aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src
AgeCommit message (Collapse)Author
2018-11-20ssl: Improve the "start" and "negotiated" statesPéter Dimitrov
This change adds the capability to the TLS 1.3 server to process ClientHello messages and answer with ServerHello. Change-Id: I13f6cfac932574300338e7301c6162252a591c70
2018-11-20ssl: Improve TLS 1.3 state machinePéter Dimitrov
- Use internal event to transition to the first state of the TLS 1.3 state machine. - Add gen_handshake_1_3/4 and gen_info_1_3/4. Change-Id: I17f12110356c7be4a8dddf9a616df7f181b0ef37
2018-11-20ssl: Fix handling of "signature_algs" in ClientHelloPéter Dimitrov
Use signature schemes in the "signature_algs" extension when creating TLS 1.3 ClientHello extensions. Change-Id: I1402bec659c70352a4a2200146911fd4246d2fe2
2018-11-20ssl: Fix default values of "signature_algs"Péter Dimitrov
- Add function for special handling of default values of "signature_algs" in TLS 1.3. This change adds default values for "signature_algs" even for TLS 1.3 clients as they must send the "signature_algs" extension when a server authenticates itself via a certificate. - Use "signature schemes" as default instead of the old hash-signature algorithms tuple when using TLS 1.3. Change-Id: I296593b16610fd7a18a4ae3f3bac63c2fad06fbd
2018-11-20ssl: Auto generate build dependenciesPéter Dimitrov
- Order the list of input files - Auto generate build dependencies Change-Id: I0520725c98f4739fa73c8667c38ce1b00c494bc9
2018-11-16ssl: Fix encode/decode of ClientHello (TLS 1.3)Péter Dimitrov
- Fix handling of hello versions. TLS 1.3 ClientHello will use TLS 1.3 encoding. - Fix encoding/decoding of TLS records when record protection has not yet been engaged (NULL cipher). Change-Id: I7511d1a7751f1ec8c2f2f2fb3d21ddf80a3f428b
2018-11-16ssl: Change defaults for "supported_groups"Péter Dimitrov
Removed strongest Diffie-Hellman groups from defaults (ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192) in order to reduce the time spent with calculating the keys for the key_share extension. Change-Id: I1cc1914ea4c5093f694989b0153c1bd1c8840eef
2018-11-16ssl: Fix compilation warningsPéter Dimitrov
Change-Id: Id92deeebf2cb792a24c0ac1dd2e827fc7135b07c
2018-11-16ssl: Implement the 'key_share' extensionPéter Dimitrov
Change-Id: Ie7409675dd7a35825f32822df259286bbb95fd62
2018-11-12Merge branch 'ingela/ssl/key-derive/OTP-15374'Ingela Anderton Andin
* ingela/ssl/key-derive/OTP-15374: ssl: Add key derivation functions for TLS-1.3
2018-11-12Merge branch 'maint'Ingela Anderton Andin
2018-11-12Merge branch 'ingela/ssl/rsa-kex-engine/ERIERL-268/OTP-15420' into maintIngela Anderton Andin
* ingela/ssl/rsa-kex-engine/ERIERL-268/OTP-15420: ssl: Add engine handling clause to RSA key exchange
2018-11-09ssl: Add engine handling clause to RSA key exchangeIngela Anderton Andin
2018-11-09ssl: Add key derivation functions for TLS-1.3Ingela Anderton Andin
2018-11-08Merge branch 'maint'Ingela Anderton Andin
2018-11-07ssl: Correct gen_statem return valueIngela Anderton Andin
Could cause renegotiation to fail
2018-11-06ssl: Fix logging in new sender processPéter Dimitrov
Change-Id: I2beb99aab1920d866dcdc91f67fc306fc16e9496
2018-11-06Merge branch 'maint'Ingela Anderton Andin
2018-11-05ssl: controlling_process should be allowed on transpor_accept sockets alongIngela Anderton Andin
with handshake Fix of commit 68d9244ae33e5eea36250c3bb9ffe046a4db5647
2018-11-05Merge branch 'maint'Ingela Anderton Andin
2018-11-02ssl: Correct filter functionIngela Anderton Andin
2018-11-02Merge branch 'maint'Ingela Anderton Andin
2018-11-02Merge branch 'ingela/ssl/deliver-all-data-at-close/ERL-731/OTP-15412' into maintIngela Anderton Andin
* ingela/ssl/deliver-all-data-at-close/ERL-731/OTP-15412: ssl: Extend check for undelivered data at closing
2018-11-02ssl: Extend check for undelivered data at closingIngela Anderton Andin
This is a timing related bug that alas is hard to test
2018-11-02Merge pull request #2003 from peterdmv/ssl/tls1.3-statem-skeleton/OTP-15310Péter Dimitrov
