diff options
Diffstat (limited to 'lib/ssl')
| -rw-r--r-- | lib/ssl/internal_doc/ssl-implementation.txt | 52 | ||||
| -rw-r--r-- | lib/ssl/src/dtls_connection.erl | 3 | ||||
| -rw-r--r-- | lib/ssl/src/ssl.erl | 11 | ||||
| -rw-r--r-- | lib/ssl/src/ssl_cipher.erl | 8 | ||||
| -rw-r--r-- | lib/ssl/src/ssl_connection.erl | 91 | ||||
| -rw-r--r-- | lib/ssl/src/ssl_handshake.erl | 79 | ||||
| -rw-r--r-- | lib/ssl/src/ssl_record.erl | 2 | ||||
| -rw-r--r-- | lib/ssl/src/tls_connection.erl | 13 | ||||
| -rw-r--r-- | lib/ssl/src/tls_record.erl | 33 | ||||
| -rw-r--r-- | lib/ssl/test/make_certs.erl | 5 | ||||
| -rw-r--r-- | lib/ssl/test/ssl_basic_SUITE.erl | 219 | ||||
| -rw-r--r-- | lib/ssl/test/ssl_crl_SUITE.erl | 30 | ||||
| -rw-r--r-- | lib/ssl/test/ssl_handshake_SUITE.erl | 14 | 
13 files changed, 375 insertions, 185 deletions
| diff --git a/lib/ssl/internal_doc/ssl-implementation.txt b/lib/ssl/internal_doc/ssl-implementation.txt deleted file mode 100644 index e5d6ac8cd0..0000000000 --- a/lib/ssl/internal_doc/ssl-implementation.txt +++ /dev/null @@ -1,52 +0,0 @@ - -Important modules: - -	  module		behaviour	children -	  ------		--------- -	  ssl_app		application	ssl_sup -	  ssl_sup		supervisor	ssl_server, ssl_broker_sup -	  ssl_server		gen_server	- -	  ssl_broker_sup	supervisor	ssl_broker -	  ssl_broker		gen_server	- - -The ssl_server controls a port program that implements the SSL functionality. -That port program uses the OpenSSL package. - -Each socket has a corresponding broker (listen, accept or connect). A broker -is created and supervised by the ssl_broker_sup.  - -All communication is between a user and a broker. The broker communicates -with the ssl_server, that sends its commands to the port program and handles -the port program responses, that are distributed to users through the -brokers.  - -There is a distinction between commands and data flow between the ssl_server -and the port program. Each established connection between the user and the -outside world consists of a local erlang socket (owned by the broker) that -is read from and written to by the broker. At the other end of the local -connection is a local socket in the port program. -  -The "real" socket that connects to the outside world is in the port program -(including listen sockets). The main purpose of the port program is to  -shuffle data between local sockets and outside world sockets, and detect and -propagate read and write errors (including detection of closed sockets) to -the ssl_server.  - -There is documentation in the ssl_broker.erl module.  - -There is also documentation in the esock.c and esock_openssl.c files.   - -The ssl_pem.erl, ssl_pkix.erl and ssl_base64.erl modules are support -modules for reading SSL certificates. Modules for parsing certificates -are generated from ASN.1 modules in the `pkix' directory.  - -The `examples' directory contains functions for generating certificates.  -Those certificates are used in the test suites.  - - - - - -  - -  diff --git a/lib/ssl/src/dtls_connection.erl b/lib/ssl/src/dtls_connection.erl index 57f8dd86d3..508983ddac 100644 --- a/lib/ssl/src/dtls_connection.erl +++ b/lib/ssl/src/dtls_connection.erl @@ -202,13 +202,14 @@ hello(Hello = #client_hello{client_version = ClientVersion,  		     session_cache = Cache,  		     session_cache_cb = CacheCb,  		     ssl_options = SslOpts}) -> -    HashSign = ssl_handshake:select_hashsign(HashSigns, Cert),      case dtls_handshake:hello(Hello, SslOpts, {Port, Session0, Cache, CacheCb,  					      ConnectionStates0, Cert}, Renegotiation) of          {Version, {Type, Session},  	 ConnectionStates,  	 #hello_extensions{ec_point_formats = EcPointFormats,  			   elliptic_curves = EllipticCurves} = ServerHelloExt} -> +            HashSign = ssl_handshake:select_hashsign(HashSigns, Cert,  +						     dtls_v1:corresponding_tls_version(Version)),              ssl_connection:hello({common_client_hello, Type, ServerHelloExt, HashSign},  				 State#state{connection_states  = ConnectionStates,  					     negotiated_version = Version, diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl index 743753bf7d..4dea977fe1 100644 --- a/lib/ssl/src/ssl.erl +++ b/lib/ssl/src/ssl.erl @@ -357,11 +357,7 @@ cipher_suites(openssl) ->      [ssl_cipher:openssl_suite_name(S) || S <- ssl_cipher:suites(Version)];  cipher_suites(all) ->      Version = tls_record:highest_protocol_version([]), -    Supported = ssl_cipher:suites(Version) -	++ ssl_cipher:anonymous_suites() -	++ ssl_cipher:psk_suites(Version) -	++ ssl_cipher:srp_suites(), -    [suite_definition(S) || S <- Supported]. +    [suite_definition(S) || S <- ssl_cipher:all_suites(Version)].  %%--------------------------------------------------------------------  -spec getopts(#sslsocket{}, [gen_tcp:option_name()]) -> @@ -641,7 +637,8 @@ handle_options(Opts0, _Role) ->  		    user_lookup_fun = handle_option(user_lookup_fun, Opts, undefined),  		    psk_identity = handle_option(psk_identity, Opts, undefined),  		    srp_identity = handle_option(srp_identity, Opts, undefined), -		    ciphers    = handle_cipher_option(proplists:get_value(ciphers, Opts, []), hd(Versions)), +		    ciphers    = handle_cipher_option(proplists:get_value(ciphers, Opts, []),  +						      RecordCb:highest_protocol_version(Versions)),  		    %% Server side option  		    reuse_session = handle_option(reuse_session, Opts, ReuseSessionFun),  		    reuse_sessions = handle_option(reuse_sessions, Opts, true), @@ -953,7 +950,7 @@ handle_cipher_option(Value, Version)  when is_list(Value) ->  	error:_->  	    throw({error, {options, {ciphers, Value}}})      end. -binary_cipher_suites(Version, []) -> %% Defaults to all supported suits +binary_cipher_suites(Version, []) -> % Defaults to all supported suites      ssl_cipher:suites(Version);  binary_cipher_suites(Version, [{_,_,_,_}| _] = Ciphers0) -> %% Backwards compatibility      Ciphers = [{KeyExchange, Cipher, Hash} || {KeyExchange, Cipher, Hash, _} <- Ciphers0], diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl index 78a328ace8..a3ec419c2a 100644 --- a/lib/ssl/src/ssl_cipher.erl +++ b/lib/ssl/src/ssl_cipher.erl @@ -34,7 +34,8 @@  -export([security_parameters/2, security_parameters/3, suite_definition/1,  	 decipher/5, cipher/5, -	 suite/1, suites/1, ec_keyed_suites/0, anonymous_suites/0, psk_suites/1, srp_suites/0, +	 suite/1, suites/1, all_suites/1,  +	 ec_keyed_suites/0, anonymous_suites/0, psk_suites/1, srp_suites/0,  	 openssl_suite/1, openssl_suite_name/1, filter/2, filter_suites/1,  	 hash_algorithm/1, sign_algorithm/1, is_acceptable_hash/2]). @@ -224,6 +225,11 @@ suites({3, 0}) ->  suites({3, N}) ->      tls_v1:suites(N). +all_suites(Version) -> +    suites(Version) +	++ ssl_cipher:anonymous_suites() +	++ ssl_cipher:psk_suites(Version) +	++ ssl_cipher:srp_suites().  %%--------------------------------------------------------------------  -spec anonymous_suites() -> [cipher_suite()].  %% diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl index c2810a199f..1eda926bcb 100644 --- a/lib/ssl/src/ssl_connection.erl +++ b/lib/ssl/src/ssl_connection.erl @@ -290,12 +290,11 @@ hello(#hello_request{}, #state{role = client} = State0, Connection) ->      {Record, State} = Connection:next_record(State0),      Connection:next_state(hello, hello, Record, State); -hello({common_client_hello, Type, ServerHelloExt, HashSign}, -      #state{session = #session{cipher_suite = CipherSuite}, -	     negotiated_version = Version} = State, Connection) -> -    {KeyAlg, _, _, _} = ssl_cipher:suite_definition(CipherSuite), -    NegotiatedHashSign = negotiated_hashsign(HashSign, KeyAlg, Version), +hello({common_client_hello, Type, ServerHelloExt, NegotiatedHashSign}, +      State, Connection) ->      do_server_hello(Type, ServerHelloExt, +		    %% Note NegotiatedHashSign is only negotiated for real if +		    %% if TLS version is at least TLS-1.2   		    State#state{hashsign_algorithm = NegotiatedHashSign}, Connection);  hello(timeout, State, _) -> @@ -432,7 +431,8 @@ certify(#server_key_exchange{exchange_keys = Keys},  		    calculate_secret(Params#server_key_params.params,  				     State#state{hashsign_algorithm = HashSign}, Connection);  		false -> -		    ?ALERT_REC(?FATAL, ?DECRYPT_ERROR) +		    Connection:handle_own_alert(?ALERT_REC(?FATAL, ?DECRYPT_ERROR), +						Version, certify, State)  	    end      end; @@ -441,8 +441,9 @@ certify(#server_key_exchange{} = Msg,      Connection:handle_unexpected_message(Msg, certify_server_keyexchange, State);  certify(#certificate_request{hashsign_algorithms = HashSigns}, -	#state{session = #session{own_certificate = Cert}} = State0, Connection) -> -    HashSign = ssl_handshake:select_hashsign(HashSigns, Cert), +	#state{session = #session{own_certificate = Cert}, +        negotiated_version = Version} = State0, Connection) -> +    HashSign = ssl_handshake:select_hashsign(HashSigns, Cert, Version),      {Record, State} = Connection:next_record(State0#state{client_certificate_requested = true}),      Connection:next_state(certify, certify, Record,  			  State#state{cert_hashsign_algorithm = HashSign}); @@ -559,7 +560,7 @@ cipher(#certificate_verify{signature = Signature, hashsign_algorithm = CertHashS  	      tls_handshake_history = Handshake  	     } = State0, Connection) -> -    HashSign = ssl_handshake:select_cert_hashsign(CertHashSign, Algo, Version), +    HashSign = ssl_handshake:select_hashsign_algs(CertHashSign, Algo, Version),      case ssl_handshake:certificate_verify(Signature, PublicKeyInfo,  					  Version, HashSign, MasterSecret, Handshake) of  	valid -> @@ -696,7 +697,11 @@ handle_sync_event({shutdown, How0}, _, StateName,  	Error ->  	    {stop, normal, Error, State}      end; -     + +handle_sync_event({recv, _N, _Timeout}, _RecvFrom, StateName,   +		  #state{socket_options = #socket_options{active = Active}} = State) when Active =/= false -> +    {reply, {error, einval}, StateName, State, get_timeout(State)}; +  handle_sync_event({recv, N, Timeout}, RecvFrom, connection = StateName,    		  #state{protocol_cb = Connection} = State0) ->      Timer = start_or_recv_cancel_timer(Timeout, RecvFrom), @@ -1559,60 +1564,6 @@ cipher_role(server, Data, Session,  #state{connection_states = ConnectionStates0  					session = Session}, cipher, Connection),      Connection:next_state_connection(cipher, ack_connection(State#state{session = Session})). -negotiated_hashsign(undefined, Algo, Version) -> -    default_hashsign(Version, Algo); -negotiated_hashsign(HashSign = {_, _}, _, _) -> -    HashSign. - -%% RFC 5246, Sect. 7.4.1.4.1.  