yogsototh/hs-tls
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
395 commits 1 branch 11 tags 1.7 MiB
Commit graph

263 commits

Author SHA1 Message Date
Vincent Hanquez
c7c394d56e [SECURITY] add empty TLS packets before appdata 
Add empty appdata packet before appdata, when using <= TLS10 and using a
block cipher, to workaround the security problem related to CBC residue,
and the fact that it could be guessed by a malicious user, leading to
disclosure of secrets.
 2012-07-23 08:54:25 +01:00
Vincent Hanquez
ce3f724564 add usual header. 2012-07-12 09:03:48 +01:00
Vincent Hanquez
12104f612e documentation fixup. 2012-07-12 09:02:38 +01:00
Vincent Hanquez
4179ceba82 start using Client and Server distinction for want client cert and session resume with 2012-07-12 09:02:10 +01:00
Vincent Hanquez
c8d9f0677b switch session related callback to a new SessionManager class. 
add necessary helper setSessionManager to not have to propagate
Rank2Types and ExistentialQuantification to the user.
 2012-07-12 08:59:59 +01:00
Vincent Hanquez
9c3177a16a split some common types from struct and move them to types. 2012-07-12 08:56:16 +01:00
Vincent Hanquez
1048815206 expose more context role related helpers and types. 2012-07-12 08:54:34 +01:00
Vincent Hanquez
d0d48bb476 export SessionID and SessionData. 2012-07-08 10:14:09 +01:00
Vincent Hanquez
6ae20f4125 remove npnId and use Extension's proper definition 2012-07-05 05:36:28 +01:00
Vincent Hanquez
b57ef66d28 move extension decoding and encoding in a separate file. 2012-05-14 06:39:20 +01:00
Vincent Hanquez
d8b37f7fb9 move runGetErr and add runGetMaybe 2012-05-14 06:36:17 +01:00
Vincent Hanquez
5844120e4c rename NextProtocolNegotiation as HsNextProtocolNegotiation 2012-05-14 06:35:55 +01:00
Vincent Hanquez
d0481f76a3 remove the need to have same length arguments in bytesEq. bail early in case strings have different size. 2012-05-14 06:32:47 +01:00
Vincent Hanquez
9b32e6d5f4 [SECURITY] use constant equality testing to prevent timing determination of the expected value. 
it doesn't seems to be in an usable context though.
 2012-05-14 06:32:14 +01:00
Vincent Hanquez
8509d7dbc1 rename Extension in ExtensionRaw. 2012-05-14 04:41:50 +01:00
Vincent Hanquez
e1ea61bafa factorize npn extension ID. 2012-05-14 04:41:09 +01:00
Vincent Hanquez
e6f4f9a688 add some header comment for Handshake 2012-04-27 07:29:35 +01:00
Vincent Hanquez
d8d049726d move Handshake into its own module 2012-04-27 07:28:17 +01:00
Vincent Hanquez
f93312b50f separate lowlevel IO operation in its own module. 2012-04-27 07:21:29 +01:00
Felipe Lessa
cb0cb14732 Define 'state' only for mtl >= 2.1. 
Conflicts:

	Network/TLS/State.hs
 2012-04-20 21:08:53 +01:00
Felipe Lessa
3f280e2d70 Define MonadState TLSSt's state function. 
For some reason that I still don't know, when using state's
default definition with libraries

         base-4.5.0.0-40b99d05fae6a4eea95ea69e6e0c9702
         bytestring-0.9.2.1-18f26186028d7c0e92e78edc9071d376
         cereal-0.3.5.1-c85af6bc266354ac7b256440db39e874
         certificate-1.2.1-c61f160cdafc328081aeb08858403878
         crypto-api-0.10.1-a0c00402b73cec065108abe95d6cfaf2
         cryptocipher-0.3.0-d1785d4907a85f72ffd670491df324f2
         cryptohash-0.7.4-f6e253339d77757de756f81f77755b35
         mtl-2.1-e90c46af21f3870cee46f6218510d29d

I get <<loop>> for anything that uses the 'modify' function
(which in turn is defined in terms of 'state').  In particular, I
get it for 'startHandshakeClient' which is used in the beginning
by all tls clients.  For example,

  $ tls-simpleclient graph.facebook.com 443
  tls-simpleclient: <<loop>>

This commit fixes this bug.

(This is a harmless commit in the sense that even if I don't know
why this bug was happenning, it doesn't hurt to have an explicit
definition of 'state' -- it may actually save a few nanoseconds
here and there.)

