Age | Commit message (Collapse) | Author | |
---|---|---|---|
2012-08-22 | ssl: TLS 1.2: fix hash and signature handling | Andreas Schultz | |
with TLS 1.2 the hash and signature on a certify message can differ from the defaults. So we have to make sure to always use the hash and signature algorithm indicated in the handshake message | |||
2012-08-22 | ssl: TLS 1.2: fix Certificate Request list of Accepted Signatur/Hash ↵ | Andreas Schultz | |
combinations | |||
2012-08-22 | ssl: Add Signature Algorithms hello extension from TLS 1.2 | Andreas Schultz | |
This is also avoids triggering some bugs in OpenSSL. | |||
2012-08-22 | ssl: Fix rizzo tests to run as intended | Ingela Anderton Andin | |
The Rizzo tests ran both SSL 3.0 and TLS 1.0 tests in the same test case but the new group structure that run all relevant test for all relevant SSL/TLS versions we need to change that to run the protocol version of the group the we are currently running. | |||
2012-08-22 | ssl: TLS-1.1 and TLS-1.2 support should not be default until R16 | Ingela Anderton Andin | |
2012-08-22 | ssl: Signture type bug | Ingela Anderton Andin | |
2012-08-22 | ssl: Add crypto support check (TLS 1.2 require sha256 support) | Ingela Anderton Andin | |
2012-08-22 | ssl: Dialyzer fixes | Ingela Anderton Andin | |
2012-08-22 | ssl: IDEA cipher is deprecated by TLS 1.2 | Ingela Anderton Andin | |
As we did not yet support IDEA ciphers and they have now become deprecated we skip supporting them altogether. | |||
2012-08-22 | ssl: Run relevant tests for all SSL/TLS versions | Ingela Anderton Andin | |
2012-08-22 | ssl: Add TLS version switches to openssl tests | Andreas Schultz | |
2012-08-22 | ssl: Enable TLS 1.2 | Andreas Schultz | |
2012-08-22 | ssl: Enable mac_hash for TLS 1.2 | Andreas Schultz | |
2012-08-22 | ssl: Implement TLS 1.2 signature support | Andreas Schultz | |
2012-08-22 | ssl: Make signature handling version dependant | Andreas Schultz | |
TLS 1.2 introduces changes on how signatures are calculate and encoded. This makes the signature handling version aware | |||
2012-08-22 | ssl: Fix PRF logic | Ingela Anderton Andin | |
2012-08-22 | ssl: Add TLS 1.2 cipher suites | Andreas Schultz | |
2012-08-22 | ssl: Implement and activate PRFs for TLS 1.1 and 1.2 | Andreas Schultz | |
2012-08-22 | ssl: make PRF function selectable | Andreas Schultz | |
TLS 1.2 allows to negotiate the used PRF, additional the default PRF uses a different hash. This change make the PRF selectable and hardwires the PRF for TLS < 1.2 | |||
2012-08-22 | ssl: Add TLS version paramter to verify_dh_params | Andreas Schultz | |
dh parameter verification is done differently with TLS 1.2. Prepare for that by passing the verion to verify_dh_params. | |||
2012-08-22 | ssl: Add TLS version to dec_hs/2 | Andreas Schultz | |
TLS 1.2 changes the layout of several handshake records. This adds the TLS version to dec_hs/2 so it can decode those. | |||
2012-08-22 | ssl: Add TLS version to ssl_handshake:key_exchange/3 | Andreas Schultz | |
TLS 1.2 changed the way digital signatures are done. key_exchange/3 needs to pass the version to it. | |||
2012-08-22 | ssl: Update ssl_cipher_SUITE for TLS 1.1 and TLS 1.2 | Andreas Schultz | |
now that we handle TLS 1.1+ records correctly, the test suite have to take that into account. | |||
2012-08-22 | ssl: Add TLS 1.2 block cipher IV handling | Andreas Schultz | |
2012-08-22 | ssl: Consider TLS version when building cipher blocks | Andreas Schultz | |
With TLS 1.2 the handling of the IV in cipher blocks changed. This prepares ssl_cipher:cipher/5 for that change by passing the TLS version into it and allowing generic_block_cipher_from_bin/4 to overload the IV. | |||
2012-08-22 | ssl: Calculate handshake hash only when needed | Andreas Schultz | |
