diff options
author | Ingela Anderton Andin <[email protected]> | 2018-03-20 11:44:51 +0100 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2018-07-10 16:13:17 +0200 |
commit | aebd79ed1fa791bd4b8fe0f1db60f3b8a9ae5b69 (patch) | |
tree | 7e39762d08bbf02015469a09e9b02a80209927da /lib/ssl/src | |
parent | 857156bcadae45fe112911bd7ca735ac6f3ca9d2 (diff) | |
download | otp-aebd79ed1fa791bd4b8fe0f1db60f3b8a9ae5b69.tar.gz otp-aebd79ed1fa791bd4b8fe0f1db60f3b8a9ae5b69.tar.bz2 otp-aebd79ed1fa791bd4b8fe0f1db60f3b8a9ae5b69.zip |
ssl: Correct ECC suite and DTLS ECC handling
When test handling was corrected it was obvious that DTLS ECC handling
was not compleated.
Conflicts:
lib/ssl/src/ssl.erl
lib/ssl/test/Makefile
lib/ssl/test/ssl_ECC.erl
lib/ssl/test/ssl_ECC_SUITE.erl
lib/ssl/test/ssl_ECC_openssl_SUITE.erl
Diffstat (limited to 'lib/ssl/src')
-rw-r--r-- | lib/ssl/src/dtls_handshake.erl | 6 | ||||
-rw-r--r-- | lib/ssl/src/ssl.erl | 18 |
2 files changed, 18 insertions, 6 deletions
diff --git a/lib/ssl/src/dtls_handshake.erl b/lib/ssl/src/dtls_handshake.erl index 6071eece13..1a415a5f76 100644 --- a/lib/ssl/src/dtls_handshake.erl +++ b/lib/ssl/src/dtls_handshake.erl @@ -174,7 +174,9 @@ handle_client_hello(Version, signature_algs = ClientHashSigns} = HelloExt}, #ssl_options{versions = Versions, - signature_algs = SupportedHashSigns} = SslOpts, + signature_algs = SupportedHashSigns, + eccs = SupportedECCs, + honor_ecc_order = ECCOrder} = SslOpts, {Port, Session0, Cache, CacheCb, ConnectionStates0, Cert, _}, Renegotiation) -> case dtls_record:is_acceptable_version(Version, Versions) of @@ -182,7 +184,7 @@ handle_client_hello(Version, TLSVersion = dtls_v1:corresponding_tls_version(Version), AvailableHashSigns = ssl_handshake:available_signature_algs( ClientHashSigns, SupportedHashSigns, Cert,TLSVersion), - ECCCurve = ssl_handshake:select_curve(Curves, ssl_handshake:supported_ecc(TLSVersion)), + ECCCurve = ssl_handshake:select_curve(Curves, SupportedECCs, ECCOrder), {Type, #session{cipher_suite = CipherSuite} = Session1} = ssl_handshake:select_session(SugesstedId, CipherSuites, AvailableHashSigns, Compressions, diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl index fb4448e180..f5d7c3dc00 100644 --- a/lib/ssl/src/ssl.erl +++ b/lib/ssl/src/ssl.erl @@ -476,8 +476,9 @@ eccs() -> eccs_filter_supported(Curves). %%-------------------------------------------------------------------- --spec eccs(tls_record:tls_version() | tls_record:tls_atom_version()) -> - tls_v1:curves(). +-spec eccs(tls_record:tls_version() | tls_record:tls_atom_version() | + dtls_record:dtls_version() | dtls_record:dtls_atom_version()) -> + tls_v1:curves(). %% Description: returns the curves supported for a given version of %% ssl/tls. %%-------------------------------------------------------------------- @@ -486,8 +487,17 @@ eccs({3,0}) -> eccs({3,_}) -> Curves = tls_v1:ecc_curves(all), eccs_filter_supported(Curves); -eccs(AtomVersion) when is_atom(AtomVersion) -> - eccs(tls_record:protocol_version(AtomVersion)). + +eccs({254,_} = Version) -> + eccs(dtls_v1:corresponding_tls_version(Version)); +eccs(Version) when Version == 'tlsv1.2'; + Version == 'tlsv1.1'; + Version == tlsv1; + Version == sslv3 -> + eccs(tls_record:protocol_version(Version)); +eccs(Version) when Version == 'dtlsv1.2'; + Version == 'dtlsv1'-> + eccs(dtls_v1:corresponding_tls_version(dtls_record:protocol_version(Version))). eccs_filter_supported(Curves) -> CryptoCurves = crypto:ec_curves(), |