aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
AgeCommit message (Collapse)Author
2019-01-28ssl: Encode/decode CertificateVerifyPéter Dimitrov
Implement encoding/decoding of CertificateVerify. Update property tests with CertificateVerify. Refactor state handling function: 'do_negotiated'. Change-Id: Ifa066076960120717ddb472dc45fcc7a16a517d0
2019-01-23Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/src/tls_connection.erl
2019-01-23Merge branch 'ingela/ssl/continue-optimize/OTP-15445' into maintIngela Anderton Andin
* ingela/ssl/continue-optimize/OTP-15445: ssl: If possible assemble several received application data records
2019-01-22ssl: If possible assemble several received application data recordsIngela Anderton Andin
2019-01-22Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/src/ssl_connection.erl lib/ssl/src/ssl_connection.hrl lib/ssl/src/tls_connection.erl
2019-01-22ssl: Create hs_envIngela Anderton Andin
We want to decrease the size of the outer state tuple, and gain ease of understanding by better grouping. This is the first step of creating a hs_env (handshake environment) part of the state. This change will be performed gradually to reduce merge conflicts complexity and risk of introducing errors.
2019-01-22ssl: Remove unnecessary iolist_to_binaryIngela Anderton Andin
2019-01-22Merge branch 'maint'Ingela Anderton Andin
2019-01-22Merge branch 'ingela/ssl/test-cuddle' into maintIngela Anderton Andin
* ingela/ssl/test-cuddle: ssl: Correct test input
2019-01-21ssl: Correct test inputIngela Anderton Andin
2019-01-21Merge branch 'maint'Ingela Anderton Andin
2019-01-21Merge branch 'ingela/ssl/DES-EDE/OTP-15539' into maintIngela Anderton Andin
* ingela/ssl/DES-EDE/OTP-15539: ssl: Correct 3des_ede_cbc check
2019-01-17ssl: Correct 3des_ede_cbc checkIngela Anderton Andin
Could cause ssl to claim to support 3des_ede_cbc when cryptolib does not
2019-01-16Merge branch 'maint'Rickard Green
* maint: Updated OTP version Prepare release
2019-01-16Merge branch 'maint-21' into maintRickard Green
* maint-21: Updated OTP version Prepare release
2019-01-16Merge branch 'maint'Ingela Anderton Andin
2019-01-16ssl: Cuddle testsIngela Anderton Andin
2019-01-15Prepare releaseErlang/OTP
2019-01-15Merge branch 'peterdmv/ssl/fix-srp-encode-decode/ERL-790/OTP-15477' into ↵Erlang/OTP
maint-21 * peterdmv/ssl/fix-srp-encode-decode/ERL-790/OTP-15477: ssl: Fix encoding/decoding of the SRP extension
2019-01-15Merge branch 'ingela/ssl/enhance-error-handling/OTP-15505' into maint-21Erlang/OTP
* ingela/ssl/enhance-error-handling/OTP-15505: ssl: Cuddle test cases ssl: Fix test case ssl: Fix two invalid gen_statem returns
2019-01-15Merge branch 'lukas/ssl/benchmark_basic_test'Lukas Larsson
* lukas/ssl/benchmark_basic_test: inets: Decrease benchmark TC timeout inets: Fix crypto:rand_bytes usage in benchmarks ssl: Only run a basic fast test in test cycle
2019-01-15ssl: Only run a basic fast test in test cycleLukas Larsson
Some of the slower machines takes 20-30 minutes to run one iteration of the payload test.
2019-01-15Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/src/ssl.erl
2019-01-14ssl: Add value 'save' to reuse_sessions and reuse_session client optionIngela Anderton Andin
We want to be able to save a specific session to reuse, and make sure it is reusable immediatly when the connection has been established. Add client option {reuse_session, SessionID::binary()} We also do not want clients to save sessions that it did not verify. Additionaly change behaviour of the client and server to not save sessions if reuse_session is set to false.
2019-01-14ssl: Client shall only save verified sessionsIngela Anderton Andin
Modernize test case option handling
2019-01-14ssl: Uncomplicate test codeIngela Anderton Andin
No need for this test case to set a specific cipher suite. An appropriate cipher suite will be negotiated and it will of course be the same for clients with the same configuration.
