Jerome Gravel-Niquet
5bfd6d13f1
Refactors ResolvesServerCert's resolve arguments to be more future-proof
2019-09-15 21:15:39 +01:00
Joseph Birr-Pixton
13d2a90235
Add ALPN offer to server cert resolver
...
Breaking API change
2019-09-07 23:43:55 +01:00
Joseph Birr-Pixton
e92323fca5
Delete util::first_in_both and just use iterators
2019-09-07 23:43:55 +01:00
dependabot-preview[bot]
8a29657db5
Update docopt requirement from ~1.0 to ~1.1
...
Updates the requirements on [docopt](https://github.com/docopt/docopt.rs ) to permit the latest version.
- [Release notes](https://github.com/docopt/docopt.rs/releases )
- [Commits](https://github.com/docopt/docopt.rs/compare/1.0.0...1.1.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-09-07 23:15:39 +01:00
dependabot-preview[bot]
e58bb40cf5
Update criterion requirement from 0.2.11 to 0.3.0
...
Updates the requirements on [criterion](https://github.com/bheisler/criterion.rs ) to permit the latest version.
- [Release notes](https://github.com/bheisler/criterion.rs/releases )
- [Changelog](https://github.com/bheisler/criterion.rs/blob/master/CHANGELOG.md )
- [Commits](https://github.com/bheisler/criterion.rs/compare/0.2.11...0.3.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-09-07 23:15:27 +01:00
Joseph Birr-Pixton
4b13a322c0
Filter sigschemes from client for compatiblity with suite
2019-09-06 11:02:15 +01:00
Joseph Birr-Pixton
2029e08939
Test: sigalgs passed to cert resolution are cs-compatible
...
Otherwise we'll induce `ResolvesServerCert` implementors to
select server certs that are in fact incompatible with the
already-selected ciphersuite.
These tests fail.
2019-09-06 11:02:15 +01:00
Julian Popescu
f022189734
Add WriteV implementation for any Write objects
...
Adds a WriteVAdapter which takes a std::io::Write object and makes it
compatible with the WriteV trait
2019-09-04 09:59:49 +01:00
Marc-Antoine Perennou
21642466a3
StreamOwned: fix get_mut signature
...
Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
2019-08-26 15:25:28 +01:00
Joseph Birr-Pixton
56c0daf17c
Cover new function
2019-08-25 12:20:01 +01:00
Yiming Jing
3acea34a71
Allow changing client cert verifier in ServerConfig
2019-08-25 12:19:48 +01:00
Joseph Birr-Pixton
f53300ff83
Assorted README/scripts fixes
2019-08-25 10:33:52 +01:00
Joseph Birr-Pixton
1d70e45af6
Move to using cargo workspaces
...
- rustls (the library) now lives in rustls/
- the mio examples/tests continue to live in rustls-mio, but
are built by (eg) `cargo test` in the root of the repo.
2019-08-24 20:55:20 +01:00
Joseph Birr-Pixton
b8eca0ec4c
Fix warnings
2019-08-24 20:53:15 +01:00
Joseph Birr-Pixton
17ee52c5d1
0.16.0
2019-08-10 09:54:11 +01:00
Joseph Birr-Pixton
a93ee1abd2
tlsserver: fix loop when client will never be writable
2019-08-10 09:47:06 +01:00
Joseph Birr-Pixton
9f41f46324
tlsserver: try to send alerts on error
2019-08-10 09:38:01 +01:00
Joseph Birr-Pixton
abaa366ad3
Update readme/changelog
2019-08-10 09:37:57 +01:00
Benjamin Saunders
056d843c0b
Infer key log labels from secret kind
2019-08-04 20:56:49 +01:00
Benjamin Saunders
3bfc5950aa
Document CLIENT_EARLY_TRAFFIC_SECRET key log label
2019-08-04 20:56:49 +01:00
Benjamin Saunders
49716ab59f
Remove QUIC-specific key logging labels
...
These are deprecated as of wireshark commit
cc50ec36344784bd7043e4c62da5b4cea97bc826.
2019-08-04 20:56:49 +01:00
Benjamin Saunders
09e25d927b
Restore QUIC key update test
2019-08-04 20:05:49 +01:00
Benjamin Saunders
6a499f30cc
Fix typo in 7cc06ea0b0
2019-08-04 20:05:49 +01:00
Benjamin Saunders
8060be798e
Update QuicExt::update_secrets for new *ring* API
2019-08-04 20:05:49 +01:00
Benjamin Saunders
7d0d734b26
Restore QUIC handshake test
2019-08-04 20:05:49 +01:00
Benjamin Saunders
18e8c4efb5
Remove QUIC key update test
...
