rust/rustls
rust
/
rustls
mirror of https://github.com/ctz/rustls
1
0
Fork 0
Code Issues Releases Wiki Activity
1,387 Commits 47 Branches 71 Tags 34 MiB
Commit Graph

1387 Commits

Author SHA1 Message Date
Dirkjan Ochtman 0682bf4ed5 Add documentation about use of QUIC transport parameters 2021-04-17 22:30:41 +02:00
Dirkjan Ochtman 648e280309 Return error if QUIC params are missing 
From draft-ietf-quic-tls-32#section-8.2:

   The quic_transport_parameters extension is carried in the ClientHello
   and the EncryptedExtensions messages during the handshake.  Endpoints
   MUST send the quic_transport_parameters extension; endpoints that
   receive ClientHello or EncryptedExtensions messages without the
   quic_transport_parameters extension MUST close the connection with an
   error of type 0x16d (equivalent to a fatal TLS missing_extension
   alert, see Section 4.8).
 2021-04-17 22:30:41 +02:00
Dirkjan Ochtman f91841b8f5 server: return error if SNI differs after retry 2021-04-17 10:40:42 +01:00
Dirkjan Ochtman 8fe0ac8161 server: simplify can_resume() interface 2021-04-17 10:40:42 +01:00
Dirkjan Ochtman 07af3053a3 server: rely on webpki for DNSName comparison 2021-04-17 10:40:42 +01:00
Dirkjan Ochtman 6ef287a36a server: deduplicate resumption path code 2021-04-17 10:40:42 +01:00
Dirkjan Ochtman 78d0df798a server: only generate new session ID when needed 2021-04-17 10:40:42 +01:00
Dirkjan Ochtman 2a86a98163 server: inline single-use save_sni() function 2021-04-17 10:40:42 +01:00
Dirkjan Ochtman 86325a5fdd server: inline single-use set_sni() method 2021-04-17 10:40:42 +01:00
Brian Smith 53486225c5 TLS 1.2: Change expected result for InvalidECDHPoint-Server to match TLS 1.3 2021-04-17 10:35:31 +01:00
Brian Smith 5fc6a6c4e1 Change expected result for compressed points in TLS 1.2 to match TLS 1.3 2021-04-17 10:35:31 +01:00
Brian Smith 97f5d5d7be TLS 1.2: Consolidate error reporting/alerting logic for key agreement failure. 2021-04-17 10:35:31 +01:00
Brian Smith 3351e39d51 TLS 1.2: Factor out common key exchange decoding logic and error reporting. 
Move the TLS-1.2-specific key agreement logic out of the general-purpose `kx`
module and into a new `crate::tls12` module that can hold common logic for
clients and servers.

