aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2014-12-01 17:48:58 +0100
committerIngela Anderton Andin <[email protected]>2014-12-01 17:50:31 +0100
commit918f5fc27fddc788d09eeb0ab0261b6c8762e0a4 (patch)
treefc95722a37dec9bb6fa11727ee21e378d6310172 /lib/ssl/src
parent7d717fb60d33280f4d18f0cbeb73dc90140b5040 (diff)
downloadotp-918f5fc27fddc788d09eeb0ab0261b6c8762e0a4.tar.gz
otp-918f5fc27fddc788d09eeb0ab0261b6c8762e0a4.tar.bz2
otp-918f5fc27fddc788d09eeb0ab0261b6c8762e0a4.zip
ssl: Change code to reflect that state data may be secret
Diffstat (limited to 'lib/ssl/src')
-rw-r--r--lib/ssl/src/ssl_connection.erl38
-rw-r--r--lib/ssl/src/ssl_connection.hrl24
-rw-r--r--lib/ssl/src/ssl_internal.hrl17
3 files changed, 41 insertions, 38 deletions
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index 8ff9913cee..b6059eac58 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -937,27 +937,27 @@ terminate(_Reason, _StateName, #state{transport_cb = Transport,
Transport:close(Socket).
format_status(normal, [_, State]) ->
- [{data, [{"StateData", State}]}];
+ [{data, [{"StateData", State}]}];
format_status(terminate, [_, State]) ->
SslOptions = (State#state.ssl_options),
- NewOptions = SslOptions#ssl_options{password = "***",
- cert = "***",
- cacerts = "***",
- key = "***",
- dh = "***",
- psk_identity = "***",
- srp_identity = "***"},
- [{data, [{"StateData", State#state{connection_states = "***",
- protocol_buffers = "***",
- user_data_buffer = "***",
- tls_handshake_history = "***",
- session = "***",
- private_key = "***",
- diffie_hellman_params = "***",
- diffie_hellman_keys = "***",
- srp_params = "***",
- srp_keys = "***",
- premaster_secret = "***",
+ NewOptions = SslOptions#ssl_options{password = ?SECRET_PRINTOUT,
+ cert = ?SECRET_PRINTOUT,
+ cacerts = ?SECRET_PRINTOUT,
+ key = ?SECRET_PRINTOUT,
+ dh = ?SECRET_PRINTOUT,
+ psk_identity = ?SECRET_PRINTOUT,
+ srp_identity = ?SECRET_PRINTOUT},
+ [{data, [{"StateData", State#state{connection_states = ?SECRET_PRINTOUT,
+ protocol_buffers = ?SECRET_PRINTOUT,
+ user_data_buffer = ?SECRET_PRINTOUT,
+ tls_handshake_history = ?SECRET_PRINTOUT,
+ session = ?SECRET_PRINTOUT,
+ private_key = ?SECRET_PRINTOUT,
+ diffie_hellman_params = ?SECRET_PRINTOUT,
+ diffie_hellman_keys = ?SECRET_PRINTOUT,
+ srp_params = ?SECRET_PRINTOUT,
+ srp_keys = ?SECRET_PRINTOUT,
+ premaster_secret = ?SECRET_PRINTOUT,
ssl_options = NewOptions
}}]}].
