diff options
| author | Péter Dimitrov <[email protected]> | 2019-03-18 13:32:36 +0100 |
|---|---|---|
| committer | Péter Dimitrov <[email protected]> | 2019-03-18 13:32:36 +0100 |
| commit | 0faf5d5fbef4976efc25096bd657fd562bf6145f (patch) | |
| tree | 7585e4239e33daeb9b16ab391687eb0ed638a692 /lib/ssl/src/ssl_cipher.erl | |
| parent | 1c329d9b3600356caf75636df7fd40eb8221c43d (diff) | |
| parent | a2d6b9a11bb51f85848f59982277b16197f7e6c9 (diff) | |
| download | otp-0faf5d5fbef4976efc25096bd657fd562bf6145f.tar.gz otp-0faf5d5fbef4976efc25096bd657fd562bf6145f.tar.bz2 otp-0faf5d5fbef4976efc25096bd657fd562bf6145f.zip | |
Merge branch 'peterdmv/ssl/client-auth/OTP-15591'
* peterdmv/ssl/client-auth/OTP-15591:
ssl: Improve ssl logging
ssl: Test handling of signature algorithms
ssl: Handle unencrypted Alert (Illegal Parameter)
ssl: Improve verification of received Certificate
ssl: Fix Alert logging
ssl: Fix get_handshake_context/2
ssl: Test HelloRetryRequest with client auth
ssl: Verify signature algorithm in CV
ssl: Verify CertificateVerify
ssl: Test client authentication with certificate
ssl: Validate client certificates (TLS 1.3)
ssl: Test client authentication (empty cert)
ssl: Implement state 'wait_cert'
ssl: Add ssl logger support for CertificateRequest
ssl: Fix ssl alerts
Change-Id: Id4ba14d373f116038a7cb3ff9fc33faed23031c8
Diffstat (limited to 'lib/ssl/src/ssl_cipher.erl')
| -rw-r--r-- | lib/ssl/src/ssl_cipher.erl | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl index 6e751f9ceb..fe8736d2df 100644 --- a/lib/ssl/src/ssl_cipher.erl +++ b/lib/ssl/src/ssl_cipher.erl @@ -45,7 +45,7 @@ random_bytes/1, calc_mac_hash/4, calc_mac_hash/6, is_stream_ciphersuite/1, signature_scheme/1, scheme_to_components/1, hash_size/1, effective_key_bits/1, - key_material/1]). + key_material/1, signature_algorithm_to_scheme/1]). %% RFC 8446 TLS 1.3 -export([generate_client_shares/1, generate_server_share/1, add_zero_padding/2]). @@ -900,6 +900,18 @@ scheme_to_components(rsa_pss_pss_sha512) -> {sha512, rsa_pss_pss, undefined}; scheme_to_components(rsa_pkcs1_sha1) -> {sha1, rsa_pkcs1, undefined}; scheme_to_components(ecdsa_sha1) -> {sha1, ecdsa, undefined}. + +%% TODO: Add support for EC and RSA-SSA signatures +signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?sha1WithRSAEncryption}) -> + rsa_pkcs1_sha1; +signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?sha256WithRSAEncryption}) -> + rsa_pkcs1_sha256; +signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?sha384WithRSAEncryption}) -> + rsa_pkcs1_sha384; +signature_algorithm_to_scheme(#'SignatureAlgorithm'{algorithm = ?sha512WithRSAEncryption}) -> + rsa_pkcs1_sha512. + + %% RFC 5246: 6.2.3.2. CBC Block Cipher %% %% Implementation note: Canvel et al. [CBCTIME] have demonstrated a |