aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src
AgeCommit message (Collapse)Author
2019-04-12Merge branch 'ingela/ssl/cipher-suite-conversions'Ingela Anderton Andin
* ingela/ssl/cipher-suite-conversions: ssl: Add functions to convert between diffrent cipher suite formats
2019-04-12ssl: Add functions to convert between diffrent cipher suite formatsIngela Anderton Andin
2019-04-11ssl: Fix faulty match of Socket in handle_info/3Péter Dimitrov
Fix dtls_connection:handle_info/3 to correctly match the Socket in static_env. Change-Id: Iddaad0514c2413abac6d9a06292556e07acc7729
2019-04-11Merge branch 'peterdmv/ssl/fix-tls13-handshake/ERL-908/OTP-15759'Péter Dimitrov
* peterdmv/ssl/fix-tls13-handshake/ERL-908/OTP-15759: ssl: Add chacha ciphers to openssl_suite_name/1 ssl: Filter signature_schemes before usage ssl: Handle legacy algorithms in signature_scheme/1 Change-Id: I4caa0fb21324aceb1d3502d33e61e99bd915d9c4
2019-04-10ssl: Add chacha ciphers to openssl_suite_name/1Péter Dimitrov
Change-Id: I2f2cc8c64f02b50773eb455770336b159da7b9f9
2019-04-10ssl: Filter signature_schemes before usagePéter Dimitrov
Filter unassigned and legacy elements from signature_scheme_list before further processing. Change-Id: I0a2623e53c21cebe6e736e7eee6bb6354fc698b7
2019-04-10ssl: Handle legacy algorithms in signature_scheme/1Péter Dimitrov
Handle legacy signature algorithms in TLS 1.3 ClientHello to improve debug logging. Change-Id: If5548c828aabab83a2b147dffa7e937bd98916c6
2019-04-09ssl: Fix ssl:getstat/2Péter Dimitrov
Change-Id: I03d8bb7b45fc48b3d5b0232c4c3a286fb36aad5c
2019-04-09ssl: Implement {active,N} for DTLSPéter Dimitrov
Change-Id: I559624bedf3b9b9ed0316af5262f59bcad8de926
2019-04-09ssl: Fix function merge_fragments/2Péter Dimitrov
Change-Id: Icc99d5f3b8c667107926603e9d546d7198bd098d
2019-04-09ssl: Remove excessive calls to next_record/1Péter Dimitrov
Change-Id: Ic6606206b9c48489ead46bf2f8a982cf06ccc2e3
2019-04-09Merge branch 'peterdmv/ssl/fix-chacha-ciphers'Péter Dimitrov
* peterdmv/ssl/fix-chacha-ciphers: ssl: Fix Chacha20 IV length and nonce calculation Change-Id: I69b88bcfe0e9a6b9157884e9df049e15f4a35b95
2019-04-02Merge branch 'peterdmv/ssl/fix-key-share-decoding'Péter Dimitrov
* peterdmv/ssl/fix-key-share-decoding: ssl: Fix decoding of the key_share extension Change-Id: I2b772bb1e50b841f9154206b1170330d51c7ba94
2019-04-02Merge branch 'peterdmv/ssl/update-chacha-ciphers'Péter Dimitrov
* peterdmv/ssl/update-chacha-ciphers: ssl: Update Chacha20-Poly1305 cipher suite codes Change-Id: I0a3c48d7eb30d7c8fae2afdc4eaa68e909a474ea
2019-04-02ssl: Fix Chacha20 IV length and nonce calculationPéter Dimitrov
This commit fixes the IV length (12 bytes) and the calculation of the nonce for the Chacha20-Poly1305 ciphers. Change-Id: I4c9efc0bf012bc287c84c7b62c252ecf49ffe32f
2019-04-01ssl: Fix decoding of the key_share extensionPéter Dimitrov
Change-Id: I4764b5f2172f000d13c267e9002789fa6e09c58c
2019-04-01ssl: Update Chacha20-Poly1305 cipher suite codesPéter Dimitrov
Update the cipher suite codes of the Chacha20-Poly1305 ciphers to align them with RFC7905. Change-Id: I85aa8dfd8a3782d61304b7f74b48f7a09f15a033
2019-04-01Merge branch 'peterdmv/ssl/dtls-fix'Péter Dimitrov
* peterdmv/ssl/dtls-fix: ssl: Fix dtls queue handling ssl: Fix retransmission timeout Change-Id: Ic3312e46e56dca096318a5a6b2eefa6cc0e34863
