ssl: Add TLS version to ssl_handshake:key_exchange/3

TLS 1.2 changed the way digital signatures are done. key_exchange/3 needs to pass the version to it.
author: Andreas Schultz <[email protected]> 2012-06-15 17:52:30 +0200
committer: Ingela Anderton Andin <[email protected]> 2012-08-22 14:00:44 +0200
commit: fc4c828438e99afe47f7531101a1561decc3cf37 (patch)
tree: 4ccfe12e216687d3e4e8677130a293c94064aba9 /lib/ssl
parent: 7dcf8182fb71d594d639c26aeedadef253be1733 (diff)
download: otp-fc4c828438e99afe47f7531101a1561decc3cf37.tar.gz
otp-fc4c828438e99afe47f7531101a1561decc3cf37.tar.bz2
otp-fc4c828438e99afe47f7531101a1561decc3cf37.zip
2 files changed, 11 insertions, 11 deletions
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index 965b396353..94d129de6f 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -1446,7 +1446,7 @@ key_exchange(#state{role = server, key_algorithm = Algo,
     SecParams = ConnectionState#connection_state.security_parameters,
     #security_parameters{client_random = ClientRandom,
 			 server_random = ServerRandom} = SecParams, 
-    Msg =  ssl_handshake:key_exchange(server, {dh, Keys, Params,
+    Msg =  ssl_handshake:key_exchange(server, Version, {dh, Keys, Params,
 					       Algo, ClientRandom, 
 					       ServerRandom,
 					       PrivateKey}),
@@ -1465,7 +1465,7 @@ key_exchange(#state{role = client,
 		    premaster_secret = PremasterSecret,
 		    socket = Socket, transport_cb = Transport,
 		    tls_handshake_history = Handshake0} = State) ->
-    Msg = rsa_key_exchange(PremasterSecret, PublicKeyInfo),    
+    Msg = rsa_key_exchange(Version, PremasterSecret, PublicKeyInfo),
     {BinMsg, ConnectionStates, Handshake} =
         encode_handshake(Msg, Version, ConnectionStates0, Handshake0),
     Transport:send(Socket, BinMsg),
@@ -1481,22 +1481,22 @@ key_exchange(#state{role = client,
   when Algorithm == dhe_dss;
        Algorithm == dhe_rsa;
        Algorithm == dh_anon ->
-    Msg =  ssl_handshake:key_exchange(client, {dh, DhPubKey}),
+    Msg =  ssl_handshake:key_exchange(client, Version, {dh, DhPubKey}),
     {BinMsg, ConnectionStates, Handshake} =
         encode_handshake(Msg, Version, ConnectionStates0, Handshake0),
     Transport:send(Socket, BinMsg),
     State#state{connection_states = ConnectionStates,
                 tls_handshake_history = Handshake}.
 
-rsa_key_exchange(PremasterSecret, PublicKeyInfo = {Algorithm, _, _})  
+rsa_key_exchange(Version, PremasterSecret, PublicKeyInfo = {Algorithm, _, _})
   when Algorithm == ?rsaEncryption;
        Algorithm == ?md2WithRSAEncryption;
        Algorithm == ?md5WithRSAEncryption;
        Algorithm == ?sha1WithRSAEncryption ->
-    ssl_handshake:key_exchange(client,
+    ssl_handshake:key_exchange(client, Version,
 			       {premaster_secret, PremasterSecret,
 				PublicKeyInfo});
-rsa_key_exchange(_, _) ->
+rsa_key_exchange(_, _, _) ->
     throw (?ALERT_REC(?FATAL,?HANDSHAKE_FAILURE)).
 
 request_client_cert(#state{ssl_options = #ssl_options{verify = verify_peer},
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index cf42129534..ef7900c470 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -33,7 +33,7 @@
 -export([master_secret/4, client_hello/8, server_hello/4, hello/4,
 	 hello_request/0, certify/7, certificate/4,
 	 client_certificate_verify/5, certificate_verify/5,
-	 certificate_request/3, key_exchange/2, server_key_exchange_hash/2,
+	 certificate_request/3, key_exchange/3, server_key_exchange_hash/2,
 	 finished/4, verify_connection/5, get_tls_handshake/2,
 	 decode_client_key/3, server_hello_done/0,
 	 encode_handshake/2, init_handshake_history/0, update_handshake_history/2,
@@ -327,7 +327,7 @@ certificate_request(ConnectionStates, CertDbHandle, CertDbRef) ->
 		   }.
 
 %%--------------------------------------------------------------------
--spec key_exchange(client | server, 
+-spec key_exchange(client | server, tls_version(),
 		   {premaster_secret, binary(), public_key_info()} |
 		   {dh, binary()} |
 		   {dh, {binary(), binary()}, #'DHParameter'{}, key_algo(),
@@ -336,18 +336,18 @@ certificate_request(ConnectionStates, CertDbHandle, CertDbRef) ->
 %%
 %% Description: Creates a keyexchange message.
 %%--------------------------------------------------------------------
-key_exchange(client, {premaster_secret, Secret, {_, PublicKey, _}}) ->
+key_exchange(client, _Version, {premaster_secret, Secret, {_, PublicKey, _}}) ->
     EncPremasterSecret =
 	encrypted_premaster_secret(Secret, PublicKey),
     #client_key_exchange{exchange_keys = EncPremasterSecret};
 
-key_exchange(client, {dh, <<?UINT32(Len), PublicKey:Len/binary>>}) ->
+key_exchange(client, _Version, {dh, <<?UINT32(Len), PublicKey:Len/binary>>}) ->
     #client_key_exchange{
 	      exchange_keys = #client_diffie_hellman_public{
 		dh_public = PublicKey}
 	       };
 
-key_exchange(server, {dh, {<<?UINT32(Len), PublicKey:Len/binary>>, _}, 
+key_exchange(server, _Version, {dh, {<<?UINT32(Len), PublicKey:Len/binary>>, _},
 		      #'DHParameter'{prime = P, base = G},
 		      KeyAlgo, ClientRandom, ServerRandom, PrivateKey}) ->
     <<?UINT32(_), PBin/binary>> = crypto:mpint(P),
author	Andreas Schultz <[email protected]>	2012-06-15 17:52:30 +0200
committer	Ingela Anderton Andin <[email protected]>	2012-08-22 14:00:44 +0200
commit	fc4c828438e99afe47f7531101a1561decc3cf37 (patch)
tree	4ccfe12e216687d3e4e8677130a293c94064aba9 /lib/ssl
parent	7dcf8182fb71d594d639c26aeedadef253be1733 (diff)
download	otp-fc4c828438e99afe47f7531101a1561decc3cf37.tar.gz otp-fc4c828438e99afe47f7531101a1561decc3cf37.tar.bz2 otp-fc4c828438e99afe47f7531101a1561decc3cf37.zip