aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2019-01-29 15:12:41 +0100
committerIngela Anderton Andin <[email protected]>2019-02-08 09:22:26 +0100
commite8ccff6724b8bd82f4eddb6255a059b10a787722 (patch)
tree8b91b06f707c9f0186837e3c853b68fcf35bc225
parent2b9412e026ab58bac5b61f239d607db6482974ef (diff)
downloadotp-e8ccff6724b8bd82f4eddb6255a059b10a787722.tar.gz
otp-e8ccff6724b8bd82f4eddb6255a059b10a787722.tar.bz2
otp-e8ccff6724b8bd82f4eddb6255a059b10a787722.zip
ssl: Add key exchange items to handshake_env
-rw-r--r--lib/ssl/src/dtls_connection.erl4
-rw-r--r--lib/ssl/src/ssl_connection.erl26
-rw-r--r--lib/ssl/src/ssl_connection.hrl5
-rw-r--r--lib/ssl/src/tls_connection.erl4
4 files changed, 20 insertions, 19 deletions
diff --git a/lib/ssl/src/dtls_connection.erl b/lib/ssl/src/dtls_connection.erl
index 86f79ed7e3..a11e0a0ac6 100644
--- a/lib/ssl/src/dtls_connection.erl
+++ b/lib/ssl/src/dtls_connection.erl
@@ -338,8 +338,8 @@ reinit(State) ->
reinit_handshake_data(#state{protocol_buffers = Buffers,
handshake_env = HsEnv} = State) ->
State#state{premaster_secret = undefined,
- public_key_info = undefined,
- handshake_env = HsEnv#handshake_env{tls_handshake_history = ssl_handshake:init_handshake_history()},
+ handshake_env = HsEnv#handshake_env{tls_handshake_history = ssl_handshake:init_handshake_history(),
+ public_key_info = undefined},
flight_state = {retransmit, ?INITIAL_RETRANSMIT_TIMEOUT},
flight_buffer = new_flight(),
protocol_buffers =
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index 75edf2e42b..ea6c6f3461 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -832,10 +832,9 @@ certify(internal, #certificate{} = Cert,
end;
certify(internal, #server_key_exchange{exchange_keys = Keys},
#state{static_env = #static_env{role = client},
- handshake_env = HsEnv,
+ handshake_env = #handshake_env{public_key_info = PubKeyInfo} = HsEnv,
negotiated_version = Version,
key_algorithm = Alg,
- public_key_info = PubKeyInfo,
session = Session,
connection_states = ConnectionStates} = State, Connection)
when Alg == dhe_dss; Alg == dhe_rsa;
@@ -998,17 +997,17 @@ cipher(info, Msg, State, _) ->
cipher(internal, #certificate_verify{signature = Signature,
hashsign_algorithm = CertHashSign},
#state{static_env = #static_env{role = server},
- handshake_env = #handshake_env{tls_handshake_history = Hist} = HsEnv,
+ handshake_env = #handshake_env{tls_handshake_history = Hist,
+ public_key_info = PubKeyInfo} = HsEnv,
key_algorithm = KexAlg,
- public_key_info = PublicKeyInfo,
negotiated_version = Version,
session = #session{master_secret = MasterSecret}
} = State, Connection) ->
TLSVersion = ssl:tls_version(Version),
%% Use negotiated value if TLS-1.2 otherwhise return default
- HashSign = negotiated_hashsign(CertHashSign, KexAlg, PublicKeyInfo, TLSVersion),
- case ssl_handshake:certificate_verify(Signature, PublicKeyInfo,
+ HashSign = negotiated_hashsign(CertHashSign, KexAlg, PubKeyInfo, TLSVersion),
+ case ssl_handshake:certificate_verify(Signature, PubKeyInfo,
TLSVersion, HashSign, MasterSecret, Hist) of
valid ->
Connection:next_event(?FUNCTION_NAME, no_record,
@@ -1526,11 +1525,12 @@ server_hello_done(State, Connection) ->
Connection:send_handshake(HelloDone, State).
