aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src
AgeCommit message (Collapse)Author
2019-04-01Merge branch 'ingela/ssl/AES-CCM/OTP-15626'Ingela Anderton Andin
* ingela/ssl/AES-CCM/OTP-15626: ssl: Adapt DTLS code to optimizations ssl: Add support AES_CCM cipher suites form RFC 6655
2019-03-29 ssl: Add missing tuple in shutdown reasonIngela Anderton Andin
2019-03-29ssl: Adapt DTLS code to optimizationsIngela Anderton Andin
2019-03-29ssl: Add support AES_CCM cipher suites form RFC 6655Ingela Anderton Andin
2019-03-22Merge branch 'ingela/ssl/default-supported-versions/OTP-14865'Ingela Anderton Andin
* ingela/ssl/default-supported-versions/OTP-14865: ssl: Remove default support for legacy versions
2019-03-21Merge branch 'peterdmv/ssl/tls13-conn-info'Péter Dimitrov
* peterdmv/ssl/tls13-conn-info: ssl: Fix ssl:connection_information/1 in TLS 1.3 Change-Id: I492b0973bb4ee44354edf22ed3bc2a6e5c7b90c5
2019-03-21Revert "ssl: Correct handling of crypto exception handling."Ingela Anderton Andin
This reverts commit 884503bc69157d2a3c6bd72389b4e2a800f97fb6.
2019-03-21ssl: Remove default support for legacy versionsIngela Anderton Andin
TLS-1.0, TLS-1.1 and DTLS-1.0 are now considered legacy
2019-03-20ssl: Correct handling of crypto exception handling.Ingela Anderton Andin
Documentation was incorrect, and new specs provided dialyzer errors.
2019-03-19Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/src/ssl.erl lib/ssl/src/tls_connection.erl
2019-03-19Merge branch 'ingela/ssl/transport-transparance/ERL-861/OTP-15679' into maintIngela Anderton Andin
* ingela/ssl/transport-transparance/ERL-861/OTP-15679: ssl: Fix transport transparancy
2019-03-18ssl: Fix ssl:connection_information/1 in TLS 1.3Péter Dimitrov
Store cipher suite information in session record. Test ssl:connection_information/1 in a TLS 1.3 connection. Change-Id: I7193e6dd2544540e446b5777b5768806cecf2bd3
2019-03-18Merge branch 'peterdmv/ssl/client-auth/OTP-15591'Péter Dimitrov
* peterdmv/ssl/client-auth/OTP-15591: ssl: Improve ssl logging ssl: Test handling of signature algorithms ssl: Handle unencrypted Alert (Illegal Parameter) ssl: Improve verification of received Certificate ssl: Fix Alert logging ssl: Fix get_handshake_context/2 ssl: Test HelloRetryRequest with client auth ssl: Verify signature algorithm in CV ssl: Verify CertificateVerify ssl: Test client authentication with certificate ssl: Validate client certificates (TLS 1.3) ssl: Test client authentication (empty cert) ssl: Implement state 'wait_cert' ssl: Add ssl logger support for CertificateRequest ssl: Fix ssl alerts Change-Id: Id4ba14d373f116038a7cb3ff9fc33faed23031c8
2019-03-16ssl: Cancel recv timer in all placesIngela Anderton Andin
Would cause connection to crash although all data was delivered to ssl:recv
2019-03-14ssl: Improve ssl loggingPéter Dimitrov
Remove function ssl:set_log_level/1. Its functionality is already implemented by logger:set_application_level/2. Set log level for ssl modules to debug at application start. Former implementation required an extra call to logger:set_application_level/2 (beside setting ssl option {log_level, debug}) to enable debug logging. Change-Id: Id21be7fd58915e11124cc136bb92d8a7526b8a74
2019-03-14ssl: Handle unencrypted Alert (Illegal Parameter)Péter Dimitrov
Handle unencrypted 'Illegal Parameter' Alerts from openssl s_client when the server's connection states are already stepped into traffic encryption. Change-Id: I10951a9061e6f4b13d8ddb8ab99f8a812a483113
2019-03-14ssl: Improve verification of received CertificatePéter Dimitrov
Validate peer certificate against supported signature algorithms. Send 'Hanshake Failure' Alert if signature algorithm is not supported by the server. Change-Id: Iad428aad337f0f9764d23404c203f966664c4555
