rust/rustls
rust
/
rustls
mirror of https://github.com/ctz/rustls
1
0
Fork 0
Code Issues Releases Wiki Activity

add a Borrowed variant to Payload 

Co-authored-by: Jorge Aparicio <jorge.aparicio@ferrous-systems.com>
This commit is contained in:
Christian Poveda 2023-12-08 14:24:15 -05:00 committed by Daniel McCarney
parent d2b95ae772
commit d8abdb3e0a
16 changed files with 112 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
fuzz/fuzzers/fragment.rs
View File

@ -27,7 +27,7 @@ fuzz_target!(|data: &[u8]| {
Message::try_from(PlainMessage { Message::try_from(PlainMessage {
typ: msg.typ, typ: msg.typ,
version: msg.version, version: msg.version,
payload: Payload(msg.payload.to_vec()), payload: Payload::Owned(msg.payload.to_vec()),
}) })
.ok(); .ok();
} }

18
rustls/src/client/tls12.rs
View File

@ -1009,15 +1009,15 @@ impl State<ClientConnectionData> for ExpectFinished {
// Constant-time verification of this is relatively unimportant: they only // Constant-time verification of this is relatively unimportant: they only
// get one chance. But it can't hurt. // get one chance. But it can't hurt.
let _fin_verified = match ConstantTimeEq::ct_eq(&expect_verify_data[..], &finished.0).into() let _fin_verified =
{ match ConstantTimeEq::ct_eq(&expect_verify_data[..], finished.bytes()).into() {
true => verify::FinishedMessageVerified::assertion(), true => verify::FinishedMessageVerified::assertion(),
false => { false => {
return Err(cx return Err(cx
.common .common
.send_fatal_alert(AlertDescription::DecryptError, Error::DecryptError)); .send_fatal_alert(AlertDescription::DecryptError, Error::DecryptError));
} }
}; };
// Hash this message too. // Hash this message too.
st.transcript.add_message(&m); st.transcript.add_message(&m);

3
rustls/src/client/tls13.rs
View File

@ -827,7 +827,8 @@ impl State<ClientConnectionData> for ExpectFinished {
.key_schedule .key_schedule
.sign_server_finish(&handshake_hash); .sign_server_finish(&handshake_hash);
let fin = match ConstantTimeEq::ct_eq(expect_verify_data.as_ref(), &finished.0).into() { let fin = match ConstantTimeEq::ct_eq(expect_verify_data.as_ref(), finished.bytes()).into()
{
true => verify::FinishedMessageVerified::assertion(), true => verify::FinishedMessageVerified::assertion(),
false => { false => {
return Err(cx return Err(cx

3
rustls/src/common_state.rs
View File

@ -428,7 +428,8 @@ impl CommonState {
} }
pub(crate) fn take_received_plaintext(&mut self, bytes: Payload) { pub(crate) fn take_received_plaintext(&mut self, bytes: Payload) {
self.received_plaintext.append(bytes.0); self.received_plaintext
.append(bytes.into_vec());
} }
#[cfg(feature = "tls12")] #[cfg(feature = "tls12")]

2
rustls/src/conn.rs
View File

@ -340,7 +340,7 @@ fn is_valid_ccs(msg: &PlainMessage) -> bool {
// We passthrough ChangeCipherSpec messages in the deframer without decrypting them. // We passthrough ChangeCipherSpec messages in the deframer without decrypting them.
// Note: this is prior to the record layer, so is unencrypted. See // Note: this is prior to the record layer, so is unencrypted. See
// third paragraph of section 5 in RFC8446. // third paragraph of section 5 in RFC8446.
msg.typ == ContentType::ChangeCipherSpec && msg.payload.0 == [0x01] msg.typ == ContentType::ChangeCipherSpec && msg.payload.bytes() == [0x01]
} }
/// Interface shared by client and server connections. /// Interface shared by client and server connections.

