v/0.23.0

rustls/rustls

版本发布时间: 2024-02-29 23:14:47

rustls/rustls最新发布版本:v/0.23.15(2024-10-16 21:21:05)

Default cryptography provider changed to aws-lc-rs. Note that this has some implications on platform support and build-time tool requirements such as cmake on all platforms and nasm on Windows. Support for ring continues to be available: set the ring crate feature.
Support for FIPS validated mode with aws-lc-rs: see the manual section and aws-lc-rs's FIPS documentation. Note that aws-lc-rs in FIPS mode has further build-time requirements as detailed in the FIPS documentation. Thanks to the aws-lc-rs for their assistance on this.
Support for process-wide selection of CryptoProviders. See the documentation. Note that callers of ClientConfig::builder(), ServerConfig::builder(), WebPkiServerVerifier::builder() and WebPkiClientVerifier::builder() must now ensure that the crate's features are unambiguous or explicitly select a process-level provider using CryptoProvider::install_default(). Otherwise, these calls will panic with:

no process-level CryptoProvider available -- call CryptoProvider::install_default() before this point

We recommend that libraries rely on the process-level provider by default, and that applications use this new API to select the provider they wish to use.
New unbuffered API. UnbufferedClientConnection and UnbufferedServerConnection offer a low-level, event-driven API which does not internally buffer data. Thanks to the team from Ferrous Systems.
New no_std support. A new (enabled by default) std crate feature now gates all APIs that depend on std. The above unbuffered APIs must be used for no_std support. Note that alloc continues to be required. Work is ongoing to reintroduce certain APIs for no_std users (see #1688) -- please file issues for other no_std use cases. Thanks to the team from Ferrous Systems.
Performance improvement: internal copying while sending data is reduced. Thanks to the team from the Sōzu project.
Performance improvement: write_vectored now produces less on-the-wire overhead, which will dramatically improve throughput if it is used with a large number of small messages. Thanks to the team from the Sōzu project.
Acceptor API error handling improvement. If a TLS alert should be sent to inform the peer of a connection failure, this is now made available in the Err() variant returned from Acceptor::accept and Accepted::into_connection (which is also a breaking change). Applications should write this data to the peer. See the server_acceptor example.
Support for FFDHE key exchange: custom CryptoProviders can now support FFDHE key exchange, in accordance with RFC7919. Note that the default providers do not do this. Thanks to the team from Fortanix.
Support for servers requiring extended_master_secret support from clients. See ServerConfig::require_ems. Thanks to the team from Fortanix.
Extension ordering in ClientHello messages are now randomised as an anti-fingerprinting measure. We do not foresee any interoperability issues as Chrome has already rolled out the same change. Thanks to @GomesGoncalo.
Breaking change: CipherSuiteCommon::integrity_limit field removed (this was QUIC-specific, it has moved to quic::PacketKey::integrity_limit()).
Breaking change: crypto::cipher::BorrowedPlainMessage and crypto::cipher::OpaqueMessage have been renamed (to OutboundPlainMessage and OutboundOpaqueMessage) and altered to support performance improvements. See the example code.
Breaking change: all protocol enum types (eg. CipherSuite) have had their get_u8/get_u16 accessor removed; use u8::from() / u16::from() instead.

