aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
AgeCommit message (Collapse)Author
2019-02-22Fix dialyzer error and wrong StateName match bugRaimo Niskanen
2019-02-22Merge branch 'peterdmv/ssl/validate_client_finished'Péter Dimitrov
* peterdmv/ssl/validate_client_finished: ssl: Validate Client Finished Change-Id: I495c0d998423dc5a760d1ca0109c4107c5919f54
2019-02-21Merge branch 'maint'Raimo Niskanen
* maint: Inline local function Optimize binary matching Clean up module boundaries Remove redundant return of CipherState Use iovec() internally in send path Small binary handling optimizations Optimize read_application_data with Okasaki queue Try to optimize decode_cipher_text/3 Optimize application data aggregation Optimize TLS record parsing with Okasaki queue Cache strong_random_bytes for IV Optimize padding Produce less garbage in encrypt loop Reorganize #data{} Tidy up state machine Add server GC info to bench results Conflicts: lib/ssl/src/ssl_cipher.erl lib/ssl/src/ssl_connection.erl lib/ssl/src/ssl_connection.hrl lib/ssl/src/ssl_logger.erl lib/ssl/src/ssl_record.erl lib/ssl/src/ssl_record.hrl lib/ssl/src/tls_connection.erl lib/ssl/src/tls_record.erl lib/ssl/src/tls_sender.erl
2019-02-21Merge branch 'raimo/ssl/tls-optimization/OTP-15529' into maintRaimo Niskanen
* raimo/ssl/tls-optimization/OTP-15529: Inline local function Optimize binary matching Clean up module boundaries Remove redundant return of CipherState Use iovec() internally in send path Small binary handling optimizations Optimize read_application_data with Okasaki queue Try to optimize decode_cipher_text/3 Optimize application data aggregation Optimize TLS record parsing with Okasaki queue Cache strong_random_bytes for IV Optimize padding Produce less garbage in encrypt loop Reorganize #data{} Tidy up state machine Add server GC info to bench results
2019-02-21Merge branch 'ingela/ssl/bench'Ingela Anderton Andin
* ingela/ssl/bench: ssl: Improve bench SUITE
2019-02-21ssl: Improve bench SUITEIngela Anderton Andin
Add shorter time trap, modernize code and make sure help process terminates.
2019-02-21Merge branch 'ingela/ssl/fix-master-doc'Ingela Anderton Andin
2019-02-20ssl: Reintroduce documentation of signature_algs_cert and log_level optionIngela Anderton Andin
When changing the ssl application to use type specs in documentation master additions where lost in the merge as we did not want to rewrite the new documentation in a merge commit.
2019-02-20Revert "ssl: Workaround for compiler errors, to be reverted later"Ingela Anderton Andin
This reverts commit 028df3a72f7b813ef9851799a07ded30b7d3ad55.
2019-02-19ssl: Validate Client FinishedPéter Dimitrov
Validate Client Finished message. If validation fails, send decrypt_error alert. Change-Id: I1da7be3505ca6df2b3d50282f0500b988ef8b488
2019-02-18ssl: Correct merge commit thanks to dialyzerIngela Anderton Andin
Also make a weaker spec in ssl_internal.hrl for now as it creates a conflict between error handling and dialyzer warnings.
2019-02-18Inline local functionRaimo Niskanen
2019-02-18Optimize binary matchingRaimo Niskanen
2019-02-18Merge branch 'ingela/ssl/shrink-state' into maintIngela Anderton Andin
* ingela/ssl/shrink-state: ssl: Remove duplicate record_cb handling ssl: Add test case for continued handshake with a timeout ssl: Use gen_statem named timers to handle connection and recv timeouts ssl: Move and rename diffie_hellman_keys and srp_keys to kex_keys ssl: Move key_algorithm to handshake_env ssl: srp ssl: Rename ssl: Move diffie_hellman_params to handshake_env ssl: Move and rename psk_identity state record field ssl: Move premaster_secret to handshake_env ssl: Make flight_state DTLS specific ssl: Add private_key to connection_env ssl: Remove unused record field ssl: Add erl_dist_handle to connection_env ssl: Add negotiated_version to connection_env ssl: Add key exchange items to handshake_env ssl: Add hashsign_algorithm and cert_hashsign_algorithm to handshake_env ssl: Add downgrade handling to connection_env ssl: Create connection_env ssl: Handle renegotiation and extensions in handshake_env
2019-02-18ssl: Workaround for compiler errors, to be reverted laterIngela Anderton Andin
2019-02-18Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/src/dtls_connection.erl lib/ssl/src/ssl_connection.erl lib/ssl/src/ssl_connection.hrl lib/ssl/src/tls_connection.erl
2019-02-18Merge branch 'ingela/ssl/shrink-state' into maintIngela Anderton Andin
* ingela/ssl/shrink-state: ssl: Remove duplicate record_cb handling ssl: Add test case for continued handshake with a timeout ssl: Use gen_statem named timers to handle connection and recv timeouts ssl: Move and rename diffie_hellman_keys and srp_keys to kex_keys ssl: Move key_algorithm to handshake_env ssl: srp ssl: Rename ssl: Move diffie_hellman_params to handshake_env ssl: Move and rename psk_identity state record field ssl: Move premaster_secret to handshake_env ssl: Make flight_state DTLS specific ssl: Add private_key to connection_env ssl: Remove unused record field ssl: Add erl_dist_handle to connection_env ssl: Add negotiated_version to connection_env ssl: Add key exchange items to handshake_env ssl: Add hashsign_algorithm and cert_hashsign_algorithm to handshake_env ssl: Add downgrade handling to connection_env ssl: Create connection_env ssl: Handle renegotiation and extensions in handshake_env
2019-02-14Clean up module boundariesRaimo Niskanen
Improve the abstraction between the ssl_connection module and dtls_connection, tls_connection and tls_sender, as well as towards the lower level tls_record and ssl_record modules. Remove some dead code.
