aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src
AgeCommit message (Collapse)Author
2018-11-01ssl: Return error to user that tries to use a "transport accepted" socket forIngela Anderton Andin
other purposes than handshaking
2018-11-01Merge pull request #1990 from max-au/ssl_pem_cache_timezone_fixIngela Andin
ssl: fix timezone-related bug in ssl_pem_cache OTP-15402
2018-10-29Merge pull request #1983 from binaryseed/bug-default-address_please/OTP-15388Lukas Larsson
Fix the default implementation of address_please
2018-10-26ssl: fix timezone-related bug in ssl_pem_cacheMaxim Fedorov
Caught with unit test in ssl_pem_cache_SUITE. When local timezone is PST (Pacific Standard Time), PEM cache was not evicting expired entries due to file time converstion was done using calendar:now_to_datetime, while file modification time is actually in local time. Use os:system_time() to align with file_info modified time.
2018-10-23ssl: Correct length to be used in additional data in CHACHA20_POLY1305 cipherIngela Anderton Andin
2018-10-19ssl: Refactor AEAD ciphersIngela Anderton Andin
TLS-1.3 needs to handle AEAD inputs diffrently than previous versions. Refactor code to facilitate TLS-1.3 additions. Change CHACHA20_POLY1305 NONCE to match RFC 7905. This will be important later when we fix interop with TLS compatible crypto invocation.
2018-10-13Fix fallback address_pleaseVince Foley
2018-10-11ssl: Fix up incorrect automatic mergeIngela Anderton Andin
2018-10-11Merge branch 'ingela/maint/ssl/packet-options-to-tls-sender/OTP-15348' into ↵Ingela Anderton Andin
maint Conflicts: lib/ssl/src/tls_sender.erl
2018-10-11ssl: TLS sender process needs to get updates of the socket option packetIngela Anderton Andin
If the socket option is set to {packet, 1|2|3|4} sender process needs to add a packet length header. If packet is changed with ssl:setopts/2 this needs to be communicated to tls_sender.
2018-10-10ssl: ERL-738 - Correct alert handling with new TLS sender processIngela Anderton Andin
With the new TLS sender process, solving ERL-622, TLS ALERTs sent in the connection state must be encrypted and sent by the TLS sender process. This to make sure that the correct encryption state is used to encode the ALERTS. Care must also be taken to ensure a graceful close down behavior both for normal shutdown and downgrading from TLS to TCP. The original TR ERL-738 is verified by cowboy tests, and close down behavior by our tests. However we alas have not been able to yet create a minimal test case for the originating problem. Also it seems it has become less likely that we run in to the TCP delivery problem, that is the guarantee is only on transport level, not application level. Keep work around function in ssl_test_lib but we can have better test as long as we do not get to much wobbling tests.
2018-10-10ssl: TLS sender process needs to get updates of the socket option packetIngela Anderton Andin
If the socket option is set to {packet, 1|2|3|4} sender process needs to add a packet length header. If packet is changed with ssl:setopts/2 this needs to be communicated to tls_sender.
2018-10-08ssl: ERL-738 - Correct alert handling with new TLS sender processIngela Anderton Andin
With the new TLS sender process, solving ERL-622, TLS ALERTs sent in the connection state must be encrypted and sent by the TLS sender process. This to make sure that the correct encryption state is used to encode the ALERTS. Care must also be taken to ensure a graceful close down behavior both for normal shutdown and downgrading from TLS to TCP. The original TR ERL-738 is verified by cowboy tests, and close down behavior by our tests. However we alas have not been able to yet create a minimal test case for the originating problem. Also it seems it has become less likely that we run in to the TCP delivery problem, that is the guarantee is only on transport level, not application level. Keep work around function in ssl_test_lib but we can have better test as long as we do not get to much wobbling tests.
2018-09-21Update copyright yearHenrik Nord
2018-09-20ssl: Move link to correct processIngela Anderton Andin
The link should be between the connection process and the tls_sender process. But the start of the tls_sender process needs to be done by the process that also starts the connection process in order to correctly create the opaque #ssl_socket{}.
2018-09-12ssl: Handle incomplete and unorded chainsIngela Anderton Andin
If the peer sends an incomplete chain that we can reconstruct with our known CA-certs it will be accepted. We will assume that the peer honors the protocol and sends an orded chain, however if validation fails we will try to order the chain in case it was unorded. Will also handle that extraneous cert where present. See Note form RFC 8446 Note: Prior to TLS 1.3, "certificate_list" ordering required each certificate to certify the one immediately preceding it; however, some implementations allowed some flexibility. Servers sometimes send both a current and deprecated intermediate for transitional purposes, and others are simply configured incorrectly, but these cases can nonetheless be validated properly. For maximum compatibility, all implementations SHOULD be prepared to handle potentially extraneous certificates and arbitrary orderings from any TLS version, with the exception of the end-entity certificate which MUST be first.