2019-04-01Merge branch 'raimo/ssl/tls-dist-fun-day/OTP-14792'Raimo Niskanen
* raimo/ssl/tls-dist-fun-day/OTP-14792: Skip all benchmark groups Benchmark report relative core load Improve printouts Polish sched util benchmark Improve printouts Dist handshake with nodelay Implement inet_crypto_dist benchmark example
2019-04-01Merge branch 'ingela/ssl/AES-CCM/OTP-15626'Ingela Anderton Andin
* ingela/ssl/AES-CCM/OTP-15626: ssl: Adapt DTLS code to optimizations ssl: Add support AES_CCM cipher suites form RFC 6655
2019-03-29ssl: Fix dtls queue handlingPéter Dimitrov
Change-Id: I6956eb9c7036cfe72bb1b8cb3e02e22bd71c4c36
2019-03-29ssl: Fix retransmission timeoutPéter Dimitrov
Set the upper limit of the retransmission timeout to 60 seconds instead of 60 milliseconds. Change-Id: I17168a015f352d2526935ea77a8aea686944ebcd
2019-03-29 ssl: Add missing tuple in shutdown reasonIngela Anderton Andin
2019-03-29ssl: Adapt DTLS code to optimizationsIngela Anderton Andin
2019-03-29ssl: Add support AES_CCM cipher suites form RFC 6655Ingela Anderton Andin
2019-03-28Dist handshake with nodelayRaimo Niskanen
2019-03-22Merge branch 'ingela/ssl/default-supported-versions/OTP-14865'Ingela Anderton Andin
* ingela/ssl/default-supported-versions/OTP-14865: ssl: Remove default support for legacy versions
2019-03-21Merge branch 'peterdmv/ssl/tls13-conn-info'Péter Dimitrov
* peterdmv/ssl/tls13-conn-info: ssl: Fix ssl:connection_information/1 in TLS 1.3 Change-Id: I492b0973bb4ee44354edf22ed3bc2a6e5c7b90c5
2019-03-21Revert "ssl: Correct handling of crypto exception handling."Ingela Anderton Andin
This reverts commit 884503bc69157d2a3c6bd72389b4e2a800f97fb6.
2019-03-21ssl: Remove default support for legacy versionsIngela Anderton Andin
TLS-1.0, TLS-1.1 and DTLS-1.0 are now considered legacy
2019-03-20ssl: Correct handling of crypto exception handling.Ingela Anderton Andin
Documentation was incorrect, and new specs provided dialyzer errors.
2019-03-19Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/src/ssl.erl lib/ssl/src/tls_connection.erl
2019-03-19Merge branch 'ingela/ssl/transport-transparance/ERL-861/OTP-15679' into maintIngela Anderton Andin
* ingela/ssl/transport-transparance/ERL-861/OTP-15679: ssl: Fix transport transparancy
2019-03-18Merge branch 'ingela/ssl/recv-timeout-bug/ERL-884/ERL-883/OTP-14701' into ↵Erlang/OTP
maint-21 * ingela/ssl/recv-timeout-bug/ERL-884/ERL-883/OTP-14701: ssl: Cancel recv timer in all places
2019-03-18Merge branch 'ingela/ssl/transport-transparance/ERL-861/OTP-15679' into maint-21Erlang/OTP
* ingela/ssl/transport-transparance/ERL-861/OTP-15679: ssl: Fix transport transparancy
2019-03-18ssl: Fix ssl:connection_information/1 in TLS 1.3Péter Dimitrov
Store cipher suite information in session record. Test ssl:connection_information/1 in a TLS 1.3 connection. Change-Id: I7193e6dd2544540e446b5777b5768806cecf2bd3
2019-03-18Merge branch 'peterdmv/ssl/client-auth/OTP-15591'Péter Dimitrov
* peterdmv/ssl/client-auth/OTP-15591: ssl: Improve ssl logging ssl: Test handling of signature algorithms ssl: Handle unencrypted Alert (Illegal Parameter) ssl: Improve verification of received Certificate ssl: Fix Alert logging ssl: Fix get_handshake_context/2 ssl: Test HelloRetryRequest with client auth ssl: Verify signature algorithm in CV ssl: Verify CertificateVerify ssl: Test client authentication with certificate ssl: Validate client certificates (TLS 1.3) ssl: Test client authentication (empty cert) ssl: Implement state 'wait_cert' ssl: Add ssl logger support for CertificateRequest ssl: Fix ssl alerts Change-Id: Id4ba14d373f116038a7cb3ff9fc33faed23031c8
