Merge branch 'ingela/ssl/flow-ctrl/ERL-934/ERL-938/OTP-15823' into maint

* ingela/ssl/flow-ctrl/ERL-934/ERL-938/OTP-15823:
  ssl: Avoid dialyzer warning
  ssl: Add test cases for issue reported in ERL-938
  ssl: Internal active n must back off when user does not read data
  ssl: Remove legacy calls to next_record
  Revert "ssl: Add check when to toggle internal active N"

Conflicts:
	lib/ssl/src/dtls_connection.erl
	lib/ssl/src/ssl_connection.erl
	lib/ssl/src/tls_connection.erl

4 files changed, 64 insertions, 46 deletions

diff --git a/lib/ssl/src/dtls_connection.erl b/lib/ssl/src/dtls_connection.erl
index e070006900..6928d7a93d 100644
--- a/lib/ssl/src/dtls_connection.erl
+++ b/lib/ssl/src/dtls_connection.erl
@@ -51,7 +51,7 @@
 -export([encode_alert/3, send_alert/2, send_alert_in_connection/2, close/5, protocol_name/0]).
 
 %% Data handling
--export([next_record/1, socket/4, setopts/3, getopts/3]).
+-export([socket/4, setopts/3, getopts/3]).
 
 %% gen_statem state functions
 -export([init/3, error/3, downgrade/3, %% Initiation and take down states
@@ -451,11 +451,11 @@ init({call, From}, {start, Timeout},
     HelloVersion = dtls_record:hello_version(Version, SslOpts#ssl_options.versions),
     State1 = prepare_flight(State0#state{connection_env = CEnv#connection_env{negotiated_version = Version}}),
     {State2, Actions} = send_handshake(Hello, State1#state{connection_env = CEnv#connection_env{negotiated_version = HelloVersion}}),  
-    State3 = State2#state{connection_env = CEnv#connection_env{negotiated_version = Version}, %% RequestedVersion
+    State = State2#state{connection_env = CEnv#connection_env{negotiated_version = Version}, %% RequestedVersion
 			  session =
 			      Session0#session{session_id = Hello#client_hello.session_id},
 			  start_or_recv_from = From},
-    next_event(hello, no_record, State3, [{{timeout, handshake}, Timeout, close} | Actions]);
+    next_event(hello, no_record, State, [{{timeout, handshake}, Timeout, close} | Actions]);
 init({call, _} = Type, Event, #state{static_env = #static_env{role = server},
                                      protocol_specific = PS} = State) ->
     Result = gen_handshake(?FUNCTION_NAME, Type, Event, 
@@ -514,7 +514,7 @@ hello(internal, #client_hello{cookie = <<>>,
     VerifyRequest = dtls_handshake:hello_verify_request(Cookie, ?HELLO_VERIFY_REQUEST_VERSION),
     State1 = prepare_flight(State0#state{connection_env = CEnv#connection_env{negotiated_version = Version}}),
     {State, Actions} = send_handshake(VerifyRequest, State1),
-    next_event(?FUNCTION_NAME, no_record,
+    next_event(?FUNCTION_NAME, no_record, 
                State#state{handshake_env = HsEnv#handshake_env{
                                              tls_handshake_history = 
                                                  ssl_handshake:init_handshake_history()}}, 
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index a5f754d2e3..345db7510f 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -1194,7 +1194,7 @@ cipher(internal, #next_protocol{selected_protocol = SelectedProtocol},
        #state{static_env = #static_env{role = server},
               handshake_env = #handshake_env{expecting_finished = true,
                                              expecting_next_protocol_negotiation = true} = HsEnv} = State, Connection) ->
-    Connection:next_event(?FUNCTION_NAME, no_record,
+    Connection:next_event(?FUNCTION_NAME, no_record, 
 			  State#state{handshake_env = HsEnv#handshake_env{negotiated_protocol = SelectedProtocol,
                                                                           expecting_next_protocol_negotiation = false}});
 cipher(internal, #change_cipher_spec{type = <<1>>},  #state{handshake_env = HsEnv, connection_states = ConnectionStates0} =
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index 7b34991f4f..f68d3e9b26 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -98,8 +98,8 @@ hello_request() ->
     #hello_request{}.
 
