs diff --git a/src/lib.rs b/librustls/src/lib.rs similarity index 100% rename from src/lib.rs rename to librustls/src/lib.rs diff --git a/src/log.rs b/librustls/src/log.rs similarity index 100% rename from src/log.rs rename to librustls/src/log.rs diff --git a/src/panic.rs b/librustls/src/panic.rs similarity index 100% rename from src/panic.rs rename to librustls/src/panic.rs diff --git a/src/rslice.rs b/librustls/src/rslice.rs similarity index 100% rename from src/rslice.rs rename to librustls/src/rslice.rs diff --git a/src/rustls.h b/librustls/src/rustls.h similarity index 100% rename from src/rustls.h rename to librustls/src/rustls.h diff --git a/src/server.rs b/librustls/src/server.rs similarity index 100% rename from src/server.rs rename to librustls/src/server.rs diff --git a/src/session.rs b/librustls/src/session.rs similarity index 100% rename from src/session.rs rename to librustls/src/session.rs diff --git a/src/userdata.rs b/librustls/src/userdata.rs similarity index 100% rename from src/userdata.rs rename to librustls/src/userdata.rs diff --git a/src/verifier.rs b/librustls/src/verifier.rs similarity index 100% rename from src/verifier.rs rename to librustls/src/verifier.rs diff --git a/src/version.rs b/librustls/src/version.rs similarity index 100% rename from src/version.rs rename to librustls/src/version.rs diff --git a/testdata/example.com/cert.pem b/librustls/testdata/example.com/cert.pem similarity index 100% rename from testdata/example.com/cert.pem rename to librustls/testdata/example.com/cert.pem diff --git a/testdata/example.com/key.pem b/librustls/testdata/example.com/key.pem similarity index 100% rename from testdata/example.com/key.pem rename to librustls/testdata/example.com/key.pem diff --git a/testdata/localhost/cert.pem b/librustls/testdata/localhost/cert.pem similarity index 100% rename from testdata/localhost/cert.pem rename to librustls/testdata/localhost/cert.pem diff --git a/testdata/localhost/key.pem b/librustls/testdata/localhost/key.pem similarity index 100% rename from testdata/localhost/key.pem rename to librustls/testdata/localhost/key.pem diff --git a/testdata/minica-key.pem b/librustls/testdata/minica-key.pem similarity index 100% rename from testdata/minica-key.pem rename to librustls/testdata/minica-key.pem diff --git a/testdata/minica.pem b/librustls/testdata/minica.pem similarity index 100% rename from testdata/minica.pem rename to librustls/testdata/minica.pem diff --git a/testdata/test.crl.pem b/librustls/testdata/test.crl.pem similarity index 100% rename from testdata/test.crl.pem rename to librustls/testdata/test.crl.pem diff --git a/tests/CMakeLists.txt b/librustls/tests/CMakeLists.txt similarity index 100% rename from tests/CMakeLists.txt rename to librustls/tests/CMakeLists.txt diff --git a/tests/client.c b/librustls/tests/client.c similarity index 100% rename from tests/client.c rename to librustls/tests/client.c diff --git a/tests/client.h b/librustls/tests/client.h similarity index 100% rename from tests/client.h rename to librustls/tests/client.h diff --git a/tests/client_server.rs b/librustls/tests/client_server.rs similarity index 100% rename from tests/client_server.rs rename to librustls/tests/client_server.rs diff --git a/tests/common.c b/librustls/tests/common.c similarity index 100% rename from tests/common.c rename to librustls/tests/common.c diff --git a/tests/common.h b/librustls/tests/common.h similarity index 100% rename from tests/common.h rename to librustls/tests/common.h diff --git a/tests/ech_fetch.rs b/librustls/tests/ech_fetch.rs