Merge branch 'maint'

1 files changed, 25 insertions, 11 deletions

diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl
index 93a84933a2..d737f74aa3 100644
--- a/lib/ssl/src/ssl_cipher.erl
+++ b/lib/ssl/src/ssl_cipher.erl
@@ -34,6 +34,7 @@
 -include_lib("public_key/include/public_key.hrl").
 
 -export([security_parameters/2, security_parameters/3, suite_definition/1,
+	 erl_suite_definition/1,
 	 cipher_init/3, decipher/6, cipher/5, decipher_aead/6, cipher_aead/6,
 	 suite/1, suites/1, all_suites/1, 
 	 ec_keyed_suites/0, anonymous_suites/1, psk_suites/1, srp_suites/0,
@@ -48,8 +49,11 @@
 			   | aes_128_cbc |  aes_256_cbc | aes_128_gcm | aes_256_gcm | chacha20_poly1305.
 -type hash()              :: null | sha | md5 | sha224 | sha256 | sha384 | sha512.
 -type key_algo()          :: null | rsa | dhe_rsa | dhe_dss | ecdhe_ecdsa| ecdh_ecdsa | ecdh_rsa| srp_rsa| srp_dss | psk | dhe_psk | rsa_psk | dh_anon | ecdh_anon | srp_anon.
--type erl_cipher_suite()  :: {key_algo(), cipher(), hash()}.
--type int_cipher_suite()  :: {key_algo(), cipher(), hash(), hash() | default_prf}.
+-type erl_cipher_suite()  :: {key_algo(), cipher(), hash()} % Pre TLS 1.2 
+			     %% TLS 1.2, internally PRE TLS 1.2 will use default_prf
+			   | {key_algo(), cipher(), hash(), hash() | default_prf}. 
+
+ 
 -type cipher_suite()      :: binary().
 -type cipher_enum()        :: integer().
 -type openssl_cipher_suite()  :: string().
@@ -428,7 +432,7 @@ des_suites(_)->
      ?TLS_RSA_WITH_DES_CBC_SHA].
 
 %%--------------------------------------------------------------------
--spec suite_definition(cipher_suite()) -> int_cipher_suite().
+-spec suite_definition(cipher_suite()) -> erl_cipher_suite().
 %%
 %% Description: Return erlang cipher suite definition.
 %% Note: Currently not supported suites are commented away.
@@ -733,6 +737,20 @@ suite_definition(?TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256) ->
     {dhe_rsa, chacha20_poly1305, null, sha256}.
 
 %%--------------------------------------------------------------------
+-spec erl_suite_definition(cipher_suite()) -> erl_cipher_suite().
+%%
+%% Description: Return erlang cipher suite definition. Filters last value
+%% for now (compatibility reasons).
+%%--------------------------------------------------------------------
+erl_suite_definition(S) ->
+    case suite_definition(S) of
+	{KeyExchange, Cipher, Hash, default_prf} ->
+	    {KeyExchange, Cipher, Hash};
+	Suite ->
+	    Suite
+    end.
+
+%%--------------------------------------------------------------------
 -spec suite(erl_cipher_suite()) -> cipher_suite().
 %%
 %% Description: Return TLS cipher suite definition.
@@ -1395,18 +1413,14 @@ filter(DerCert, Ciphers) ->
 %%
 %% Description: Filter suites for algorithms supported by crypto.
 %%-------------------------------------------------------------------
-filter_suites(Suites = [{_,_,_}|_]) ->
+filter_suites(Suites = [Value|_]) when is_tuple(Value) ->
     Algos = crypto:supports(),
+    Hashs =  proplists:get_value(hashs, Algos),
     lists:filter(fun({KeyExchange, Cipher, Hash}) ->
 			 is_acceptable_keyexchange(KeyExchange,  proplists:get_value(public_keys, Algos)) andalso
 			     is_acceptable_cipher(Cipher,  proplists:get_value(ciphers, Algos)) andalso
-			     is_acceptable_hash(Hash,  proplists:get_value(hashs, Algos))
-		 end, Suites);
-
-filter_suites(Suites = [{_,_,_,_}|_]) ->
-    Algos = crypto:supports(),
-    Hashs =  proplists:get_value(hashs, Algos),
-    lists:filter(fun({KeyExchange, Cipher, Hash, Prf}) ->
+			     is_acceptable_hash(Hash,  proplists:get_value(hashs, Algos));
+		    ({KeyExchange, Cipher, Hash, Prf}) ->
 			 is_acceptable_keyexchange(KeyExchange, proplists:get_value(public_keys, Algos)) andalso
 			     is_acceptable_cipher(Cipher, proplists:get_value(ciphers, Algos)) andalso
 			     is_acceptable_hash(Hash, Hashs) andalso