Brian Smith

icon indicating a website link https://briansmith.org/ icon indicating an email [email protected]

Results 1127 comments of Brian Smith

Lock down GitHub Actions Security

Note that many of the dependencies of Rustls and Rustls-based crates are managed by @ctz in separate repos from this one, e.g. https://github.com/ctz/rustls-native-certs, https://github.com/ctz/webpki-roots, etc. I intend to implement GitHub's...

Revert "optimize constant_time_conditional_memxor for gcc".

> * [google/boringssl@63c8e81](https://github.com/google/boringssl/commit/63c8e81) I think that one isn't relevant to this, right? > * [google/boringssl@2d3fbe0](https://github.com/google/boringssl/commit/2d3fbe0) That is addressing a different issue in the same function; see PR #2734.

Make QUIC key naming more consistent / easier to understand

I see we have `KeyChange::OneRtt` and I see that RFC 9000 does frequently use "0-RTT" and "1-RTT" to talk about the different packets. Maybe it makes sense to have `ZeroRtt`...

Make QUIC key naming more consistent / easier to understand

> * `DirectionalKeys` includes keys in one direction only. 0-RTT keys is directional because we only need client-to-server keys. `Keys` contains two `DirectionalKeys`, for outgoing and incoming packets. It seems...

Enforce clippy lint for canonical struct field initialization order

> Is [inconsistent_struct_constructor](https://rust-lang.github.io/rust-clippy/master/index.html#inconsistent_struct_constructor) the lint you're looking for? That's definitely the idea. I wonder if there's another one that enforces the consistent ordering for the other cases or all cases...

AES in CTR mode?

What construct are you trying to implement on top of AES-CTR? If it's AES-CTR-HMAC-SHA-{256, 384, 512}, we can definitely explore adding that construct to *ring*. If it's a (userspace) AES-CTR...

AES in CTR mode?

> Out of curiosity, why not expose AES-CTR directly? *ring* tries to expose crypto at a level of abstraction that is (far) higher than cipher modes, in an attempt to...

AES in CTR mode?

OK, I'm going to close this, but not because I don't want to help you. Rather, this is just outside the scope of what we're trying to do in *ring*....

AES in CTR mode?

> similar to libsodium. *ring* will probably be even more high-level than libsodium, according to the current plans. That's why I redirect feature requests to be for higher-level things, not...

AES in CTR mode?

In general, I am very open to adding functionality that people need into *ring*. But at least for now, I encourage one way and discourage the other way. Here's the...