similarity index 100% rename from tests/ech_fetch.rs rename to librustls/tests/ech_fetch.rs diff --git a/tests/rustls_version.rs b/librustls/tests/rustls_version.rs similarity index 100% rename from tests/rustls_version.rs rename to librustls/tests/rustls_version.rs diff --git a/tests/server.c b/librustls/tests/server.c similarity index 100% rename from tests/server.c rename to librustls/tests/server.c diff --git a/tests/server.h b/librustls/tests/server.h similarity index 100% rename from tests/server.h rename to librustls/tests/server.h diff --git a/tests/static_libs.rs b/librustls/tests/static_libs.rs similarity index 100% rename from tests/static_libs.rs rename to librustls/tests/static_libs.rs From 6b9f35704604875d5460e98b9c615a47eeaec8a6 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 19 Dec 2024 15:46:41 -0500 Subject: [PATCH 3/9] switch to workspace deps (except for rustls) We'll keep `rustls` as a "normal" dependency in `librustls` so that it's clearer that its version must match the `librustls/build.rs` version. This also means we don't have to change the `librustls/tests/rustls_version.rs` test. --- Cargo.toml | 13 +++++++++++++ librustls/Cargo.toml | 20 ++++++++++---------- 2 files changed, 23 insertions(+), 10 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 1f915ed8..c3016bd2 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -8,3 +8,16 @@ default-members = [ "librustls", ] resolver = "2" + +[workspace.dependencies] +rustls = { version = "0.23", default-features = false, features = ["std", "tls12"] } +pki-types = { package = "rustls-pki-types", version = "1.10", features = ["std"] } +webpki = { package = "rustls-webpki", version = "0.102.0", default-features = false, features = ["std"] } +libc = "0.2" +log = "0.4.22" +rustls-platform-verifier = "0.5" +rand = "0.8" +regex = "1.9.6" +toml = { version = "0.6.0", default-features = false, features = ["parse"] } +hickory-resolver = { version = "=0.25.0-alpha.4", features = ["dns-over-https-rustls", "webpki-roots"] } +tokio = { version = "1.42.0", features = ["io-util", "macros", "net", "rt"] } diff --git a/librustls/Cargo.toml b/librustls/Cargo.toml index 5216f0e4..a8f0c8f0 100644 --- a/librustls/Cargo.toml +++ b/librustls/Cargo.toml @@ -29,22 +29,22 @@ fips = ["aws-lc-rs", "rustls/fips"] [dependencies] # Keep in sync with RUSTLS_CRATE_VERSION in build.rs rustls = { version = "0.23.18", default-features = false, features = ["std", "tls12"] } -pki-types = { package = "rustls-pki-types", version = "1.10", features = ["std"] } -webpki = { package = "rustls-webpki", version = "0.102.0", default-features = false, features = ["std"] } -libc = "0.2" -log = "0.4.22" -rustls-platform-verifier = "0.5" -rand = "0.8" +pki-types = { workspace = true } +webpki = { workspace = true } +libc = { workspace = true } +log = { workspace = true } +rustls-platform-verifier = { workspace = true } +rand = { workspace = true } [lib] name = "rustls_ffi" crate-type = ["lib", "staticlib"] [dev-dependencies] -regex = "1.9.6" -toml = { version = "0.6.0", default-features = false, features = ["parse"] } -hickory-resolver = { version = "=0.25.0-alpha.4", features = ["dns-over-https-rustls", "webpki-roots"] } -tokio = { version = "1.42.0", features = ["io-util", "macros", "net", "rt"] } +regex = { workspace = true } +toml = { workspace = true } +hickory-resolver = { workspace = true } +tokio = { workspace = true } [package.metadata.capi.header] name = "rustls" From 398befa22a1da0bbbae10863f20c1a29b4bfdd38 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 