diff options
author | Andreas Schultz <aschultz@tpip.net> | 2012-06-15 17:52:30 +0200 |
---|---|---|
committer | Ingela Anderton Andin <ingela@erlang.org> | 2012-08-22 14:00:44 +0200 |
commit | fc4c828438e99afe47f7531101a1561decc3cf37 (patch) | |
tree | 4ccfe12e216687d3e4e8677130a293c94064aba9 | |
parent | 7dcf8182fb71d594d639c26aeedadef253be1733 (diff) | |
download | otp-fc4c828438e99afe47f7531101a1561decc3cf37.tar.gz otp-fc4c828438e99afe47f7531101a1561decc3cf37.tar.bz2 otp-fc4c828438e99afe47f7531101a1561decc3cf37.zip |
ssl: Add TLS version to ssl_handshake:key_exchange/3
TLS 1.2 changed the way digital signatures are
done. key_exchange/3 needs to pass the version
to it.
-rw-r--r-- | lib/ssl/src/ssl_connection.erl | 12 | ||||
-rw-r--r-- | lib/ssl/src/ssl_handshake.erl | 10 |
2 files changed, 11 insertions, 11 deletions
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl index 965b396353..94d129de6f 100644 --- a/lib/ssl/src/ssl_connection.erl +++ b/lib/ssl/src/ssl_connection.erl @@ -1446,7 +1446,7 @@ key_exchange(#state{role = server, key_algorithm = Algo, SecParams = ConnectionState#connection_state.security_parameters, #security_parameters{client_random = ClientRandom, server_random = ServerRandom} = SecParams, - Msg = ssl_handshake:key_exchange(server, {dh, Keys, Params, + Msg = ssl_handshake:key_exchange(server, Version, {dh, Keys, Params, Algo, ClientRandom, ServerRandom, PrivateKey}), @@ -1465,7 +1465,7 @@ key_exchange(#state{role = client, premaster_secret = PremasterSecret, socket = Socket, transport_cb = Transport, tls_handshake_history = Handshake0} = State) -> - Msg = rsa_key_exchange(PremasterSecret, PublicKeyInfo), + Msg = rsa_key_exchange(Version, PremasterSecret, PublicKeyInfo), {BinMsg, ConnectionStates, Handshake} = encode_handshake(Msg, Version, ConnectionStates0, Handshake0), Transport:send(Socket, BinMsg), @@ -1481,22 +1481,22 @@ key_exchange(#state{role = client, when Algorithm == dhe_dss; Algorithm == dhe_rsa; Algorithm == dh_anon -> - Msg = ssl_handshake:key_exchange(client, {dh, DhPubKey}), + Msg = ssl_handshake:key_exchange(client, Version, {dh, DhPubKey}), {BinMsg, ConnectionStates, Handshake} = encode_handshake(Msg, Version, ConnectionStates0, Handshake0), Transport:send(Socket, BinMsg), State#state{connection_states = ConnectionStates, tls_handshake_history = Handshake}. -rsa_key_exchange(PremasterSecret, PublicKeyInfo = {Algorithm, _, _}) +rsa_key_exchange(Version, PremasterSecret, PublicKeyInfo = {Algorithm, _, _}) when Algorithm == ?rsaEncryption; Algorithm == ?md2WithRSAEncryption; Algorithm == ?md5WithRSAEncryption; Algorithm == ?sha1WithRSAEncryption -> - ssl_handshake:key_exchange(client, + ssl_handshake:key_exchange(client, Version, {premaster_secret, PremasterSecret, PublicKeyInfo}); -rsa_key_exchange(_, _) -> +rsa_key_exchange(_, _, _) -> throw (?ALERT_REC(?FATAL,?HANDSHAKE_FAILURE)). request_client_cert(#state{ssl_options = #ssl_options{verify = verify_peer}, diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl index cf42129534..ef7900c470 100644 --- a/lib/ssl/src/ssl_handshake.erl +++ b/lib/ssl/src/ssl_handshake.erl @@ -33,7 +33,7 @@ -export([master_secret/4, client_hello/8, server_hello/4, hello/4, hello_request/0, certify/7, certificate/4, client_certificate_verify/5, certificate_verify/5, - certificate_request/3, key_exchange/2, server_key_exchange_hash/2, + certificate_request/3, key_exchange/3, server_key_exchange_hash/2, finished/4, verify_connection/5, get_tls_handshake/2, decode_client_key/3, server_hello_done/0, encode_handshake/2, init_handshake_history/0, update_handshake_history/2, @@ -327,7 +327,7 @@ certificate_request(ConnectionStates, CertDbHandle, CertDbRef) -> }. %%-------------------------------------------------------------------- --spec key_exchange(client | server, +-spec key_exchange(client | server, tls_version(), {premaster_secret, binary(), public_key_info()} | {dh, binary()} | {dh, {binary(), binary()}, #'DHParameter'{}, key_algo(), @@ -336,18 +336,18 @@ certificate_request(ConnectionStates, CertDbHandle, CertDbRef) -> %% %% Description: Creates a keyexchange message. %%-------------------------------------------------------------------- -key_exchange(client, {premaster_secret, Secret, {_, PublicKey, _}}) -> +key_exchange(client, _Version, {premaster_secret, Secret, {_, PublicKey, _}}) -> EncPremasterSecret = encrypted_premaster_secret(Secret, PublicKey), #client_key_exchange{exchange_keys = EncPremasterSecret}; -key_exchange(client, {dh, <<?UINT32(Len), PublicKey:Len/binary>>}) -> +key_exchange(client, _Version, {dh, <<?UINT32(Len), PublicKey:Len/binary>>}) -> #client_key_exchange{ exchange_keys = #client_diffie_hellman_public{ dh_public = PublicKey} }; -key_exchange(server, {dh, {<<?UINT32(Len), PublicKey:Len/binary>>, _}, +key_exchange(server, _Version, {dh, {<<?UINT32(Len), PublicKey:Len/binary>>, _}, #'DHParameter'{prime = P, base = G}, KeyAlgo, ClientRandom, ServerRandom, PrivateKey}) -> <<?UINT32(_), PBin/binary>> = crypto:mpint(P), |