2019-02-14Merge branch 'peterdmv/ssl/server-process-client-finished'Péter Dimitrov
* peterdmv/ssl/server-process-client-finished: ssl: Test TLS 1.3 connectivity ssl: Fix crash when sending Alerts ssl: Fix dialyzer warning ssl: Improve TLS 1.3 statem Change-Id: I258e0309ba3a132d5ab2056151935a3df8646344
2019-02-14ssl: Remove duplicate record_cb handlingIngela Anderton Andin
2019-02-14ssl: Add test case for continued handshake with a timeoutdimadio
2019-02-14Merge branch 'maint'Péter Dimitrov
* maint: ssl: Fix renegotiation testcases ssl: Fix failing rizzo testcases ssl: Use IPv4 addresses with openssl s_client ssl: Use sha256 in test certificates if supported Change-Id: I8a604d607333d029b170e3d3ad31ea01890202ea
2019-02-14Merge branch 'peterdmv/ssl/fix-failing-testcases' into maintPéter Dimitrov
* peterdmv/ssl/fix-failing-testcases: ssl: Fix renegotiation testcases ssl: Fix failing rizzo testcases ssl: Use IPv4 addresses with openssl s_client ssl: Use sha256 in test certificates if supported Change-Id: I11a326be027545e20fbef6f90996b0c8be8c3e50
2019-02-13Remove redundant return of CipherStateRaimo Niskanen
2019-02-13ssl: Fix renegotiation testcasesPéter Dimitrov
Fix failing renegotiation testcases with openssl-1.1.1a. openssl s_client sends the renegotiation "R\n" connected command to the server side causing testcase failure. This commit updates ssl_to_openssl_SUITE:erlang_ssl_receive to swallow the unexpected packet. Change-Id: I1f5d040ac65c25652f7101ddf109fc84acc4c915
2019-02-13Use iovec() internally in send pathRaimo Niskanen
2019-02-13Small binary handling optimizationsRaimo Niskanen
2019-02-13Optimize read_application_data with Okasaki queueRaimo Niskanen
To avoid degenerate case with quadratic complexity that shows up when sending large messages since the the fragment concatenation was done by binary append. An Okasaki queue is much more efficient.
2019-02-13Try to optimize decode_cipher_text/3Raimo Niskanen
2019-02-13Optimize application data aggregationRaimo Niskanen
2019-02-13Optimize TLS record parsing with Okasaki queueRaimo Niskanen
2019-02-13Cache strong_random_bytes for IVRaimo Niskanen
2019-02-13Optimize paddingRaimo Niskanen
2019-02-13Produce less garbage in encrypt loopRaimo Niskanen
2019-02-13Reorganize #data{}Raimo Niskanen
2019-02-13Tidy up state machineRaimo Niskanen
2019-02-13Add server GC info to bench resultsRaimo Niskanen
2019-02-13ssl: Use gen_statem named timers to handle connection and recv timeoutsIngela Anderton Andin
2019-02-13ssl: Fix failing rizzo testcasesPéter Dimitrov
Filter out the cipher 'chacha20_poly1305' when running the testcase 'rizzo_one_n_minus_one'. Change-Id: If3a18b0782b747b91155553e0659faebd7c5dd05
2019-02-13ssl: Use IPv4 addresses with openssl s_clientPéter Dimitrov
This commit fixes failing testcases on OpenBSD 12.0 systems. It forces openssl s_client to use an IPv4 address if openssl supports IPv6. When s_client is called with the argument "localhost" it binds to the first address returned by getaddrinfo. As the first address is an IPv6 address on OpenBSD 12.0, the client fails to send UDP packets to the ssl server that is listening on an IPv4 address. Change-Id: Ie662d10f4f0d9c803f7a341c9ea7dbe2ac80b556
2019-02-11ssl: Use sha256 in test certificates if supportedPéter Dimitrov
This commit fixes ssl_test_lib:appropriate_sha/1 that returns sha256 if it is supported by crypto. It returns sha1 otherwise. Change-Id: I0bfa4d50bbe3c788551a81d418db2cabc36a4344
2019-02-11ssl: Test TLS 1.3 connectivityPéter Dimitrov
Test TLS 1.3 connectivity between ssl server and openssl s_client. Change-Id: I926229d6bc9e6670ebe0190b491257876845b570
2019-02-08ssl: Move and rename diffie_hellman_keys and srp_keys to kex_keysIngela Anderton Andin
2019-02-08ssl: Move key_algorithm to handshake_envIngela Anderton Andin
2019-02-08ssl: srpIngela Anderton Andin
2019-02-08ssl: RenameIngela Anderton Andin
2019-02-08ssl: Fix crash when sending AlertsPéter Dimitrov
Change-Id: Ia84c71214b5379baec3455f0e416a9ea73584750
2019-02-08ssl: Fix dialyzer warningPéter Dimitrov
Change-Id: I87f2111cd557a0000cfd8ab4d50f4e58787bf104
2019-02-08ssl: Improve TLS 1.3 statemPéter Dimitrov
- Store FinishedKey in cipher_state. - Implement state 'wait_finished'. - Calculate traffic secrets in 'wait_finished' after Finished received from client and go to state 'Connection'. - Drop 'change_cipher_spec' messages (middlebox compatibility mode). - Extend tests of 1-RTT. Change-Id: Id69619ec5da053ffaaef75378678a27afeef6916
2019-02-08ssl: Move diffie_hellman_params to handshake_envIngela Anderton Andin