From ff2c0fb176c78dc38cd154313402e1fc53e671fd Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Thu, 7 Feb 2019 10:34:13 +0100
Subject: ssl: Move premaster_secret to handshake_env

---
 lib/ssl/src/dtls_connection.erl |  6 +++---
 lib/ssl/src/ssl_connection.erl  | 37 +++++++++++++++++++------------------
 lib/ssl/src/ssl_connection.hrl  | 11 ++++++-----
 lib/ssl/src/tls_connection.erl  |  4 ++--
 4 files changed, 30 insertions(+), 28 deletions(-)

(limited to 'lib/ssl/src')

diff --git a/lib/ssl/src/dtls_connection.erl b/lib/ssl/src/dtls_connection.erl
index 0c7446e894..493f3bf581 100644
--- a/lib/ssl/src/dtls_connection.erl
+++ b/lib/ssl/src/dtls_connection.erl
@@ -339,9 +339,9 @@ reinit_handshake_data(#state{static_env = #static_env{data_tag = DataTag},
                              protocol_buffers = Buffers,
                              protocol_specific = PS,
                              handshake_env = HsEnv} = State) ->
-    State#state{premaster_secret = undefined,
-                handshake_env = HsEnv#handshake_env{tls_handshake_history = ssl_handshake:init_handshake_history(),
-                                                    public_key_info = undefined},
+    State#state{handshake_env = HsEnv#handshake_env{tls_handshake_history = ssl_handshake:init_handshake_history(),
+                                                    public_key_info = undefined,
+                                                    premaster_secret = undefined},
                 protocol_specific = PS#{flight_state => initial_flight_state(DataTag)},
 		flight_buffer = new_flight(),
                 protocol_buffers =
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index c770ecbdd0..e2c9423560 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -590,8 +590,8 @@ handle_session(#server_hello{cipher_suite = CipherSuite,
 
     State = State0#state{key_algorithm = KeyAlgorithm,
 			 connection_states = ConnectionStates,
-			 premaster_secret = PremasterSecret,
-			 handshake_env = HsEnv#handshake_env{expecting_next_protocol_negotiation = ExpectNPN,
+			 handshake_env = HsEnv#handshake_env{premaster_secret = PremasterSecret,
+                                                             expecting_next_protocol_negotiation = ExpectNPN,
                                                              negotiated_protocol = Protocol},
                          connection_env = CEnv#connection_env{negotiated_version = Version}},
     
@@ -901,9 +901,9 @@ certify(internal, #server_hello_done{},
 	#state{static_env = #static_env{role = client},
                session = #session{master_secret = undefined},
                connection_env = #connection_env{negotiated_version = Version},
+               handshake_env = #handshake_env{premaster_secret = undefined} = HsEnv,
 	       psk_identity = PSKIdentity,
 	       ssl_options = #ssl_options{user_lookup_fun = PSKLookup},
-	       premaster_secret = undefined,
 	       key_algorithm = Alg} = State0, Connection)
   when Alg == psk ->
     case ssl_handshake:premaster_secret({Alg, PSKIdentity}, PSKLookup) of
@@ -911,16 +911,17 @@ certify(internal, #server_hello_done{},
 	    handle_own_alert(Alert, Version, ?FUNCTION_NAME, State0);
 	PremasterSecret ->
 	    State = master_secret(PremasterSecret,
-				  State0#state{premaster_secret = PremasterSecret}),
-	    client_certify_and_key_exchange(State, Connection)
+				  State0#state{handshake_env =
+                                                   HsEnv#handshake_env{premaster_secret = PremasterSecret}}),
+            client_certify_and_key_exchange(State, Connection)
     end;
 certify(internal, #server_hello_done{},
 	#state{static_env = #static_env{role = client},
                connection_env = #connection_env{negotiated_version = {Major, Minor}} = Version,
+               handshake_env = #handshake_env{premaster_secret = undefined} = HsEnv,
                session = #session{master_secret = undefined},
 	       ssl_options = #ssl_options{user_lookup_fun = PSKLookup},
                psk_identity = PSKIdentity,
-               premaster_secret = undefined,
                key_algorithm = Alg} = State0, Connection)
   when Alg == rsa_psk ->
     Rand = ssl_cipher:random_bytes(?NUM_OF_PREMASTERSECRET_BYTES-2),
@@ -931,16 +932,17 @@ certify(internal, #server_hello_done{},
 	    handle_own_alert(Alert, Version, ?FUNCTION_NAME, State0);
 	PremasterSecret ->
 	    State = master_secret(PremasterSecret, 
-				  State0#state{premaster_secret = RSAPremasterSecret}),
+				  State0#state{handshake_env = 
+                                                   HsEnv#handshake_env{premaster_secret = RSAPremasterSecret}}),
 	    client_certify_and_key_exchange(State, Connection)
     end;
 %% Master secret was determined with help of server-key exchange msg
 certify(internal, #server_hello_done{}, 
 	#state{static_env = #static_env{role = client},
                connection_env = #connection_env{negotiated_version = Version},
+               handshake_env = #handshake_env{premaster_secret = undefined},
                session = #session{master_secret = MasterSecret} = Session,
-	       connection_states = ConnectionStates0,
-	       premaster_secret = undefined} = State0, Connection) ->
+	       connection_states = ConnectionStates0} = State0, Connection) ->
     case ssl_handshake:master_secret(ssl:tls_version(Version), Session,
 				     ConnectionStates0, client) of
 	{MasterSecret, ConnectionStates} ->
@@ -953,9 +955,9 @@ certify(internal, #server_hello_done{},
 certify(internal, #server_hello_done{},
 	#state{static_env = #static_env{role = client},
                connection_env = #connection_env{negotiated_version = Version},
+               handshake_env = #handshake_env{premaster_secret = PremasterSecret},
                session = Session0,
-	       connection_states = ConnectionStates0,
-	       premaster_secret = PremasterSecret} = State0, Connection) ->
+	       connection_states = ConnectionStates0} = State0, Connection) ->
     case ssl_handshake:master_secret(ssl:tls_version(Version), PremasterSecret,
 				     ConnectionStates0, client) of
 	{MasterSecret, ConnectionStates} ->
@@ -1420,7 +1422,6 @@ format_status(terminate, [_, StateName, State]) ->
 					       diffie_hellman_keys =  ?SECRET_PRINTOUT,
 					       srp_params = ?SECRET_PRINTOUT,
 					       srp_keys =  ?SECRET_PRINTOUT,
-					       premaster_secret =  ?SECRET_PRINTOUT,
 					       ssl_options = NewOptions,
 					       flight_buffer =  ?SECRET_PRINTOUT}
 		       }}]}].
@@ -1865,10 +1866,10 @@ key_exchange(#state{static_env = #static_env{role = server}, key_algorithm = Alg
     State#state{srp_params = SrpParams,
 		srp_keys = Keys};
 key_exchange(#state{static_env = #static_env{role = client},
-                    handshake_env = #handshake_env{public_key_info = PublicKeyInfo},
+                    handshake_env = #handshake_env{public_key_info = PublicKeyInfo,
+                                                   premaster_secret = PremasterSecret},
                     connection_env = #connection_env{negotiated_version = Version},
-		    key_algorithm = rsa,                    		   
-		    premaster_secret = PremasterSecret} = State0, Connection) ->
+		    key_algorithm = rsa} = State0, Connection) ->
     Msg = rsa_key_exchange(ssl:tls_version(Version), PremasterSecret, PublicKeyInfo),
     Connection:queue_handshake(Msg, State0);
 key_exchange(#state{static_env = #static_env{role = client},
@@ -1920,11 +1921,11 @@ key_exchange(#state{static_env = #static_env{role = client},
     Connection:queue_handshake(Msg, State0);
 
