Just for RSA. Do encrypt and decrypt. Include a bold comment that this should not be used for bulk encryption.

It should be the current best practice (fetch), have proper error handling and resource allocation/deallocation and be in the style of a known answer test.

Context and Description

The READMEs and any example code in all projects should be updated to reflect the move from the IBM-Swift organization to the Kitura organization.

If anyone wants to take on all or part of this, please comment here so other's know what you're working on and submit PR's. :-)

Thanks!

There's little information about what keys and values are in the output, what it means and how they are related to the screen output. In general that needs to be added. (special topics see #1675, #1674)

Problem:

A common pattern is:

GUARD(s2n_stuffer_skip_write(stuffer, bytes_to_write));
uint8_t* ptr = suffer->blob.data + stuffer->write_cursor - bytes_to_write;

which could be simplified.

Solution:

*ptr could be an *out parameter to s2n_stuffer_skip_write

• Does this change what S2N sends over the wire? No.
• Does this change any public APIs? No.

Expose high level metrics for Prometheus to scrape & generate potential alerts.

Expected Behavior

Host a /metrics endpoint on its own port (not the same one as the /oauth2/* default proxy). This will allow easier configurations so the metrics aren't exposed publicly.

Not sure what good metrics would be to collect -- other reverse proxies would be good to look at for motivation.

The header file include/mbedtls/compat-1.3.h was meant to somewhat ease the transition from PolarSSL/Mbed TLS 1.3 to Mbed TLS 2.0 (especially as 100% of the public symbols were renamed to include an mbedtls_ prefix).

It no longer makes sense to have it around in Mbed TLS 3.0.