What's Changed

make the provider-example library no-std compatible (almost) by @japaric in https://github.com/rustls/rustls/pull/1636
doc: fix outdated documentation by @omegablitz in https://github.com/rustls/rustls/pull/1669
Minor tweaks to provider-example code by @djc in https://github.com/rustls/rustls/pull/1670
remove the TLS 1.2 session ticket on DecryptError by @Geal in https://github.com/rustls/rustls/pull/1668
[1/3] MessageDeframer: batch discard operations by @japaric in https://github.com/rustls/rustls/pull/1595
Cargo: version 0.22 -> 0.23-alpha.0 by @cpu in https://github.com/rustls/rustls/pull/1672
crypto: explain TLS 1.2 version in TLS 1.3 message encrypters by @cpu in https://github.com/rustls/rustls/pull/1671
Mark SupportedProtocolVersion as non-exhaustive by @pvdrz in https://github.com/rustls/rustls/pull/1673
quic: require that PacketKey and HeaderProtectionKey are Send + Sync by @djc in https://github.com/rustls/rustls/pull/1665
bench: remove redundant benchmark param by @aochagavia in https://github.com/rustls/rustls/pull/1675
Re-export the types crate contents by @djc in https://github.com/rustls/rustls/pull/1674
update examples to use pki_types re-export by @jsha in https://github.com/rustls/rustls/pull/1679
build(deps): bump actions/setup-go from 4 to 5 by @dependabot in https://github.com/rustls/rustls/pull/1681
Update semver-compatible dependencies by @djc in https://github.com/rustls/rustls/pull/1683
bench: remove unused function by @aochagavia in https://github.com/rustls/rustls/pull/1684
Add a roadmap by @ctz in https://github.com/rustls/rustls/pull/1676
build(deps): bump actions/upload-artifact from 3 to 4 by @dependabot in https://github.com/rustls/rustls/pull/1695
build(deps): bump the crates-io group with 1 update by @dependabot in https://github.com/rustls/rustls/pull/1694
bench: remove icount workflow from GitHub Actions by @aochagavia in https://github.com/rustls/rustls/pull/1696
bench: remove cachegrind diff post-processing by @aochagavia in https://github.com/rustls/rustls/pull/1697
examples: consistently document example program purpose by @cpu in https://github.com/rustls/rustls/pull/1693
[2/3] implement the caller-side managed buffers API (take 2) by @japaric in https://github.com/rustls/rustls/pull/1583
verify.rs: correct comment for verify_server_name by @ctz in https://github.com/rustls/rustls/pull/1698
ci-bench: explain motivation for wall-time measurements in readme by @aochagavia in https://github.com/rustls/rustls/pull/1700
Condense the fragment_slice return type by @pvdrz in https://github.com/rustls/rustls/pull/1701
Add BENCHMARKING.md by @aochagavia in https://github.com/rustls/rustls/pull/1699
move sendable_plaintext from CommonState to ConnectionCommon by @japaric in https://github.com/rustls/rustls/pull/1591
Clarify ClientHello legacy_record_version commentary by @ctz in https://github.com/rustls/rustls/pull/1705
Implement FromIterator for RootCertStore by @niklasf in https://github.com/rustls/rustls/pull/1708
Cargo: update semver compat deps by @cpu in https://github.com/rustls/rustls/pull/1714
Misc testing improvements by @ctz in https://github.com/rustls/rustls/pull/1717
examples: add very simple server, README by @cpu in https://github.com/rustls/rustls/pull/1715
docs: provide more pointers for examples by @cpu in https://github.com/rustls/rustls/pull/1716
Support P521-SHA512 signatures with aws-lc-rs by @ctz in https://github.com/rustls/rustls/pull/1706
examples: fix style w.r.t env var usage, const placement by @cpu in https://github.com/rustls/rustls/pull/1719
Update roadmap regarding rustls-platform-verifier and ECH support by @bdaehlie in https://github.com/rustls/rustls/pull/1721
macros: allow trailing enum_builder comma by @cpu in https://github.com/rustls/rustls/pull/1725
msgs/handshake.rs: remove get_ fn prefixes by @cpu in https://github.com/rustls/rustls/pull/1726
docs: provide more guidance for customizing private keys by @cpu in https://github.com/rustls/rustls/pull/1724
Don't add empty certificate_authorities extension by @ctz in https://github.com/rustls/rustls/pull/1729
examples: simpleserver: skip argv[0] & update doc comment by @bnjmnjrk in https://github.com/rustls/rustls/pull/1733
client_conn: style tweaks for member/impl ordering by @cpu in https://github.com/rustls/rustls/pull/1736
Small HPKE trait tweaks by @cpu in https://github.com/rustls/rustls/pull/1737
handshake: derive a few more traits by @cpu in https://github.com/rustls/rustls/pull/1738
make the decode / decrypt pipeline non-allocating (groundwork) by @japaric in https://github.com/rustls/rustls/pull/1597
hash_hs: support cloning (forking) HandshakeHash[Buffer] by @cpu in https://github.com/rustls/rustls/pull/1739
Update bogo version by @ctz in https://github.com/rustls/rustls/pull/1740
Randomize ClientHello extensions by @GomesGoncalo in https://github.com/rustls/rustls/pull/1730
Update hs.rs by @NRKirby in https://github.com/rustls/rustls/pull/1743
deps: update Cargo lock for semver compatible dependency updates by @cpu in https://github.com/rustls/rustls/pull/1747
docs: add more documentation on crypto providers by @cpu in https://github.com/rustls/rustls/pull/1742
examples: minor optimization for mio client NoCertificateVerification by @cpu in https://github.com/rustls/rustls/pull/1753
build(deps): bump h2 from 0.3.22 to 0.3.24 by @dependabot in https://github.com/rustls/rustls/pull/1755
Update semver-compatible dependencies by @djc in https://github.com/rustls/rustls/pull/1759
Update README.md - server auth by @elardus-erasmus in https://github.com/rustls/rustls/pull/1756
Add config option for requiring peer must support extended_master_secret extension in TLS 1.2 by @Taowyoo in https://github.com/rustls/rustls/pull/1754
Clarify MAX_PAYLOAD comment by @themighty1 in https://github.com/rustls/rustls/pull/1761
Remove work-around for loading SEC1-format ECDSA keys by @ctz in https://github.com/rustls/rustls/pull/1767
Depend on aws-lc-rs with default-features = false by @joshtriplett in https://github.com/rustls/rustls/pull/1768
Add 'fips' cargo feature to enable to the aws-lc-rs crypto provider with the AWS-LC FIPS implementations. by @skmcgrail in https://github.com/rustls/rustls/pull/1732
Fix cargo powerset build for ring w/o tls1.2 feature by @cpu in https://github.com/rustls/rustls/pull/1769
build(deps): bump codecov/codecov-action from 3 to 4 by @dependabot in https://github.com/rustls/rustls/pull/1770
Default to require_ems in FIPS mode by @ctz in https://github.com/rustls/rustls/pull/1772
github actions: standardise on ubuntu-latest by @ctz in https://github.com/rustls/rustls/pull/1773
Add support for FFDHE key exchange by @s-arash in https://github.com/rustls/rustls/pull/1702
Take curve25519-dalek 4.1.2 by @ctz in https://github.com/rustls/rustls/pull/1775
Add rustls-rustcrypto to the list of third-party providers by @stevefan1999-personal in https://github.com/rustls/rustls/pull/1763
Introduce concept of "process default" provider by @ctz in https://github.com/rustls/rustls/pull/1766
Improve testing when multiple built-in providers are enabled by @ctz in https://github.com/rustls/rustls/pull/1778
provide codecov token for coverage job by @ctz in https://github.com/rustls/rustls/pull/1781
Update dependencies by @djc in https://github.com/rustls/rustls/pull/1783
Change crate default features to use aws-lc-rs by @ctz in https://github.com/rustls/rustls/pull/1780
ci: add Windows aws-lc-rs build reqs to daily-tests by @cpu in https://github.com/rustls/rustls/pull/1786
Make peer-certificates lifetime explicit by @richardpringle in https://github.com/rustls/rustls/pull/1787
Update version of nightly for check-external-types by @ctz in https://github.com/rustls/rustls/pull/1791
examples: ignore interrupted syscalls for mio poll by @cpu in https://github.com/rustls/rustls/pull/1790
Limit fragmentation in write_vectored by @Keksoj in https://github.com/rustls/rustls/pull/1640
Improve provider and FIPS documentation by @ctz in https://github.com/rustls/rustls/pull/1789
Tidy away BorrowedPlainMessage by @ctz in https://github.com/rustls/rustls/pull/1794
Correct kx group selection by @ctz in https://github.com/rustls/rustls/pull/1784
Cargo: bump semver compat deps by @cpu in https://github.com/rustls/rustls/pull/1795
Use end_entity variable when verifying CertificateVerify by @thomwiggers in https://github.com/rustls/rustls/pull/1799
Take semver compatible updates by @ctz in https://github.com/rustls/rustls/pull/1800
ci: skip docs deploy for forks by @cpu in https://github.com/rustls/rustls/pull/1801
Avoid unnecessary allocation and copy in OpaqueMessage::encode by @Wonshtrum in https://github.com/rustls/rustls/pull/1774
Another docs pass after reviewing #1774 by @ctz in https://github.com/rustls/rustls/pull/1807
Tweaks to the enum macros by @djc in https://github.com/rustls/rustls/pull/1809
[3/3] no-std support phase I by @japaric in https://github.com/rustls/rustls/pull/1502
Message type tweaks by @djc in https://github.com/rustls/rustls/pull/1810
Fix a typo by @haroldbruintjes in https://github.com/rustls/rustls/pull/1812
server: allow acceptor to send alerts after error by @djc in https://github.com/rustls/rustls/pull/1811
Fix new nightly warnings by @ctz in https://github.com/rustls/rustls/pull/1813
Next steps for Quinn support (cont'd) by @cpu in https://github.com/rustls/rustls/pull/1798
Prepare 0.23 roadmap entries by @ctz in https://github.com/rustls/rustls/pull/1802
Cargo.toml: disentangle std/aws_lc_rs features by @ctz in https://github.com/rustls/rustls/pull/1818
refactor: avoid pretty printing used in logging beyond debug level by @Taowyoo in https://github.com/rustls/rustls/pull/1820
Reword no process-level CryptoProvider panic by @ctz in https://github.com/rustls/rustls/pull/1822
Prepare 0.23.0 by @ctz in https://github.com/rustls/rustls/pull/1817

