Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merge 0.23.21 #2

Merged
merged 263 commits into from
Jan 27, 2025
Merged

Merge 0.23.21 #2

merged 263 commits into from
Jan 27, 2025

Conversation

ibigbug
Copy link
Member

@ibigbug ibigbug commented Jan 24, 2025

No description provided.

tahmid-23 and others added 30 commits September 11, 2024 10:29
@tahmid-23 @ctz
examples/tlsserver-mio: process received early data if it is present
6e79697
@tahmid-23 @ctz
examples/simple_0rtt_client: allow connection with arbitrary endpoint…
64582a9 
…s/ca
@tahmid-23 @ctz
examples: add simple_0rtt_server
641e26e
@renovate-bot @djc
chore(deps): lock file maintenance
a4dbf73
@ctz
server/tls12: send first flight in one message
391a0ac
@ctz
server/tls13: send first flight in one message
ecfb33a
@ctz
client/tls13: send second flight in one message
bfb7665 
This will only have any positive effect with client auth.
@cpu
common_state: feature gate TLS 1.2 HS flight alias
81d45dc 
The `HandshakeFlightTls12` type alias is only used when the tls12
feature is enabled. This commit adds a `cfg` gate to avoid a dead code
warning on builds without the feature enabled.
@cpu
connect-tests: update cloudflare ECH domain
fa4242c 
For some reason the `crypto.cloudflare.com` DNS zone's HTTPS record no
longer contains an `ech` config, breaking our ECH record deserialization
connect-test.

The domain that `crypto.cloudflare.com` redirects to in a browser,
`research.cloudflare.com`, does include an `ech` value in the HTTPS
record, so let's use that instead.
@ctz
Fix links in howto section of manual
4a00cf2
@ctz
ci-bench: eliminate CryptoProvider-sourced randomness
78f280b 
This main effect here appears to be due to fixing the
extension randomisation seed.
@ctz
Use callgrind instead of cachegrind
cd29101 
callgrind also allows instruction counting, but also collects
call trees.  We turned off cache emulation in cachegrind, so
callgrind should work alike.

This regresses diffing of output, leave a TODO for later.
@ctz
Reduce instruction counting scope to minimum
7d08edb 
This eliminates:

- for resumption and transfer tests, the full handshake
- for all tests, one-time setup costs (eg, RSA private key validation)
@ctz
Remove code that marks certain tests as noisy
d85b165 
This covered server tests that validated an RSA private key,
when using the aws-lc-rs provider.
@ctz
Remove code for subtracting benchmark case costs
5c17f43 
Previously, this would subtract a base case benchmark
(the cost of the full handshake) but that adds the noise
of that benchmark.

It is no longer necessary now we are more precise about
the instructions that are counted.
@ctz
Make double-sure resumption tests are successful
1d099fb
@ctz
Remove unnecessary calibration run
4479d4e 
Now we are precise about when we count instructions, this
measured precisely 0 instructions.
@ctz
README.md: update to track recent changes
9efb04c
@djc @cpu
Remove example interface description from the README
d57db74
@djc @cpu
examples: convert tlsserver-mio from docopt to clap
3855965
@djc @cpu
examples: clarify types in server example
a92dd8f
@liujustin604
misc: small refactors (rustls#2130)
1aebb54 
Small refactors and tidying.
@renovate-bot @djc
chore(deps): lock file maintenance
e16c197
@ctz @djc
examples: convert ech-client to clap
7d003f1
@ctz @djc
examples: convert server_acceptor to clap
8dad52a
@ctz @djc
examples: convert tlsclient-mio
659e876 
That is the last one. Drop docopt dependency.
@ctz
Avoid excess copying of client identity
163a241 
This reduces the cost of ClientSessionCommon::clone, which is
inherent in every `ClientSessionStore` probe operation.
@ctz
Avoid excess copying of tickets
39455e1 
These can be large (hundreds of bytes),  and even larger
(thousands of bytes) if the server decides to include
the client's identity.

