Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Ledest:erlang:23
erlang
4591-ssl-Cleanup-remove-Version-argument.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 4591-ssl-Cleanup-remove-Version-argument.patch of Package erlang
From a0b638051e767b056c559827b3d812a9376c668c Mon Sep 17 00:00:00 2001 From: Dan Gudmundsson <dgud@erlang.org> Date: Fri, 24 Sep 2021 11:18:36 +0200 Subject: [PATCH 01/10] ssl: Cleanup, remove Version argument Not used (and available in state if needed later). --- lib/ssl/src/dtls_connection.erl | 26 +++++----- lib/ssl/src/dtls_gen_connection.erl | 22 ++++----- lib/ssl/src/ssl_gen_statem.erl | 17 +++---- lib/ssl/src/tls_connection.erl | 32 ++++++------ lib/ssl/src/tls_connection_1_3.erl | 29 ++++++----- lib/ssl/src/tls_dtls_connection.erl | 77 +++++++++++++---------------- lib/ssl/src/tls_gen_connection.erl | 16 +++--- 7 files changed, 98 insertions(+), 121 deletions(-) diff --git a/lib/ssl/src/dtls_connection.erl b/lib/ssl/src/dtls_connection.erl index 1a4f001273..32ccb18176 100644 --- a/lib/ssl/src/dtls_connection.erl +++ b/lib/ssl/src/dtls_connection.erl @@ -287,7 +287,7 @@ hello(internal, #client_hello{cookie = <<>>, ssl_handshake:init_handshake_history()}}, Actions); #alert{} = Alert -> - ssl_gen_statem:handle_own_alert(Alert, Version,?FUNCTION_NAME, State0) + ssl_gen_statem:handle_own_alert(Alert,?FUNCTION_NAME, State0) end; hello(internal, #hello_verify_request{cookie = Cookie}, #state{static_env = #static_env{role = client, @@ -317,7 +317,7 @@ hello(internal, #hello_verify_request{cookie = Cookie}, protocol_specific = PS#{current_cookie_secret => Cookie} }, dtls_gen_connection:next_event(?FUNCTION_NAME, no_record, State, Actions); -hello(internal, #client_hello{extensions = Extensions, client_version = ClientVersion} = Hello, +hello(internal, #client_hello{extensions = Extensions} = Hello, #state{ssl_options = #{handshake := hello}, handshake_env = HsEnv, start_or_recv_from = From} = State0) -> @@ -327,7 +327,7 @@ hello(internal, #client_hello{extensions = Extensions, client_version = ClientVe handshake_env = HsEnv#handshake_env{hello = Hello}}, [{reply, From, {ok, Extensions}}]}; #alert{} = Alert -> - ssl_gen_statem:handle_own_alert(Alert, ClientVersion, ?FUNCTION_NAME, State0) + ssl_gen_statem:handle_own_alert(Alert, ?FUNCTION_NAME, State0) end; hello(internal, #server_hello{extensions = Extensions} = Hello, #state{ssl_options = #{ @@ -363,13 +363,12 @@ hello(internal, #server_hello{} = Hello, handshake_env = #handshake_env{ renegotiation = {Renegotiation, _}, ocsp_stapling_state = OcspState0} = HsEnv, - connection_env = #connection_env{negotiated_version = ReqVersion}, connection_states = ConnectionStates0, session = #session{session_id = OldId}, ssl_options = SslOptions} = State) -> case dtls_handshake:hello(Hello, SslOptions, ConnectionStates0, Renegotiation, OldId) of #alert{} = Alert -> - ssl_gen_statem:handle_own_alert(Alert, ReqVersion, ?FUNCTION_NAME, State); + ssl_gen_statem:handle_own_alert(Alert, ?FUNCTION_NAME, State); {Version, NewId, ConnectionStates, ProtoExt, Protocol, OcspState} -> tls_dtls_connection:handle_session(Hello, Version, NewId, ConnectionStates, ProtoExt, Protocol, @@ -478,10 +478,10 @@ wait_cert_verify(info, Event, State) -> gen_info(Event, ?FUNCTION_NAME, State); wait_cert_verify(state_timeout, Event, State) -> handle_state_timeout(Event, ?FUNCTION_NAME, State); -wait_cert_verify(Type, Event, #state{connection_env = #connection_env{negotiated_version = Version}} = State) -> +wait_cert_verify(Type, Event, State) -> try tls_dtls_connection:gen_handshake(?FUNCTION_NAME, Type, Event, State) catch throw:#alert{} = Alert -> - ssl_gen_statem:handle_own_alert(Alert, Version, ?FUNCTION_NAME, State) + ssl_gen_statem:handle_own_alert(Alert, ?FUNCTION_NAME, State) end. %%-------------------------------------------------------------------- @@ -638,7 +637,7 @@ handle_client_hello(#client_hello{client_version = ClientVersion} = Hello, State case dtls_handshake:hello(Hello, SslOpts, {SessionTracker, Session0, ConnectionStates0, OwnCerts, KeyExAlg}, Renegotiation) of #alert{} = Alert -> - ssl_gen_statem:handle_own_alert(Alert, ClientVersion, hello, State1); + ssl_gen_statem:handle_own_alert(Alert, hello, State1); {Version, {Type, Session}, ConnectionStates, Protocol0, ServerHelloExt, HashSign} -> Protocol = case Protocol0 of @@ -656,7 +655,7 @@ handle_client_hello(#client_hello{client_version = ClientVersion} = Hello, State {next_state, hello, State, [{next_event, internal, {common_client_hello, Type, ServerHelloExt}}]} end; #alert{} = Alert -> - ssl_gen_statem:handle_own_alert(Alert, ClientVersion, hello, State0) + ssl_gen_statem:handle_own_alert(Alert, hello, State0) end. @@ -672,8 +671,7 @@ handle_state_timeout(flight_retransmission_timeout, StateName, -gen_handshake(StateName, Type, Event, - #state{connection_env = #connection_env{negotiated_version = Version}} = State) -> +gen_handshake(StateName, Type, Event, State) -> try tls_dtls_connection:StateName(Type, Event, State) of Result -> Result @@ -681,10 +679,10 @@ gen_handshake(StateName, Type, Event, _:_ -> ssl_gen_statem:handle_own_alert(?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE, malformed_handshake_data), - Version, StateName, State) + StateName, State) end. -gen_info(Event, connection = StateName, #state{connection_env = #connection_env{negotiated_version = Version}} = State) -> +gen_info(Event, connection = StateName, State) -> try dtls_gen_connection:handle_info(Event, StateName, State) of Result -> Result @@ -692,10 +690,10 @@ gen_info(Event, connection = StateName, #state{connection_env = #connection_env _:_ -> ssl_gen_statem:handle_own_alert(?ALERT_REC(?FATAL, ?INTERNAL_ERROR, malformed_data), - Version, StateName, State) + StateName, State) end; -gen_info(Event, StateName, #state{connection_env = #connection_env{negotiated_version = Version}} = State) -> +gen_info(Event, StateName, State) -> try dtls_gen_connection:handle_info(Event, StateName, State) of Result -> Result @@ -703,7 +701,7 @@ gen_info(Event, StateName, #state{connection_env = #connection_env{negotiated_ve _:_ -> ssl_gen_statem:handle_own_alert(?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE, malformed_handshake_data), - Version, StateName, State) + StateName, State) end. prepare_flight(#state{flight_buffer = Flight, diff --git a/lib/ssl/src/dtls_gen_connection.erl b/lib/ssl/src/dtls_gen_connection.erl index 2032d77074..4b402f6841 100644 --- a/lib/ssl/src/dtls_gen_connection.erl +++ b/lib/ssl/src/dtls_gen_connection.erl @@ -182,8 +182,7 @@ next_event(StateName, no_record, %% TODO maybe buffer later epoch next_event(StateName, no_record, State, Actions); {#alert{} = Alert, State} -> - Version = State#state.connection_env#connection_env.negotiated_version, - handle_own_alert(Alert, Version, StateName, State) + handle_own_alert(Alert, StateName, State) end; next_event(connection = StateName, Record, #state{connection_states = #{current_read := #{epoch := CurrentEpoch}}} = State0, Actions) -> @@ -223,8 +222,7 @@ next_event(StateName, Record, %% TODO maybe buffer later epoch next_event(StateName, no_record, State0, Actions); #alert{} = Alert -> - Version = State0#state.connection_env#connection_env.negotiated_version, - handle_own_alert(Alert, Version, StateName, State0) + handle_own_alert(Alert, StateName, State0) end. initial_flight_state(udp)-> @@ -352,19 +350,18 @@ handle_protocol_record(#ssl_tls{type = ?HANDSHAKE, = unprocessed_events(Events)}}, Events} end catch throw:#alert{} = Alert -> - handle_own_alert(Alert, Version, StateName, State) + handle_own_alert(Alert, StateName, State) end; %%% DTLS record protocol level change cipher messages handle_protocol_record(#ssl_tls{type = ?CHANGE_CIPHER_SPEC, fragment = Data}, StateName, State) -> {next_state, StateName, State, [{next_event, internal, #change_cipher_spec{type = Data}}]}; %%% DTLS record protocol level Alert messages -handle_protocol_record(#ssl_tls{type = ?ALERT, fragment = EncAlerts}, StateName, - #state{connection_env = #connection_env{negotiated_version = Version}} = State) -> +handle_protocol_record(#ssl_tls{type = ?ALERT, fragment = EncAlerts}, StateName, State) -> case decode_alerts(EncAlerts) of Alerts = [_|_] -> handle_alerts(Alerts, {next_state, StateName, State}); #alert{} = Alert -> - handle_own_alert(Alert, Version, StateName, State) + handle_own_alert(Alert, StateName, State) end; %% Ignore unknown TLS record level protocol messages handle_protocol_record(#ssl_tls{type = _Unknown}, StateName, State) -> @@ -626,7 +623,7 @@ handle_alerts([Alert | Alerts], {next_state, StateName, State}) -> handle_alerts([Alert | Alerts], {next_state, StateName, State, _Actions}) -> handle_alerts(Alerts, ssl_gen_statem:handle_alert(Alert, StateName, State)). -handle_own_alert(Alert, Version, StateName, +handle_own_alert(Alert, StateName, #state{static_env = #static_env{data_tag = udp, role = Role}, ssl_options = #{log_level := LogLevel}} = State0) -> @@ -635,10 +632,11 @@ handle_own_alert(Alert, Version, StateName, log_ignore_alert(LogLevel, StateName, Alert, Role), {next_state, StateName, State}; {false, State} -> - ssl_gen_statem:handle_own_alert(Alert, Version, StateName, State) + ssl_gen_statem:handle_own_alert(Alert, StateName, State) end; -handle_own_alert(Alert, Version, StateName, State) -> - ssl_gen_statem:handle_own_alert(Alert, Version, StateName, State). +handle_own_alert(Alert, StateName, State) -> + ssl_gen_statem:handle_own_alert(Alert, StateName, State). + ignore_alert(#alert{level = ?FATAL}, #state{protocol_specific = #{ignored_alerts := N, max_ignored_alerts := N}} = State) -> {false, State}; diff --git a/lib/ssl/src/ssl_gen_statem.erl b/lib/ssl/src/ssl_gen_statem.erl index a68f9e0836..d8573f06dc 100644 --- a/lib/ssl/src/ssl_gen_statem.erl +++ b/lib/ssl/src/ssl_gen_statem.erl @@ -87,7 +87,7 @@ %% Alert and close handling -export([send_alert/3, - handle_own_alert/4, + handle_own_alert/3, handle_alert/3, handle_normal_shutdown/3, handle_trusted_certs_db/1, @@ -515,8 +515,7 @@ initial_hello({call, From}, {start, Timeout}, [{{timeout, handshake}, Timeout, close}]) catch {Ref, #alert{} = Alert} -> - handle_own_alert(Alert, RequestedVersion, init, - State0#state{start_or_recv_from = From}) + handle_own_alert(Alert, init, State0#state{start_or_recv_from = From}) end; initial_hello({call, From}, {start, Timeout}, #state{static_env = #static_env{role = Role, protocol_cb = Connection}, @@ -718,10 +716,9 @@ handle_common_event({timeout, recv}, timeout, StateName, #state{start_or_recv_fr handle_common_event(internal, {recv, RecvFrom}, StateName, #state{start_or_recv_from = RecvFrom}) when StateName =/= connection -> {keep_state_and_data, [postpone]}; -handle_common_event(Type, Msg, StateName, #state{connection_env = - #connection_env{negotiated_version = Version}} = State) -> +handle_common_event(Type, Msg, StateName, State) -> Alert = ?ALERT_REC(?FATAL,?UNEXPECTED_MESSAGE, {unexpected_msg, {Type, Msg}}), - handle_own_alert(Alert, Version, StateName, State). + handle_own_alert(Alert, StateName, State). handle_call({application_data, _Data}, _, _, _) -> %% In renegotiation priorities handshake, send data when handshake is finished @@ -939,7 +936,7 @@ send_alert(Alert, connection, #state{static_env = #static_env{protocol_cb = Conn send_alert(Alert, _, #state{static_env = #static_env{protocol_cb = Connection}} = State) -> Connection:send_alert(Alert, State). -handle_own_alert(Alert0, _, StateName, +handle_own_alert(Alert0, StateName, #state{static_env = #static_env{role = Role, protocol_cb = Connection}, ssl_options = #{log_level := LogLevel}} = State) -> diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl index ff06b5dc71..f4786e3c6a 100644 --- a/lib/ssl/src/tls_connection.erl +++ b/lib/ssl/src/tls_connection.erl @@ -233,7 +233,7 @@ hello(internal, #client_hello{client_version = ClientVersion} = Hello, #state{ss {ServerHelloExt, Type, State} -> {next_state, hello, State, [{next_event, internal, {common_client_hello, Type, ServerHelloExt}}]}; Alert -> - ssl_gen_statem:handle_own_alert(Alert, ClientVersion, hello, + ssl_gen_statem:handle_own_alert(Alert, hello, State0#state{connection_env = CEnv#connection_env{negotiated_version = ClientVersion}}) end @@ -249,7 +249,7 @@ hello(internal, #server_hello{} = Hello, ssl_options = SslOptions} = State) -> case tls_handshake:hello(Hello, SslOptions, ConnectionStates0, Renegotiation, OldId) of #alert{} = Alert -> - ssl_gen_statem:handle_own_alert(Alert, ReqVersion, hello, + ssl_gen_statem:handle_own_alert(Alert, hello, State#state{connection_env = CEnv#connection_env{negotiated_version = ReqVersion} }); @@ -314,10 +314,10 @@ certify(Type, Event, State) -> %%-------------------------------------------------------------------- wait_cert_verify(info, Event, State) -> gen_info(Event, ?FUNCTION_NAME, State); -wait_cert_verify(Type, Event, #state{connection_env = #connection_env{negotiated_version = Version}} = State) -> +wait_cert_verify(Type, Event, State) -> try tls_dtls_connection:gen_handshake(?FUNCTION_NAME, Type, Event, State) catch throw:#alert{} = Alert -> - ssl_gen_statem:handle_own_alert(Alert, Version, ?FUNCTION_NAME, State) + ssl_gen_statem:handle_own_alert(Alert, ?FUNCTION_NAME, State) end. %%-------------------------------------------------------------------- @@ -520,28 +520,26 @@ handle_client_hello(#client_hello{client_version = ClientVersion} = Hello, State end. -gen_info(Event, connection = StateName, #state{connection_env = #connection_env{negotiated_version = Version}} = State) -> - try tls_gen_connection:handle_info(Event, StateName, State) of - Result -> - Result - catch +gen_info(Event, connection = StateName, State) -> + try + tls_gen_connection:handle_info(Event, StateName, State) + catch _:_ -> ssl_gen_statem:handle_own_alert(?ALERT_REC(?FATAL, ?INTERNAL_ERROR, - malformed_data), - Version, StateName, State) + malformed_data), + StateName, State) end; -gen_info(Event, StateName, #state{connection_env = #connection_env{negotiated_version = Version}} = State) -> - try tls_gen_connection:handle_info(Event, StateName, State) of - Result -> - Result - catch +gen_info(Event, StateName, State) -> + try + tls_gen_connection:handle_info(Event, StateName, State) + catch _:_ -> ssl_gen_statem:handle_own_alert(?