Updated version 1.0.14 from 'upstream/1.0.14'
with Debian dir e9a149f59be126bb15f58a04d3426c19dbfdbd25
Philipp Huebner
6 years ago
0 | # Version 1.0.14 | |
1 | ||
2 | * Improve ECDH curve handling (thanks to user pitchum) | |
3 | * Fix bug in handling protocol_options option | |
4 | ||
5 | # Version 1.0.13 | |
6 | ||
7 | * Convert to use NIF (Paweł Chmielowski) | |
8 | ||
0 | 9 | # Version 1.0.12 |
1 | 10 | |
2 | 11 | * depends on p1_utils-1.0.9 |
58 | 58 | |
59 | 59 | #if OPENSSL_VERSION_NUMBER < 0x10100000L |
60 | 60 | #define DH_set0_pqg(dh, dh_p, param, dh_g) (dh)->p = dh_p; (dh)->g = dh_g |
61 | #endif | |
62 | ||
63 | #if OPENSSL_VERSION_NUMBER < 0x10100000L | |
64 | 61 | #define our_alloc enif_alloc |
65 | 62 | #define our_realloc enif_realloc |
66 | 63 | #define our_free enif_free |
77 | 74 | } |
78 | 75 | #endif |
79 | 76 | |
77 | #if OPENSSL_VERSION_NUMBER >= 0x10100000L || OPENSSL_VERSION_NUMBER < 0x10002000 | |
78 | #undef SSL_CTX_set_ecdh_auto | |
79 | #define SSL_CTX_set_ecdh_auto(A, B) do {} while(0) | |
80 | #endif | |
80 | 81 | |
81 | 82 | #define CIPHERS "DEFAULT:!EXPORT:!LOW:!RC4:!SSLv2" |
82 | 83 | |
375 | 376 | #ifndef OPENSSL_NO_ECDH |
376 | 377 | |
377 | 378 | static void setup_ecdh(SSL_CTX *ctx) { |
378 | EC_KEY *ecdh; | |
379 | ||
380 | if (SSLeay() < 0x1000005fL) { | |
381 | return; | |
382 | } | |
383 | ||
384 | ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); | |
385 | SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE); | |
386 | SSL_CTX_set_tmp_ecdh(ctx, ecdh); | |
387 | ||
388 | EC_KEY_free(ecdh); | |
379 | SSL_CTX_set_ecdh_auto(ctx, 1); | |
389 | 380 | } |
390 | 381 | |
391 | 382 | #endif |
666 | 657 | return enif_make_badarg(env); |
667 | 658 | if (!enif_inspect_iolist_as_binary(env, argv[2], &ciphers_bin)) |
668 | 659 | return enif_make_badarg(env); |
669 | if (!enif_inspect_iolist_as_binary(env, argv[2], &protocol_options_bin)) | |
660 | if (!enif_inspect_iolist_as_binary(env, argv[3], &protocol_options_bin)) | |
670 | 661 | return enif_make_badarg(env); |
671 | 662 | if (!enif_inspect_iolist_as_binary(env, argv[4], &dhfile_bin)) |
672 | 663 | return enif_make_badarg(env); |
677 | 668 | size_t po_len_left = protocol_options_bin.size; |
678 | 669 | unsigned char *po = protocol_options_bin.data; |
679 | 670 | |
680 | while (1) { | |
671 | while (po_len_left) { | |
681 | 672 | unsigned char *pos = memchr(po, '|', po_len_left); |
682 | 673 | |
683 | 674 | if (!pos) { |
22 | 22 | |
23 | 23 | {application, fast_tls, |
24 | 24 | [{description, "TLS / SSL OpenSSL-based native driver for Erlang / Elixir"}, |
25 | {vsn, "1.0.13"}, | |
25 | {vsn, "1.0.14"}, | |
26 | 26 | {modules, []}, |
27 | 27 | {registered, []}, |
28 | 28 | {applications, [kernel, stdlib]}, |
436 | 436 | ?assertEqual(ok, load_nif(SOPath)). |
