aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
AgeCommit message (Collapse)Author
2019-02-18Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/src/dtls_connection.erl lib/ssl/src/ssl_connection.erl lib/ssl/src/ssl_connection.hrl lib/ssl/src/tls_connection.erl
2019-02-18Merge branch 'ingela/ssl/shrink-state' into maintIngela Anderton Andin
* ingela/ssl/shrink-state: ssl: Remove duplicate record_cb handling ssl: Add test case for continued handshake with a timeout ssl: Use gen_statem named timers to handle connection and recv timeouts ssl: Move and rename diffie_hellman_keys and srp_keys to kex_keys ssl: Move key_algorithm to handshake_env ssl: srp ssl: Rename ssl: Move diffie_hellman_params to handshake_env ssl: Move and rename psk_identity state record field ssl: Move premaster_secret to handshake_env ssl: Make flight_state DTLS specific ssl: Add private_key to connection_env ssl: Remove unused record field ssl: Add erl_dist_handle to connection_env ssl: Add negotiated_version to connection_env ssl: Add key exchange items to handshake_env ssl: Add hashsign_algorithm and cert_hashsign_algorithm to handshake_env ssl: Add downgrade handling to connection_env ssl: Create connection_env ssl: Handle renegotiation and extensions in handshake_env
2019-02-14Merge branch 'peterdmv/ssl/server-process-client-finished'Péter Dimitrov
* peterdmv/ssl/server-process-client-finished: ssl: Test TLS 1.3 connectivity ssl: Fix crash when sending Alerts ssl: Fix dialyzer warning ssl: Improve TLS 1.3 statem Change-Id: I258e0309ba3a132d5ab2056151935a3df8646344
2019-02-14ssl: Remove duplicate record_cb handlingIngela Anderton Andin
2019-02-14ssl: Add test case for continued handshake with a timeoutdimadio
2019-02-14Merge branch 'maint'Péter Dimitrov
* maint: ssl: Fix renegotiation testcases ssl: Fix failing rizzo testcases ssl: Use IPv4 addresses with openssl s_client ssl: Use sha256 in test certificates if supported Change-Id: I8a604d607333d029b170e3d3ad31ea01890202ea
2019-02-14Merge branch 'peterdmv/ssl/fix-failing-testcases' into maintPéter Dimitrov
* peterdmv/ssl/fix-failing-testcases: ssl: Fix renegotiation testcases ssl: Fix failing rizzo testcases ssl: Use IPv4 addresses with openssl s_client ssl: Use sha256 in test certificates if supported Change-Id: I11a326be027545e20fbef6f90996b0c8be8c3e50
2019-02-13ssl: Fix renegotiation testcasesPéter Dimitrov
Fix failing renegotiation testcases with openssl-1.1.1a. openssl s_client sends the renegotiation "R\n" connected command to the server side causing testcase failure. This commit updates ssl_to_openssl_SUITE:erlang_ssl_receive to swallow the unexpected packet. Change-Id: I1f5d040ac65c25652f7101ddf109fc84acc4c915
2019-02-13ssl: Use gen_statem named timers to handle connection and recv timeoutsIngela Anderton Andin
2019-02-13ssl: Fix failing rizzo testcasesPéter Dimitrov
Filter out the cipher 'chacha20_poly1305' when running the testcase 'rizzo_one_n_minus_one'. Change-Id: If3a18b0782b747b91155553e0659faebd7c5dd05
2019-02-13ssl: Use IPv4 addresses with openssl s_clientPéter Dimitrov
This commit fixes failing testcases on OpenBSD 12.0 systems. It forces openssl s_client to use an IPv4 address if openssl supports IPv6. When s_client is called with the argument "localhost" it binds to the first address returned by getaddrinfo. As the first address is an IPv6 address on OpenBSD 12.0, the client fails to send UDP packets to the ssl server that is listening on an IPv4 address. Change-Id: Ie662d10f4f0d9c803f7a341c9ea7dbe2ac80b556
2019-02-11ssl: Use sha256 in test certificates if supportedPéter Dimitrov
This commit fixes ssl_test_lib:appropriate_sha/1 that returns sha256 if it is supported by crypto. It returns sha1 otherwise. Change-Id: I0bfa4d50bbe3c788551a81d418db2cabc36a4344
2019-02-11ssl: Test TLS 1.3 connectivityPéter Dimitrov
Test TLS 1.3 connectivity between ssl server and openssl s_client. Change-Id: I926229d6bc9e6670ebe0190b491257876845b570
2019-02-08ssl: Move and rename diffie_hellman_keys and srp_keys to kex_keysIngela Anderton Andin
2019-02-08ssl: Move key_algorithm to handshake_envIngela Anderton Andin
2019-02-08ssl: srpIngela Anderton Andin
2019-02-08ssl: RenameIngela Anderton Andin
2019-02-08ssl: Fix crash when sending AlertsPéter Dimitrov
Change-Id: Ia84c71214b5379baec3455f0e416a9ea73584750
2019-02-08ssl: Fix dialyzer warningPéter Dimitrov
Change-Id: I87f2111cd557a0000cfd8ab4d50f4e58787bf104
2019-02-08ssl: Improve TLS 1.3 statemPéter Dimitrov
- Store FinishedKey in cipher_state. - Implement state 'wait_finished'. - Calculate traffic secrets in 'wait_finished' after Finished received from client and go to state 'Connection'. - Drop 'change_cipher_spec' messages (middlebox compatibility mode). - Extend tests of 1-RTT. Change-Id: Id69619ec5da053ffaaef75378678a27afeef6916
2019-02-08ssl: Move diffie_hellman_params to handshake_envIngela Anderton Andin
2019-02-08ssl: Move and rename psk_identity state record fieldIngela Anderton Andin
2019-02-08ssl: Move premaster_secret to handshake_envIngela Anderton Andin
2019-02-08ssl: Make flight_state DTLS specificIngela Anderton Andin
flight_state is used to handle retransmission timers for DTLS over udp
2019-02-08ssl: Add private_key to connection_envIngela Anderton Andin
2019-02-08ssl: Remove unused record fieldIngela Anderton Andin
2019-02-08ssl: Add erl_dist_handle to connection_envIngela Anderton Andin
2019-02-08ssl: Add negotiated_version to connection_envIngela Anderton Andin
2019-02-08ssl: Add key exchange items to handshake_envIngela Anderton Andin
2019-02-08ssl: Add hashsign_algorithm and cert_hashsign_algorithm to handshake_envIngela Anderton Andin
2019-02-08ssl: Add downgrade handling to connection_envIngela Anderton Andin
Remove duplicate handsake history handling form ssl_config function. Later we might refactor to avoid duplication in TLS and DTLS code, but handshake history does not belong in ssl_config function.