4
rustls/src/hash_hs.rs
View File

@ -36,7 +36,7 @@ impl HandshakeHashBuffer {
pub(crate) fn add_message(&mut self, m: &Message) { pub(crate) fn add_message(&mut self, m: &Message) {
if let MessagePayload::Handshake { encoded, .. } = &m.payload { if let MessagePayload::Handshake { encoded, .. } = &m.payload {
self.buffer self.buffer
.extend_from_slice(&encoded.0); .extend_from_slice(encoded.bytes());
} }
} }
@ -98,7 +98,7 @@ impl HandshakeHash {
/// Hash/buffer a handshake message. /// Hash/buffer a handshake message.
pub(crate) fn add_message(&mut self, m: &Message) -> &mut Self { pub(crate) fn add_message(&mut self, m: &Message) -> &mut Self {
if let MessagePayload::Handshake { encoded, .. } = &m.payload { if let MessagePayload::Handshake { encoded, .. } = &m.payload {
self.update_raw(&encoded.0); self.update_raw(encoded.bytes());
} }
self self
} }

38
rustls/src/msgs/base.rs
View File

@ -13,29 +13,47 @@ use super::codec::ReaderMut;
/// An externally length'd payload /// An externally length'd payload
#[derive(Clone, Eq, PartialEq)] #[derive(Clone, Eq, PartialEq)]
pub struct Payload(pub Vec<u8>); pub enum Payload<'a> {
Borrowed(&'a [u8]),
Owned(Vec<u8>),
}
impl Codec<'_> for Payload { impl<'a> Codec<'a> for Payload<'static> {
fn encode(&self, bytes: &mut Vec<u8>) { fn encode(&self, bytes: &mut Vec<u8>) {
bytes.extend_from_slice(&self.0); bytes.extend_from_slice(self.bytes());
} }
fn read(r: &mut Reader) -> Result<Self, InvalidMessage> { fn read(r: &mut Reader<'a>) -> Result<Self, InvalidMessage> {
Ok(Self::read(r)) Ok(Self::read(r))
} }
} }
impl Payload { impl<'a> Payload<'a> {
pub fn bytes(&self) -> &[u8] {
match self {
Self::Borrowed(bytes) => bytes,
Self::Owned(bytes) => bytes,
}
}
pub fn into_vec(self) -> Vec<u8> {
match self {
Self::Borrowed(bytes) => bytes.to_vec(),
Self::Owned(bytes) => bytes,
}
}
}
impl Payload<'static> {
pub fn new(bytes: impl Into<Vec<u8>>) -> Self { pub fn new(bytes: impl Into<Vec<u8>>) -> Self {
Self(bytes.into()) Self::Owned(bytes.into())
} }
pub fn empty() -> Self { pub fn empty() -> Self {
Self::new(Vec::new()) Self::Borrowed(&[])
} }
pub fn read(r: &mut Reader) -> Self { pub fn read(r: &mut Reader) -> Self {
Self(r.rest().to_vec()) Self::Owned(r.rest().to_vec())
} }
} }
@ -106,9 +124,9 @@ impl<'a> Codec<'_> for CertificateDer<'a> {
} }
} }
impl fmt::Debug for Payload { impl fmt::Debug for Payload<'_> {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
hex(f, &self.0) hex(f, self.bytes())
} }
} }

2
rustls/src/msgs/deframer.rs
View File

@ -865,7 +865,7 @@ mod tests {
let mut rl = RecordLayer::new(); let mut rl = RecordLayer::new();
let m = d.pop_message(&mut rl, None); let m = d.pop_message(&mut rl, None);
assert_eq!(m.typ, ContentType::ApplicationData); assert_eq!(m.typ, ContentType::ApplicationData);
assert_eq!(m.payload.0.len(), 0); assert_eq!(m.payload.bytes().len(), 0);
assert!(!d.has_pending()); assert!(!d.has_pending());
assert!(d.last_error.is_none()); assert!(d.last_error.is_none());
} }

2
rustls/src/msgs/fragmenter.rs
View File

@ -27,7 +27,7 @@ impl MessageFragmenter {
&self, &self,
msg: &'a PlainMessage, msg: &'a PlainMessage,
) -> impl Iterator<Item = BorrowedPlainMessage<'a>> + 'a { ) -> impl Iterator<Item = BorrowedPlainMessage<'a>> + 'a {
self.fragment_slice(msg.typ, msg.version, &msg.payload.0) self.fragment_slice(msg.typ, msg.version, msg.payload.bytes())
} }
/// Enqueue borrowed fragments of (version, typ, payload) which /// Enqueue borrowed fragments of (version, typ, payload) which