handle_peer_cert(Role, PeerCert, PublicKeyInfo,
- #state{session = #session{cipher_suite = CipherSuite} = Session} = State0,
+ #state{handshake_env = HsEnv,
+ session = #session{cipher_suite = CipherSuite} = Session} = State0,
Connection) ->
- State1 = State0#state{session =
- Session#session{peer_certificate = PeerCert},
- public_key_info = PublicKeyInfo},
+ State1 = State0#state{handshake_env = HsEnv#handshake_env{public_key_info = PublicKeyInfo},
+ session =
+ Session#session{peer_certificate = PeerCert}},
#{key_exchange := KeyAlgorithm} = ssl_cipher_format:suite_definition(CipherSuite),
State = handle_peer_cert_key(Role, PeerCert, PublicKeyInfo, KeyAlgorithm, State1),
Connection:next_event(certify, no_record, State).
@@ -1865,8 +1865,8 @@ key_exchange(#state{static_env = #static_env{role = server}, key_algorithm = Alg
State#state{srp_params = SrpParams,
srp_keys = Keys};
key_exchange(#state{static_env = #static_env{role = client},
- key_algorithm = rsa,
- public_key_info = PublicKeyInfo,
+ handshake_env = #handshake_env{public_key_info = PublicKeyInfo},
+ key_algorithm = rsa,
negotiated_version = Version,
premaster_secret = PremasterSecret} = State0, Connection) ->
Msg = rsa_key_exchange(ssl:tls_version(Version), PremasterSecret, PublicKeyInfo),
@@ -1920,9 +1920,9 @@ key_exchange(#state{static_env = #static_env{role = client},
Connection:queue_handshake(Msg, State0);
key_exchange(#state{static_env = #static_env{role = client},
+ handshake_env = #handshake_env{public_key_info = PublicKeyInfo},
ssl_options = SslOpts,
key_algorithm = rsa_psk,
- public_key_info = PublicKeyInfo,
negotiated_version = Version,
premaster_secret = PremasterSecret}
= State0, Connection) ->
diff --git a/lib/ssl/src/ssl_connection.hrl b/lib/ssl/src/ssl_connection.hrl
index e1a53c9982..6610d79c60 100644
--- a/lib/ssl/src/ssl_connection.hrl
+++ b/lib/ssl/src/ssl_connection.hrl
@@ -67,7 +67,9 @@
next_protocol = undefined :: undefined | binary(),
negotiated_protocol,
hashsign_algorithm = {undefined, undefined},
- cert_hashsign_algorithm = {undefined, undefined}
+ cert_hashsign_algorithm = {undefined, undefined},
+ %% key exchange
+ public_key_info :: ssl_handshake:public_key_info() | 'undefined'
}).
-record(connection_env, {
@@ -98,7 +100,6 @@
%% Used only in HS
client_certificate_requested = false :: boolean(),
key_algorithm :: ssl:key_algo(),
- public_key_info :: ssl_handshake:public_key_info() | 'undefined',
private_key :: public_key:private_key() | secret_printout() | 'undefined',
diffie_hellman_params:: #'DHParameter'{} | undefined | secret_printout(),
diffie_hellman_keys :: {PublicKey :: binary(), PrivateKey :: binary()} | #'ECPrivateKey'{} | undefined | secret_printout(),
diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl
index 684910db10..fd60ca0cf8 100644
--- a/lib/ssl/src/tls_connection.erl
+++ b/lib/ssl/src/tls_connection.erl
@@ -348,8 +348,8 @@ reinit_handshake_data(#state{handshake_env = HsEnv} =State) ->
%% To reduce memory foot print of a connection reinitialize them.
State#state{
premaster_secret = undefined,
- public_key_info = undefined,
- handshake_env = HsEnv#handshake_env{tls_handshake_history = ssl_handshake:init_handshake_history()}
+ handshake_env = HsEnv#handshake_env{tls_handshake_history = ssl_handshake:init_handshake_history(),
+ public_key_info = undefined}
}.
select_sni_extension(#client_hello{extensions = HelloExtensions}) ->