rust/rustls
rust
/
rustls
mirror of https://github.com/ctz/rustls
1
0
Fork 0
Code Issues Releases Wiki Activity
2,707 Commits 45 Branches 69 Tags 32 MiB
Commit Graph

2707 Commits

Author SHA1 Message Date
Joseph Birr-Pixton ae277befb5 Prepare 0.22.4 2024-04-19 15:01:47 +00:00
Joseph Birr-Pixton 5374108df6 complete_io: bail out if progress is impossible 
Have a test that demonstrates another route to reaching this
state: a fully & cleanly closed connection.
 2024-04-19 15:01:47 +00:00
Joseph Birr-Pixton 00e695d68d Regression test for `complete_io` infinite loop bug 2024-04-19 15:01:47 +00:00
Joseph Birr-Pixton 0c6cd7ef68 Don't specially handle unauthenticated close_notify alerts 2024-04-19 15:01:47 +00:00
Joseph Birr-Pixton a1e28cd1a4 Prepare 0.22.3 2024-03-25 14:23:58 +00:00
Joseph Birr-Pixton 114c476bcb suites.rs: fix nonsensical duplicated feature gate 2024-03-25 14:23:58 +00:00
Joseph Birr-Pixton ffd933a9fe Fix new `clippy::use_self` warnings 
Seems this has improved when the explicit lifetime bound is
the same as the one implied in `Self`.
 2024-03-25 14:23:58 +00:00
Joseph Birr-Pixton fb6e70a2ad dangerous_extract_secrets(): test `ConnectionTrafficSecrets` variant 2024-03-25 14:23:58 +00:00
Arnav Singh 2d5c80ed16 Return correct `ConnectionTrafficSecrets` variant when AES-256-GCM is negotiated. 
55bb27953d inadvertently changed `extract_keys`
to always return `ConnectionTrafficSecrets::Aes128Gcm`, even when AES-256-GCM
was negotiated. This change fixes it by restoring the key length check.

Fixes #1833
 2024-03-25 14:23:58 +00:00
Daniel McCarney 77ffe49443 tests: fix implied_bounds_in_impls clippy warn 
```
error: this bound is already specified as the supertrait of `DerefMut`
   --> rustls/tests/./common/mod.rs:596:35
    |
596 |     client: &mut (impl DerefMut + Deref<Target = ConnectionCommon<impl SideData>>),
    |                                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    |
    = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#implied_bounds_in_impls
help: try removing this bound
    |
596 -     client: &mut (impl DerefMut + Deref<Target = ConnectionCommon<impl SideData>>),
596 +     client: &mut (impl DerefMut<Target = ConnectionCommon<impl SideData>>),
```
 2024-03-25 14:23:58 +00:00
Joseph Birr-Pixton 65dfd9c8c1 Avoid `clippy::std_instead_of_core` false positive 
This is complaining about the import of the `env` module from
`std::env`, instead of `core::env`.

However, `core::env` is a completely different item -- it is
the `env!` macro.
 2024-03-25 14:23:58 +00:00
Joseph Birr-Pixton b4adf89a9e Address `clippy::multiple_bound_locations` 2024-03-25 14:23:58 +00:00
Joseph Birr-Pixton 1104a4753e Address `clippy::mixed_attributes_style` 2024-03-25 14:23:58 +00:00
Joseph Birr-Pixton 5a5f638db1 Address `clippy::assigning_clones` 2024-03-25 14:23:58 +00:00
Joseph Birr-Pixton 4a61a5cb12 Test that reproduces the problem 
Prior to the fix this fails with:

```
called `Result::unwrap()` on an `Err` value: PeerMisbehaved(SignedKxWithWrongAlgorithm)
```
 2024-03-25 14:23:58 +00:00
Joseph Birr-Pixton 0f3ea982df Map `SignatureScheme::ECDSA_SHA1_Legacy` to `SignatureAlgorithm::ECDSA` 2024-03-25 14:23:58 +00:00
Joseph Birr-Pixton f89b8e3886 Move `MockServerVerifier` to tests::common 2024-03-25 14:23:58 +00:00
Joseph Birr-Pixton e13d868c06 server::handy: fix new nightly clippy lint 
"warning: you are explicitly cloning with `.map()`"
 2024-03-25 14:23:58 +00:00
Joseph Birr-Pixton 5bda9c2dfe Clean up `unused_qualifications` lints 2024-03-25 14:23:58 +00:00
Joseph Birr-Pixton 2590759da7 Clean up no_std and use of std in test code 
This fixes a wedge of instances of:

```
warning: the item `String` is imported redundantly
  --> rustls/src/msgs/handshake.rs:27:5
   |
27 | use alloc::string::String;
   |     ^^^^^^^^^^^^^^^^^^^^^
```

