1 files changed, 29 insertions, 63 deletions
diff --git a/lib/ssl/src/ssl_record.erl b/lib/ssl/src/ssl_record.erl
index b10069c3cb..dd6a3e8521 100644
--- a/lib/ssl/src/ssl_record.erl
+++ b/lib/ssl/src/ssl_record.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2013-2016. All Rights Reserved.
+%% Copyright Ericsson AB 2013-2017. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
@@ -31,7 +31,7 @@
 
 %% Connection state handling
 -export([initial_security_params/1, current_connection_state/2, pending_connection_state/2,
-	 activate_pending_connection_state/2,
+	 activate_pending_connection_state/3,
 	 set_security_params/3,
          set_mac_secret/4,
 	 set_master_secret/2,
@@ -45,11 +45,7 @@
 -export([compress/3, uncompress/3, compressions/0]).
 
 %% Payload encryption/decryption
--export([cipher/4, decipher/4, is_correct_mac/2,
-	 cipher_aead/4, decipher_aead/4]).
-
-%% Encoding
--export([encode_plain_text/4]).
+-export([cipher/4, decipher/4, cipher_aead/4, is_correct_mac/2]).
 
 -export_type([ssl_version/0, ssl_atom_version/0, connection_states/0, connection_state/0]).
 
@@ -57,17 +53,17 @@
 -type ssl_atom_version() :: tls_record:tls_atom_version().
 -type connection_states() :: term(). %% Map
 -type connection_state() :: term(). %% Map
+
 %%====================================================================
-%% Internal application API
+%% Connection state handling
 %%====================================================================
 
-
 %%--------------------------------------------------------------------
 -spec current_connection_state(connection_states(), read | write) ->
 				      connection_state().
 %%
 %% Description: Returns the instance of the connection_state map
-%% that is currently defined as the current conection state.
+%% that is currently defined as the current connection state.
 %%--------------------------------------------------------------------
 current_connection_state(ConnectionStates, read) ->
     maps:get(current_read, ConnectionStates);
@@ -79,7 +75,7 @@ current_connection_state(ConnectionStates, write) ->
 				      connection_state().
 %%
 %% Description: Returns the instance of the connection_state map
-%% that is pendingly defined as the pending conection state.
+%% that is pendingly defined as the pending connection state.
 %%--------------------------------------------------------------------
 pending_connection_state(ConnectionStates, read) ->
     maps:get(pending_read, ConnectionStates);
@@ -87,7 +83,7 @@ pending_connection_state(ConnectionStates, write) ->
     maps:get(pending_write, ConnectionStates).
 
 %%--------------------------------------------------------------------
--spec activate_pending_connection_state(connection_states(), read | write) ->
+-spec activate_pending_connection_state(connection_states(), read | write, tls_connection | dtls_connection) ->
 					       connection_states().
 %%
 %% Description: Creates a new instance of the connection_states record
@@ -95,13 +91,13 @@ pending_connection_state(ConnectionStates, write) ->
 %%--------------------------------------------------------------------
 activate_pending_connection_state(#{current_read := Current,
 				    pending_read := Pending} = States,
-                                  read) ->
+                                  read, Connection) ->
     #{secure_renegotiation := SecureRenegotation} = Current,
     #{beast_mitigation := BeastMitigation,
       security_parameters := SecParams} = Pending,
     NewCurrent = Pending#{sequence_number => 0},
     ConnectionEnd = SecParams#security_parameters.connection_end,
-    EmptyPending = empty_connection_state(ConnectionEnd, BeastMitigation),
+    EmptyPending = Connection:empty_connection_state(ConnectionEnd, BeastMitigation),
     NewPending = EmptyPending#{secure_renegotiation => SecureRenegotation},
     States#{current_read => NewCurrent,
 	    pending_read => NewPending
@@ -109,13 +105,13 @@ activate_pending_connection_state(#{current_read := Current,
 
 activate_pending_connection_state(#{current_write := Current,
 				    pending_write := Pending} = States,
-                                  write) ->
+                                  write, Connection) ->
     NewCurrent = Pending#{sequence_number => 0},
     #{secure_renegotiation := SecureRenegotation} = Current,
     #{beast_mitigation := BeastMitigation,
       security_parameters := SecParams} = Pending,
     ConnectionEnd = SecParams#security_parameters.connection_end,
-    EmptyPending = empty_connection_state(ConnectionEnd, BeastMitigation),
+    EmptyPending = Connection:empty_connection_state(ConnectionEnd, BeastMitigation),
     NewPending = EmptyPending#{secure_renegotiation => SecureRenegotation},
     States#{current_write => NewCurrent,
 	    pending_write => NewPending
@@ -271,26 +267,9 @@ set_pending_cipher_state(#{pending_read := Read,
       pending_read => Read#{cipher_state => ServerState},
       pending_write => Write#{cipher_state => ClientState}}.
 
