aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--lib/ssl/src/ssl_cipher.erl10
-rw-r--r--lib/ssl/src/ssl_cipher.hrl2
-rw-r--r--lib/ssl/src/ssl_handshake.erl25
-rw-r--r--lib/ssl/src/tls_handshake.erl4
4 files changed, 22 insertions, 19 deletions
diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl
index d958b74e9f..3fe4df99c9 100644
--- a/lib/ssl/src/ssl_cipher.erl
+++ b/lib/ssl/src/ssl_cipher.erl
@@ -1192,15 +1192,15 @@ hash_size(md5) ->
hash_size(sha) ->
20;
%% Uncomment when adding cipher suite that needs it
-hash_size(sha224) ->
- 28;
+%hash_size(sha224) ->
+% 28;
hash_size(sha256) ->
32;
hash_size(sha384) ->
- 48;
+ 48.
%% Uncomment when adding cipher suite that needs it
-hash_size(sha512) ->
- 64.
+%hash_size(sha512) ->
+% 64.
%% RFC 5246: 6.2.3.2. CBC Block Cipher
%%
diff --git a/lib/ssl/src/ssl_cipher.hrl b/lib/ssl/src/ssl_cipher.hrl
index c7c71ee1a7..8417564d41 100644
--- a/lib/ssl/src/ssl_cipher.hrl
+++ b/lib/ssl/src/ssl_cipher.hrl
@@ -28,7 +28,7 @@
-type cipher() :: null |rc4_128 | idea_cbc | des40_cbc | des_cbc | '3des_ede_cbc'
| aes_128_cbc | aes_256_cbc.
--type hash() :: null | sha | md5 | ssh224 | sha256 | sha384 | sha512.
+-type hash() :: null | sha | md5 | sha224 | sha256 | sha384 | sha512.
-type erl_cipher_suite() :: {key_algo(), cipher(), hash()}.
-type int_cipher_suite() :: {key_algo(), cipher(), hash(), hash() | default_prf}.
-type cipher_suite() :: binary().
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index bef42d9071..189e5e7051 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -229,15 +229,15 @@ key_exchange(client, _Version, {psk_premaster_secret, PskIdentity, Secret, {_, P
EncPremasterSecret =
encrypted_premaster_secret(Secret, PublicKey),
#client_key_exchange{
- exchange_keys = #client_rsa_psk_identity{
- identity = PskIdentity,
- exchange_keys = EncPremasterSecret}};
+ exchange_keys = #client_rsa_psk_identity{
+ identity = PskIdentity,
+ exchange_keys = EncPremasterSecret}};
key_exchange(client, _Version, {srp, PublicKey}) ->
#client_key_exchange{
- exchange_keys = #client_srp_public{
- srp_a = PublicKey}
- };
+ exchange_keys = #client_srp_public{
+ srp_a = PublicKey}
+ };
key_exchange(server, Version, {dh, {PublicKey, _},
#'DHParameter'{prime = P, base = G},
@@ -441,7 +441,7 @@ prf({3,1}, Secret, Label, Seed, WantedLength) ->
prf({3,_N}, Secret, Label, Seed, WantedLength) ->
{ok, tls_v1:prf(?SHA256, Secret, Label, Seed, WantedLength)}.
%%--------------------------------------------------------------------
--spec select_hashsign(#hash_sign_algos{}| undefined, undefined | term()) ->
+-spec select_hashsign(#hash_sign_algos{}| undefined, undefined | binary()) ->
[{atom(), atom()}] | undefined.
%%
@@ -472,11 +472,14 @@ select_hashsign(#hash_sign_algos{hash_sign_algos = HashSigns}, Cert) ->
HashSign
end.
%%--------------------------------------------------------------------
--spec select_cert_hashsign(#hash_sign_algos{}| undefined, oid(), tls_version()) ->
- [{atom(), atom()}].
+-spec select_cert_hashsign(#hash_sign_algos{}| undefined, oid(), tls_version() | {undefined, undefined}) ->
+ {atom(), atom()}.
%%
-%% Description:
+%% Description: For TLS 1.2 selected cert_hash_sign will be recived
+%% in the handshake message, for previous versions use appropriate defaults.
+%% This function is also used by select_hashsign to extract
+%% the alogrithm of the server cert key.
%%--------------------------------------------------------------------
select_cert_hashsign(HashSign, _, {Major, Minor}) when HashSign =/= undefined andalso Major >= 3 andalso Minor >= 3 ->
HashSign;
@@ -765,7 +768,7 @@ decode_handshake(_, _, _) ->
throw(?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE)).
%%--------------------------------------------------------------------
--spec decode_hello_extensions(binary()) -> #hello_extensions{}.
+-spec decode_hello_extensions({client, binary()} | binary()) -> #hello_extensions{}.
%%
%% Description: Decodes TLS hello extensions
%%--------------------------------------------------------------------
diff --git a/lib/ssl/src/tls_handshake.erl b/lib/ssl/src/tls_handshake.erl
index fef1464c64..0f1d544821 100644
--- a/lib/ssl/src/tls_handshake.erl
+++ b/lib/ssl/src/tls_handshake.erl
@@ -91,7 +91,7 @@ server_hello(SessionId, Version, ConnectionStates, Extensions) ->
%%--------------------------------------------------------------------
-spec hello(#server_hello{} | #client_hello{}, #ssl_options{},
#connection_states{} | {inet:port_number(), #session{}, db_handle(),
- atom(), #connection_states{}, binary()},
+ atom(), #connection_states{}, binary() | undefined},
boolean()) ->
{tls_version(), session_id(), #connection_states{}, binary() | undefined}|
{tls_version(), {resumed | new, #session{}}, #connection_states{},
@@ -264,7 +264,7 @@ enc_handshake(#client_hello{client_version = {Major, Minor},
ExtensionsBin = ssl_handshake:encode_hello_extensions(HelloExtensions),
{?CLIENT_HELLO, <<?BYTE(Major), ?BYTE(Minor), Random:32/binary,
- ?BYTE(SIDLength), SessionID/binary,
+ ?BYTE(SIDLength), SessionID/binary,
?UINT16(CsLength), BinCipherSuites/binary,
?BYTE(CmLength), BinCompMethods/binary, ExtensionsBin/binary>>};