shrdlu68 / cl-tls Goto Github PK
View Code? Open in Web Editor NEWAn implementation of TLS and related specifications in Common Lisp
License: BSD 3-Clause "New" or "Revised" License
An implementation of TLS and related specifications in Common Lisp
License: BSD 3-Clause "New" or "Revised" License
This requires creating modified versions of the functions #'encrypt-and-send and #'ciphertext-to-compressed that handle mac-then-encrypt rather than encrypt-then mac.
In addition, add mechanisms to the hello messages to facilitate negotiating this extension.
Hi,
if i have N and E with RSA, how to generate public key? is this library can do that?
(cl-tls:create-asn-sequence
(list '(1 2 840 113549 1 1 1) :oid)
(list n :integer)
(list e :integer))
and result is correct oct-vector, can you help me?
Implementation: sbcl
Steps to reproduce: (ql:quickload "cl-tls")
Backtrace:
0: ("undefined function" #(1779033703 3144134277 1013904242 2773480762 1359893119 2600822924 ...))
1: (ironclad::update-sha256-block # #)
2: (ironclad::mdx-updater #S(ironclad:sha256 :amount 32 :buffer #(0 0 0 0 0 0 ...) :buffer-index 32 :regs #(1779033703 3144134277 1013904242 2773480762 1359893119 2600822924 ...) :block #(0 0 0 0 0 0 .....
3: ((sb-pcl::emf ironclad:update-digest) # # #S(ironclad:sha256 :amount 32 :buffer #(0 0 0 0 0 0 ...) :buffer-index 32 :regs #(1779033703 3144134277 1013904242 277348076..
4: ((:method ironclad:prng-reseed (t ironclad:fortuna-generator)) #(239 187 46 22 44 160 ...) #<ironclad:fortuna-generator {100592CED3}>) [fast-method]
5: ((:method ironclad:prng-reseed (t ironclad:fortuna-prng)) #(239 187 46 22 44 160 ...) #<ironclad:fortuna-prng {1005929093}>) [fast-method]
6: ((:method ironclad:make-prng :around (t)) :fortuna :seed :urandom) [fast-method]
7: ((lambda (sb-pcl::.pv. sb-pcl::.next-method-call. sb-pcl::.arg0. sb-int:&more sb-pcl::.dfun-more-context. sb-pcl::.dfun-more-count.) :in "/home/gavinok/.cache/common-lisp/sbcl-2.2.9-linux-x64/home/gav..
8: ((sb-c::top-level-form (setq package (sb-int:find-undeleted-package-or-lose "CL-TLS")))) [toplevel]
9: (sb-fasl::load-fasl-group #S(sb-fasl::fasl-input :stream #<sb-sys:fd-stream for "file /home/gavinok/.cache/common-lisp/sbcl-2.2.9-linux-x64/home/gavinok/.local/share/roswell/lisp/quicklisp/dists/quick..
10: ((lambda nil :in sb-fasl::load-as-fasl))
11: (sb-impl::call-with-loader-package-names #<function (lambda nil :in sb-fasl::load-as-fasl) {100591A33B}>)
12: (sb-fasl::load-as-fasl #<sb-sys:fd-stream for "file /home/gavinok/.cache/common-lisp/sbcl-2.2.9-linux-x64/home/gavinok/.local/share/roswell/lisp/quicklisp/dists/quicklisp/software/cl-tls-20221106-git/..
13: ((labels sb-fasl::load-stream-1 :in load) #<sb-sys:fd-stream for "file /home/gavinok/.cache/common-lisp/sbcl-2.2.9-linux-x64/home/gavinok/.local/share/roswell/lisp/quicklisp/dists/quicklisp/software/c..
14: (sb-fasl::call-with-load-bindings #<function (labels sb-fasl::load-stream-1 :in load) {7F235F0BC8AB}> #<sb-sys:fd-stream for "file /home/gavinok/.cache/common-lisp/sbcl-2.2.9-linux-x64/home/gavinok/.l..
15: (load #P"/home/gavinok/.cache/common-lisp/sbcl-2.2.9-linux-x64/home/gavinok/.local/share/roswell/lisp/quicklisp/dists/quicklisp/software/cl-tls-20221106-git/src/utils.fasl" :verbose nil :print nil :if..
