diff options
| author | Kiko Fernandez-Reyes <kiko@erlang.org> | 2023-04-04 09:27:00 +0200 |
|---|---|---|
| committer | Kiko Fernandez-Reyes <kiko@erlang.org> | 2023-04-04 11:52:53 +0200 |
| commit | c1143b2b0876836da7863b1689c23233e3dd4b7c (patch) | |
| tree | 13513de6bb2f23622945e47e54f2aaa17691f5a7 | |
| parent | 8d3f148b53a53cdc7bc23509dfdcb68cc28cbba3 (diff) | |
| download | erlang-c1143b2b0876836da7863b1689c23233e3dd4b7c.tar.gz | |
ssl: split overloaded function
splits the overloaded function `tls_record:protocol_version` (and its
equivalent in module `dtls`), which was accepting atoms (e.g., tlsv1.2)
and the internal representation of (D)TLS versions (tuples ,e.g., {3,4}
for TLS 1.3) into two different functions. `protocol_version_name`
accepts names (atoms) and returns its internal representation;
`procotol_version` accepts the internal representation and returns its name.
| -rw-r--r-- | lib/ssl/src/dtls_gen_connection.erl | 2 | ||||
| -rw-r--r-- | lib/ssl/src/dtls_record.erl | 24 | ||||
| -rw-r--r-- | lib/ssl/src/ssl.erl | 22 | ||||
| -rw-r--r-- | lib/ssl/src/ssl_handshake.erl | 16 | ||||
| -rw-r--r-- | lib/ssl/src/tls_gen_connection.erl | 2 | ||||
| -rw-r--r-- | lib/ssl/src/tls_record.erl | 29 | ||||
| -rw-r--r-- | lib/ssl/test/ssl_cert_tests.erl | 2 | ||||
| -rw-r--r-- | lib/ssl/test/ssl_test_lib.erl | 16 |
8 files changed, 64 insertions, 49 deletions
diff --git a/lib/ssl/src/dtls_gen_connection.erl b/lib/ssl/src/dtls_gen_connection.erl index 21a62475e5..446a065ac3 100644 --- a/lib/ssl/src/dtls_gen_connection.erl +++ b/lib/ssl/src/dtls_gen_connection.erl @@ -633,7 +633,7 @@ next_dtls_record(Data, StateName, #state{protocol_buffers = #protocol_buffers{ ssl_options = SslOpts} = State0) -> case dtls_record:get_dtls_records(Data, {DataTag, StateName, Version, - [dtls_record:protocol_version(Vsn) || Vsn <- ?ALL_AVAILABLE_DATAGRAM_VERSIONS]}, + [dtls_record:protocol_version_name(Vsn) || Vsn <- ?ALL_AVAILABLE_DATAGRAM_VERSIONS]}, Buf0, SslOpts) of {Records, Buf1} -> CT1 = CT0 ++ Records, diff --git a/lib/ssl/src/dtls_record.erl b/lib/ssl/src/dtls_record.erl index 0278c34b7c..c0030fe1dc 100644 --- a/lib/ssl/src/dtls_record.erl +++ b/lib/ssl/src/dtls_record.erl @@ -43,7 +43,7 @@ -export([decode_cipher_text/2]). %% Protocol version handling --export([protocol_version/1, lowest_protocol_version/1, lowest_protocol_version/2, +-export([protocol_version/1, protocol_version_name/1, lowest_protocol_version/1, lowest_protocol_version/2, highest_protocol_version/1, highest_protocol_version/2, is_higher/2, supported_protocol_versions/0, is_acceptable_version/2, hello_version/2]). @@ -263,17 +263,27 @@ decode_cipher_text(#ssl_tls{epoch = Epoch} = CipherText, ConnnectionStates0) -> %% Protocol version handling %%==================================================================== + %%-------------------------------------------------------------------- --spec protocol_version(dtls_atom_version() | ssl_record:ssl_version()) -> - ssl_record:ssl_version() | dtls_atom_version(). +-spec protocol_version_name(dtls_atom_version()) -> ssl_record:ssl_version(). %% %% Description: Creates a protocol version record from a version atom %% or vice versa. %%-------------------------------------------------------------------- -protocol_version('dtlsv1.2') -> + +protocol_version_name('dtlsv1.2') -> ?DTLS_1_2; -protocol_version(dtlsv1) -> - ?DTLS_1_0; +protocol_version_name(dtlsv1) -> + ?DTLS_1_0. + +%%-------------------------------------------------------------------- +-spec protocol_version(ssl_record:ssl_version()) -> dtls_atom_version(). + +%% +%% Description: Creates a protocol version record from a version atom +%% or vice versa. +%%-------------------------------------------------------------------- + protocol_version(?DTLS_1_2) -> 'dtlsv1.2'; protocol_version(?DTLS_1_0) -> @@ -337,7 +347,7 @@ is_higher(_, _) -> %%-------------------------------------------------------------------- supported_protocol_versions() -> Fun = fun(Version) -> - protocol_version(Version) + protocol_version_name(Version) end, case application:get_env(ssl, dtls_protocol_version) of undefined -> diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl index 817ea683bd..60c32f684c 100644 --- a/lib/ssl/src/ssl.erl +++ b/lib/ssl/src/ssl.erl @@ -1010,7 +1010,7 @@ negotiated_protocol(#sslsocket{pid = [Pid|_]}) when is_pid(Pid) -> %%-------------------------------------------------------------------- -spec cipher_suites(Description, Version) -> ciphers() when Description :: default | all | exclusive | anonymous | exclusive_anonymous, - Version :: protocol_version(). + Version :: protocol_version() | ssl_record:ssl_version(). %% Description: Returns all default and all supported cipher suites for a %% TLS/DTLS version @@ -1019,17 +1019,17 @@ cipher_suites(Description, Version) when Version == 'tlsv1.3'; Version == 'tlsv1.2'; Version == 'tlsv1.1'; Version == tlsv1 -> - cipher_suites(Description, tls_record:protocol_version(Version)); + cipher_suites(Description, tls_record:protocol_version_name(Version)); cipher_suites(Description, Version) when Version == 'dtlsv1.2'; Version == 'dtlsv1'-> - cipher_suites(Description, dtls_record:protocol_version(Version)); + cipher_suites(Description, dtls_record:protocol_version_name(Version)); cipher_suites(Description, Version) -> [ssl_cipher_format:suite_bin_to_map(Suite) || Suite <- supported_suites(Description, Version)]. %%-------------------------------------------------------------------- -spec cipher_suites(Description, Version, rfc | openssl) -> [string()] when Description :: default | all | exclusive | anonymous, - Version :: protocol_version(). + Version :: protocol_version() | ssl_record:ssl_version(). %% Description: Returns all default and all supported cipher suites for a %% TLS/DTLS version @@ -1038,10 +1038,10 @@ cipher_suites(Description, Version, StringType) when Version == 'tlsv1.3'; Version == 'tlsv1.2'; Version == 'tlsv1.1'; Version == tlsv1 -> - cipher_suites(Description, tls_record:protocol_version(Version), StringType); + cipher_suites(Description, tls_record:protocol_version_name(Version), StringType); cipher_suites(Description, Version, StringType) when Version == 'dtlsv1.2'; Version == 'dtlsv1'-> - cipher_suites(Description, dtls_record:protocol_version(Version), StringType); + cipher_suites(Description, dtls_record:protocol_version_name(Version), StringType); cipher_suites(Description, Version, rfc) -> [ssl_cipher_format:suite_map_to_str(ssl_cipher_format:suite_bin_to_map(Suite)) || Suite <- supported_suites(Description, Version)]; @@ -1337,8 +1337,8 @@ versions() -> SupportedTLSVsns = [tls_record:protocol_version(Vsn) || Vsn <- ConfTLSVsns, TLSCryptoSupported(Vsn)], SupportedDTLSVsns = [dtls_record:protocol_version(Vsn) || Vsn <- ConfDTLSVsns, DTLSCryptoSupported(Vsn)], - AvailableTLSVsns = [Vsn || Vsn <- ImplementedTLSVsns, TLSCryptoSupported(tls_record:protocol_version(Vsn))], - AvailableDTLSVsns = [Vsn || Vsn <- ImplementedDTLSVsns, DTLSCryptoSupported(dtls_record:protocol_version(Vsn))], + AvailableTLSVsns = [Vsn || Vsn <- ImplementedTLSVsns, TLSCryptoSupported(tls_record:protocol_version_name(Vsn))], + AvailableDTLSVsns = [Vsn || Vsn <- ImplementedDTLSVsns, DTLSCryptoSupported(dtls_record:protocol_version_name(Vsn))], [{ssl_app, ?VSN}, {supported, SupportedTLSVsns}, @@ -1672,7 +1672,7 @@ validate_versions(tls, Vsns0) -> Validate = fun(Version) -> try tls_record:sufficient_crypto_support(Version) of - true -> tls_record:protocol_version(Version); + true -> tls_record:protocol_version_name(Version); false -> option_error(insufficient_crypto_support, {Version, {versions, Vsns0}}) catch error:function_clause -> @@ -1688,8 +1688,8 @@ validate_versions(dtls, Vsns0) -> fun(Version) -> try