aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
AgeCommit message (Collapse)Author
2019-02-14Merge branch 'peterdmv/ssl/server-process-client-finished'Péter Dimitrov
* peterdmv/ssl/server-process-client-finished: ssl: Test TLS 1.3 connectivity ssl: Fix crash when sending Alerts ssl: Fix dialyzer warning ssl: Improve TLS 1.3 statem Change-Id: I258e0309ba3a132d5ab2056151935a3df8646344
2019-02-14Merge branch 'maint'Péter Dimitrov
* maint: ssl: Fix renegotiation testcases ssl: Fix failing rizzo testcases ssl: Use IPv4 addresses with openssl s_client ssl: Use sha256 in test certificates if supported Change-Id: I8a604d607333d029b170e3d3ad31ea01890202ea
2019-02-14Merge branch 'peterdmv/ssl/fix-failing-testcases' into maintPéter Dimitrov
* peterdmv/ssl/fix-failing-testcases: ssl: Fix renegotiation testcases ssl: Fix failing rizzo testcases ssl: Use IPv4 addresses with openssl s_client ssl: Use sha256 in test certificates if supported Change-Id: I11a326be027545e20fbef6f90996b0c8be8c3e50
2019-02-13ssl: Fix renegotiation testcasesPéter Dimitrov
Fix failing renegotiation testcases with openssl-1.1.1a. openssl s_client sends the renegotiation "R\n" connected command to the server side causing testcase failure. This commit updates ssl_to_openssl_SUITE:erlang_ssl_receive to swallow the unexpected packet. Change-Id: I1f5d040ac65c25652f7101ddf109fc84acc4c915
2019-02-13ssl: Fix failing rizzo testcasesPéter Dimitrov
Filter out the cipher 'chacha20_poly1305' when running the testcase 'rizzo_one_n_minus_one'. Change-Id: If3a18b0782b747b91155553e0659faebd7c5dd05
2019-02-13ssl: Use IPv4 addresses with openssl s_clientPéter Dimitrov
This commit fixes failing testcases on OpenBSD 12.0 systems. It forces openssl s_client to use an IPv4 address if openssl supports IPv6. When s_client is called with the argument "localhost" it binds to the first address returned by getaddrinfo. As the first address is an IPv6 address on OpenBSD 12.0, the client fails to send UDP packets to the ssl server that is listening on an IPv4 address. Change-Id: Ie662d10f4f0d9c803f7a341c9ea7dbe2ac80b556
2019-02-11ssl: Use sha256 in test certificates if supportedPéter Dimitrov
This commit fixes ssl_test_lib:appropriate_sha/1 that returns sha256 if it is supported by crypto. It returns sha1 otherwise. Change-Id: I0bfa4d50bbe3c788551a81d418db2cabc36a4344
2019-02-11ssl: Test TLS 1.3 connectivityPéter Dimitrov
Test TLS 1.3 connectivity between ssl server and openssl s_client. Change-Id: I926229d6bc9e6670ebe0190b491257876845b570
2019-02-08ssl: Fix crash when sending AlertsPéter Dimitrov
Change-Id: Ia84c71214b5379baec3455f0e416a9ea73584750
2019-02-08ssl: Fix dialyzer warningPéter Dimitrov
Change-Id: I87f2111cd557a0000cfd8ab4d50f4e58787bf104
2019-02-08ssl: Improve TLS 1.3 statemPéter Dimitrov
- Store FinishedKey in cipher_state. - Implement state 'wait_finished'. - Calculate traffic secrets in 'wait_finished' after Finished received from client and go to state 'Connection'. - Drop 'change_cipher_spec' messages (middlebox compatibility mode). - Extend tests of 1-RTT. Change-Id: Id69619ec5da053ffaaef75378678a27afeef6916
2019-02-05Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/doc/src/ssl.xml lib/ssl/src/ssl.erl lib/ssl/src/ssl_cipher_format.erl lib/ssl/src/tls_handshake.erl
2019-02-05Merge branch 'ingela/ssl/alert-return/OTP-15423' into maintIngela Anderton Andin
* ingela/ssl/alert-return/OTP-15423: ssl: Use specs to generate type documentation ssl: Enhance error handling
2019-02-05Merge branch 'maint'Ingela Anderton Andin
2019-02-05ssl: Use specs to generate type documentationIngela Anderton Andin
2019-02-04ssl: Enhance error handlingIngela Anderton Andin
2019-02-01ssl: Remove unintended matchIngela Anderton Andin
2019-01-30Merge branch 'peterdmv/ssl/improve-logging'Péter Dimitrov
* peterdmv/ssl/improve-logging: ssl: Improve ssl_logger Change-Id: I3b181ed527ce210af6c4a7576576fa522fb20767
2019-01-30Merge branch 'peterdmv/ssl/server-send-finished'Péter Dimitrov
* peterdmv/ssl/server-send-finished: ssl: Fix dialyzer warnings ssl: Add 'Finished' ssl: Use HKDF hash function in Transcript-Hash ssl: Improve test of 1-RTT handshake ssl: Update certificate_verify ssl: Update function build_content ssl: Fix encoding of the Certificate message ssl: Add EncryptedExtensions ssl: Fix encoding of empty extensions ssl: Fix key schedule and traffic keys ssl: Encode/decode CertificateVerify Change-Id: Ie525de276ca4ebd9f9fb0fbdc9dc3822f91834e0
2019-01-30Merge branch 'maint'Ingela Anderton Andin
2019-01-30Merge pull request #2109 from IngelaAndin/ingela/ssl/active-checkIngela Andin
ssl: Correct check for delayed close due to undliverd data
2019-01-30Merge branch 'maint'Péter Dimitrov
* maint: ssl: Improve openssl interop tests Change-Id: I5eec73687e9693ab5b08953c5e3db0d09cfd1690
2019-01-30Merge branch 'peterdmv/ssl/improve_openssl_interop_tests' into maintPéter Dimitrov
