aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src/ssl_cipher.erl
diff options
context:
space:
mode:
authorIngela Anderton Andin <ingela@erlang.org>2013-08-14 15:31:21 +0200
committerIngela Anderton Andin <ingela@erlang.org>2013-09-02 09:39:11 +0200
commitc2045419346ea46f3f8ad89dfedd5169adb7c9c4 (patch)
tree3416061249fc7237d7de68ae73cf2978f7bddbe8 /lib/ssl/src/ssl_cipher.erl
parent63a3de06cfc02762ff933bf34ec2a4307f51749b (diff)
downloadotp-c2045419346ea46f3f8ad89dfedd5169adb7c9c4.tar.gz
otp-c2045419346ea46f3f8ad89dfedd5169adb7c9c4.tar.bz2
otp-c2045419346ea46f3f8ad89dfedd5169adb7c9c4.zip
ssl: Handle signature_algorithm field in digitally_signed properly
with proper defaults Added ssl_ECC_SUITE
Diffstat (limited to 'lib/ssl/src/ssl_cipher.erl')
-rw-r--r--lib/ssl/src/ssl_cipher.erl21
1 files changed, 11 insertions, 10 deletions
diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl
index ec5d793d65..09aad8e414 100644
--- a/lib/ssl/src/ssl_cipher.erl
+++ b/lib/ssl/src/ssl_cipher.erl
@@ -36,7 +36,7 @@
decipher/5, cipher/5,
suite/1, suites/1, anonymous_suites/0, psk_suites/1, srp_suites/0,
openssl_suite/1, openssl_suite_name/1, filter/2, filter_suites/1,
- hash_algorithm/1, sign_algorithm/1]).
+ hash_algorithm/1, sign_algorithm/1, is_acceptable_hash/2]).
-compile(inline).
@@ -1009,6 +1009,7 @@ filter(DerCert, Ciphers) ->
filter_keyuse(OtpCert, (Ciphers -- rsa_keyed_suites()) -- dsa_signed_suites(),
[], ecdhe_ecdsa_suites())
end,
+
case public_key:pkix_sign_types(SigAlg#'SignatureAlgorithm'.algorithm) of
{_, rsa} ->
Ciphers1 -- ecdsa_signed_suites();
@@ -1191,15 +1192,15 @@ hash_size(md5) ->
hash_size(sha) ->
20;
%% Uncomment when adding cipher suite that needs it
-%% hash_size(sha224) ->
-%% 28;
+hash_size(sha224) ->
+ 28;
hash_size(sha256) ->
32;
hash_size(sha384) ->
- 48.
+ 48;
%% Uncomment when adding cipher suite that needs it
-%% hash_size(sha512) ->
-%% 64.
+hash_size(sha512) ->
+ 64.
%% RFC 5246: 6.2.3.2. CBC Block Cipher
%%
@@ -1259,15 +1260,15 @@ generic_stream_cipher_from_bin(T, HashSz) ->
%% SSL 3.0 and TLS 1.0 as it is not strictly required and breaks
%% interopability with for instance Google.
is_correct_padding(#generic_block_cipher{padding_length = Len,
- padding = Padding}, {3, N})
+ padding = Padding}, {3, N})
when N == 0; N == 1 ->
Len == byte_size(Padding);
%% Padding must be check in TLS 1.1 and after
is_correct_padding(#generic_block_cipher{padding_length = Len,
- padding = Padding}, _) ->
+ padding = Padding}, _) ->
Len == byte_size(Padding) andalso
list_to_binary(lists:duplicate(Len, Len)) == Padding.
-
+
get_padding(Length, BlockSize) ->
get_padding_aux(BlockSize, Length rem BlockSize).
@@ -1291,7 +1292,7 @@ next_iv(Bin, IV) ->
rsa_signed_suites() ->
dhe_rsa_suites() ++ rsa_suites() ++
psk_rsa_suites() ++ srp_rsa_suites() ++
- ecdh_rsa_suites().
+ ecdh_rsa_suites() ++ ecdhe_rsa_suites().
rsa_keyed_suites() ->
dhe_rsa_suites() ++ rsa_suites() ++