20
rustls/src/msgs/handshake.rs
View File

@ -185,7 +185,7 @@ impl SessionId {
#[derive(Clone, Debug, PartialEq)] #[derive(Clone, Debug, PartialEq)]
pub struct UnknownExtension { pub struct UnknownExtension {
pub(crate) typ: ExtensionType, pub(crate) typ: ExtensionType,
pub(crate) payload: Payload, pub(crate) payload: Payload<'static>,
} }
impl UnknownExtension { impl UnknownExtension {
@ -214,7 +214,7 @@ impl TlsListElement for SignatureScheme {
#[derive(Clone, Debug)] #[derive(Clone, Debug)]
pub(crate) enum ServerNamePayload { pub(crate) enum ServerNamePayload {
HostName(DnsName<'static>), HostName(DnsName<'static>),
Unknown(Payload), Unknown(Payload<'static>),
} }
impl ServerNamePayload { impl ServerNamePayload {
@ -483,7 +483,7 @@ impl Codec<'_> for OcspCertificateStatusRequest {
#[derive(Clone, Debug)] #[derive(Clone, Debug)]
pub enum CertificateStatusRequest { pub enum CertificateStatusRequest {
Ocsp(OcspCertificateStatusRequest), Ocsp(OcspCertificateStatusRequest),
Unknown((CertificateStatusType, Payload)), Unknown((CertificateStatusType, Payload<'static>)),
} }
impl Codec<'_> for CertificateStatusRequest { impl Codec<'_> for CertificateStatusRequest {
@ -684,7 +684,7 @@ impl ClientExtension {
#[derive(Clone, Debug)] #[derive(Clone, Debug)]
pub enum ClientSessionTicket { pub enum ClientSessionTicket {
Request, Request,
Offer(Payload), Offer(Payload<'static>),
} }
#[derive(Clone, Debug)] #[derive(Clone, Debug)]
@ -1588,7 +1588,7 @@ impl Codec<'_> for EcdheServerKeyExchange {
#[derive(Debug)] #[derive(Debug)]
pub enum ServerKeyExchangePayload { pub enum ServerKeyExchangePayload {
Ecdhe(EcdheServerKeyExchange), Ecdhe(EcdheServerKeyExchange),
Unknown(Payload), Unknown(Payload<'static>),
} }
impl Codec<'_> for ServerKeyExchangePayload { impl Codec<'_> for ServerKeyExchangePayload {
@ -1613,7 +1613,7 @@ impl ServerKeyExchangePayload {
kxa: KeyExchangeAlgorithm, kxa: KeyExchangeAlgorithm,
) -> Option<EcdheServerKeyExchange> { ) -> Option<EcdheServerKeyExchange> {
if let Self::Unknown(ref unk) = *self { if let Self::Unknown(ref unk) = *self {
let mut rd = Reader::init(&unk.0); let mut rd = Reader::init(unk.bytes());
let result = match kxa { let result = match kxa {
KeyExchangeAlgorithm::ECDHE => EcdheServerKeyExchange::read(&mut rd), KeyExchangeAlgorithm::ECDHE => EcdheServerKeyExchange::read(&mut rd),
@ -2076,15 +2076,15 @@ pub enum HandshakePayload {
CertificateVerify(DigitallySignedStruct), CertificateVerify(DigitallySignedStruct),
ServerHelloDone, ServerHelloDone,
EndOfEarlyData, EndOfEarlyData,
ClientKeyExchange(Payload), ClientKeyExchange(Payload<'static>),
NewSessionTicket(NewSessionTicketPayload), NewSessionTicket(NewSessionTicketPayload),
NewSessionTicketTls13(NewSessionTicketPayloadTls13), NewSessionTicketTls13(NewSessionTicketPayloadTls13),
EncryptedExtensions(Vec<ServerExtension>), EncryptedExtensions(Vec<ServerExtension>),
KeyUpdate(KeyUpdateRequest), KeyUpdate(KeyUpdateRequest),
Finished(Payload), Finished(Payload<'static>),
CertificateStatus(CertificateStatus), CertificateStatus(CertificateStatus),
MessageHash(Payload), MessageHash(Payload<'static>),
Unknown(Payload), Unknown(Payload<'static>),
} }
impl HandshakePayload { impl HandshakePayload {