2019-03-14ssl: Fix Alert loggingPéter Dimitrov
Report the role of the peer when logging incoming Alerts. Change-Id: I7eec46bc36f9080f5087b6a38e7f14ac628fe286
2019-03-11ssl: Fix transport transparancyIngela Anderton Andin
2019-03-08Merge branch 'maint'Ingela Anderton Andin
2019-03-08ssl: Correct active once emulationIngela Anderton Andin
Conflicts: lib/ftp/test/ftp_SUITE.erl
2019-03-07ssl: Fix get_handshake_context/2Péter Dimitrov
Split get_handshake_context/2 into two functions. The new get_handshake_context_cv/2 returns the context for the verification of CertificateVerify. Change-Id: I461eb67bda1d9c1673e463d417c3e838fca6b40c
2019-03-07ssl: Verify signature algorithm in CVPéter Dimitrov
Verify if the signature algorithm used in the signature of CertificateVerify is one of those present in the supported_signature_algorithms field of the "signature_algorithms" extension in the CertificateRequest message. Change-Id: I7d3b5f10e3205447fb9a9a7e59b93568d1696432
2019-03-06ssl: Verify CertificateVerifyPéter Dimitrov
Verify CertificateVerify message against the handshake context and the public key provided by the Certificate message. Remove 'Context' argument from state handler functions and store data in the state variable. Refactor get_handshake_context/1 to cover all implemented cases. Change-Id: If803e05009331d1ec7e0ba2ea2b81d917a0add6d
2019-03-04ssl: Validate client certificates (TLS 1.3)Péter Dimitrov
Implement validation of client certificates in state 'wait_cert'. Implement state 'wait_cv'. Clean up handler functions. Change-Id: I5c410bf7afe34632f27fabcd61670764fedb105d
2019-03-04ssl: Implement state 'wait_cert'Péter Dimitrov
Implement state 'wait_cert' with its handler function do_wait_cert/2. Send CertificateRequest if peer verification is enabled. Send Alert 'certificate required' if client answers with empty Certificate and option 'fail_if_no_peer_cert' is set to true. Change-Id: I72c73bcb6bc68ea60e6fe41cdd29ccfe40d18322
2019-03-04ssl: Add ssl logger support for CertificateRequestPéter Dimitrov
Change-Id: I5fdade8474147d05bc12d28fec91a47d4fd6e73b
2019-03-04ssl: Fix ssl alertsPéter Dimitrov
Add missing alert to description_atom/1. Function clauses ordered by value of the alert. Change-Id: Ibb68ea261c42070c757b2815abd3f7b179880128
2019-03-04Merge branch 'peterdmv/ssl/hello-retry-request/OTP-15590'Péter Dimitrov
* peterdmv/ssl/hello-retry-request/OTP-15590: ssl: Fix type spec for handshake_history() ssl: Add tests for hello_retry_request and groups ssl: Implement 'hello_retry_request' Change-Id: I04ad2860d0ba81462a1e36c7d6fcee6bc5c98c32
2019-03-04Merge branch 'maint'Raimo Niskanen
* maint: fixup! ssl: Add support for {active,N} ssl: Use common fonction to update {active,N} ssl: Document {active,N} ssl: Add support for {active,N}
2019-03-04Merge branch 'essen/ssl-active-n' into maintRaimo Niskanen
* essen/ssl-active-n: fixup! ssl: Add support for {active,N} ssl: Use common fonction to update {active,N} ssl: Document {active,N} ssl: Add support for {active,N} Conflicts: lib/ssl/src/ssl.erl
2019-02-28ssl: Fix type spec for handshake_history()Péter Dimitrov
handshake_history() was specified as {[binary()], [binary[]]}, although its real type was {iodata(), iodata()}, dialyzer did not give a warning until a new function matched out an element of handshake_history and used it as input data for crypto:hash/2. Change-Id: I60660e7296a52bf69bd7198a4cffee8338907726
2019-02-25ssl: Implement 'hello_retry_request'Péter Dimitrov
Refactor state 'start' and handler functions. Send 'hello_retry_request' if ClientHello does not contain sufficient information. Change-Id: I9fccb38aff5ba88bff75887261e8b1487bd64e17
