mirror of https://github.com/ctz/rustls
Remove time crate dependency
This commit is contained in:
parent
8d187e4fe6
commit
996b680ec4
|
@ -11,7 +11,6 @@ categories = ["network-programming", "cryptography"]
|
|||
|
||||
[dependencies]
|
||||
untrusted = "0.5.1"
|
||||
time = "0.1.37"
|
||||
base64 = "0.6"
|
||||
log = { version = "0.3.6", optional = true }
|
||||
ring = { version = "0.12", features = ["rsa_signing"] }
|
||||
|
|
|
@ -27,7 +27,7 @@ use suites;
|
|||
use hash_hs;
|
||||
use verify;
|
||||
use rand;
|
||||
use time;
|
||||
use ticketer;
|
||||
use error::TLSError;
|
||||
use handshake::{check_message, check_handshake_message};
|
||||
|
||||
|
@ -77,10 +77,6 @@ fn illegal_param(sess: &mut ClientSessionImpl, why: &str) -> TLSError {
|
|||
TLSError::PeerMisbehavedError(why.to_string())
|
||||
}
|
||||
|
||||
fn ticket_timebase() -> u64 {
|
||||
time::get_time().sec as u64
|
||||
}
|
||||
|
||||
fn check_aligned_handshake(sess: &mut ClientSessionImpl) -> Result<(), TLSError> {
|
||||
if !sess.common.handshake_joiner.is_empty() {
|
||||
Err(illegal_param(sess, "keys changed with pending hs fragment"))
|
||||
|
@ -102,7 +98,7 @@ fn find_session(sess: &mut ClientSessionImpl, dns_name: &str) -> Option<persist:
|
|||
|
||||
let value = maybe_value.unwrap();
|
||||
if let Some(result) = persist::ClientSessionValue::read_bytes(&value) {
|
||||
if result.has_expired(ticket_timebase()) {
|
||||
if result.has_expired(ticketer::timebase()) {
|
||||
None
|
||||
} else {
|
||||
Some(result)
|
||||
|
@ -308,7 +304,7 @@ fn emit_client_hello_for_retry(sess: &mut ClientSessionImpl,
|
|||
let resuming = handshake.resuming_session
|
||||
.as_ref()
|
||||
.unwrap();
|
||||
(resuming.get_obfuscated_ticket_age(ticket_timebase()), resuming.cipher_suite)
|
||||
(resuming.get_obfuscated_ticket_age(ticketer::timebase()), resuming.cipher_suite)
|
||||
};
|
||||
|
||||
let binder_len = sess.find_cipher_suite(suite).unwrap().get_hash().output_len;
|
||||
|
@ -1710,7 +1706,7 @@ fn save_session(handshake: &mut HandshakeDetails,
|
|||
&handshake.session_id,
|
||||
ticket,
|
||||
master_secret);
|
||||
value.set_times(ticket_timebase(),
|
||||
value.set_times(ticketer::timebase(),
|
||||
recvd_ticket.new_ticket_lifetime,
|
||||
0);
|
||||
if handshake.using_ems {
|
||||
|
@ -1997,7 +1993,7 @@ impl ExpectTLS13Traffic {
|
|||
&SessionID::empty(),
|
||||
nst.ticket.0.clone(),
|
||||
secret);
|
||||
value.set_times(ticket_timebase(),
|
||||
value.set_times(ticketer::timebase(),
|
||||
nst.lifetime,
|
||||
nst.age_add);
|
||||
|
||||
|
|
|
@ -194,9 +194,6 @@ extern crate webpki;
|
|||
// *ring* for cryptography.
|
||||
extern crate ring;
|
||||
|
||||
// TODO: Remove this dependency.
|
||||
extern crate time;
|
||||
|
||||
// untrusted for feeding ring and webpki.
|
||||
extern crate untrusted;
|
||||
|
||||
|
|
|
@ -2,11 +2,20 @@
|
|||
use server::ProducesTickets;
|
||||
use rand;
|
||||
|
||||
use time;
|
||||
use std::mem;
|
||||
use std::sync::{Mutex, Arc};
|
||||
use std::time;
|
||||
use ring::aead;
|
||||
|
||||
/// The timebase for expiring and rolling tickets and ticketing
|
||||
/// keys. This is UNIX wall time in seconds.
|
||||
pub fn timebase() -> u64 {
|
||||
time::SystemTime::now()
|
||||
.duration_since(time::UNIX_EPOCH)
|
||||
.unwrap()
|
||||
.as_secs()
|
||||
}
|
||||
|
||||
/// This is a `ProducesTickets` implementation which uses
|
||||
/// any *ring* `aead::Algorithm` to encrypt and authentication
|
||||
/// the ticket payload. It does not enforce any lifetime
|
||||
|
@ -96,7 +105,7 @@ impl ProducesTickets for AEADTicketer {
|
|||
struct TicketSwitcherState {
|
||||
current: Box<ProducesTickets>,
|
||||
previous: Option<Box<ProducesTickets>>,
|
||||
next_switch_time: i64,
|
||||
next_switch_time: u64,
|
||||
}
|
||||
|
||||
/// A ticketer that has a 'current' sub-ticketer and a single
|
||||
|
@ -122,7 +131,7 @@ impl TicketSwitcher {
|
|||
state: Mutex::new(TicketSwitcherState {
|
||||
current: generator(),
|
||||
previous: None,
|
||||
next_switch_time: time::get_time().sec + lifetime as i64,
|
||||
next_switch_time: timebase() + lifetime as u64,
|
||||
}),
|
||||
}
|
||||
}
|
||||
|
@ -135,11 +144,11 @@ impl TicketSwitcher {
|
|||
/// key erasure will be delayed until the next encrypt/decrypt call.
|
||||
pub fn maybe_roll(&self) {
|
||||
let mut state = self.state.lock().unwrap();
|
||||
let now = time::get_time().sec;
|
||||
let now = timebase();
|
||||
|
||||
if now > state.next_switch_time {
|
||||
state.previous = Some(mem::replace(&mut state.current, (self.generator)()));
|
||||
state.next_switch_time = now + self.lifetime as i64;
|
||||
state.next_switch_time = now + self.lifetime as u64;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
use webpki;
|
||||
use time;
|
||||
use untrusted;
|
||||
use sct;
|
||||
use std;
|
||||
|
@ -267,11 +266,20 @@ pub fn verify_tls13(cert: &Certificate,
|
|||
.map(|_| HandshakeSignatureValid::assertion())
|
||||
}
|
||||
|
||||
fn unix_time_millis() -> Result<u64, TLSError> {
|
||||
std::time::SystemTime::now()
|
||||
.duration_since(std::time::UNIX_EPOCH)
|
||||
.map(|dur| dur.as_secs())
|
||||
.map_err(|_| TLSError::FailedToGetCurrentTime)
|
||||
.and_then(|secs| secs.checked_mul(1000)
|
||||
.ok_or(TLSError::FailedToGetCurrentTime))
|
||||
}
|
||||
|
||||
pub fn verify_scts(cert: &Certificate,
|
||||
scts: &SCTList,
|
||||
logs: &[&sct::Log]) -> Result<(), TLSError> {
|
||||
let mut valid_scts = 0;
|
||||
let now = (time::get_time().sec * 1000) as u64;
|
||||
let now = unix_time_millis()?;
|
||||
let mut last_sct_error = None;
|
||||
|
||||
for sct in scts {
|
||||
|
|
Loading…
Reference in New Issue