aboutsummaryrefslogtreecommitdiff
path: root/btls.cabal
Commit message (Collapse)AuthorAge
* Split low-level HMAC bindings into their own moduleGravatar Benjamin Barenblat2018-04-28
|
* Begin refactoring low-level foreign imports into their own hierarchyGravatar Benjamin Barenblat2018-04-28
| | | | | | | It’s clear at this point that this system is going to get large enough that a two-layer implementation is warranted. `Internal` will contain low-level bindings to BoringSSL; other modules will export an idiomatic interface on top of them.
* Move result-handling functions into their own moduleGravatar Benjamin Barenblat2018-04-28
|
* Switch to c2hsGravatar Benjamin Barenblat2018-04-28
| | | | | | | | | | Let the computer figure out its own types for most foreign imports. Continue using the vanilla FFI for finalizers, though, as that’s the easiest way to deal with function pointers. Reuse the build hook from gtk2hs-buildtools to work around Cabal’s inability to topologically sort .chs dependencies (https://github.com/haskell/cabal/issues/1906).
* Relax constraint on `process` versionGravatar Benjamin Barenblat2018-04-21
| | | | | process 1.4.2 is in Debian 9 (the current stable), and it provides everything we need.
* Correct license field in .cabal fileGravatar Benjamin Barenblat2018-04-21
| | | | | | Turns out Cabal doesn’t play well with licenses with spaces in their names. Just use “other license”, which Hackage will convert to a link to the LICENSE file.
* Apply Apache LicenseGravatar Benjamin Barenblat2018-03-28
|
* Implement HMACGravatar Benjamin Barenblat2018-03-24
|
* Data.Digest: Reify hash algorithmsGravatar Benjamin Barenblat2018-03-23
| | | | | | | Eliminate the functional interface for hashing. Hashing now occurs exclusively through the `hash` function, which accepts a `Data.Digest.Algorithm`. This makes btls somewhat less extensible, but it’s the most elegant way to support HMACs.
* Data.Digest: Switch back to EVPGravatar Benjamin Barenblat2018-01-27
| | | | | | | Use the finalizer techniques demonstrated in 4e56c79b907da4a4654e5278bdcf94b08480a426 to safely allocate `EVP_MD_CTX` on the Haskell heap. This allows us to return to the high-level EVP API, eliminating much boilerplate code.
* Implement MD5Gravatar Benjamin Barenblat2018-01-26
|
* Implement SHA-1Gravatar Benjamin Barenblat2018-01-26
|
* Data.Digest.Sha2: Cleanse hash buffers after useGravatar Benjamin Barenblat2018-01-25
| | | | | | Implement a wrapper for `OPENSSL_cleanse` and use it to securely erase hash buffers. This matches the behavior of BoringSSL’s all-in-one hash functions (`SHA256`, `SHA512`, etc.) and memory allocation subsystem.
* Data.Digest.Sha2: Improve memory managementGravatar Benjamin Barenblat2018-01-24
| | | | | | | | | Rework the SHA-2 implementation to use the low-level sha.h interface rather than the higher-level evp.h. This allows us to preallocate all the data structures, eliminating BoringSSL cleanup functions. As a result, we can implement hashing under `unsafeLocalState` (a.k.a. `unsafeDupablePerformIO`) instead of `unsafePerformIO`, which should improve performance in multithreaded programs.
* Begin writing btls, a Haskell crypto and TLS library using BoringSSLGravatar Benjamin Barenblat2017-12-30
So far, btls provides SHA-224, SHA-256, SHA-384, and SHA-512 algorithms. To do that, I - vendor BoringSSL and create a custom `Setup.hs` to build it, - wrap a number of functions and values from BoringSSL's EVP subsystem, and - implement the four SHA-2 algorithms using the wrapped routines. I provide conformance tests incorporating the official NIST example vectors and the vectors used in the Go SHA-2 test suite. The tests also use SmallCheck to compare btls’s SHA-2 implementations with those provided by the system’s Coreutils and openssl(1) installations.
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-20 12:58:06 +0000