rust/rustls
rust
/
rustls
mirror of https://github.com/ctz/rustls
1
0
Fork 0
Code Issues Releases Wiki Activity
2,748 Commits 46 Branches 69 Tags 32 MiB
Commit Graph

2748 Commits

Author SHA1 Message Date
Joseph Birr-Pixton ba5c08ee36 Move tail of `pop()` into its own function 
For me, this was relatively unclear control flow.  Replace the
`break len` with direct function calls.  Observe that both lengths
are always the handshake state `expected_len`, so that parallel
data flow can be dropped.
 2024-01-04 18:11:42 +00:00
Joseph Birr-Pixton c6a1e58954 deframer.rs: clarifications & tidying 
Try to make it clear which parts of this file are for the TLS
message protocol, and which are for the TLS handshake protocol.

Correct comments mentioning `buf`, vectors or an output frames
queue (these longer exist.)
 2024-01-04 18:11:42 +00:00
Joseph Birr-Pixton 27d722beb4 Minimise period when `ConnectionCore::state` is absent 
This recasts the internal `process_new_packets()` as something
that consumes an iterator of messages.  This is the goal of this
larger refactoring.

`deframe_and_process_new_packets()` is a stop-gap.
 2024-01-04 18:09:31 +00:00
Daniel McCarney ba97712be2 examples: use CLI args vs env vars in simpleserver 2024-01-04 13:41:11 +00:00
Daniel McCarney f0934452ca examples: use CLI args vs env vars in unbuff-server 2024-01-04 13:41:11 +00:00
Daniel McCarney 59351ff6a4 examples: move consts to bottom in unbuff-server 2024-01-04 13:41:11 +00:00
Daniel McCarney 90fce7e9b4 examples: move consts to bottom in unbuff-client 2024-01-04 13:41:11 +00:00
Daniel McCarney 85b36ec8b0 examples: move consts to bottom in unbuff-async-client 2024-01-04 13:41:11 +00:00
Daniel McCarney 8c6fb1c9c3 examples: top-level doc comment for unbuffered-async-client 2024-01-04 13:41:11 +00:00
Daniel McCarney 83fa7a3d4f examples: top-level doc comment for unbuffered-server 2024-01-04 13:41:11 +00:00
Joseph Birr-Pixton f8cd4e82ec ci-bench: separately bench use of P384 curve 
This renames the P256 cases, so will introduce a
discontinuity in results tracking.
 2024-01-04 09:21:59 +00:00
Joseph Birr-Pixton da14317122 Test P521-SHA512 in bogo 
This makes it possible for our bogo config.json to vary
between providers.  That is achieved by -- with my sincere apologies --
applying the C preprocessor.
 2024-01-04 09:21:59 +00:00
Joseph Birr-Pixton b1101a8737 De-duplicate knowledge of test-ca/ CA names 2024-01-04 09:21:59 +00:00
Joseph Birr-Pixton 6ede5d74f4 Avoid extraenous `.iter()` in for loops 
clippy was complaining about manual `.into_iter()` calls, but actually
the manual `.iter()` calls are also not very idiomatic.
 2024-01-04 09:21:59 +00:00
Joseph Birr-Pixton 271c637bd9 Split test-ca ecdsa by curve; add p521 
This goes from being a single set of keys for ECDSA (with a
purposeful mix of curves) to a set of keys per curve.

That means we can avoid P521 chains in tests when it is not supported.

In those tests, reflect this as additional `KeyType` variants.
 2024-01-04 09:21:59 +00:00
Joseph Birr-Pixton 2ed985853b aws_lc_rs::sign: add support for NISTP521 ECDSA keys 2024-01-04 09:21:59 +00:00
Joseph Birr-Pixton 62779dfb5e aws_lc_rs::sign: note route to remove SEC1 hack 2024-01-04 09:21:59 +00:00
Joseph Birr-Pixton ec8d89b430 Split off crypto/aws_lc_rs/sign.rs 2024-01-04 09:21:59 +00:00
Joseph Birr-Pixton 1980ba6d16 aws-lc-rs: support verifying with ECDSA_P521_SHA512 2024-01-04 09:21:59 +00:00
Joseph Birr-Pixton 0a61a3ad4a Depend on rustls-webpki 0.102.1 2024-01-04 09:21:59 +00:00
Daniel McCarney 0d4b2dfa52 docs: provide more pointers for examples 
This commit provides more pointers to our existing examples and
additionally provides guidance about Rusts being low-level. Users that
just want to make an HTTPS request should probably use a crate built on
top of Rustls. Similarly, users in the Tokio ecosystem should look at
tokio-rustls.
 2024-01-03 15:05:49 +00:00
Daniel McCarney 0d7c256c32 docs: add README for examples 
* Inventory of the existing examples, with brief descriptions
* Guidance to look at the "simple" examples first.
 2024-01-03 15:05:38 +00:00
Daniel McCarney c9963b0ecc examples: add a simple server example 
This commit adds an example *server* that is roughly contemporary with
the existing "simpleclient".

It is the absolute bare minimum needed to run a server using Rustls
(e.g. it only accepts a single connection before terminating).

