diff options
-rw-r--r-- | lib/ssl/src/ssl_cipher.erl | 10 | ||||
-rw-r--r-- | lib/ssl/src/ssl_cipher.hrl | 2 | ||||
-rw-r--r-- | lib/ssl/src/ssl_handshake.erl | 25 | ||||
-rw-r--r-- | lib/ssl/src/tls_handshake.erl | 4 |
4 files changed, 22 insertions, 19 deletions
diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl index d958b74e9f..3fe4df99c9 100644 --- a/lib/ssl/src/ssl_cipher.erl +++ b/lib/ssl/src/ssl_cipher.erl @@ -1192,15 +1192,15 @@ hash_size(md5) -> hash_size(sha) -> 20; %% Uncomment when adding cipher suite that needs it -hash_size(sha224) -> - 28; +%hash_size(sha224) -> +% 28; hash_size(sha256) -> 32; hash_size(sha384) -> - 48; + 48. %% Uncomment when adding cipher suite that needs it -hash_size(sha512) -> - 64. +%hash_size(sha512) -> +% 64. %% RFC 5246: 6.2.3.2. CBC Block Cipher %% diff --git a/lib/ssl/src/ssl_cipher.hrl b/lib/ssl/src/ssl_cipher.hrl index c7c71ee1a7..8417564d41 100644 --- a/lib/ssl/src/ssl_cipher.hrl +++ b/lib/ssl/src/ssl_cipher.hrl @@ -28,7 +28,7 @@ -type cipher() :: null |rc4_128 | idea_cbc | des40_cbc | des_cbc | '3des_ede_cbc' | aes_128_cbc | aes_256_cbc. --type hash() :: null | sha | md5 | ssh224 | sha256 | sha384 | sha512. +-type hash() :: null | sha | md5 | sha224 | sha256 | sha384 | sha512. -type erl_cipher_suite() :: {key_algo(), cipher(), hash()}. -type int_cipher_suite() :: {key_algo(), cipher(), hash(), hash() | default_prf}. -type cipher_suite() :: binary(). diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl index bef42d9071..189e5e7051 100644 --- a/lib/ssl/src/ssl_handshake.erl +++ b/lib/ssl/src/ssl_handshake.erl @@ -229,15 +229,15 @@ key_exchange(client, _Version, {psk_premaster_secret, PskIdentity, Secret, {_, P EncPremasterSecret = encrypted_premaster_secret(Secret, PublicKey), #client_key_exchange{ - exchange_keys = #client_rsa_psk_identity{ - identity = PskIdentity, - exchange_keys = EncPremasterSecret}}; + exchange_keys = #client_rsa_psk_identity{ + identity = PskIdentity, + exchange_keys = EncPremasterSecret}}; key_exchange(client, _Version, {srp, PublicKey}) -> #client_key_exchange{ - exchange_keys = #client_srp_public{ - srp_a = PublicKey} - }; + exchange_keys = #client_srp_public{ + srp_a = PublicKey} + }; key_exchange(server, Version, {dh, {PublicKey, _}, #'DHParameter'{prime = P, base = G}, @@ -441,7 +441,7 @@ prf({3,1}, Secret, Label, Seed, WantedLength) -> prf({3,_N}, Secret, Label, Seed, WantedLength) -> {ok, tls_v1:prf(?SHA256, Secret, Label, Seed, WantedLength)}. %%-------------------------------------------------------------------- --spec select_hashsign(#hash_sign_algos{}| undefined, undefined | term()) -> +-spec select_hashsign(#hash_sign_algos{}| undefined, undefined | binary()) -> [{atom(), atom()}] | undefined. %% @@ -472,11 +472,14 @@ select_hashsign(#hash_sign_algos{hash_sign_algos = HashSigns}, Cert) -> HashSign end. %%-------------------------------------------------------------------- --spec select_cert_hashsign(#hash_sign_algos{}| undefined, oid(), tls_version()) -> - [{atom(), atom()}]. +-spec select_cert_hashsign(#hash_sign_algos{}| undefined, oid(), tls_version() | {undefined, undefined}) -> + {atom(), atom()}. %% -%% Description: +%% Description: For TLS 1.2 selected cert_hash_sign will be recived +%% in the handshake message, for previous versions use appropriate defaults. +%% This function is also used by select_hashsign to extract +%% the alogrithm of the server cert key. %%-------------------------------------------------------------------- select_cert_hashsign(HashSign, _, {Major, Minor}) when HashSign =/= undefined andalso Major >= 3 andalso Minor >= 3 -> HashSign; @@ -765,7 +768,7 @@ decode_handshake(_, _, _) -> throw(?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE)). %%-------------------------------------------------------------------- --spec decode_hello_extensions(binary()) -> #hello_extensions{}. +-spec decode_hello_extensions({client, binary()} | binary()) -> #hello_extensions{}. %% %% Description: Decodes TLS hello extensions %%-------------------------------------------------------------------- diff --git a/lib/ssl/src/tls_handshake.erl b/lib/ssl/src/tls_handshake.erl index fef1464c64..0f1d544821 100644 --- a/lib/ssl/src/tls_handshake.erl +++ b/lib/ssl/src/tls_handshake.erl @@ -91,7 +91,7 @@ server_hello(SessionId, Version, ConnectionStates, Extensions) -> %%-------------------------------------------------------------------- -spec hello(#server_hello{} | #client_hello{}, #ssl_options{}, #connection_states{} | {inet:port_number(), #session{}, db_handle(), - atom(), #connection_states{}, binary()}, + atom(), #connection_states{}, binary() | undefined}, boolean()) -> {tls_version(), session_id(), #connection_states{}, binary() | undefined}| {tls_version(), {resumed | new, #session{}}, #connection_states{}, @@ -264,7 +264,7 @@ enc_handshake(#client_hello{client_version = {Major, Minor}, ExtensionsBin = ssl_handshake:encode_hello_extensions(HelloExtensions), {?CLIENT_HELLO, <<?BYTE(Major), ?BYTE(Minor), Random:32/binary, - ?BYTE(SIDLength), SessionID/binary, + ?BYTE(SIDLength), SessionID/binary, ?UINT16(CsLength), BinCipherSuites/binary, ?BYTE(CmLength), BinCompMethods/binary, ExtensionsBin/binary>>}; |