tls 2.1.13 → 2.1.14
raw patch · 7 files changed
+33/−12 lines, 7 filesdep ~network-run
Dependency ranges changed: network-run
Files
- CHANGELOG.md +6/−0
- Network/TLS/Crypto.hs +14/−0
- test/Arbitrary.hs +1/−1
- test/PubKey.hs +1/−0
- tls.cabal +2/−2
- util/tls-client.hs +8/−8
- util/tls-server.hs +1/−1
CHANGELOG.md view
@@ -1,5 +1,11 @@ # Change log for "tls" +## Version 2.1.14++* Supporting P384 and P521 curves.+ [#511](https://github.com/haskell-tls/hs-tls/pull/511)+* Fixing some bugs of `tls-client`.+ ## Version 2.1.13 * Don't contain early_data if serverEarlyDataSize is 0.
Network/TLS/Crypto.hs view
@@ -433,6 +433,8 @@ kxSupportedPrivKeyEC privkey = case ecPrivKeyCurveName privkey of Just ECC.SEC_p256r1 -> True+ Just ECC.SEC_p384r1 -> True+ Just ECC.SEC_p521r1 -> True _ -> False -- Perform a public-key operation with a parameterized ECC implementation when@@ -453,6 +455,10 @@ Nothing -> Just whenUnknown Just ECC.SEC_p256r1 -> maybeCryptoError $ withProxy p256 <$> ECDSA.decodePublic p256 bs+ Just ECC.SEC_p384r1 ->+ maybeCryptoError $ withProxy p384 <$> ECDSA.decodePublic p384 bs+ Just ECC.SEC_p521r1 ->+ maybeCryptoError $ withProxy p521 <$> ECDSA.decodePublic p521 bs Just curveName -> let curve = ECC.getCurveByName curveName pub = unserializePoint curve pt@@ -482,9 +488,17 @@ -- using ECDSA.decodePrivate, unfortunately the data type chosen in -- x509 was Integer. maybeCryptoError $ withProxy p256 <$> ECDSA.scalarFromInteger p256 d+ Just ECC.SEC_p384r1 ->+ maybeCryptoError $ withProxy p384 <$> ECDSA.scalarFromInteger p384 d+ Just ECC.SEC_p521r1 ->+ maybeCryptoError $ withProxy p521 <$> ECDSA.scalarFromInteger p521 d Just curveName -> Just $ withUnsupported curveName where d = privkeyEC_priv privkey p256 :: Proxy ECDSA.Curve_P256R1 p256 = Proxy+p384 :: Proxy ECDSA.Curve_P384R1+p384 = Proxy+p521 :: Proxy ECDSA.Curve_P521R1+p521 = Proxy
test/Arbitrary.hs view
@@ -407,7 +407,7 @@ return (clientState, serverState) arbitraryClientCredential :: Version -> Gen Credential-arbitraryClientCredential _ = arbitraryCredentialsOfEachType' >>= elements+arbitraryClientCredential _ = arbitraryCredentialsOfEachCurve' >>= elements arbitraryRSACredentialWithUsage :: [ExtKeyUsageFlag] -> Gen (CertificateChain, PrivKey)
test/PubKey.hs view
@@ -91,6 +91,7 @@ knownECCurves = [ ECC.SEC_p256r1 , ECC.SEC_p384r1+ , ECC.SEC_p521r1 ] defaultECCurve :: ECC.CurveName
tls.cabal view
@@ -1,6 +1,6 @@ cabal-version: >=1.10 name: tls-version: 2.1.13+version: 2.1.14 license: BSD3 license-file: LICENSE copyright: Vincent Hanquez <vincent@snarc.org>@@ -226,7 +226,7 @@ crypton-x509-system, ech-config, network,- network-run >= 0.4.4,+ network-run >= 0.5, tls if flag(devel)
util/tls-client.hs view
@@ -74,7 +74,7 @@ } usage :: String-usage = "Usage: quic-client [OPTION] addr port [path]"+usage = "Usage: tls-client [OPTION] addr port [path]" options :: [OptDescr (Options -> Options)] options =@@ -220,13 +220,13 @@ , auxShow = showContent , auxReadResumptionData = readIORef ref }- mstore <- do- mstore' <- case optTrustedAnchor of- Nothing -> - if optValidate then Just <$> getSystemCertificateStore else return Nothing- Just file -> readCertificateStore file- when (isNothing mstore') $ showUsageAndExit "cannot set trusted anchor"- return mstore'+ mstore <- case optTrustedAnchor of+ Nothing ->+ if optValidate then Just <$> getSystemCertificateStore else return Nothing+ Just file -> do+ mstore' <- readCertificateStore file+ when (isNothing mstore') $ showUsageAndExit "cannot set trusted anchor"+ return mstore' echConfList <- case optECHConfigFile of Nothing -> return [] Just ecnff ->
util/tls-server.hs view
@@ -113,7 +113,7 @@ ] usage :: String-usage = "Usage: server [OPTION] addr port"+usage = "Usage: tls-server [OPTION] addr port" showUsageAndExit :: String -> IO a showUsageAndExit msg = do