mirleft · hannesm · Apr 14, 2021 · Apr 13, 2021 · Apr 13, 2021 · Apr 13, 2021
diff --git a/CHANGES.md b/CHANGES.md
@@ -1,3 +1,27 @@
+## v0.13.0 (2021-04-14)
+
+* Remove static RSA and CBC ciphersuites from default configuration. The
+  default configuration now includes FFDHE and ECDHE key exchanges with RSA or
+  ECDSA/EdDSA certificates, and AEAD ciphers
+  (AES-GCM, AES-CCM, ChaCha20-Poly1305) (#429 by @hannesm)
+* Remove SHA1 from signature_algorithms in the default configuration
+  (#429 by @hannesm)
+* Support ECDSA and EdDSA certificates and private keys via x509 0.12.0 and
+  mirage-crypto-ec (#428 by @hannesm)
+  Breaking changes:
+  - the second part of type Tls.Config.certchain is now a X509.Private_key.t
+    (previously Mirage_crypto_pk.Rsa.priv)
+  - the type aliases X509_lwt.priv and X509_lwt.authenticator have been removed
+* Use mirage-crypto-ec instead of fiat-p256 and hacl_x25519 for elliptic curve
+  support - this adds P384 and P521 ECDH support (#428 by @hannesm)
+* Remove custom Monad implementation, use Result and Rresult instead
+  (#429 by @hannesm)
+* Remove Utils.Cs submodule, use Cstruct API instead (#429 by @hannesm)
+* Breaking: Tls.Engine.ret type is now a result instead of a custom variant type
+  (#429 by @hannesm)
+* Breaking: Tls_lwt.Unix.epoch results in (Tls.Core.epoch_data, unit) result -
+  it was a custom error type previously (#429 by @hannesm)
+
 ## v0.12.8 (2020-12-08)
 
 * Re-add ECPointFormats hello extension (both client and server) to avoid

diff --git a/lib/config.ml b/lib/config.ml
@@ -87,39 +87,39 @@ module Ciphers = struct
     `DHE_RSA_WITH_AES_256_CCM ;
     `DHE_RSA_WITH_AES_128_CCM ;
     `DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ;
-    `DHE_RSA_WITH_AES_256_CBC_SHA256 ;
-    `DHE_RSA_WITH_AES_128_CBC_SHA256 ;
-    `DHE_RSA_WITH_AES_256_CBC_SHA ;
-    `DHE_RSA_WITH_AES_128_CBC_SHA ;
     `ECDHE_RSA_WITH_AES_128_GCM_SHA256 ;
     `ECDHE_RSA_WITH_AES_256_GCM_SHA384 ;
     `ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ;
-    `ECDHE_RSA_WITH_AES_256_CBC_SHA384 ;
-    `ECDHE_RSA_WITH_AES_128_CBC_SHA256 ;
-    `ECDHE_RSA_WITH_AES_256_CBC_SHA ;
-    `ECDHE_RSA_WITH_AES_128_CBC_SHA ;
-    `ECDHE_ECDSA_WITH_AES_128_CBC_SHA ;
-    `ECDHE_ECDSA_WITH_AES_256_CBC_SHA ;
-    `ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ;
-    `ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ;
     `ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ;
     `ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ;
     `ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 ;
-    `RSA_WITH_AES_256_GCM_SHA384 ;
-    `RSA_WITH_AES_128_GCM_SHA256 ;
-    `RSA_WITH_AES_256_CCM ;
-    `RSA_WITH_AES_128_CCM ;
-    `RSA_WITH_AES_256_CBC_SHA256 ;
-    `RSA_WITH_AES_128_CBC_SHA256 ;
-    `RSA_WITH_AES_256_CBC_SHA ;
-    `RSA_WITH_AES_128_CBC_SHA ;
     ]
 
   let supported = default @ [
-    `DHE_RSA_WITH_3DES_EDE_CBC_SHA ;
-    `RSA_WITH_3DES_EDE_CBC_SHA ;
-    `ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA ;
-  ]
+      `DHE_RSA_WITH_AES_256_CBC_SHA256 ;
+      `DHE_RSA_WITH_AES_128_CBC_SHA256 ;
+      `DHE_RSA_WITH_AES_256_CBC_SHA ;
+      `DHE_RSA_WITH_AES_128_CBC_SHA ;
+      `ECDHE_RSA_WITH_AES_256_CBC_SHA384 ;
+      `ECDHE_RSA_WITH_AES_128_CBC_SHA256 ;
+      `ECDHE_RSA_WITH_AES_256_CBC_SHA ;
+      `ECDHE_RSA_WITH_AES_128_CBC_SHA ;
+      `ECDHE_ECDSA_WITH_AES_128_CBC_SHA ;
+      `ECDHE_ECDSA_WITH_AES_256_CBC_SHA ;
+      `ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ;
+      `ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ;
+      `RSA_WITH_AES_256_CBC_SHA256 ;
+      `RSA_WITH_AES_128_CBC_SHA256 ;
+      `RSA_WITH_AES_256_CBC_SHA ;
+      `RSA_WITH_AES_128_CBC_SHA ;
+      `RSA_WITH_AES_256_GCM_SHA384 ;
+      `RSA_WITH_AES_128_GCM_SHA256 ;
+      `RSA_WITH_AES_256_CCM ;
+      `RSA_WITH_AES_128_CCM ;
+      `DHE_RSA_WITH_3DES_EDE_CBC_SHA ;
+      `RSA_WITH_3DES_EDE_CBC_SHA ;
+      `ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA ;
+    ]
 
   (* as defined in https://httpwg.org/specs/rfc7540.html#BadCipherSuites *)
   let http2 = default13 @ [
@@ -152,12 +152,15 @@ let default_signature_algorithms =
     `RSA_PKCS1_SHA256 ;
     `RSA_PKCS1_SHA384 ;
     `RSA_PKCS1_SHA512 ;
-    `RSA_PKCS1_SHA224 ;
-    `ECDSA_SECP256R1_SHA1 ;
-    `RSA_PKCS1_SHA1 ]
+  ]
 
 let supported_signature_algorithms =
-  default_signature_algorithms @ [ `RSA_PKCS1_MD5 ]
+  default_signature_algorithms @ [
+    `RSA_PKCS1_SHA224 ;
+    `ECDSA_SECP256R1_SHA1 ;
+    `RSA_PKCS1_SHA1 ;
+    `RSA_PKCS1_MD5
+  ]
 
 let min_dh_size = 1024
 

diff --git a/lib/control.ml b/lib/control.ml
diff --git a/lib/crypto.ml b/lib/crypto.ml
@@ -2,8 +2,7 @@ open Mirage_crypto
 
 open Ciphersuite
 
-let (<+>) = Utils.Cs.(<+>)
-
+let (<+>) = Cstruct.append
 
 (* on-the-wire dh_params <-> (group, pub_message) *)
 let dh_params_pack { Mirage_crypto_pk.Dh.p; gg ; _ } message =

diff --git a/lib/dune b/lib/dune
@@ -1,5 +1,5 @@
 (library
  (name tls)
  (public_name tls)
- (libraries cstruct cstruct-sexp logs hkdf mirage-crypto mirage-crypto-rng mirage-crypto-pk x509 sexplib domain-name fmt mirage-crypto-ec)
+ (libraries cstruct cstruct-sexp logs hkdf mirage-crypto mirage-crypto-rng mirage-crypto-pk x509 sexplib domain-name fmt mirage-crypto-ec rresult)
  (preprocess (pps ppx_sexp_conv ppx_cstruct)))