Fix handshake problem with multiple messages in one packet

If hello and client_key_exchange message is sent together in
the same packet, ssl can't handle it and closes the connection.

Also fixed compiler warning.

1 files changed, 48 insertions, 53 deletions

diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index 76422155a5..960282b588 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -334,14 +334,12 @@ hello(start, #state{host = Host, port = Port, role = client,
 		    ssl_options = SslOpts, 
 		    transport_cb = Transport, socket = Socket,
 		    connection_states = ConnectionStates,
-		    own_cert = Cert,
 		    renegotiation = {Renegotiation, _}}
       = State0) ->
 
     Hello = ssl_handshake:client_hello(Host, Port, 
 				       ConnectionStates, 
-				       SslOpts, Cert,
-				       Renegotiation),
+				       SslOpts, Renegotiation),
 
     Version = Hello#client_hello.client_version,
     Hashes0 = ssl_handshake:init_hashes(),
@@ -353,7 +351,7 @@ hello(start, #state{host = Host, port = Port, role = client,
 			 session = 
                          #session{session_id = Hello#client_hello.session_id,
                                   is_resumable = false},
-                         tls_handshake_hashes = Hashes1},
+			  tls_handshake_hashes = Hashes1},
     {Record, State} = next_record(State1),
     next_state(hello, Record, State);
     
@@ -579,58 +577,61 @@ certify(#client_key_exchange{} = Msg,
     %% We expect a certificate here
     handle_unexpected_message(Msg, certify_client_key_exchange, State);
 
-certify(#client_key_exchange{exchange_keys 
-			     = #encrypted_premaster_secret{premaster_secret 
-							   = EncPMS}},
-        #state{negotiated_version = Version,
-	       connection_states = ConnectionStates0,
-	       session = Session0,
-	       private_key = Key} = State0) ->
-    try ssl_handshake:decrypt_premaster_secret(EncPMS, Key) of
-	PremasterSecret ->
-	    case ssl_handshake:master_secret(Version, PremasterSecret, 
-					     ConnectionStates0, server) of
-		{MasterSecret, ConnectionStates} ->
-		    Session = Session0#session{master_secret = MasterSecret},
-		    State1 = State0#state{connection_states = ConnectionStates,
-					 session = Session},
-		    {Record, State} = next_record(State1),
-		    next_state(cipher, Record, State);
-		#alert{} = Alert ->
-		    handle_own_alert(Alert, Version, 
-				     certify_client_key_exchange, State0),
-		    {stop, normal, State0} 
-	    end
+certify(#client_key_exchange{exchange_keys = Keys},
+	State = #state{key_algorithm = KeyAlg, negotiated_version = Version}) ->
+    try
+	certify_client_key_exchange(ssl_handshake:decode_client_key(Keys, KeyAlg, Version), State)
     catch 
 	#alert{} = Alert ->
-	    handle_own_alert(Alert, Version, certify_client_key_exchange, 
-			     State0),
+	    handle_own_alert(Alert, Version, certify_client_key_exchange, State),
+	    {stop, normal, State}
+    end;
+
+certify(Msg, State) ->
+    handle_unexpected_message(Msg, certify, State).
+
+certify_client_key_exchange(#encrypted_premaster_secret{premaster_secret= EncPMS},
+			    #state{negotiated_version = Version,
+				   connection_states = ConnectionStates0,
+				   session = Session0,
+				   private_key = Key} = State0) ->
+    PremasterSecret = ssl_handshake:decrypt_premaster_secret(EncPMS, Key),
+    case ssl_handshake:master_secret(Version, PremasterSecret,
+				     ConnectionStates0, server) of
+	{MasterSecret, ConnectionStates} ->
+	    Session = Session0#session{master_secret = MasterSecret},
+	    State1 = State0#state{connection_states = ConnectionStates,
+				  session = Session},
+	    {Record, State} = next_record(State1),
+	    next_state(cipher, Record, State);
+	#alert{} = Alert ->
+	    handle_own_alert(Alert, Version,
+			     certify_client_key_exchange, State0),
 	    {stop, normal, State0} 
     end;
 