You can run the server with:
```
CERTFILE=test-ca/rsa/end.fullchain PRIV_KEY_FILE=test-ca/rsa/end.key  cargo run --package rustls-examples --bin simpleserver
```

And connect to it with a client:
```
cargo run --package rustls-examples --bin tlsclient-mio -- --port 4443 --cafile test-ca/rsa/ca.cert localhost --http
```
 2024-01-03 15:05:38 +00:00
Joseph Birr-Pixton 94a128b8d2 Exercise `AlreadyEncoded` error path in `EncodeTlsData` 2024-01-03 11:07:03 +00:00
Joseph Birr-Pixton 164135c29f Ensure `ReadTraffic::peek_len` works 2024-01-03 11:07:03 +00:00
Joseph Birr-Pixton afa7f14760 tests/unbuffered.rs: refactor and improve coverage 
Extract out the common structure of most of these tests, leaving
just the differences in their own tests.
 2024-01-03 11:07:03 +00:00
Joseph Birr-Pixton efc3b2e13b ring/sign.rs: improve testing 2024-01-03 11:07:03 +00:00
Joseph Birr-Pixton f804902c52 Correct `SignatureScheme::sign()` for ED25519/448 2024-01-03 11:07:03 +00:00
Joseph Birr-Pixton 450224cde9 ring/ticketer.rs: cover AeadTicketer 2024-01-03 11:07:03 +00:00
Joseph Birr-Pixton 74dcc950a5 ring/kx.rs: exercise `KxGroup::fmt` 
Remove unusable Debug derivation for `KeyExchange`
 2024-01-03 11:07:03 +00:00
Daniel McCarney b0bbb314b7 Cargo: update semver compat deps 
* Anyhow 1.0.75 -> 1.0.78
* Async-trait 0.1.74 -> 0.1.76
* Clap 4.4.11 -> 4.4.12
* Tokio 1.35.0 -> 1.35.1
* Serde-json 1.0.108 -> 1.0.109
 2024-01-02 14:37:34 +00:00
Niklas Fiekas 309a5d5051
Implement FromIterator for RootCertStore (#1708) 
Co-authored-by: Daniel McCarney <daniel@binaryparadox.net>
 2023-12-25 10:58:26 +01:00
Joseph Birr-Pixton 0cd488dff6 Clarify `ClientHello` `legacy_record_version` commentary 2023-12-21 15:21:41 +00:00
Christian Poveda f544352a2c move sendable_plaintext from CommonState to ConnectionCommon 2023-12-20 16:15:25 +00:00
Jorge Aparicio 390eaec7bc move CommonState::set_buffer_limit into ConnectionCommon 
add a `set_buffer_limit` method to `Connection` to minimize breakage
 2023-12-20 16:15:25 +00:00
Jorge Aparicio d4bdfa919c refactor non-buffering logic out of send_plain 2023-12-20 16:15:25 +00:00
Adolfo Ochagavía 93228ebdbf Add BENCHMARKING.md 
This file is meant as an entry point for users and contributors who are
interested in benchmarking rustls. It is linked from the readme so
people can find it easily.

Closes #1478 and #1685
 2023-12-20 16:13:01 +00:00
Christian Poveda 23167ecad6 Condense the `fragment_slice` return type 2023-12-19 20:45:35 +00:00
Adolfo Ochagavía 371463d812 ci-bench: explain motivation for wall-time measurements in readme 2023-12-19 14:40:39 +00:00
Joseph Birr-Pixton 7b39b27771 verify.rs: correct comment for `verify_server_name` 
This implies webpki checks the DN commonName value for DNS names.
It does not.
 2023-12-19 09:39:43 +00:00
Joseph Birr-Pixton 74fb489a2c Ensure buffer discard tracking works even on error 
This sticks the error from `process_tls_records()` inside
`UnbufferedStatus`.  That means the `discard` field is still
available, but continues to require handling the error to learn
the `state` field's underlying value.

TODO: the example code is made to unwrap errors in this PR.
They need reorganising so the discard processing happens before
error handling.
 2023-12-19 09:30:04 +00:00
Joseph Birr-Pixton 049b0c000d unbuffered: test for receipt of invalid messages 
This a) returns an error, and b) sends an alert.  But unfortunately
(a) doesn't include accounting for the processed bytes.
 2023-12-19 09:30:04 +00:00
Joseph Birr-Pixton 20f0a76dd5 impl Debug for UnbufferedStatus 
This allows people to use `unwrap_err`, etc.
 2023-12-19 09:30:04 +00:00
Joseph Birr-Pixton e0fea8b834 unbuffered: test receiving message byte-by-byte 2023-12-19 09:30:04 +00:00
Christian Poveda 147dc08816 Test that the transcripts for client and server match the expectations 2023-12-19 09:30:04 +00:00
Jorge Aparicio a416464099 add async example 2023-12-19 09:30:04 +00:00
Jorge Aparicio 0d7934d611 add buffer size checks to tests 2023-12-19 09:30:04 +00:00
Jorge Aparicio 4258804df5 test close_notify transmission 2023-12-19 09:30:04 +00:00
Jorge Aparicio 4bb87a11bf test early data transmission 2023-12-19 09:30:04 +00:00
Jorge Aparicio 3eacd0cb05 test app-data transmission 2023-12-19 09:30:04 +00:00