Fix CI failures: formatting, line width, feature gates, and dead code

- Run cargo fmt to fix long lines in PSK tests and other files
- Shorten 114-char comment lines in validation/mod.rs to fit 110-char limit
- Add #[cfg(feature = "rcgen")] to context tests using generate_self_signed_certificate
- Remove duplicate DrainedOutputs/drain_outputs/deliver_packets from edge.rs (use common module)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: jaredwolff

src/config.rs

@@ -56,7 +56,10 @@ impl fmt::Debug for Config {
             .field("mtu", &self.mtu)
             .field("max_queue_rx", &self.max_queue_rx)
             .field("max_queue_tx", &self.max_queue_tx)
-            .field("require_client_certificate", &self.require_client_certificate)
+            .field(
+                "require_client_certificate",
+                &self.require_client_certificate,
+            )
             .field("use_server_cookie", &self.use_server_cookie)
             .field("flight_start_rto", &self.flight_start_rto)
             .field("flight_retries", &self.flight_retries)
@@ -292,7 +295,10 @@ impl fmt::Debug for ConfigBuilder {
             .field("mtu", &self.mtu)
             .field("max_queue_rx", &self.max_queue_rx)
             .field("max_queue_tx", &self.max_queue_tx)
-            .field("require_client_certificate", &self.require_client_certificate)
+            .field(
+                "require_client_certificate",
+                &self.require_client_certificate,
+            )
             .field("use_server_cookie", &self.use_server_cookie)
             .field("flight_start_rto", &self.flight_start_rto)
             .field("flight_retries", &self.flight_retries)

src/crypto/aws_lc_rs/cipher_suite.rs

@@ -258,7 +258,9 @@ impl SupportedDtls12CipherSuite for PskAes128Ccm8 {
     }
 
     fn create_cipher(&self, key: &[u8]) -> Result<Box<dyn Cipher>, String> {
-        Ok(Box::new(crate::crypto::ccm_cipher::AesCcm8Cipher::new(key)?))
+        Ok(Box::new(crate::crypto::ccm_cipher::AesCcm8Cipher::new(
+            key,
+        )?))
     }
 }
 

src/crypto/rust_crypto/cipher_suite.rs

@@ -308,7 +308,9 @@ impl SupportedDtls12CipherSuite for PskAes128Ccm8 {
     }
 
     fn create_cipher(&self, key: &[u8]) -> Result<Box<dyn Cipher>, String> {
-        Ok(Box::new(crate::crypto::ccm_cipher::AesCcm8Cipher::new(key)?))
+        Ok(Box::new(crate::crypto::ccm_cipher::AesCcm8Cipher::new(
+            key,
+        )?))
     }
 }
 

src/crypto/validation/mod.rs

@@ -696,7 +696,9 @@ mod tests_aws_lc_rs {
     fn test_default_provider_has_cipher_suites() {
         let provider = aws_lc_rs::default_provider();
         let count = provider.supported_cipher_suites().count();
-        assert_eq!(count, 7); // ECDHE: AES-128, AES-256, ChaCha20; PSK: CCM-8, AES-128-GCM, AES-256-GCM, ChaCha20
+        // ECDHE: AES-128, AES-256, ChaCha20
+        // PSK: CCM-8, AES-128-GCM, AES-256-GCM, ChaCha20
+        assert_eq!(count, 7);
     }
 
     #[test]
@@ -744,7 +746,9 @@ mod tests_rust_crypto {
     fn test_default_provider_has_cipher_suites() {
         let provider = rust_crypto::default_provider();
         let count = provider.supported_cipher_suites().count();
-        assert_eq!(count, 7); // ECDHE: AES-128, AES-256, ChaCha20; PSK: CCM-8, AES-128-GCM, AES-256-GCM, ChaCha20
+        // ECDHE: AES-128, AES-256, ChaCha20
+        // PSK: CCM-8, AES-128-GCM, AES-256-GCM, ChaCha20
+        assert_eq!(count, 7);
     }
 
     #[test]

src/dtls12/client.rs

@@ -714,9 +714,7 @@ impl State {
         };
 
         let hint_range = match &ske.params {
-            crate::dtls12::message::ServerKeyExchangeParams::Psk(psk) => {
-                psk.hint_range.clone()
-            }
+            crate::dtls12::message::ServerKeyExchangeParams::Psk(psk) => psk.hint_range.clone(),
             _ => {
                 return Err(Error::UnexpectedMessage(
                     "ECDHE ServerKeyExchange in PSK path".to_string(),
@@ -1238,9 +1236,7 @@ fn handshake_create_client_key_exchange(body: &mut Buf, engine: &mut Engine) ->
                 .psk_resolver()
                 .ok_or_else(|| Error::SecurityError("No PSK resolver configured".to_string()))?
                 .resolve(&identity)
-                .ok_or_else(|| {
-                    Error::SecurityError("PSK resolver returned no key".to_string())
-                })?;
+                .ok_or_else(|| Error::SecurityError("PSK resolver returned no key".to_string()))?;
 
             // Set the PSK and compute pre-master secret
             let crypto = engine.crypto_context_mut();

src/dtls12/context.rs

@@ -621,6 +621,7 @@ mod tests {
     use crate::Config;
 
     #[test]
+    #[cfg(feature = "rcgen")]
     fn certificate_mode_rejects_psk_suites() {
         let cert = crate::certificate::generate_self_signed_certificate().expect("generate cert");
         let config = Arc::new(Config::default());
@@ -638,6 +639,7 @@ mod tests {
     }
 
     #[test]
+    #[cfg(feature = "rcgen")]
     fn certificate_mode_accepts_ecdhe_suites() {
         let cert = crate::certificate::generate_self_signed_certificate().expect("generate cert");
         let config = Arc::new(Config::default());

src/dtls12/message/client_key_exchange.rs

@@ -115,12 +115,16 @@ impl ClientPskKeys {
         let (input, identity_len) = nom::number::complete::be_u16(input)?;
         let (input, identity_slice) = take(identity_len as usize)(input)?;
 
-        let relative_offset =
-            identity_slice.as_ptr() as usize - original_input.as_ptr() as usize;
+        let relative_offset = identity_slice.as_ptr() as usize - original_input.as_ptr() as usize;
         let start = base_offset + relative_offset;
         let end = start + identity_slice.len();
 
-        Ok((input, ClientPskKeys { identity_range: start..end }))
+        Ok((
+            input,
+            ClientPskKeys {
+                identity_range: start..end,
+            },
+        ))
     }
 
     pub fn serialize(&self, buf: &[u8], output: &mut Buf) {

src/dtls12/message/server_key_exchange.rs

@@ -43,9 +43,7 @@ impl ServerKeyExchange {
             ServerKeyExchangeParams::Ecdh(ecdh_params) => {
                 ecdh_params.serialize(buf, output, with_signature)
             }
-            ServerKeyExchangeParams::Psk(psk_params) => {
-                psk_params.serialize(buf, output)
-            }
+            ServerKeyExchangeParams::Psk(psk_params) => psk_params.serialize(buf, output),
         }
     }
 
@@ -140,12 +138,16 @@ impl PskParams {
         let (input, hint_len) = nom::number::complete::be_u16(input)?;
         let (input, hint_slice) = take(hint_len as usize)(input)?;
 
-        let relative_offset =
-            hint_slice.as_ptr() as usize - original_input.as_ptr() as usize;
+        let relative_offset = hint_slice.as_ptr() as usize - original_input.as_ptr() as usize;
         let start = base_offset + relative_offset;
         let end = start + hint_slice.len();
 
-        Ok((input, PskParams { hint_range: start..end }))
+        Ok((
+            input,
+            PskParams {
+                hint_range: start..end,
+            },
+        ))
     }
 
     pub fn serialize(&self, buf: &[u8], output: &mut Buf) {

src/dtls12/server.rs

@@ -26,7 +26,9 @@ use crate::dtls12::client::LocalEvent;
 use crate::dtls12::engine::Engine;
 use crate::dtls12::message::{Body, CertificateRequest, CertificateTypeVec, Dtls12CipherSuite};
 use crate::dtls12::message::{ClientCertificateType, CompressionMethod, ContentType};
-use crate::dtls12::message::{Cookie, CurveType, DistinguishedName, ExchangeKeys, ExtensionType, PskParams};
+use crate::dtls12::message::{
+    Cookie, CurveType, DistinguishedName, ExchangeKeys, ExtensionType, PskParams,
+};
 use crate::dtls12::message::{HashAlgorithm, HelloVerifyRequest, KeyExchangeAlgorithm};
 use crate::dtls12::message::{MessageType, NamedGroup, NamedGroupVec, ProtocolVersion, Random};
 use crate::dtls12::message::{ServerHello, SessionId, SignatureAlgorithm};
@@ -522,7 +524,11 @@ impl State {
         // unwrap: ServerKeyExchange signature only needed for certificate-based suites
         let selected_signature = select_ske_signature_algorithm(
             server.client_signature_algorithms.as_ref(),
-            server.engine.crypto_context().signature_algorithm().unwrap(),
+            server
+                .engine
+                .crypto_context()
+                .signature_algorithm()
+                .unwrap(),
         );
 
         debug!(

tests/dtls12/edge.rs

@@ -3,46 +3,10 @@
 use std::sync::Arc;
 use std::time::{Duration, Instant};
 
-use dimpl::{Dtls, Output};
+use dimpl::Dtls;
 
 use crate::common::*;
 
-/// Collected outputs from polling a DTLS 1.2 endpoint to `Timeout`.
-#[derive(Default, Debug)]
-struct DrainedOutputs {
-    packets: Vec<Vec<u8>>,
-    connected: bool,
-    app_data: Vec<Vec<u8>>,
-    timeout: Option<Instant>,
-}
-
-/// Poll until `Timeout`, collecting everything.
-fn drain_outputs(endpoint: &mut Dtls) -> DrainedOutputs {
-    let mut result = DrainedOutputs::default();
-    let mut buf = vec![0u8; 2048];
-    loop {
-        match endpoint.poll_output(&mut buf) {
-            Output::Packet(p) => result.packets.push(p.to_vec()),
-            Output::Connected => result.connected = true,
-            Output::ApplicationData(data) => result.app_data.push(data.to_vec()),
-            Output::Timeout(t) => {
-                result.timeout = Some(t);
-                break;
-            }
-            _ => {}
-        }
-    }
-    result
-}
-
-/// Deliver a slice of packets to a destination endpoint.
-fn deliver_packets(packets: &[Vec<u8>], dest: &mut Dtls) {
-    for p in packets {
-        // Ignore errors - they may be expected for duplicates/replays
-        let _ = dest.handle_packet(p);
-    }
-}
-
 /// Complete a full DTLS 1.2 handshake between client and server.
 ///
 /// Returns the final `Instant` (time advanced during the handshake).