yogsototh/hs-tls
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
396 commits 1 branch 11 tags 1.7 MiB
Commit graph

396 commits

This branch
This branch
All branches
Author SHA1 Message Date
Vincent Hanquez
4d91e67750 harden packet record chunking. 
This prevent possible random behavior if cipher is not checking IV size,
or generic exception being throwned in favor of a TLS one.
 2012-07-23 09:14:32 +01:00
Vincent Hanquez
c7c394d56e [SECURITY] add empty TLS packets before appdata 
Add empty appdata packet before appdata, when using <= TLS10 and using a
block cipher, to workaround the security problem related to CBC residue,
and the fact that it could be guessed by a malicious user, leading to
disclosure of secrets.
 2012-07-23 08:54:25 +01:00
Vincent Hanquez
ce3f724564 add usual header. 2012-07-12 09:03:48 +01:00
Vincent Hanquez
12104f612e documentation fixup. 2012-07-12 09:02:38 +01:00
Vincent Hanquez
b140b61012 upgrade cabal-version and fixup problems related to the upgrade. 2012-07-12 09:02:27 +01:00
Vincent Hanquez
4179ceba82 start using Client and Server distinction for want client cert and session resume with 2012-07-12 09:02:10 +01:00
Vincent Hanquez
c8d9f0677b switch session related callback to a new SessionManager class. 
add necessary helper setSessionManager to not have to propagate
Rank2Types and ExistentialQuantification to the user.
 2012-07-12 08:59:59 +01:00
Vincent Hanquez
9c3177a16a split some common types from struct and move them to types. 2012-07-12 08:56:16 +01:00
Vincent Hanquez
1048815206 expose more context role related helpers and types. 2012-07-12 08:54:34 +01:00
Vincent Hanquez
d0d48bb476 export SessionID and SessionData. 2012-07-08 10:14:09 +01:00
Vincent Hanquez
6ae20f4125 remove npnId and use Extension's proper definition 2012-07-05 05:36:28 +01:00
Martin Grabmueller
3d629acaf1 Add missing module Network.TLS.Handshake to .cabal file. 2012-07-04 22:15:19 +02:00
Vincent Hanquez
b57ef66d28 move extension decoding and encoding in a separate file. 2012-05-14 06:39:20 +01:00
Vincent Hanquez
d8b37f7fb9 move runGetErr and add runGetMaybe 2012-05-14 06:36:17 +01:00
Vincent Hanquez
5844120e4c rename NextProtocolNegotiation as HsNextProtocolNegotiation 2012-05-14 06:35:55 +01:00
Vincent Hanquez
d0481f76a3 remove the need to have same length arguments in bytesEq. bail early in case strings have different size. 2012-05-14 06:32:47 +01:00
Vincent Hanquez
9b32e6d5f4 [SECURITY] use constant equality testing to prevent timing determination of the expected value. 
it doesn't seems to be in an usable context though.
 2012-05-14 06:32:14 +01:00
Vincent Hanquez
8509d7dbc1 rename Extension in ExtensionRaw. 2012-05-14 04:41:50 +01:00
Vincent Hanquez
e1ea61bafa factorize npn extension ID. 2012-05-14 04:41:09 +01:00
Vincent Hanquez
e6f4f9a688 add some header comment for Handshake 2012-04-27 07:29:35 +01:00
Vincent Hanquez
d8d049726d move Handshake into its own module 2012-04-27 07:28:17 +01:00
Vincent Hanquez
f93312b50f separate lowlevel IO operation in its own module. 2012-04-27 07:21:29 +01:00
Vincent Hanquez
2adf07cf38 Include all test files in the cabal package. 
Reported-by: Alexander Vershilov
 2012-04-22 20:18:47 +01:00
Felipe Lessa
cb0cb14732 Define 'state' only for mtl >= 2.1. 
Conflicts:

	Network/TLS/State.hs
 2012-04-20 21:08:53 +01:00
Felipe Lessa
3f280e2d70 Define MonadState TLSSt's state function. 
For some reason that I still don't know, when using state's
default definition with libraries

         base-4.5.0.0-40b99d05fae6a4eea95ea69e6e0c9702
         bytestring-0.9.2.1-18f26186028d7c0e92e78edc9071d376
         cereal-0.3.5.1-c85af6bc266354ac7b256440db39e874
         certificate-1.2.1-c61f160cdafc328081aeb08858403878
         crypto-api-0.10.1-a0c00402b73cec065108abe95d6cfaf2
         cryptocipher-0.3.0-d1785d4907a85f72ffd670491df324f2
         cryptohash-0.7.4-f6e253339d77757de756f81f77755b35
         mtl-2.1-e90c46af21f3870cee46f6218510d29d

