Joseph Birr-Pixton
ae277befb5
Prepare 0.22.4
2024-04-19 15:01:47 +00:00
Joseph Birr-Pixton
5374108df6
complete_io: bail out if progress is impossible
...
Have a test that demonstrates another route to reaching this
state: a fully & cleanly closed connection.
2024-04-19 15:01:47 +00:00
Joseph Birr-Pixton
00e695d68d
Regression test for `complete_io` infinite loop bug
2024-04-19 15:01:47 +00:00
Joseph Birr-Pixton
0c6cd7ef68
Don't specially handle unauthenticated close_notify alerts
2024-04-19 15:01:47 +00:00
Joseph Birr-Pixton
a1e28cd1a4
Prepare 0.22.3
2024-03-25 14:23:58 +00:00
Joseph Birr-Pixton
114c476bcb
suites.rs: fix nonsensical duplicated feature gate
2024-03-25 14:23:58 +00:00
Joseph Birr-Pixton
ffd933a9fe
Fix new `clippy::use_self` warnings
...
Seems this has improved when the explicit lifetime bound is
the same as the one implied in `Self`.
2024-03-25 14:23:58 +00:00
Joseph Birr-Pixton
fb6e70a2ad
dangerous_extract_secrets(): test `ConnectionTrafficSecrets` variant
2024-03-25 14:23:58 +00:00
Arnav Singh
2d5c80ed16
Return correct `ConnectionTrafficSecrets` variant when AES-256-GCM is negotiated.
...
55bb27953d
inadvertently changed `extract_keys`
to always return `ConnectionTrafficSecrets::Aes128Gcm`, even when AES-256-GCM
was negotiated. This change fixes it by restoring the key length check.
Fixes #1833
2024-03-25 14:23:58 +00:00
Daniel McCarney
77ffe49443
tests: fix implied_bounds_in_impls clippy warn
...
```
error: this bound is already specified as the supertrait of `DerefMut`
--> rustls/tests/./common/mod.rs:596:35
|
596 | client: &mut (impl DerefMut + Deref<Target = ConnectionCommon<impl SideData>>),
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
= help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#implied_bounds_in_impls
help: try removing this bound
|
596 - client: &mut (impl DerefMut + Deref<Target = ConnectionCommon<impl SideData>>),
596 + client: &mut (impl DerefMut<Target = ConnectionCommon<impl SideData>>),
```
2024-03-25 14:23:58 +00:00
Joseph Birr-Pixton
65dfd9c8c1
Avoid `clippy::std_instead_of_core` false positive
...
This is complaining about the import of the `env` module from
`std::env`, instead of `core::env`.
However, `core::env` is a completely different item -- it is
the `env!` macro.
2024-03-25 14:23:58 +00:00
Joseph Birr-Pixton
b4adf89a9e
Address `clippy::multiple_bound_locations`
2024-03-25 14:23:58 +00:00
Joseph Birr-Pixton
1104a4753e
Address `clippy::mixed_attributes_style`
2024-03-25 14:23:58 +00:00
Joseph Birr-Pixton
5a5f638db1
Address `clippy::assigning_clones`
2024-03-25 14:23:58 +00:00
Joseph Birr-Pixton
4a61a5cb12
Test that reproduces the problem
...
Prior to the fix this fails with:
```
called `Result::unwrap()` on an `Err` value: PeerMisbehaved(SignedKxWithWrongAlgorithm)
```
2024-03-25 14:23:58 +00:00
Joseph Birr-Pixton
0f3ea982df
Map `SignatureScheme::ECDSA_SHA1_Legacy` to `SignatureAlgorithm::ECDSA`
2024-03-25 14:23:58 +00:00
Joseph Birr-Pixton
f89b8e3886
Move `MockServerVerifier` to tests::common
2024-03-25 14:23:58 +00:00
Joseph Birr-Pixton
e13d868c06
server::handy: fix new nightly clippy lint
...
"warning: you are explicitly cloning with `.map()`"
2024-03-25 14:23:58 +00:00
Joseph Birr-Pixton
5bda9c2dfe
Clean up `unused_qualifications` lints
2024-03-25 14:23:58 +00:00
Joseph Birr-Pixton
2590759da7
Clean up no_std and use of std in test code
...
This fixes a wedge of instances of:
```
warning: the item `String` is imported redundantly
--> rustls/src/msgs/handshake.rs:27:5
|
27 | use alloc::string::String;
| ^^^^^^^^^^^^^^^^^^^^^
```
Where `String` is present from the std prelude when built
for testing. Like we just did in webpki, _always_ opt-in
to no_std, and then import the std prelude in tests where
necessary.