Conflicts:

	Network/TLS/State.hs
 2012-04-20 21:07:08 +01:00
Vincent Hanquez
8c5640114e rename connection* accessor to context*. 2012-03-31 23:15:23 +01:00
Vincent Hanquez
16af8ff95f add a backend close operation. 2012-03-28 08:08:33 +01:00
Vincent Hanquez
9da6b9c8c8 expand tabs. 2012-03-27 08:57:51 +01:00
Vincent Hanquez
3b4baf2f91 move encoding and decoding of NPN packet from Wire to Packet 2012-03-16 08:06:55 +00:00
Vincent Hanquez
e9a97bedb1 Merge branch 'npn' into next 
Conflicts:
	Network/TLS/Core.hs
 2012-03-15 08:59:04 +00:00
Vincent Hanquez
750cbdce75 remove client, server, clientWith, serverWith in favor of just 
contextNew and contextNewOnHandle
 2012-03-15 08:16:48 +00:00
Vincent Hanquez
00c386de3c add a role params in the params structure. 
distinguish between server and client related business.
 2012-03-15 08:04:16 +00:00
Vincent Hanquez
1d30a9479d rename newCtx into contextNewOnHandle 
newCtxWith is now contextNew
 2012-03-15 07:55:38 +00:00
Vincent Hanquez
f889defc57 more rename 2012-03-15 07:53:03 +00:00
Vincent Hanquez
da3a3e7e4b Remove TLS prefix in a few types. 
Add compatibility types aliases definitions to the new names.
 2012-03-14 08:56:28 +00:00
Vincent Hanquez
4b28c5735f Create a backend abstraction that facilitate moving arguments around. 2012-03-12 08:48:03 +00:00
Vincent Hanquez
7e8f0d0cf9 use record pattern match syntax. 2012-03-12 07:11:21 +00:00
Joey Adams
3d0071d952 Fix spelling of negotiate/negotiation in documentation 2012-03-10 16:04:44 -05:00
Joey Adams
cbfe10e9f6 Add links to the 'BufferMode' type in 'client' and 'server' 2012-03-10 15:51:46 -05:00
Joey Adams
c1ce196278 Use modifyMVar in usingState for exception safety 
Also, force the state value, to avoid potential space leaks.
 2012-03-10 14:55:04 -05:00
Joey Adams
23e91ae6f4 Fix space leak caused by updateMeasure 
modifyIORef does not force the value, so if the Measurement object is updated a
bunch of times but never examined, the program will leak memory.
 2012-03-10 11:41:01 -05:00
Lennart Kolmodin
2ed8c777b6 Add client side of Next Protocol Negotiation. 2012-02-16 12:13:13 +04:00
Vincent Hanquez
2a781dbc44 Merge remote-tracking branch 'kolmodin/npn' into npn 2012-02-14 03:54:09 +08:00
Vincent Hanquez
81464e7f1b Merge branch 'master' into npn 2012-02-14 03:52:35 +08:00
Lennart Kolmodin
1bd53d9790 Spell 'negotiation' as in the spec. 2012-02-13 22:54:04 +04:00
Lennart Kolmodin
c6d50d5fb8 Simplify server handshake state machine. 2012-02-13 12:11:12 +04:00
Lennart Kolmodin
ab2a28ada6 Use callback instead of static state for supported NPN protocols. 
onSuggestNextProtocols in TLSParams.
Expose getNegotiatedProtocol to users.
Fix condition for when to understand NPN messages.
 2012-02-12 22:59:19 +04:00
Vincent Hanquez
5c4a0d345b rename more Bytes to B.ByteString. 2012-02-11 10:50:41 +00:00
Vincent Hanquez
e0610c7f66 use ByteString instead of Bytes which is not exported. 2012-02-11 08:49:49 +00:00
Lennart Kolmodin
e3e7e3c02a Partial, but working, implementation of serverside NPN. 2012-02-08 13:20:28 +04:00
Vincent Hanquez
c17aa30599 prepare source for NPN. 2012-02-07 21:24:30 +00:00
Vincent Hanquez
08ddc1523c make recvData use strict bytestring as this more natural to the tls code. 
also add a recvData' to get the same behavior as before.
 2012-02-07 20:45:22 +00:00
Vincent Hanquez
8f706d8a56 only import necessary bits from X509. 2012-02-07 20:39:46 +00:00
Vincent Hanquez
64202c2748 refined wire helper function to support TLS opaque types directly. 
opaque type are length prefix bytestring and are used everywhere.
the helper simplify their marshalling/unmarshalling and make it less
error prone and semantically better.
 2012-02-07 07:48:11 +00:00