2019-02-08ssl: Create connection_envIngela Anderton Andin
2019-02-08ssl: Handle renegotiation and extensions in handshake_envIngela Anderton Andin
2019-02-05Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/doc/src/ssl.xml lib/ssl/src/ssl.erl lib/ssl/src/ssl_cipher_format.erl lib/ssl/src/tls_handshake.erl
2019-02-05Merge branch 'ingela/ssl/alert-return/OTP-15423' into maintIngela Anderton Andin
* ingela/ssl/alert-return/OTP-15423: ssl: Use specs to generate type documentation ssl: Enhance error handling
2019-02-05Merge branch 'maint'Ingela Anderton Andin
2019-02-05ssl: Use specs to generate type documentationIngela Anderton Andin
2019-02-04ssl: Enhance error handlingIngela Anderton Andin
2019-02-01ssl: Remove unintended matchIngela Anderton Andin
2019-01-30Merge branch 'peterdmv/ssl/improve-logging'Péter Dimitrov
* peterdmv/ssl/improve-logging: ssl: Improve ssl_logger Change-Id: I3b181ed527ce210af6c4a7576576fa522fb20767
2019-01-30Merge branch 'peterdmv/ssl/server-send-finished'Péter Dimitrov
* peterdmv/ssl/server-send-finished: ssl: Fix dialyzer warnings ssl: Add 'Finished' ssl: Use HKDF hash function in Transcript-Hash ssl: Improve test of 1-RTT handshake ssl: Update certificate_verify ssl: Update function build_content ssl: Fix encoding of the Certificate message ssl: Add EncryptedExtensions ssl: Fix encoding of empty extensions ssl: Fix key schedule and traffic keys ssl: Encode/decode CertificateVerify Change-Id: Ie525de276ca4ebd9f9fb0fbdc9dc3822f91834e0
2019-01-30Merge branch 'maint'Ingela Anderton Andin
2019-01-30Merge pull request #2109 from IngelaAndin/ingela/ssl/active-checkIngela Andin
ssl: Correct check for delayed close due to undliverd data
2019-01-30Merge branch 'maint'Péter Dimitrov
* maint: ssl: Improve openssl interop tests Change-Id: I5eec73687e9693ab5b08953c5e3db0d09cfd1690
2019-01-30Merge branch 'peterdmv/ssl/improve_openssl_interop_tests' into maintPéter Dimitrov
* peterdmv/ssl/improve_openssl_interop_tests: ssl: Improve openssl interop tests Change-Id: I65b63ddb8c8948d246e341f8c821b3b499507cb6
2019-01-29ssl: Improve ssl_loggerPéter Dimitrov
Improve API and delay creation of map arguments for ?LOG_DEBUG macro. Change-Id: I6956112fe64e599d33d83dfdd710cad53b8449e1
2019-01-29ssl: Improve openssl interop testsPéter Dimitrov
openssl 1.1.x changed the default ECC curves that made testcases fail in the ECC suite. openssl s_server and s_client sent 'Illegal Parameter' alert when the CertificateVerify (client) or ServerKeyExchange (server) message was signed with a curve that was not present in openssl's default ECC curve list (x25519, secp256r1, secp521r1, secp384r1, brainpoolP256r1, brainpoolP384r1, brainpool512r1). This commit changes the default curve of make_ec_cert_chains to 'secp256r1' and explicitly configures the default curve in those testcases where the default curve of the ssl application is expected. Change-Id: I81ebe1a30b8f863b0e2836b1dad3d8bc767cc47e
2019-01-28ssl: Fix dialyzer warningsPéter Dimitrov
Change-Id: Icc6c1433dba8d35f81162ef8100292bf2ba53c71
2019-01-28ssl: Add 'Finished'Péter Dimitrov
Implement Finished message on the server side. Change-Id: Ie0d054ac80f7eb47797273e1878990335112e923
2019-01-28ssl: Use HKDF hash function in Transcript-HashPéter Dimitrov
Two hash functions needed to create the CertificateVerify message. One for creating the Transcript-Hash and another for the digital signature. Transcript-Hash uses the HKDF hash of the selected cipher suite, the digital signature uses the hash defined by the selected signature scheme. Change-Id: Ife68ec123682d9aaf42c6b46cc2608e1df8be8d6