437 | 437 | |
438 | 438 | transmision_test() -> |
439 | {LPid, Port} = setup_listener(), | |
440 | setup_sender(Port), | |
439 | {LPid, Port} = setup_listener([]), | |
440 | setup_sender(Port, []), | |
441 | 441 | LPid ! {stop, self()}, |
442 | 442 | receive |
443 | 443 | {received, Msg} -> |
444 | 444 | ?assertEqual(Msg, <<"abcdefghi">>) |
445 | 445 | end. |
446 | 446 | |
447 | setup_listener() -> | |
448 | {ok, ListenSocket} = gen_tcp:listen(50123, | |
447 | not_compatible_transmision_test() -> | |
448 | {LPid, Port} = setup_listener([{protocol_options, <<"no_sslv2|no_sslv3|no_tlsv1|no_tlsv1_1">>}]), | |
449 | setup_sender(Port, [{protocol_options, <<"no_sslv2|no_sslv3|no_tlsv1_1|no_tlsv1_2">>}]), | |
450 | LPid ! {stop, self()}, | |
451 | receive | |
452 | {received, Msg} -> | |
453 | ?assertEqual(Msg, <<>>) | |
454 | end. | |
455 | ||
456 | setup_listener(Opts) -> | |
457 | {ok, ListenSocket} = gen_tcp:listen(0, | |
449 | 458 | [binary, {packet, 0}, {active, false}, |
450 | 459 | {reuseaddr, true}, {nodelay, true}]), |
451 | 460 | Pid = spawn(fun() -> |
452 | 461 | {ok, Socket} = gen_tcp:accept(ListenSocket), |
453 | {ok, TLSSock} = tcp_to_tls(Socket, [{certfile, <<"../tests/cert.pem">>}]), | |
462 | {ok, TLSSock} = tcp_to_tls(Socket, [{certfile, <<"../tests/cert.pem">>} | Opts]), | |
454 | 463 | listener_loop(TLSSock, <<>>) |
455 | 464 | end), |
456 | 465 | {ok, Port} = inet:port(ListenSocket), |
469 | 478 | listener_loop(TLSSock, <<Msg/binary, Data/binary>>) |
470 | 479 | end. |
471 | 480 | |
472 | setup_sender(Port) -> | |
481 | setup_sender(Port, Opts) -> | |
473 | 482 | {ok, Socket} = gen_tcp:connect({127, 0, 0, 1}, Port, [ |
474 | 483 | binary, {packet, 0}, {active, false}, |
475 | 484 | {reuseaddr, true}, {nodelay, true}]), |
476 | 485 | spawn(fun() -> |
477 | {ok, TLSSock} = tcp_to_tls(Socket, [connect, {certfile, <<"../tests/cert.pem">>}]), | |
486 | {ok, TLSSock} = tcp_to_tls(Socket, [connect, {certfile, <<"../tests/cert.pem">>} | Opts]), | |
478 | 487 | sender_loop(TLSSock) |
479 | 488 | end), |
480 | 489 | ok. |
481 | 490 | |
482 | 491 | sender_loop(TLSSock) -> |
483 | recv(TLSSock, 0, 1000), | |
484 | ok = send(TLSSock, <<"abc">>), | |
485 | recv(TLSSock, 0, 1000), | |
486 | ok = send(TLSSock, <<"def">>), | |
487 | recv(TLSSock, 0, 1000), | |
488 | ok = send(TLSSock, <<"ghi">>), | |
489 | recv(TLSSock, 0, 1000), | |
490 | close(TLSSock). | |
492 | try | |
493 | recv(TLSSock, 0, 1000), | |
494 | ok = send(TLSSock, <<"abc">>), | |
495 | recv(TLSSock, 0, 1000), | |
496 | ok = send(TLSSock, <<"def">>), | |
497 | recv(TLSSock, 0, 1000), | |
498 | ok = send(TLSSock, <<"ghi">>), | |
499 | recv(TLSSock, 0, 1000), | |
500 | close(TLSSock) | |
501 | catch | |
502 | _:_ -> ok | |
503 | end. | |
491 | 504 | |
492 | 505 | -endif. |