 key_exchange(#state{static_env = #static_env{role = client},
-                    handshake_env = #handshake_env{public_key_info = PublicKeyInfo},
+                    handshake_env = #handshake_env{public_key_info = PublicKeyInfo,
+                                                  premaster_secret = PremasterSecret},
                     connection_env = #connection_env{negotiated_version = Version},
 		    ssl_options = SslOpts,
-		    key_algorithm = rsa_psk,
-		    premaster_secret = PremasterSecret}
+		    key_algorithm = rsa_psk}
 	     = State0, Connection) ->
     Msg = rsa_psk_key_exchange(ssl:tls_version(Version), SslOpts#ssl_options.psk_identity,
 			       PremasterSecret, PublicKeyInfo),
diff --git a/lib/ssl/src/ssl_connection.hrl b/lib/ssl/src/ssl_connection.hrl
index 4c9f95c110..d598e513fa 100644
--- a/lib/ssl/src/ssl_connection.hrl
+++ b/lib/ssl/src/ssl_connection.hrl
@@ -69,7 +69,8 @@
                         hashsign_algorithm = {undefined, undefined},
                         cert_hashsign_algorithm = {undefined, undefined},
                         %% key exchange
-                        public_key_info      :: ssl_handshake:public_key_info() | 'undefined'
+                        public_key_info      :: ssl_handshake:public_key_info() | 'undefined',
+                        premaster_secret     :: binary() | secret_printout() | 'undefined'                                                
                        }).
 
 -record(connection_env, { 
@@ -95,7 +96,9 @@
                 bytes_to_read        :: undefined | integer(), %% bytes to read in passive mode
                 start_or_recv_from   :: term(),
                 timer                :: undefined | reference(), % start_or_recive_timer
-             
+                
+                protocol_specific = #{}      :: map(),
+
                 %% Change seldome
                 ssl_options           :: #ssl_options{},
                 socket_options        :: #socket_options{},
@@ -109,13 +112,11 @@
                 psk_identity         :: binary() | 'undefined', % server psk identity hint
                 srp_params           :: #srp_user{} | secret_printout() | 'undefined',
                 srp_keys             ::{PublicKey :: binary(), PrivateKey :: binary()} | secret_printout() | 'undefined',
-                premaster_secret     :: binary() | secret_printout() | 'undefined',             
-                flight_buffer = []   :: list() | map(),  %% Buffer of TLS/DTLS records, used during the TLS handshake
+                flight_buffer = []   :: list() | map()  %% Buffer of TLS/DTLS records, used during the TLS handshake
                 %% to when possible pack more than one TLS record into the
                 %% underlaying packet format. Introduced by DTLS - RFC 4347.
                 %% The mecahnism is also usefull in TLS although we do not
                 %% need to worry about packet loss in TLS. In DTLS we need to track DTLS handshake seqnr
-                protocol_specific = #{}      :: map()
                }).
 
 
diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl
index a94782f305..e1080b2fc9 100644
--- a/lib/ssl/src/tls_connection.erl
+++ b/lib/ssl/src/tls_connection.erl
@@ -347,9 +347,9 @@ reinit_handshake_data(#state{handshake_env = HsEnv} =State) ->
     %% are only needed during the handshake phase. 
     %% To reduce memory foot print of a connection reinitialize them.
      State#state{
-       premaster_secret = undefined,
        handshake_env = HsEnv#handshake_env{tls_handshake_history = ssl_handshake:init_handshake_history(),
-                                           public_key_info = undefined}
+                                           public_key_info = undefined,
+                                           premaster_secret = undefined}
      }.
 
 select_sni_extension(#client_hello{extensions = HelloExtensions}) ->
-- 
cgit v1.2.3