From e8ccff6724b8bd82f4eddb6255a059b10a787722 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Tue, 29 Jan 2019 15:12:41 +0100
Subject: ssl: Add key exchange items to handshake_env

---
 lib/ssl/src/dtls_connection.erl |  4 ++--
 lib/ssl/src/ssl_connection.erl  | 26 +++++++++++++-------------
 lib/ssl/src/ssl_connection.hrl  |  5 +++--
 lib/ssl/src/tls_connection.erl  |  4 ++--
 4 files changed, 20 insertions(+), 19 deletions(-)

(limited to 'lib')

diff --git a/lib/ssl/src/dtls_connection.erl b/lib/ssl/src/dtls_connection.erl
index 86f79ed7e3..a11e0a0ac6 100644
--- a/lib/ssl/src/dtls_connection.erl
+++ b/lib/ssl/src/dtls_connection.erl
@@ -338,8 +338,8 @@ reinit(State) ->
 reinit_handshake_data(#state{protocol_buffers = Buffers,
                              handshake_env = HsEnv} = State) ->
     State#state{premaster_secret = undefined,
-		public_key_info = undefined,
-                handshake_env = HsEnv#handshake_env{tls_handshake_history = ssl_handshake:init_handshake_history()},
+                handshake_env = HsEnv#handshake_env{tls_handshake_history = ssl_handshake:init_handshake_history(),
+                                                    public_key_info = undefined},
                 flight_state = {retransmit, ?INITIAL_RETRANSMIT_TIMEOUT},
 		flight_buffer = new_flight(),
                 protocol_buffers =
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index 75edf2e42b..ea6c6f3461 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -832,10 +832,9 @@ certify(internal, #certificate{} = Cert,
     end;
 certify(internal, #server_key_exchange{exchange_keys = Keys},
         #state{static_env = #static_env{role = client},
-               handshake_env = HsEnv,
+               handshake_env = #handshake_env{public_key_info = PubKeyInfo} = HsEnv,
                negotiated_version = Version,
 	       key_algorithm = Alg,
-	       public_key_info = PubKeyInfo,
                session = Session,
 	       connection_states = ConnectionStates} = State, Connection)
   when Alg == dhe_dss; Alg == dhe_rsa;
@@ -998,17 +997,17 @@ cipher(info, Msg, State, _) ->
 cipher(internal, #certificate_verify{signature = Signature, 
 				     hashsign_algorithm = CertHashSign},
        #state{static_env = #static_env{role = server},
-              handshake_env = #handshake_env{tls_handshake_history = Hist} = HsEnv,
+              handshake_env = #handshake_env{tls_handshake_history = Hist,
+                                             public_key_info = PubKeyInfo} = HsEnv,
 	      key_algorithm = KexAlg,
-	      public_key_info = PublicKeyInfo,
 	      negotiated_version = Version,
 	      session = #session{master_secret = MasterSecret}
 	     } = State, Connection) ->
     
     TLSVersion = ssl:tls_version(Version),
     %% Use negotiated value if TLS-1.2 otherwhise return default
-    HashSign = negotiated_hashsign(CertHashSign, KexAlg, PublicKeyInfo, TLSVersion),
-    case ssl_handshake:certificate_verify(Signature, PublicKeyInfo,
+    HashSign = negotiated_hashsign(CertHashSign, KexAlg, PubKeyInfo, TLSVersion),
+    case ssl_handshake:certificate_verify(Signature, PubKeyInfo,
 					  TLSVersion, HashSign, MasterSecret, Hist) of
 	valid ->
 	    Connection:next_event(?FUNCTION_NAME, no_record,
@@ -1526,11 +1525,12 @@ server_hello_done(State, Connection) ->
     Connection:send_handshake(HelloDone, State).
 
 handle_peer_cert(Role, PeerCert, PublicKeyInfo,
-		 #state{session = #session{cipher_suite = CipherSuite} = Session} = State0,
+		 #state{handshake_env = HsEnv,
+                    session = #session{cipher_suite = CipherSuite} = Session} = State0,
 		 Connection) ->
-    State1 = State0#state{session =
-			 Session#session{peer_certificate = PeerCert},
-			 public_key_info = PublicKeyInfo},
+    State1 = State0#state{handshake_env = HsEnv#handshake_env{public_key_info = PublicKeyInfo},
+                          session =
+                              Session#session{peer_certificate = PeerCert}},
     #{key_exchange := KeyAlgorithm} = ssl_cipher_format:suite_definition(CipherSuite),
     State = handle_peer_cert_key(Role, PeerCert, PublicKeyInfo, KeyAlgorithm, State1),
     Connection:next_event(certify, no_record, State).
@@ -1865,8 +1865,8 @@ key_exchange(#state{static_env = #static_env{role = server}, key_algorithm = Alg
     State#state{srp_params = SrpParams,
 		srp_keys = Keys};
 key_exchange(#state{static_env = #static_env{role = client},
-		    key_algorithm = rsa,
-		    public_key_info = PublicKeyInfo,
+                    handshake_env = #handshake_env{public_key_info = PublicKeyInfo},
+		    key_algorithm = rsa,                    
 		    negotiated_version = Version,
 		    premaster_secret = PremasterSecret} = State0, Connection) ->
     Msg = rsa_key_exchange(ssl:tls_version(Version), PremasterSecret, PublicKeyInfo),
@@ -1920,9 +1920,9 @@ key_exchange(#state{static_env = #static_env{role = client},
     Connection:queue_handshake(Msg, State0);
 
 key_exchange(#state{static_env = #static_env{role = client},
+                    handshake_env = #handshake_env{public_key_info = PublicKeyInfo},
 		    ssl_options = SslOpts,
 		    key_algorithm = rsa_psk,
-		    public_key_info = PublicKeyInfo,
 		    negotiated_version = Version,
 		    premaster_secret = PremasterSecret}
 	     = State0, Connection) ->
diff --git a/lib/ssl/src/ssl_connection.hrl b/lib/ssl/src/ssl_connection.hrl
index e1a53c9982..6610d79c60 100644
--- a/lib/ssl/src/ssl_connection.hrl
+++ b/lib/ssl/src/ssl_connection.hrl
@@ -67,7 +67,9 @@
                         next_protocol = undefined                   :: undefined | binary(),
                         negotiated_protocol,
                         hashsign_algorithm = {undefined, undefined},
-                        cert_hashsign_algorithm = {undefined, undefined}
+                        cert_hashsign_algorithm = {undefined, undefined},
+                        %% key exchange
+                        public_key_info      :: ssl_handshake:public_key_info() | 'undefined'
                        }).
 
 -record(connection_env, { 
@@ -98,7 +100,6 @@
                 %% Used only in HS
                 client_certificate_requested = false :: boolean(),
                 key_algorithm         :: ssl:key_algo(),
-                public_key_info      :: ssl_handshake:public_key_info() | 'undefined',
                 private_key          :: public_key:private_key() | secret_printout() | 'undefined',
                 diffie_hellman_params:: #'DHParameter'{} | undefined | secret_printout(),
                 diffie_hellman_keys  :: {PublicKey :: binary(), PrivateKey :: binary()} | #'ECPrivateKey'{} |  undefined |  secret_printout(),
diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl
index 684910db10..fd60ca0cf8 100644
--- a/lib/ssl/src/tls_connection.erl
+++ b/lib/ssl/src/tls_connection.erl
@@ -348,8 +348,8 @@ reinit_handshake_data(#state{handshake_env = HsEnv} =State) ->
     %% To reduce memory foot print of a connection reinitialize them.
      State#state{
        premaster_secret = undefined,
-       public_key_info = undefined,
-       handshake_env = HsEnv#handshake_env{tls_handshake_history = ssl_handshake:init_handshake_history()}
+       handshake_env = HsEnv#handshake_env{tls_handshake_history = ssl_handshake:init_handshake_history(),
+                                           public_key_info = undefined}
      }.
 
 select_sni_extension(#client_hello{extensions = HelloExtensions}) ->
-- 
cgit v1.2.3