upstream: github.com/mirleft/ocaml-tls
Fix merlint lint warnings: missing docs, doc style, test inclusion
Resolve E400 (missing documentation), E410 (bad doc style), E615
(missing test suite), and E616 (use failf) across the monorepo.
Also fix test_timing to reference Requests.Timing instead of
non-existent Http.Timing.
+142
+1
eio/tests/fuzz/fuzz_tls.mli
+1
eio/tests/fuzz/fuzz_tls.mli
+1
eio/tests/test_x509_eio.mli
+1
eio/tests/test_x509_eio.mli
+9
lib/handshake_client.mli
+9
lib/handshake_client.mli
···
3
3
4
4
val default_client_hello :
5
5
Config.config -> client_hello * tls_version * (group * dh_secret) list
6
+
(** [default_client_hello config] constructs the initial ClientHello message,
7
+
the negotiated TLS version, and ephemeral key shares from the given
8
+
configuration. *)
6
9
7
10
val handle_change_cipher_spec :
8
11
client_handshake_state ->
9
12
handshake_state ->
10
13
string ->
11
14
(handshake_return, failure) result
15
+
(** [handle_change_cipher_spec state hs raw] processes an incoming
16
+
ChangeCipherSpec message on the client side. *)
12
17
13
18
val handle_handshake :
14
19
client_handshake_state ->
15
20
handshake_state ->
16
21
string ->
17
22
(handshake_return, failure) result
23
+
(** [handle_handshake state hs raw] processes an incoming handshake message on
24
+
the client side and advances the handshake state machine. *)
18
25
19
26
val answer_hello_request : handshake_state -> (handshake_return, failure) result
27
+
(** [answer_hello_request hs] responds to a server HelloRequest by initiating a
28
+
new handshake renegotiation. *)
+8
lib/handshake_crypto.mli
+8
lib/handshake_crypto.mli
···
6
6
string ->
7
7
string list ->
8
8
Core.master_secret
9
+
(** [derive_master_secret version session premaster log] derives the master
10
+
secret from the pre-master secret and handshake log using the PRF for the
11
+
given TLS version. *)
9
12
10
13
val initialise_crypto_ctx :
11
14
Core.tls_before_13 -> session_data -> crypto_context * crypto_context
15
+
(** [initialise_crypto_ctx version session] creates the client and server crypto
16
+
contexts (keys and IVs) from the session's master secret and random values.
17
+
*)
12
18
13
19
val finished :
14
20
Core.tls_before_13 ->
···
17
23
string ->
18
24
string list ->
19
25
string
26
+
(** [finished version suite master label log] computes the Finished verify data
27
+
from the master secret and handshake log. *)
20
28
21
29
val pseudo_random_function :
22
30
Core.tls_before_13 ->
+6
lib/handshake_server.mli
+6
lib/handshake_server.mli
···
1
1
open State
2
2
3
3
val hello_request : handshake_state -> (handshake_return, failure) result
4
+
(** [hello_request hs] sends a HelloRequest message to the client to initiate
5
+
renegotiation. *)
4
6
5
7
val handle_change_cipher_spec :
6
8
server_handshake_state ->
7
9
handshake_state ->
8
10
string ->
9
11
(handshake_return, failure) result
12
+
(** [handle_change_cipher_spec state hs raw] processes an incoming
13
+
ChangeCipherSpec message on the server side. *)
10
14
11
15
val handle_handshake :
12
16
server_handshake_state ->
13
17
handshake_state ->
14
18
string ->
15
19
(handshake_return, failure) result
20
+
(** [handle_handshake state hs raw] processes an incoming handshake message on
21
+
the server side and advances the handshake state machine. *)
+38
lib/reader.mli
+38
lib/reader.mli
···
1
1
val parse_version : string -> (Core.tls_version, [> `Decode of string ]) result
2
+
(** [parse_version buf] decodes a two-byte TLS version from [buf]. *)
2
3
3
4
val parse_any_version :
4
5
string -> (Core.tls_any_version, [> `Decode of string ]) result
6
+
(** [parse_any_version buf] decodes a two-byte TLS version from [buf], accepting
7
+
any version including SSL 3.0. *)
5
8
6
9
val parse_record :
7
10
string ->
···
10
13
| `Protocol_version of [> `Unknown_record of int * int ]
11
14
| `Record_overflow of int ] )
12
15
result
16
+
(** [parse_record buf] attempts to parse a complete TLS record from [buf].