Signature Algorithms -%% If the client does not send the signature_algorithms extension, the -%% server MUST do the following: -%% -%% -  If the negotiated key exchange algorithm is one of (RSA, DHE_RSA, -%%    DH_RSA, RSA_PSK, ECDH_RSA, ECDHE_RSA), behave as if client had -%%    sent the value {sha1,rsa}. -%% -%% -  If the negotiated key exchange algorithm is one of (DHE_DSS, -%%    DH_DSS), behave as if the client had sent the value {sha1,dsa}. -%% -%% -  If the negotiated key exchange algorithm is one of (ECDH_ECDSA, -%%    ECDHE_ECDSA), behave as if the client had sent value {sha1,ecdsa}. - -default_hashsign(_Version = {Major, Minor}, KeyExchange) -  when Major >= 3 andalso Minor >= 3 andalso -       (KeyExchange == rsa orelse -	KeyExchange == dhe_rsa orelse -	KeyExchange == dh_rsa orelse -	KeyExchange == ecdhe_rsa orelse -	KeyExchange == ecdh_rsa orelse -	KeyExchange == srp_rsa) -> -    {sha, rsa}; -default_hashsign(_Version, KeyExchange) -  when KeyExchange == rsa; -       KeyExchange == dhe_rsa; -       KeyExchange == dh_rsa; -       KeyExchange == ecdhe_rsa; -       KeyExchange == ecdh_rsa; -       KeyExchange == srp_rsa -> -    {md5sha, rsa}; -default_hashsign(_Version, KeyExchange) -  when KeyExchange == ecdhe_ecdsa; -       KeyExchange == ecdh_ecdsa -> -    {sha, ecdsa}; -default_hashsign(_Version, KeyExchange) -  when KeyExchange == dhe_dss; -       KeyExchange == dh_dss; -       KeyExchange == srp_dss -> -    {sha, dsa}; -default_hashsign(_Version, KeyExchange) -  when KeyExchange == dh_anon; -       KeyExchange == ecdh_anon; -       KeyExchange == psk; -       KeyExchange == dhe_psk; -       KeyExchange == rsa_psk; -       KeyExchange == srp_anon -> -    {null, anon}. -  select_curve(#state{client_ecc = {[Curve|_], _}}) ->      {namedCurve, Curve};  select_curve(_) -> @@ -1884,3 +1835,15 @@ new_ssl_options([undefined | Rest0], [Head1| Rest1], Acc) ->      new_ssl_options(Rest0, Rest1, [Head1 | Acc]);  new_ssl_options([Head0 | Rest0], [_| Rest1], Acc) ->      new_ssl_options(Rest0, Rest1, [Head0 | Acc]). + +negotiated_hashsign(undefined, Alg, Version) -> +    %% Not negotiated choose default  +    case is_anonymous(Alg) of +	true -> +	    {null, anon}; +	false -> +	    ssl_handshake:select_hashsign_algs(Alg, Version) +    end; +negotiated_hashsign(HashSign = {_, _}, _, _) -> +    HashSign. + diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl index 1108edcf48..fc67d2c28d 100644 --- a/lib/ssl/src/ssl_handshake.erl +++ b/lib/ssl/src/ssl_handshake.erl @@ -73,7 +73,8 @@  	]).  %% MISC --export([select_version/3, prf/5, select_hashsign/2, select_cert_hashsign/3, +-export([select_version/3, prf/5, select_hashsign/3,  +	 select_hashsign_algs/2, select_hashsign_algs/3,  	 premaster_secret/2, premaster_secret/3, premaster_secret/4]).  %%==================================================================== @@ -590,23 +591,25 @@ prf({3,1}, Secret, Label, Seed, WantedLength) ->      {ok, tls_v1:prf(?MD5SHA, Secret, Label, Seed, WantedLength)};  prf({3,_N}, Secret, Label, Seed, WantedLength) ->      {ok, tls_v1:prf(?SHA256, Secret, Label, Seed, WantedLength)}. + +  %%-------------------------------------------------------------------- --spec select_hashsign(#hash_sign_algos{}| undefined,  undefined | binary()) -> -			      [{atom(), atom()}] | undefined. +-spec select_hashsign(#hash_sign_algos{}| undefined,  undefined | binary(), ssl_record:ssl_version()) -> +			      {atom(), atom()} | undefined.  %%  %% Description:  %%-------------------------------------------------------------------- -select_hashsign(_, undefined) -> +select_hashsign(_, undefined, _Version) ->      {null, anon}; -select_hashsign(undefined,  Cert) -> +select_hashsign(undefined,  Cert, Version) ->      #'OTPCertificate'{tbsCertificate = TBSCert} = public_key:pkix_decode_cert(Cert, otp),      #'OTPSubjectPublicKeyInfo'{algorithm = {_,Algo, _}} = TBSCert#'OTPTBSCertificate'.subjectPublicKeyInfo, -    select_cert_hashsign(undefined, Algo, {undefined, undefined}); -select_hashsign(#hash_sign_algos{hash_sign_algos = HashSigns}, Cert) -> +    select_hashsign_algs(undefined, Algo, Version); +select_hashsign(#hash_sign_algos{hash_sign_algos = HashSigns}, Cert, Version) ->      #'OTPCertificate'{tbsCertificate = TBSCert} =public_key:pkix_decode_cert(Cert, otp),      #'OTPSubjectPublicKeyInfo'{algorithm = {_,Algo, _}} = TBSCert#'OTPTBSCertificate'.subjectPublicKeyInfo, -    DefaultHashSign = {_, Sign} = select_cert_hashsign(undefined, Algo, {undefined, undefined}), +    DefaultHashSign = {_, Sign} = select_hashsign_algs(undefined, Algo, Version),      case lists:filter(fun({sha, dsa}) ->  			      true;  			 ({_, dsa}) -> @@ -622,26 +625,59 @@ select_hashsign(#hash_sign_algos{hash_sign_algos = HashSigns}, Cert) ->  	[HashSign| _] ->  	    HashSign      end. +  %%-------------------------------------------------------------------- --spec select_cert_hashsign(#hash_sign_algos{}| undefined, oid(), ssl_record:ssl_version() | {undefined, undefined}) -> +-spec select_hashsign_algs(#hash_sign_algos{}| undefined, oid(), ssl_record:ssl_version()) ->  				  {atom(), atom()}. +%% Description: For TLS 1.2 hash function and signature algorithm pairs can be +%% negotiated with the signature_algorithms extension, +%% for previous versions always use appropriate defaults. +%% RFC 5246, Sect. 7.4.1.4.1.  