19 Dec 2024 15:54:54 -0500 Subject: [PATCH 4/9] switch to using rustls::pki_types re-export We don't need to manage our own `pki_types` dep this way. --- Cargo.lock | 1 - Cargo.toml | 1 - librustls/Cargo.toml | 1 - librustls/src/certificate.rs | 4 ++-- librustls/src/client.rs | 4 ++-- librustls/src/connection.rs | 2 +- librustls/src/crypto_provider.rs | 4 ++-- librustls/src/verifier.rs | 4 ++-- 8 files changed, 9 insertions(+), 12 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index a4a8518d..34b84f52 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1231,7 +1231,6 @@ dependencies = [ "rand", "regex", "rustls", - "rustls-pki-types", "rustls-platform-verifier", "rustls-webpki", "tokio", diff --git a/Cargo.toml b/Cargo.toml index c3016bd2..521b93f1 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -11,7 +11,6 @@ resolver = "2" [workspace.dependencies] rustls = { version = "0.23", default-features = false, features = ["std", "tls12"] } -pki-types = { package = "rustls-pki-types", version = "1.10", features = ["std"] } webpki = { package = "rustls-webpki", version = "0.102.0", default-features = false, features = ["std"] } libc = "0.2" log = "0.4.22" diff --git a/librustls/Cargo.toml b/librustls/Cargo.toml index a8f0c8f0..86d0d9fc 100644 --- a/librustls/Cargo.toml +++ b/librustls/Cargo.toml @@ -29,7 +29,6 @@ fips = ["aws-lc-rs", "rustls/fips"] [dependencies] # Keep in sync with RUSTLS_CRATE_VERSION in build.rs rustls = { version = "0.23.18", default-features = false, features = ["std", "tls12"] } -pki-types = { workspace = true } webpki = { workspace = true } libc = { workspace = true } log = { workspace = true } diff --git a/librustls/src/certificate.rs b/librustls/src/certificate.rs index ddbc0a52..c6e1ac85 100644 --- a/librustls/src/certificate.rs +++ b/librustls/src/certificate.rs @@ -4,8 +4,8 @@ use std::ptr::null; use std::slice; use libc::{c_char, size_t}; -use pki_types::pem::PemObject; -use pki_types::{CertificateDer, PrivateKeyDer}; +use rustls::pki_types::pem::PemObject; +use rustls::pki_types::{CertificateDer, PrivateKeyDer}; use rustls::sign::CertifiedKey; use rustls::RootCertStore; diff --git a/librustls/src/client.rs b/librustls/src/client.rs index 268f5f8c..0dee7cd9 100644 --- a/librustls/src/client.rs +++ b/librustls/src/client.rs @@ -4,10 +4,10 @@ use std::slice; use std::sync::Arc; use libc::{c_char, size_t}; -use pki_types::{CertificateDer, EchConfigListBytes, UnixTime}; use rustls::client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier}; use rustls::client::{EchConfig, EchGreaseConfig, EchMode, ResolvesClientCert}; use rustls::crypto::{verify_tls12_signature, verify_tls13_signature, CryptoProvider}; +use rustls::pki_types::{CertificateDer, EchConfigListBytes, ServerName, UnixTime}; use rustls::{ sign::CertifiedKey, ClientConfig, ClientConnection, DigitallySignedStruct, Error, KeyLog, KeyLogFile, ProtocolVersion, SignatureScheme, SupportedProtocolVersion, @@ -609,7 +609,7 @@ impl ServerCertVerifier for Verifier { &self, end_entity: &CertificateDer, intermediates: &[CertificateDer], - server_name: &pki_types::ServerName<'_>, + server_name: &ServerName<'_>, ocsp_response: &[u8], _now: UnixTime, ) -> Result { diff --git a/librustls/src/connection.rs b/librustls/src/connection.rs index 7dbac325..ff627701 100644 --- a/librustls/src/connection.rs +++ b/librustls/src/connection.rs @@ -3,7 +3,7 @@ use std::{ffi::c_void, ptr::null}; use std::{ptr::null_mut, slice}; use libc::{size_t, EINVAL, EIO}; -use pki_types::CertificateDer; +use rustls::pki_types::CertificateDer; use