I get <<loop>> for anything that uses the 'modify' function
(which in turn is defined in terms of 'state').  In particular, I
get it for 'startHandshakeClient' which is used in the beginning
by all tls clients.  For example,

  $ tls-simpleclient graph.facebook.com 443
  tls-simpleclient: <<loop>>

This commit fixes this bug.

(This is a harmless commit in the sense that even if I don't know
why this bug was happenning, it doesn't hurt to have an explicit
definition of 'state' -- it may actually save a few nanoseconds
here and there.)

Conflicts:

	Network/TLS/State.hs
 2012-04-20 21:07:08 +01:00
Vincent Hanquez
9dddf3660a put a high bound for cryptocipher 2012-04-20 21:06:21 +01:00
Vincent Hanquez
bf2f276c0c add some debug info 2012-04-20 21:05:46 +01:00
Vincent Hanquez
0871e47909 bump certificate version to > 1.1 2012-04-20 21:05:28 +01:00
Vincent Hanquez
8c5640114e rename connection* accessor to context*. 2012-03-31 23:15:23 +01:00
Vincent Hanquez
15b8a568a9 expand tabs 2012-03-28 08:49:31 +01:00
Vincent Hanquez
16af8ff95f add a backend close operation. 2012-03-28 08:08:33 +01:00
Vincent Hanquez
55763d646b expand tabs in Tests 2012-03-28 08:06:13 +01:00
Vincent Hanquez
9da6b9c8c8 expand tabs. 2012-03-27 08:57:51 +01:00
Vincent Hanquez
3b4baf2f91 move encoding and decoding of NPN packet from Wire to Packet 2012-03-16 08:06:55 +00:00
Vincent Hanquez
e9a97bedb1 Merge branch 'npn' into next 
Conflicts:
	Network/TLS/Core.hs
 2012-03-15 08:59:04 +00:00
Vincent Hanquez
750cbdce75 remove client, server, clientWith, serverWith in favor of just 
contextNew and contextNewOnHandle
 2012-03-15 08:16:48 +00:00
Vincent Hanquez
00c386de3c add a role params in the params structure. 
distinguish between server and client related business.
 2012-03-15 08:04:16 +00:00
Vincent Hanquez
1d30a9479d rename newCtx into contextNewOnHandle 
newCtxWith is now contextNew
 2012-03-15 07:55:38 +00:00
Vincent Hanquez
f889defc57 more rename 2012-03-15 07:53:03 +00:00
Vincent Hanquez
da3a3e7e4b Remove TLS prefix in a few types. 
Add compatibility types aliases definitions to the new names.
 2012-03-14 08:56:28 +00:00
Vincent Hanquez
4b28c5735f Create a backend abstraction that facilitate moving arguments around. 2012-03-12 08:48:03 +00:00
Vincent Hanquez
f5d1553428 remove last two warnings 2012-03-12 08:47:43 +00:00
Vincent Hanquez
d7f05b77eb remove uneeded imports and 2 useless symbols 2012-03-12 08:33:26 +00:00
Vincent Hanquez
44eb0db409 remove unused imports 2012-03-12 08:29:04 +00:00
Vincent Hanquez
7e8f0d0cf9 use record pattern match syntax. 2012-03-12 07:11:21 +00:00
Vincent Hanquez
05821fa71b pre bump version to 1.0.0 for development branch 2012-03-11 13:07:55 +00:00
Vincent Hanquez
e6d88c362a bump version to 0.9.1 2012-03-11 12:13:30 +00:00
Joey Adams
3d0071d952 Fix spelling of negotiate/negotiation in documentation 2012-03-10 16:04:44 -05:00
Joey Adams
cbfe10e9f6 Add links to the 'BufferMode' type in 'client' and 'server' 2012-03-10 15:51:46 -05:00
Joey Adams
c1ce196278 Use modifyMVar in usingState for exception safety 
Also, force the state value, to avoid potential space leaks.
 2012-03-10 14:55:04 -05:00