rust/rustls
rust
/
rustls
mirror of https://github.com/ctz/rustls
1
0
Fork 0
Code Issues Releases Wiki Activity
1,004 Commits 46 Branches 69 Tags 31 MiB
Commit Graph

1004 Commits

Author SHA1 Message Date
Jerome Gravel-Niquet 5bfd6d13f1 Refactors ResolvesServerCert's resolve arguments to be more future-proof 2019-09-15 21:15:39 +01:00
Joseph Birr-Pixton 13d2a90235 Add ALPN offer to server cert resolver 
Breaking API change
 2019-09-07 23:43:55 +01:00
Joseph Birr-Pixton e92323fca5 Delete util::first_in_both and just use iterators 2019-09-07 23:43:55 +01:00
dependabot-preview[bot] 8a29657db5 Update docopt requirement from ~1.0 to ~1.1 
Updates the requirements on [docopt](https://github.com/docopt/docopt.rs) to permit the latest version.
- [Release notes](https://github.com/docopt/docopt.rs/releases)
- [Commits](https://github.com/docopt/docopt.rs/compare/1.0.0...1.1.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-09-07 23:15:39 +01:00
dependabot-preview[bot] e58bb40cf5 Update criterion requirement from 0.2.11 to 0.3.0 
Updates the requirements on [criterion](https://github.com/bheisler/criterion.rs) to permit the latest version.
- [Release notes](https://github.com/bheisler/criterion.rs/releases)
- [Changelog](https://github.com/bheisler/criterion.rs/blob/master/CHANGELOG.md)
- [Commits](https://github.com/bheisler/criterion.rs/compare/0.2.11...0.3.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-09-07 23:15:27 +01:00
Joseph Birr-Pixton 4b13a322c0 Filter sigschemes from client for compatiblity with suite 2019-09-06 11:02:15 +01:00
Joseph Birr-Pixton 2029e08939 Test: sigalgs passed to cert resolution are cs-compatible 
Otherwise we'll induce `ResolvesServerCert` implementors to
select server certs that are in fact incompatible with the
already-selected ciphersuite.