 %%--------------------------------------------------------------------
--spec server_hello(binary(), ssl_record:ssl_version(), ssl_record:connection_states(),
-		   Extension::map()) -> #server_hello{}.
+%%-spec server_hello(binary(), ssl_record:ssl_version(), ssl_record:connection_states(),
+%%		   Extension::map()) -> #server_hello{}.
 %%
 %% Description: Creates a server hello message.
 %%--------------------------------------------------------------------
diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl
index a05858221a..391e3146c3 100644
--- a/lib/ssl/src/tls_connection.erl
+++ b/lib/ssl/src/tls_connection.erl
@@ -62,7 +62,7 @@
          close/5, protocol_name/0]).
 
 %% Data handling
--export([next_record/1, socket/4, setopts/3, getopts/3]).
+-export([socket/4, setopts/3, getopts/3]).
 
 %% gen_statem state functions
 -export([init/3, error/3, downgrade/3, %% Initiation and take down states
@@ -161,32 +161,61 @@ pids(#state{protocol_specific = #{sender := Sender}}) ->
 %%====================================================================
 %% State transition handling
 %%====================================================================
-next_record(#state{handshake_env = 
+next_record(_, #state{handshake_env = 
                        #handshake_env{unprocessed_handshake_events = N} = HsEnv} 
             = State) when N > 0 ->
     {no_record, State#state{handshake_env = 
                                 HsEnv#handshake_env{unprocessed_handshake_events = N-1}}};
-next_record(#state{protocol_buffers =
-                       #protocol_buffers{tls_cipher_texts = [_|_] = CipherTexts},
-                   connection_states = ConnectionStates,
-                   ssl_options = #ssl_options{padding_check = Check}} = State) ->
+next_record(_, #state{protocol_buffers =
+                          #protocol_buffers{tls_cipher_texts = [_|_] = CipherTexts},
+                      connection_states = ConnectionStates,
+                      ssl_options = #ssl_options{padding_check = Check}} = State) ->
     next_record(State, CipherTexts, ConnectionStates, Check);
-next_record(#state{protocol_buffers = #protocol_buffers{tls_cipher_texts = []},
-                   protocol_specific = #{active_n_toggle := true, active_n := N} = ProtocolSpec,
-                   static_env = #static_env{socket = Socket,
-                                            close_tag = CloseTag,
-                                            transport_cb = Transport}  
-                  } = State) ->
-    case tls_socket:setopts(Transport, Socket, [{active, N}]) of
- 	ok ->
-             {no_record, State#state{protocol_specific = ProtocolSpec#{active_n_toggle => false}}}; 
- 	_ ->
-             self() ! {CloseTag, Socket},
-             {no_record, State}
-     end;
-next_record(State) ->
+
+next_record(connection, #state{protocol_buffers = #protocol_buffers{tls_cipher_texts = []},
+                               protocol_specific = #{active_n_toggle := true}
+                              } = State) ->
+    %% If ssl application user is not reading data wait to activate socket
+    flow_ctrl(State); 
+  
+next_record(_, #state{protocol_buffers = #protocol_buffers{tls_cipher_texts = []},
+                      protocol_specific = #{active_n_toggle := true}
+                     } = State) ->
+    activate_socket(State);
+next_record(_, State) ->
     {no_record, State}.
 