-certify(#client_key_exchange{exchange_keys = #client_diffie_hellman_public{
-			       dh_public = ClientPublicDhKey}},
-        #state{negotiated_version = Version,
-	       diffie_hellman_params = #'DHParameter'{prime = P,
-						      base = G},
-	       diffie_hellman_keys = {_, ServerDhPrivateKey},
-	       role = Role,
-	       session = Session,
-	       connection_states = ConnectionStates0} = State0) ->
-    
+certify_client_key_exchange(#client_diffie_hellman_public{dh_public = ClientPublicDhKey},
+			    #state{negotiated_version = Version,
+				   diffie_hellman_params = #'DHParameter'{prime = P,
+									  base = G},
+				   diffie_hellman_keys = {_, ServerDhPrivateKey},
+				   role = Role,
+				   session = Session,
+				   connection_states = ConnectionStates0} = State0) ->
+
     PMpint = crypto:mpint(P),
     GMpint = crypto:mpint(G),	
     PremasterSecret = crypto:dh_compute_key(mpint_binary(ClientPublicDhKey),
 					    ServerDhPrivateKey,
 					    [PMpint, GMpint]),
-    
+
     case ssl_handshake:master_secret(Version, PremasterSecret,
 				     ConnectionStates0, Role) of
 	{MasterSecret, ConnectionStates} ->
 	    State1 = State0#state{session = 
-				 Session#session{master_secret 
-						 = MasterSecret},
-				connection_states = ConnectionStates},
+				      Session#session{master_secret
+						      = MasterSecret},
+				  connection_states = ConnectionStates},
 
 	    {Record, State} = next_record(State1),
 	    next_state(cipher, Record, State);
@@ -638,10 +639,7 @@ certify(#client_key_exchange{exchange_keys = #client_diffie_hellman_public{
 	    handle_own_alert(Alert, Version, 
 			     certify_client_key_exchange, State0),
 	    {stop, normal, State0} 
-    end;
-
-certify(Msg, State) ->
-    handle_unexpected_message(Msg, certify, State).
+    end.
 
 %%--------------------------------------------------------------------
 -spec cipher(#hello_request{} | #certificate_verify{} | #finished{} | term(),
@@ -701,14 +699,13 @@ connection(#hello_request{}, #state{host = Host, port = Port,
 				    socket = Socket,
 				    ssl_options = SslOpts,
 				    negotiated_version = Version,
-				    own_cert = Cert,
 				    transport_cb = Transport,
 				    connection_states = ConnectionStates0,
 				    renegotiation = {Renegotiation, _},
 				    tls_handshake_hashes = Hashes0} = State0) ->
    
-    Hello = ssl_handshake:client_hello(Host, Port, 
-				       ConnectionStates0, SslOpts, Cert, Renegotiation),
+    Hello = ssl_handshake:client_hello(Host, Port, ConnectionStates0,
+				       SslOpts, Renegotiation),
   
     {BinMsg, ConnectionStates1, Hashes1} =
         encode_handshake(Hello, Version, ConnectionStates0, Hashes0),
@@ -1794,9 +1791,7 @@ next_state(Next, #ssl_tls{type = ?ALERT, fragment = EncAlerts}, State) ->
     handle_alerts(Alerts,  {next_state, Next, State});
 
 next_state(StateName, #ssl_tls{type = ?HANDSHAKE, fragment = Data},
-  	   State0 = #state{key_algorithm = KeyAlg,
-  			   tls_handshake_buffer = Buf0,
-  			   negotiated_version = Version}) ->
+	   State0 = #state{tls_handshake_buffer = Buf0, negotiated_version = Version}) ->
     Handle = 
    	fun({#hello_request{} = Packet, _}, {next_state, connection = SName, State}) ->
    		%% This message should not be included in handshake
@@ -1819,7 +1814,7 @@ next_state(StateName, #ssl_tls{type = ?HANDSHAKE, fragment = Data},
    	   (_, StopState) -> StopState
    	end,
     try
-   	{Packets, Buf} = ssl_handshake:get_tls_handshake(Data,Buf0, KeyAlg,Version),
+	{Packets, Buf} = ssl_handshake:get_tls_handshake(Data,Buf0),
 	State = State0#state{tls_packets = Packets, tls_handshake_buffer = Buf},
 	handle_tls_handshake(Handle, StateName, State)
     catch throw:#alert{} = Alert ->