Dirkjan Ochtman
ca9cdfc20a
wip
2024-02-15 21:59:56 +01:00
Dirkjan Ochtman
b7953a4bc7
tests: move quic tests into a separate file
2024-01-28 12:03:17 +01:00
Dirkjan Ochtman
724edd2954
tests: move do_exporter_test() into common
2024-01-28 12:01:59 +01:00
Dirkjan Ochtman
bf4becc80c
quic: remove incorrect comment
2024-01-28 11:44:15 +01:00
Dirkjan Ochtman
c10ce9d08b
quic: construct initial Keys from CryptoProvider
2024-01-24 23:07:53 +01:00
Dirkjan Ochtman
42a439d66f
quic: expose limits via PacketKey trait
2024-01-24 22:56:38 +01:00
Dirkjan Ochtman
0591cb13a3
quic: name fields of ring::quic::KeyBuilder
2024-01-12 15:14:36 +01:00
Joseph Birr-Pixton
5cd41a3d4f
Prepare 0.22.2
2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton
d4327d3b85
bogo: enable TLS13-Empty-Client-CA-List test
...
This acts as a regression test for the previous commit. This also enables:
- TLS12-Server-CertReq-CA-List
- TLS13-Server-CertReq-CA-List
- Null-Client-CA-List
2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton
d7c816190f
Don't add empty `certificate_authorities` extension
2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton
08b12b4fd2
ring/sign.rs: improve testing
2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton
e1a1b02779
Correct `SignatureScheme::sign()` for ED25519/448
2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton
a79271c4c4
ring/ticketer.rs: cover AeadTicketer
2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton
7610662a3d
ring/kx.rs: exercise `KxGroup::fmt`
...
Remove unusable Debug derivation for `KeyExchange`
2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton
5fa3322588
ci-bench: separately bench use of P384 curve
...
This renames the P256 cases, so will introduce a
discontinuity in results tracking.
2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton
d9b35282db
Test P521-SHA512 in bogo
...
This makes it possible for our bogo config.json to vary
between providers. That is achieved by -- with my sincere apologies --
applying the C preprocessor.
2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton
6b5cc27c48
De-duplicate knowledge of test-ca/ CA names
2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton
d0b24e64b5
Avoid extraenous `.iter()` in for loops
...
clippy was complaining about manual `.into_iter()` calls, but actually
the manual `.iter()` calls are also not very idiomatic.
2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton
390f909ca2
Split test-ca ecdsa by curve; add p521
...
This goes from being a single set of keys for ECDSA (with a
purposeful mix of curves) to a set of keys per curve.
That means we can avoid P521 chains in tests when it is not supported.
In those tests, reflect this as additional `KeyType` variants.
2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton
07e980fd99
aws_lc_rs::sign: add support for NISTP521 ECDSA keys
2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton
c354b3b4ce
aws_lc_rs::sign: note route to remove SEC1 hack
2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton
e076b7dc07
Split off crypto/aws_lc_rs/sign.rs
2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton
6e04a7d362
aws-lc-rs: support verifying with ECDSA_P521_SHA512
2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton
0ae98566ee
Depend on rustls-webpki 0.102.1
2024-01-08 11:09:44 +00:00
Daniel McCarney
62751aa20d
Cargo: version 0.22.0 -> 0.22.1
2023-12-08 13:54:32 +00:00
Jacob Hoffman-Andrews
87d5259126
update examples to use pki_types re-export
...
We now re-export the rustls-pki-types crate. I think that means
our preferred way for crates to consume pki-types is through the
re-exports.
2023-12-08 13:54:32 +00:00
Dirkjan Ochtman
4226d1e73e
Re-export the rustls-pki-types crate contents
2023-12-08 13:54:32 +00:00
Dirkjan Ochtman
d624506b96
suites: move Debug impl below inherent impl
2023-12-08 13:54:32 +00:00
Dirkjan Ochtman
57071f7fbd
quic: require that PacketKey and HeaderProtectionKey are Send + sync
2023-12-08 13:54:32 +00:00
Daniel McCarney
f05fd1e9be
crypto: explain TLS 1.2 version in TLS 1.3 message encrypters
...
