Isotopic WORD!s For More Informative States in TLS

When introducing isotopic WORD!s, I wrote:

Today I hit a good example. I was going over some stuff in the TLS code, and found this:

; Each encrypted message in TLS 1.1 and above carry a plaintext
; initialization vector, so the ctx does not use one for the whole
; session.  Unset it to make sure.
unset in ctx 'client-iv
unset in ctx 'server-iv

So in TLS 1.0 mode, there is a single "iv" (initialization vector) reused for the client and server over the whole session. But you don't want to use those fields in TLS 1.1 and above, because you're supposed to be using the data from each message.

The historical trick to catch unwanted reads of these fields was to unset them.

  • It was awkward to do so...since UNSET!s couldn't be assigned via SET-WORD!

  • Also, it didn't communicate any information besides "unset"

Today, you can painlessly get the effect...with a more meaningful error on access!

ctx.client-iv: ctx.server-iv: ~per-message~

So if you get an error on trying to access these variables, it will tell you its the isotopic WORD! of ~per-message~. You can look that up in the source or get the gist of what it means.

(I'm still thinking about how we might put the file and line number into the value itself, so you could find this assignment and get at the origin of the value!)

Using isotopes effectively is a lot of bang for the buck. Neat stuff!