When `out` is the same length as the digest output an extra iteration
of HMAC was executed and then thrown away. Avoid that extra iteration.
Note that an extra iteration is still done in the degenerate case where
`out` is empty, because it's better to optimize for the case where `out`
isn't empty.
The output is exactly the same as before.
Embed test data files into test executables so that file I/O isn't
necessary during tests. This allows the tests to run on platforms that
don't have file I/O. It also makes it easier to run the tests on a
separate (virtual) machine from the build machine since the test
automation no longer needs to keep track of the test files.
This requires the addition of a constructor for aead::nonce::Iv from
an aead::block::Block.
I agree to license my contributions to each file under the terms given
at the top of each file I changed.
This adds a new API to the AEAD module for generating QUIC Header Protection
masks, as described in draft-ietf-quic-tls-17.
Only AES support is currently implemented, but ChaCha20 can be added later.
I agree to license my contributions to each file under the terms given
at the top of each file I changed.
Switch to Rust 2018 Edition. Fix up some build breakage for different
configurations that were found in the process of testing this,
particularly `--no-default-features`.
Previously, one could construct an RSA key pair "successfully" even if
the bit length of the private moduli was not evenly divisible by 512.
However, using such a key to sign something would (usually) fail on
x86-64 because the x86-64 signing code requires the modulus to be an
even multiple of 8 limbs.
Now, all keys that have private primes with lengths that aren't
multiples of 512 bits will be rejected at key construction time with
error "PrivateModulusLenNotMultipleOf512Bits".
I want to explore some new RSA functionality that might make `Clone`
difficult to implement, so I'm going to revert this change before
people start depending on it.
