From bd32f689538de017d6c63105547470029fe89ced Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Wed, 29 Nov 2017 16:03:13 +0100
Subject: ssl: Use maps for cipher suites internally

This is a preparation for improvements to come in option handling and
support for TLS-1.3
---
 lib/ssl/src/ssl.erl | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

(limited to 'lib/ssl/src/ssl.erl')

diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
index 4007e44a83..38f20f8bc5 100644
--- a/lib/ssl/src/ssl.erl
+++ b/lib/ssl/src/ssl.erl
@@ -374,13 +374,12 @@ negotiated_protocol(#sslsocket{pid = Pid}) ->
     ssl_connection:negotiated_protocol(Pid).
 
 %%--------------------------------------------------------------------
--spec cipher_suites() -> [ssl_cipher:erl_cipher_suite()] | [string()].
+-spec cipher_suites() -> [ssl_cipher:old_erl_cipher_suite()] | [string()].
 %%--------------------------------------------------------------------
 cipher_suites() ->
     cipher_suites(erlang).
 %%--------------------------------------------------------------------
--spec cipher_suites(erlang | openssl | all) -> [ssl_cipher:erl_cipher_suite()] |
-					       [string()].
+-spec cipher_suites(erlang | openssl | all) -> [ssl_cipher:old_erl_cipher_suite() | string()].
 %% Description: Returns all supported cipher suites.
 %%--------------------------------------------------------------------
 cipher_suites(erlang) ->
@@ -1149,9 +1148,8 @@ binary_cipher_suites(Version, []) ->
     %% not require explicit configuration
     ssl_cipher:filter_suites(ssl_cipher:suites(tls_version(Version)));
 binary_cipher_suites(Version, [Tuple|_] = Ciphers0) when is_tuple(Tuple) ->
-    Ciphers = [ssl_cipher:suite(C) || C <- Ciphers0],
+    Ciphers = [ssl_cipher:suite(tuple_to_map(C)) || C <- Ciphers0],
     binary_cipher_suites(Version, Ciphers);
-
 binary_cipher_suites(Version, [Cipher0 | _] = Ciphers0) when is_binary(Cipher0) ->
     All = ssl_cipher:all_suites(tls_version(Version)),
     case [Cipher || Cipher <- Ciphers0, lists:member(Cipher, All)] of
@@ -1171,6 +1169,17 @@ binary_cipher_suites(Version, Ciphers0)  ->
     Ciphers = [ssl_cipher:openssl_suite(C) || C <- string:lexemes(Ciphers0, ":")],
     binary_cipher_suites(Version, Ciphers).
 
+tuple_to_map({Kex, Cipher, Mac}) ->
+    #{key_exchange => Kex,
+      cipher => Cipher,
+      mac => Mac,
+      prf => default_prf};
+tuple_to_map({Kex, Cipher, Mac, Prf}) ->
+    #{key_exchange => Kex,
+      cipher => Cipher,
+      mac => Mac,
+      prf => Prf}.
+
 handle_eccs_option(Value, Version) when is_list(Value) ->
     {_Major, Minor} = tls_version(Version),
     try tls_v1:ecc_curves(Minor, Value) of
-- 
cgit v1.2.3