diff options
author | Andreas Schultz <[email protected]> | 2012-04-08 00:34:36 +0200 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2012-08-22 14:00:44 +0200 |
commit | 7c9639c785bb6b3047788b6b27ddbafb8f5b0b08 (patch) | |
tree | 8086999055c3ac918b18c126be25998fccd09606 /lib/ssl | |
parent | d7ced5ea0c0fa88a03adf0e5d05d6bac3c3fbaae (diff) | |
download | otp-7c9639c785bb6b3047788b6b27ddbafb8f5b0b08.tar.gz otp-7c9639c785bb6b3047788b6b27ddbafb8f5b0b08.tar.bz2 otp-7c9639c785bb6b3047788b6b27ddbafb8f5b0b08.zip |
ssl: Add TLS version paramter to verify_dh_params
dh parameter verification is done differently with TLS 1.2.
Prepare for that by passing the verion to verify_dh_params.
Diffstat (limited to 'lib/ssl')
-rw-r--r-- | lib/ssl/src/ssl_connection.erl | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl index 0cf753303b..4552941297 100644 --- a/lib/ssl/src/ssl_connection.erl +++ b/lib/ssl/src/ssl_connection.erl @@ -1571,7 +1571,8 @@ handle_server_key( dh_g = G, dh_y = ServerPublicDhKey}, signed_params = Signed}, - #state{public_key_info = PubKeyInfo, + #state{negotiated_version = Version, + public_key_info = PubKeyInfo, key_algorithm = KeyAlgo, connection_states = ConnectionStates} = State) -> @@ -1592,14 +1593,17 @@ handle_server_key( ?UINT16(YLen), ServerPublicDhKey/binary>>), - case verify_dh_params(Signed, Hash, PubKeyInfo) of + case verify_dh_params(Version, Signed, Hash, PubKeyInfo) of true -> dh_master_secret(P, G, ServerPublicDhKey, undefined, State); false -> ?ALERT_REC(?FATAL, ?DECRYPT_ERROR) end. -verify_dh_params(Signed, Hashes, {?rsaEncryption, PubKey, _PubKeyParams}) -> +verify_dh_params({3, Minor}, Signed, Hashes, {?rsaEncryption, PubKey, _PubKeyParams}) + when Minor >= 3 -> + public_key:verify({digest, Hashes}, sha, Signed, PubKey); +verify_dh_params(_Version, Signed, Hashes, {?rsaEncryption, PubKey, _PubKeyParams}) -> case public_key:decrypt_public(Signed, PubKey, [{rsa_pad, rsa_pkcs1_padding}]) of Hashes -> @@ -1607,8 +1611,8 @@ verify_dh_params(Signed, Hashes, {?rsaEncryption, PubKey, _PubKeyParams}) -> _ -> false end; -verify_dh_params(Signed, Hash, {?'id-dsa', PublicKey, PublicKeyParams}) -> - public_key:verify(Hash, none, Signed, {PublicKey, PublicKeyParams}). +verify_dh_params(_Version, Signed, Hash, {?'id-dsa', PublicKey, PublicKeyParams}) -> + public_key:verify({digest, Hash}, sha, Signed, {PublicKey, PublicKeyParams}). dh_master_secret(Prime, Base, PublicDhKey, undefined, State) -> PMpint = mpint_binary(Prime), |