Implement TLS 1.3 state machine skeleton
2018-11-02Merge branch 'maint'Ingela Anderton Andin
2018-11-01ssl: Fix failing property testsPéter Dimitrov
- Updated message generators: ClientHello, ServerHello and EncryptedExtensions - Fixed encoding of the extensions 'signature_algorithms' and 'signature_algorithms_cert' - Updated empty extension definitions Change-Id: I9415e2d022744b9ed4667d20aee2553637ed49f8
2018-11-01ssl: Return error to user that tries to use a "transport accepted" socket forIngela Anderton Andin
other purposes than handshaking
2018-11-01Merge branch 'maint'Ingela Anderton Andin
2018-11-01Merge pull request #1990 from max-au/ssl_pem_cache_timezone_fixIngela Andin
ssl: fix timezone-related bug in ssl_pem_cache OTP-15402
2018-10-29Merge branch 'maint'Lukas Larsson
2018-10-29Merge pull request #1983 from binaryseed/bug-default-address_please/OTP-15388Lukas Larsson
Fix the default implementation of address_please
2018-10-26ssl: fix timezone-related bug in ssl_pem_cacheMaxim Fedorov
Caught with unit test in ssl_pem_cache_SUITE. When local timezone is PST (Pacific Standard Time), PEM cache was not evicting expired entries due to file time converstion was done using calendar:now_to_datetime, while file modification time is actually in local time. Use os:system_time() to align with file_info modified time.
2018-10-24ssl: Implement decode of "supported_groups"Péter Dimitrov
Change-Id: I42d7779bb3558aa3a2bea5be065c559d01c0a32b
2018-10-24ssl: Implement TLS 1.3 state machine skeletonPéter Dimitrov
Change-Id: I4b382a7907247cc2099951fdefa40f1511b1123e
2018-10-24ssl: Add module for Finite Field DH groupsPéter Dimitrov
Change-Id: I80bc21b2dee82f4d5641fa8443882838f7c602ba
2018-10-24Merge branch 'ingela/ssl/tls-1.3-record'Ingela Anderton Andin
* ingela/ssl/tls-1.3-record: ssl: TLS-1.3 TLS record protocol handling
2018-10-24ssl: TLS-1.3 TLS record protocol handlingIngela Anderton Andin
2018-10-23Merge branch 'maint'Ingela Anderton Andin
2018-10-23ssl: Correct length to be used in additional data in CHACHA20_POLY1305 cipherIngela Anderton Andin
2018-10-22Merge branch 'maint'Ingela Anderton Andin
2018-10-19ssl: Refactor AEAD ciphersIngela Anderton Andin
TLS-1.3 needs to handle AEAD inputs diffrently than previous versions. Refactor code to facilitate TLS-1.3 additions. Change CHACHA20_POLY1305 NONCE to match RFC 7905. This will be important later when we fix interop with TLS compatible crypto invocation.
2018-10-16Merge pull request #1970 from peterdmv/ssl/signature_algorithms/OTP-15248Péter Dimitrov
Implement Signature Algorithms (TLS 1.3)
2018-10-15ssl: Update default for option signature_algs_certPéter Dimitrov
The option 'signature_algs_cert' is not set by default. Change-Id: Ib87cedc5e48b3ac7a36a30bc7caa08d3193f12fa
2018-10-15ssl: Filter "signature_algs_cert" from socket optionsPéter Dimitrov
Change-Id: Ifb933d1bad647b941b7324c0712a7bc20ae74efa
2018-10-15ssl: Implement Signature Algorithms (TLS 1.3)Péter Dimitrov
Implement handling of the signature algorithms extension described by RFC 8446. This commit updates the behavior of legacy TLS versions to align them with RFC 8446 (TLS 1.3) and RFC 5246 (TLS 1.2). - TLS 1.0/1.1 clients validate the client certificate against the certificate_type field of the CertificateRequest message. - TLS 1.2 client verifies the hash/signature algorithm pair of the client certificate when processing a CertificateRequest. Old behavior only checked the signature algorithms. - TLS 1.2 server verifies that the server certificate is signed by a hash/signature algorithm pair that appears in the "singature_algorithms" or "signature_algorithms_cert" (RFC 8446) extensions of the ClientHello. Change-Id: I3e0a0d7408984f5e5b1233968934fe34d64eb2b7
2018-10-13Fix fallback address_pleaseVince Foley
2018-10-11Merge branch 'maint'Ingela Anderton Andin
2018-10-11ssl: Fix up incorrect automatic mergeIngela Anderton Andin
2018-10-11Merge branch 'maint'Ingela Anderton Andin
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-18 15:49:10 +0000