rust/rustls
rust
/
rustls
mirror of https://github.com/ctz/rustls
1
0
Fork 0
Code Issues Releases Wiki Activity
1,004 Commits 44 Branches 68 Tags 29 MiB
Commit Graph

1004 Commits

Author SHA1 Message Date
Joseph Birr-Pixton bad9bd7454 Fix at base64 0.12.1 
0.12.2 has a breaking MSRV change
 2020-06-20 13:25:21 +01:00
Joseph Birr-Pixton 02910b186f Remove unused use of Error 2020-06-20 13:10:53 +01:00
Joseph Birr-Pixton ac3573bf98 Remove dependency on tempfile 
This broke the MSRV build, and was bringing in the whole
of rand, wasi, and a ton of other stuff.  All so we could
have a temporary directory during a few tests.  6 crates for
generating randomness just for that!

This accounted for 10% of the size of Cargo.lock alone.
 2020-06-20 13:04:59 +01:00
Joseph Birr-Pixton 1b99071bc4 Test that OwnedTrustAnchor::to_trust_anchor is public 2020-06-20 11:50:26 +01:00
ctz e5b9210cb4
Audit report with editorial changes 2020-06-15 22:15:23 +01:00
Joseph Birr-Pixton d6176ed6ac Update fuzz targets 
Prepare to run them in CI
 2020-06-14 11:14:40 +01:00
Joseph Birr-Pixton 5a06734777 Add audit report 2020-06-13 20:38:32 +01:00
Joseph Birr-Pixton 5efd23a068 Rewrite x509::wrap_in_sequence to be more general 
Actually, it's only slightly more complex to make this
work for all possible usize values.  So let's do that.
 2020-06-12 21:01:48 +01:00
Joseph Birr-Pixton cac66a8c18 error description() is deprecated; avoid it 2020-06-08 21:33:03 +01:00
Joseph Birr-Pixton 6f252aa812 Fix coverage: output binaries have moved in nightly 2020-06-08 21:23:50 +01:00
Joseph Birr-Pixton 8c6a76f877 Minimum rustc version is now 1.39 2020-06-08 21:06:08 +01:00
Joseph Birr-Pixton 227d9a2aff Assert x.509 name is shorter than 64KB 
Otherwise this function produces incorrect output.
 2020-06-08 21:06:06 +01:00
Joseph Birr-Pixton 22a9a49bd4 Test for 64KB certificate chain limit 2020-06-07 18:29:24 +01:00
Joseph Birr-Pixton 1803e8e7ad Improve msgs::message coverage 2020-06-07 17:21:11 +01:00
Joseph Birr-Pixton 39175e7252 Refactor state machine message checking 
Instead of having check_message called separately, do all
checking inside the state transition functions.

This means certain errors need to be detected to get
the right alert behaviour.  But it dramatically
decreases the number of .unwrap()s and makes things
simpler.
 2020-06-07 16:50:03 +01:00
Joseph Birr-Pixton 46c259bd8e Assert if we send several fatal alerts in session 2020-05-24 10:58:29 +01:00
Benjamin Saunders cf457c4315 Fix out-of-phase key update 
We were returning keys from the previous phase rather than the current
one.
 2020-05-24 10:28:58 +01:00
Benjamin Saunders b940acce5e Improve concision 2020-05-24 10:28:58 +01:00
Benjamin Saunders 70c558b186 Don't set legacy_session_id for QUIC 2020-05-24 10:28:58 +01:00
Joseph Birr-Pixton f07f8b135d Refactor deframer to hopefully improve clarity 
There were some unwraps here that we can get rid of if we unduplicate
the work Message::read already does.  That goes in Message::read_with_detailed_error.

Delete a fuzz corpus file that was actually wrong, but allowed by Message::read's
previous lax semantics.
 2020-05-16 18:26:02 +01:00
Joseph Birr-Pixton e680b3b6c7 Remove writev_tls; use std::io::Write::write_vectored 
This is just a whole lot better.
 2020-05-15 21:42:03 +01:00
Marc-Antoine Perennou 2912dbffde stream: implement write_vectored 
Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
 2020-05-15 20:40:07 +01:00
Joseph Birr-Pixton 68c276b97c Update README for client auth issue 2020-05-15 20:37:44 +01:00
Joseph Birr-Pixton 63584de444 Remove checks on certtypes in CertificateRequest 2020-05-15 20:32:36 +01:00
Joseph Birr-Pixton 616392f4d8 Fix tlsserver on Windows 
mio 0.6 allowed selection of level- or edge-triggered events.  mio 0.7 removed
that, and on Windows events on server sockets are genuinely edge-triggered:
coalescing multiple incoming sockets into one event.  Therefore, accept
sockets until we can't accept any more.
 2020-05-10 16:19:55 +01:00
Joseph Birr-Pixton ab9dc83d9b tlsclient/tlsserver: reregister to reflect current state 
Each message might lead to potentially different IO interests.