Ensure error reporting and alerting for key agreement decoding are handled
consistently between client and server by consolidating the common logic.
 2021-04-17 10:35:31 +01:00
Brian Smith c40cf29111 TLS 1.3 Server: Report more precise error when System RNG fails. 2021-04-17 10:35:31 +01:00
Brian Smith d19a12f4a5 TLS 1.2 Server: Report correct error when RNG fails during key agreement. 2021-04-17 10:35:31 +01:00
Brian Smith 2a7c04a2d3 TLS 1.2 Client: Provide more accurate errors during key agreement failure. 2021-04-17 10:35:31 +01:00
Brian Smith 5f64b0e4f4 Key exchange: Don't panic on RNG failure. 2021-04-17 10:35:31 +01:00
Joseph Birr-Pixton 08ecd0ec66 Add 0.19.1 to mainline changelog 2021-04-17 08:47:38 +01:00
Dirkjan Ochtman ebd7ec049c kx: deduplicate ECDH params decoding 2021-04-16 21:37:02 +02:00
Brian Smith e1a8b4da67 Implement an infallible version of `Payload::read()` to reduce unwraps. 2021-04-16 10:40:23 +02:00
Brian Smith 3f23f9a333 Use `unwrap_or(false)` instead of `or(Some(false)).unwrap()`. 2021-04-16 06:58:59 +02:00
Dirkjan Ochtman ccc4f1011e Privatize server types and functions 2021-04-16 06:35:59 +02:00
Robert Sayre 854c5c4a30 Invalid SessionID in ServerHelloPayload. 2021-04-15 10:12:54 +02:00
Joseph Birr-Pixton cdf1dada21 Fix bogo_shim formatting 2021-04-11 17:38:49 +01:00
Joseph Birr-Pixton cdb712b7a0 Support bogo read-with-unfinished-write 
This enables some extra keyupdate tests
 2021-04-11 17:38:12 +01:00
Joseph Birr-Pixton b9a5a061b4 Move ActiveCertifiedKey to server::common 
This is quite server-specific, and really is part of the
server handshake state.
 2021-04-11 13:07:19 +01:00
Joseph Birr-Pixton 8db3cf6f33 Fix clippy lint 2021-04-11 12:58:47 +01:00
Joseph Birr-Pixton f3a6580d39 Make client-cert use of CertifiedKey also immutable 2021-04-11 12:50:24 +01:00
Simon Menke 32919bd2e1 Explicitly encode that ActiveCertifiedKey lives on the stack 2021-04-11 12:09:47 +01:00
Simon Menke 24b47fcd2e ResolvesServerCert::resolve now returns a Arc reference 2021-04-11 12:09:47 +01:00
Joseph Birr-Pixton 51961e1e53 Basic test for client 0rtt API 2021-04-11 10:55:35 +01:00
Joseph Birr-Pixton 89e8588499 Add tests for custom server verifiers 
Align errors for TLS1.2 and TLS1.3 if there are no overlapping signature
schemes.
 2021-04-11 10:55:35 +01:00
Joseph Birr-Pixton 199397250b Remove meaningless flush() behaviour 
This code never did anything; make flush_plaintext private.
 2021-04-11 10:55:35 +01:00
Joseph Birr-Pixton d4ae8b1bd4 Move impl io::Read/io::Write into their own structs 
These are returned via reader()/writer()
 2021-04-11 10:55:35 +01:00
Joseph Birr-Pixton c94c223e4c Rework std::io::Read usage 
- Ok(0) (ie, EOF) is reserved for signalling a received close_notify.
- Err(ErrorKind::WouldBlock) happens when there are no bytes to read.
 2021-04-11 10:55:35 +01:00
Joseph Birr-Pixton a1fb8686fb Return peer closure status from process_new_packets 
As well as plaintext and TLS buffer IO status.  The former
is useful to ensure a close_notify doesn't overtake already-received
bytes.  Both are useful to predict the buffer sizes that'll
be needed on the next read()/write_tls().
 2021-04-11 10:55:35 +01:00
Joseph Birr-Pixton cf061493bf Merge branch 'jbp-move-hs-data-into-states' into main 2021-04-11 10:12:54 +01:00
Dirkjan Ochtman e7bda93212 server: make TLS 1.3 emit functions private 2021-04-11 09:54:11 +01:00
Dirkjan Ochtman 4a5932ef86 server: make TLS 1.2 emit functions private 2021-04-11 09:54:11 +01:00
Dirkjan Ochtman 3cf8d0fb34 server: handle ClientHello for 1.2 in tls12 module 2021-04-11 09:54:11 +01:00
Dirkjan Ochtman dfbf93d4f3 server: inline trivial wrapper type ServerKXDetails 2021-04-11 09:21:50 +01:00
Dirkjan Ochtman 65a0421e77 server: inline trivial wrapper type ClientCertDetails 2021-04-11 09:21:50 +01:00
Dirkjan Ochtman 1a704f0f37 server: remove take_chain() method from ClientCertDetails 2021-04-11 09:21:50 +01:00
Dirkjan Ochtman 5b3976d319 server: thread hash_at_server_fin through states 2021-04-11 09:21:50 +01:00
Dirkjan Ochtman d54180345d server: move extra_exts from HandshakeDetails into states 2021-04-11 09:21:50 +01:00
Dirkjan Ochtman 1df2b80809 server: detach emit_finished_tls13() from CompleteClientHelloHandling 2021-04-11 09:21:50 +01:00
Dirkjan Ochtman 3874679035 server: detach emit_certificate_verify_tls13() from CompleteClientHelloHandling 2021-04-11 09:21:50 +01:00
Dirkjan Ochtman f4dbd146ca server: detach emit_certificate_tls13() from CompleteClientHelloHandling 2021-04-11 09:21:50 +01:00
Dirkjan Ochtman b22f85a989 server: detach emit_certificate_req_tls13() from CompleteClientHelloHandling 2021-04-11 09:21:50 +01:00
Dirkjan Ochtman 6074f2b294 server: detach emit_encrypted_extensions() from CompleteClientHelloHandling 2021-04-11 09:21:50 +01:00