* peterdmv/ssl/improve_openssl_interop_tests: ssl: Improve openssl interop tests Change-Id: I65b63ddb8c8948d246e341f8c821b3b499507cb6
2019-01-29ssl: Improve ssl_loggerPéter Dimitrov
Improve API and delay creation of map arguments for ?LOG_DEBUG macro. Change-Id: I6956112fe64e599d33d83dfdd710cad53b8449e1
2019-01-29ssl: Improve openssl interop testsPéter Dimitrov
openssl 1.1.x changed the default ECC curves that made testcases fail in the ECC suite. openssl s_server and s_client sent 'Illegal Parameter' alert when the CertificateVerify (client) or ServerKeyExchange (server) message was signed with a curve that was not present in openssl's default ECC curve list (x25519, secp256r1, secp521r1, secp384r1, brainpoolP256r1, brainpoolP384r1, brainpool512r1). This commit changes the default curve of make_ec_cert_chains to 'secp256r1' and explicitly configures the default curve in those testcases where the default curve of the ssl application is expected. Change-Id: I81ebe1a30b8f863b0e2836b1dad3d8bc767cc47e
2019-01-28ssl: Fix dialyzer warningsPéter Dimitrov
Change-Id: Icc6c1433dba8d35f81162ef8100292bf2ba53c71
2019-01-28ssl: Add 'Finished'Péter Dimitrov
Implement Finished message on the server side. Change-Id: Ie0d054ac80f7eb47797273e1878990335112e923
2019-01-28ssl: Use HKDF hash function in Transcript-HashPéter Dimitrov
Two hash functions needed to create the CertificateVerify message. One for creating the Transcript-Hash and another for the digital signature. Transcript-Hash uses the HKDF hash of the selected cipher suite, the digital signature uses the hash defined by the selected signature scheme. Change-Id: Ife68ec123682d9aaf42c6b46cc2608e1df8be8d6
2019-01-28ssl: Improve test of 1-RTT handshakePéter Dimitrov
Change-Id: Iaffe5d6e402448f1da5e37b0e55829fa72af310d
2019-01-28ssl: Update certificate_verifyPéter Dimitrov
Change-Id: I6adacc846f938d1ca1eb1a798780cc804b501a71
2019-01-28ssl: Update function build_contentPéter Dimitrov
Change-Id: I91c5866f1400c3ad9c7eab1292c3ceb32a482c70
2019-01-28ssl: Fix encoding of the Certificate messagePéter Dimitrov
Fix encoding of extensions in CertificateEntries. Change-Id: I776a2210d2aa51cde3be5e0bc87d9beb8d63825c
2019-01-28ssl: Add EncryptedExtensionsPéter Dimitrov
Send empty EncryptedExtensions after ServerHello. Update ssl logger. Change-Id: Id57fdb52c360a1125ac1a735ee37c433bfb69a0a
2019-01-28ssl: Fix encoding of empty extensionsPéter Dimitrov
Change-Id: Ia18cda4e2b43dc863a24ac4838718adc788b08b1
2019-01-28ssl: Fix key schedule and traffic keysPéter Dimitrov
Fix key schedule and traffic key calculation. Add test for the server side calculation of shared secrets and traffic keys. Change-Id: Ia955e5e8787f3851bdb3170723e6586bdf4548ca
2019-01-28ssl: Encode/decode CertificateVerifyPéter Dimitrov
Implement encoding/decoding of CertificateVerify. Update property tests with CertificateVerify. Refactor state handling function: 'do_negotiated'. Change-Id: Ifa066076960120717ddb472dc45fcc7a16a517d0
2019-01-24ssl: Correct check for delayed close due to undliverd dataIngela Anderton Andin
Could cause connection processes not terminate when they should
2019-01-23Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/src/tls_connection.erl
2019-01-23Merge branch 'ingela/ssl/continue-optimize/OTP-15445' into maintIngela Anderton Andin
* ingela/ssl/continue-optimize/OTP-15445: ssl: If possible assemble several received application data records
2019-01-22ssl: If possible assemble several received application data recordsIngela Anderton Andin
2019-01-22Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/src/ssl_connection.erl lib/ssl/src/ssl_connection.hrl lib/ssl/src/tls_connection.erl
2019-01-22ssl: Create hs_envIngela Anderton Andin
We want to decrease the size of the outer state tuple, and gain ease of understanding by better grouping. This is the first step of creating a hs_env (handshake environment) part of the state. This change will be performed gradually to reduce merge conflicts complexity and risk of introducing errors.
2019-01-22ssl: Remove unnecessary iolist_to_binaryIngela Anderton Andin
2019-01-22Merge branch 'maint'Ingela Anderton Andin
2019-01-22Merge branch 'ingela/ssl/test-cuddle' into maintIngela Anderton Andin
* ingela/ssl/test-cuddle: ssl: Correct test input
2019-01-21ssl: Correct test inputIngela Anderton Andin
2019-01-21Merge branch 'maint'Ingela Anderton Andin
2019-01-21Merge branch 'ingela/ssl/DES-EDE/OTP-15539' into maintIngela Anderton Andin
* ingela/ssl/DES-EDE/OTP-15539: ssl: Correct 3des_ede_cbc check
2019-01-17ssl: Correct 3des_ede_cbc checkIngela Anderton Andin
Could cause ssl to claim to support 3des_ede_cbc when cryptolib does not
2019-01-16Merge branch 'maint'Rickard Green
* maint: Updated OTP version Prepare release
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-18 21:26:30 +0000