aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
...
* Data.Digest: Reify hash algorithmsGravatar Benjamin Barenblat2018-03-23
| | | | | | | Eliminate the functional interface for hashing. Hashing now occurs exclusively through the `hash` function, which accepts a `Data.Digest.Algorithm`. This makes btls somewhat less extensible, but it’s the most elegant way to support HMACs.
* Update BoringSSLGravatar Benjamin Barenblat2018-03-23
|
* Data.Digest: Switch back to EVPGravatar Benjamin Barenblat2018-01-27
| | | | | | | Use the finalizer techniques demonstrated in 4e56c79b907da4a4654e5278bdcf94b08480a426 to safely allocate `EVP_MD_CTX` on the Haskell heap. This allows us to return to the high-level EVP API, eliminating much boilerplate code.
* Implement MD5Gravatar Benjamin Barenblat2018-01-26
|
* Implement SHA-1Gravatar Benjamin Barenblat2018-01-26
|
* Data.Digest.Sha2: Accept lazy ByteStringsGravatar Benjamin Barenblat2018-01-26
| | | | | | | Switch SHA-2 API to use lazy ByteStrings rather than strict. Lazy ByteStrings make the hash function compatible with streaming I/O patterns; users no longer need to preload all the data they wish to hash into RAM.
* Data.Digest.Sha2: Cleanse hash buffers after useGravatar Benjamin Barenblat2018-01-25
| | | | | | Implement a wrapper for `OPENSSL_cleanse` and use it to securely erase hash buffers. This matches the behavior of BoringSSL’s all-in-one hash functions (`SHA256`, `SHA512`, etc.) and memory allocation subsystem.
* Data.Digest.Sha2: Improve memory managementGravatar Benjamin Barenblat2018-01-24
| | | | | | | | | Rework the SHA-2 implementation to use the low-level sha.h interface rather than the higher-level evp.h. This allows us to preallocate all the data structures, eliminating BoringSSL cleanup functions. As a result, we can implement hashing under `unsafeLocalState` (a.k.a. `unsafeDupablePerformIO`) instead of `unsafePerformIO`, which should improve performance in multithreaded programs.
* Update BoringSSLGravatar Benjamin Barenblat2018-01-24
|
* Begin writing btls, a Haskell crypto and TLS library using BoringSSLGravatar Benjamin Barenblat2017-12-30
So far, btls provides SHA-224, SHA-256, SHA-384, and SHA-512 algorithms. To do that, I - vendor BoringSSL and create a custom `Setup.hs` to build it, - wrap a number of functions and values from BoringSSL's EVP subsystem, and - implement the four SHA-2 algorithms using the wrapped routines. I provide conformance tests incorporating the official NIST example vectors and the vectors used in the Go SHA-2 test suite. The tests also use SmallCheck to compare btls’s SHA-2 implementations with those provided by the system’s Coreutils and openssl(1) installations.
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-03 14:53:31 +0000