briansmith
Follow
Pinned
1,018 contributions in the last year
Less
More
Contribution activity
April 2021
Created 48 commits in 4 repositories
Created 3 repositories
- briansmith/codecov-action TypeScript
- briansmith/pemfile Rust
- briansmith/rustls-native-certs Rust
Created a pull request in ctz/rustls that received 5 comments
Use type system to ensure TLS 1.3 cipher suites aren't used for TLS 1.2
See the individual commit messages for details.
+195
−155
•
5
comments
Opened 32 other pull requests in 5 repositories
ctz/rustls
11
merged
1
open
2
closed
- Eliminate one allocation and one copy in handshake message deframing.
- Ticketer: Use non-panicking alternatives; eliminate redundant tag length check
- Avoid panicking in the unlikely case that the time is set very wrong.
- Ticketer: Avoid panicking.
- Avoid panicking when System PRNG fails during ticket encryption.
-
Replace
Random::from_slicewithFrom<[u8; 32]>. - Stop panicking during key agreement on system RNG failure.
- Client: Fix client key share selection during HelloRetryRequest.
-
Use
unwrap_or(false)instead ofor(Some(false)).unwrap(). -
Implement an infallible version of
Payload::read()to reduce unwraps. - Move some unit test modules into their own files to make static analysis easier
- Remove unintended webpki-roots patch from Cargo.toml.
- Upgrade to webpki 0.22.0.
- Refactor construction of AEAD keys for TLS 1.2 to clarify lack of panicking
briansmith/webpki
8
merged
2
open
-
Remove
EndEntityCert::verify_is_valid_for_at_least_one_dns_name. -
Add smoke tests for
DnsNameandDnsNametraits - Temporarily go back to a webpki-0.21.4-compatible API
- Redesign name validation API to allow extensibility in the types of names
- Add missing docs and check for missing docs during build.
- Update clippy job to match *ring*.
-
Use
impl Traitinstead of an unnecessarily-named parameter. -
CI/CD: Add a
packagejob. - 0.22.0.
- Rename some items to conform to Rust naming conventions
ctz/rustls-native-certs
3
open
1
closed
briansmith/ring
3
merged
ctz/webpki-roots
1
merged
Reviewed 18 pull requests in 4 repositories
ctz/rustls 13 pull requests
- Improve type clarity for message and payloads
- Use type system to ensure TLS 1.3 cipher suites aren't used for TLS 1.2
- server: restore exact comparison of SNI values
- Abort connection if no QUIC transport parameters are found
- server: simplify SNI handling and make it more robust
- Stop panicking during key agreement on system RNG failure.
- kx: deduplicate ECDH params decoding
-
Implement an infallible version of
Payload::read()to reduce unwraps. - Privatize server types and functions
- Improved builder-type API for making ServerConfigs
- Migrate Into implementations to From where possible
- Refactor construction of AEAD keys for TLS 1.2 to clarify lack of panicking
- Set up clippy in CI
briansmith/webpki 2 pull requests
briansmith/ring 2 pull requests
ctz/sct.rs 1 pull request
Created an issue in ctz/rustls that received 4 comments
MessageEncrypter should have a non-allocating interface for encrypt
Currently we have only:
fn encrypt(&self, m: BorrowMessage, seq: u64) -> Result<Message, Error>;
We should have a variant that works like this:
…
4
comments
Opened 19 other issues in 4 repositories
ctz/rustls
8
open
4
closed
-
HsJoinershould avoid copying messages when practical -
ClientConnection/ServerConnectionshouldn't hold onto itsconfig - Potential unchecked integer overflows in ticket expiration logics
- Should session expiration time be reset upon each usage?
- Ticketer has inefficient Mutex usage patterns
- "Format" job in CI is too slow
- Failure to generate ephemeral key pair for key agreement may cause a panic
- Parsing should be refactored to automatically reject unparsed trailing input.
- Malformed ECDHE parameters from client may cause panic
- KeyExchange::client_ecdhe does not check for unparsed trailing input
-
Reduce explicit unwrapping in
new_tls12and functions it calls - AEADTicketer::new_custom panics instead of returning an error when key is the wrong length