Signature Algorithms +%% If the client does not send the signature_algorithms extension, the +%% server MUST do the following: (e.i defaults for TLS 1.2) +%% +%% -  If the negotiated key exchange algorithm is one of (RSA, DHE_RSA, +%%    DH_RSA, RSA_PSK, ECDH_RSA, ECDHE_RSA), behave as if client had +%%    sent the value {sha1,rsa}. +%% +%% -  If the negotiated key exchange algorithm is one of (DHE_DSS, +%%    DH_DSS), behave as if the client had sent the value {sha1,dsa}.  %% -%% Description: For TLS 1.2 selected cert_hash_sign will be recived -%% in the handshake message, for previous versions use appropriate defaults. -%% This function is also used by select_hashsign to extract -%% the alogrithm of the server cert key. +%% -  If the negotiated key exchange algorithm is one of (ECDH_ECDSA, +%%    ECDHE_ECDSA), behave as if the client had sent value {sha1,ecdsa}. +  %%-------------------------------------------------------------------- -select_cert_hashsign(HashSign, _, {Major, Minor}) when HashSign =/= undefined andalso +select_hashsign_algs(HashSign, _, {Major, Minor}) when HashSign =/= undefined andalso  						       Major >= 3 andalso Minor >= 3 ->      HashSign; -select_cert_hashsign(undefined,?'id-ecPublicKey', _) -> +select_hashsign_algs(undefined, ?rsaEncryption, {Major, Minor}) when Major >= 3 andalso Minor >= 3 -> +    {sha, rsa}; +select_hashsign_algs(undefined,?'id-ecPublicKey', _) ->      {sha, ecdsa}; -select_cert_hashsign(undefined, ?rsaEncryption, _) -> +select_hashsign_algs(undefined, ?rsaEncryption, _) ->       {md5sha, rsa}; -select_cert_hashsign(undefined, ?'id-dsa', _) -> +select_hashsign_algs(undefined, ?'id-dsa', _) ->      {sha, dsa}. +-spec select_hashsign_algs(atom(),  ssl_record:ssl_version()) -> {atom(), atom()}. +%% Wrap function to keep the knowledge of the default values in +%% one place only  +select_hashsign_algs(Alg, Version) when (Alg == rsa orelse +				    Alg == dhe_rsa orelse +				    Alg == dh_rsa orelse +				    Alg == ecdhe_rsa orelse +				    Alg == ecdh_rsa orelse +				    Alg == srp_rsa) ->     +    select_hashsign_algs(undefined, ?rsaEncryption, Version); +select_hashsign_algs(Alg, Version) when (Alg == dhe_dss orelse +				    Alg == dh_dss orelse +				    Alg == srp_dss) -> +    select_hashsign_algs(undefined, ?'id-dsa', Version); +select_hashsign_algs(Alg, Version) when (Alg == ecdhe_ecdsa orelse +					 Alg == ecdh_ecdsa) -> +    select_hashsign_algs(undefined, ?'id-ecPublicKey', Version). +  %%--------------------------------------------------------------------  -spec master_secret(atom(), ssl_record:ssl_version(), #session{} | binary(), #connection_states{},  		   client | server) -> {binary(), #connection_states{}} | #alert{}. @@ -1017,12 +1053,9 @@ decode_suites('3_bytes', Dec) ->  %%-------------Cipeher suite handling --------------------------------  available_suites(UserSuites, Version) -> -    case UserSuites of -	[] -> -	    ssl_cipher:suites(Version); -	_ -> -	    UserSuites -    end. +    lists:filtermap(fun(Suite) -> +			    lists:member(Suite, ssl_cipher:all_suites(Version)) +		    end, UserSuites).  available_suites(ServerCert, UserSuites, Version, Curve) ->      ssl_cipher:filter(ServerCert, available_suites(UserSuites, Version)) diff --git a/lib/ssl/src/ssl_record.erl b/lib/ssl/src/ssl_record.erl index b0e9943e6d..7337225bc4 100644 --- a/lib/ssl/src/ssl_record.erl +++ b/lib/ssl/src/ssl_record.erl @@ -377,7 +377,7 @@ cipher(Version, Fragment,  	ssl_cipher:cipher(BulkCipherAlgo, CipherS0, MacHash, Fragment, Version),      {CipherFragment,  WriteState0#connection_state{cipher_state = CipherS1}}.  %%-------------------------------------------------------------------- --spec decipher(ssl_version(), binary(), #connection_state{}) -> {binary(), binary(), #connection_state{}}. +-spec decipher(ssl_version(), binary(), #connection_state{}) -> {binary(), binary(), #connection_state{}} | #alert{}.  %%  %% Description: Payload decryption  %%-------------------------------------------------------------------- diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl index ffa04ee8ba..930706cde6 100644 --- a/lib/ssl/src/tls_connection.erl +++ b/lib/ssl/src/tls_connection.erl @@ -1,7 +1,7 @@  %%  %% %CopyrightBegin%  %% -%% Copyright Ericsson AB 2007-2013. All Rights Reserved. +%% Copyright Ericsson AB 2007-2014. All Rights Reserved.  %%  %% The contents of this file are subject to the Erlang Public License,  %% Version 1.1, (the "License"); you may not use this file except in @@ -208,11 +208,11 @@ hello(Hello = #client_hello{client_version = ClientVersion,  		     session_cache = Cache,  		     session_cache_cb = CacheCb,  		     ssl_options = SslOpts}) -> -    HashSign = ssl_handshake:select_hashsign(HashSigns, Cert),      case tls_handshake:hello(Hello, SslOpts, {Port, Session0, Cache, CacheCb,  					      ConnectionStates0, Cert}, Renegotiation) of          {Version, {Type, Session},  	 ConnectionStates, ServerHelloExt} -> +            HashSign = ssl_handshake:select_hashsign(HashSigns, Cert, Version),              ssl_connection:hello({common_client_hello, Type, ServerHelloExt, HashSign},  				 State#state{connection_states  = ConnectionStates,  					     negotiated_version = Version, @@ -751,7 +751,11 @@ handle_tls_handshake(Handle, StateName,  	    handle_tls_handshake(Handle, NextStateName, State);  	{stop, _,_} = Stop ->  	    Stop -    end. +    end; + +handle_tls_handshake(_Handle, _StateName, #state{}) -> +    throw(?