These tests fail.
 2019-09-06 11:02:15 +01:00
Julian Popescu f022189734 Add WriteV implementation for any Write objects 
Adds a WriteVAdapter which takes a std::io::Write object and makes it
compatible with the WriteV trait
 2019-09-04 09:59:49 +01:00
Marc-Antoine Perennou 21642466a3 StreamOwned: fix get_mut signature 
Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
 2019-08-26 15:25:28 +01:00
Joseph Birr-Pixton 56c0daf17c Cover new function 2019-08-25 12:20:01 +01:00
Yiming Jing 3acea34a71 Allow changing client cert verifier in ServerConfig 2019-08-25 12:19:48 +01:00
Joseph Birr-Pixton f53300ff83 Assorted README/scripts fixes 2019-08-25 10:33:52 +01:00
Joseph Birr-Pixton 1d70e45af6 Move to using cargo workspaces 
- rustls (the library) now lives in rustls/
- the mio examples/tests continue to live in rustls-mio, but
  are built by (eg) `cargo test` in the root of the repo.
 2019-08-24 20:55:20 +01:00
Joseph Birr-Pixton b8eca0ec4c Fix warnings 2019-08-24 20:53:15 +01:00
Joseph Birr-Pixton 17ee52c5d1 0.16.0 2019-08-10 09:54:11 +01:00
Joseph Birr-Pixton a93ee1abd2 tlsserver: fix loop when client will never be writable 2019-08-10 09:47:06 +01:00
Joseph Birr-Pixton 9f41f46324 tlsserver: try to send alerts on error 2019-08-10 09:38:01 +01:00
Joseph Birr-Pixton abaa366ad3 Update readme/changelog 2019-08-10 09:37:57 +01:00
Benjamin Saunders 056d843c0b Infer key log labels from secret kind 2019-08-04 20:56:49 +01:00
Benjamin Saunders 3bfc5950aa Document CLIENT_EARLY_TRAFFIC_SECRET key log label 2019-08-04 20:56:49 +01:00
Benjamin Saunders 49716ab59f Remove QUIC-specific key logging labels 
These are deprecated as of wireshark commit
cc50ec36344784bd7043e4c62da5b4cea97bc826.
 2019-08-04 20:56:49 +01:00
Benjamin Saunders 09e25d927b Restore QUIC key update test 2019-08-04 20:05:49 +01:00
Benjamin Saunders 6a499f30cc Fix typo in 7cc06ea0b0 2019-08-04 20:05:49 +01:00
Benjamin Saunders 8060be798e Update QuicExt::update_secrets for new *ring* API 2019-08-04 20:05:49 +01:00
Benjamin Saunders 7d0d734b26 Restore QUIC handshake test 2019-08-04 20:05:49 +01:00
Benjamin Saunders 18e8c4efb5 Remove QUIC key update test 
This is redundant to TLS key schedule tests
 2019-08-04 20:05:49 +01:00
Benjamin Saunders 59cbe6e6b5 Remove spurious Option from quic::Secrets 2019-08-04 20:05:49 +01:00
Brian Smith 7cf61c624a Comment out QUIC test until it can be fixed. 2019-08-04 20:05:49 +01:00
Brian Smith 0d66123f9c Avoid exposing secret key material in TLS 1.3 unless actually logging. 
This adds a (small) performance penalty for key logging in favor of
clearer encapsulation of key material and improved performance due to
at least one fewer heap allocation.
 2019-08-04 20:05:49 +01:00
Brian Smith 1d99471355 Improve encapsulation of key material during TLS 1.3 key schedule. 2019-08-04 20:05:49 +01:00
Brian Smith 952e172f87 Remove HKDF smoke test. 2019-08-04 20:05:49 +01:00
Benjamin Saunders 12fc069563 Expose client's resumption ciphersuite 
Needed for QUIC to select the correct 0-RTT header protection cipher.
 2019-08-04 20:01:34 +01:00
Brian Smith f3fdd47412 Simplify `KeySchedule::derive_for_empty_hash()`. 2019-07-26 21:14:40 +01:00
Brian Smith a99680bc73 Keep AEAD key material encapsulated in key schedule. 2019-07-26 21:14:40 +01:00
Brian Smith b5a7d262a7 Factor out common parts of key schedule tests. 2019-07-26 21:14:40 +01:00
Brian Smith 7e0a59f504 Simplify key material exporting & improve its error handling. 
HKDF has a fixed maximum output limit per digest algorithm. If I understand
correctly, the previous code would panic if too much output was requested.
Change it to fail with an error instead and add a note about testing this.
 2019-07-26 21:14:40 +01:00
Brian Smith 615b749489 Avoid allocating temporary `Vec<u8>`s during each HKDF expansion. 2019-07-26 21:14:40 +01:00
Brian Smith 2ccf365e2a Make TLS 1.3 key schedule less wasteful. 
Each call to `derive_bytes()` indicates about (at least?) three HMAC key
constructions for the given value, as well as a `Vec<u8>` allocation. The
`Vec<u8>` isn't needed in theory and each HMAC key can be constructed once
instead of three times, but that requires changes to the QUIC API that may
be debatable. Instead, eliminate the waste that is easy to eliminate.
 2019-07-26 21:14:40 +01:00
Brian Smith 01e623d464 Use *ring* 0.16.4 HKDF API. 2019-07-26 21:14:40 +01:00
Brian Smith c41a04a666 Rename `KeySchedule::derive` to `KeySchedule::derive_bytes`. 2019-07-26 21:14:40 +01:00
Brian Smith e702e4c87c Remove `need_derive_for_extract` from `KeySchedule`. 2019-07-26 21:14:40 +01:00
Brian Smith a039467f00 Simplify key schedule. 2019-07-26 21:14:40 +01:00
Joseph Birr-Pixton 7c7307070a Merge branch 'b/simplify-aad' of https://github.com/briansmith/rustls 2019-07-24 19:19:54 +01:00
Brian Smith 675ad27250 Update to *ring* 0.16.2 to improve sealing operations. 
Restore the allocation/copying behavior to what it was before the
*ring* 0.16.0 upgrade.
 2019-07-24 19:02:30 +01:00
Brian Smith 35f36152ca Remove redundant `alg` fields. 2019-07-23 15:48:19 -10:00
Brian Smith c8469a1045 Simplify construction of nonces. 2019-07-23 15:48:19 -10:00
Brian Smith dc076dd762 Simplify construction of AAD. 2019-07-23 11:18:49 -10:00
Joseph Birr-Pixton 666a2cbd2a Update minimum rustc version to 1.36(!) 2019-07-22 21:21:19 +01:00
Joseph Birr-Pixton 5b98ee22c3 Fix ticketer 
This regressed and was encrypting the nonce.  Making it not do
that is actually really annoying -- you can't slice a Vec and
end up with something that can Extend<>.  So we introduce an
extra copy :(
 2019-07-21 19:50:52 +01:00
Joseph Birr-Pixton f5c0ac7a12 Use new sct.rs, ct-logs and webpki-roots 2019-07-21 11:13:27 +01:00