Skip to content

rebase: port Reality feature onto upstream rustls main #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
ibigbug wants to merge 1,522 commits into from
Closed

rebase: port Reality feature onto upstream rustls main #8

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1522 commits
Select commit Hold shift + click to select a range
f7e7007
client: make Tls12ClientSessionValue serializable
djc Feb 6, 2026
4dacdf6
client: add tests for ticket serialization
djc Feb 6, 2026
4347232
client: replace ClientSessionValue suffix with Session
djc Feb 6, 2026
8faa66e
msgs: clean up SessionId impl order
djc Feb 7, 2026
6f0f282
server: introduce new ServerSessionKey type for cache
djc Feb 7, 2026
cb6ec46
server: move Tls13ServerSessionValue into tls13
djc Feb 7, 2026
860fb42
server: inline 1.3 session value constructor wrapper
djc Feb 7, 2026
dc09dd1
server: move Tls12ServerSessionValue into tls12
djc Feb 7, 2026
51e5398
server: inline 1.2 session value constructor wrapper
djc Feb 7, 2026
021d956
cache: inline bounds
djc Feb 7, 2026
6181eab
cache: avoid overly restrictive bounds
djc Feb 7, 2026
37f1bec
cache: switch impl block order
djc Feb 7, 2026
4d7bf02
server: extract some resumption handling code
djc Feb 7, 2026
01da7ba
server: simplify handle_psk_offer() function
djc Feb 7, 2026
a26d95e
server: extract 1.2 resumption check into function
djc Feb 7, 2026
bbc9abd
server: move attempt_tls13_ticket_decryption() to Tls13ServerSessionV…
djc Feb 7, 2026
40ff945
server: deduplicate handshake state
djc Feb 7, 2026
32673ca
server: avoid cloning resumption data
djc Feb 7, 2026
6c010f8
server: rework extension processing interface
djc Feb 7, 2026
fcc6631
server: inline ExtensionProcessing::process_tls12()
djc Feb 7, 2026
049e578
server: detach process_cert_type_extension() from ExtensionProcessing
djc Feb 7, 2026
1ddb2a7
server: avoid processing certificate type extensions for 1.2
djc Feb 7, 2026
fdbd239
server: move send_ticket state out of ExtensionProcessing
djc Feb 7, 2026
5f01568
server: extract extensions from ExtensionProcessing
djc Feb 7, 2026
f591545
Flatten out `Deref`s in public API
ctz Feb 5, 2026
251acce
Flatten out some `Deref`s in QUIC public API
ctz Feb 6, 2026
fce5f7c
Minimize QUIC API
ctz Feb 9, 2026
b8e5d41
client: deduplicate handshake states
djc Feb 8, 2026
3cbb413
Add FUNDING.yml
ctz Feb 9, 2026
fe7eaef
Use monotonic time for the TicketRotator
djc Jan 31, 2026
62f3cbc
server: avoid allocating for ephemeral session value
djc Feb 7, 2026
714d120
Avoid API misfeature in `test_close_notify_sent_prior_to_handshake_co…
ctz Feb 11, 2026
ebf2620
Abstract core `process_new_packets()` over buffer type
ctz Jan 6, 2026
e4ddd0b
Rename `ReceivedData` trait
ctz Feb 12, 2026
9f8a349
Drop plaintext receipt into caller of `process_new_packets()`
ctz Jan 6, 2026
7d0860d
Move `IoState`, `wants_read` etc up from `common_state`
ctz Jan 6, 2026
8358e17
Move `received_plaintext` up to correct layer
ctz Jan 6, 2026
e4b9d66
Move `HandshakeDeframer` down to `ReceivePath`
ctz Jan 9, 2026
b74a118
Move dependency on send path up out of `process_more_input`
ctz Jan 9, 2026
12defc9
Move message input flow into `ReceivePath`
ctz Jan 9, 2026
