Merge branch 'ia/ssl/tls1.1and1.2' into maint

* ia/ssl/tls1.1and1.2: (46 commits) ssl: Clean up of code thanks to dialyzer ssl: Test suite adjustments ssl & public_key: Prepare for release ssl: Use crypto:strong_rand_bytes if possible ssl & public_key: Add use of more "sha-rsa oids" ssl: Fix inet header option to behave as in inet ssl: TLS 1.2: fix hash and signature handling ssl: TLS 1.2: fix Certificate Request list of Accepted Signatur/Hash combinations ssl: Add Signature Algorithms hello extension from TLS 1.2 ssl: Fix rizzo tests to run as intended ssl: TLS-1.1 and TLS-1.2 support should not be default until R16 ssl: Signture type bug ssl: Add crypto support check (TLS 1.2 require sha256 support) ssl: Dialyzer fixes ssl: IDEA cipher is deprecated by TLS 1.2 ssl: Run relevant tests for all SSL/TLS versions ssl: Add TLS version switches to openssl tests ssl: Enable TLS 1.2 ssl: Enable mac_hash for TLS 1.2 ssl: Implement TLS 1.2 signature support ...
author: Ingela Anderton Andin <[email protected]> 2012-08-23 15:27:27 +0200
committer: Ingela Anderton Andin <[email protected]> 2012-08-23 15:27:27 +0200
commit: 2272217e87122fbb44e1e74fe74283b82282a94f (patch)
tree: 15abcc4ece9bb5bd09154486e81ed0feb1a0b15d /lib/ssl/src/ssl_ssl3.erl
parent: 5b51ee7f109b4492870958d86338e216288a4a37 (diff)
parent: f5c54053e4d99c7c6eb1163047632d16c1fd5f19 (diff)
download: otp-2272217e87122fbb44e1e74fe74283b82282a94f.tar.gz
otp-2272217e87122fbb44e1e74fe74283b82282a94f.tar.bz2
otp-2272217e87122fbb44e1e74fe74283b82282a94f.zip
1 files changed, 18 insertions, 36 deletions
diff --git a/lib/ssl/src/ssl_ssl3.erl b/lib/ssl/src/ssl_ssl3.erl
index f2926b2d2f..a11c5b8c0c 100644
--- a/lib/ssl/src/ssl_ssl3.erl
+++ b/lib/ssl/src/ssl_ssl3.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2012. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -54,9 +54,9 @@ master_secret(PremasterSecret, ClientRandom, ServerRandom) ->
     Block = generate_keyblock(PremasterSecret, ClientRandom, ServerRandom, 48),
     Block.
 
--spec finished(client | server, binary(), {binary(), binary()}) -> binary().
+-spec finished(client | server, binary(), [binary()]) -> binary().
 
-finished(Role, MasterSecret, {MD5Hash, SHAHash}) ->
+finished(Role, MasterSecret, Handshake) ->
    %%  draft-ietf-tls-ssl-version3-00 - 5.6.9 Finished
    %%     struct {
    %%      opaque md5_hash[16];
@@ -70,13 +70,13 @@ finished(Role, MasterSecret, {MD5Hash, SHAHash}) ->
    %%                      SHA(handshake_messages + Sender +
    %%                          master_secret + pad1));
     Sender = get_sender(Role),
-    MD5 = handshake_hash(?MD5, MasterSecret, Sender, MD5Hash),
-    SHA = handshake_hash(?SHA, MasterSecret, Sender, SHAHash),
+    MD5 = handshake_hash(?MD5, MasterSecret, Sender, Handshake),
+    SHA = handshake_hash(?SHA, MasterSecret, Sender, Handshake),
     <<MD5/binary, SHA/binary>>.
 
--spec certificate_verify(OID::tuple(), binary(), {binary(), binary()}) -> binary().
+-spec certificate_verify(md5sha | sha, binary(), [binary()]) -> binary().
 
