aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--lib/ssl/src/dtls_connection.erl6
-rw-r--r--lib/ssl/src/ssl_connection.erl37
-rw-r--r--lib/ssl/src/ssl_connection.hrl11
-rw-r--r--lib/ssl/src/tls_connection.erl4
4 files changed, 30 insertions, 28 deletions
diff --git a/lib/ssl/src/dtls_connection.erl b/lib/ssl/src/dtls_connection.erl
index 0c7446e894..493f3bf581 100644
--- a/lib/ssl/src/dtls_connection.erl
+++ b/lib/ssl/src/dtls_connection.erl
@@ -339,9 +339,9 @@ reinit_handshake_data(#state{static_env = #static_env{data_tag = DataTag},
protocol_buffers = Buffers,
protocol_specific = PS,
handshake_env = HsEnv} = State) ->
- State#state{premaster_secret = undefined,
- handshake_env = HsEnv#handshake_env{tls_handshake_history = ssl_handshake:init_handshake_history(),
- public_key_info = undefined},
+ State#state{handshake_env = HsEnv#handshake_env{tls_handshake_history = ssl_handshake:init_handshake_history(),
+ public_key_info = undefined,
+ premaster_secret = undefined},
protocol_specific = PS#{flight_state => initial_flight_state(DataTag)},
flight_buffer = new_flight(),
protocol_buffers =
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index c770ecbdd0..e2c9423560 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -590,8 +590,8 @@ handle_session(#server_hello{cipher_suite = CipherSuite,
State = State0#state{key_algorithm = KeyAlgorithm,
connection_states = ConnectionStates,
- premaster_secret = PremasterSecret,
- handshake_env = HsEnv#handshake_env{expecting_next_protocol_negotiation = ExpectNPN,
+ handshake_env = HsEnv#handshake_env{premaster_secret = PremasterSecret,
+ expecting_next_protocol_negotiation = ExpectNPN,
negotiated_protocol = Protocol},
connection_env = CEnv#connection_env{negotiated_version = Version}},
@@ -901,9 +901,9 @@ certify(internal, #server_hello_done{},
#state{static_env = #static_env{role = client},
session = #session{master_secret = undefined},
connection_env = #connection_env{negotiated_version = Version},
+ handshake_env = #handshake_env{premaster_secret = undefined} = HsEnv,
psk_identity = PSKIdentity,
ssl_options = #ssl_options{user_lookup_fun = PSKLookup},
- premaster_secret = undefined,
key_algorithm = Alg} = State0, Connection)
when Alg == psk ->
case ssl_handshake:premaster_secret({Alg, PSKIdentity}, PSKLookup) of
@@ -911,16 +911,17 @@ certify(internal, #server_hello_done{},
handle_own_alert(Alert, Version, ?FUNCTION_NAME, State0);
PremasterSecret ->
State = master_secret(PremasterSecret,
- State0#state{premaster_secret = PremasterSecret}),
- client_certify_and_key_exchange(State, Connection)
+ State0#state{handshake_env =
+ HsEnv#handshake_env{premaster_secret = PremasterSecret}}),
+ client_certify_and_key_exchange(State, Connection)
end;
certify(internal, #server_hello_done{},
#state{static_env = #static_env{role = client},
connection_env = #connection_env{negotiated_version = {Major, Minor}} = Version,
+ handshake_env = #handshake_env{premaster_secret = undefined} = HsEnv,
session = #session{master_secret = undefined},
ssl_options = #ssl_options{user_lookup_fun = PSKLookup},
psk_identity = PSKIdentity,
- premaster_secret = undefined,
key_algorithm = Alg} = State0, Connection)
when Alg == rsa_psk ->
Rand = ssl_cipher:random_bytes(?NUM_OF_PREMASTERSECRET_BYTES-2),
@@ -931,16 +932,17 @@ certify(internal, #server_hello_done{},
handle_own_alert(Alert, Version, ?FUNCTION_NAME, State0);
PremasterSecret ->
State = master_secret(PremasterSecret,
- State0#state{premaster_secret = RSAPremasterSecret}),
+ State0#state{handshake_env =
+ HsEnv#handshake_env{premaster_secret = RSAPremasterSecret}}),
client_certify_and_key_exchange(State, Connection)
end;
%% Master secret was determined with help of server-key exchange msg
certify(internal, #server_hello_done{},
#state{static_env = #static_env{role = client},
connection_env = #connection_env{negotiated_version = Version},
+ handshake_env = #handshake_env{premaster_secret = undefined},
session = #session{master_secret = MasterSecret} = Session,
- connection_states = ConnectionStates0,
- premaster_secret = undefined} = State0, Connection) ->
+ connection_states = ConnectionStates0} = State0, Connection) ->
case ssl_handshake:master_secret(ssl:tls_version(Version), Session,
ConnectionStates0, client) of
{MasterSecret, ConnectionStates} ->
@@ -953,9 +955,9 @@ certify(internal, #server_hello_done{},
certify(internal, #server_hello_done{},
#state{static_env = #static_env{role = client},
connection_env = #connection_env{negotiated_version = Version},
+ handshake_env = #handshake_env{premaster_secret = PremasterSecret},
session = Session0,
- connection_states = ConnectionStates0,
- premaster_secret = PremasterSecret} = State0, Connection) ->
+ connection_states = ConnectionStates0} = State0, Connection) ->
case ssl_handshake:master_secret(ssl:tls_version(Version), PremasterSecret,
ConnectionStates0, client) of
{MasterSecret, ConnectionStates} ->
@@ -1420,7 +1422,6 @@ format_status(terminate, [_, StateName, State]) ->
diffie_hellman_keys = ?SECRET_PRINTOUT,
srp_params = ?SECRET_PRINTOUT,
srp_keys = ?SECRET_PRINTOUT,
- premaster_secret = ?SECRET_PRINTOUT,
ssl_options = NewOptions,
flight_buffer = ?SECRET_PRINTOUT}
}}]}].