4185c27
daily-tests: eliminate unbuffered tests
ctz Feb 12, 2026
b63acea
CONTRIBUTING: updates about testing strategy
ctz Feb 12, 2026
35d83b9
Take hpke-rs* 0.6
ctz Feb 13, 2026
cb81251
Take semver-compatible updates
ctz Feb 13, 2026
e3a5790
chore(deps): update dependency go to v1.26.0
renovate-bot Feb 13, 2026
88b16ef
Degeneralise low-level state machine
ctz Jan 14, 2026
ccca938
Representing sending an alert as an `Event`
ctz Jan 28, 2026
1916a4d
Move `parse_and_maybe_drop` into `ReceivePath`
ctz Jan 28, 2026
1c814ed
Take `EncodedMessage` by value
ctz Jan 28, 2026
8d44305
Rename `process_main_protocol` and hoist state machine
ctz Jan 28, 2026
bf44348
Attach `receive_message()` to `ReceivePath`
ctz Jan 29, 2026
cb8f170
Attach send-side key lifecycle to `SendPath`
ctz Jan 30, 2026
96fd2b0
Minimize visibility of internals
ctz Jan 31, 2026
77f7b16
Take semver-compatible updates
ctz Feb 18, 2026
3bf86c8
Improve bogo speed with AWS_LC_SYS_NO_JITTER_ENTROPY=1
ctz Feb 18, 2026
b07b841
Use AWS_LC_SYS_NO_JITTER_ENTROPY=1 in CI
ctz Feb 18, 2026
411f846
Add ML-KEM-1024 key encapsulation mechanism
DarkmatterVale Feb 22, 2026
df96904
io tests: have `OtherSession` capture written data
ctz Feb 23, 2026
d5991c5
Clarify `test_server_mtu_reduction` test
ctz Feb 23, 2026
d528868
Rework `test_client_mtu_reduction` test
ctz Feb 23, 2026
8dea909
tlsvulns.rs: use archive.org for Kelsey paper
ctz Feb 25, 2026
1a2d4ef
ci-bench: rename `run-single` subcommand
ctz Feb 25, 2026
14d176f
Extract output of CSV results
ctz Feb 25, 2026
1692607
Add command for running single benchmark
ctz Feb 25, 2026
420531e
tests: track caller for test helper functions
djc Feb 11, 2026
a8a6324
bogo: move exec() before Options
djc Feb 11, 2026
6dbd135
bogo: move exec() helpers up
djc Feb 11, 2026
dcbaed3
common_state: inline parse_and_maybe_drop()
djc Feb 11, 2026
114b4a9
deframer: remove unused DeframerSliceBuffer
djc Feb 11, 2026
321c738
deframer: merge DeframerVecBuffer impl blocks
djc Feb 11, 2026
5f02136
deframer: re-order items in buffers module
djc Feb 11, 2026
df70dea
Use names for ci-bench benchmarks rather than indices
ctz Feb 25, 2026
511bc5a
Fix new `clippy::collapsible_match` lint
ctz Feb 27, 2026
4d0f96d
Fix new `clippy::useless_conversion` lint
ctz Feb 27, 2026
b66f521
Avoid duplicate KeyUpdates when requested by both API and peer
ctz Jan 31, 2026
7b9601a
Generalise `maybe_send_fatal_alert` over Output trait
ctz Feb 1, 2026
50e1cf3
Ensure `SideData` and `CommonState` are siblings
ctz Feb 24, 2026
ed47040
Drop `has_seen_eof` into buffered `ConnectionCommon`
ctz Feb 3, 2026
5c612af
Move ticket receipt counter into ReceivePath
ctz Feb 10, 2026
d6ca2d4
conn: handle received plaintext separately
djc Feb 27, 2026
2d1dd8d
conn: inline ConnectionCore::process_new_packets()
djc Feb 27, 2026
b124f55
Update formatting to adapt to nightly style changes
djc Feb 28, 2026
0ca3801
chore(deps): update actions/upload-artifact action to v7
renovate-bot Mar 1, 2026
4101431
Rename `ClientConnectionData` -> `ClientSide`
ctz Feb 9, 2026
b84c293
Temporarily withdraw test of limitedclient
ctz Jan 19, 2026
35b29e6
Introduce side-specific state machine
ctz Jan 15, 2026
de95e08