-certificate_verify(?'rsaEncryption', MasterSecret, {MD5Hash, SHAHash}) ->
+certificate_verify(md5sha, MasterSecret, Handshake) ->
      %% md5_hash
      %%           MD5(master_secret + pad_2 +
      %%               MD5(handshake_messages + master_secret + pad_1));
@@ -84,15 +84,16 @@ certificate_verify(?'rsaEncryption', MasterSecret, {MD5Hash, SHAHash}) ->
      %%           SHA(master_secret + pad_2 +
      %%               SHA(handshake_messages + master_secret + pad_1));
 
-    MD5 = handshake_hash(?MD5, MasterSecret, undefined, MD5Hash),
-    SHA = handshake_hash(?SHA, MasterSecret, undefined, SHAHash),
+    MD5 = handshake_hash(?MD5, MasterSecret, undefined, Handshake),
+    SHA = handshake_hash(?SHA, MasterSecret, undefined, Handshake),
     <<MD5/binary, SHA/binary>>;
 
-certificate_verify(?'id-dsa', MasterSecret, {_, SHAHash}) ->
+certificate_verify(sha, MasterSecret, Handshake) ->
      %% sha_hash
      %%           SHA(master_secret + pad_2 +
      %%               SHA(handshake_messages + master_secret + pad_1));
-    handshake_hash(?SHA, MasterSecret, undefined, SHAHash).
+
+    handshake_hash(?SHA, MasterSecret, undefined, Handshake).
 
 -spec mac_hash(integer(), binary(), integer(), integer(), integer(), binary()) -> binary(). 
 
@@ -152,28 +153,17 @@ suites() ->
 %%% Internal functions
 %%--------------------------------------------------------------------
 
-hash(?MD5, Data) -> 
+hash(?MD5, Data) ->
     crypto:md5(Data);
-hash(?SHA, Data) -> 
+hash(?SHA, Data) ->
     crypto:sha(Data).
 
-hash_update(?MD5, Context, Data) -> 
-    crypto:md5_update(Context, Data);
-hash_update(?SHA, Context, Data) -> 
-    crypto:sha_update(Context, Data).
-
-hash_final(?MD5, Context) -> 
-    crypto:md5_final(Context);
-hash_final(?SHA, Context) -> 
-    crypto:sha_final(Context).
-
 %%pad_1(?NULL) ->
 %%    "";
 pad_1(?MD5) ->
     <<"666666666666666666666666666666666666666666666666">>;
 pad_1(?SHA) ->
     <<"6666666666666666666666666666666666666666">>.
-
 %%pad_2(?NULL) ->
 %%    "";
 pad_2(?MD5) ->
@@ -189,19 +179,11 @@ mac_hash(Method, Secret, Data) ->
     InnerHash = hash(Method, [Secret, pad_1(Method), Data]),
     hash(Method, [Secret, pad_2(Method), InnerHash]).
 
-handshake_hash(Method, HandshakeHash, Extra) ->
-    HSH = hash_update(Method, HandshakeHash, Extra),
-    hash_final(Method, HSH).
-
-handshake_hash(Method, MasterSecret, undefined, HandshakeHash) ->
-    InnerHash = 
-	handshake_hash(Method, HandshakeHash, 
-		       [MasterSecret, pad_1(Method)]),
+handshake_hash(Method, MasterSecret, undefined, Handshake) ->
+    InnerHash = hash(Method, [Handshake, MasterSecret, pad_1(Method)]),
     hash(Method, [MasterSecret, pad_2(Method), InnerHash]);
-handshake_hash(Method, MasterSecret, Sender, HandshakeHash) ->
-    InnerHash = 
-	handshake_hash(Method, HandshakeHash, 
-		       [Sender, MasterSecret, pad_1(Method)]),
+handshake_hash(Method, MasterSecret, Sender, Handshake) ->
+    InnerHash = hash(Method, [Handshake, Sender, MasterSecret, pad_1(Method)]),
     hash(Method, [MasterSecret, pad_2(Method), InnerHash]).
 
 get_sender(client) -> "CLNT";
author	Ingela Anderton Andin <[email protected]>	2012-08-23 15:27:27 +0200
committer	Ingela Anderton Andin <[email protected]>	2012-08-23 15:27:27 +0200
commit	2272217e87122fbb44e1e74fe74283b82282a94f (patch)
tree	15abcc4ece9bb5bd09154486e81ed0feb1a0b15d /lib/ssl/src/ssl_ssl3.erl
parent	5b51ee7f109b4492870958d86338e216288a4a37 (diff)
parent	f5c54053e4d99c7c6eb1163047632d16c1fd5f19 (diff)
download	otp-2272217e87122fbb44e1e74fe74283b82282a94f.tar.gz otp-2272217e87122fbb44e1e74fe74283b82282a94f.tar.bz2 otp-2272217e87122fbb44e1e74fe74283b82282a94f.zip