+
+flow_ctrl(#state{user_data_buffer = {_,Size,_},
+                 socket_options = #socket_options{active = false},
+                 bytes_to_read = undefined} = State)  when Size =/= 0 ->
+    {no_record, State};
+flow_ctrl(#state{user_data_buffer = {_,Size,_},
+                 socket_options = #socket_options{active = false},
+                 bytes_to_read = 0} = State)  when Size =/= 0 ->
+    {no_record, State};
+flow_ctrl(#state{user_data_buffer = {_,Size,_}, 
+                 socket_options = #socket_options{active = false},
+                 bytes_to_read = BytesToRead} = State) when (Size >= BytesToRead) andalso
+                                                            (BytesToRead > 0) ->
+    {no_record, State};
+flow_ctrl(State) ->
+    activate_socket(State).
+
+
+activate_socket(#state{protocol_specific = #{active_n_toggle := true, active_n := N} = ProtocolSpec,
+                       static_env = #static_env{socket = Socket,
+                                                close_tag = CloseTag,
+                                                transport_cb = Transport}  
+                      } = State) ->                                                                                                            
+    case tls_socket:setopts(Transport, Socket, [{active, N}]) of
+        ok ->
+            {no_record, State#state{protocol_specific = ProtocolSpec#{active_n_toggle => false}}}; 
+        _ ->
+            self() ! {CloseTag, Socket},
+            {no_record, State}
+    end.
+
 %% Decipher next record and concatenate consecutive ?APPLICATION_DATA records into one
 %%
 next_record(State, CipherTexts, ConnectionStates, Check) ->
@@ -224,31 +253,20 @@ next_record_done(#state{protocol_buffers = Buffers} = State, CipherTexts, Connec
      State#state{protocol_buffers = Buffers#protocol_buffers{tls_cipher_texts = CipherTexts},
                  connection_states = ConnectionStates}}.
 
-
 next_event(StateName, Record, State) ->
     next_event(StateName, Record, State, []).
 %%
 next_event(StateName, no_record, State0, Actions) ->
-    case next_record(State0) of
+    case next_record(StateName, State0) of
  	{no_record, State} ->
             {next_state, StateName, State, Actions};
- 	{#ssl_tls{} = Record, State} ->
- 	    {next_state, StateName, State, [{next_event, internal, {protocol_record, Record}} | Actions]};
-	#alert{} = Alert ->
-            Version = State0#state.connection_env#connection_env.negotiated_version,
-            ssl_connection:handle_own_alert(Alert, Version, StateName, State0)
+        {Record, State} ->
+            next_event(StateName, Record, State, Actions)
     end;
-next_event(StateName, Record, State, Actions) ->
-    case Record of
-	no_record ->
-	    {next_state, StateName, State, Actions};
-	#ssl_tls{} = Record ->
-	    {next_state, StateName, State, [{next_event, internal, {protocol_record, Record}} | Actions]};
-	#alert{} = Alert ->
-            Version = State#state.connection_env#connection_env.negotiated_version,
-            ssl_connection:handle_own_alert(Alert, Version, StateName, State)
-    end.
-
+next_event(StateName,  #ssl_tls{} = Record, State, Actions) ->
+    {next_state, StateName, State, [{next_event, internal, {protocol_record, Record}} | Actions]};
+next_event(StateName,  #alert{} = Alert, State, Actions) ->
+    {next_state, StateName, State, [{next_event, internal, Alert} | Actions]}.
 
 %%% TLS record protocol level application data messages 
 handle_protocol_record(#ssl_tls{type = ?APPLICATION_DATA, fragment = Data}, StateName, 
@@ -1049,7 +1067,7 @@ next_tls_record(Data, StateName,
     case tls_record:get_tls_records(Data, Versions, Buf0, SslOpts) of
 	{Records, Buf1} ->
 	    CT1 = CT0 ++ Records,
-	    next_record(State0#state{protocol_buffers =
+	    next_record(StateName, State0#state{protocol_buffers =
 					 Buffers#protocol_buffers{tls_record_buffer = Buf1,
 								  tls_cipher_texts = CT1}});
 	#alert{} = Alert ->