ssl, public_key: Dialyzer fixes

9 files changed, 73 insertions, 59 deletions

diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index a4b6b8ad15..ceecbcc7f2 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -333,7 +333,7 @@ encrypt_private(PlainText,
     crypto:private_encrypt(rsa, PlainText, format_rsa_private_key(Key), Padding).
 
 %%--------------------------------------------------------------------
--spec generate_key(#'DHParameter'{} | {namedCurve, Name ::atom()} |
+-spec generate_key(#'DHParameter'{} | {namedCurve, Name ::oid()} |
 		   #'ECParameters'{}) -> {Public::binary(), Private::binary()} |
 					    #'ECPrivateKey'{}.
 %% Description: Generates a new keypair
diff --git a/lib/ssl/src/dtls_handshake.erl b/lib/ssl/src/dtls_handshake.erl
index 6a54c5a305..ec7f21bd35 100644
--- a/lib/ssl/src/dtls_handshake.erl
+++ b/lib/ssl/src/dtls_handshake.erl
@@ -110,7 +110,7 @@ encode_handshake(Package, Version, MsgSeq, Mss) ->
 
 %--------------------------------------------------------------------
 -spec get_dtls_handshake(#ssl_tls{}, #dtls_hs_state{} | binary()) ->
-     {[dtls_handshake()], #ssl_tls{}}.
+     {[dtls_handshake()], #dtls_hs_state{}} | {retransmit, #dtls_hs_state{}}.
 %
 % Description: Given a DTLS state and new data from ssl_record, collects
 % and returns it as a list of handshake messages, also returns a new
@@ -190,7 +190,6 @@ get_dtls_handshake_aux(Version, SeqNo,
 
 get_dtls_handshake_aux(_Version, _SeqNo, <<>>, HsState) ->
     {lists:reverse(HsState#dtls_hs_state.completed),
-     HsState#dtls_hs_state.highest_record_seq,
      HsState#dtls_hs_state{completed = []}}.
 
 dec_dtls_fragment(Version, SeqNo, Type, Length, MessageSeq, MsgBody,
diff --git a/lib/ssl/src/dtls_record.erl b/lib/ssl/src/dtls_record.erl
index 7959c4d860..b0a7976864 100644
--- a/lib/ssl/src/dtls_record.erl
+++ b/lib/ssl/src/dtls_record.erl
@@ -296,7 +296,8 @@ connection_state_by_epoch(#connection_states{pending_write = CS}, Epoch, write)
     CS.
 %%--------------------------------------------------------------------
 -spec set_connection_state_by_epoch(#connection_states{},
-				    #connection_state{}, read | write) -> ok.
+				    #connection_state{}, read | write)
+				   -> #connection_states{}.
 %%
 %% Description: Returns the instance of the connection_state record
 %% that is defined by the Epoch.
@@ -337,7 +338,8 @@ calc_mac_hash(#connection_state{mac_secret = MacSecret,
 				security_parameters = #security_parameters{mac_algorithm = MacAlg}},
 	      Type, Version, Epoch, SeqNo, Fragment) ->
     Length = erlang:iolist_size(Fragment),
-    mac_hash(Version, MacAlg, MacSecret, (Epoch bsl 48) + SeqNo, Type,
+    NewSeq = (Epoch bsl 48) + SeqNo,
+    mac_hash(Version, MacAlg, MacSecret, NewSeq, Type,
 	     Length, Fragment).
 
 mac_hash(Version, MacAlg, MacSecret, SeqNo, Type, Length, Fragment) ->
diff --git a/lib/ssl/src/dtls_v1.erl b/lib/ssl/src/dtls_v1.erl
index c12e12e424..6e41641483 100644
--- a/lib/ssl/src/dtls_v1.erl
+++ b/lib/ssl/src/dtls_v1.erl
@@ -28,7 +28,7 @@ suites(Minor) ->
    tls_v1:suites(corresponding_minor_tls_version(Minor)).
 
 mac_hash(Version, MacAlg, MacSecret, SeqNo, Type, Length, Fragment) ->
-    tls_v1:mac_hash(MacAlg, MacSecret, SeqNo, Type, Version,
+    tls_v1:mac_hash(MacAlg, MacSecret, SeqNo, Type, corresponding_tls_version(Version),
 		    Length, Fragment).
 
