Return VerifyError in a better way
#25
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## master #25 +/- ##
==========================================
+ Coverage 93.31% 94.14% +0.83%
==========================================
Files 16 16
Lines 1975 2102 +127
==========================================
+ Hits 1843 1979 +136
+ Misses 132 123 -9 ☔ View full report in Codecov by Sentry. |
Taowyoo
added a commit
that referenced
this pull request
Dec 20, 2023
* special fix: return cert validity check result first * return verify_error in a better way * add set function * add some unit tests * add some more unit tests
Taowyoo
added a commit
that referenced
this pull request
Mar 13, 2024
* Some implements - Expose more type to public to enable user to create custom cipher suite - Bump version of rustls-mbedtls-provider-utils - Add some utility functions for MbedTlsPkSigningKey - Expose some utility functions * better pk_type_to_signature_algo * Move get_signature_schema_from_offered to utils crate with better rustdoc Return `VerifyError` in a better way (#25) * special fix: return cert validity check result first * return verify_error in a better way * add set function * add some unit tests * add some more unit tests Fix rustls dependency with `tag = "ffdhe-r1"` (#29) use unmerged updated rustls update to use new rustls with tag export hash types Export types enable user to create customized cipher suites. better comments Fix leading zeros bug in FFDHE kx + Update rustls dep to `ffdhe-r3` Add self_tests module, and include KDF tests (helps with FIPS compliance) - Apply suggestions from code review - Co-authored-by: YX Cao <[email protected]> - Signed-off-by: Arash Sahebolamri <[email protected]> Update KDF self test to better reflect extended master secret extraction (#38) Co-authored-by: Arash Sahebolamri <[email protected]> upgrade rustls to tag `ffdhe-r4` Upgrade rustls to add support of new config option for requiring peer support of extended master secret extension. Chore(deps): bump the crates-io group with 1 update (#33) Bumps the crates-io group with 1 update: [rustls](https://github.com/rustls/rustls). Updates `rustls` from 0.22.1 to 0.22.2 - [Release notes](https://github.com/rustls/rustls/releases) - [Changelog](https://github.com/rustls/rustls/blob/main/CHANGELOG.md) - [Commits](rustls/rustls@v/0.22.1...v/0.22.2) --- updated-dependencies: - dependency-name: rustls dependency-type: direct:production update-type: version-update:semver-patch dependency-group: crates-io ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Add self_tests module, and include KDF tests (helps with FIPS compliance) (#35) - Apply suggestions from code review - Co-authored-by: YX Cao <[email protected]> - Signed-off-by: Arash Sahebolamri <[email protected]> Co-authored-by: Arash Sahebolamri <[email protected]> Update KDF self test to better reflect extended master secret extraction (#37) Co-authored-by: Arash Sahebolamri <[email protected]> Chore(deps): bump the crates-io group with 3 updates (#41) Bumps the crates-io group with 3 updates: [env_logger](https://github.com/rust-cli/env_logger), [mbedtls](https://github.com/fortanix/rust-mbedtls) and [chrono](https://github.com/chronotope/chrono). Updates `env_logger` from 0.10.1 to 0.10.2 - [Release notes](https://github.com/rust-cli/env_logger/releases) - [Changelog](https://github.com/rust-cli/env_logger/blob/main/CHANGELOG.md) - [Commits](rust-cli/env_logger@v0.10.1...v0.10.2) Updates `mbedtls` from 0.12.1 to 0.12.2 - [Release notes](https://github.com/fortanix/rust-mbedtls/releases) - [Commits](fortanix/rust-mbedtls@mbedtls_v0.12.1...mbedtls_v0.12.2) Updates `chrono` from 0.4.31 to 0.4.33 - [Release notes](https://github.com/chronotope/chrono/releases) - [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md) - [Commits](chronotope/chrono@v0.4.31...v0.4.33) --- updated-dependencies: - dependency-name: env_logger dependency-type: direct:production update-type: version-update:semver-patch dependency-group: crates-io - dependency-name: mbedtls dependency-type: direct:production update-type: version-update:semver-patch dependency-group: crates-io - dependency-name: chrono dependency-type: direct:production update-type: version-update:semver-patch dependency-group: crates-io ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> add Cryptographic Algorithm Self Test - Add a Known answer Cryptographic Algorithm Self Test for FFDHE cipher suites. Add FFDHE FIPS checks (#48) This PR adds necessary FIPS checks in FFDHE key exchange: - Add a Known answer Cryptographic Algorithm Self Test for FFDHE cipher suites. - Add FFC Pairwise Consistency Test described in [FIPS 140-3 IG] section 10.3.A. - Add FFC Full Public-Key Validation Routine defined in section 5.6.2.3.3 of [NIST SP 800-56A Rev. 3]. [FIPS 140-3 IG]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/fips-140-3-ig-announcements [NIST SP 800-56A Rev. 3]: https://csrc.nist.gov/pubs/sp/800/56/a/r3/final Back port ecdh fips checks (#50) * Add ECDHE FIPS checks (#46) * build: add feature `fips` Add feature `fips` for "rustls-mbedcrypto-provider". * feat: add fips EC public key check - Add ECC Full Public-Key Validation during EC key exchange. - Add tests for check functions and new `FipsCheckError`. - Add tests to CI. * Add ECC Pairwise Consistency Test for FIPS * refactor: better naming & code style & code order * refactor: improve EC fips checks * test: add tests for fips pct check * update tests * fix ci * cargo fmt refactor fips code change fips test logging level to debug
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.