Without the context of RFC 8446 in your mind the use of the
`ProtocolVersion::TLSv1_2` constant in the TLS 1.3 `MessageEncrypter`
implementations appears like an oversight or copy/paste error. This
commit adds a brief explanatory comment.
2023-12-08 13:54:32 +00:00
Christian Poveda
73f490f7ff
Batch discard operations
2023-12-08 13:54:32 +00:00
Christian Poveda
d4844a09d6
Introduce `DeframerSliceBuffer`
2023-12-08 13:54:32 +00:00
Jorge Aparicio
0a44288587
make append_hs generic
2023-12-08 13:54:32 +00:00
Jorge Aparicio
7b33d8a8db
make MessageDeframer unbuffered
2023-12-08 13:54:32 +00:00
Jorge Aparicio
20b8daecca
extract out MessageDeframer buffer
2023-12-08 13:54:32 +00:00
Christian Poveda
838304ad5e
Make `assert_len` more succint
2023-12-08 13:54:32 +00:00
Jorge Aparicio
3f58ce889e
deframer: move helpers after tests
2023-12-08 13:54:32 +00:00
Geoffroy Couprie
0f13356b09
remove the TLS 1.2 session ticket on DecryptError
...
if for some reason the recorded session ticket is invalid or decoded
incorrectly by the server, we can get into a case where the resumption
handshake happens, and right after the ChangeCipherSpec message, the
server sends an encrypted handhsake message using the invalid ticket,
and the client rejects it with the BadRecordMAC alert.
Unfortunately, if the calling code retries the connection, if it will
try again with the same ticket and obtain the same result.
This commit makes sure that if we fail to decrypt the first message, we
will remove the session ticket for this server, to start from cratch on
the next connection.
2023-12-08 13:54:32 +00:00
aashish
ca25f15a19
doc: fix outdated documentation
2023-12-08 13:54:32 +00:00
girlbuzz
e051f5c172
minor fix: fix comment that incorrectly says "google.com" instead of "rust-lang.org" ( #1667 )
...
fix inaccurate comment
2023-12-05 09:25:02 -05:00
Jacob Hoffman-Andrews
6845c013cb
doc: remove `crate::` prefix for links
...
Instead, use `#[cfg(doc)]` to conditionally import names that we want to
use in the docs. This provides a user-friendlier link name.
2023-12-04 17:58:51 +00:00
Dirkjan Ochtman
74321cfbb1
Update semver-compatible dependencies
2023-12-04 09:46:53 +00:00
Joseph Birr-Pixton
4d1b762b53
Bump version to 0.22.0
2023-12-01 19:10:46 +00:00
Joseph Birr-Pixton
381dcf99ee
Update dependencies
2023-12-01 19:10:46 +00:00
Daniel McCarney
553f400785
docs: link to SignatureSchemes from WebPkiSupportedAlgorithms
2023-12-01 18:27:53 +00:00
Daniel McCarney
822f86e822
docs: link to ActiveKeyExchange::complete from SharedSecret
...
Also drops "as a value".
2023-12-01 18:27:53 +00:00
Daniel McCarney
e34d46d46d
docs: link to SupportedKxGroup for ActiveKeyExchange doc
2023-12-01 18:27:53 +00:00
Daniel McCarney
a572b301f5
msgs: docstrings for KeyExchangeAlgorithms
...
This type appears in the 'crypto' mod docs without any accompanying
text. This commit adds some.
2023-12-01 18:27:53 +00:00
Daniel McCarney
e7cb24fe4e
docs: re-order feature descriptions
...
This puts ring, aws-lc-rs, and the tls12 features up front. They're
likely more interesting than the logging and read_buf features that are
increasingly niche.
2023-12-01 18:27:53 +00:00
Daniel McCarney
50e43cebbb
docs: consistently describe default features
...
Consistently describe te default features, include that *ring* is
default enabled.
2023-12-01 18:27:53 +00:00