tls_record:sufficient_crypto_support( dtls_v1:corresponding_tls_version( - dtls_record:protocol_version(Version))) of - true -> dtls_record:protocol_version(Version); + dtls_record:protocol_version_name(Version))) of + true -> dtls_record:protocol_version_name(Version); false-> option_error(insufficient_crypto_support, {Version, {versions, Vsns0}}) catch error:function_clause -> diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl index 6314ed7a66..fb30372999 100644 --- a/lib/ssl/src/ssl_handshake.erl +++ b/lib/ssl/src/ssl_handshake.erl @@ -23,6 +23,7 @@ %%---------------------------------------------------------------------- -module(ssl_handshake). +-feature(maybe_expr,enable). -include("ssl_handshake.hrl"). -include("ssl_record.hrl"). @@ -1004,8 +1005,7 @@ available_suites(ServerCert, UserSuites, Version, undefined, Curve) -> filter_unavailable_ecc_suites(Curve, Suites); available_suites(ServerCert, UserSuites, Version, HashSigns, Curve) -> Suites = available_suites(ServerCert, UserSuites, Version, undefined, Curve), - filter_hashsigns(Suites, [ssl_cipher_format:suite_bin_to_map(Suite) || Suite <- Suites], HashSigns, - Version). + filter_hashsigns(Suites, [ssl_cipher_format:suite_bin_to_map(Suite) || Suite <- Suites], HashSigns, Version). available_signature_algs(undefined, _) -> undefined; @@ -3320,15 +3320,13 @@ filter_hashsigns(Suites, Algos, HashSigns, Version) -> %% HashSigns, and Version never change ZipperF = fun (Suite, #{key_exchange := KeyExchange}) -> {Suite, KeyExchange} end, SuiteAlgoPairs = lists:zipwith(ZipperF, Suites, Algos), - FilterHashSign = fun ({Suite, Kex}) -> filter_hashsigns0(Suite, Kex, HashSigns, Version) end, + FilterHashSign = fun ({Suite, Kex}) -> + maybe true ?= filter_hashsigns_helper(Kex, HashSigns, Version), + {true, Suite} + end + end, lists:filtermap(FilterHashSign, SuiteAlgoPairs). -filter_hashsigns0(Suite, KeyExchange, HashSigns, Version) -> - case filter_hashsigns_helper(KeyExchange, HashSigns, Version) of - true -> {true, Suite}; - false -> false - end. - filter_hashsigns_helper(KeyExchange, HashSigns, _Version) when KeyExchange == dhe_ecdsa; KeyExchange == ecdhe_ecdsa -> diff --git a/lib/ssl/src/tls_gen_connection.erl b/lib/ssl/src/tls_gen_connection.erl index 48e3e00ac1..76e7bc334e 100644 --- a/lib/ssl/src/tls_gen_connection.erl +++ b/lib/ssl/src/tls_gen_connection.erl @@ -639,7 +639,7 @@ next_tls_record(Data, StateName, %% This does not allow SSL-3.0 connections, that we do not support %% or interfere with TLS-1.3 extensions to handle version negotiation. AllHelloVersions = [ 'sslv3' | ?ALL_AVAILABLE_VERSIONS], - [tls_record:protocol_version(Vsn) || Vsn <- AllHelloVersions]; + [tls_record:protocol_version_name(Vsn) || Vsn <- AllHelloVersions]; _ -> State0#state.connection_env#connection_env.negotiated_version end, diff --git a/lib/ssl/src/tls_record.erl b/lib/ssl/src/tls_record.erl index aa8babf374..92205d22fd 100644 --- a/lib/ssl/src/tls_record.erl +++ b/lib/ssl/src/tls_record.erl @@ -49,7 +49,7 @@ -export([build_tls_record/1]). %% Protocol version handling --export([protocol_version/1, lowest_protocol_version/1, lowest_protocol_version/2, +-export([protocol_version/1, protocol_version_name/1, lowest_protocol_version/1, lowest_protocol_version/2, highest_protocol_version/1, highest_protocol_version/2, is_higher/2, supported_protocol_versions/0, sufficient_crypto_support/1, is_acceptable_version/1, is_acceptable_version/2, hello_version/1]). @@ -273,24 +273,31 @@ decode_cipher_text(_, #ssl_tls{version = Version, %%==================================================================== %%-------------------------------------------------------------------- --spec protocol_version(tls_atom_version() | tls_version()) -> - tls_version() | tls_atom_version(). +-spec protocol_version_name(tls_atom_version()) -> tls_version(). %% %% Description: Creates a protocol version record