diff options
author | Ingela Anderton Andin <[email protected]> | 2019-02-07 21:15:41 +0100 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2019-02-08 09:23:08 +0100 |
commit | d56923ffbef7801e93a4a298ce9a7bd990410d42 (patch) | |
tree | 53c91bc37a24bc01d12320974bbfd88a6451839a /lib | |
parent | fd17b2ec302f8324b26a2cb87cd9cc3705a9e61f (diff) | |
download | otp-d56923ffbef7801e93a4a298ce9a7bd990410d42.tar.gz otp-d56923ffbef7801e93a4a298ce9a7bd990410d42.tar.bz2 otp-d56923ffbef7801e93a4a298ce9a7bd990410d42.zip |
ssl: Move diffie_hellman_params to handshake_env
Diffstat (limited to 'lib')
-rw-r--r-- | lib/ssl/src/ssl_connection.erl | 24 | ||||
-rw-r--r-- | lib/ssl/src/ssl_connection.hrl | 2 |
2 files changed, 13 insertions, 13 deletions
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl index 5510235b04..e4715ba329 100644 --- a/lib/ssl/src/ssl_connection.erl +++ b/lib/ssl/src/ssl_connection.erl @@ -608,6 +608,7 @@ handle_session(#server_hello{cipher_suite = CipherSuite, -spec ssl_config(#ssl_options{}, client | server, #state{}) -> #state{}. %%-------------------------------------------------------------------- ssl_config(Opts, Role, #state{static_env = InitStatEnv0, + handshake_env = HsEnv, connection_env = CEnv} = State0) -> {ok, #{cert_db_ref := Ref, cert_db_handle := CertDbHandle, @@ -630,8 +631,8 @@ ssl_config(Opts, Role, #state{static_env = InitStatEnv0, crl_db = CRLDbHandle, session_cache = CacheHandle }, + handshake_env = HsEnv#handshake_env{diffie_hellman_params = DHParams}, connection_env = CEnv#connection_env{private_key = Key}, - diffie_hellman_params = DHParams, ssl_options = Opts}. %%==================================================================== @@ -1418,7 +1419,6 @@ format_status(terminate, [_, StateName, State]) -> handshake_env = ?SECRET_PRINTOUT, connection_env = ?SECRET_PRINTOUT, session = ?SECRET_PRINTOUT, - diffie_hellman_params = ?SECRET_PRINTOUT, diffie_hellman_keys = ?SECRET_PRINTOUT, srp_params = ?SECRET_PRINTOUT, srp_keys = ?SECRET_PRINTOUT, @@ -1640,7 +1640,7 @@ certify_client_key_exchange(#encrypted_premaster_secret{premaster_secret= EncPMS end, calculate_master_secret(PremasterSecret, State, Connection, certify, cipher); certify_client_key_exchange(#client_diffie_hellman_public{dh_public = ClientPublicDhKey}, - #state{diffie_hellman_params = #'DHParameter'{} = Params, + #state{handshake_env = #handshake_env{diffie_hellman_params = #'DHParameter'{} = Params}, diffie_hellman_keys = {_, ServerDhPrivateKey}} = State, Connection) -> PremasterSecret = ssl_handshake:premaster_secret(ClientPublicDhKey, ServerDhPrivateKey, Params), @@ -1657,7 +1657,7 @@ certify_client_key_exchange(#client_psk_identity{} = ClientKey, PremasterSecret = ssl_handshake:premaster_secret(ClientKey, PSKLookup), calculate_master_secret(PremasterSecret, State0, Connection, certify, cipher); certify_client_key_exchange(#client_dhe_psk_identity{} = ClientKey, - #state{diffie_hellman_params = #'DHParameter'{} = Params, + #state{handshake_env = #handshake_env{diffie_hellman_params = #'DHParameter'{} = Params}, diffie_hellman_keys = {_, ServerDhPrivateKey}, ssl_options = #ssl_options{user_lookup_fun = PSKLookup}} = State0, @@ -1707,10 +1707,10 @@ certify_server(#state{static_env = #static_env{cert_db = CertDbHandle, key_exchange(#state{static_env = #static_env{role = server}, key_algorithm = rsa} = State,_) -> State; key_exchange(#state{static_env = #static_env{role = server}, key_algorithm = Algo, - handshake_env = #handshake_env{hashsign_algorithm = HashSignAlgo}, + handshake_env = #handshake_env{diffie_hellman_params = #'DHParameter'{} = Params, + hashsign_algorithm = HashSignAlgo}, connection_env = #connection_env{negotiated_version = Version, private_key = PrivateKey}, - diffie_hellman_params = #'DHParameter'{} = Params, connection_states = ConnectionStates0} = State0, Connection) when Algo == dhe_dss; Algo == dhe_rsa; @@ -1775,10 +1775,10 @@ key_exchange(#state{static_env = #static_env{role = server}, key_algorithm = psk Connection:queue_handshake(Msg, State0); key_exchange(#state{static_env = #static_env{role = server}, key_algorithm = dhe_psk, ssl_options = #ssl_options{psk_identity = PskIdentityHint}, - handshake_env = #handshake_env{hashsign_algorithm = HashSignAlgo}, + handshake_env = #handshake_env{diffie_hellman_params = #'DHParameter'{} = Params, + hashsign_algorithm = HashSignAlgo}, connection_env = #connection_env{negotiated_version = Version, private_key = PrivateKey}, - diffie_hellman_params = #'DHParameter'{} = Params, connection_states = ConnectionStates0 } = State0, Connection) -> DHKeys = public_key:generate_key(Params), @@ -2755,12 +2755,12 @@ handle_sni_extension(#sni{hostname = Hostname}, #state{static_env = #static_env{ cert_db = CertDbHandle, crl_db = CRLDbHandle, session_cache = CacheHandle - }, + }, connection_env = CEnv#connection_env{private_key = Key}, - diffie_hellman_params = DHParams, ssl_options = NewOptions, - handshake_env = HsEnv#handshake_env{sni_hostname = Hostname} - } + handshake_env = HsEnv#handshake_env{sni_hostname = Hostname, + diffie_hellman_params = DHParams} + } end. update_ssl_options_from_sni(OrigSSLOptions, SNIHostname) -> diff --git a/lib/ssl/src/ssl_connection.hrl b/lib/ssl/src/ssl_connection.hrl index 27d414d351..97faa36c77 100644 --- a/lib/ssl/src/ssl_connection.hrl +++ b/lib/ssl/src/ssl_connection.hrl @@ -69,6 +69,7 @@ hashsign_algorithm = {undefined, undefined}, cert_hashsign_algorithm = {undefined, undefined}, %% key exchange + diffie_hellman_params:: #'DHParameter'{} | undefined | secret_printout(), public_key_info :: ssl_handshake:public_key_info() | 'undefined', premaster_secret :: binary() | secret_printout() | 'undefined', server_psk_identity :: binary() | 'undefined' % server psk identity hint @@ -108,7 +109,6 @@ %% Used only in HS client_certificate_requested = false :: boolean(), key_algorithm :: ssl:key_algo(), - diffie_hellman_params:: #'DHParameter'{} | undefined | secret_printout(), diffie_hellman_keys :: {PublicKey :: binary(), PrivateKey :: binary()} | #'ECPrivateKey'{} | undefined | secret_printout(), srp_params :: #srp_user{} | secret_printout() | 'undefined', srp_keys ::{PublicKey :: binary(), PrivateKey :: binary()} | secret_printout() | 'undefined', |