rustls::CipherSuite::TLS_NULL_WITH_NULL_NULL; use rustls::{ClientConnection, ServerConnection}; diff --git a/librustls/src/crypto_provider.rs b/librustls/src/crypto_provider.rs index bea9bbd3..3ce5606f 100644 --- a/librustls/src/crypto_provider.rs +++ b/librustls/src/crypto_provider.rs @@ -2,8 +2,6 @@ use std::slice; use std::sync::Arc; use libc::size_t; -use pki_types::pem::PemObject; -use pki_types::PrivateKeyDer; use rand::seq::SliceRandom; #[cfg(feature = "aws-lc-rs")] @@ -11,6 +9,8 @@ use rustls::crypto::aws_lc_rs; #[cfg(feature = "ring")] use rustls::crypto::ring; use rustls::crypto::{hpke, CryptoProvider}; +use rustls::pki_types::pem::PemObject; +use rustls::pki_types::PrivateKeyDer; use rustls::sign::SigningKey; use rustls::SupportedCipherSuite; diff --git a/librustls/src/verifier.rs b/librustls/src/verifier.rs index 91375cc9..b6404163 100644 --- a/librustls/src/verifier.rs +++ b/librustls/src/verifier.rs @@ -2,11 +2,11 @@ use std::slice; use std::sync::Arc; use libc::size_t; -use pki_types::pem::PemObject; -use pki_types::CertificateRevocationListDer; use rustls::client::danger::ServerCertVerifier; use rustls::client::WebPkiServerVerifier; use rustls::crypto::CryptoProvider; +use rustls::pki_types::pem::PemObject; +use rustls::pki_types::CertificateRevocationListDer; use rustls::server::danger::ClientCertVerifier; use rustls::server::WebPkiClientVerifier; use rustls::{DistinguishedName, RootCertStore}; From 7d4056091f8209a575005ddb1f762b9ea4f0571a Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 19 Dec 2024 16:12:30 -0500 Subject: [PATCH 5/9] add a tools crate to workspace, move ech_fetch The `ech_fetch.rs` test was never really a test, it's a tool that can be used alongside some of the testcode. Having to define it as a test sort of sucks, we need to disable the normal test runner, and it makes taking command-line arguments awkward. Instead, let's make a separate crate and make ech-fetch.rs a normal binary within that (not published) crate. --- Cargo.lock | 11 +++++++++-- Cargo.toml | 5 ++++- librustls/Cargo.toml | 10 ---------- tools/Cargo.toml | 14 ++++++++++++++ tools/README.md | 3 +++ {librustls/tests => tools/src}/ech_fetch.rs | 2 +- 6 files changed, 31 insertions(+), 14 deletions(-) create mode 100644 tools/Cargo.toml create mode 100644 tools/README.md rename {librustls/tests => tools/src}/ech_fetch.rs (97%) diff --git a/Cargo.lock b/Cargo.lock index 34b84f52..c94346ae 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1225,7 +1225,6 @@ dependencies = [ name = "rustls-ffi" version = "0.15.0" dependencies = [ - "hickory-resolver", "libc", "log", "rand", @@ -1233,10 +1232,18 @@ dependencies = [ "rustls", "rustls-platform-verifier", "rustls-webpki", - "tokio", "toml", ] +[[package]] +name = "rustls-ffi-tools" +version = "0.1.0" +dependencies = [ + "hickory-resolver", + "rustls", + "tokio", +] + [[package]] name = "rustls-native-certs" version = "0.8.1" diff --git a/Cargo.toml b/Cargo.toml index 521b93f1..6215128d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,11 +1,14 @@ [workspace] members = [ # FFI bindings for Rustls - "librustls" + "librustls", + # Admin tooling & test utilities for rustls-ffi developers + "tools" ] default-members = [ "librustls", + "tools" ] resolver = "2" diff --git a/librustls/Cargo.toml b/librustls/Cargo.toml index 86d0d9fc..f3b03507 100644 --- a/librustls/Cargo.toml +++ b/librustls/Cargo.toml @@ -42,8 +42,6 @@ crate-type = ["lib", "staticlib"] [dev-dependencies] regex = { workspace = true } toml = { workspace = true } -hickory-resolver = { workspace = true } -tokio = { workspace = true } [package.metadata.capi.header] name = "rustls" @@ -61,11 +59,3 @@ filename = "rustls" [package.metadata.capi.install.include] asset = [{ from = "src/rustls.h", to = "" }] - -# The ech_fetch test is a utility to fetch ECH configurations from DNS -# to use with the client.c example. We disable the harness to be able -# to parse CLI args. -[[test]] -name = "ech_fetch" -harness = false -test = false diff --git a/tools/Cargo.toml b/tools/Cargo.toml new file mode 100644 index 00000000..4f49f6ae --- /dev/null +++ b/tools/Cargo.toml @@ -0,0 +1,14 @@ +[package] +name = "rustls-ffi-tools" +version = "0.1.0" +edition = "2021" +publish = false + +[dependencies] +rustls = { workspace = true } +hickory-resolver = { workspace = true } +tokio = { workspace = true } + +[[bin]] +name = "ech_fetch" +path = "src/ech_fetch.rs" diff --git a/tools/README.md b/tools/README.md new file mode 100644 index 00000000..7e02c9c0 --- /dev/null +++ b/tools/README.md @@ -0,0 +1,3 @@ +# rustls-ffi admin tools + +This crate contains small utilities and helper tools for `rustls-ffi` developers. diff --git a/librustls/tests/ech_fetch.rs b/tools/src/ech_fetch.rs similarity index 97% rename from librustls/tests/ech_fetch.rs rename to tools/src/ech_fetch.rs index 92d9de21..5754ec69 100644 --- a/librustls/tests/ech_fetch.rs +++ b/tools/src/ech_fetch.rs @@ -21,7 +21,7 @@ async fn main() -> Result<(), Box> { let domain = args.next().unwrap_or("research.cloudflare.com".to_string()); let output_path = args .next() - .unwrap_or(format!("testdata/{}.ech.configs.bin", domain)); + .unwrap_or(format!("{}.ech.configs.bin", domain)); let resolver = Resolver::tokio(ResolverConfig::google_https(), ResolverOpts::default()); From 011d1c89a880508397adf13da6e40c208437a5c3 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 19 Dec 2024 16:15:24 -0500 Subject: [PATCH 6/9] tools: cargo fmt ech_fetch.rs and update comment --- tools/src/ech_fetch.rs | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/tools/src/ech_fetch.rs b/tools/src/ech_fetch.rs index 5754ec69..788050c6 100644 --- a/tools/src/ech_fetch.rs +++ b/tools/src/ech_fetch.rs @@ -1,7 +1,12 @@ -//! A simple test that updates the `research.cloudflare.com.ech.configs.der` test file -//! with the ECH config for `research.cloudflare.com`, fetched with DNS-over-HTTPS. +//! A simple utility for fetching TLS encoded ECH configs lists from a domain name's +//! HTTPS records using DNS-over-HTTPS. //! -//! This data file can be used with the `client.c` example to test ECH. +//! Prints a comma separated list of the ECH config lists files that were fetched +//! to stdout. This output can be used with the `librustls/tests/client.c` example's +//! `ECH_CONFIG_LIST` environment variable to test ECH. +//! +//! Example: +//! cargo run --bin ech_fetch research.cloudflare.com use std::env; use std::error::Error; @@ -19,9 +24,7 @@ use rustls::pki_types::EchConfigListBytes; async fn main() -> Result<(), Box> { let mut args = env::args().skip(1); let domain = args.next().unwrap_or("research.cloudflare.com".to_string()); - let output_path = args - .next() - .unwrap_or(format!("{}.ech.configs.bin", domain)); + let output_path = args.next().unwrap_or(format!("{}.ech.configs.bin", domain)); let resolver = Resolver::tokio(ResolverConfig::google_https(), ResolverOpts::default()); From e87e7222231655153e24ef0e475bb6a6f2bd979e Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 19 Dec 2024 16:16:13 -0500 Subject: [PATCH 7/9] tools: fix clippy findings in ech_fetch --- tools/src/ech_fetch.