36
rustls/src/msgs/handshake_test.rs
View File

@ -370,7 +370,7 @@ fn get_sample_clienthellopayload() -> ClientHelloPayload {
ClientExtension::SignatureAlgorithms(vec![SignatureScheme::ECDSA_NISTP256_SHA256]), ClientExtension::SignatureAlgorithms(vec![SignatureScheme::ECDSA_NISTP256_SHA256]),
ClientExtension::make_sni(&DnsName::try_from("hello").unwrap()), ClientExtension::make_sni(&DnsName::try_from("hello").unwrap()),
ClientExtension::SessionTicket(ClientSessionTicket::Request), ClientExtension::SessionTicket(ClientSessionTicket::Request),
ClientExtension::SessionTicket(ClientSessionTicket::Offer(Payload(vec![]))), ClientExtension::SessionTicket(ClientSessionTicket::Offer(Payload::Borrowed(&[]))),
ClientExtension::Protocols(vec![ProtocolName::from(vec![0])]), ClientExtension::Protocols(vec![ProtocolName::from(vec![0])]),
ClientExtension::SupportedVersions(vec![ProtocolVersion::TLSv1_3]), ClientExtension::SupportedVersions(vec![ProtocolVersion::TLSv1_3]),
ClientExtension::KeyShare(vec![KeyShareEntry::new(NamedGroup::X25519, &[1, 2, 3])]), ClientExtension::KeyShare(vec![KeyShareEntry::new(NamedGroup::X25519, &[1, 2, 3])]),
@ -391,7 +391,7 @@ fn get_sample_clienthellopayload() -> ClientHelloPayload {
ClientExtension::TransportParameters(vec![1, 2, 3]), ClientExtension::TransportParameters(vec![1, 2, 3]),
ClientExtension::Unknown(UnknownExtension { ClientExtension::Unknown(UnknownExtension {
typ: ExtensionType::Unknown(12345), typ: ExtensionType::Unknown(12345),
payload: Payload(vec![1, 2, 3]), payload: Payload::Borrowed(&[1, 2, 3]),
}), }),
], ],
} }
@ -497,7 +497,7 @@ fn test_client_extension_getter(typ: ExtensionType, getter: fn(&ClientHelloPaylo
chp.extensions = vec![ClientExtension::Unknown(UnknownExtension { chp.extensions = vec![ClientExtension::Unknown(UnknownExtension {
typ, typ,
payload: Payload(vec![]), payload: Payload::Borrowed(&[]),
})]; })];
assert!(!getter(&chp)); assert!(!getter(&chp));
} }
@ -612,7 +612,7 @@ fn test_helloretry_extension_getter(typ: ExtensionType, getter: fn(&HelloRetryRe
hrr.extensions = vec![HelloRetryExtension::Unknown(UnknownExtension { hrr.extensions = vec![HelloRetryExtension::Unknown(UnknownExtension {
typ, typ,
payload: Payload(vec![]), payload: Payload::Borrowed(&[]),
})]; })];
assert!(!getter(&hrr)); assert!(!getter(&hrr));
} }
@ -681,7 +681,7 @@ fn test_server_extension_getter(typ: ExtensionType, getter: fn(&ServerHelloPaylo
shp.extensions = vec![ServerExtension::Unknown(UnknownExtension { shp.extensions = vec![ServerExtension::Unknown(UnknownExtension {
typ, typ,
payload: Payload(vec![]), payload: Payload::Borrowed(&[]),
})]; })];
assert!(!getter(&shp)); assert!(!getter(&shp));
} }
@ -724,7 +724,7 @@ fn test_cert_extension_getter(typ: ExtensionType, getter: fn(&CertificateEntry)