2018-09-11ssl: Correct handling of all PSK cipher suitesIngela Anderton Andin
Before only some PSK suites would be correctly negotiated and most PSK ciphers suites would fail the connection. PSK cipher suites are anonymous in the sense that they do not use certificates except for rsa_psk.
2018-09-04Fixed ssl_options typespec for keyLasse Skindstad Ebert
2018-08-30Merge branch 'ingela/ssl/send-recv-dead-lock/ERL-622' into maintIngela Anderton Andin
* ingela/ssl/send-recv-dead-lock/ERL-622: ssl: Improve close handling ssl: Adopt distribution over TLS to use new sender process ssl: Add new sender process for TLS state machine
2018-08-27Merge branch 'hans/ssl/dialyzer_crypto_typed/OTP-15271' into maintHans Nilsson
* hans/ssl/dialyzer_crypto_typed/OTP-15271: ssl: Fix dialyzer errors detected when crypto.erl is typed
2018-08-27ssl: Improve close handlingIngela Anderton Andin
We want to make sure that the sender process that may get stuck in prim_inet:send will die if the tls_connection process is terminated. And we also like to make sure that it terminates as gracefully as possible. So when the tls_connection process dies it spawns a killer process that will brutaly kill the sender if it is unresponsive and does not terminate due to its monitor of the tls_connetion process triggering. When the sender process also acts as distribution controller it may also have other processess that it is linked with that it should bring down or that could bring the connection down.
2018-08-27ssl: Adopt distribution over TLS to use new sender processIngela Anderton Andin
2018-08-27ssl: Add new sender process for TLS state machineIngela Anderton Andin
Separate sending and receiving when using TCP as transport as prim_inet:send may block which in turn may result in a deadlock between two Erlang processes communicating over TLS, this is especially likely to happen when running Erlang distribution over TLS.
2018-08-24ssl: Fix dialyzer errors detected when crypto.erl is typedHans Nilsson
2018-08-24Merge branch 'maint-21' into maintLars Thorsen
* maint-21: Updated OTP version Prepare release Updated the engine load functionality inets: Prepare for release inets: Use status code 501 when no mod_* handles the request ssl: Prepare for release ssl: Make sure that a correct cipher suite is selected ssl: Make sure that a correct cipher suite is selected
2018-08-23ssl: Correct dialyzer specsIngela Anderton Andin
2018-08-21ssl: Move formatting code to own moduleIngela Anderton Andin
The conversion code for different representations of cipher suites is long an repetitive. We want to hide it in a module that does not have other functions that we like to look at.
2018-08-21ssl: Remove legacy filesIngela Anderton Andin
When starting to implement DTLS, it was assumed that the APIs for TLS and DTLS would differ more. This assumption turned out to be wrong.
2018-08-14Merge branch 'ingela/ssl/ERL-668/improve-err-msg/OTP-15234' into maintIngela Anderton Andin
* ingela/ssl/ERL-668/improve-err-msg/OTP-15234: ssl: Improve error message
2018-08-14Merge branch 'ingela/ssl/ERL-686/OTP-15224' into maintIngela Anderton Andin
* ingela/ssl/ERL-686/OTP-15224: ssl: Error handling improvment
2018-08-13ssl: Prepare for releaseIngela Anderton Andin
2018-08-10Merge branch 'maint-20' into maintRickard Green
* maint-20: Updated OTP version Update release notes Update version numbers crypto: Fix crash in compute_key(ecdh, ...) on badarg Relax add_table_copy restriction Fixed #Ref ordering bug Test #Ref ordering in lists and ets Do NOT disc_load from ram_copies when master_node is set ssl: Make sure that a correct cipher suite is selected ssl: Correct handling of empty server SNI extension
2018-08-09Merge branch 'ingela/ssl/empty-sni/OTP-15168' into maint-20Erlang/OTP
* ingela/ssl/empty-sni/OTP-15168: ssl: Correct handling of empty server SNI extension
2018-08-09Merge branch 'ingela/maint/ssl/ECC/ERIERL-210/OTP-15203' into maintIngela Anderton Andin
* ingela/maint/ssl/ECC/ERIERL-210/OTP-15203: ssl: Make sure that a correct cipher suite is selected
2018-08-09ssl: Make sure that a correct cipher suite is selectedIngela Anderton Andin
The keyexchange ECDHE-RSA requires an RSA-keyed server cert (corresponding for ECDHE-ECDSA), the code did not assert this resulting in that a incorrect cipher suite could be selected. Alas test code was also wrong hiding the error.