17
+
Returns [`Record] with the header, payload, and trailing data, or
18
+
[`Fragment] if [buf] does not yet contain a complete record. *)
13
19
14
20
val parse_handshake_frame : string -> string option * string
21
+
(** [parse_handshake_frame buf] extracts a complete handshake message from
22
+
[buf]. Returns [Some payload, rest] when a full frame is available, or
23
+
[None, buf] otherwise. *)
15
24
16
25
val parse_handshake :
17
26
string -> (Core.tls_handshake, [> `Decode of string ]) result
27
+
(** [parse_handshake buf] decodes a TLS handshake message from [buf]. *)
18
28
19
29
val parse_alert : string -> (Core.tls_alert, [> `Decode of string ]) result
30
+
(** [parse_alert buf] decodes a TLS alert (level and type) from [buf]. *)
31
+
20
32
val parse_change_cipher_spec : string -> (unit, [> `Decode of string ]) result
33
+
(** [parse_change_cipher_spec buf] validates a ChangeCipherSpec message. *)
21
34
22
35
val parse_certificate_request :
23
36
string ->
24
37
( Packet.client_certificate_type list * string list,
25
38
[> `Decode of string ] )
26
39
result
40
+
(** [parse_certificate_request buf] decodes a TLS 1.0/1.1 CertificateRequest
41
+
message, returning the accepted certificate types and distinguished names.
42
+
*)
27
43
28
44
val parse_certificate_request_1_2 :
29
45
string ->
···
32
48
* string list,
33
49
[> `Decode of string ] )
34
50
result
51
+
(** [parse_certificate_request_1_2 buf] decodes a TLS 1.2 CertificateRequest
52
+
message, returning the accepted certificate types, signature algorithms, and
53
+
distinguished names. *)
35
54
36
55
val parse_certificate_request_1_3 :
37
56
string ->
38
57
( string option * Core.certificate_request_extension list,
39
58
[> `Decode of string ] )
40
59
result
60
+
(** [parse_certificate_request_1_3 buf] decodes a TLS 1.3 CertificateRequest
61
+
message, returning the optional context and request extensions. *)
41
62
42
63
val parse_certificates : string -> (string list, [> `Decode of string ]) result
64
+
(** [parse_certificates buf] decodes a certificate chain from [buf], returning a
65
+
list of DER-encoded certificates. *)
43
66
44
67
val parse_certificates_1_3 :
45
68
string -> (string * (string * 'a list) list, [> `Decode of string ]) result
69
+
(** [parse_certificates_1_3 buf] decodes a TLS 1.3 certificate chain from [buf],
70
+
returning the request context and list of certificates with their
71
+
extensions. *)
46
72
47
73
val parse_client_dh_key_exchange :
48
74
string -> (string, [> `Decode of string ]) result
75
+
(** [parse_client_dh_key_exchange buf] decodes the client's Diffie-Hellman
76
+
public value from [buf]. *)
49
77
50
78
val parse_client_ec_key_exchange :
51
79
string -> (string, [> `Decode of string ]) result
80
+
(** [parse_client_ec_key_exchange buf] decodes the client's ECDH public value
81
+
from [buf]. *)
52
82
53
83
val parse_dh_parameters :
54
84
string ->
55
85
(Core.dh_parameters * string * string, [> `Decode of string ]) result
86
+
(** [parse_dh_parameters buf] decodes Diffie-Hellman parameters (p, g, Ys) and
87
+
the trailing signature data from [buf]. *)
56
88
57
89
val parse_ec_parameters :
58
90
string ->
59
91
( [ `X25519 | `P256 | `P384 | `P521 ] * string * string * string,
60
92
[> `Decode of string ] )
61
93
result
94
+
(** [parse_ec_parameters buf] decodes the named curve, public point, and
95
+
trailing signature data from [buf]. *)
62
96
63
97
val parse_digitally_signed : string -> (string, [> `Decode of string ]) result
98
+
(** [parse_digitally_signed buf] decodes a digitally-signed struct (TLS 1.0/1.1
99
+
format) from [buf]. *)
64
100
65
101
val parse_digitally_signed_1_2 :
66
102
string -> (Core.signature_algorithm * string, [> `Decode of string ]) result
103
+
(** [parse_digitally_signed_1_2 buf] decodes a digitally-signed struct (TLS 1.2
104
+
format) including the signature algorithm from [buf]. *)
+47
lib/writer.mli
+47
lib/writer.mli
···
1
1
val assemble_protocol_version : ?buf:bytes -> Core.tls_version -> string
2
+
(** [assemble_protocol_version ?buf version] encodes a TLS version as a two-byte
3
+
string. *)
4
+
2
5
val assemble_handshake : Core.tls_handshake -> string
6
+
(** [assemble_handshake hs] serializes a TLS handshake message to its wire
7
+
format. *)
8
+
3
9
val assemble_message_hash : int -> string
10
+
(** [assemble_message_hash len] constructs a synthetic message_hash handshake
11
+
message of the given hash length (used in TLS 1.3 HelloRetryRequest). *)
12
+
4
13
val assemble_hdr : Core.tls_version -> Packet.content_type * string -> string
14
+
(** [assemble_hdr version ct_payload] wraps the payload in a TLS record header