Bind together an Error and encrypted alert
ctz Jan 12, 2026
94fd743
Allow `into_kernel_connection` for split connections
ctz Feb 4, 2026
99a8005
Rename `StartOutgoingTraffic` to be specific
ctz Feb 20, 2026
5bd7a36
Move `fips()` out from `ConnectionOutputs`
ctz Feb 25, 2026
2970318
Integrate `Acceptor`-style flow into server state machine
ctz Feb 16, 2026
b9ea828
Avoid cloning signature-scheme list twice
ctz Mar 1, 2026
f122faf
Remove feature gates and fix doctests
ctz Mar 3, 2026
1031fb2
Update feature documentation
ctz Mar 3, 2026
78e341f
Update provider crate feature docs
ctz Mar 3, 2026
7d247d4
build(deps): bump aws-lc-fips-sys from 0.13.11 to 0.13.12
dependabot[bot] Mar 3, 2026
155b03a
Take semver-compatible updates
ctz Mar 4, 2026
02755a8
Move references to ECH RFC 9849
ctz Mar 4, 2026
3fae9d8
common_state: extract send_msg() method from Output::emit()
djc Feb 28, 2026
e5f08a2
conn: move Quic out of CommonState
djc Feb 27, 2026
b160343
common_state: move key schedule update logic into method
djc Feb 28, 2026
ffa5344
common_state: move start traffic event into separate method
djc Feb 28, 2026
ca2470f
common_state: replace SendPath events with SendOutput trait
djc Feb 28, 2026
670ea11
common_state: replace ReceivePath events with access to ReceivePath
djc Feb 28, 2026
0043a0d
common_state: avoid separate ProtocolVersion event disposition
djc Feb 28, 2026
c3096f3
common_state: drop Output impl for ReceivePath
djc Feb 28, 2026
dda1467
common_state: drop Output impl for SendPath
djc Feb 28, 2026
e9523d1
common_state: split OutputEvent out of Event
djc Feb 28, 2026
196debd
conn: specify SideCommonOutput::common to be CommonState
djc Feb 28, 2026
a63ef45
key_schedule: devirtualize send/receive calls
djc Feb 28, 2026
1ec49bb
conn_state: move side event handling into SideData trait
djc Feb 28, 2026
766f226
conn_state: drop Output impl for ConnectionOutputs
djc Feb 28, 2026
9dae5a9
common_state: specify CaptureAppData::data to be SplitReceive
djc Feb 28, 2026
7184d60
common_state: specify SendOutput for use in receive_message()
djc Feb 28, 2026
7a599ef
conn: use concrete JoinOutput type for process_new_packets()
djc Feb 28, 2026
8a71f4b
common_state: inline SplitReceive type
djc Feb 28, 2026
1d3e760
conn: avoid closure in process_new_packets()
djc Feb 28, 2026
de04e5c
conn: extract CaptureAppData setup
djc Feb 28, 2026
c451b20
common_state: drop Output impl for JoinOutput
djc Feb 28, 2026
e736623
common_state: drop Output impl for CommonState
djc Feb 28, 2026
21702bb
deframer: always allow 64k input buffer
djc Mar 5, 2026
aebe3e6
chore(deps): update dependency go to v1.26.1
renovate-bot Mar 6, 2026
9083c25
client: pass session ticket extension directly into Tls13Session::new()
djc Mar 7, 2026
245f0bc
Move SendPath from common_state to conn
djc Mar 7, 2026
4e6704f
Move ReceivePath from common_state to conn
djc Mar 7, 2026
4f67c23
Add updated benchmarks
ctz Mar 7, 2026
c5a1a4a
feat: add RFC 8998 SM cipher suite support
kintaiW Mar 9, 2026
c53174d
docs: add rustls-ccm to third-party providers list
jsulmont Mar 9, 2026
f3ab24a
Revert "rustls-bench: short circuit single threaded tests"
ctz Mar 9, 2026
7cf3f1b
Remove unused heartbeat enum types
ctz Mar 8, 2026
1561165