ce.exts = vec![CertificateExtension::Unknown(UnknownExtension { ce.exts = vec![CertificateExtension::Unknown(UnknownExtension {
typ, typ,
payload: Payload(vec![]), payload: Payload::Borrowed(&[]),
})]; })];
assert!(!getter(&ce)); assert!(!getter(&ce));
} }
@ -757,7 +757,7 @@ fn get_sample_serverhellopayload() -> ServerHelloPayload {
ServerExtension::TransportParameters(vec![1, 2, 3]), ServerExtension::TransportParameters(vec![1, 2, 3]),
ServerExtension::Unknown(UnknownExtension { ServerExtension::Unknown(UnknownExtension {
typ: ExtensionType::Unknown(12345), typ: ExtensionType::Unknown(12345),
payload: Payload(vec![1, 2, 3]), payload: Payload::Borrowed(&[1, 2, 3]),
}), }),
], ],
} }
@ -784,7 +784,7 @@ fn get_sample_helloretryrequest() -> HelloRetryRequest {
HelloRetryExtension::SupportedVersions(ProtocolVersion::TLSv1_2), HelloRetryExtension::SupportedVersions(ProtocolVersion::TLSv1_2),
HelloRetryExtension::Unknown(UnknownExtension { HelloRetryExtension::Unknown(UnknownExtension {
typ: ExtensionType::Unknown(12345), typ: ExtensionType::Unknown(12345),
payload: Payload(vec![1, 2, 3]), payload: Payload::Borrowed(&[1, 2, 3]),
}), }),
], ],
} }
@ -801,7 +801,7 @@ fn get_sample_certificatepayloadtls13() -> CertificatePayloadTls13 {
}), }),
CertificateExtension::Unknown(UnknownExtension { CertificateExtension::Unknown(UnknownExtension {
typ: ExtensionType::Unknown(12345), typ: ExtensionType::Unknown(12345),
payload: Payload(vec![1, 2, 3]), payload: Payload::Borrowed(&[1, 2, 3]),
}), }),
], ],
}], }],
@ -822,7 +822,7 @@ fn get_sample_serverkeyexchangepayload_ecdhe() -> ServerKeyExchangePayload {
} }
fn get_sample_serverkeyexchangepayload_unknown() -> ServerKeyExchangePayload { fn get_sample_serverkeyexchangepayload_unknown() -> ServerKeyExchangePayload {
ServerKeyExchangePayload::Unknown(Payload(vec![1, 2, 3])) ServerKeyExchangePayload::Unknown(Payload::Borrowed(&[1, 2, 3]))
} }
fn get_sample_certificaterequestpayload() -> CertificateRequestPayload { fn get_sample_certificaterequestpayload() -> CertificateRequestPayload {
@ -841,7 +841,7 @@ fn get_sample_certificaterequestpayloadtls13() -> CertificateRequestPayloadTls13
CertReqExtension::AuthorityNames(vec![DistinguishedName::from(vec![1, 2, 3])]), CertReqExtension::AuthorityNames(vec![DistinguishedName::from(vec![1, 2, 3])]),
CertReqExtension::Unknown(UnknownExtension { CertReqExtension::Unknown(UnknownExtension {
typ: ExtensionType::Unknown(12345), typ: ExtensionType::Unknown(12345),
payload: Payload(vec![1, 2, 3]), payload: Payload::Borrowed(&[1, 2, 3]),
}), }),
], ],
} }
@ -862,7 +862,7 @@ fn get_sample_newsessionticketpayloadtls13() -> NewSessionTicketPayloadTls13 {
ticket: PayloadU16(vec![4, 5, 6]), ticket: PayloadU16(vec![4, 5, 6]),
exts: vec![NewSessionTicketExtension::Unknown(UnknownExtension { exts: vec![NewSessionTicketExtension::Unknown(UnknownExtension {