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE)). +  write_application_data(Data0, From,   		       #state{socket = Socket,  			      negotiated_version = Version, @@ -859,7 +863,8 @@ handle_alert(#alert{level = ?WARNING, description = ?NO_RENEGOTIATION} = Alert,      {Record, State} = next_record(State0),      next_state(StateName, connection, Record, State); -handle_alert(#alert{level = ?WARNING, description = ?USER_CANCELED} = Alert, StateName,  +%% Gracefully log and ignore all other warning alerts +handle_alert(#alert{level = ?WARNING} = Alert, StateName,  	     #state{ssl_options = SslOpts} = State0) ->      log_alert(SslOpts#ssl_options.log_alert, StateName, Alert),      {Record, State} = next_record(State0), diff --git a/lib/ssl/src/tls_record.erl b/lib/ssl/src/tls_record.erl index 4da08e9c51..f50ea22f39 100644 --- a/lib/ssl/src/tls_record.erl +++ b/lib/ssl/src/tls_record.erl @@ -154,21 +154,24 @@ decode_cipher_text(#ssl_tls{type = Type, version = Version,  		      sequence_number = Seq,  		      security_parameters = SecParams} = ReadState0,      CompressAlg = SecParams#security_parameters.compression_algorithm, -    {PlainFragment, Mac, ReadState1} = ssl_record:decipher(Version, CipherFragment, ReadState0), -    MacHash = calc_mac_hash(Type, Version, PlainFragment, ReadState1), -    case ssl_record:is_correct_mac(Mac, MacHash) of -	true -> -	    {Plain, CompressionS1} = ssl_record:uncompress(CompressAlg, -							   PlainFragment, CompressionS0), -	    ConnnectionStates = ConnnectionStates0#connection_states{ -				  current_read = ReadState1#connection_state{ -						   sequence_number = Seq + 1, -						   compression_state = CompressionS1}}, -	    {CipherText#ssl_tls{fragment = Plain}, ConnnectionStates}; -	false -> -	    ?ALERT_REC(?FATAL, ?BAD_RECORD_MAC) -    end. - +    case ssl_record:decipher(Version, CipherFragment, ReadState0) of +	{PlainFragment, Mac, ReadState1} -> +	    MacHash = calc_mac_hash(Type, Version, PlainFragment, ReadState1), +	    case ssl_record:is_correct_mac(Mac, MacHash) of +		true -> +		    {Plain, CompressionS1} = ssl_record:uncompress(CompressAlg, +								   PlainFragment, CompressionS0), +		    ConnnectionStates = ConnnectionStates0#connection_states{ +					  current_read = ReadState1#connection_state{ +							   sequence_number = Seq + 1, +							   compression_state = CompressionS1}}, +		    {CipherText#ssl_tls{fragment = Plain}, ConnnectionStates}; +		false -> +			?ALERT_REC(?FATAL, ?BAD_RECORD_MAC) +	    end; +	    #alert{} = Alert -> +	    Alert +    end.   %%--------------------------------------------------------------------  -spec protocol_version(tls_atom_version() | tls_version()) ->   			      tls_version() | tls_atom_version().		       diff --git a/lib/ssl/test/make_certs.erl b/lib/ssl/test/make_certs.erl index 0947657ca7..15a7e118ff 100644 --- a/lib/ssl/test/make_certs.erl +++ b/lib/ssl/test/make_certs.erl @@ -32,6 +32,7 @@  	     v2_crls = true,  	     ecc_certs = false,  	     issuing_distribution_point = false, +	     crl_port = 8000,  	     openssl_cmd = "openssl"}). @@ -57,6 +58,8 @@ make_config([{default_bits, Bits}|T], C) when is_integer(Bits) ->      make_config(T, C#config{default_bits = Bits});  make_config([{v2_crls, Bool}|T], C) when is_boolean(Bool) ->      make_config(T, C#config{v2_crls = Bool}); +make_config([{crl_port, Port}|T], C) when is_integer(Port) -> +    make_config(T, C#config{crl_port = Port});  make_config([{ecc_certs, Bool}|T], C) when is_boolean(Bool) ->      make_config(T, C#config{ecc_certs = Bool});  make_config([{issuing_distribution_point, Bool}|T], C) when is_boolean(Bool) -> @@ -423,7 +426,7 @@ ca_cnf(C) ->       "[crl_section]\n"       %% intentionally invalid       "URI.1=http://localhost/",C#config.commonName,"/crl.pem\n" -     "URI.2=http://localhost:8000/",C#config.commonName,"/crl.pem\n" +     "URI.2=http://localhost:",integer_to_list(C#config.crl_port),"/",C#config.commonName,"/crl.pem\n"       "\n"       "[user_cert_digital_signature_only]\n" diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl index 8e3d2e4b80..9cae0e9468 100644 --- a/lib/ssl/test/ssl_basic_SUITE.erl +++ b/lib/ssl/test/ssl_basic_SUITE.erl @@ -115,7 +115,10 @@ options_tests() ->       reuseaddr,       tcp_reuseaddr,       honor_server_cipher_order, -     honor_client_cipher_order +     honor_client_cipher_order, +     ciphersuite_vs_version, +     unordered_protocol_versions_server, +     unordered_protocol_versions_client  ].  api_tests() -> @@ -187,7 +190,10 @@ error_handling_tests()->       tcp_error_propagation_in_active_mode,       tcp_connect,       tcp_connect_big, -     close_transport_accept +     close_transport_accept, +     recv_active, +     recv_active_once, +     dont_crash_on_handshake_garbage      ].  rizzo_tests() -> @@ -240,6 +246,14 @@ end_per_group(_GroupName, Config) ->      Config.  %%-------------------------------------------------------------------- +init_per_testcase(Case, Config) when Case ==  unordered_protocol_versions_client; +				     Case == unordered_protocol_versions_server-> +    case proplists:get_value(supported, ssl:versions()) of +	['tlsv1.2' | _] -> +	    Config; +	_ -> +	    {skip, "TLS 1.2 need but not supported on this platform"} +    end;  init_per_testcase(no_authority_key_identifier, Config) ->      %% Clear cach so that root cert will not      %% be found. @@ -396,6 +410,7 @@ protocol_versions() ->  protocol_versions(Config) when is_list(Config) ->       basic_test(Config). +  %%--------------------------------------------------------------------  empty_protocol_versions() ->      [{doc,"Test to set an empty list of protocol versions in app environment."}]. @@ -1154,6 +1169,57 @@ close_transport_accept(Config) when is_list(Config) ->  	Other ->  	    exit({?LINE, Other})      end. +%%-------------------------------------------------------------------- +recv_active() -> +    [{doc,"Test recv on active socket"}]. + +recv_active(Config) when is_list(Config) -> +    ClientOpts = ?config(client_opts, Config), +    ServerOpts = ?config(server_opts, Config), +    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), +    Server =  +	ssl_test_lib:start_server([{node, ServerNode}, {port, 0},  +				   {from, self()},  +				   {mfa, {?MODULE, try_recv_active, []}}, +				   {options,  [{active, true} | ServerOpts]}]), +    Port = ssl_test_lib:inet_port(Server), +    Client =  +	ssl_test_lib:start_client([{node, ClientNode}, {port, Port},  +				   {host, Hostname}, +				   {from, self()},  +				   {mfa, {?MODULE, try_recv_active, []}}, +				   {options, [{active, true} | ClientOpts]}]), +         +    ssl_test_lib:check_result(Server, ok, Client, ok), +     +    ssl_test_lib:close(Server), +    ssl_test_lib:close(Client). + +%%-------------------------------------------------------------------- +recv_active_once() -> +    [{doc,"Test recv on active socket"}]. + +recv_active_once(Config) when is_list(Config) -> +    ClientOpts = ?config(client_opts, Config), +    ServerOpts = ?config(server_opts, Config), +    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), +    Server =  +	ssl_test_lib:start_server([{node, ServerNode}, {port, 0},  +				   {from, self()},  +				   {mfa, {?MODULE, try_recv_active_once, []}}, +				   {options,  [{active, once} | ServerOpts]}]), +    Port = ssl_test_lib:inet_port(Server), +    Client =  +	ssl_test_lib:start_client([{node, ClientNode}, {port, Port},  +				   {host, Hostname}, +				   {from, self()},  +				   {mfa, {?MODULE, try_recv_active_once, []}}, +				   {options, [{active, once} | ClientOpts]}]), +         +    ssl_test_lib:check_result(Server, ok, Client, ok), +     +    ssl_test_lib:close(Server), +    ssl_test_lib:close(Client).  %%--------------------------------------------------------------------  dh_params() -> @@ -2559,6 +2625,81 @@ honor_cipher_order(Config, Honor, ServerCiphers, ClientCiphers, Expected) ->      ssl_test_lib:close(Client).  %%-------------------------------------------------------------------- +ciphersuite_vs_version(Config) when is_list(Config) -> +     +    {_ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), +    ServerOpts = ?config(server_opts, Config), +     +    Server = ssl_test_lib:start_server_error([{node, ServerNode}, {port, 0}, +					      {from, self()}, +					      {options, ServerOpts}]), +    Port = ssl_test_lib:inet_port(Server), +     +    {ok, Socket} = gen_tcp:connect(Hostname, Port, [binary, {active, false}]), +    ok = gen_tcp:send(Socket,  +		      <<22, 3,0, 49:16, % handshake, SSL 3.0, length +			1, 45:24, % client_hello, length +			3,0, % SSL 3.0 +			16#deadbeef:256, % 32 'random' bytes = 256 bits +			0, % no session ID +			%% three cipher suites -- null, one with sha256 hash and one with sha hash +			6:16, 0,255, 0,61, 0,57,  +			1, 0 % no compression +		      >>), +    {ok, <<22, RecMajor:8, RecMinor:8, _RecLen:16, 2, HelloLen:24>>} = gen_tcp:recv(Socket, 9, 10000), +    {ok, <<HelloBin:HelloLen/binary>>} = gen_tcp:recv(Socket, HelloLen, 5000), +    ServerHello = tls_handshake:decode_handshake({RecMajor, RecMinor}, 2, HelloBin), +    case ServerHello of +	#server_hello{server_version = {3,0}, cipher_suite = <<0,57>>} ->  +	    ok; +	_ -> +	    ct:fail({unexpected_server_hello, ServerHello}) +    end. +										 +%%-------------------------------------------------------------------- + +dont_crash_on_handshake_garbage() -> +    [{doc, "Ensure SSL server worker thows an alert on garbage during handshake " +      "instead of crashing and exposing state to user code"}]. + +dont_crash_on_handshake_garbage(Config) -> +    ServerOpts = ?config(server_opts, Config), + +    {_ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), + +    Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, +					{from, self()}, +					{mfa, {ssl_test_lib, send_recv_result_active, []}}, +					{options, ServerOpts}]), +    unlink(Server), monitor(process, Server), +    Port = ssl_test_lib:inet_port(Server), + +    {ok, Socket} = gen_tcp:connect(Hostname, Port, [binary, {active, false}]), + +    % Send hello and garbage record +    ok = gen_tcp:send(Socket, +                      [<<22, 3,3, 49:16, 1, 45:24, 3,3, % client_hello +                         16#deadbeef:256, % 32 'random' bytes = 256 bits +                         