-encode_plain_text(Type, Version, Data, #{compression_state := CompS0,
-					 security_parameters :=
-					     #security_parameters{
-						cipher_type = ?AEAD,
-						compression_algorithm = CompAlg}
-					} = WriteState0) ->
-    {Comp, CompS1} = ssl_record:compress(CompAlg, Data, CompS0),
-    WriteState1 = WriteState0#{compression_state => CompS1},
-    AAD = ssl_cipher:calc_aad(Type, Version, WriteState1),
-    ssl_record:cipher_aead(Version, Comp, WriteState1, AAD);
-encode_plain_text(Type, Version, Data, #{compression_state := CompS0,
-					 security_parameters :=
-					     #security_parameters{compression_algorithm = CompAlg}
-					}= WriteState0) ->
-    {Comp, CompS1} = ssl_record:compress(CompAlg, Data, CompS0),
-    WriteState1 = WriteState0#{compression_state => CompS1},
-    MacHash = ssl_cipher:calc_mac_hash(Type, Version, Comp, WriteState1),
-    ssl_record:cipher(Version, Comp, WriteState1, MacHash);
-encode_plain_text(_,_,_,CS) ->
-    exit({cs, CS}).
+%%====================================================================
+%% Compression
+%%====================================================================
 
 uncompress(?NULL, Data, CS) ->
     {Data, CS}.
@@ -306,6 +285,11 @@ compress(?NULL, Data, CS) ->
 compressions() ->
     [?byte(?NULL)].
 
+
+%%====================================================================
+%% Payload encryption/decryption
+%%====================================================================
+
 %%--------------------------------------------------------------------
 -spec cipher(ssl_version(), iodata(), connection_state(), MacHash::binary()) ->
 		    {CipherFragment::binary(), connection_state()}.
@@ -322,12 +306,12 @@ cipher(Version, Fragment,
     {CipherFragment, CipherS1} =
 	ssl_cipher:cipher(BulkCipherAlgo, CipherS0, MacHash, Fragment, Version),
     {CipherFragment,  WriteState0#{cipher_state => CipherS1}}.
-%%--------------------------------------------------------------------
--spec cipher_aead(ssl_version(), iodata(), connection_state(), MacHash::binary()) ->
-			 {CipherFragment::binary(), connection_state()}.
-%%
-%% Description: Payload encryption
-%%--------------------------------------------------------------------
+%% %%--------------------------------------------------------------------
+%% -spec cipher_aead(ssl_version(), iodata(), connection_state(), MacHash::binary()) ->
+%% 			 {CipherFragment::binary(), connection_state()}.
+%% %%
+%% %% Description: Payload encryption
+%% %%--------------------------------------------------------------------
 cipher_aead(Version, Fragment,
 	    #{cipher_state := CipherS0,
 	      sequence_number := SeqNo,
@@ -341,7 +325,8 @@ cipher_aead(Version, Fragment,
     {CipherFragment,  WriteState0#{cipher_state => CipherS1}}.
 
 %%--------------------------------------------------------------------
--spec decipher(ssl_version(), binary(), connection_state(), boolean()) -> {binary(), binary(), connection_state} | #alert{}.
+-spec decipher(ssl_version(), binary(), connection_state(), boolean()) ->
+                      {binary(), binary(), connection_state} | #alert{}.
 %%
 %% Description: Payload decryption
 %%--------------------------------------------------------------------
@@ -359,26 +344,7 @@ decipher(Version, CipherFragment,
 	#alert{} = Alert ->
 	    Alert
     end.
-%%--------------------------------------------------------------------
--spec decipher_aead(ssl_version(), binary(), connection_state(), binary()) -> 
-			   {binary(), binary(), connection_state()} | #alert{}.
-%%
-%% Description: Payload decryption
-%%--------------------------------------------------------------------
-decipher_aead(Version, CipherFragment,
-	      #{sequence_number := SeqNo,
-		security_parameters :=
-		    #security_parameters{bulk_cipher_algorithm =
-					     BulkCipherAlgo},
-		cipher_state := CipherS0
-	       } = ReadState, AAD) ->
-    case ssl_cipher:decipher_aead(BulkCipherAlgo, CipherS0, SeqNo, AAD, CipherFragment, Version) of
-	{PlainFragment, CipherS1} ->
-	    CS1 = ReadState#{cipher_state => CipherS1},
-	    {PlainFragment, CS1};
-	#alert{} = Alert ->
-	    Alert
-    end.
+
 %%--------------------------------------------------------------------
 %%% Internal functions
 %%--------------------------------------------------------------------