Joseph Birr-Pixton
bad9bd7454
Fix at base64 0.12.1
...
0.12.2 has a breaking MSRV change
2020-06-20 13:25:21 +01:00
Joseph Birr-Pixton
02910b186f
Remove unused use of Error
2020-06-20 13:10:53 +01:00
Joseph Birr-Pixton
ac3573bf98
Remove dependency on tempfile
...
This broke the MSRV build, and was bringing in the whole
of rand, wasi, and a ton of other stuff. All so we could
have a temporary directory during a few tests. 6 crates for
generating randomness just for that!
This accounted for 10% of the size of Cargo.lock alone.
2020-06-20 13:04:59 +01:00
Joseph Birr-Pixton
1b99071bc4
Test that OwnedTrustAnchor::to_trust_anchor is public
2020-06-20 11:50:26 +01:00
Joseph Birr-Pixton
5efd23a068
Rewrite x509::wrap_in_sequence to be more general
...
Actually, it's only slightly more complex to make this
work for all possible usize values. So let's do that.
2020-06-12 21:01:48 +01:00
Joseph Birr-Pixton
cac66a8c18
error description() is deprecated; avoid it
2020-06-08 21:33:03 +01:00
Joseph Birr-Pixton
227d9a2aff
Assert x.509 name is shorter than 64KB
...
Otherwise this function produces incorrect output.
2020-06-08 21:06:06 +01:00
Joseph Birr-Pixton
22a9a49bd4
Test for 64KB certificate chain limit
2020-06-07 18:29:24 +01:00
Joseph Birr-Pixton
1803e8e7ad
Improve msgs::message coverage
2020-06-07 17:21:11 +01:00
Joseph Birr-Pixton
39175e7252
Refactor state machine message checking
...
Instead of having check_message called separately, do all
checking inside the state transition functions.
This means certain errors need to be detected to get
the right alert behaviour. But it dramatically
decreases the number of .unwrap()s and makes things
simpler.
2020-06-07 16:50:03 +01:00
Joseph Birr-Pixton
46c259bd8e
Assert if we send several fatal alerts in session
2020-05-24 10:58:29 +01:00
Benjamin Saunders
cf457c4315
Fix out-of-phase key update
...
We were returning keys from the previous phase rather than the current
one.
2020-05-24 10:28:58 +01:00
Benjamin Saunders
b940acce5e
Improve concision
2020-05-24 10:28:58 +01:00
Benjamin Saunders
70c558b186
Don't set legacy_session_id for QUIC
2020-05-24 10:28:58 +01:00
Joseph Birr-Pixton
f07f8b135d
Refactor deframer to hopefully improve clarity
...
There were some unwraps here that we can get rid of if we unduplicate
the work Message::read already does. That goes in Message::read_with_detailed_error.
Delete a fuzz corpus file that was actually wrong, but allowed by Message::read's
previous lax semantics.
2020-05-16 18:26:02 +01:00
Joseph Birr-Pixton
e680b3b6c7
Remove writev_tls; use std::io::Write::write_vectored
...
This is just a whole lot better.
2020-05-15 21:42:03 +01:00
Marc-Antoine Perennou
2912dbffde
stream: implement write_vectored
...
Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2020-05-15 20:40:07 +01:00
Joseph Birr-Pixton
63584de444
Remove checks on certtypes in CertificateRequest
2020-05-15 20:32:36 +01:00
Joseph Birr-Pixton
1c83b3ac03
Coverage improvements in suites/server
2020-05-08 18:51:05 +01:00
Joseph Birr-Pixton
7225c99f5f
Further handshake.rs coverage
2020-05-08 16:55:34 +01:00
Joseph Birr-Pixton
79b0b5d775
Remove unused code
2020-05-08 16:55:34 +01:00
Joseph Birr-Pixton
fb1970c8fc
Tests for keylog.rs
2020-05-08 16:55:34 +01:00
Joseph Birr-Pixton
cb397f0e15
Test detection of truncated handshake messages
2020-05-08 16:55:34 +01:00
Benjamin Saunders
59ee30545e
Format quic
2020-05-05 19:48:07 +01:00
Benjamin Saunders
96acad1d55
quic: Expose keys rather than secrets
...
Strengthens protection of sensitive internal state and makes life
easier for QUIC implementations.
2020-05-05 19:48:07 +01:00
Nicolas Viennot
a40724db72
bench: read server entirely before sending buffer to client
...
Previously, write_tls() was always getting aligned buffers,
avoiding testing certain code paths.
2020-04-12 16:57:10 +01:00
Nicolas Viennot
cfde038d29
bench: allow MTU to be specified for the server bulk bench
2020-04-12 16:56:02 +01:00
Nicolas Viennot
cc1267ed4e
Improve tls_read() performance
...