Remove reduced-debug kludge for `CipherSuite`
ctz Mar 9, 2026
5916ef2
Pare-down known values for enums
ctz Mar 8, 2026
1509dfc
Use more efficient enum representation
ctz Mar 8, 2026
8804b6c
common_state: parametrize Output with message lifetime
djc Mar 7, 2026
bf2be4b
Move CaptureAppData and JoinOutput closer to usage
djc Mar 9, 2026
46804e8
conn: attach process_new_packets() to ReceivePath
djc Mar 10, 2026
b1cd89b
conn: move some process_new_packets() logic into ConnectionCore
djc Mar 10, 2026
37db24f
msgs: use a VecDeque for HandshakeDeframer spans
djc Mar 10, 2026
4434ee1
msgs: drop unused handshake iterator complexity
djc Mar 10, 2026
fb3e5e3
msgs: exchange span for message in deframer
djc Mar 10, 2026
ddde1c8
conn: hoist BufferProgress setup
djc Mar 10, 2026
ef51100
msgs: avoid using sentinel for optional value
djc Mar 10, 2026
0eb9e3a
Correct documentation on `SecretExtractionRequiresPriorOptIn` error
ctz Mar 4, 2026
2581802
Extract `Buffers` from `ConnectionCore`
ctz Feb 13, 2026
791f4fd
Record the ability to send half-rtt data
ctz Mar 2, 2026
e5e1f91
Rename `DeframerVecBuffer` to `VecInput`
ctz Feb 27, 2026
c51ea13
Introduce `SliceInput` and make input trait public
ctz Mar 4, 2026
52dcf21
Insert trait for input to `ConnectionOutputs`
ctz Mar 6, 2026
d7637aa
Rework `SendPath::write_plaintext` to eliminate a copy
ctz Mar 9, 2026
0a9985a
Box `ChooseConfig` state
ctz Mar 6, 2026
66c931a
conn: merge message deframing methods
djc Mar 10, 2026
33d0c00
Avoid inlining tag zeroization
djc Mar 12, 2026
f6ce6b8
acceptor: add test for bad maximum fragment size
ctz Mar 12, 2026
3bbfa32
acceptor: improve coverage of `AcceptedAlert`
ctz Mar 12, 2026
2b13ae0
Withdraw unused Debug on internal types
ctz Mar 12, 2026
45d2e7a
Track buffer progress inside HandshakeDeframer
djc Mar 13, 2026
5128a06
msgs: use split_at_mut_checked() in DeframerIter
djc Mar 13, 2026
706a290
conn: avoid unnecessary transpose()
djc Mar 13, 2026
76d680e
msgs: tweak HandshakeDeframer::aligned() docs
djc Mar 13, 2026
8ba688f
msgs: avoid extra loop to check span sizes
djc Mar 13, 2026
dabfb3a
msgs: reformulate dissection by splitting slices
djc Mar 13, 2026
b608845
Tweak SECURITY.md to provide guidance to sloperators
djc Mar 17, 2026
f605db8
webpki: avoid panic when misconfigured without verification algorithms
djc Mar 17, 2026
77f5852
docs: fix typo in SECURITY.md security bug advice
cpu Mar 17, 2026
59e5794
Check provider DHE `ffdhe_group()` correctness
ctz Mar 17, 2026
491d636
Enforce that `WebPkiSupportedAlgorithms` are sensible
ctz Mar 17, 2026
3521b4b
Apply KU flood limit to all traffic-time handshake messages
ctz Mar 17, 2026
52af466
chore(deps): update rust crate asn1 to 0.24
renovate-bot Mar 19, 2026
757dc15
Take semver-compatible dependency updates
djc Mar 21, 2026
5243275
Enable the key log file tests to run on macOS
brian-pane Mar 20, 2026
a396317
SECURITY.md: add threat model
ctz Mar 17, 2026
f63618b
Prepare rustls-post-quantum 0.3.0-alpha.0 against 0.24.0
ctz Mar 21, 2026
27371f2
Update pinned webpki alpha
djc Mar 21, 2026
1d40e4b
msgs: use ranges directly when dissecting handshake messages
djc Mar 16, 2026
b7f3368
msgs: yield ranges from DeframerIter