2018-08-09ssl: Error handling improvmentIngela Anderton Andin
2018-08-07ssl: Make sure that a correct cipher suite is selectedIngela Anderton Andin
The keyexchange ECDHE-RSA requires an RSA-keyed server cert (corresponding for ECDHE-ECDSA), the code did not assert this resulting in that a incorrect cipher suite could be selected. Alas test code was also wrong hiding the error.
2018-08-07ssl: Correct close handlingIngela Anderton Andin
Transport accepted sockets that are in the error state, was not closed properly.
2018-08-06ssl: Make sure that a correct cipher suite is selectedIngela Anderton Andin
The keyexchange ECDHE-RSA requires an RSA-keyed server cert (corresponding for ECDHE-ECDSA), the code did not assert this resulting in that a incorrect cipher suite could be selected. Alas test code was also wrong hiding the error.
2018-07-24Merge branch 'maint-20' into maintJohn Högberg
* maint-20: Updated OTP version Prepare release ssl: Engine key trumps certfile option inets: Prepare for release inets: Improve error handling
2018-07-20Merge branch 'ingela/ssl/engine-vs-certfile/ERLERL-211/OTP-15193' into maint-20Erlang/OTP
* ingela/ssl/engine-vs-certfile/ERLERL-211/OTP-15193: ssl: Engine key trumps certfile option
2018-07-17ssl: Improve error messageIngela Anderton Andin
2018-07-17ssl: Engine key trumps certfile optionIngela Anderton Andin
2018-07-11Merge pull request #1869 from ↵Ingela Andin
IngelaAndin/ingela/ssl/unexpected-call/ERL-664/OTP-15174 ssl: Improve error handling
2018-07-10ssl: Correct connection_information on ECC-curvesIngela Anderton Andin
2018-07-10ssl: No cipher suite sign restriction in TLS-1.2Ingela Anderton Andin
Conflicts: lib/ssl/test/ssl_ECC_SUITE.erl
2018-07-10ssl: Add psk as anonymous key exchange in ssl_handshake:select_hashsign/5Ingela Anderton Andin
Failing to recognize psk as an anonymous key exchange would fail the connection when trying to decode an undefined certificate.
2018-07-10ssl: Correct key_usage checkIngela Anderton Andin
The Key Usage extension is described in section 4.2.1.3 of X.509, with the following possible flags: KeyUsage ::= BIT STRING { digitalSignature (0), nonRepudiation (1), -- recent editions of X.509 have -- renamed this bit to contentCommitment keyEncipherment (2), dataEncipherment (3), keyAgreement (4), keyCertSign (5), cRLSign (6), encipherOnly (7), decipherOnly (8) } In SSL/TLS, when the server certificate contains a RSA key, then: either a DHE or ECDHE cipher suite is used, in which case the RSA key is used for a signature (see section 7.4.3 of RFC 5246: the "Server Key Exchange" message); this exercises the digitalSignature key usage; or "plain RSA" is used, with a random value (the 48-byte pre-master secret) being encrypted by the client with the server's public key (see section 7.4.7.1 of RFC 5246); this is right in the definition of the keyEncipherment key usage flag. dataEncipherment does not apply, because what is encrypted is not directly meaningful data, but a value which is mostly generated randomly and used to derive symmetric keys. keyAgreement does not apply either, because that one is for key agreement algorithms which are not a case of asymmetric encryption (e.g. Diffie-Hellman). The keyAgreement usage flag would appear in a certificate which contains a DH key, not a RSA key. nonRepudiation is not used, because whatever is signed as part of a SSL/TLS key exchange cannot be used as proof for a third party (there is nothing in a SSL/TLS tunnel that the client could record and then use to convince a judge when tring to sue the server itself; the data which is exchanged within the tunnel is not signed by the server). When a ECDSA key is used then "keyAgreement" flag is needed for beeing ECDH "capable" (as opposed to ephemeral ECDHE)
2018-07-10ssl: Fix ECDSA key decode clauseIngela Anderton Andin
2018-07-10ssl: Avoid hardcoding of cipher suites and fix ECDH suite handlingIngela Anderton Andin
ECDH suite handling did not use the EC parameters form the certs as expected. Conflicts: lib/ssl/src/ssl_cipher.erl