aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2018-02-23 11:30:02 +0100
committerIngela Anderton Andin <[email protected]>2018-03-05 10:30:46 +0100
commit174062a2d90e98fe15927b1483ee760e0ec02022 (patch)
treef93af5e89146130acd159f2a6d2ad88f3d97986b /lib/ssl
parent075baa1d95f225b60b9d9d53592cdfaecf81c24f (diff)
downloadotp-174062a2d90e98fe15927b1483ee760e0ec02022.tar.gz
otp-174062a2d90e98fe15927b1483ee760e0ec02022.tar.bz2
otp-174062a2d90e98fe15927b1483ee760e0ec02022.zip
ssl: Correct AEAD handling
Cipher suite handling improvments missed to make a few changes for AEAD to be handled correctly see ERL-568
Diffstat (limited to 'lib/ssl')
-rw-r--r--lib/ssl/src/ssl_cipher.erl11
1 files changed, 10 insertions, 1 deletions
diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl
index c6927bd276..62a172ca7c 100644
--- a/lib/ssl/src/ssl_cipher.erl
+++ b/lib/ssl/src/ssl_cipher.erl
@@ -95,7 +95,7 @@ security_parameters(Version, CipherSuite, SecParams) ->
expanded_key_material_length = expanded_key_material(Cipher),
key_material_length = key_material(Cipher),
iv_size = iv_size(Cipher),
- mac_algorithm = hash_algorithm(Hash),
+ mac_algorithm = mac_algorithm(Hash),
prf_algorithm = prf_algorithm(PrfHashAlg, Version),
hash_size = hash_size(Hash)}.
@@ -2334,6 +2334,11 @@ prf_algorithm(default_prf, {3, _}) ->
prf_algorithm(Algo, _) ->
hash_algorithm(Algo).
+mac_algorithm(aead) ->
+ aead;
+mac_algorithm(Algo) ->
+ hash_algorithm(Algo).
+
hash_algorithm(null) -> ?NULL;
hash_algorithm(md5) -> ?MD5;
hash_algorithm(sha) -> ?SHA; %% Only sha always refers to "SHA-1"
@@ -2364,6 +2369,10 @@ sign_algorithm(Other) when is_integer(Other) andalso ((Other >= 224) and (Other
hash_size(null) ->
0;
+%% The AEAD MAC hash size is not used in the context
+%% of calculating the master secret. See RFC 5246 Section 6.2.3.3.
+hash_size(aead) ->
+ 0;
hash_size(md5) ->
16;
hash_size(sha) ->