typ: ExtensionType::Unknown(12345), typ: ExtensionType::Unknown(12345),
payload: Payload(vec![1, 2, 3]), payload: Payload::Borrowed(&[1, 2, 3]),
})], })],
} }
} }
@ -923,7 +923,7 @@ fn get_all_tls12_handshake_payloads() -> Vec<HandshakeMessagePayload> {
}, },
HandshakeMessagePayload { HandshakeMessagePayload {
typ: HandshakeType::ClientKeyExchange, typ: HandshakeType::ClientKeyExchange,
payload: HandshakePayload::ClientKeyExchange(Payload(vec![1, 2, 3])), payload: HandshakePayload::ClientKeyExchange(Payload::Borrowed(&[1, 2, 3])),
}, },
HandshakeMessagePayload { HandshakeMessagePayload {
typ: HandshakeType::NewSessionTicket, typ: HandshakeType::NewSessionTicket,
@ -943,7 +943,7 @@ fn get_all_tls12_handshake_payloads() -> Vec<HandshakeMessagePayload> {
}, },
HandshakeMessagePayload { HandshakeMessagePayload {
typ: HandshakeType::Finished, typ: HandshakeType::Finished,
payload: HandshakePayload::Finished(Payload(vec![1, 2, 3])), payload: HandshakePayload::Finished(Payload::Borrowed(&[1, 2, 3])),
}, },
HandshakeMessagePayload { HandshakeMessagePayload {
typ: HandshakeType::CertificateStatus, typ: HandshakeType::CertificateStatus,
@ -951,7 +951,7 @@ fn get_all_tls12_handshake_payloads() -> Vec<HandshakeMessagePayload> {
}, },
HandshakeMessagePayload { HandshakeMessagePayload {
typ: HandshakeType::Unknown(99), typ: HandshakeType::Unknown(99),
payload: HandshakePayload::Unknown(Payload(vec![1, 2, 3])), payload: HandshakePayload::Unknown(Payload::Borrowed(&[1, 2, 3])),
}, },
] ]
} }
@ -1060,7 +1060,7 @@ fn get_all_tls13_handshake_payloads() -> Vec<HandshakeMessagePayload> {
}, },
HandshakeMessagePayload { HandshakeMessagePayload {
typ: HandshakeType::ClientKeyExchange, typ: HandshakeType::ClientKeyExchange,
payload: HandshakePayload::ClientKeyExchange(Payload(vec![1, 2, 3])), payload: HandshakePayload::ClientKeyExchange(Payload::Borrowed(&[1, 2, 3])),
}, },
HandshakeMessagePayload { HandshakeMessagePayload {
typ: HandshakeType::NewSessionTicket, typ: HandshakeType::NewSessionTicket,
@ -1082,7 +1082,7 @@ fn get_all_tls13_handshake_payloads() -> Vec<HandshakeMessagePayload> {
}, },
HandshakeMessagePayload { HandshakeMessagePayload {
typ: HandshakeType::Finished, typ: HandshakeType::Finished,
payload: HandshakePayload::Finished(Payload(vec![1, 2, 3])), payload: HandshakePayload::Finished(Payload::Borrowed(&[1, 2, 3])),
}, },
HandshakeMessagePayload { HandshakeMessagePayload {
typ: HandshakeType::CertificateStatus, typ: HandshakeType::CertificateStatus,
@ -1090,7 +1090,7 @@ fn get_all_tls13_handshake_payloads() -> Vec<HandshakeMessagePayload> {
}, },
HandshakeMessagePayload { HandshakeMessagePayload {
typ: HandshakeType::Unknown(99), typ: HandshakeType::Unknown(99),
payload: HandshakePayload::Unknown(Payload(vec![1, 2, 3])), payload: HandshakePayload::Unknown(Payload::Borrowed(&[1, 2, 3])),
}, },
] ]
} }