from a version atom %% or vice versa. %%-------------------------------------------------------------------- -protocol_version('tlsv1.3') -> +protocol_version_name('tlsv1.3') -> ?TLS_1_3; -protocol_version('tlsv1.2') -> +protocol_version_name('tlsv1.2') -> ?TLS_1_2; -protocol_version('tlsv1.1') -> +protocol_version_name('tlsv1.1') -> ?TLS_1_1; -protocol_version(tlsv1) -> +protocol_version_name(tlsv1) -> ?TLS_1_0; -protocol_version(sslv3) -> +protocol_version_name(sslv3) -> ?SSL_3_0; -protocol_version(sslv2) -> %% Backwards compatibility - ?SSL_2_0; +protocol_version_name(sslv2) -> %% Backwards compatibility + ?SSL_2_0. + +%%-------------------------------------------------------------------- +-spec protocol_version(tls_version()) -> tls_atom_version(). +%% +%% Description: Creates a protocol version record from a version atom +%% or vice versa. +%%-------------------------------------------------------------------- + protocol_version(?TLS_1_3) -> 'tlsv1.3'; protocol_version(?TLS_1_2) -> @@ -359,7 +366,7 @@ is_higher(_, _) -> %%-------------------------------------------------------------------- supported_protocol_versions() -> Fun = fun(Version) -> - protocol_version(Version) + protocol_version_name(Version) end, case application:get_env(ssl, protocol_version) of undefined -> diff --git a/lib/ssl/test/ssl_cert_tests.erl b/lib/ssl/test/ssl_cert_tests.erl index 8df08398da..a551025ea5 100644 --- a/lib/ssl/test/ssl_cert_tests.erl +++ b/lib/ssl/test/ssl_cert_tests.erl @@ -467,7 +467,7 @@ test_ciphers(_, 'tlsv1.3' = Version) -> end, Ciphers); test_ciphers(_, Version) when Version == 'dtlsv1'; Version == 'dtlsv1.2' -> - NVersion = dtls_record:protocol_version(Version), + NVersion = dtls_record:protocol_version_name(Version), Ciphers = [ssl_cipher_format:suite_bin_to_map(Bin) || Bin <- dtls_v1:suites(NVersion)], ct:log("Version ~p Testing ~p~n", [Version, Ciphers]), OpenSSLCiphers = openssl_ciphers(), diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl index db4bd32741..f3fb5c4f7b 100644 --- a/lib/ssl/test/ssl_test_lib.erl +++ b/lib/ssl/test/ssl_test_lib.erl @@ -2836,7 +2836,7 @@ openssl_tls_version_support(Version, Config0) -> true -> openssl_tls_version_support(tls, TLSOpts, Port, Exe, TLSArgs); false -> - DTLSTupleVersion = dtls_record:protocol_version(Version), + DTLSTupleVersion = dtls_record:protocol_version_name(Version), CorrespondingTLSVersion = dtls_v1:corresponding_tls_version(DTLSTupleVersion), AtomTLSVersion = tls_record:protocol_version(CorrespondingTLSVersion), CorrTLSOpts = [{protocol,tls}, {versions, [AtomTLSVersion]}, @@ -3660,8 +3660,8 @@ protocol_version(Config, atom) -> case proplists:get_value(protocol, Config) of dtls -> dtls_record:protocol_version(protocol_version(Config, tuple)); - _ -> - tls_record:protocol_version(protocol_version(Config, tuple)) + _ -> + tls_record:protocol_version(protocol_version(Config, tuple)) end. protocol_options(Config, Options) -> @@ -3715,11 +3715,11 @@ clean_start(keep_version) -> tls_version('dtlsv1' = Atom) -> - dtls_v1:corresponding_tls_version(dtls_record:protocol_version(Atom)); + dtls_v1:corresponding_tls_version(dtls_record:protocol_version_name(Atom)); tls_version('dtlsv1.2' = Atom) -> - dtls_v1:corresponding_tls_version(dtls_record:protocol_version(Atom)); + dtls_v1:corresponding_tls_version(dtls_record:protocol_version_name(Atom)); tls_version(Atom) -> - tls_record:protocol_version(Atom). + tls_record:protocol_version_name(Atom). n_version(Version) when @@ -3728,10 +3728,10 @@ n_version(Version) when Version == 'tlsv1.1'; Version == 'tlsv1'; Version == 'sslv3' -> - tls_record:protocol_version(Version); + tls_record:protocol_version_name(Version); n_version(Version) when Version == 'dtlsv1.2'; Version == 'dtlsv1' -> - dtls_record:protocol_version(Version). + dtls_record:protocol_version_name(Version). consume_port_exit(OpenSSLPort) -> receive |