rust/rustls
rust
/
rustls
mirror of https://github.com/ctz/rustls
1
0
Fork 0
Code Issues Releases Wiki Activity
2,690 Commits 45 Branches 69 Tags 32 MiB
Commit Graph

2690 Commits

Author SHA1 Message Date
Dirkjan Ochtman ca9cdfc20a
wip 2024-02-15 21:59:56 +01:00
Dirkjan Ochtman b7953a4bc7
tests: move quic tests into a separate file 2024-01-28 12:03:17 +01:00
Dirkjan Ochtman 724edd2954
tests: move do_exporter_test() into common 2024-01-28 12:01:59 +01:00
Dirkjan Ochtman bf4becc80c
quic: remove incorrect comment 2024-01-28 11:44:15 +01:00
Dirkjan Ochtman c10ce9d08b
quic: construct initial Keys from CryptoProvider 2024-01-24 23:07:53 +01:00
Dirkjan Ochtman 42a439d66f
quic: expose limits via PacketKey trait 2024-01-24 22:56:38 +01:00
Dirkjan Ochtman 0591cb13a3 quic: name fields of ring::quic::KeyBuilder 2024-01-12 15:14:36 +01:00
Joseph Birr-Pixton 5cd41a3d4f Prepare 0.22.2 2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton d4327d3b85 bogo: enable TLS13-Empty-Client-CA-List test 
This acts as a regression test for the previous commit.  This also enables:

- TLS12-Server-CertReq-CA-List
- TLS13-Server-CertReq-CA-List
- Null-Client-CA-List
 2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton d7c816190f Don't add empty `certificate_authorities` extension 2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton 08b12b4fd2 ring/sign.rs: improve testing 2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton e1a1b02779 Correct `SignatureScheme::sign()` for ED25519/448 2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton a79271c4c4 ring/ticketer.rs: cover AeadTicketer 2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton 7610662a3d ring/kx.rs: exercise `KxGroup::fmt` 
Remove unusable Debug derivation for `KeyExchange`
 2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton 5fa3322588 ci-bench: separately bench use of P384 curve 
This renames the P256 cases, so will introduce a
discontinuity in results tracking.
 2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton d9b35282db Test P521-SHA512 in bogo 
This makes it possible for our bogo config.json to vary
between providers.  That is achieved by -- with my sincere apologies --
applying the C preprocessor.
 2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton 6b5cc27c48 De-duplicate knowledge of test-ca/ CA names 2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton d0b24e64b5 Avoid extraenous `.iter()` in for loops 
clippy was complaining about manual `.into_iter()` calls, but actually
the manual `.iter()` calls are also not very idiomatic.
 2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton 390f909ca2 Split test-ca ecdsa by curve; add p521 
This goes from being a single set of keys for ECDSA (with a
purposeful mix of curves) to a set of keys per curve.

That means we can avoid P521 chains in tests when it is not supported.

