Merge branch 'ia/ssl/tls1.1and1.2' into maint

* ia/ssl/tls1.1and1.2: (46 commits)
  ssl: Clean up of code thanks to dialyzer
  ssl: Test suite adjustments
  ssl & public_key: Prepare for release
  ssl: Use crypto:strong_rand_bytes if possible
  ssl & public_key: Add use of more "sha-rsa oids"
  ssl: Fix inet header option to behave as in inet
  ssl: TLS 1.2: fix hash and signature handling
  ssl: TLS 1.2: fix Certificate Request list of Accepted Signatur/Hash combinations
  ssl: Add Signature Algorithms hello extension from TLS 1.2
  ssl: Fix rizzo tests to run as intended
  ssl: TLS-1.1 and TLS-1.2 support should not be default until R16
  ssl: Signture type bug
  ssl: Add crypto support check (TLS 1.2 require sha256 support)
  ssl: Dialyzer fixes
  ssl: IDEA cipher is deprecated by TLS 1.2
  ssl: Run relevant tests for all SSL/TLS versions
  ssl: Add TLS version switches to openssl tests
  ssl: Enable TLS 1.2
  ssl: Enable mac_hash for TLS 1.2
  ssl: Implement TLS 1.2 signature support
  ...

1 files changed, 25 insertions, 4 deletions

diff --git a/lib/ssl/src/ssl_handshake.hrl b/lib/ssl/src/ssl_handshake.hrl
index fb0ebac7d1..cc17dc2975 100644
--- a/lib/ssl/src/ssl_handshake.hrl
+++ b/lib/ssl/src/ssl_handshake.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -31,6 +31,13 @@
 -type algo_oid()          :: ?'rsaEncryption' | ?'id-dsa'.
 -type public_key_params() :: #'Dss-Parms'{} | term().
 -type public_key_info()   :: {algo_oid(), #'RSAPublicKey'{} | integer() , public_key_params()}.
+-type tls_handshake_history() :: {[binary()], [binary()]}.
+
+%% Signature algorithms
+-define(ANON, 0).
+-define(RSA, 1).
+-define(DSA, 2).
+-define(ECDSA, 3).
 
 -record(session, {
 	  session_id,
@@ -89,7 +96,8 @@
 	  session_id,         % opaque SessionID<0..32>
 	  cipher_suites,      % cipher_suites<2..2^16-1>
 	  compression_methods, % compression_methods<1..2^8-1>,
-	  renegotiation_info
+	  renegotiation_info,
+	  hash_signs          % supported combinations of hashes/signature algos
 	 }).
 
 -record(server_hello, {
@@ -98,7 +106,8 @@
 	  session_id,         % opaque SessionID<0..32>
 	  cipher_suite,       % cipher_suites
 	  compression_method, % compression_method
-	  renegotiation_info
+	  renegotiation_info,
+	  hash_signs          % supported combinations of hashes/signature algos
 	 }).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -129,7 +138,8 @@
   
 -record(server_key_exchange, {
 	  params, %% #server_rsa_params{} | #server_dh_params{}
-	  signed_params %% #signature{}
+	  signed_params, %% #signature{}
+	  hashsign %% term(atom(), atom())
 	 }).
 	
 %% enum { anonymous, rsa, dsa } SignatureAlgorithm;
@@ -159,6 +169,7 @@
 
 -record(certificate_request, {
 	  certificate_types,        %ClientCertificateType   <1..2^8-1>
+	  hashsign_algorithms,      %%SignatureAndHashAlgorithm <2^16-1>;
 	  certificate_authorities   %DistinguishedName       <0..2^16-1>
 	 }).
 
@@ -193,6 +204,7 @@
 %%% Certificate verify - RFC 4346 section 7.4.8
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 -record(certificate_verify, {
+	  hashsign_algorithm,
 	  signature % binary()
 	 }).
 
@@ -213,6 +225,15 @@
 	  renegotiated_connection
 	 }).
 
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%% Signature Algorithms  RFC 5746 section 7.4.1.4.1.
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+-define(SIGNATURE_ALGORITHMS_EXT, 13).
+
+-record(hash_sign_algos, {
+	  hash_sign_algos
+	 }).
+
 -endif. % -ifdef(ssl_handshake).