- Removed ignored attributes from timing-sensitive tests in handshake_security_tests.rs.
- Adjusted latency bucket assertions in malformed_tls_classes_share_close_latency_buckets.
- Reduced iteration count in timing_matrix_tls_classes_under_fixed_delay_budget.
- Enhanced assertions for timing class bounds in timing_matrix_tls_classes_under_fixed_delay_budget.
- Updated successful_tls_handshake_clears_pre_auth_failure_streak to improve clarity and assertions.
- Modified saturation tests to ensure invalid probes do not produce incorrect failure states.
- Added new assertions to ensure proper behavior under saturation conditions in saturation_grace_progression tests.
- Introduced connection lease management in stats/mod.rs to track direct and middle connections.
- Added tests for connection lease security and replay checker security.
- Improved relay bidirectional tests to ensure proper quota handling and statistics tracking.
- Refactored adversarial tests to ensure concurrent operations do not exceed limits.
- Implement a test to ensure that exceeding the user connection limit does not leak the current connections counter.
- Add tests for direct relay connection refusal and adversarial scenarios to verify proper error handling.
- Introduce fuzz testing for MTProto handshake to ensure robustness against malformed inputs and replay attacks.
- Remove obsolete short TLS probe throttle tests and integrate their functionality into existing security tests.
- Enhance middle relay tests to validate behavior during connection drops and cutovers, ensuring graceful error handling.
- Add a test for half-close scenarios in relay to confirm bidirectional data flow continues as expected.
- Adjusted QUOTA_USER_LOCKS_MAX based on test and non-test configurations to improve flexibility.
- Implemented logic to retain existing locks when the maximum quota is reached, ensuring efficient memory usage.
- Added comprehensive tests for quota user lock functionality, including cache reuse, saturation behavior, and race conditions.
- Enhanced StatsIo struct to manage wake scheduling for read and write operations, preventing unnecessary self-wakes.
- Introduced separate replay checker domains for handshake and TLS to ensure isolation and prevent cross-pollution of keys.
- Added security tests for replay checker to validate domain separation and window clamping behavior.
- Modified `build_emulated_server_hello` to accept ALPN (Application-Layer Protocol Negotiation) as an optional parameter, allowing for the embedding of ALPN markers in the application data payload.
- Implemented logic to handle oversized ALPN values and ensure they do not interfere with the application data payload.
- Added new security tests in `emulator_security_tests.rs` to validate the behavior of the ALPN embedding, including scenarios for oversized ALPN and preference for certificate payloads over ALPN markers.
- Introduced `send_adversarial_tests.rs` to cover edge cases and potential issues in the middle proxy's send functionality, ensuring robustness against various failure modes.
- Updated `middle_proxy` module to include new test modules and ensure proper handling of writer commands during data transmission.
David Osipov