In those tests, reflect this as additional `KeyType` variants.
 2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton 07e980fd99 aws_lc_rs::sign: add support for NISTP521 ECDSA keys 2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton c354b3b4ce aws_lc_rs::sign: note route to remove SEC1 hack 2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton e076b7dc07 Split off crypto/aws_lc_rs/sign.rs 2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton 6e04a7d362 aws-lc-rs: support verifying with ECDSA_P521_SHA512 2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton 0ae98566ee Depend on rustls-webpki 0.102.1 2024-01-08 11:09:44 +00:00
Daniel McCarney 62751aa20d Cargo: version 0.22.0 -> 0.22.1 2023-12-08 13:54:32 +00:00
Jacob Hoffman-Andrews 87d5259126 update examples to use pki_types re-export 
We now re-export the rustls-pki-types crate. I think that means
our preferred way for crates to consume pki-types is through the
re-exports.
 2023-12-08 13:54:32 +00:00
Dirkjan Ochtman 4226d1e73e Re-export the rustls-pki-types crate contents 2023-12-08 13:54:32 +00:00
Dirkjan Ochtman d624506b96 suites: move Debug impl below inherent impl 2023-12-08 13:54:32 +00:00
Dirkjan Ochtman 57071f7fbd quic: require that PacketKey and HeaderProtectionKey are Send + sync 2023-12-08 13:54:32 +00:00
Daniel McCarney f05fd1e9be crypto: explain TLS 1.2 version in TLS 1.3 message encrypters 
Without the context of RFC 8446 in your mind the use of the
`ProtocolVersion::TLSv1_2` constant in the TLS 1.3 `MessageEncrypter`
implementations appears like an oversight or copy/paste error. This
commit adds a brief explanatory comment.
 2023-12-08 13:54:32 +00:00
Christian Poveda 73f490f7ff Batch discard operations 2023-12-08 13:54:32 +00:00
Christian Poveda d4844a09d6 Introduce `DeframerSliceBuffer` 2023-12-08 13:54:32 +00:00
Jorge Aparicio 0a44288587 make append_hs generic 2023-12-08 13:54:32 +00:00
Jorge Aparicio 7b33d8a8db make MessageDeframer unbuffered 2023-12-08 13:54:32 +00:00
Jorge Aparicio 20b8daecca extract out MessageDeframer buffer 2023-12-08 13:54:32 +00:00
Christian Poveda 838304ad5e Make `assert_len` more succint 2023-12-08 13:54:32 +00:00
Jorge Aparicio 3f58ce889e deframer: move helpers after tests 2023-12-08 13:54:32 +00:00
Geoffroy Couprie 0f13356b09 remove the TLS 1.2 session ticket on DecryptError 
if for some reason the recorded session ticket is invalid or decoded
incorrectly by the server, we can get into a case where the resumption
handshake happens, and right after the ChangeCipherSpec message, the
server sends an encrypted handhsake message using the invalid ticket,
and the client rejects it with the BadRecordMAC alert.
Unfortunately, if the calling code retries the connection, if it will
try again with the same ticket and obtain the same result.
This commit makes sure that if we fail to decrypt the first message, we
will remove the session ticket for this server, to start from cratch on
the next connection.
 2023-12-08 13:54:32 +00:00
aashish ca25f15a19 doc: fix outdated documentation 2023-12-08 13:54:32 +00:00
girlbuzz e051f5c172
minor fix: fix comment that incorrectly says "google.com" instead of "rust-lang.org" (#1667) 
fix inaccurate comment
 2023-12-05 09:25:02 -05:00
Jacob Hoffman-Andrews 6845c013cb doc: remove `crate::` prefix for links 
Instead, use `#[cfg(doc)]` to conditionally import names that we want to
use in the docs. This provides a user-friendlier link name.
 2023-12-04 17:58:51 +00:00
Dirkjan Ochtman 74321cfbb1 Update semver-compatible dependencies 2023-12-04 09:46:53 +00:00
Joseph Birr-Pixton 4d1b762b53 Bump version to 0.22.0 2023-12-01 19:10:46 +00:00
Joseph Birr-Pixton 381dcf99ee Update dependencies 2023-12-01 19:10:46 +00:00
Daniel McCarney 553f400785 docs: link to SignatureSchemes from WebPkiSupportedAlgorithms 2023-12-01 18:27:53 +00:00
Daniel McCarney 822f86e822 docs: link to ActiveKeyExchange::complete from SharedSecret 
Also drops "as a value".
 2023-12-01 18:27:53 +00:00
Daniel McCarney e34d46d46d docs: link to SupportedKxGroup for ActiveKeyExchange doc 2023-12-01 18:27:53 +00:00
Daniel McCarney a572b301f5 msgs: docstrings for KeyExchangeAlgorithms 
This type appears in the 'crypto' mod docs without any accompanying
text. This commit adds some.
 2023-12-01 18:27:53 +00:00
Daniel McCarney e7cb24fe4e docs: re-order feature descriptions 
This puts ring, aws-lc-rs, and the tls12 features up front. They're
likely more interesting than the logging and read_buf features that are
increasingly niche.
 2023-12-01 18:27:53 +00:00
Daniel McCarney 50e43cebbb docs: consistently describe default features 
Consistently describe te default features, include that *ring* is
default enabled.
 2023-12-01 18:27:53 +00:00