Parse them into an Arc, and then maintain that on
the path to the session store.
@ctz
Eliminate allocation in signature verification
211eabf 
The signed message has a pretty tight upper bound,
so we can avoid a Vec allocation here.
@renovate-bot @cpu
chore(deps): lock file maintenance
e52853a
cpu and others added 28 commits December 13, 2024 16:23
@cpu
examples/ech-client: avoid opaque Into::into
3e9e9ec
@cpu
examples/ech-client: reduce scope of DNS bits
d42d202 
Move the `resolver_config` into the match arm that uses it. Inline the
`Resolver` since it isn't used anywhere except as an arg to
`lookup_ech_configs()`.
@cpu
examples/ech-client: process all HTTPS records
23ee399 
Previously we only looked at the first HTTPS record's ech-config SCVB
param. We should instead collect up the `EchConfigListBytes` from all
available HTTPS records.

With the list of config lists in hand we should only error if none of
the ECH configs across the whole set are compatible.
@cpu
examples/ech-client: reduce rightward drift
ff027c2
@cpu
examples/ech-client: improve rustdoc intro comment
49fe8de 
This updates the documentation to match the more realistic invocation
being used in the CI daily-tests.yml job.

It also adds a bit more prose to clarify the overall process and where
the outer/inner hostnames are used.
@cpu @ctz
docs: fix CONTRIBUTING.md broken link
7ef5c49
@ctz
Add env_logger to complex fuzzers
db9da2a 
This aids manual evaluation of how deep these get.
@ctz
Introduce rustls-fuzzing-provider CryptoProvider
c3a14c7 
This is intended to be a deterministic and cryptography-free
CryptoProvider, so that fuzzing can reach further into the library.

Things like HMAC and hashing ignore input and produces fixed output.

Signing produces fixed output, verification accepts the same fixed
signature which allows clients to accept the certificate in the
corpus file, and should allow libfuzzer to explore branches around
there.

There is a test that checks this can talk to itself, and outputs
transcripts into the fuzzing corpus.

This is used by the client and server fuzzing harnesses.
@ctz
rustls-fuzzing-provider tests emit fuzz corpus
b620906 
This means fuzzing starts at a successful full handshake.
@renovate-bot @ctz
chore(deps): lock file maintenance
9aa2b69
@ctz
rustls-post-quantum: benchmarks
23b32e2
@ctz
rustls-bench: support rustls-post-quantum
7780b0f
@ctz
rustls-post-quantum: optimization writeup
de8e612
@ctz
take aws-lc-rs 1.12
bbb09ea
@ctz
rustls-post-quantum: use stable KEM API
4fa6853
@ctz
re-admit rustls-post-quantum to workspace
e945935
@renovate-bot @djc
chore(deps): lock file maintenance
f98484b
@ctz
fuzzers/server: fix reachable unwrap
b873e4c 
See <https://oss-fuzz.com/testcase-detail/4979312264019968>
@ctz
fuzzers/server: cover post-Accepted connections
16a0726 
Prior to this, we gave up after `accept()` succeeded.  Now
we take the connection to its conclusion.
@renovate-bot @ctz
chore(deps): update rust crate itertools to 0.14
dc1f92c
@brody4hire @ctz
cleanup: use more parens when calculating ECH seed
3751e24 
(with help from `cargo clippy --fix ...`)

as suggested by nightly Clippy precedence rule:

- https://rust-lang.github.io/rust-clippy/master/index.html#precedence
@renovate-bot @djc
chore(deps): lock file maintenance
49b5edc
@cpu
docs: update @cpu maintainer status
fe6a0d1 
All good things come to an end :)
@djc
Update RELEASING.md with instructions about fuzz/Cargo.lock
12b2276
@djc
Update Cargo.lock
1338caa
@djc
Prepare v0.23.21
d1bd2c8
@ibigbug
Merge tag 'v/0.23.21' into merge-0.23.21
b74a41d 
Tag version 0.23.21
@ibigbug
up
cd79a85
@ibigbug ibigbug merged commit a7d217b into utls-0.23 Jan 27, 2025
1 check passed
@ibigbug ibigbug deleted the merge-0.23.21 branch January 27, 2025 14:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.