 ecc_curves({_Major, Minor}) ->
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index 7e43af08e5..2f5890ed31 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -917,13 +917,15 @@ calculate_secret(#server_dh_params{dh_p = Prime, dh_g = Base, dh_y = ServerPubli
     Keys = {_, PrivateDhKey} = crypto:generate_key(dh, [Prime, Base]),
     PremasterSecret =
 	ssl_handshake:premaster_secret(ServerPublicDhKey, PrivateDhKey, Params),
-    calculate_master_secret(PremasterSecret, State#state{diffie_hellman_keys = Keys}, Connection, certify, certify);
+    calculate_master_secret(PremasterSecret,
+			    State#state{diffie_hellman_keys = Keys}, Connection, certify, certify);
 
 calculate_secret(#server_ecdh_params{curve = ECCurve, public = ECServerPubKey},
 		     State, Connection) ->
     ECDHKeys = public_key:generate_key(ECCurve),
     PremasterSecret = ssl_handshake:premaster_secret(#'ECPoint'{point = ECServerPubKey}, ECDHKeys),
-    calculate_master_secret(PremasterSecret, State#state{diffie_hellman_keys = ECDHKeys}, Connection, certify, certify);
+    calculate_master_secret(PremasterSecret,
+			    State#state{diffie_hellman_keys = ECDHKeys}, Connection, certify, certify);
 
 calculate_secret(#server_psk_params{
 			hint = IdentityHint},
diff --git a/lib/ssl/src/ssl_connection.hrl b/lib/ssl/src/ssl_connection.hrl
index 92134dfeb3..a444f2ae03 100644
--- a/lib/ssl/src/ssl_connection.hrl
+++ b/lib/ssl/src/ssl_connection.hrl
@@ -26,50 +26,56 @@
 -ifndef(ssl_connection).
 -define(ssl_connection, true).
 
+-include("ssl_internal.hrl").
+-include("ssl_record.hrl").
+-include("ssl_handshake.hrl").
+-include("ssl_srp.hrl").
+-include_lib("public_key/include/public_key.hrl").
+
 -record(state, {
-          role                :: client | server,
-	  user_application    :: {Monitor::reference(), User::pid()},
-          transport_cb        :: atom(),   % callback module
-          data_tag            :: atom(),   % ex tcp.
-	  close_tag           :: atom(),   % ex tcp_closed
-	  error_tag           :: atom(),   % ex tcp_error
-          host,               % string() | ipadress()
-          port                :: integer(),
-          socket,             % socket()
-          ssl_options,        % #ssl_options{}
-          socket_options,     % #socket_options{}
-          connection_states,  % #connection_states{} from ssl_record.hrl
-	  protocol_buffers,
-          tls_handshake_history, % tls_handshake_history()
-	  cert_db,              %
-          session,              % #session{} from tls_handshake.hrl
-	  session_cache,        %
-	  session_cache_cb,     %
-          negotiated_version,   % tls_version()
-          client_certificate_requested = false,
-	  key_algorithm,       % atom as defined by cipher_suite
+          role                  :: client | server,
+	  user_application      :: {Monitor::reference(), User::pid()},
+          transport_cb          :: atom(),   % callback module
+          data_tag              :: atom(),   % ex tcp.
+	  close_tag             :: atom(),   % ex tcp_closed
+	  error_tag             :: atom(),   % ex tcp_error
+          host                  :: string() | inet:ipaddress(),
+          port                  :: integer(),
+          socket                :: port(),
+          ssl_options           :: #ssl_options{},
+          socket_options        :: #socket_options{},
+          connection_states     :: #connection_states{},
+	  protocol_buffers      :: term(), %% #protocol_buffers{} from tls_record.hrl or dtls_recor.hrl
+          tls_handshake_history ::tls_handshake_history(),
+	  cert_db               :: reference(),
+          session               :: #session{},
+	  session_cache         :: db_handle(),
+	  session_cache_cb      :: atom(),
+          negotiated_version    :: tls_version(),
+          client_certificate_requested = false :: boolean(),
+	  key_algorithm         :: key_algo(),
 	  hashsign_algorithm = {undefined, undefined},
 	  cert_hashsign_algorithm,
-          public_key_info,     % PKIX: {Algorithm, PublicKey, PublicKeyParams}
-          private_key,         % PKIX: #'RSAPrivateKey'{}
+          public_key_info      ::public_key_info(),
+          private_key          ::public_key:private_key(),
 	  diffie_hellman_params, % PKIX: #'DHParameter'{} relevant for server side
 	  diffie_hellman_keys, % {PublicKey, PrivateKey}
-	  psk_identity,        % binary() - server psk identity hint
-	  srp_params,          % #srp_user{}
-	  srp_keys,            % {PublicKey, PrivateKey}
-          premaster_secret,    %
-	  file_ref_db,         % ets()
-          cert_db_ref,         % ref()
-          bytes_to_read,       % integer(), # bytes to read in passive mode
-          user_data_buffer,    % binary()
-	  renegotiation,       % {boolean(), From | internal | peer}
-	  start_or_recv_from,  % "gen_fsm From"
-	  timer,               % start_or_recv_timer
-	  send_queue,          % queue()
-	  terminated = false ::boolean(),
-	  allow_renegotiate = true ::boolean(),
-          expecting_next_protocol_negotiation = false :: boolean(),
-          next_protocol = undefined :: undefined | binary(),
+	  psk_identity         :: binary(), % server psk identity hint
+	  srp_params           :: #srp_user{},
+	  srp_keys             ::{PublicKey :: binary(), PrivateKey :: binary()},
+          premaster_secret     :: binary(),
+	  file_ref_db          :: db_handle(),
+          cert_db_ref          :: certdb_ref(),
+          bytes_to_read        :: undefined | integer(), %% bytes to read in passive mode
+          user_data_buffer     :: undefined | binary(),
+	  renegotiation        :: undefined | {boolean(), From::term() | internal | peer},
+	  start_or_recv_from   :: term(),
+	  timer                :: undefined | reference(), % start_or_recive_timer
+	  send_queue           :: queue(),
+	  terminated = false                          ::boolean(),
+	  allow_renegotiate = true                    ::boolean(),
+          expecting_next_protocol_negotiation = false ::boolean(),
+          next_protocol = undefined                   :: undefined | binary(),
 	  client_ecc          % {Curves, PointFmt}
 	 }).
 
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index d4dd886aab..bf091b4600 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -1045,13 +1045,12 @@ select_session(SuggestedSessionId, CipherSuites, Compressions, Port, #session{ec
 	    {resumed, Resumed}
     end.
 
-supported_ecc(Version) ->
-    case tls_v1:ecc_curves(Version) of
-	[] ->
-	    undefined;
-	Curves ->
-	    #elliptic_curves{elliptic_curve_list = Curves}
-    end.
+supported_ecc({Major, Minor} = Version) when ((Major == 3) and (Minor >= 1)) orelse (Major > 3) ->
+    Curves = tls_v1:ecc_curves(Version),
+    #elliptic_curves{elliptic_curve_list = Curves};
+supported_ecc(_) ->
+    undefined.
+
 %%-------------certificate handling --------------------------------
 
 certificate_types({KeyExchange, _, _, _})
diff --git a/lib/ssl/src/ssl_srp.hrl b/lib/ssl/src/ssl_srp.hrl
index ab2be33ab2..af56a91194 100644
--- a/lib/ssl/src/ssl_srp.hrl
+++ b/lib/ssl/src/ssl_srp.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2012. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2013. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -23,9 +23,14 @@
 %% see RFC 5054
 %%----------------------------------------------------------------------
 
+-ifndef(ssl_srp).
+-define(ssl_srp, true).
+
 -record(srp_user, {
 	  generator :: binary(),
 	  prime     :: binary(),
 	  salt      :: binary(),
 	  verifier  :: binary()
 	 }).
+
+-endif. % -ifdef(ssl_srp).
diff --git a/lib/ssl/src/tls_connection.hrl b/lib/ssl/src/tls_connection.hrl
index f802f2afa9..2beecbb84d 100644
--- a/lib/ssl/src/tls_connection.hrl
+++ b/lib/ssl/src/tls_connection.hrl
@@ -26,12 +26,13 @@
 -define(tls_connection, true).
 
 -include("ssl_connection.hrl").
+-include("tls_record.hrl").
 
 -record(protocol_buffers, {
-	  tls_packets = []            :: [binary()],  % Not yet handled decode SSL/TLS packets.
-          tls_record_buffer = <<>>    :: binary(),  % Buffer of incomplete records
-          tls_handshake_buffer = <<>> :: binary(),  % Buffer of incomplete handshakes
-	  tls_cipher_texts = []       :: [binary()]
+	  tls_packets = [], %%           :: [#ssl_tls{}],  % Not yet handled decode SSL/TLS packets.
+          tls_record_buffer = <<>>, %%    :: binary(),  % Buffer of incomplete records
+          tls_handshake_buffer = <<>>, %% :: binary(),  % Buffer of incomplete handshakes
+	  tls_cipher_texts = []       %%:: [binary()]
 	 }).
 
 -endif. % -ifdef(tls_connection).