From d56923ffbef7801e93a4a298ce9a7bd990410d42 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Thu, 7 Feb 2019 21:15:41 +0100 Subject: ssl: Move diffie_hellman_params to handshake_env --- lib/ssl/src/ssl_connection.erl | 24 ++++++++++++------------ lib/ssl/src/ssl_connection.hrl | 2 +- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl index 5510235b04..e4715ba329 100644 --- a/lib/ssl/src/ssl_connection.erl +++ b/lib/ssl/src/ssl_connection.erl @@ -608,6 +608,7 @@ handle_session(#server_hello{cipher_suite = CipherSuite, -spec ssl_config(#ssl_options{}, client | server, #state{}) -> #state{}. %%-------------------------------------------------------------------- ssl_config(Opts, Role, #state{static_env = InitStatEnv0, + handshake_env = HsEnv, connection_env = CEnv} = State0) -> {ok, #{cert_db_ref := Ref, cert_db_handle := CertDbHandle, @@ -630,8 +631,8 @@ ssl_config(Opts, Role, #state{static_env = InitStatEnv0, crl_db = CRLDbHandle, session_cache = CacheHandle }, + handshake_env = HsEnv#handshake_env{diffie_hellman_params = DHParams}, connection_env = CEnv#connection_env{private_key = Key}, - diffie_hellman_params = DHParams, ssl_options = Opts}. %%==================================================================== @@ -1418,7 +1419,6 @@ format_status(terminate, [_, StateName, State]) -> handshake_env = ?SECRET_PRINTOUT, connection_env = ?SECRET_PRINTOUT, session = ?SECRET_PRINTOUT, - diffie_hellman_params = ?SECRET_PRINTOUT, diffie_hellman_keys = ?SECRET_PRINTOUT, srp_params = ?SECRET_PRINTOUT, srp_keys = ?SECRET_PRINTOUT, @@ -1640,7 +1640,7 @@ certify_client_key_exchange(#encrypted_premaster_secret{premaster_secret= EncPMS end, calculate_master_secret(PremasterSecret, State, Connection, certify, cipher); certify_client_key_exchange(#client_diffie_hellman_public{dh_public = ClientPublicDhKey}, - #state{diffie_hellman_params = #'DHParameter'{} = Params, + #state{handshake_env = #handshake_env{diffie_hellman_params = #'DHParameter'{} = Params}, diffie_hellman_keys = {_, ServerDhPrivateKey}} = State, Connection) -> PremasterSecret = ssl_handshake:premaster_secret(ClientPublicDhKey, ServerDhPrivateKey, Params), @@ -1657,7 +1657,7 @@ certify_client_key_exchange(#client_psk_identity{} = ClientKey, PremasterSecret = ssl_handshake:premaster_secret(ClientKey, PSKLookup), calculate_master_secret(PremasterSecret, State0, Connection, certify, cipher); certify_client_key_exchange(#client_dhe_psk_identity{} = ClientKey, - #state{diffie_hellman_params = #'DHParameter'{} = Params, + #state{handshake_env = #handshake_env{diffie_hellman_params = #'DHParameter'{} = Params}, diffie_hellman_keys = {_, ServerDhPrivateKey}, ssl_options = #ssl_options{user_lookup_fun = PSKLookup}} = State0, @@ -1707,10 +1707,10 @@ certify_server(#state{static_env = #static_env{cert_db = CertDbHandle, key_exchange(#state{static_env = #static_env{role = server}, key_algorithm = rsa} = State,_) -> State; key_exchange(#state{static_env = #static_env{role = server}, key_algorithm = Algo, - handshake_env = #handshake_env{hashsign_algorithm = HashSignAlgo}, + handshake_env = #handshake_env{diffie_hellman_params = #'DHParameter'{} = Params, + hashsign_algorithm = HashSignAlgo}, connection_env = #connection_env{negotiated_version = Version, private_key = PrivateKey}, - diffie_hellman_params = #'DHParameter'{} = Params, connection_states = ConnectionStates0} = State0, Connection) when Algo == dhe_dss; Algo == dhe_rsa; @@ -1775,10 +1775,10 @@ key_exchange(#state{static_env = #static_env{role = server}, key_algorithm = psk Connection:queue_handshake(Msg, State0); key_exchange(#state{static_env = #static_env{role = server}, key_algorithm = dhe_psk, ssl_options = #ssl_options{psk_identity = PskIdentityHint}, - handshake_env = #handshake_env{hashsign_algorithm = HashSignAlgo}, + handshake_env = #handshake_env{diffie_hellman_params = #'DHParameter'{} = Params, + hashsign_algorithm = HashSignAlgo}, connection_env = #connection_env{negotiated_version = Version, private_key = PrivateKey}, - diffie_hellman_params = #'DHParameter'{} = Params, connection_states = ConnectionStates0 } = State0, Connection) -> DHKeys = public_key:generate_key(Params), @@ -2755,12 +2755,12 @@ handle_sni_extension(#sni{hostname = Hostname}, #state{static_env = #static_env{ cert_db = CertDbHandle, crl_db = CRLDbHandle, session_cache = CacheHandle - }, + }, connection_env = CEnv#connection_env{private_key = Key}, - diffie_hellman_params = DHParams, ssl_options = NewOptions, - handshake_env = HsEnv#handshake_env{sni_hostname = Hostname} - } + handshake_env = HsEnv#handshake_env{sni_hostname = Hostname, + diffie_hellman_params = DHParams} + } end. update_ssl_options_from_sni(OrigSSLOptions, SNIHostname) -> diff --git a/lib/ssl/src/ssl_connection.hrl b/lib/ssl/src/ssl_connection.hrl index 27d414d351..97faa36c77 100644 --- a/lib/ssl/src/ssl_connection.hrl +++ b/lib/ssl/src/ssl_connection.hrl @@ -69,6 +69,7 @@ hashsign_algorithm = {undefined, undefined}, cert_hashsign_algorithm = {undefined, undefined}, %% key exchange + diffie_hellman_params:: #'DHParameter'{} | undefined | secret_printout(), public_key_info :: ssl_handshake:public_key_info() | 'undefined', premaster_secret :: binary() | secret_printout() | 'undefined', server_psk_identity :: binary() | 'undefined' % server psk identity hint @@ -108,7 +109,6 @@ %% Used only in HS client_certificate_requested = false :: boolean(), key_algorithm :: ssl:key_algo(), - diffie_hellman_params:: #'DHParameter'{} | undefined | secret_printout(), diffie_hellman_keys :: {PublicKey :: binary(), PrivateKey :: binary()} | #'ECPrivateKey'{} | undefined | secret_printout(), srp_params :: #srp_user{} | secret_printout() | 'undefined', srp_keys ::{PublicKey :: binary(), PrivateKey :: binary()} | secret_printout() | 'undefined', -- cgit v1.2.3