Commit bbbf6ffbd8f4fbb74263becb947da26ace59973b - erlang-p1-tls

Updated version 1.0.14 from 'upstream/1.0.14' with Debian dir e9a149f59be126bb15f58a04d3426c19dbfdbd25 Philipp Huebner 6 years ago

4 changed file(s) with 45 addition(s) and 32 deletion(s). Raw diff Collapse all Expand all

-0

CHANGELOG.md less more

	0	# Version 1.0.14
	1
	2	* Improve ECDH curve handling (thanks to user pitchum)
	3	* Fix bug in handling protocol_options option
	4
	5	# Version 1.0.13
	6
	7	* Convert to use NIF (Paweł Chmielowski)
	8
0	9	# Version 1.0.12
1	10
2	11	* depends on p1_utils-1.0.9

-16

c_src/fast_tls.c less more

58	58
59	59	#if OPENSSL_VERSION_NUMBER < 0x10100000L
60	60	#define DH_set0_pqg(dh, dh_p, param, dh_g) (dh)->p = dh_p; (dh)->g = dh_g
61		#endif
62
63		#if OPENSSL_VERSION_NUMBER < 0x10100000L
64	61	#define our_alloc enif_alloc
65	62	#define our_realloc enif_realloc
66	63	#define our_free enif_free

77	74	}
78	75	#endif
79	76
	77	#if OPENSSL_VERSION_NUMBER >= 0x10100000L \|\| OPENSSL_VERSION_NUMBER < 0x10002000
	78	#undef SSL_CTX_set_ecdh_auto
	79	#define SSL_CTX_set_ecdh_auto(A, B) do {} while(0)
	80	#endif
80	81
81	82	#define CIPHERS "DEFAULT:!EXPORT:!LOW:!RC4:!SSLv2"
82	83

375	376	#ifndef OPENSSL_NO_ECDH
376	377
377	378	static void setup_ecdh(SSL_CTX *ctx) {
378		EC_KEY *ecdh;
379
380		if (SSLeay() < 0x1000005fL) {
381		return;
382		}
383
384		ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
385		SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE);
386		SSL_CTX_set_tmp_ecdh(ctx, ecdh);
387
388		EC_KEY_free(ecdh);
	379	SSL_CTX_set_ecdh_auto(ctx, 1);
389	380	}
390	381
391	382	#endif

666	657	return enif_make_badarg(env);
667	658	if (!enif_inspect_iolist_as_binary(env, argv[2], &ciphers_bin))
668	659	return enif_make_badarg(env);
669		if (!enif_inspect_iolist_as_binary(env, argv[2], &protocol_options_bin))
	660	if (!enif_inspect_iolist_as_binary(env, argv[3], &protocol_options_bin))
670	661	return enif_make_badarg(env);
671	662	if (!enif_inspect_iolist_as_binary(env, argv[4], &dhfile_bin))
672	663	return enif_make_badarg(env);

677	668	size_t po_len_left = protocol_options_bin.size;
678	669	unsigned char *po = protocol_options_bin.data;
679	670
680		while (1) {
	671	while (po_len_left) {
681	672	unsigned char *pos = memchr(po, '\|', po_len_left);
682	673
683	674	if (!pos) {

-1

src/fast_tls.app.src less more

22	22
23	23	{application, fast_tls,
24	24	[{description, "TLS / SSL OpenSSL-based native driver for Erlang / Elixir"},
25		{vsn, "1.0.13"},
	25	{vsn, "1.0.14"},
26	26	{modules, []},
27	27	{registered, []},
28	28	{applications, [kernel, stdlib]},

+28

-15

src/fast_tls.erl less more

436	436	?assertEqual(ok, load_nif(SOPath)).
437	437
438	438	transmision_test() ->
439		{LPid, Port} = setup_listener(),
440		setup_sender(Port),
	439	{LPid, Port} = setup_listener([]),
	440	setup_sender(Port, []),
441	441	LPid ! {stop, self()},
442	442	receive
443	443	{received, Msg} ->
444	444	?assertEqual(Msg, <<"abcdefghi">>)
445	445	end.
446	446
447		setup_listener() ->
448		{ok, ListenSocket} = gen_tcp:listen(50123,
	447	not_compatible_transmision_test() ->
	448	{LPid, Port} = setup_listener([{protocol_options, <<"no_sslv2\|no_sslv3\|no_tlsv1\|no_tlsv1_1">>}]),
	449	setup_sender(Port, [{protocol_options, <<"no_sslv2\|no_sslv3\|no_tlsv1_1\|no_tlsv1_2">>}]),
	450	LPid ! {stop, self()},
	451	receive
	452	{received, Msg} ->
	453	?assertEqual(Msg, <<>>)
	454	end.
	455
	456	setup_listener(Opts) ->
	457	{ok, ListenSocket} = gen_tcp:listen(0,
449	458	[binary, {packet, 0}, {active, false},
450	459	{reuseaddr, true}, {nodelay, true}]),
451	460	Pid = spawn(fun() ->
452	461	{ok, Socket} = gen_tcp:accept(ListenSocket),
453		{ok, TLSSock} = tcp_to_tls(Socket, [{certfile, <<"../tests/cert.pem">>}]),
	462	{ok, TLSSock} = tcp_to_tls(Socket, [{certfile, <<"../tests/cert.pem">>} \| Opts]),
454	463	listener_loop(TLSSock, <<>>)
455	464	end),
456	465	{ok, Port} = inet:port(ListenSocket),

469	478	listener_loop(TLSSock, <<Msg/binary, Data/binary>>)
470	479	end.
471	480
472		setup_sender(Port) ->
	481	setup_sender(Port, Opts) ->
473	482	{ok, Socket} = gen_tcp:connect({127, 0, 0, 1}, Port, [
474	483	binary, {packet, 0}, {active, false},
475	484	{reuseaddr, true}, {nodelay, true}]),
476	485	spawn(fun() ->
477		{ok, TLSSock} = tcp_to_tls(Socket, [connect, {certfile, <<"../tests/cert.pem">>}]),
	486	{ok, TLSSock} = tcp_to_tls(Socket, [connect, {certfile, <<"../tests/cert.pem">>} \| Opts]),
478	487	sender_loop(TLSSock)
479	488	end),
480	489	ok.
481	490
482	491	sender_loop(TLSSock) ->
483		recv(TLSSock, 0, 1000),
484		ok = send(TLSSock, <<"abc">>),
485		recv(TLSSock, 0, 1000),
486		ok = send(TLSSock, <<"def">>),
487		recv(TLSSock, 0, 1000),
488		ok = send(TLSSock, <<"ghi">>),
489		recv(TLSSock, 0, 1000),
490		close(TLSSock).
	492	try
	493	recv(TLSSock, 0, 1000),
	494	ok = send(TLSSock, <<"abc">>),
	495	recv(TLSSock, 0, 1000),
	496	ok = send(TLSSock, <<"def">>),
	497	recv(TLSSock, 0, 1000),
	498	ok = send(TLSSock, <<"ghi">>),
	499	recv(TLSSock, 0, 1000),
	500	close(TLSSock)
	501	catch
	502	_:_ -> ok
	503	end.
491	504
492	505	-endif.