2019-03-16ssl: Cancel recv timer in all placesIngela Anderton Andin
Would cause connection to crash although all data was delivered to ssl:recv
2019-03-14ssl: Improve ssl loggingPéter Dimitrov
Remove function ssl:set_log_level/1. Its functionality is already implemented by logger:set_application_level/2. Set log level for ssl modules to debug at application start. Former implementation required an extra call to logger:set_application_level/2 (beside setting ssl option {log_level, debug}) to enable debug logging. Change-Id: Id21be7fd58915e11124cc136bb92d8a7526b8a74
2019-03-14ssl: Handle unencrypted Alert (Illegal Parameter)Péter Dimitrov
Handle unencrypted 'Illegal Parameter' Alerts from openssl s_client when the server's connection states are already stepped into traffic encryption. Change-Id: I10951a9061e6f4b13d8ddb8ab99f8a812a483113
2019-03-14ssl: Improve verification of received CertificatePéter Dimitrov
Validate peer certificate against supported signature algorithms. Send 'Hanshake Failure' Alert if signature algorithm is not supported by the server. Change-Id: Iad428aad337f0f9764d23404c203f966664c4555
2019-03-14ssl: Fix Alert loggingPéter Dimitrov
Report the role of the peer when logging incoming Alerts. Change-Id: I7eec46bc36f9080f5087b6a38e7f14ac628fe286
2019-03-11ssl: Fix transport transparancyIngela Anderton Andin
2019-03-08Merge branch 'maint'Ingela Anderton Andin
2019-03-08ssl: Correct active once emulationIngela Anderton Andin
Conflicts: lib/ftp/test/ftp_SUITE.erl
2019-03-07ssl: Fix get_handshake_context/2Péter Dimitrov
Split get_handshake_context/2 into two functions. The new get_handshake_context_cv/2 returns the context for the verification of CertificateVerify. Change-Id: I461eb67bda1d9c1673e463d417c3e838fca6b40c
2019-03-07ssl: Verify signature algorithm in CVPéter Dimitrov
Verify if the signature algorithm used in the signature of CertificateVerify is one of those present in the supported_signature_algorithms field of the "signature_algorithms" extension in the CertificateRequest message. Change-Id: I7d3b5f10e3205447fb9a9a7e59b93568d1696432
2019-03-06ssl: Verify CertificateVerifyPéter Dimitrov
Verify CertificateVerify message against the handshake context and the public key provided by the Certificate message. Remove 'Context' argument from state handler functions and store data in the state variable. Refactor get_handshake_context/1 to cover all implemented cases. Change-Id: If803e05009331d1ec7e0ba2ea2b81d917a0add6d
2019-03-04ssl: Validate client certificates (TLS 1.3)Péter Dimitrov
Implement validation of client certificates in state 'wait_cert'. Implement state 'wait_cv'. Clean up handler functions. Change-Id: I5c410bf7afe34632f27fabcd61670764fedb105d
2019-03-04ssl: Implement state 'wait_cert'Péter Dimitrov
Implement state 'wait_cert' with its handler function do_wait_cert/2. Send CertificateRequest if peer verification is enabled. Send Alert 'certificate required' if client answers with empty Certificate and option 'fail_if_no_peer_cert' is set to true. Change-Id: I72c73bcb6bc68ea60e6fe41cdd29ccfe40d18322
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-08 14:45:57 +0000