16: (uiop/utility:call-with-muffled-conditions #<function (lambda nil :in uiop/lisp-build:load*) {1005915BDB}> ("Overwriting already existing readtable ~S." #(#:finalizers-off-warning :asdf-finalizers)))
17: ((sb-pcl::emf asdf/action:perform) # # #<asdf/lisp-action:load-op > #<asdf/lisp-action:cl-source-file "cl-tls" "src" "utils">)
18: ((lambda nil :in asdf/action:call-while-visiting-action))
19: ((:method asdf/action:perform-with-restarts (asdf/lisp-action:load-op asdf/lisp-action:cl-source-file)) #<asdf/lisp-action:load-op > #<asdf/lisp-action:cl-source-file "cl-tls" "src" "utils">) [fast-me..
20: ((:method asdf/action:perform-with-restarts :around (t t)) #<asdf/lisp-action:load-op > #<asdf/lisp-action:cl-source-file "cl-tls" "src" "utils">) [fast-method]
21: ((:method asdf/plan:perform-plan (t)) #<asdf/plan:sequential-plan {10027F6CE3}>) [fast-method]
22: ((flet sb-c::with-it :in sb-c::%with-compilation-unit))
23: ((:method asdf/plan:perform-plan :around (t)) #<asdf/plan:sequential-plan {10027F6CE3}>) [fast-method]
24: ((:method asdf/operate:operate (asdf/operation:operation asdf/component:component)) #<asdf/lisp-action:load-op > #<asdf/system:system "cl-tls"> :plan-class nil :plan-options nil) [fast-method]
25: ((sb-pcl::emf asdf/operate:operate) # # #<asdf/lisp-action:load-op > #<asdf/system:system "cl-tls"> :verbose nil)
26: ((lambda nil :in asdf/operate:operate))
27: ((:method asdf/operate:operate :around (t t)) #<asdf/lisp-action:load-op > #<asdf/system:system "cl-tls"> :verbose nil) [fast-method]
28: ((sb-pcl::emf asdf/operate:operate) # # asdf/lisp-action:load-op "cl-tls" :verbose nil)
29: ((lambda nil :in asdf/operate:operate))
30: ((:method asdf/operate:operate :around (t t)) asdf/lisp-action:load-op "cl-tls" :verbose nil) [fast-method]
31: (asdf/session:call-with-asdf-session #<function (lambda nil :in asdf/operate:operate) {10027ECCDB}> :override t :key nil :override-cache t :override-forcing nil)
32: ((lambda nil :in asdf/operate:operate))
33: (asdf/session:call-with-asdf-session #<function (lambda nil :in asdf/operate:operate) {10027E1FEB}> :override nil :key nil :override-cache nil :override-forcing nil)
34: ((:method asdf/operate:operate :around (t t)) asdf/lisp-action:load-op "cl-tls" :verbose nil) [fast-method]
35: (asdf/operate:load-system "cl-tls" :verbose nil)
36: (quicklisp-client::call-with-macroexpand-progress #<function (lambda nil :in quicklisp-client::apply-load-strategy) {10027E1F5B}>)
37: (quicklisp-client::autoload-system-and-dependencies "cl-tls" :prompt nil)
38: ((:method ql-impl-util::%call-with-quiet-compilation (t t)) # #<function (flet quicklisp-client::ql :in quicklisp-client:quickload) {10027CB8DB}>) [fast-method]
39: ((:method ql-impl-util::%call-with-quiet-compilation :around (ql-impl:sbcl t)) #<ql-impl:sbcl {100523C1D3}> #<function (flet quicklisp-client::ql :in quicklisp-client:quickload) {10027CB8DB}>) [fast-m..