Changing a for loop in deframer with memmove() reduces CPU utilization
by 30% when downloading a 1G file over https.
2020-04-12 16:26:43 +01:00
Joseph Birr-Pixton
339923fc53
Get new bogo version working
2020-04-12 11:34:22 +01:00
Joseph Birr-Pixton
42c3a8c17c
Detect and reject server changing suite with 0rtt resume
2020-04-12 11:34:22 +01:00
Joseph Birr-Pixton
614abdeb0f
Clean up checking of hs joiner state
...
- Also check at the end of a handshake flight (bogo now has tests for this).
- Unduplicate the code for CCS checking.
- Send a more accurate alert type.
2020-04-12 11:34:22 +01:00
Joseph Birr-Pixton
222bfa8d12
TLS1.3: swallow user_cancelled warning alerts
2020-04-12 11:34:22 +01:00
Joseph Birr-Pixton
82da9c2011
Fix client detection of bad CertificateRequests
...
A certificate request with no signature schemes is meaningless.
In TLS1.3 we reject this outright, but it was allowed in TLS1.2.
Fix that first.
Secondly, fix the TLS1.2 behaviour when `choose_scheme` fails:
we want to avoid any client auth in this case, not send a certificate
but be unable to send the matching CertificateVerify.
2020-04-10 17:25:01 +01:00
Joseph Birr-Pixton
1e98fa2eb1
Allow verifiers to override signature verification
2020-03-29 21:08:20 +01:00
dependabot-preview[bot]
bdaf35b2cc
Update base64 requirement from 0.11 to 0.12
...
Updates the requirements on [base64](https://github.com/marshallpierce/rust-base64 ) to permit the latest version.
- [Release notes](https://github.com/marshallpierce/rust-base64/releases )
- [Changelog](https://github.com/marshallpierce/rust-base64/blob/master/RELEASE-NOTES.md )
- [Commits](https://github.com/marshallpierce/rust-base64/compare/v0.11.0...v0.12.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-03-15 08:37:36 +00:00
Joseph Birr-Pixton
9e92828b2f
Fix typo.
2020-02-24 21:26:08 +00:00
Joseph Birr-Pixton
92600efb4f
Prepare 0.17.0
2020-02-22 20:40:52 +00:00
Joseph Birr-Pixton
8a9fd05029
Don't panic on invalid private keys for client auth.
...
This is a breaking change, because these APIs didn't report
failures before.
2020-02-22 20:14:06 +00:00
Joseph Birr-Pixton
98a847df71
Require ring 0.16.11 for bug fix
2020-02-22 20:12:34 +00:00
Joseph Birr-Pixton
061b4f2767
Extend design documentation
2020-02-22 20:12:34 +00:00
Aaron Loucks
98d88f9a7a
Enable documentation on docs.rs for items behind feature flags
2020-02-20 20:57:13 +00:00
dependabot-preview[bot]
f6d35511e4
Update webpki-roots requirement from 0.18.0 to 0.19.0
...
Updates the requirements on [webpki-roots](https://github.com/ctz/webpki-roots ) to permit the latest version.
- [Release notes](https://github.com/ctz/webpki-roots/releases )
- [Commits](https://github.com/ctz/webpki-roots/compare/v/0.18.0...v/0.19.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-02-20 20:55:25 +00:00
Joseph Birr-Pixton
03b1ef03da
Improvements to previous commit:
...
- Don't report TLSError::AlertReceived from server when it sends
an alert -- this error means an alert was received from the peer.
- Avoid SNI-specific alert types for client auth rejections.
- Improve new tests to also check alerts received by client.
- Improve/fix docs.
2020-01-01 15:57:23 +00:00
Ryan Gorup
9c59aa91f5
Allow server to choose root cert for client auth based on SNI
2020-01-01 11:48:56 +00:00
Joseph Birr-Pixton
3882b3886a
Delete std::error::Error::description impl
...
It's deprecated.
2020-01-01 10:52:50 +00:00
Joseph Birr-Pixton
a511a2e976
Fix minor formatting weirdness
2020-01-01 10:35:13 +00:00
Joseph Birr-Pixton
866dd055b6
Test server rejection of tls1.3 kx overlap failure
2019-12-31 20:58:36 +00:00
Joseph Birr-Pixton
9636251d21
Refactor and test SNI server behaviour
2019-12-31 18:20:04 +00:00
thekuwayama
fbdc4cb273
server rejects SNI containing multiple hostnames
2019-12-31 16:25:01 +00:00
Joseph Birr-Pixton
1287510bec
Clippy cleanups
2019-12-22 16:39:33 +00:00