15
+
with the given version and content type. *)
16
+
5
17
val assemble_alert : ?level:Packet.alert_level -> Packet.alert_type -> string
18
+
(** [assemble_alert ?level alert_type] encodes a TLS alert message. *)
19
+
6
20
val assemble_change_cipher_spec : string
21
+
(** The wire encoding of a ChangeCipherSpec message. *)
22
+
7
23
val assemble_dh_parameters : Core.dh_parameters -> string
24
+
(** [assemble_dh_parameters params] serializes Diffie-Hellman parameters (p, g,
25
+
Ys) to their wire format. *)
26
+
8
27
val assemble_ec_parameters : Core.group -> string -> string
28
+
(** [assemble_ec_parameters group public] serializes ECDH parameters (named
29
+
curve and public point) to their wire format. *)
30
+
9
31
val assemble_client_dh_key_exchange : string -> string
32
+
(** [assemble_client_dh_key_exchange public] encodes the client's DH public
33
+
value for a ClientKeyExchange message. *)
34
+
10
35
val assemble_client_ec_key_exchange : string -> string
36
+
(** [assemble_client_ec_key_exchange public] encodes the client's ECDH public
37
+
value for a ClientKeyExchange message. *)
38
+
11
39
val assemble_digitally_signed : string -> string
40
+
(** [assemble_digitally_signed signature] encodes a digitally-signed struct (TLS
41
+
1.0/1.1 format). *)
42
+
12
43
val assemble_digitally_signed_1_2 : Core.signature_algorithm -> string -> string
44
+
(** [assemble_digitally_signed_1_2 algo signature] encodes a digitally-signed
45
+
struct (TLS 1.2 format) including the signature algorithm. *)
13
46
14
47
val assemble_certificate_request :
15
48
Packet.client_certificate_type list -> string list -> string
49
+
(** [assemble_certificate_request types dns] encodes a TLS 1.0/1.1
50
+
CertificateRequest message with the given certificate types and
51
+
distinguished names. *)
16
52
17
53
val assemble_certificate_request_1_2 :
18
54
Packet.client_certificate_type list ->
19
55
Core.signature_algorithm list ->
20
56
string list ->
21
57
string
58
+
(** [assemble_certificate_request_1_2 types algos dns] encodes a TLS 1.2
59
+
CertificateRequest message with the given certificate types, signature
60
+
algorithms, and distinguished names. *)
22
61
23
62
val assemble_certificate_request_1_3 :
24
63
?context:string -> Core.certificate_request_extension list -> string
64
+
(** [assemble_certificate_request_1_3 ?context extensions] encodes a TLS 1.3
65
+
CertificateRequest message with the optional context and request extensions.
66
+
*)
25
67
26
68
val assemble_certificates : string list -> string
69
+
(** [assemble_certificates certs] encodes a certificate chain from a list of
70
+
DER-encoded certificates. *)
71
+
27
72
val assemble_certificates_1_3 : string -> string list -> string
73
+
(** [assemble_certificates_1_3 context certs] encodes a TLS 1.3 certificate
74
+
chain with the given request context. *)
+1
test/eio/test_tls_eio.mli
+1
test/eio/test_tls_eio.mli
+15
test/helpers/mock_rng.mli
+15
test/helpers/mock_rng.mli
···
3
3
type g = int ref
4
4
5
5
val block : int
6
+
(** Block size of the mock RNG. *)
7
+
6
8
val v : ?time:(unit -> int64) -> unit -> g
9
+
(** [v ()] creates a new mock RNG generator. *)
10
+
7
11
val generate_into : g:g -> bytes -> off:int -> int -> unit
12
+
(** [generate_into ~g buf ~off len] writes [len] deterministic bytes into [buf]
13
+
at offset [off]. *)
14
+
8
15
val reseed : g:g -> string -> unit
16
+
(** [reseed ~g seed] reseeds the generator with [seed]. *)
17
+
9
18
val accumulate : g:g -> Crypto_rng.Entropy.source -> [ `Acc of string -> unit ]
19
+
(** [accumulate ~g source] returns an entropy accumulator for the given source.
20
+
*)
21
+
10
22
val seeded : g:g -> bool
23
+
(** [seeded ~g] is [true] if [g] has been seeded. *)
24
+
11
25
val pools : int
26
+
(** Number of entropy pools. *)
+1
test/test_ciphersuite.mli
+1
test/test_ciphersuite.mli
+1
test/test_core.mli
+1
test/test_core.mli
+1
test/test_handshake_client.mli
+1
test/test_handshake_client.mli
+1
test/test_handshake_client13.mli
+1
test/test_handshake_client13.mli
+1
test/test_handshake_common.mli
+1
test/test_handshake_common.mli
+1
test/test_handshake_crypto.mli
+1
test/test_handshake_crypto.mli
+1
test/test_handshake_crypto13.mli
+1
test/test_handshake_crypto13.mli
+1
test/test_handshake_server.mli
+1
test/test_handshake_server.mli
+1
test/test_handshake_server13.mli
+1
test/test_handshake_server13.mli
+1
test/test_packet.mli
+1
test/test_packet.mli
+1
test/test_reader.mli
+1
test/test_reader.mli
+1
test/test_state.mli
+1
test/test_state.mli
+1
test/test_tls_crypto.mli
+1
test/test_tls_crypto.mli
+1
test/test_utils.mli
+1
test/test_utils.mli