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/src/ech_fetch.rs b/tools/src/ech_fetch.rs index 788050c6..b56d425d 100644 --- a/tools/src/ech_fetch.rs +++ b/tools/src/ech_fetch.rs @@ -33,13 +33,13 @@ async fn main() -> Result<(), Box> { // If there was only one HTTPS record with an ech config, write it to the output file. if all_lists.len() == 1 { let mut encoded_list_file = File::create(&output_path)?; - encoded_list_file.write_all(&all_lists.first().unwrap())?; + encoded_list_file.write_all(all_lists.first().unwrap())?; println!("{output_path}"); } else { // Otherwise write each to its own file with a numeric suffix for (i, ech_config_lists) in all_lists.iter().enumerate() { let mut encoded_list_file = File::create(format!("{output_path}.{}", i + 1))?; - encoded_list_file.write_all(&ech_config_lists)?; + encoded_list_file.write_all(ech_config_lists)?; } // And print a comma separated list of the file paths. let paths = (1..=all_lists.len()) From 8a9528a4afb5994c95a7f0af882461da13ed75e4 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 19 Dec 2024 16:25:52 -0500 Subject: [PATCH 8/9] add ech-test cmake target * Gets ech configs using the tools crate's ech-fetch binary * Runs the built client example with the fetched ECH config lists --- librustls/cmake/rust.cmake | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/librustls/cmake/rust.cmake b/librustls/cmake/rust.cmake index b6db603d..ca905ac0 100644 --- a/librustls/cmake/rust.cmake +++ b/librustls/cmake/rust.cmake @@ -75,3 +75,26 @@ add_custom_command( client_server client_server_integration -- --ignored --exact WORKING_DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}" ) + +add_custom_target(ech-test DEPENDS client) + +if(WIN32 AND DYN_LINK) + add_custom_command( + TARGET ech-test + PRE_BUILD + COMMAND + ${CMAKE_COMMAND} -E copy "${CMAKE_BINARY_DIR}/rust/bin/rustls.dll" + "${CMAKE_BINARY_DIR}\\tests\\$\\" + ) +endif() + +add_custom_command( + TARGET ech-test + POST_BUILD + COMMAND cargo run --manifest-path=../Cargo.toml --bin ech_fetch + COMMAND + ${CMAKE_COMMAND} -E env RUSTLS_PLATFORM_VERIFIER=1 ${CMAKE_COMMAND} -E + env ECH_CONFIG_LIST="research.cloudflare.com.ech.configs.bin" + $ cloudflare-ech.com 443 /cdn-cgi/trace + WORKING_DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}" +) From 186622ab15e1cdc6318f8bb194a56637651451c9 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Thu, 19 Dec 2024 16:29:59 -0500 Subject: [PATCH 9/9] ci: add ech-test coverage to main CI --- .github/workflows/test.yaml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 51292daf..c6e18644 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -127,7 +127,13 @@ jobs: if: runner.os == 'Linux' # For 'nm' run: | ! nm build/tests/client | grep '__asan_init' - ! nm build/tests/server | grep '__asan_init' + ! nm build/tests/server | grep '__asan_init' + + - name: Run ECH connect test + if: matrix.crypto == 'aws-lc-rs' # No HPKE in ring + run: | + cmake --build build --target ech-test > ech-test.log + grep 'sni=encrypted' ech-test.log # Our integration tests rely on a built-in provider being enabled. # Double-check the library/unit tests work without any providers to @@ -244,6 +250,12 @@ jobs: - name: Integration test run: cmake --build build --config "${{matrix.config}}" --target integration-test + - name: Run ECH connect test + if: matrix.crypto == 'aws-lc-rs' # No HPKE in ring + run: | + cmake --build build --target ech-test > ech-test.log + grep 'sni=encrypted' ech-test.log + ensure-header-updated: runs-on: ubuntu-latest defaults: