File 0583-ssl-Handle-possible-session-tickets-in-TLS-1.3-downg.patch of Package erlang
From 6fc2829a444cbc1b4f73add2e2cc6ee0106ff145 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Wed, 7 Jul 2021 14:11:19 +0200
Subject: [PATCH 2/2] ssl: Handle possible session tickets in TLS-1.3 downgrade
state
Closes #5009
---
lib/ssl/src/ssl_gen_statem.erl | 27 ++++++++++++++++++++++++++-
lib/ssl/src/tls_connection.erl | 19 +------------------
lib/ssl/src/tls_connection_1_3.erl | 5 ++++-
3 files changed, 31 insertions(+), 20 deletions(-)
diff --git a/lib/ssl/src/ssl_gen_statem.erl b/lib/ssl/src/ssl_gen_statem.erl
index cff3a1afd6..5df9e2a517 100644
--- a/lib/ssl/src/ssl_gen_statem.erl
+++ b/lib/ssl/src/ssl_gen_statem.erl
@@ -70,7 +70,8 @@
%% Generic fsm states
-export([initial_hello/3,
config_error/3,
- connection/3]).
+ connection/3,
+ downgrade/3]).
-export([call/2,
handle_common_event/4,
@@ -650,6 +651,30 @@ connection(internal, {recv, RecvFrom}, #state{start_or_recv_from = RecvFrom,
connection(Type, Msg, State) ->
handle_common_event(Type, Msg, ?FUNCTION_NAME, State).
+%%--------------------------------------------------------------------
+-spec downgrade(gen_statem:event_type(), term(), #state{}) ->
+ gen_statem:state_function_result().
+%%--------------------------------------------------------------------
+downgrade(internal, #alert{description = ?CLOSE_NOTIFY},
+ #state{static_env = #static_env{transport_cb = Transport,
+ socket = Socket},
+ connection_env = #connection_env{downgrade = {Pid, From}}} = State) ->
+ tls_socket:setopts(Transport, Socket, [{active, false}, {packet, 0}, {mode, binary}]),
+ Transport:controlling_process(Socket, Pid),
+ {stop_and_reply, {shutdown, downgrade},[{reply, From, {ok, Socket}}], State};
+downgrade(timeout, downgrade, #state{ connection_env = #connection_env{downgrade = {_, From}}} = State) ->
+ {stop_and_reply, {shutdown, normal},[{reply, From, {error, timeout}}], State};
+downgrade(info, {CloseTag, Socket},
+ #state{static_env = #static_env{socket = Socket,
+ close_tag = CloseTag},
+ connection_env = #connection_env{downgrade = {_, From}}} =
+ State) ->
+ {stop_and_reply, {shutdown, normal},[{reply, From, {error, CloseTag}}], State};
+downgrade(info, Info, State) ->
+ tls_gen_connection:handle_info(Info, ?FUNCTION_NAME, State);
+downgrade(Type, Event, State) ->
+ tls_dtls_connection:?FUNCTION_NAME(Type, Event, State).
+
%%====================================================================
%% Event/Msg handling
%%====================================================================
diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl
index 90024b64b1..ff06b5dc71 100644
--- a/lib/ssl/src/tls_connection.erl
+++ b/lib/ssl/src/tls_connection.erl
@@ -401,25 +401,8 @@ connection(Type, Event, State) ->
-spec downgrade(gen_statem:event_type(), term(), #state{}) ->
gen_statem:state_function_result().
%%--------------------------------------------------------------------
-downgrade(internal, #alert{description = ?CLOSE_NOTIFY},
- #state{static_env = #static_env{transport_cb = Transport,
- socket = Socket},
- connection_env = #connection_env{downgrade = {Pid, From}}} = State) ->
- tls_socket:setopts(Transport, Socket, [{active, false}, {packet, 0}, {mode, binary}]),
- Transport:controlling_process(Socket, Pid),
- {stop_and_reply, {shutdown, downgrade},[{reply, From, {ok, Socket}}], State};
-downgrade(timeout, downgrade, #state{ connection_env = #connection_env{downgrade = {_, From}}} = State) ->
- {stop_and_reply, {shutdown, normal},[{reply, From, {error, timeout}}], State};
-downgrade(info, {CloseTag, Socket},
- #state{static_env = #static_env{socket = Socket,
- close_tag = CloseTag},
- connection_env = #connection_env{downgrade = {_, From}}} =
- State) ->
- {stop_and_reply, {shutdown, normal},[{reply, From, {error, CloseTag}}], State};
-downgrade(info, Info, State) ->
- tls_gen_connection:handle_info(Info, ?FUNCTION_NAME, State);
downgrade(Type, Event, State) ->
- tls_dtls_connection:?FUNCTION_NAME(Type, Event, State).
+ ssl_gen_statem:?FUNCTION_NAME(Type, Event, State).
%--------------------------------------------------------------------
%% gen_statem callbacks
diff --git a/lib/ssl/src/tls_connection_1_3.erl b/lib/ssl/src/tls_connection_1_3.erl
index dc794e302b..5c7875b27c 100644
--- a/lib/ssl/src/tls_connection_1_3.erl
+++ b/lib/ssl/src/tls_connection_1_3.erl
@@ -454,8 +454,11 @@ connection({call, From}, negotiated_protocol,
connection(Type, Event, State) ->
ssl_gen_statem:?FUNCTION_NAME(Type, Event, State).
+downgrade(internal, #new_session_ticket{} = NewSessionTicket, State) ->
+ _ = handle_new_session_ticket(NewSessionTicket, State),
+ {next_state, ?FUNCTION_NAME, State};
downgrade(Type, Event, State) ->
- tls_connection:?FUNCTION_NAME(Type, Event, State).
+ ssl_gen_statem:?FUNCTION_NAME(Type, Event, State).
%--------------------------------------------------------------------
%% internal functions
--
2.26.2