TLS/SSL version before 1.2 always used a MD5/SHA combination for the handshake hashes. With TLS 1.2 the default hash is SHA256 and it is possible to negotiate a different hash. This change delays the calculation of the handshake hashes until they are really needed. At that point the hash to use should be known. For now MD5/SHA is still hard coded. | |||
2012-08-22 | public_key: Fix documentation typo | Sverker Eriksson | |
dsa -> dss | |||
2012-08-22 | public_key: Add sha224 to RSA sign/verify | Sverker Eriksson | |
2012-08-22 | crypto: Add sha224 for rsa sign/verify | Sverker Eriksson | |
2012-08-22 | crypto: Add more generic hash interface | Sverker Eriksson | |
2012-08-22 | crypto: Add sha224 | Sverker Eriksson | |
2012-08-22 | crypto: fix hmac_sha384 and add hmac test cases from RFC-4231 | Andreas Schultz | |
2012-08-22 | crypto: Add sha384 | Sverker Eriksson | |
2012-08-22 | crypto: Cleanup code for sha256 and sha512 | Sverker Eriksson | |
2012-08-22 | crypto: Add SHA256 and SHA512 based MACs | Andreas Schultz | |
2012-08-22 | public_key: Align the interface of sign and verify with crypto | Sverker Eriksson | |
2012-08-22 | public_key: Generalised API | Ingela Anderton Andin | |
2012-08-22 | public_key: Add rsa and dss hash signing support | Andreas Schultz | |
2012-08-22 | crypto: Redo interface for rsa and dss hash signing | Sverker Eriksson | |
Replace _hash functions with {digest,_} argument to existing sign/verify functions. | |||
2012-08-22 | crypto: Add rsa and dss hash signing support | Andreas Schultz | |
2012-06-20 | Merge branch 'ia/ssl/recv-bug/OTP-10118' into maint | Ingela Anderton Andin | |
* ia/ssl/recv-bug/OTP-10118: ssl: Fix bug in the handling of remote connection closure of {active,false} ssl sockets. | |||
2012-06-20 | Merge branch 'rickard/thr-prgr-use/OTP-10116' into maint | Rickard Green | |
* rickard/thr-prgr-use/OTP-10116: Fix faulty use of thread progress in handle_aux_work() | |||
2012-06-20 | Merge branch 'ia/ssl/pem-cache-bug' into maint | Ingela Anderton Andin | |
* ia/ssl/pem-cache-bug: ssl: Fix pem cache bug | |||
2012-06-19 | ssl: Fix pem cache bug | Ingela Anderton Andin | |
A general case clause was put before a less general so that the less general case would never match. | |||
2012-06-18 | Fix faulty use of thread progress in handle_aux_work() | Rickard Green | |
As an optimization old thread progress data was kept and used in handle_aux_work() in erl_process.c. This could cause memory to be deallocated at a later time than intended, which is quite harmless. This has, however, now been fixed. | |||
2012-06-15 | ssl: Fix bug in the handling of remote connection closure of {active,false} ↵ | Ingela Anderton Andin | |
ssl sockets. | |||
2012-06-13 | Merge branch 'ia/ssl/bottlenecks/OTP-10113' into maint | Ingela Anderton Andin | |
* ia/ssl/bottlenecks/OTP-10113: ssl: Test case fixes ssl: Avoid second bottleneck in supervisor ssl: File handling optimization ssl: Simpler PEM cache ssl: Refactored for readability ssl: Use md5 as file ref id instead of filenames ssl: Move ets:select bottleneck in server ssl: Renegotiate updates session id in gen_fsm state ssl: Use ordered_set in cache ssl: Move and avoid ets:select bottleneck in client ssl: Reuse session check optimization ssl: Avoid supervior bottleneck | |||
2012-06-12 | Merge branch 'ia/ssh/missing-reason-in-catch-exit/OTP-10112' into maint | Ingela Anderton Andin | |
* ia/ssh/missing-reason-in-catch-exit/OTP-10112: Improved handling of multiple closes | |||
2012-06-12 | ssl: Test case fixes | Ingela Anderton Andin | |
2012-06-08 | ssl: Avoid second bottleneck in supervisor | Ingela Anderton Andin | |
Do proc_lib:spawn_link instead of proc_lib:start_link as synchronized init is not used/needed anyway. |