2024-03-25 14:23:58 +00:00
Joseph Birr-Pixton
d022089471
API tests: ignore warnings in ClientStorage mock
...
This is a complete mock for `rustls::client::ClientSessionStore`,
but we don't have tests that use 100% of its abilities.
2024-03-25 14:23:58 +00:00
Joseph Birr-Pixton
6e0dc5079b
Update version of nightly for check-external-types
2024-02-27 19:12:22 +00:00
Christian Poveda
a8812696f2
Mark `SupportedProtocolVersion` as non-exhaustive
2024-02-27 19:12:22 +00:00
Joseph Birr-Pixton
deaaf95c86
Take curve25519-dalek 4.1.2
2024-02-27 19:12:22 +00:00
Joseph Birr-Pixton
5cd41a3d4f
Prepare 0.22.2
2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton
d4327d3b85
bogo: enable TLS13-Empty-Client-CA-List test
...
This acts as a regression test for the previous commit. This also enables:
- TLS12-Server-CertReq-CA-List
- TLS13-Server-CertReq-CA-List
- Null-Client-CA-List
2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton
d7c816190f
Don't add empty `certificate_authorities` extension
2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton
08b12b4fd2
ring/sign.rs: improve testing
2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton
e1a1b02779
Correct `SignatureScheme::sign()` for ED25519/448
2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton
a79271c4c4
ring/ticketer.rs: cover AeadTicketer
2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton
7610662a3d
ring/kx.rs: exercise `KxGroup::fmt`
...
Remove unusable Debug derivation for `KeyExchange`
2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton
5fa3322588
ci-bench: separately bench use of P384 curve
...
This renames the P256 cases, so will introduce a
discontinuity in results tracking.
2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton
d9b35282db
Test P521-SHA512 in bogo
...
This makes it possible for our bogo config.json to vary
between providers. That is achieved by -- with my sincere apologies --
applying the C preprocessor.
2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton
6b5cc27c48
De-duplicate knowledge of test-ca/ CA names
2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton
d0b24e64b5
Avoid extraenous `.iter()` in for loops
...
clippy was complaining about manual `.into_iter()` calls, but actually
the manual `.iter()` calls are also not very idiomatic.
2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton
390f909ca2
Split test-ca ecdsa by curve; add p521
...
This goes from being a single set of keys for ECDSA (with a
purposeful mix of curves) to a set of keys per curve.
That means we can avoid P521 chains in tests when it is not supported.
In those tests, reflect this as additional `KeyType` variants.
2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton
07e980fd99
aws_lc_rs::sign: add support for NISTP521 ECDSA keys
2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton
c354b3b4ce
aws_lc_rs::sign: note route to remove SEC1 hack
2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton
e076b7dc07
Split off crypto/aws_lc_rs/sign.rs
2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton
6e04a7d362
aws-lc-rs: support verifying with ECDSA_P521_SHA512
2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton
0ae98566ee
Depend on rustls-webpki 0.102.1
2024-01-08 11:09:44 +00:00
Daniel McCarney
62751aa20d
Cargo: version 0.22.0 -> 0.22.1
2023-12-08 13:54:32 +00:00
Jacob Hoffman-Andrews
87d5259126
update examples to use pki_types re-export
...
We now re-export the rustls-pki-types crate. I think that means
our preferred way for crates to consume pki-types is through the
re-exports.
2023-12-08 13:54:32 +00:00
Dirkjan Ochtman
4226d1e73e
Re-export the rustls-pki-types crate contents
2023-12-08 13:54:32 +00:00
Dirkjan Ochtman
d624506b96
suites: move Debug impl below inherent impl
2023-12-08 13:54:32 +00:00
Dirkjan Ochtman
57071f7fbd
quic: require that PacketKey and HeaderProtectionKey are Send + sync
2023-12-08 13:54:32 +00:00
Daniel McCarney
f05fd1e9be
crypto: explain TLS 1.2 version in TLS 1.3 message encrypters
...
Without the context of RFC 8446 in your mind the use of the
`ProtocolVersion::TLSv1_2` constant in the TLS 1.3 `MessageEncrypter`
implementations appears like an oversight or copy/paste error. This
commit adds a brief explanatory comment.
2023-12-08 13:54:32 +00:00
Christian Poveda
73f490f7ff
Batch discard operations
2023-12-08 13:54:32 +00:00
Christian Poveda
d4844a09d6
Introduce `DeframerSliceBuffer`
2023-12-08 13:54:32 +00:00
Jorge Aparicio
0a44288587
make append_hs generic
2023-12-08 13:54:32 +00:00