aboutsummaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2019-02-07 21:15:41 +0100
committerIngela Anderton Andin <[email protected]>2019-02-08 09:23:08 +0100
commitd56923ffbef7801e93a4a298ce9a7bd990410d42 (patch)
tree53c91bc37a24bc01d12320974bbfd88a6451839a /lib
parentfd17b2ec302f8324b26a2cb87cd9cc3705a9e61f (diff)
downloadotp-d56923ffbef7801e93a4a298ce9a7bd990410d42.tar.gz
otp-d56923ffbef7801e93a4a298ce9a7bd990410d42.tar.bz2
otp-d56923ffbef7801e93a4a298ce9a7bd990410d42.zip
ssl: Move diffie_hellman_params to handshake_env
Diffstat (limited to 'lib')
-rw-r--r--lib/ssl/src/ssl_connection.erl24
-rw-r--r--lib/ssl/src/ssl_connection.hrl2
2 files changed, 13 insertions, 13 deletions
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index 5510235b04..e4715ba329 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -608,6 +608,7 @@ handle_session(#server_hello{cipher_suite = CipherSuite,
-spec ssl_config(#ssl_options{}, client | server, #state{}) -> #state{}.
%%--------------------------------------------------------------------
ssl_config(Opts, Role, #state{static_env = InitStatEnv0,
+ handshake_env = HsEnv,
connection_env = CEnv} = State0) ->
{ok, #{cert_db_ref := Ref,
cert_db_handle := CertDbHandle,
@@ -630,8 +631,8 @@ ssl_config(Opts, Role, #state{static_env = InitStatEnv0,
crl_db = CRLDbHandle,
session_cache = CacheHandle
},
+ handshake_env = HsEnv#handshake_env{diffie_hellman_params = DHParams},
connection_env = CEnv#connection_env{private_key = Key},
- diffie_hellman_params = DHParams,
ssl_options = Opts}.
%%====================================================================
@@ -1418,7 +1419,6 @@ format_status(terminate, [_, StateName, State]) ->
handshake_env = ?SECRET_PRINTOUT,
connection_env = ?SECRET_PRINTOUT,
session = ?SECRET_PRINTOUT,
- diffie_hellman_params = ?SECRET_PRINTOUT,
diffie_hellman_keys = ?SECRET_PRINTOUT,
srp_params = ?SECRET_PRINTOUT,
srp_keys = ?SECRET_PRINTOUT,
@@ -1640,7 +1640,7 @@ certify_client_key_exchange(#encrypted_premaster_secret{premaster_secret= EncPMS
end,
calculate_master_secret(PremasterSecret, State, Connection, certify, cipher);
certify_client_key_exchange(#client_diffie_hellman_public{dh_public = ClientPublicDhKey},
- #state{diffie_hellman_params = #'DHParameter'{} = Params,
+ #state{handshake_env = #handshake_env{diffie_hellman_params = #'DHParameter'{} = Params},
diffie_hellman_keys = {_, ServerDhPrivateKey}} = State,
Connection) ->
PremasterSecret = ssl_handshake:premaster_secret(ClientPublicDhKey, ServerDhPrivateKey, Params),
@@ -1657,7 +1657,7 @@ certify_client_key_exchange(#client_psk_identity{} = ClientKey,
PremasterSecret = ssl_handshake:premaster_secret(ClientKey, PSKLookup),
calculate_master_secret(PremasterSecret, State0, Connection, certify, cipher);
certify_client_key_exchange(#client_dhe_psk_identity{} = ClientKey,
- #state{diffie_hellman_params = #'DHParameter'{} = Params,
+ #state{handshake_env = #handshake_env{diffie_hellman_params = #'DHParameter'{} = Params},
diffie_hellman_keys = {_, ServerDhPrivateKey},
ssl_options =
#ssl_options{user_lookup_fun = PSKLookup}} = State0,
@@ -1707,10 +1707,10 @@ certify_server(#state{static_env = #static_env{cert_db = CertDbHandle,
key_exchange(#state{static_env = #static_env{role = server}, key_algorithm = rsa} = State,_) ->
State;
key_exchange(#state{static_env = #static_env{role = server}, key_algorithm = Algo,
- handshake_env = #handshake_env{hashsign_algorithm = HashSignAlgo},
+ handshake_env = #handshake_env{diffie_hellman_params = #'DHParameter'{} = Params,
+ hashsign_algorithm = HashSignAlgo},
connection_env = #connection_env{negotiated_version = Version,
private_key = PrivateKey},
- diffie_hellman_params = #'DHParameter'{} = Params,
connection_states = ConnectionStates0} = State0, Connection)
when Algo == dhe_dss;
Algo == dhe_rsa;
@@ -1775,10 +1775,10 @@ key_exchange(#state{static_env = #static_env{role = server}, key_algorithm = psk
Connection:queue_handshake(Msg, State0);
key_exchange(#state{static_env = #static_env{role = server}, key_algorithm = dhe_psk,
ssl_options = #ssl_options{psk_identity = PskIdentityHint},
- handshake_env = #handshake_env{hashsign_algorithm = HashSignAlgo},
+ handshake_env = #handshake_env{diffie_hellman_params = #'DHParameter'{} = Params,
+ hashsign_algorithm = HashSignAlgo},
connection_env = #connection_env{negotiated_version = Version,
private_key = PrivateKey},
- diffie_hellman_params = #'DHParameter'{} = Params,
connection_states = ConnectionStates0
} = State0, Connection) ->
DHKeys = public_key:generate_key(Params),
@@ -2755,12 +2755,12 @@ handle_sni_extension(#sni{hostname = Hostname}, #state{static_env = #static_env{
cert_db = CertDbHandle,
crl_db = CRLDbHandle,
session_cache = CacheHandle
- },
+ },
connection_env = CEnv#connection_env{private_key = Key},
- diffie_hellman_params = DHParams,
ssl_options = NewOptions,
- handshake_env = HsEnv#handshake_env{sni_hostname = Hostname}
- }
+ handshake_env = HsEnv#handshake_env{sni_hostname = Hostname,
+ diffie_hellman_params = DHParams}
+ }
end.
update_ssl_options_from_sni(OrigSSLOptions, SNIHostname) ->
diff --git a/lib/ssl/src/ssl_connection.hrl b/lib/ssl/src/ssl_connection.hrl
index 27d414d351..97faa36c77 100644
--- a/lib/ssl/src/ssl_connection.hrl
+++ b/lib/ssl/src/ssl_connection.hrl
@@ -69,6 +69,7 @@
hashsign_algorithm = {undefined, undefined},
cert_hashsign_algorithm = {undefined, undefined},
%% key exchange
+ diffie_hellman_params:: #'DHParameter'{} | undefined | secret_printout(),
public_key_info :: ssl_handshake:public_key_info() | 'undefined',
premaster_secret :: binary() | secret_printout() | 'undefined',
server_psk_identity :: binary() | 'undefined' % server psk identity hint
@@ -108,7 +109,6 @@
%% Used only in HS
client_certificate_requested = false :: boolean(),
key_algorithm :: ssl:key_algo(),
- diffie_hellman_params:: #'DHParameter'{} | undefined | secret_printout(),
diffie_hellman_keys :: {PublicKey :: binary(), PrivateKey :: binary()} | #'ECPrivateKey'{} | undefined | secret_printout(),
srp_params :: #srp_user{} | secret_printout() | 'undefined',
srp_keys ::{PublicKey :: binary(), PrivateKey :: binary()} | secret_printout() | 'undefined',