0, 6:16, 0,255, 0,61, 0,57, 1, 0 >>, % some hello values + +                       <<22, 3,3, 5:16, 92,64,37,228,209>> % garbage +                      ]), +    % Send unexpected change_cipher_spec +    ok = gen_tcp:send(Socket, <<20, 0,0,12, 111,40,244,7,137,224,16,109,197,110,249,152>>), + +    % Ensure we receive an alert, not sudden disconnect +    {ok, <<21, _/binary>>} = drop_handshakes(Socket, 1000). + +drop_handshakes(Socket, Timeout) -> +    {ok, <<RecType:8, _RecMajor:8, _RecMinor:8, RecLen:16>> = Header} = gen_tcp:recv(Socket, 5, Timeout), +    {ok, <<Frag:RecLen/binary>>} = gen_tcp:recv(Socket, RecLen, Timeout), +    case RecType of +        22 -> drop_handshakes(Socket, Timeout); +        _ -> {ok, <<Header/binary, Frag/binary>>} +    end. + + +%%--------------------------------------------------------------------  hibernate() ->      [{doc,"Check that an SSL connection that is started with option " @@ -2957,6 +3098,57 @@ versions_option(Config) when is_list(Config) ->  %%-------------------------------------------------------------------- +unordered_protocol_versions_server() -> +    [{doc,"Test that the highest protocol is selected even"  +      " when it is not first in the versions list."}]. + +unordered_protocol_versions_server(Config) when is_list(Config) ->  +    ClientOpts = ?config(client_opts, Config), +    ServerOpts = ?config(server_opts, Config),   + +    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), +    Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},  +					{from, self()},  +					{mfa, {?MODULE, connection_info_result, []}}, +					{options, [{versions, ['tlsv1.1', 'tlsv1.2']} | ServerOpts]}]), +    Port = ssl_test_lib:inet_port(Server), +     +    Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},  +					{host, Hostname}, +					{from, self()},  +					{mfa, {?MODULE, connection_info_result, []}}, +					{options, ClientOpts}]), +    CipherSuite = first_rsa_suite(ssl:cipher_suites()), +    ServerMsg = ClientMsg = {ok, {'tlsv1.2', CipherSuite}},     +    ssl_test_lib:check_result(Server, ServerMsg, Client, ClientMsg). + +%%-------------------------------------------------------------------- +unordered_protocol_versions_client() -> +    [{doc,"Test that the highest protocol is selected even"  +      " when it is not first in the versions list."}]. + +unordered_protocol_versions_client(Config) when is_list(Config) ->  +    ClientOpts = ?config(client_opts, Config), +    ServerOpts = ?config(server_opts, Config),   + +    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), +    Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},  +					{from, self()},  +					{mfa, {?MODULE, connection_info_result, []}}, +					{options, ServerOpts }]), +    Port = ssl_test_lib:inet_port(Server), +     +    Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},  +					{host, Hostname}, +					{from, self()},  +					{mfa, {?MODULE, connection_info_result, []}}, +					{options,  [{versions, ['tlsv1.1', 'tlsv1.2']} | ClientOpts]}]), +  +    CipherSuite = first_rsa_suite(ssl:cipher_suites()), +    ServerMsg = ClientMsg = {ok, {'tlsv1.2', CipherSuite}},     +    ssl_test_lib:check_result(Server, ServerMsg, Client, ClientMsg). +   +%%--------------------------------------------------------------------  server_name_indication_option() ->      [{doc,"Test API server_name_indication option to connect."}]. @@ -3505,6 +3697,10 @@ cipher(CipherSuite, Version, Config, ClientOpts, ServerOpts) ->  connection_info_result(Socket) ->      ssl:connection_info(Socket). +version_info_result(Socket) -> +    {ok, {Version, _}} = ssl:connection_info(Socket), +    {ok, Version}. +  connect_dist_s(S) ->      Msg = term_to_binary({erlang,term}),      ok = ssl:send(S, Msg). @@ -3582,3 +3778,22 @@ version_option_test(Config, Version) ->      ssl_test_lib:close(Server),      ssl_test_lib:close(Client). + +try_recv_active(Socket) -> +    ssl:send(Socket, "Hello world"), +    {error, einval} = ssl:recv(Socket, 11), +    ok. +try_recv_active_once(Socket) -> +    {error, einval} = ssl:recv(Socket, 11), +    ok. + +first_rsa_suite([{ecdhe_rsa, _, _} = Suite | _]) -> +    Suite; +first_rsa_suite([{dhe_rsa, _, _} = Suite| _]) -> +    Suite; +first_rsa_suite([{rsa, _, _} = Suite| _]) -> +    Suite; +first_rsa_suite([_ | Rest]) -> +    first_rsa_suite(Rest). +     + diff --git a/lib/ssl/test/ssl_crl_SUITE.erl b/lib/ssl/test/ssl_crl_SUITE.erl index 4eacf3adfc..bad0949ec4 100644 --- a/lib/ssl/test/ssl_crl_SUITE.erl +++ b/lib/ssl/test/ssl_crl_SUITE.erl @@ -48,8 +48,8 @@ all() ->      ].  groups() -> -    [{basic, [], basic_tests()}, -     {v1_crl, [], v1_crl_tests()}, +    [{basic,   [], basic_tests()}, +     {v1_crl,  [], v1_crl_tests()},       {idp_crl, [], idp_crl_tests()}].  basic_tests() -> @@ -72,8 +72,8 @@ init_per_suite(Config0) ->  	_ ->  	    TLSVersion = ?config(tls_version, Config0),  	    OpenSSL_version = (catch os:cmd("openssl version")), -	    ct:log("TLS version: ~p~nOpenSSL version: ~p~n~n~p:module_info(): ~p~n~nssh:module_info(): ~p~n", -		   [TLSVersion, OpenSSL_version, ?MODULE, ?MODULE:module_info(), ssh:module_info()]), +	    ct:log("TLS version: ~p~nOpenSSL version: ~p~n~n~p:module_info(): ~p~n~nssl:module_info(): ~p~n", +		   [TLSVersion, OpenSSL_version, ?MODULE, ?MODULE:module_info(), ssl:module_info()]),  	    case ssl_test_lib:enough_openssl_crl_support(OpenSSL_version) of  		false ->  		    {skip, io_lib:format("Bad openssl version: ~p",[OpenSSL_version])}; @@ -82,7 +82,13 @@ init_per_suite(Config0) ->  		    try crypto:start() of  			ok ->  			    ssl:start(), -			    [{watchdog, Dog}, {openssl_version,OpenSSL_version} | Config0] +			    {ok, Hostname0} = inet:gethostname(), +			    IPfamily = +				case lists:member(list_to_atom(Hostname0), ct:get_config(ipv6_hosts,[])) of +				    true -> inet6; +				    false -> inet +				end, +			    [{ipfamily,IPfamily}, {watchdog, Dog}, {openssl_version,OpenSSL_version} | Config0]  		    catch _C:_E ->  			    ct:log("crypto:start() caught ~p:~p",[_C,_E]),  			    {skip, "Crypto did not start"} @@ -98,21 +104,23 @@ end_per_suite(_Config) ->  %%% Group init/end  init_per_group(Group, Config) -> -    ct:log("~p:~p~nlisteners to port 8000:~n~p~n)",[?MODULE,?LINE,os:cmd("netstat -tln|grep ':8000'")]),      ssl:start(),      inets:start(),      CertDir = filename:join(?config(priv_dir, Config), Group),      DataDir = ?config(data_dir, Config),      ServerRoot = make_dir_path([?config(priv_dir,Config), Group, tmp]), -    Result =  make_certs:all(DataDir, CertDir, cert_opts(Group)), -    ct:log("~p:~p~nmake_certs:all(~n DataDir=~p,~n CertDir=~p,~n ServerRoot=~p~n Opts=~p~n) returned ~p~n", [?MODULE,?LINE,DataDir, CertDir, ServerRoot, cert_opts(Group), Result]),      %% start a HTTP server to serve the CRLs -    {ok, Httpd} = inets:start(httpd, [{server_name, "localhost"}, {port, 8000}, +    {ok, Httpd} = inets:start(httpd, [{ipfamily, ?config(ipfamily,Config)}, +				      {server_name, "localhost"}, {port, 0},  				      {server_root, ServerRoot},  				      {document_root, CertDir},  				      {modules, [mod_get]}  				     ]), -    ct:log("~p:~p~nlisteners to port 8000:~n~p~n)",[?MODULE,?LINE,os:cmd("netstat -tln|grep ':8000'")]), +    [{port,Port}] = httpd:info(Httpd, [port]), +    ct:log("~p:~p~nHTTPD IP family=~p, port=~p~n", [?MODULE, ?LINE, ?config(ipfamily,Config), Port]), +    CertOpts =  [{crl_port,Port}|cert_opts(Group)], +    Result =  make_certs:all(DataDir, CertDir, CertOpts), +    ct:log("~p:~p~nmake_certs:all(~n DataDir=~p,~n CertDir=~p,~n ServerRoot=~p~n Opts=~p~n) returned ~p~n", [?MODULE,?LINE,DataDir, CertDir, ServerRoot, CertOpts, Result]),      [{make_cert_result, Result}, {cert_dir, CertDir}, {httpd, Httpd} | Config].  cert_opts(v1_crl)  -> [{v2_crls, false}]; @@ -134,7 +142,6 @@ end_per_group(_GroupName, Config) ->  		,ct:log("Stopped",[])      end,      inets:stop(), -    ct:log("~p:~p~nlisteners to port 8000:~n~p~n)",[?MODULE,?LINE,os:cmd("netstat -tln|grep ':8000'")]),      Config.  %%%================================================================ @@ -481,7 +488,6 @@ fetch([]) ->      not_available;  fetch([{uniformResourceIdentifier, "http"++_=URL}|Rest]) ->      ct:log("~p:~p~ngetting CRL from ~p~n", [?MODULE,?LINE, URL]), -    ct:log("~p:~p~nlisteners to port 8000:~n~p~n)",[?MODULE,?LINE,os:cmd("netstat -tln|grep ':8000'")]),      case httpc:request(get, {URL, []}, [], [{body_format, binary}]) of          {ok, {_Status, _Headers, Body}} ->              case Body of diff --git a/lib/ssl/test/ssl_handshake_SUITE.erl b/lib/ssl/test/ssl_handshake_SUITE.erl index 6d020c472b..5f36842f9e 100644 --- a/lib/ssl/test/ssl_handshake_SUITE.erl +++ b/lib/ssl/test/ssl_handshake_SUITE.erl @@ -1,7 +1,7 @@  %%  %% %CopyrightBegin%  %% -%% Copyright Ericsson AB 2008-2013. All Rights Reserved. +%% Copyright Ericsson AB 2008-2014. All Rights Reserved.  %%  %% The contents of this file are subject to the Erlang Public License,  %% Version 1.1, (the "License"); you may not use this file except in @@ -26,6 +26,7 @@  -include_lib("common_test/include/ct.hrl").  -include("ssl_internal.hrl").  -include("tls_handshake.hrl"). +-include_lib("public_key/include/public_key.hrl").  %%--------------------------------------------------------------------  %% Common Test interface functions ----------------------------------- @@ -36,7 +37,8 @@ all() -> [decode_hello_handshake,  	  decode_single_hello_extension_correctly,  	  decode_supported_elliptic_curves_hello_extension_correctly,  	  decode_unknown_hello_extension_correctly, -	  encode_single_hello_sni_extension_correctly]. +	  encode_single_hello_sni_extension_correctly, +	  select_proper_tls_1_2_rsa_default_hashsign].  %%--------------------------------------------------------------------  %% Test Cases -------------------------------------------------------- @@ -95,3 +97,11 @@ encode_single_hello_sni_extension_correctly(_Config) ->      HelloExt = <<ExtSize:16/unsigned-big-integer, SNI/binary>>,      Encoded = ssl_handshake:encode_hello_extensions(Exts),      HelloExt = Encoded. + +select_proper_tls_1_2_rsa_default_hashsign(_Config) -> +    % RFC 5246 section 7.4.1.4.1 tells to use {sha1,rsa} as default signature_algorithm for RSA key exchanges +    {sha, rsa} = ssl_handshake:select_hashsign_algs(undefined, ?rsaEncryption, {3,3}), +    % Older versions use MD5/SHA1 combination +    {md5sha, rsa} = ssl_handshake:select_hashsign_algs(undefined, ?rsaEncryption, {3,2}), +    {md5sha, rsa} = ssl_handshake:select_hashsign_algs(undefined, ?rsaEncryption, {3,0}). + | 