This is redundant to TLS key schedule tests
2019-08-04 20:05:49 +01:00
Benjamin Saunders
59cbe6e6b5
Remove spurious Option from quic::Secrets
2019-08-04 20:05:49 +01:00
Brian Smith
7cf61c624a
Comment out QUIC test until it can be fixed.
2019-08-04 20:05:49 +01:00
Brian Smith
0d66123f9c
Avoid exposing secret key material in TLS 1.3 unless actually logging.
...
This adds a (small) performance penalty for key logging in favor of
clearer encapsulation of key material and improved performance due to
at least one fewer heap allocation.
2019-08-04 20:05:49 +01:00
Brian Smith
1d99471355
Improve encapsulation of key material during TLS 1.3 key schedule.
2019-08-04 20:05:49 +01:00
Brian Smith
952e172f87
Remove HKDF smoke test.
2019-08-04 20:05:49 +01:00
Benjamin Saunders
12fc069563
Expose client's resumption ciphersuite
...
Needed for QUIC to select the correct 0-RTT header protection cipher.
2019-08-04 20:01:34 +01:00
Brian Smith
f3fdd47412
Simplify `KeySchedule::derive_for_empty_hash()`.
2019-07-26 21:14:40 +01:00
Brian Smith
a99680bc73
Keep AEAD key material encapsulated in key schedule.
2019-07-26 21:14:40 +01:00
Brian Smith
b5a7d262a7
Factor out common parts of key schedule tests.
2019-07-26 21:14:40 +01:00
Brian Smith
7e0a59f504
Simplify key material exporting & improve its error handling.
...
HKDF has a fixed maximum output limit per digest algorithm. If I understand
correctly, the previous code would panic if too much output was requested.
Change it to fail with an error instead and add a note about testing this.
2019-07-26 21:14:40 +01:00
Brian Smith
615b749489
Avoid allocating temporary `Vec<u8>`s during each HKDF expansion.
2019-07-26 21:14:40 +01:00
Brian Smith
2ccf365e2a
Make TLS 1.3 key schedule less wasteful.
...
Each call to `derive_bytes()` indicates about (at least?) three HMAC key
constructions for the given value, as well as a `Vec<u8>` allocation. The
`Vec<u8>` isn't needed in theory and each HMAC key can be constructed once
instead of three times, but that requires changes to the QUIC API that may
be debatable. Instead, eliminate the waste that is easy to eliminate.
2019-07-26 21:14:40 +01:00
Brian Smith
01e623d464
Use *ring* 0.16.4 HKDF API.
2019-07-26 21:14:40 +01:00
Brian Smith
c41a04a666
Rename `KeySchedule::derive` to `KeySchedule::derive_bytes`.
2019-07-26 21:14:40 +01:00
Brian Smith
e702e4c87c
Remove `need_derive_for_extract` from `KeySchedule`.
2019-07-26 21:14:40 +01:00
Brian Smith
a039467f00
Simplify key schedule.
2019-07-26 21:14:40 +01:00
Joseph Birr-Pixton
7c7307070a
Merge branch 'b/simplify-aad' of https://github.com/briansmith/rustls
2019-07-24 19:19:54 +01:00
Brian Smith
675ad27250
Update to *ring* 0.16.2 to improve sealing operations.
...
Restore the allocation/copying behavior to what it was before the
*ring* 0.16.0 upgrade.
2019-07-24 19:02:30 +01:00
Brian Smith
35f36152ca
Remove redundant `alg` fields.
2019-07-23 15:48:19 -10:00
Brian Smith
c8469a1045
Simplify construction of nonces.
2019-07-23 15:48:19 -10:00
Brian Smith
dc076dd762
Simplify construction of AAD.
2019-07-23 11:18:49 -10:00
Joseph Birr-Pixton
666a2cbd2a
Update minimum rustc version to 1.36(!)
2019-07-22 21:21:19 +01:00
Joseph Birr-Pixton
5b98ee22c3
Fix ticketer
...
This regressed and was encrypting the nonce. Making it not do
that is actually really annoying -- you can't slice a Vec and
end up with something that can Extend<>. So we introduce an
extra copy :(
2019-07-21 19:50:52 +01:00
Joseph Birr-Pixton
f5c0ac7a12
Use new sct.rs, ct-logs and webpki-roots
2019-07-21 11:13:27 +01:00