This fixes a non-deterministic hang during tests.
 2020-05-10 11:58:27 +01:00
Joseph Birr-Pixton cdd403fe98 Revert "Revert "rustls-mio: bump mio to 0.7"" 
This reverts commit 7e670c2620.
 2020-05-09 20:13:55 +01:00
Joseph Birr-Pixton 7e670c2620 Revert "rustls-mio: bump mio to 0.7" 
This reverts commit a99d3f0a2c.
This reverts commit d5ecfb4b75.
This reverts commit 83c6495770.
 2020-05-08 19:16:00 +01:00
Emmanuel Gil Peyrot d5ecfb4b75 rustls-mio: fix tlsserver for mio 0.7 2020-05-08 18:53:17 +01:00
Emmanuel Gil Peyrot 83c6495770 rustls-mio: fix tlsclient for mio 0.7 2020-05-08 18:53:17 +01:00
Emmanuel Gil Peyrot a99d3f0a2c rustls-mio: bump mio to 0.7 2020-05-08 18:53:17 +01:00
Joseph Birr-Pixton 1c83b3ac03 Coverage improvements in suites/server 2020-05-08 18:51:05 +01:00
Joseph Birr-Pixton 69e3b6a12d Coveralls is no longer used 2020-05-08 17:28:02 +01:00
Joseph Birr-Pixton 7225c99f5f Further handshake.rs coverage 2020-05-08 16:55:34 +01:00
Joseph Birr-Pixton 79b0b5d775 Remove unused code 2020-05-08 16:55:34 +01:00
Joseph Birr-Pixton fb1970c8fc Tests for keylog.rs 2020-05-08 16:55:34 +01:00
Joseph Birr-Pixton cb397f0e15 Test detection of truncated handshake messages 2020-05-08 16:55:34 +01:00
Benjamin Saunders 59ee30545e Format quic 2020-05-05 19:48:07 +01:00
Benjamin Saunders 96acad1d55 quic: Expose keys rather than secrets 
Strengthens protection of sensitive internal state and makes life
easier for QUIC implementations.
 2020-05-05 19:48:07 +01:00
Joseph Birr-Pixton b2fa83cada Fix coverage build 
Upstream removed -Zno-landing-pads; unfortunately there's still
no better coverage tooling.

Fortunately -Cpanic=abort is now feasible for tests thanks to
-Zpanic-abort-tests.
 2020-05-03 11:34:02 +01:00
Joseph Birr-Pixton 3d43dca1f1 Update readme 2020-04-12 19:31:53 +01:00
Nicolas Viennot a40724db72 bench: read server entirely before sending buffer to client 
Previously, write_tls() was always getting aligned buffers,
avoiding testing certain code paths.
 2020-04-12 16:57:10 +01:00
Nicolas Viennot cfde038d29 bench: allow MTU to be specified for the server bulk bench 2020-04-12 16:56:02 +01:00
Joseph Birr-Pixton 73755737de Minimum tool chain is now 1.37 2020-04-12 16:26:43 +01:00
Nicolas Viennot cc1267ed4e Improve tls_read() performance 
Changing a for loop in deframer with memmove() reduces CPU utilization
by 30% when downloading a 1G file over https.
 2020-04-12 16:26:43 +01:00
Joseph Birr-Pixton 8e9751f9ef Remove bogo/trytls from travis 2020-04-12 16:26:05 +01:00
Joseph Birr-Pixton 339923fc53 Get new bogo version working 2020-04-12 11:34:22 +01:00
Joseph Birr-Pixton 42c3a8c17c Detect and reject server changing suite with 0rtt resume 2020-04-12 11:34:22 +01:00
Joseph Birr-Pixton 614abdeb0f Clean up checking of hs joiner state 
- Also check at the end of a handshake flight (bogo now has tests for this).
- Unduplicate the code for CCS checking.
- Send a more accurate alert type.
 2020-04-12 11:34:22 +01:00
Joseph Birr-Pixton 222bfa8d12 TLS1.3: swallow user_cancelled warning alerts 2020-04-12 11:34:22 +01:00