@@ -1865,10 +1866,10 @@ key_exchange(#state{static_env = #static_env{role = server}, key_algorithm = Alg
State#state{srp_params = SrpParams,
srp_keys = Keys};
key_exchange(#state{static_env = #static_env{role = client},
- handshake_env = #handshake_env{public_key_info = PublicKeyInfo},
+ handshake_env = #handshake_env{public_key_info = PublicKeyInfo,
+ premaster_secret = PremasterSecret},
connection_env = #connection_env{negotiated_version = Version},
- key_algorithm = rsa,
- premaster_secret = PremasterSecret} = State0, Connection) ->
+ key_algorithm = rsa} = State0, Connection) ->
Msg = rsa_key_exchange(ssl:tls_version(Version), PremasterSecret, PublicKeyInfo),
Connection:queue_handshake(Msg, State0);
key_exchange(#state{static_env = #static_env{role = client},
@@ -1920,11 +1921,11 @@ key_exchange(#state{static_env = #static_env{role = client},
Connection:queue_handshake(Msg, State0);
key_exchange(#state{static_env = #static_env{role = client},
- handshake_env = #handshake_env{public_key_info = PublicKeyInfo},
+ handshake_env = #handshake_env{public_key_info = PublicKeyInfo,
+ premaster_secret = PremasterSecret},
connection_env = #connection_env{negotiated_version = Version},
ssl_options = SslOpts,
- key_algorithm = rsa_psk,
- premaster_secret = PremasterSecret}
+ key_algorithm = rsa_psk}
= State0, Connection) ->
Msg = rsa_psk_key_exchange(ssl:tls_version(Version), SslOpts#ssl_options.psk_identity,
PremasterSecret, PublicKeyInfo),
diff --git a/lib/ssl/src/ssl_connection.hrl b/lib/ssl/src/ssl_connection.hrl
index 4c9f95c110..d598e513fa 100644
--- a/lib/ssl/src/ssl_connection.hrl
+++ b/lib/ssl/src/ssl_connection.hrl
@@ -69,7 +69,8 @@
hashsign_algorithm = {undefined, undefined},
cert_hashsign_algorithm = {undefined, undefined},
%% key exchange
- public_key_info :: ssl_handshake:public_key_info() | 'undefined'
+ public_key_info :: ssl_handshake:public_key_info() | 'undefined',
+ premaster_secret :: binary() | secret_printout() | 'undefined'
}).
-record(connection_env, {
@@ -95,7 +96,9 @@
bytes_to_read :: undefined | integer(), %% bytes to read in passive mode
start_or_recv_from :: term(),
timer :: undefined | reference(), % start_or_recive_timer
-
+
+ protocol_specific = #{} :: map(),
+
%% Change seldome
ssl_options :: #ssl_options{},
socket_options :: #socket_options{},
@@ -109,13 +112,11 @@
psk_identity :: binary() | 'undefined', % server psk identity hint
srp_params :: #srp_user{} | secret_printout() | 'undefined',
srp_keys ::{PublicKey :: binary(), PrivateKey :: binary()} | secret_printout() | 'undefined',
- premaster_secret :: binary() | secret_printout() | 'undefined',
- flight_buffer = [] :: list() | map(), %% Buffer of TLS/DTLS records, used during the TLS handshake
+ flight_buffer = [] :: list() | map() %% Buffer of TLS/DTLS records, used during the TLS handshake
%% to when possible pack more than one TLS record into the
%% underlaying packet format. Introduced by DTLS - RFC 4347.
%% The mecahnism is also usefull in TLS although we do not
%% need to worry about packet loss in TLS. In DTLS we need to track DTLS handshake seqnr
- protocol_specific = #{} :: map()
}).
diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl
index a94782f305..e1080b2fc9 100644
--- a/lib/ssl/src/tls_connection.erl
+++ b/lib/ssl/src/tls_connection.erl
@@ -347,9 +347,9 @@ reinit_handshake_data(#state{handshake_env = HsEnv} =State) ->
%% are only needed during the handshake phase.
%% To reduce memory foot print of a connection reinitialize them.
State#state{
- premaster_secret = undefined,
handshake_env = HsEnv#handshake_env{tls_handshake_history = ssl_handshake:init_handshake_history(),
- public_key_info = undefined}
+ public_key_info = undefined,
+ premaster_secret = undefined}
}.
select_sni_extension(#client_hello{extensions = HelloExtensions}) ->