djc Mar 17, 2026
9dc2e9f
msgs: take bounds in HandshakeDeframer::input_message()
djc Mar 16, 2026
ea1bfe5
msgs: pass paylound range into HandshakeDeframer::input_message()
djc Mar 18, 2026
d641a7a
msgs: inline single-caller function coalesce_one()
djc Mar 18, 2026
c06c6c5
msgs: inline single-caller HandshakeDeframer::requires_coalesce()
djc Mar 18, 2026
9bb45dd
msgs: use struct item type for DeframerIter
djc Mar 23, 2026
f3ee681
msgs: attach deframing logic to HandshakeDeframer
djc Mar 18, 2026
49d02d4
msgs: rename HandshakeDeframer to Deframer
djc Mar 21, 2026
239fe7d
msgs: merge deframer modules
djc Mar 21, 2026
d8a7132
msgs: re-order Deframer methods
djc Mar 21, 2026
99e3f63
post-quantum: make ML-DSA support unconditional
djc Mar 23, 2026
74ba6b0
post-quantum: stop re-exporting ML-KEM constants
djc Mar 23, 2026
fef3dbf
post-quantum: import items from super in test module
djc Mar 23, 2026
d619615
post-quantum: modernize provider API
djc Mar 23, 2026
ff8ea3f
aws-lc-rs: rename AwsLcRsAlgorithm to AwsLcRsVerificationAlgorithm
djc Mar 23, 2026
f843c95
Move ML-DSA signature verification algorithms into rustls-post-quantum
djc Mar 23, 2026
04c82e1
Take semver-compatible updates
ctz Mar 24, 2026
0eb3a8b
Fix get16 enum testing helper
ctz Mar 26, 2026
949993b
Withdraw DerefMut for outputs from connection types
ctz Mar 26, 2026
f58c026
chore(deps): update actions/deploy-pages action to v5
renovate-bot Mar 26, 2026
bf73210
Avoid allocation in `derive_for_empty_hash` for new hashes
ctz Mar 16, 2026
1ef8fa5
chore(deps): update codecov/codecov-action action to v6
renovate-bot Mar 28, 2026
523dc08
conn: drop nested connection module
djc Feb 11, 2026
a997020
quic: drop nested connection module
djc Feb 11, 2026
cfed325
Test client error if server selects unoffered ALPN
ctz Mar 31, 2026
700961e
Test `ClientConnection::set_plaintext_buffer_limit`
ctz Mar 30, 2026
bcae7d8
Test degenerate `write_vectored` cases
ctz Mar 30, 2026
185bd92
server: replace ignore_client_order with CipherSuiteSelector API
djc Mar 27, 2026
b0ede80
client: allow skipping selected ALPN validation
TaeHagen Mar 31, 2026
59366f2
Refresh logo: add license & source
ctz Apr 7, 2026
cef7b25
Delete unused `cargo readme` template
ctz Apr 7, 2026
d4ecc4b
Fix website logo symlink
ctz Apr 8, 2026
f02ec17
Unpin go version; cache installs
ctz Apr 10, 2026
38860b0
Drop provider-example crate
djc Apr 10, 2026
9d73882
Remove MSRV mentions in README/docs
djc Apr 13, 2026
37dfd55
Clean up trailing whitespace
djc Apr 13, 2026
a242c7f
Bump MSRV to 1.85 (for hashbrown 0.17)
djc Apr 12, 2026
31beeea
Upgrade hashbrown to 0.17
djc Apr 12, 2026
72bd7b7
build(deps): bump rand from 0.9.2 to 0.9.4
dependabot[bot] Apr 14, 2026
2bb2434
Take semver-compatible dependency updates
djc Apr 15, 2026
7f5f131
Update deny.toml after provider-example cleanup
djc Apr 15, 2026
4dc944f
ci: drop Taplo job
djc Apr 15, 2026
16b60e0
Update actions/upload-pages-artifact action to v5
renovate-bot Apr 15, 2026
f97f939
Upgrade to hickory-resolver 0.26
djc Apr 16, 2026
5ba4fbc
examples: tweak formatting in ech-client
djc Apr 16, 2026
4aa9422
fix(bogo): panic macro typo
mag1c1an1 Apr 16, 2026
c232397
Address new `std_instead_of_core` in nightly
