ssl: Correct ECC curve selection, the error could cause default to always be selected.

author: Ingela Anderton Andin <[email protected]> 2016-09-27 12:28:28 +0200
committer: Ingela Anderton Andin <[email protected]> 2016-09-28 10:05:57 +0200
commit: ca78bf1500c5f3c68d72214bd06fcc1b66a52c38 (patch)
tree: aaba4bc1a22e679e91b88adc54bfd98be3920e68
parent: e6059f94571a6c968c15b9de6b7d63ebd64f9acf (diff)
download: otp-ca78bf1500c5f3c68d72214bd06fcc1b66a52c38.tar.gz
otp-ca78bf1500c5f3c68d72214bd06fcc1b66a52c38.tar.bz2
otp-ca78bf1500c5f3c68d72214bd06fcc1b66a52c38.zip
4 files changed, 4 insertions, 15 deletions
diff --git a/lib/ssl/src/dtls_connection.erl b/lib/ssl/src/dtls_connection.erl
index 479f68f4bb..4f1f050e4b 100644
--- a/lib/ssl/src/dtls_connection.erl
+++ b/lib/ssl/src/dtls_connection.erl
@@ -232,9 +232,7 @@ error(_, _, _) ->
 	    #state{}) ->
 		   gen_statem:state_function_result().
 %%--------------------------------------------------------------------
-hello(internal, #client_hello{client_version = ClientVersion,
-			      extensions = #hello_extensions{ec_point_formats = EcPointFormats,
-							     elliptic_curves = EllipticCurves}} = Hello,
+hello(internal, #client_hello{client_version = ClientVersion} = Hello,
       State = #state{connection_states = ConnectionStates0,
 		     port = Port, session = #session{own_certificate = Cert} = Session0,
 		     renegotiation = {Renegotiation, _},
@@ -260,7 +258,6 @@ hello(internal, #client_hello{client_version = ClientVersion,
 					     negotiated_version = Version,
 					     hashsign_algorithm = HashSign,
 					     session = Session,
-					     client_ecc = {EllipticCurves, EcPointFormats},
 					     negotiated_protocol = Protocol}, ?MODULE)
     end;
 hello(internal, #server_hello{} = Hello,
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index 304d1706f5..08fca76123 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -1430,13 +1430,14 @@ key_exchange(#state{role = server, private_key = Key, key_algorithm = Algo} = St
 key_exchange(#state{role = server, key_algorithm = Algo,
 		    hashsign_algorithm = HashSignAlgo,
 		    private_key = PrivateKey,
+		    session = #session{ecc = ECCCurve},
 		    connection_states = ConnectionStates0,
 		    negotiated_version = Version
 		   } = State0, Connection)
   when Algo == ecdhe_ecdsa; Algo == ecdhe_rsa;
        Algo == ecdh_anon ->
 
-    ECDHKeys = public_key:generate_key(select_curve(State0)),
+    ECDHKeys = public_key:generate_key(ECCCurve),
     #{security_parameters := SecParams} = 
 	ssl_record:pending_connection_state(ConnectionStates0, read),
     #security_parameters{client_random = ClientRandom,
@@ -1845,11 +1846,6 @@ cipher_role(server, Data, Session,  #state{connection_states = ConnectionStates0
     {Record, State} = prepare_connection(State1, Connection),
     Connection:next_event(connection, Record, State).
 
-select_curve(#state{client_ecc = {[Curve|_], _}}) ->
-    {namedCurve, Curve};
-select_curve(_) ->
-    {namedCurve, ?secp256r1}.
-
 is_anonymous(Algo) when Algo == dh_anon;
 			Algo == ecdh_anon;
 			Algo == psk;
diff --git a/lib/ssl/src/ssl_connection.hrl b/lib/ssl/src/ssl_connection.hrl
index f1e612a41b..160ba1da5b 100644
--- a/lib/ssl/src/ssl_connection.hrl
+++ b/lib/ssl/src/ssl_connection.hrl
@@ -81,7 +81,6 @@
           expecting_next_protocol_negotiation = false ::boolean(),
 	  expecting_finished =                  false ::boolean(),
           negotiated_protocol = undefined             :: undefined | binary(),
-	  client_ecc,          % {Curves, PointFmt}
 	  tracker              :: pid() | 'undefined', %% Tracker process for listen socket
 	  sni_hostname = undefined,
 	  downgrade,
diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl
index 9b9031473a..5e2ccf4222 100644
--- a/lib/ssl/src/tls_connection.erl
+++ b/lib/ssl/src/tls_connection.erl
@@ -237,9 +237,7 @@ error(_, _, _) ->
 	    #state{}) ->
 		   gen_statem:state_function_result().
 %%--------------------------------------------------------------------
-hello(internal, #client_hello{client_version = ClientVersion,
-			       extensions = #hello_extensions{ec_point_formats = EcPointFormats,
-							      elliptic_curves = EllipticCurves}} = Hello,
+hello(internal, #client_hello{client_version = ClientVersion} = Hello,
       #state{connection_states = ConnectionStates0,
 	     port = Port, session = #session{own_certificate = Cert} = Session0,
 	     renegotiation = {Renegotiation, _},
@@ -265,7 +263,6 @@ hello(internal, #client_hello{client_version = ClientVersion,
 					     negotiated_version = Version,
 					     hashsign_algorithm = HashSign,
 					     session = Session,
-					     client_ecc = {EllipticCurves, EcPointFormats},
 					     negotiated_protocol = Protocol})
     end;
 hello(internal, #server_hello{} = Hello,
author	Ingela Anderton Andin <[email protected]>	2016-09-27 12:28:28 +0200
committer	Ingela Anderton Andin <[email protected]>	2016-09-28 10:05:57 +0200
commit	ca78bf1500c5f3c68d72214bd06fcc1b66a52c38 (patch)
tree	aaba4bc1a22e679e91b88adc54bfd98be3920e68
parent	e6059f94571a6c968c15b9de6b7d63ebd64f9acf (diff)
download	otp-ca78bf1500c5f3c68d72214bd06fcc1b66a52c38.tar.gz otp-ca78bf1500c5f3c68d72214bd06fcc1b66a52c38.tar.bz2 otp-ca78bf1500c5f3c68d72214bd06fcc1b66a52c38.zip