New Contributors

@omegablitz made their first contribution in https://github.com/rustls/rustls/pull/1669
@Geal made their first contribution in https://github.com/rustls/rustls/pull/1668
@pvdrz made their first contribution in https://github.com/rustls/rustls/pull/1673
@bnjmnjrk made their first contribution in https://github.com/rustls/rustls/pull/1733
@GomesGoncalo made their first contribution in https://github.com/rustls/rustls/pull/1730
@NRKirby made their first contribution in https://github.com/rustls/rustls/pull/1743
@elardus-erasmus made their first contribution in https://github.com/rustls/rustls/pull/1756
@themighty1 made their first contribution in https://github.com/rustls/rustls/pull/1761
@joshtriplett made their first contribution in https://github.com/rustls/rustls/pull/1768
@skmcgrail made their first contribution in https://github.com/rustls/rustls/pull/1732
@s-arash made their first contribution in https://github.com/rustls/rustls/pull/1702
@richardpringle made their first contribution in https://github.com/rustls/rustls/pull/1787
@Keksoj made their first contribution in https://github.com/rustls/rustls/pull/1640
@Wonshtrum made their first contribution in https://github.com/rustls/rustls/pull/1774
@haroldbruintjes made their first contribution in https://github.com/rustls/rustls/pull/1812

Full Changelog: https://github.com/rustls/rustls/compare/v/0.22.2...v/0.23.0

相关地址：原始地址下载(tar) 下载(zip)

查看：2024-02-29发行的版本