2019-02-25Merge branch 'peterdmv/ssl/dtls_logging'Péter Dimitrov
* peterdmv/ssl/dtls_logging: ssl: Add debug logging for DTLS Change-Id: I83bf117c6c3428c57010e0e581775dd941fc829a
2019-02-22Merge branch ssl-active-n of essen:erlang/otp into essen/ssl-active-nRaimo Niskanen
* essen:erlang/otp: fixup! ssl: Add support for {active,N} ssl: Use common fonction to update {active,N} ssl: Document {active,N} ssl: Add support for {active,N} Conflicts: lib/ssl/src/ssl_connection.erl
2019-02-22Merge branch 'ingela/merge/master'Ingela Anderton Andin
2019-02-22Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/doc/src/ssl.xml lib/ssl/src/ssl.erl
2019-02-22Fix dialyzer error and wrong StateName match bugRaimo Niskanen
2019-02-22Merge branch 'ingela/ssl/doc-enhancements' into maintIngela Anderton Andin
* ingela/ssl/doc-enhancements: ssl: Enhance documentation after "use-spec-rewrite"
2019-02-22ssl: Enhance documentation after "use-spec-rewrite"Ingela Anderton Andin
2019-02-22Merge branch 'peterdmv/ssl/validate_client_finished'Péter Dimitrov
* peterdmv/ssl/validate_client_finished: ssl: Validate Client Finished Change-Id: I495c0d998423dc5a760d1ca0109c4107c5919f54
2019-02-22ssl: Add debug logging for DTLSPéter Dimitrov
Change-Id: I4858972053436b05b83d72c552974fc9da3843d4
2019-02-21Merge branch 'maint'Raimo Niskanen
* maint: Inline local function Optimize binary matching Clean up module boundaries Remove redundant return of CipherState Use iovec() internally in send path Small binary handling optimizations Optimize read_application_data with Okasaki queue Try to optimize decode_cipher_text/3 Optimize application data aggregation Optimize TLS record parsing with Okasaki queue Cache strong_random_bytes for IV Optimize padding Produce less garbage in encrypt loop Reorganize #data{} Tidy up state machine Add server GC info to bench results Conflicts: lib/ssl/src/ssl_cipher.erl lib/ssl/src/ssl_connection.erl lib/ssl/src/ssl_connection.hrl lib/ssl/src/ssl_logger.erl lib/ssl/src/ssl_record.erl lib/ssl/src/ssl_record.hrl lib/ssl/src/tls_connection.erl lib/ssl/src/tls_record.erl lib/ssl/src/tls_sender.erl
2019-02-21Merge branch 'raimo/ssl/tls-optimization/OTP-15529' into maintRaimo Niskanen
* raimo/ssl/tls-optimization/OTP-15529: Inline local function Optimize binary matching Clean up module boundaries Remove redundant return of CipherState Use iovec() internally in send path Small binary handling optimizations Optimize read_application_data with Okasaki queue Try to optimize decode_cipher_text/3 Optimize application data aggregation Optimize TLS record parsing with Okasaki queue Cache strong_random_bytes for IV Optimize padding Produce less garbage in encrypt loop Reorganize #data{} Tidy up state machine Add server GC info to bench results
2019-02-21Merge branch 'ingela/ssl/fix-master-doc'Ingela Anderton Andin
2019-02-20ssl: Reintroduce documentation of signature_algs_cert and log_level optionIngela Anderton Andin
When changing the ssl application to use type specs in documentation master additions where lost in the merge as we did not want to rewrite the new documentation in a merge commit.
2019-02-20Revert "ssl: Workaround for compiler errors, to be reverted later"Ingela Anderton Andin
This reverts commit 028df3a72f7b813ef9851799a07ded30b7d3ad55.
2019-02-19ssl: Validate Client FinishedPéter Dimitrov
Validate Client Finished message. If validation fails, send decrypt_error alert. Change-Id: I1da7be3505ca6df2b3d50282f0500b988ef8b488
2019-02-19fixup! ssl: Add support for {active,N}Loïc Hoguin
2019-02-19ssl: Use common fonction to update {active,N}Loïc Hoguin