astelm
/
telemt
mirror of https://github.com/telemt/telemt.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,274 Commits 2 Branches 76 Tags 21 MiB
Commit Graph

122 Commits

Author SHA1 Message Date
David Osipov d9aa6f4956
Merge upstream/main into pr-sec-1 2026-03-17 17:49:10 +04:00
Alexey 35bca7d4cc
Update Cargo.toml 2026-03-17 16:31:32 +03:00
David Osipov e0d821c6b6
Merge remote-tracking branch 'upstream/main' into pr-sec-1 2026-03-17 01:51:35 +04:00
Alexey 2c10560795
Update Cargo.toml 2026-03-16 21:25:14 +03:00
David Osipov 6ffbc51fb0
security: harden handshake/masking flows and add adversarial regressions 
- forward valid-TLS/invalid-MTProto clients to mask backend in both client paths\n- harden TLS validation against timing and clock edge cases\n- move replay tracking behind successful authentication to avoid cache pollution\n- tighten secret decoding and key-material handling paths\n- add dedicated security test modules for tls/client/handshake/masking\n- include production-path regression for ClientHandler fallback behavior
 2026-03-16 20:04:41 +04:00
David Osipov f10ca192fa
chore: merge upstream/main (92972ab) into pr-sec-1 2026-03-16 13:50:46 +04:00
Alexey 3d43ff6e57
Update Cargo.toml 2026-03-15 00:32:57 +03:00
David Osipov 2bd9036908
ci: add security policy, cargo-deny configuration, and audit workflow 
- Add deny.toml with license/advisory policy for cargo-deny
- Add security.yml GitHub Actions workflow for automated audit
- Update rust.yml with hardened clippy lint enforcement
- Update Cargo.toml/Cargo.lock with audit-related dependency additions
- Fix clippy lint placement in config.toml (Clippy lints must not live in rustflags)

Part of PR-SEC-1: no Rust source changes, establishes CI gates for all subsequent PRs.
 2026-03-15 00:30:36 +04:00
Alexey 50caeb1803
Update Cargo.toml 2026-03-14 13:24:16 +03:00
David Osipov 8b5cbb7b4b
Add Rust coding conventions and self-explanatory commenting guidelines; update dependencies and version in Cargo files; enhance OpenBSD support in installation and documentation; improve TCP socket configuration and testing 2026-03-11 20:49:51 +04:00
Alexey 5ab3170f69
Update Cargo.toml 2026-03-09 18:43:46 +03:00
Alexey 5f7fb15dd8
Update Cargo.toml 2026-03-08 06:20:56 +03:00
Alexey aa3fcfbbe1
Update Cargo.toml 2026-03-08 04:53:40 +03:00
Alexey 76b28aea74
Update Cargo.toml 2026-03-08 03:45:46 +03:00
Alexey d641137537
Update Cargo.toml 2026-03-08 03:09:33 +03:00
Alexey ca2eaa9ead
Update Cargo.toml 2026-03-07 19:37:40 +03:00
Alexey 7b745bc7bc
Update Cargo.toml 2026-03-07 16:34:32 +03:00
Alexey 9e7f80b9b3
Update Cargo.toml 2026-03-07 13:57:58 +03:00
Alexey 484137793f
Update Cargo.toml 2026-03-07 03:32:00 +03:00
Alexey 2468ee15e7
Update Cargo.toml 2026-03-07 03:16:48 +03:00
Alexey d752a440e5
Update Cargo.toml 2026-03-06 20:38:17 +03:00
Alexey 30ef8df1b3
Update Cargo.toml 2026-03-06 12:44:40 +03:00
Alexey 691607f269
Update Cargo.toml 2026-03-06 04:05:35 +03:00
Alexey 69b02caf77
Update Cargo.toml 2026-03-05 23:23:24 +03:00
Alexey 0e2cbe6178
Update Cargo.toml 2026-03-05 22:32:08 +03:00
Alexey 48ce59900e
Update Cargo.toml 2026-03-05 16:40:28 +03:00
Alexey 02c6af4912
Update Cargo.toml 2026-03-05 12:46:57 +03:00
Alexey 173624c838
Update Cargo.toml 2026-03-04 11:44:50 +03:00
Alexey 314f30a434
Update Cargo.toml 2026-03-04 02:53:47 +03:00
Alexey d31b4cd6c8
Update Cargo.toml 2026-03-03 23:38:15 +03:00
Alexey 3b8eea762b
Update Cargo.toml 2026-03-03 03:28:37 +03:00
Alexey b7a8e759eb
Update Cargo.toml 2026-03-02 21:36:00 +03:00
Alexey 12e68f805f
Update Cargo.toml 2026-02-28 15:51:15 +03:00
Alexey 60231224ac
Update Cargo.toml 2026-02-26 19:41:37 +03:00
Alexey 5a09d30e1c
Update Cargo.toml 2026-02-25 03:09:02 +03:00
Alexey 866c2fbd96
Update Cargo.toml 2026-02-25 00:29:58 +03:00
Alexey 25ab79406f
Update Cargo.toml 2026-02-25 00:28:26 +03:00
Alexey ee07325eba
Update Cargo.toml 2026-02-24 21:12:44 +03:00
Alexey 9aed6c8631
Update Cargo.toml 2026-02-23 18:47:26 +03:00
Alexey 829dc16fa3
Update Cargo.toml 2026-02-23 14:35:47 +03:00
Alexey 23af3cad5d
Update Cargo.toml 2026-02-23 06:04:36 +03:00
Alexey 536e6417a0
Update Cargo.toml 2026-02-23 03:48:40 +03:00
Alexey cf96e686d1
Update Cargo.toml 2026-02-23 02:41:54 +03:00
Alexey 8c1d66a03e
Update Cargo.toml 2026-02-23 02:32:13 +03:00
Alexey 3d3428ad4d
Update Cargo.toml 2026-02-21 14:11:12 +03:00
Alexey 40711fda09
Update Cargo.toml 2026-02-21 13:20:44 +03:00
Alexey eb3245b78f
Merge branch 'main-stage' into flow 2026-02-20 17:19:23 +03:00
Alexey da84151e9f
Merge pull request #184 from artemws/main 
CIDR вместо обычного IP адреса metrics_whitelist
 2026-02-20 17:15:54 +03:00
Alexey bae811f8f1
Update Cargo.toml 2026-02-20 17:05:35 +03:00
artemws 8f1f051a54
Add ipnetwork dependency to Cargo.toml 2026-02-20 16:03:03 +02:00
Alexey be8742a229
Merge pull request #183 from artemws/main 
Config Reload-on-fly
 2026-02-20 16:57:38 +03:00
Alexey b295712dbb
Update Cargo.toml 2026-02-20 16:47:13 +03:00
artemws 82bb93e8da
Add notify dependency for macOS file events 2026-02-20 15:28:58 +02:00
Alexey a2cc503e81
Update Cargo.toml 2026-02-20 13:48:32 +03:00
Alexey 708bedc95e
TLS-F: build fixes 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-20 13:14:09 +03:00
Alexey 85fff5e30a
Update Cargo.toml 2026-02-19 16:48:26 +03:00
Alexey fc28c1ad88
Update Cargo.toml 2026-02-19 16:30:04 +03:00
Alexey 94b85afbc5
Update Cargo.toml 2026-02-18 20:25:17 +03:00
Alexey 078ed65a0e
Update Cargo.toml 2026-02-18 06:38:01 +03:00
Alexey 9872f0ed1b
Update Cargo.toml 2026-02-18 06:09:55 +03:00
Alexey 7a4ccf8e82
Update Cargo.toml 2026-02-18 04:24:16 +03:00
Alexey c03db683a5
Improved perf for ME 
Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-17 04:16:16 +03:00
Alexey 168fd59187
Fixed critical ME Problems 2026-02-17 03:40:39 +03:00
Mikhail a1db082ec0
Add Prometheus /metrics HTTP endpoint 
Wire up unused metrics_port/metrics_whitelist config into working
HTTP server exposing proxy stats in Prometheus text format.
 2026-02-17 01:24:49 +03:00
Alexey 0694183ca6
Num_bigint + Num_traits Fix 2026-02-15 14:15:56 +03:00
Alexey 9d94f55cdc
Update Cargo.toml 2026-02-15 13:20:19 +03:00
Alexey 246230c924
Bumped version + DC Overrides 2026-02-14 22:46:00 +03:00
dependabot[bot] aee44d3af2
Bump lru from 0.12.5 to 0.16.3 
Bumps [lru](https://github.com/jeromefroe/lru-rs) from 0.12.5 to 0.16.3.
- [Changelog](https://github.com/jeromefroe/lru-rs/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jeromefroe/lru-rs/compare/0.12.5...0.16.3)

---
updated-dependencies:
- dependency-name: lru
  dependency-version: 0.16.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-13 00:31:52 +00:00
Alexey e83db704b7
Pull-up 2026-02-11 16:55:18 +03:00
Alexey 92cedabc81
Zeroize for key + log refactor + fix tests 
- Fixed tests that failed to compile due to mismatched generic parameters of HandshakeResult:
  - Changed `HandshakeResult<i32>` to `HandshakeResult<i32, (), ()>`
  - Changed `HandshakeResult::BadClient` to `HandshakeResult::BadClient { reader: (), writer: () }`

- Added Zeroize for all structures holding key material:
  - AesCbc – key and IV are zeroized on drop
  - SecureRandomInner – PRNG output buffer is zeroized on drop; local key copy in constructor is zeroized immediately after being passed to the cipher
  - ObfuscationParams – all four key‑material fields are zeroized on drop
  - HandshakeSuccess – all four key‑material fields are zeroized on drop

- Added protocol‑requirement documentation for legacy hashes (CodeQL suppression) in hash.rs (MD5/SHA‑1)

- Added documentation for zeroize limitations of AesCtr (opaque cipher state) in aes.rs

- Implemented silent‑mode logging and refactored initialization:
  - Added LogLevel enum to config and CLI flags --silent / --log-level
  - Added parse_cli() to handle --silent, --log-level, --help
  - Restructured main.rs initialization order: CLI → config load → determine log level → init tracing
  - Errors before tracing initialization are printed via eprintln!
  - Proxy links (tg://) are printed via println! – always visible regardless of log level
  - Configuration summary and operational messages are logged via info! (suppressed in silent mode)
  - Connection processing errors are lowered to debug! (hidden in silent mode)
  - Warning about default tls_domain moved to main (after tracing init)

Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
 2026-02-07 19:49:41 +03:00
Alexey 4fd5ff4e83
ET + SM + Crypto Fixes 2026-01-01 23:34:04 +03:00
Alexey 3d9150a074
1.0.0 
Tschuss Status Quo - Hallo, Zukunft!
 2025-12-30 05:08:05 +03:00