untrusted

untrusted copied to clipboard

Support for ring buffers or buffer-spanning messages

1

I've been reading through the API of `untrusted` and it seems great for parsing network messages in general, but there are a few edge cases I'm wondering how to handle...

dcsommer

(Users of) untrusted is miscompiled in Rust 1.53 nightly since 2021-03-23 when LTO is enabled.

6

These all fail (cargo 1.53.0-nightly (0ed318d18 2021-04-23): ``` cargo +nightly test --target=x86_64-unknown-linux-gnu --release ecdsa_from_pkcs8_test cargo +nightly test --target=x86_64-pc-windows-msvc --release ecdsa_from_pkcs8_test cargo +nightly test --target=i686-pc-windows-msvc --release ecdsa_from_pkcs8_test ``` These all succeed...

briansmith

For example, `no_panic::Slice` doesn't implement `Debug`, `PartialEq`, or `Eq`, intentionally. Similarly, `Input` and `Reader` do not implement `PartialEq` or `Eq`. We should have tests that demonstrate and verify this.

briansmith

Instead of having people use `as_slice_less_safe()` as in `input.as_slice_less_safe().first().ok_or(...)?`, or having them go throw `Reader`, let them write `input.first().ok_or(...)?`.

briansmith

Document the importance of avoiding (timing) side channels

1

When reviewing PR #47 by @stepancheg I realized that there's no documentation here about why or how we avoid leaking information about the contents of the slice held in an...

briansmith

Lock down GitHub Actions Security

9

I just merged PR #49 which minimizes the permissions of the GitHub token. I also changed the default permission of the GitHub token from read-write to read-only in the repository...

briansmith

Add more `read_*` methods for big/little endian integers

4

A straightforward feature that would be quite useful for implementing network protocols would be additional methods on `Reader` for reading big and little endian integers. The API could be something...

dcsommer

Use `debug_assert()` in every `Reader` function to check preconditions/invariants

2

In particular, at the start and at the end of each function, we should `debug_assert()` the `i

briansmith

Clarify what should happen when a `Reader` method returns an error result

3

Definitely my expectation is that a user of `Reader` will stop using the reader after a `Reader` method fails. However, that expectation isn't documented anywhere. In discussing PR #20 with...

briansmith

Add the unit tests

3

In my private branch of _ring_ there are tests for various users of untrusted.rs, but there's no unit tests in this repo. This is the exactly the kind of project...

briansmith