Where `String` is present from the std prelude when built
for testing.  Like we just did in webpki, _always_ opt-in
to no_std, and then import the std prelude in tests where
necessary.
 2024-03-25 14:23:58 +00:00
Joseph Birr-Pixton d022089471 API tests: ignore warnings in ClientStorage mock 
This is a complete mock for `rustls::client::ClientSessionStore`,
but we don't have tests that use 100% of its abilities.
 2024-03-25 14:23:58 +00:00
Joseph Birr-Pixton 6e0dc5079b Update version of nightly for check-external-types 2024-02-27 19:12:22 +00:00
Christian Poveda a8812696f2 Mark `SupportedProtocolVersion` as non-exhaustive 2024-02-27 19:12:22 +00:00
Joseph Birr-Pixton deaaf95c86 Take curve25519-dalek 4.1.2 2024-02-27 19:12:22 +00:00
Joseph Birr-Pixton 5cd41a3d4f Prepare 0.22.2 2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton d4327d3b85 bogo: enable TLS13-Empty-Client-CA-List test 
This acts as a regression test for the previous commit.  This also enables:

- TLS12-Server-CertReq-CA-List
- TLS13-Server-CertReq-CA-List
- Null-Client-CA-List
 2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton d7c816190f Don't add empty `certificate_authorities` extension 2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton 08b12b4fd2 ring/sign.rs: improve testing 2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton e1a1b02779 Correct `SignatureScheme::sign()` for ED25519/448 2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton a79271c4c4 ring/ticketer.rs: cover AeadTicketer 2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton 7610662a3d ring/kx.rs: exercise `KxGroup::fmt` 
Remove unusable Debug derivation for `KeyExchange`
 2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton 5fa3322588 ci-bench: separately bench use of P384 curve 
This renames the P256 cases, so will introduce a
discontinuity in results tracking.
 2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton d9b35282db Test P521-SHA512 in bogo 
This makes it possible for our bogo config.json to vary
between providers.  That is achieved by -- with my sincere apologies --
applying the C preprocessor.
 2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton 6b5cc27c48 De-duplicate knowledge of test-ca/ CA names 2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton d0b24e64b5 Avoid extraenous `.iter()` in for loops 
clippy was complaining about manual `.into_iter()` calls, but actually
the manual `.iter()` calls are also not very idiomatic.
 2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton 390f909ca2 Split test-ca ecdsa by curve; add p521 
This goes from being a single set of keys for ECDSA (with a
purposeful mix of curves) to a set of keys per curve.

That means we can avoid P521 chains in tests when it is not supported.

In those tests, reflect this as additional `KeyType` variants.
 2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton 07e980fd99 aws_lc_rs::sign: add support for NISTP521 ECDSA keys 2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton c354b3b4ce aws_lc_rs::sign: note route to remove SEC1 hack 2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton e076b7dc07 Split off crypto/aws_lc_rs/sign.rs 2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton 6e04a7d362 aws-lc-rs: support verifying with ECDSA_P521_SHA512 2024-01-08 11:09:44 +00:00
Joseph Birr-Pixton 0ae98566ee Depend on rustls-webpki 0.102.1 2024-01-08 11:09:44 +00:00
Daniel McCarney 62751aa20d Cargo: version 0.22.0 -> 0.22.1 2023-12-08 13:54:32 +00:00
Jacob Hoffman-Andrews 87d5259126 update examples to use pki_types re-export 
We now re-export the rustls-pki-types crate. I think that means
our preferred way for crates to consume pki-types is through the
re-exports.
 2023-12-08 13:54:32 +00:00
Dirkjan Ochtman 4226d1e73e Re-export the rustls-pki-types crate contents 2023-12-08 13:54:32 +00:00
Dirkjan Ochtman d624506b96 suites: move Debug impl below inherent impl 2023-12-08 13:54:32 +00:00
Dirkjan Ochtman 57071f7fbd quic: require that PacketKey and HeaderProtectionKey are Send + sync 2023-12-08 13:54:32 +00:00
Daniel McCarney f05fd1e9be crypto: explain TLS 1.2 version in TLS 1.3 message encrypters 
Without the context of RFC 8446 in your mind the use of the
`ProtocolVersion::TLSv1_2` constant in the TLS 1.3 `MessageEncrypter`
implementations appears like an oversight or copy/paste error. This
commit adds a brief explanatory comment.
 2023-12-08 13:54:32 +00:00
Christian Poveda 73f490f7ff Batch discard operations 2023-12-08 13:54:32 +00:00
Christian Poveda d4844a09d6 Introduce `DeframerSliceBuffer` 2023-12-08 13:54:32 +00:00
Jorge Aparicio 0a44288587 make append_hs generic 2023-12-08 13:54:32 +00:00