ctz Apr 22, 2026
284e7f6
Take rustls-webpki 0.104.0-alpha.7
ctz Apr 22, 2026
b19fbfd
Take semver-compatible dependencies
ctz Apr 22, 2026
74915bc
examples/ech-client: trim leading slash from --path
lukevalenta Apr 24, 2026
b93c9c6
conn: clean up formatting in send_single_fragment()
djc Apr 24, 2026
c44ac40
conn: move send loop into send_messages()
djc Apr 24, 2026
f4f47e1
conn: break from loop on pre-encrypt actions
djc Apr 24, 2026
912920e
crypto: replace PreEncryptAction::Nothing with Option wrapper
djc Apr 24, 2026
449b62e
crypto: inline trivial next_pre_encrypt_action() wrapper
djc Apr 24, 2026
60c6b7e
conn: improve ordering of SendPath methods
djc Apr 24, 2026
9ce9bc2
conn: inline simple single-use method
djc Apr 24, 2026
da4a902
conn: avoid refragmenting in write_plaintext()
djc Apr 24, 2026
27cfeb5
conn: propagate fragmenter ExactSizeIterator bound
djc Apr 24, 2026
0750827
conn: drop empty check in write_plaintext()
djc Apr 24, 2026
64111fa
conn: deduplicate preflight encryption
djc Apr 24, 2026
3e66c14
conn: inline queue_tls_message()
djc Apr 24, 2026
1c33e20
conn: inline send_msg_encrypt()
djc Apr 24, 2026
f281eac
conn: reduce rightward drift in send_msg()
djc Apr 24, 2026
29cab3c
conn: inline inherent SendPath::send_msg() method
djc Apr 24, 2026
0a53153
ech: expand `maximum_name_length` to usize ASAP
ctz Apr 26, 2026
d03568a
ech: pop comment from match arm
ctz Apr 26, 2026
aa69a53
ech: avoid short-lived allocation for padding
ctz Apr 26, 2026
43317ea
ech: add both name and "gross" padding
ctz Apr 26, 2026
e7a1960
ech: test inner name padding
ctz Apr 26, 2026
a78b56c
ech: base inner name padding on actual extension
ctz Apr 26, 2026
dd555d9
Prefer `Ord::max` to `core::cmp`
ctz Apr 26, 2026
949c440
Use GHA-provided public ARM runners
ctz Apr 29, 2026
65e3f66
Take semver-compatible updates
ctz May 2, 2026
528961e
Fix new `clippy::useless-borrows-in-formatting`
ctz May 5, 2026
2b55f63
build(deps): bump openssl from 0.10.78 to 0.10.79
dependabot[bot] May 6, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
1 change: 0 additions & 1 deletion .clippy.toml
View file
Open in desktop

This file was deleted.

1 change: 1 addition & 0 deletions .github/FUNDING.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
github: ["cpu", "ctz", "djc"]
2 changes: 2 additions & 0 deletions .github/ISSUE_TEMPLATE/bug_report.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,3 +27,5 @@ A clear and concise description of what you expected to happen.

**Additional context**
Add any other context about the problem here.
For example, consider including verbose logs or a packet capture. For help
with this [see the manual](https://docs.rs/rustls/latest/rustls/manual/_03_howto/index.html#debugging).
15 changes: 15 additions & 0 deletions .github/typos.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
[default.extend-words]
# encrypter as an active verb
encrypter = "encrypter"

# "type", but side-stepping the keyword and avoiding the very ugly r#type
typ = "typ"

# pn -> packet number in quic parlance
pn = "pn"

# as in Josh
Aas = "Aas"

[files]
extend-exclude = ["*.bin", "*.json", "*.json.in", "*.svg", "macros.html", "test-ca/"]
Loading
Loading