29
rustls/src/msgs/message.rs
View File

@ -20,17 +20,17 @@ pub enum MessagePayload {
Alert(AlertMessagePayload), Alert(AlertMessagePayload),
Handshake { Handshake {
parsed: HandshakeMessagePayload, parsed: HandshakeMessagePayload,
encoded: Payload, encoded: Payload<'static>,
}, },
ChangeCipherSpec(ChangeCipherSpecPayload), ChangeCipherSpec(ChangeCipherSpecPayload),
ApplicationData(Payload), ApplicationData(Payload<'static>),
} }
impl MessagePayload { impl MessagePayload {
pub fn encode(&self, bytes: &mut Vec<u8>) { pub fn encode(&self, bytes: &mut Vec<u8>) {
match self { match self {
Self::Alert(x) => x.encode(bytes), Self::Alert(x) => x.encode(bytes),
Self::Handshake { encoded, .. } => bytes.extend(&encoded.0), Self::Handshake { encoded, .. } => bytes.extend(encoded.bytes()),
Self::ChangeCipherSpec(x) => x.encode(bytes), Self::ChangeCipherSpec(x) => x.encode(bytes),
Self::ApplicationData(x) => x.encode(bytes), Self::ApplicationData(x) => x.encode(bytes),
} }
@ -46,9 +46,9 @@ impl MessagePayload {
pub fn new( pub fn new(
typ: ContentType, typ: ContentType,
vers: ProtocolVersion, vers: ProtocolVersion,
payload: Payload, payload: Payload<'static>,
) -> Result<Self, InvalidMessage> { ) -> Result<Self, InvalidMessage> {
let mut r = Reader::init(&payload.0); let mut r = Reader::init(payload.bytes());
match typ { match typ {
ContentType::ApplicationData => Ok(Self::ApplicationData(payload)), ContentType::ApplicationData => Ok(Self::ApplicationData(payload)),
ContentType::Alert => AlertMessagePayload::read(&mut r).map(MessagePayload::Alert), ContentType::Alert => AlertMessagePayload::read(&mut r).map(MessagePayload::Alert),
@ -90,7 +90,7 @@ impl MessagePayload {
pub struct OpaqueMessage { pub struct OpaqueMessage {
pub typ: ContentType, pub typ: ContentType,
pub version: ProtocolVersion, pub version: ProtocolVersion,
payload: Payload, payload: Payload<'static>,
} }
impl OpaqueMessage { impl OpaqueMessage {
@ -107,12 +107,15 @@ impl OpaqueMessage {
/// Access the message payload as a slice. /// Access the message payload as a slice.
pub fn payload(&self) -> &[u8] { pub fn payload(&self) -> &[u8] {
&self.payload.0 self.payload.bytes()
} }
/// Access the message payload as a mutable `Vec<u8>`. /// Access the message payload as a mutable `Vec<u8>`.
pub fn payload_mut(&mut self) -> &mut Vec<u8> { pub fn payload_mut(&mut self) -> &mut Vec<u8> {
&mut self.payload.0 match &mut self.payload {
Payload::Borrowed(_) => unreachable!("due to how constructor works"),
Payload::Owned(bytes) => bytes,
}
} }
/// `MessageError` allows callers to distinguish between valid prefixes (might /// `MessageError` allows callers to distinguish between valid prefixes (might
@ -136,7 +139,7 @@ impl OpaqueMessage {
let mut buf = Vec::new(); let mut buf = Vec::new();
self.typ.encode(&mut buf); self.typ.encode(&mut buf);
self.version.encode(&mut buf); self.version.encode(&mut buf);
(self.payload.0.len() as u16).encode(&mut buf); (self.payload.bytes().len() as u16).encode(&mut buf);
self.payload.encode(&mut buf); self.payload.encode(&mut buf);
buf buf
} }
@ -291,7 +294,7 @@ impl From<Message> for PlainMessage {
_ => { _ => {
let mut buf = Vec::new(); let mut buf = Vec::new();
msg.payload.encode(&mut buf); msg.payload.encode(&mut buf);
Payload(buf) Payload::Owned(buf)
} }
}; };
@ -311,7 +314,7 @@ impl From<Message> for PlainMessage {
pub struct PlainMessage { pub struct PlainMessage {
pub typ: ContentType, pub typ: ContentType,
pub version: ProtocolVersion, pub version: ProtocolVersion,
pub payload: Payload, pub payload: Payload<'static>,
} }
impl PlainMessage { impl PlainMessage {
@ -327,7 +330,7 @@ impl PlainMessage {
BorrowedPlainMessage { BorrowedPlainMessage {
version: self.version, version: self.version,
typ: self.typ, typ: self.typ,
payload: &self.payload.0, payload: self.payload.bytes(),
} }
} }
} }
@ -402,7 +405,7 @@ impl<'a> BorrowedPlainMessage<'a> {
OpaqueMessage { OpaqueMessage {
version: self.version, version: self.version,
typ: self.typ, typ: self.typ,
payload: Payload(self.payload.to_vec()), payload: Payload::Owned(self.payload.to_vec()),
} }
} }

2
rustls/src/msgs/message_test.rs
View File

@ -100,7 +100,7 @@ fn construct_all_types() {
#[test] #[test]
fn debug_payload() { fn debug_payload() {
assert_eq!("01020304", format!("{:?}", Payload(vec![1, 2, 3, 4]))); assert_eq!("01020304", format!("{:?}", Payload::new(vec![1, 2, 3, 4])));
assert_eq!("01020304", format!("{:?}", PayloadU8(vec![1, 2, 3, 4]))); assert_eq!("01020304", format!("{:?}", PayloadU8(vec![1, 2, 3, 4])));
assert_eq!("01020304", format!("{:?}", PayloadU16(vec![1, 2, 3, 4]))); assert_eq!("01020304", format!("{:?}", PayloadU16(vec![1, 2, 3, 4])));
assert_eq!("01020304", format!("{:?}", PayloadU24(vec![1, 2, 3, 4]))); assert_eq!("01020304", format!("{:?}", PayloadU24(vec![1, 2, 3, 4])));