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE, - malformed_handshake_data), - Version, StateName, State) + malformed_handshake_data), + StateName, State) end. - + ensure_sender_terminate(downgrade, _) -> ok; %% Do not terminate sender during downgrade phase ensure_sender_terminate(_, #state{protocol_specific = #{sender := Sender}}) -> diff --git a/lib/ssl/src/tls_connection_1_3.erl b/lib/ssl/src/tls_connection_1_3.erl index 2d123bab43..d251bde34b 100644 --- a/lib/ssl/src/tls_connection_1_3.erl +++ b/lib/ssl/src/tls_connection_1_3.erl @@ -232,11 +232,10 @@ config_error(Type, Event, State) -> ssl_gen_statem:?FUNCTION_NAME(Type, Event, State). -user_hello({call, From}, cancel, #state{connection_env = #connection_env{negotiated_version = Version}} - = State) -> +user_hello({call, From}, cancel, State) -> gen_statem:reply(From, ok), ssl_gen_statem:handle_own_alert(?ALERT_REC(?FATAL, ?USER_CANCELED, user_canceled), - Version, ?FUNCTION_NAME, State); + ?FUNCTION_NAME, State); user_hello({call, From}, {handshake_continue, NewOptions, Timeout}, #state{static_env = #static_env{role = Role}, handshake_env = #handshake_env{hello = Hello}, @@ -269,7 +268,7 @@ start(internal, #client_hello{extensions = Extensions} = Hello, start(internal, #client_hello{} = Hello, State0) -> case tls_handshake_1_3:do_start(Hello, State0) of #alert{} = Alert -> - ssl_gen_statem:handle_own_alert(Alert, {3,4}, start, State0); + ssl_gen_statem:handle_own_alert(Alert, start, State0); {State, start} -> {next_state, start, State, []}; {State, negotiated} -> @@ -289,7 +288,7 @@ start(internal, #server_hello{extensions = Extensions} = ServerHello, start(internal, #server_hello{} = ServerHello, State0) -> case tls_handshake_1_3:do_start(ServerHello, State0) of #alert{} = Alert -> - ssl_gen_statem:handle_own_alert(Alert, {3,4}, start, State0); + ssl_gen_statem:handle_own_alert(Alert, start, State0); {State, NextState} -> {next_state, NextState, State, []} end; @@ -303,7 +302,7 @@ negotiated(internal, #change_cipher_spec{}, State) -> negotiated(internal, Message, State0) -> case tls_handshake_1_3:do_negotiated(Message, State0) of #alert{} = Alert -> - ssl_gen_statem:handle_own_alert(Alert, {3,4}, negotiated, State0); + ssl_gen_statem:handle_own_alert(Alert, negotiated, State0); {State, NextState} -> {next_state, NextState, State, []} end; @@ -316,7 +315,7 @@ wait_cert(internal, #certificate_1_3{} = Certificate, State0) -> case tls_handshake_1_3:do_wait_cert(Certificate, State0) of {#alert{} = Alert, State} -> - ssl_gen_statem:handle_own_alert(Alert, {3,4}, wait_cert, State); + ssl_gen_statem:handle_own_alert(Alert, wait_cert, State); {State, NextState} -> tls_gen_connection:next_event(NextState, no_record, State) end; @@ -331,7 +330,7 @@ wait_cv(internal, #certificate_verify_1_3{} = CertificateVerify, State0) -> case tls_handshake_1_3:do_wait_cv(CertificateVerify, State0) of {#alert{} = Alert, State} -> - ssl_gen_statem:handle_own_alert(Alert, {3,4}, wait_cv, State); + ssl_gen_statem:handle_own_alert(Alert, wait_cv, State); {State, NextState} -> tls_gen_connection:next_event(NextState, no_record, State) end; @@ -346,7 +345,7 @@ wait_finished(internal, #finished{} = Finished, State0) -> case tls_handshake_1_3:do_wait_finished(Finished, State0) of #alert{} = Alert -> - ssl_gen_statem:handle_own_alert(Alert, {3,4}, finished, State0); + ssl_gen_statem:handle_own_alert(Alert, finished, State0); State1 -> {Record, State} = ssl_gen_statem:prepare_connection(State1, tls_gen_connection), tls_gen_connection:next_event(connection, Record, State, @@ -370,7 +369,7 @@ wait_sh(internal, #server_hello{extensions = Extensions} = Hello, #state{ssl_op wait_sh(internal, #server_hello{} = Hello, State0) -> case tls_handshake_1_3:do_wait_sh(Hello, State0) of #alert{} = Alert -> - ssl_gen_statem:handle_own_alert(Alert, {3,4}, wait_sh, State0); + ssl_gen_statem:handle_own_alert(Alert, wait_sh, State0); {State1, start, ServerHello} -> %% hello_retry_request: go to start {next_state, start, State1, [{next_event, internal, ServerHello}]}; @@ -388,7 +387,7 @@ wait_ee(internal, #change_cipher_spec{}, State) -> wait_ee(internal, #encrypted_extensions{} = EE, State0) -> case tls_handshake_1_3:do_wait_ee(EE, State0) of #alert{} = Alert -> - ssl_gen_statem:handle_own_alert(Alert, {3,4}, wait_ee, State0); + ssl_gen_statem:handle_own_alert(Alert, wait_ee, State0); {State1, NextState} -> tls_gen_connection:next_event(NextState, no_record, State1) end; @@ -403,14 +402,14 @@ wait_cert_cr(internal, #change_cipher_spec{}, State) -> wait_cert_cr(internal, #certificate_1_3{} = Certificate, State0) -> case tls_handshake_1_3:do_wait_cert_cr(Certificate, State0) of {#alert{} = Alert, State} -> - ssl_gen_statem:handle_own_alert(Alert, {3,4}, wait_cert_cr, State); + ssl_gen_statem:handle_own_alert(Alert, wait_cert_cr, State); {State1, NextState} -> tls_gen_connection:next_event(NextState, no_record, State1) end; wait_cert_cr(internal, #certificate_request_1_3{} = CertificateRequest, State0) -> case tls_handshake_1_3:do_wait_cert_cr(CertificateRequest, State0) of #alert{} = Alert -> - ssl_gen_statem:handle_own_alert(Alert, {3,4}, wait_cert_cr, State0); + ssl_gen_statem:handle_own_alert(Alert, wait_cert_cr, State0); {State1, NextState} -> tls_gen_connection:next_event(NextState, no_record, State1) end; @@ -424,7 +423,7 @@ wait_eoed(internal, #change_cipher_spec{}, State) -> wait_eoed(internal, #end_of_early_data{} = EOED, State0) -> case tls_handshake_1_3:do_wait_eoed(EOED, State0) of {#alert{} = Alert, State} -> - ssl_gen_statem:handle_own_alert(Alert, {3,4}, wait_eoed, State); + ssl_gen_statem:handle_own_alert(Alert, wait_eoed, State); {State1, NextState} -> tls_gen_connection:next_event(NextState, no_record, State1) end; @@ -442,7 +441,7 @@ connection(internal, #key_update{} = KeyUpdate, State0) -> {ok, State} -> tls_gen_connection:next_event(?FUNCTION_NAME, no_record, State); {error, State, Alert} -> - ssl_gen_statem:handle_own_alert(Alert, {3,4}, connection, State), + ssl_gen_statem:handle_own_alert(Alert, connection, State), tls_gen_connection:next_event(?FUNCTION_NAME, no_record, State) end; connection({call, From}, negotiated_protocol, diff --git a/lib/ssl/src/tls_dtls_connection.erl b/lib/ssl/src/tls_dtls_connection.erl index bb138b035b..94e68c7045 100644 --- a/lib/ssl/src/tls_dtls_connection.erl +++ b/lib/ssl/src/tls_dtls_connection.erl @@ -163,10 +163,9 @@ hello(Type, Event, State) -> #hello_request{} | term(), #state{}) -> gen_statem:state_function_result(). %%-------------------------------------------------------------------- -user_hello({call, From}, cancel, #state{connection_env = #connection_env{negotiated_version = Version}} = State) -> +user_hello({call, From}, cancel, State) -> gen_statem:reply(From, ok), - ssl_gen_statem:handle_own_alert(?ALERT_REC(?FATAL, ?USER_CANCELED, user_canceled), - Version, ?FUNCTION_NAME, State); + ssl_gen_statem:handle_own_alert(?ALERT_REC(?FATAL, ?USER_CANCELED, user_canceled), ?FUNCTION_NAME, State); user_hello({call, From}, {handshake_continue, NewOptions, Timeout}, #state{static_env = #static_env{role = Role}, handshake_env = #handshake_env{hello = Hello}, @@ -209,7 +208,7 @@ abbreviated(internal, #finished{verify_data = Data} = Finished, Connection), Connection:next_event(connection, Record, State, [{{timeout, handshake}, infinity, close}]); #alert{} = Alert -> - ssl_gen_statem:handle_own_alert(Alert, Version, ?FUNCTION_NAME, State0) + ssl_gen_statem:handle_own_alert(Alert, ?FUNCTION_NAME, State0) end; abbreviated(internal, #finished{verify_data = Data} = Finished, #state{static_env = #static_env{role = client, @@ -232,7 +231,7 @@ abbreviated(internal, #finished{verify_data = Data} = Finished, Connection), Connection:next_event(connection, Record, State, [{{timeout, handshake}, infinity, close} | Actions]); #alert{} = Alert -> - ssl_gen_statem:handle_own_alert(Alert, Version, ?FUNCTION_NAME, State0) + ssl_gen_statem:handle_own_alert(Alert, ?FUNCTION_NAME, State0) end; %% only allowed to send next_protocol message after change cipher spec %% & before finished message and it is not allowed during renegotiation @@ -309,12 +308,11 @@ certify(info, Msg, State) -> handle_info(Msg, ?FUNCTION_NAME, State); certify(internal, #certificate{asn1_certificates = []}, #state{static_env = #static_env{role = server}, - connection_env = #connection_env{negotiated_version = Version}, ssl_options = #{verify := verify_peer, fail_if_no_peer_cert := true}} = State) -> Alert = ?ALERT_REC(?FATAL,?HANDSHAKE_FAILURE, no_client_certificate_provided), - ssl_gen_statem:handle_own_alert(Alert, Version, ?FUNCTION_NAME, State); + ssl_gen_statem:handle_own_alert(Alert, ?FUNCTION_NAME, State); certify(internal, #certificate{asn1_certificates = []}, #state{static_env = #static_env{role = server, protocol_cb = Connection}, @@ -324,11 +322,10 @@ certify(internal, #certificate{asn1_certificates = []}, Connection:next_event(?FUNCTION_NAME, no_record, State0#state{client_certificate_status = empty}); certify(internal, #certificate{}, #state{static_env = #static_env{role = server}, - connection_env = #connection_env{negotiated_version = Version}, ssl_options = #{verify := verify_none}} = State) -> Alert = ?ALERT_REC(?FATAL,?UNEXPECTED_MESSAGE, unrequested_certificate), - ssl_gen_statem:handle_own_alert(Alert, Version, ?FUNCTION_NAME, State); + ssl_gen_statem:handle_own_alert(Alert, ?FUNCTION_NAME, State); certify(internal, #certificate{}, #state{static_env = #static_env{protocol_cb = Connection}, handshake_env = #handshake_env{ @@ -355,7 +352,7 @@ certify(internal, #certificate{asn1_certificates = [Peer|_]} = Cert, end, handle_peer_cert(Role, PeerCert, PublicKeyInfo, State, Connection, []); #alert{} = Alert -> - ssl_gen_statem:handle_own_alert(Alert, Version, ?FUNCTION_NAME, State0) + ssl_gen_statem:handle_own_alert(Alert, ?FUNCTION_NAME, State0) end; certify(internal, #server_key_exchange{exchange_keys = Keys}, #state{static_env = #static_env{role = client, @@ -398,13 +395,12 @@ certify(internal, #server_key_exchange{exchange_keys = Keys}, Connection); false -> ssl_gen_statem:handle_own_alert(?ALERT_REC(?FATAL, ?DECRYPT_ERROR), - Version, ?FUNCTION_NAME, State) + ?FUNCTION_NAME, State) end end; certify(internal, #certificate_request{}, #state{static_env = #static_env{role = client}, - handshake_env = #handshake_env{kex_algorithm = KexAlg}, - connection_env = #connection_env{negotiated_version = Version}} = State) + handshake_env = #handshake_env{kex_algorithm = KexAlg}} = State) when KexAlg == dh_anon; KexAlg == ecdh_anon; KexAlg == psk; @@ -415,7 +411,7 @@ certify(internal, #certificate_request{}, KexAlg == srp_rsa; KexAlg == srp_anon -> ssl_gen_statem:handle_own_alert(?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE), - Version, ?FUNCTION_NAME, State); + ?FUNCTION_NAME, State); certify(internal, #certificate_request{}, #state{static_env = #static_env{role = client, protocol_cb = Connection}, @@ -443,7 +439,7 @@ certify(internal, #certificate_request{} = CertRequest, case ssl_handshake:select_hashsign(CertRequest, Cert, SupportedHashSigns, TLSVersion) of #alert {} = Alert -> - ssl_gen_statem:handle_own_alert(Alert, Version, ?FUNCTION_NAME, State); + ssl_gen_statem:handle_own_alert(Alert, ?FUNCTION_NAME, State); SelectedHashSign -> Connection:next_event(?FUNCTION_NAME, no_record, State#state{client_certificate_status = requested, @@ -455,7 +451,6 @@ certify(internal, #server_hello_done{}, #state{static_env = #static_env{role = client, protocol_cb = Connection}, session = #session{master_secret = undefined}, - connection_env = #connection_env{negotiated_version = Version}, handshake_env = #handshake_env{kex_algorithm = KexAlg, premaster_secret = undefined, server_psk_identity = PSKIdentity} = HsEnv, @@ -463,7 +458,7 @@ certify(internal, #server_hello_done{}, when KexAlg == psk -> case ssl_handshake:premaster_secret({KexAlg, PSKIdentity}, PSKLookup) of #alert{} = Alert -> - ssl_gen_statem:handle_own_alert(Alert, Version, ?FUNCTION_NAME, State0); + ssl_gen_statem:handle_own_alert(Alert, ?FUNCTION_NAME, State0); PremasterSecret -> State = master_secret(PremasterSecret, State0#state{handshake_env = @@ -473,7 +468,7 @@ certify(internal, #server_hello_done{}, certify(internal, #server_hello_done{}, #state{static_env = #static_env{role = client, protocol_cb = Connection}, - connection_env = #connection_env{negotiated_version = {Major, Minor}} = Version, + connection_env = #connection_env{negotiated_version = {Major, Minor}}, handshake_env = #handshake_env{kex_algorithm = KexAlg, premaster_secret = undefined, server_psk_identity = PSKIdentity} = HsEnv, @@ -485,7 +480,7 @@ certify(internal, #server_hello_done{}, case ssl_handshake:premaster_secret({KexAlg, PSKIdentity}, PSKLookup, RSAPremasterSecret) of #alert{} = Alert -> - ssl_gen_statem:handle_own_alert(Alert, Version, ?FUNCTION_NAME, State0); + ssl_gen_statem:handle_own_alert(Alert, ?FUNCTION_NAME, State0); PremasterSecret -> State = master_secret(PremasterSecret, State0#state{handshake_env = @@ -506,7 +501,7 @@ certify(internal, #server_hello_done{}, State = State0#state{connection_states = ConnectionStates}, client_certify_and_key_exchange(State, Connection); #alert{} = Alert -> - ssl_gen_statem:handle_own_alert(Alert, Version, ?FUNCTION_NAME, State0) + ssl_gen_statem:handle_own_alert(Alert, ?FUNCTION_NAME, State0) end; %% Master secret is calculated from premaster_secret certify(internal, #server_hello_done{}, @@ -524,7 +519,7 @@ certify(internal, #server_hello_done{}, session = Session}, client_certify_and_key_exchange(State, Connection); #alert{} = Alert -> - ssl_gen_statem:handle_own_alert(Alert, Version, ?FUNCTION_NAME, State0) + ssl_gen_statem:handle_own_alert(Alert, ?FUNCTION_NAME, State0) end; certify(internal, #client_key_exchange{exchange_keys = Keys}, State = #state{handshake_env = #handshake_env{kex_algorithm = KeyAlg}, @@ -543,7 +537,7 @@ certify(internal, #client_key_exchange{exchange_keys = Keys}, State, Connection) catch #alert{} = Alert -> - ssl_gen_statem:handle_own_alert(Alert, Version, ?FUNCTION_NAME, State) + ssl_gen_statem:handle_own_alert(Alert, ?FUNCTION_NAME, State) end; certify(internal, #hello_request{}, _) -> keep_state_and_data; @@ -580,9+574,8 @@ cipher(info, Msg, State) -> cipher(internal, #finished{}, #state{static_env = #static_env{role = server}, handshake_env = #handshake_env{expecting_next_protocol_negotiation = true, - negotiated_protocol = undefined}, - connection_env = #connection_env{negotiated_version = Version}} = State0) -> - ssl_gen_statem:handle_own_alert(?ALERT_REC(?FATAL,?UNEXPECTED_MESSAGE), Version, ?FUNCTION_NAME, State0); + negotiated_protocol = undefined}} = State0) -> + ssl_gen_statem:handle_own_alert(?ALERT_REC(?FATAL,?UNEXPECTED_MESSAGE), ?FUNCTION_NAME, State0); cipher(internal, #finished{verify_data = Data} = Finished, #state{static_env = #static_env{role = Role, host = Host, @@ -610,7 +603,7 @@ cipher(internal, #finished{verify_data = Data} = Finished, cipher_role(Role, Data, Session, State#state{handshake_env = HsEnv#handshake_env{expecting_finished = false}}); #alert{} = Alert -> - ssl_gen_statem:handle_own_alert(Alert, Version, ?FUNCTION_NAME, State) + ssl_gen_statem:handle_own_alert(Alert, ?FUNCTION_NAME, State) end; %% only allowed to send next_protocol message after change cipher spec %% & before finished message and it is not allowed during renegotiation @@ -688,16 +681,14 @@ connection(Type, Event, State) -> downgrade(Type, Event, State) -> ssl_gen_statem:handle_common_event(Type, Event, ?FUNCTION_NAME, State). -gen_handshake(StateName, Type, Event, - #state{connection_env = #connection_env{negotiated_version = Version}} = State) -> - try tls_dtls_connection:StateName(Type, Event, State) of - Result -> - Result +gen_handshake(StateName, Type, Event, State) -> + try + tls_dtls_connection:StateName(Type, Event, State) catch _:_ -> ssl_gen_statem:handle_own_alert(?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE, malformed_handshake_data), - Version, StateName, State) + StateName, State) end. %%-------------------------------------------------------------------- @@ -825,8 +816,7 @@ new_server_hello(#server_hello{cipher_suite = CipherSuite, compression_method = Compression, session_id = SessionId}, #state{session = Session0, - static_env = #static_env{protocol_cb = Connection}, - connection_env = #connection_env{negotiated_version = Version}} = State0, Connection) -> + static_env = #static_env{protocol_cb = Connection}} = State0, Connection) -> try server_certify_and_key_exchange(State0, Connection) of #state{} = State1 -> {State, Actions} = server_hello_done(State1, Connection), @@ -837,7 +827,7 @@ new_server_hello(#server_hello{cipher_suite = CipherSuite, Connection:next_event(certify, no_record, State#state{session = Session}, Actions) catch #alert{} = Alert -> - ssl_gen_statem:handle_own_alert(Alert, Version, hello, State0) + ssl_gen_statem:handle_own_alert(Alert, hello, State0) end. resumed_server_hello(#state{session = Session, @@ -854,7 +844,7 @@ resumed_server_hello(#state{session = Session, finalize_handshake(State1, abbreviated, Connection), Connection:next_event(abbreviated, no_record, State, Actions); #alert{} = Alert -> - ssl_gen_statem:handle_own_alert(Alert, Version, hello, State0) + ssl_gen_statem:handle_own_alert(Alert, hello, State0) end. server_hello(ServerHello, State0, Connection) -> @@ -923,8 +913,7 @@ verify_client_cert(#state{static_env = #static_env{role = client}, verify_client_cert(#state{client_certificate_status = not_requested} = State, _) -> State. -client_certify_and_key_exchange(#state{connection_env = #connection_env{negotiated_version = Version}} = - State0, Connection) -> +client_certify_and_key_exchange(State0, Connection) -> try do_client_certify_and_key_exchange(State0, Connection) of State1 = #state{} -> {State2, Actions} = finalize_handshake(State1, certify, Connection), @@ -934,7 +923,7 @@ client_certify_and_key_exchange(#state{connection_env = #connection_env{negotiat Connection:next_event(cipher, no_record, State, Actions) catch throw:#alert{} = Alert -> - ssl_gen_statem:handle_own_alert(Alert, Version, certify, State0) + ssl_gen_statem:handle_own_alert(Alert, certify, State0) end. do_client_certify_and_key_exchange(State0, Connection) -> @@ -1366,7 +1355,7 @@ calculate_master_secret(PremasterSecret, session = Session}, Connection:next_event(Next, no_record, State); #alert{} = Alert -> - ssl_gen_statem:handle_own_alert(Alert, Version, certify, State0) + ssl_gen_statem:handle_own_alert(Alert, certify, State0) end. finalize_handshake(State0, StateName, Connection) -> @@ -1645,7 +1634,7 @@ handle_resumed_session(SessId, #state{static_env = #static_env{host = Host, connection_states = ConnectionStates, session = Session}); #alert{} = Alert -> - ssl_gen_statem:handle_own_alert(Alert, Version, hello, State) + ssl_gen_statem:handle_own_alert(Alert, hello, State) end. make_premaster_secret({MajVer, MinVer}, rsa) -> diff --git a/lib/ssl/src/tls_gen_connection.erl b/lib/ssl/src/tls_gen_connection.erl index 217620f62e..dfb67a8f65 100644 --- a/lib/ssl/src/tls_gen_connection.erl +++ b/lib/ssl/src/tls_gen_connection.erl @@ -241,13 +241,12 @@ getopts(Transport, Socket, Tag) -> %% raw data from socket, upack records handle_info({Protocol, _, Data}, StateName, - #state{static_env = #static_env{data_tag = Protocol}, - connection_env = #connection_env{negotiated_version = Version}} = State0) -> + #state{static_env = #static_env{data_tag = Protocol}} = State0) -> case next_tls_record(Data, StateName, State0) of {Record, State} -> next_event(StateName, Record, State); #alert{} = Alert -> - ssl_gen_statem:handle_own_alert(Alert, Version, StateName, State0) + ssl_gen_statem:handle_own_alert(Alert, StateName, State0) end; handle_info({PassiveTag, Socket}, StateName, #state{static_env = #static_env{socket = Socket, @@ -350,7 +350,6 @@ next_event(StateName, #alert{} = Alert, %%% TLS record protocol level application data messages handle_protocol_record(#ssl_tls{type = ?APPLICATION_DATA}, StateName, #state{static_env = #static_env{role = server}, - connection_env = #connection_env{negotiated_version = Version}, handshake_env = #handshake_env{renegotiation = {false, first}} } = State) when StateName == initial_hello; StateName == hello; @@ -362,13 +361,12 @@ handle_protocol_record(#ssl_tls{type = ? -> %% Application data can not be sent before initial handshake pre TLS-1.3. Alert = ?ALERT_REC(?FATAL, ?UNEXPECTED_MESSAGE, application_data_before_initial_handshake), - ssl_gen_statem:handle_own_alert(Alert, Version, StateName, State); + ssl_gen_statem:handle_own_alert(Alert, StateName, State); handle_protocol_record(#ssl_tls{type = ?APPLICATION_DATA}, start = StateName, - #state{static_env = #static_env{role = server}, - connection_env = #connection_env{negotiated_version = Version} + #state{static_env = #static_env{role = server} } = State) -> Alert = ?ALERT_REC(?FATAL, ?DECODE_ERROR, invalid_tls_13_message), - ssl_gen_statem:handle_own_alert(Alert, Version, StateName, State); + ssl_gen_statem:handle_own_alert(Alert, StateName, State); handle_protocol_record(#ssl_tls{type = ?APPLICATION_DATA, fragment = Data}, StateName, #state{start_or_recv_from = From, socket_options = #socket_options{active = false}} = State0) when From =/= undefined -> @@ -404,26 +403,25 @@ handle_protocol_record(#ssl_tls{type = ?HANDSHAKE, fragment = Data}, end end catch throw:#alert{} = Alert -> - ssl_gen_statem:handle_own_alert(Alert, Version, StateName, State0) + ssl_gen_statem:handle_own_alert(Alert, StateName, State0) end; %%% TLS record protocol level change cipher messages handle_protocol_record(#ssl_tls{type = ?CHANGE_CIPHER_SPEC, fragment = Data}, StateName, State) -> {next_state, StateName, State, [{next_event, internal, #change_cipher_spec{type = Data}}]}; %%% TLS record protocol level Alert messages -handle_protocol_record(#ssl_tls{type = ?ALERT, fragment = EncAlerts}, StateName, - #state{connection_env = #connection_env{negotiated_version = Version}} = State) -> +handle_protocol_record(#ssl_tls{type = ?ALERT, fragment = EncAlerts}, StateName,State) -> try decode_alerts(EncAlerts) of Alerts = [_|_] -> handle_alerts(Alerts, {next_state, StateName, State}); [] -> ssl_gen_statem:handle_own_alert(?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE, empty_alert), - Version, StateName, State); + StateName, State); #alert{} = Alert -> - ssl_gen_statem:handle_own_alert(Alert, Version, StateName, State) + ssl_gen_statem:handle_own_alert(Alert, StateName, State) catch _:_ -> ssl_gen_statem:handle_own_alert(?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE, alert_decode_error), - Version, StateName, State) + StateName, State) end; %% Ignore unknown TLS record level protocol messages -- 2.31.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor