Skip to content

Commit

Permalink
ssl: Change code to reflect that state data may be secret
Browse files Browse the repository at this point in the history
  • Loading branch information
@IngelaAndin
IngelaAndin committed Dec 1, 2014
1 parent 7d717fb commit 918f5fc
Show file tree
Hide file tree
Showing 3 changed files with 41 additions and 38 deletions.
38 changes: 19 additions & 19 deletions lib/ssl/src/ssl_connection.erl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -937,27 +937,27 @@ terminate(_Reason, _StateName, #state{transport_cb = Transport,
Transport:close(Socket).

format_status(normal, [_, State]) ->
[{data, [{"StateData", State}]}];
[{data, [{"StateData", State}]}];
format_status(terminate, [_, State]) ->
SslOptions = (State#state.ssl_options),
NewOptions = SslOptions#ssl_options{password = "***",
cert = "***",
cacerts = "***",
key = "***",
dh = "***",
psk_identity = "***",
srp_identity = "***"},
[{data, [{"StateData", State#state{connection_states = "***",
protocol_buffers = "***",
user_data_buffer = "***",
tls_handshake_history = "***",
session = "***",
private_key = "***",
diffie_hellman_params = "***",
diffie_hellman_keys = "***",
srp_params = "***",
srp_keys = "***",
premaster_secret = "***",
NewOptions = SslOptions#ssl_options{password = ?SECRET_PRINTOUT,
cert = ?SECRET_PRINTOUT,
cacerts = ?SECRET_PRINTOUT,
key = ?SECRET_PRINTOUT,
dh = ?SECRET_PRINTOUT,
psk_identity = ?SECRET_PRINTOUT,
srp_identity = ?SECRET_PRINTOUT},
[{data, [{"StateData", State#state{connection_states = ?SECRET_PRINTOUT,
protocol_buffers = ?SECRET_PRINTOUT,
user_data_buffer = ?SECRET_PRINTOUT,
tls_handshake_history = ?SECRET_PRINTOUT,
session = ?SECRET_PRINTOUT,
private_key = ?SECRET_PRINTOUT,
diffie_hellman_params = ?SECRET_PRINTOUT,
diffie_hellman_keys = ?SECRET_PRINTOUT,
srp_params = ?SECRET_PRINTOUT,
srp_keys = ?SECRET_PRINTOUT,
premaster_secret = ?SECRET_PRINTOUT,
ssl_options = NewOptions
}}]}].
%%--------------------------------------------------------------------
Expand Down
24 changes: 12 additions & 12 deletions lib/ssl/src/ssl_connection.hrl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,30 +46,30 @@
socket :: port(),
ssl_options :: #ssl_options{},
socket_options :: #socket_options{},
connection_states :: #connection_states{},
protocol_buffers :: term(), %% #protocol_buffers{} from tls_record.hrl or dtls_recor.hrl
tls_handshake_history :: ssl_handshake:ssl_handshake_history(),
connection_states :: #connection_states{} | secret_printout(),
protocol_buffers :: term() | secret_printout() , %% #protocol_buffers{} from tls_record.hrl or dtls_recor.hrl
tls_handshake_history :: ssl_handshake:ssl_handshake_history() | secret_printout(),
cert_db :: reference(),
session :: #session{},
session :: #session{} | secret_printout(),
session_cache :: db_handle(),
session_cache_cb :: atom(),
negotiated_version :: ssl_record:ssl_version(),
client_certificate_requested = false :: boolean(),
key_algorithm :: ssl_cipher:key_algo(),
hashsign_algorithm = {undefined, undefined},
cert_hashsign_algorithm,
public_key_info ::ssl_handshake:public_key_info(),
private_key ::public_key:private_key(),
diffie_hellman_params, % PKIX: #'DHParameter'{} relevant for server side
diffie_hellman_keys, % {PublicKey, PrivateKey}
public_key_info :: ssl_handshake:public_key_info(),
private_key :: public_key:private_key() | secret_printout(),
diffie_hellman_params:: #'DHParameter'{} | undefined | secret_printout(),
diffie_hellman_keys :: {PublicKey :: binary(), PrivateKey :: binary()} | #'ECPrivateKey'{} | undefined | secret_printout(),
psk_identity :: binary(), % server psk identity hint
srp_params :: #srp_user{},
srp_keys ::{PublicKey :: binary(), PrivateKey :: binary()},
premaster_secret :: binary(),
srp_params :: #srp_user{} | secret_printout(),
srp_keys ::{PublicKey :: binary(), PrivateKey :: binary()} | secret_printout(),
premaster_secret :: binary() | secret_printout() ,
file_ref_db :: db_handle(),
cert_db_ref :: certdb_ref(),
bytes_to_read :: undefined | integer(), %% bytes to read in passive mode
user_data_buffer :: undefined | binary(),
user_data_buffer :: undefined | binary() | secret_printout(),
renegotiation :: undefined | {boolean(), From::term() | internal | peer},
start_or_recv_from :: term(),
timer :: undefined | reference(), % start_or_recive_timer
Expand Down
17 changes: 10 additions & 7 deletions lib/ssl/src/ssl_internal.hrl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,8 @@

-include_lib("public_key/include/public_key.hrl").

-define(SECRET_PRINTOUT, "***").

-type reason() :: term().
-type reply() :: term().
-type msg() :: term().
Expand All @@ -36,6 +38,7 @@
-type issuer() :: tuple().
-type serialnumber() :: integer().
-type cert_key() :: {reference(), integer(), issuer()}.
-type secret_printout() :: list().

%% basic binary constructors
-define(BOOLEAN(X), X:8/unsigned-big-integer).
Expand Down Expand Up @@ -81,16 +84,16 @@
validate_extensions_fun,
depth :: integer(),
certfile :: binary(),
cert :: public_key:der_encoded(),
cert :: public_key:der_encoded() | secret_printout(),
keyfile :: binary(),
key :: {'RSAPrivateKey' | 'DSAPrivateKey' | 'ECPrivateKey' | 'PrivateKeyInfo', public_key:der_encoded()},
password :: string(),
cacerts :: [public_key:der_encoded()],
key :: {'RSAPrivateKey' | 'DSAPrivateKey' | 'ECPrivateKey' | 'PrivateKeyInfo', public_key:der_encoded()} | secret_printout(),
password :: string() | secret_printout(),
cacerts :: [public_key:der_encoded()] | secret_printout(),
cacertfile :: binary(),
dh :: public_key:der_encoded(),
dhfile :: binary(),
dh :: public_key:der_encoded() | secret_printout(),
dhfile :: binary() | secret_printout(),
user_lookup_fun, % server option, fun to lookup the user
psk_identity :: binary(),
psk_identity :: binary() | secret_printout() ,
srp_identity, % client option {User, Password}
ciphers, %
%% Local policy for the server if it want's to reuse the session
Expand Down

0 comments on commit 918f5fc

Please sign in to comment.