2019-01-14ssl: Modernize test suiteIngela Anderton Andin
2019-01-11ssl: Skip TLS 1.3 suites if crypto lacks supportPéter Dimitrov
TLS 1.3 test suites requires TLS 1.3 support in crypto that is openssl 1.1.1 or later shall be available. This commit tests support for RSASSA-PSS signature algorithm and x448 Diffie-Hellman key agreement. Change-Id: I003ab376339b003fbbd3d0a66e10c368a16023ad
2019-01-11ssl: Update testcase 'encode_decode_srp'Péter Dimitrov
Change-Id: I16dccce4a0a8980fe0f888969945aef8ed38a9bc
2019-01-11ssl: Fix dialyzer warningsPéter Dimitrov
Change-Id: I9269825c833d1461369828a9228f384ccf2543a9
2019-01-11ssl: Improve AEAD encode/decodePéter Dimitrov
- Update calculation of nonce and additional data - Update cipher_aead, decipher_aead - Add test for TLS 1.3 encode/decode Change-Id: Id0a5cc68d8746079fb42c0192c0c64405f6d7a72
2019-01-11ssl: Refactor state 'negotiated'Péter Dimitrov
Change-Id: I1a2e9b1b639cae0d78b6d25d7b6e761a2d90b7b1
2019-01-11ssl: Add 'CertificateVerify'Péter Dimitrov
Change-Id: Iab7148f609b4965cd1a815d04507a59cc1b8fb5f
2019-01-11ssl: Add support for x25519 and x448 in ECDHPéter Dimitrov
Change-Id: I206b851fc616c53475f4a2935f6f52baf8f3e1e6
2019-01-11ssl: Implement transcript_hash for TLS 1.3Péter Dimitrov
Change-Id: I03be63e9f436f60cdaee6583c930f235fd5eb24c
2019-01-11ssl: Fix encoding/decoding of supported_versionsPéter Dimitrov
Encode length of supported_versions in one octet instead of two. Change-Id: If24b38f3d2a40f0aa7152bb05bc0392efca6454c
2019-01-11ssl: Check if RSASSA-PSS is supported by cryptoPéter Dimitrov
Filter all rsa_pss_rsae and rsa_pss_pss signature schemes if rsa_pkcs1_pss_padding is not supported by crypto. Change-Id: Ie6d7ca3736011c71462eac925055f831777f9c9d
2019-01-11ssl: Reorder default signature schemesPéter Dimitrov
Change-Id: I54ef4f946c64510ca6df073aefc30c0b28723b3b
2019-01-11ssl: Create server 'Certificate' messagePéter Dimitrov
Create a TLS 1.3 'Certificate' message in the 'negotiated' state. Change-Id: I03115de2353324f8533146ba19809064da6b0866
2019-01-11ssl: Calculate handshake traffic keysPéter Dimitrov
Change-Id: Ifdf8978c58c15313e8a7973cff97dda3458f7721
2019-01-11ssl: Add tests for TLS 1.3Péter Dimitrov
Change-Id: I23a2faa5f07836333c9b50af388162d2bbb9a246
2019-01-11ssl: Fix handling of signature algorithmsPéter Dimitrov
Change-Id: I5cc6b470ea19e32dd5516a86fe6750c5b51d5368
2019-01-11ssl: Process "supported_versions" before decodingPéter Dimitrov
Change-Id: I465760b7001692367c68839219745e40abafdfa8
2019-01-11ssl: Update cipher suite formatting in ssl_loggerPéter Dimitrov
Change-Id: Icea7ba523b15d7db4c816f542a16fc92eb6b38ad
2019-01-11ssl: Fix cipher suite selectionPéter Dimitrov
Accept only TLS 1.3 ciphers when TLS 1.3 is selected. Change-Id: I4e934d344f52208263ffdeb31c357dd5727472b9
2019-01-11ssl: Comment usage of 'state' in TLS 1.3Péter Dimitrov
Change-Id: I284faa415c97eb533df0a7e5777fe5d929010e56
2019-01-11ssl: Implement TLS 1.3 key schedulePéter Dimitrov
Change-Id: I0454890c604f47cffd3bd83c217ff571f73965fb
2019-01-11ssl: Update HKDF-Expand-Label functionPéter Dimitrov
Change-Id: I08dbfb38b198ef24798a85d8bcf498d697123fad
2019-01-11Merge branch 'peterdmv/ssl/fix-failing-srp-tc'Péter Dimitrov
* peterdmv/ssl/fix-failing-srp-tc: ssl: Fix srp testcase fault Change-Id: I0d7bf24e16bec0b61d385a6cd2ef81f334b9e397
2019-01-10Merge branch 'maint'Péter Dimitrov
* maint: ssl: Fix CRL suite with openssl-1.1.1a Change-Id: I18ffe894158e8881af20bba6f6a60b85063b937c