%%--------------------------------------------------------------------
diff --git a/lib/ssl/src/ssl_connection.hrl b/lib/ssl/src/ssl_connection.hrl
index c544a0591f..b9a1ef3a84 100644
--- a/lib/ssl/src/ssl_connection.hrl
+++ b/lib/ssl/src/ssl_connection.hrl
@@ -46,11 +46,11 @@
socket :: port(),
ssl_options :: #ssl_options{},
socket_options :: #socket_options{},
- connection_states :: #connection_states{},
- protocol_buffers :: term(), %% #protocol_buffers{} from tls_record.hrl or dtls_recor.hrl
- tls_handshake_history :: ssl_handshake:ssl_handshake_history(),
+ connection_states :: #connection_states{} | secret_printout(),
+ protocol_buffers :: term() | secret_printout() , %% #protocol_buffers{} from tls_record.hrl or dtls_recor.hrl
+ tls_handshake_history :: ssl_handshake:ssl_handshake_history() | secret_printout(),
cert_db :: reference(),
- session :: #session{},
+ session :: #session{} | secret_printout(),
session_cache :: db_handle(),
session_cache_cb :: atom(),
negotiated_version :: ssl_record:ssl_version(),
@@ -58,18 +58,18 @@
key_algorithm :: ssl_cipher:key_algo(),
hashsign_algorithm = {undefined, undefined},
cert_hashsign_algorithm,
- public_key_info ::ssl_handshake:public_key_info(),
- private_key ::public_key:private_key(),
- diffie_hellman_params, % PKIX: #'DHParameter'{} relevant for server side
- diffie_hellman_keys, % {PublicKey, PrivateKey}
+ public_key_info :: ssl_handshake:public_key_info(),
+ private_key :: public_key:private_key() | secret_printout(),
+ diffie_hellman_params:: #'DHParameter'{} | undefined | secret_printout(),
+ diffie_hellman_keys :: {PublicKey :: binary(), PrivateKey :: binary()} | #'ECPrivateKey'{} | undefined | secret_printout(),
psk_identity :: binary(), % server psk identity hint
- srp_params :: #srp_user{},
- srp_keys ::{PublicKey :: binary(), PrivateKey :: binary()},
- premaster_secret :: binary(),
+ srp_params :: #srp_user{} | secret_printout(),
+ srp_keys ::{PublicKey :: binary(), PrivateKey :: binary()} | secret_printout(),
+ premaster_secret :: binary() | secret_printout() ,
file_ref_db :: db_handle(),
cert_db_ref :: certdb_ref(),
bytes_to_read :: undefined | integer(), %% bytes to read in passive mode
- user_data_buffer :: undefined | binary(),
+ user_data_buffer :: undefined | binary() | secret_printout(),
renegotiation :: undefined | {boolean(), From::term() | internal | peer},
start_or_recv_from :: term(),
timer :: undefined | reference(), % start_or_recive_timer
diff --git a/lib/ssl/src/ssl_internal.hrl b/lib/ssl/src/ssl_internal.hrl
index 85724de4bd..75efb64e3f 100644
--- a/lib/ssl/src/ssl_internal.hrl
+++ b/lib/ssl/src/ssl_internal.hrl
@@ -24,6 +24,8 @@
-include_lib("public_key/include/public_key.hrl").
+-define(SECRET_PRINTOUT, "***").
+
-type reason() :: term().
-type reply() :: term().
-type msg() :: term().
@@ -36,6 +38,7 @@
-type issuer() :: tuple().
-type serialnumber() :: integer().
-type cert_key() :: {reference(), integer(), issuer()}.
+-type secret_printout() :: list().
%% basic binary constructors
-define(BOOLEAN(X), X:8/unsigned-big-integer).
@@ -81,16 +84,16 @@
validate_extensions_fun,
depth :: integer(),
certfile :: binary(),
- cert :: public_key:der_encoded(),
+ cert :: public_key:der_encoded() | secret_printout(),
keyfile :: binary(),
- key :: {'RSAPrivateKey' | 'DSAPrivateKey' | 'ECPrivateKey' | 'PrivateKeyInfo', public_key:der_encoded()},
- password :: string(),
- cacerts :: [public_key:der_encoded()],
+ key :: {'RSAPrivateKey' | 'DSAPrivateKey' | 'ECPrivateKey' | 'PrivateKeyInfo', public_key:der_encoded()} | secret_printout(),
+ password :: string() | secret_printout(),
+ cacerts :: [public_key:der_encoded()] | secret_printout(),
cacertfile :: binary(),
- dh :: public_key:der_encoded(),
- dhfile :: binary(),
+ dh :: public_key:der_encoded() | secret_printout(),
+ dhfile :: binary() | secret_printout(),
user_lookup_fun, % server option, fun to lookup the user
- psk_identity :: binary(),
+ psk_identity :: binary() | secret_printout() ,
srp_identity, % client option {User, Password}
ciphers, %
%% Local policy for the server if it want's to reuse the session