4
rustls/src/server/server_conn.rs
View File

@ -846,10 +846,10 @@ impl EarlyDataState {
} }
pub(super) fn take_received_plaintext(&mut self, bytes: Payload) -> bool { pub(super) fn take_received_plaintext(&mut self, bytes: Payload) -> bool {
let available = bytes.0.len(); let available = bytes.bytes().len();
match self { match self {
Self::Accepted(ref mut received) if received.apply_limit(available) == available => { Self::Accepted(ref mut received) if received.apply_limit(available) == available => {
received.append(bytes.0); received.append(bytes.into_vec());
true true
} }
_ => false, _ => false,

25
rustls/src/server/tls12.rs
View File

@ -139,7 +139,10 @@ mod client_hello {
.and_then(|ticket| { .and_then(|ticket| {
ticket_received = true; ticket_received = true;
debug!("Ticket received"); debug!("Ticket received");
let data = self.config.ticketer.decrypt(&ticket.0); let data = self
.config
.ticketer
.decrypt(ticket.bytes());
if data.is_none() { if data.is_none() {
debug!("Ticket didn't decrypt"); debug!("Ticket didn't decrypt");
} }
@ -602,7 +605,7 @@ impl State<ServerConnectionData> for ExpectClientKx {
// Complete key agreement, and set up encryption with the // Complete key agreement, and set up encryption with the
// resulting premaster secret. // resulting premaster secret.
let peer_kx_params = let peer_kx_params =
tls12::decode_ecdh_params::<ClientEcdhParams>(cx.common, &client_kx.0)?; tls12::decode_ecdh_params::<ClientEcdhParams>(cx.common, client_kx.bytes())?;
let secrets = ConnectionSecrets::from_key_exchange( let secrets = ConnectionSecrets::from_key_exchange(
self.server_kx, self.server_kx,
&peer_kx_params.public.0, &peer_kx_params.public.0,
@ -859,15 +862,15 @@ impl State<ServerConnectionData> for ExpectFinished {
let vh = self.transcript.get_current_hash(); let vh = self.transcript.get_current_hash();
let expect_verify_data = self.secrets.client_verify_data(&vh); let expect_verify_data = self.secrets.client_verify_data(&vh);
let _fin_verified = match ConstantTimeEq::ct_eq(&expect_verify_data[..], &finished.0).into() let _fin_verified =
{ match ConstantTimeEq::ct_eq(&expect_verify_data[..], finished.bytes()).into() {
true => verify::FinishedMessageVerified::assertion(), true => verify::FinishedMessageVerified::assertion(),
false => { false => {
return Err(cx return Err(cx
.common .common
.send_fatal_alert(AlertDescription::DecryptError, Error::DecryptError)); .send_fatal_alert(AlertDescription::DecryptError, Error::DecryptError));
} }
}; };
// Save connection, perhaps // Save connection, perhaps
if !self.resuming && !self.session_id.is_empty() { if !self.resuming && !self.session_id.is_empty() {

7
rustls/src/server/tls13.rs
View File

@ -856,8 +856,8 @@ impl State<ServerConnectionData> for ExpectAndSkipRejectedEarlyData {
* up to the configured max_early_data_size." * up to the configured max_early_data_size."
* (RFC8446, 14.2.10) */ * (RFC8446, 14.2.10) */
if let MessagePayload::ApplicationData(ref skip_data) = m.payload { if let MessagePayload::ApplicationData(ref skip_data) = m.payload {
if skip_data.0.len() <= self.skip_data_left { if skip_data.bytes().len() <= self.skip_data_left {
self.skip_data_left -= skip_data.0.len(); self.skip_data_left -= skip_data.bytes().len();
return Ok(self); return Ok(self);
} }
} }
@ -1158,7 +1158,8 @@ impl State<ServerConnectionData> for ExpectFinished {
.key_schedule .key_schedule
.sign_client_finish(&handshake_hash, cx.common); .sign_client_finish(&handshake_hash, cx.common);
let fin = match ConstantTimeEq::ct_eq(expect_verify_data.as_ref(), &finished.0[..]).into() { let fin = match ConstantTimeEq::ct_eq(expect_verify_data.as_ref(), finished.bytes()).into()
{
true => verify::FinishedMessageVerified::assertion(), true => verify::FinishedMessageVerified::assertion(),
false => { false => {
return Err(cx return Err(cx