40: ((:method quicklisp-client:quickload (t)) "cl-tls" :prompt nil :silent nil :verbose nil) [fast-method]
41: (ql-dist::call-with-consistent-dists #<function (lambda nil :in quicklisp-client:quickload) {10027A616B}>)
42: (sb-int:simple-eval-in-lexenv (quicklisp-client:quickload "cl-tls") #)
43: (eval (quicklisp-client:quickload "cl-tls"))
44: ((lambda nil :in slynk-mrepl::mrepl-eval-1))
45: (slynk::call-with-retry-restart "Retry SLY mREPL evaluation request." #<function (lambda nil :in slynk-mrepl::mrepl-eval-1) {10027A566B}>)
46: ((lambda nil :in slynk-mrepl::mrepl-eval-1))
47: ((lambda nil :in slynk::call-with-listener))
48: (slynk::call-with-bindings # #)
49: (slynk-mrepl::mrepl-eval-1 # #)
50: (slynk-mrepl::mrepl-eval #<slynk-mrepl::mrepl mrepl-1-1> #)
51: (slynk:process-requests nil)
52: ((lambda nil :in slynk::spawn-channel-thread))
53: ((lambda nil :in slynk::spawn-channel-thread))
54: (slynk-sbcl::call-with-break-hook # #)
55: ((flet slynk-backend:call-with-debugger-hook :in "/home/gavinok/.emacs.d/elpa/sly-20221108.2234/slynk/backend/sbcl.lisp") # #)
56: ((lambda nil :in slynk::call-with-listener))
57: (slynk::call-with-bindings # #)
58: ((lambda nil :in slynk::spawn-channel-thread))
59: ((flet sb-unix::body :in sb-thread::run))
60: ((flet "WITHOUT-INTERRUPTS-BODY-11" :in sb-thread::run))
61: ((flet sb-unix::body :in sb-thread::run))
62: ((flet "WITHOUT-INTERRUPTS-BODY-4" :in sb-thread::run))
63: (sb-thread::run)
64: ("foreign function: call_into_lisp_")
Hi my latter-day-paypal library https://github.com/K1D77A/latter-day-paypal depends on this library to verify the integrity of webhooks sent from paypal, so I was wondering if you could either give me permission to ask Xach to add this to QL or if you could ask yourself @ https://github.com/quicklisp/quicklisp-projects/issues
Thanks ๐
Validate parameters as in rfc2631 or ANSI X9.42 to ensure the parameters we receive from the other party are cryptographically secure.
Specified in https://tools.ietf.org/html/rfc6961
OCSP stapling eliminates privacy concerns for OCSP and saves bandwidth for clients by requiring server to query OCSP responders themselves.
The function that implements section 2.2.1.1 of rfc2631 needs to be rewritten.
This is needed because the current implementation does not pass the correctness tests in the specs.
./testssl.sh -e -E -s -f -p -g -S -P -x -c -h -U -H -I -T -R -C -B -O -Z -W -A -L -F -J -D -4 https://127.0.0.1:443/
it shows some item not ok.
please fix these security issues of cl-tls.
Vulnerabilitie | Severity | Attack | Fix_plan | Refer_to | Status |
---|---|---|---|---|---|
CVE-2011-1473 | Medium | Renegotiation Attack | secure renegotiation | RFC 5746 | repairable |
CVE-2013-0169 | Low | Lucky13 | use aes_gcm | RFC 5288 | |
CVE-2016-2183 | High | Sweet32 | remove 3des | RFC 8429 | fixed at 1307891 |
CVE-2011-3389 | Medium | BEAST | use random iv | RFC 5246 | d4b3489 (False positive) |
Line 247 in 2ab4fc3
mode | mac | way | name |
---|---|---|---|
aes-cbc | hmac | mac-then-encrypt | cbc |
aes-gcm | gmac | encrypt-then-mac | ctr |
The following lisp code may help a little:
Line 447 in 1307891
;; Add tls extensions
(fast-io:fast-write-sequence something-and-empty-renegotiation-info-octets msg)
Line 51 in 2ab4fc3
;; Session close
(defun close-tls-session (session)
nil)
;; Session handshake timeout or active timeout
(defun start-to-check-timeout ()
(loop
nil))
Line 937 in 2ab4fc3
;; Success, connection is now open
(if (eql state :open)
(error "this server disable renegotiation")
(setf state :open))
cl-tls/src/tls/ciphersuites.lisp
Line 314 in 2ab4fc3
;; Remove anon rc4 3des
(member arg
(union
(union +anon-authentication-suites+ +rc4-encryption-suites+)
+3des-encryption-suites+)
:test #'equal)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.