From bd32f689538de017d6c63105547470029fe89ced Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Wed, 29 Nov 2017 16:03:13 +0100
Subject: ssl: Use maps for cipher suites internally

This is a preparation for improvements to come in option handling and
support for TLS-1.3
---
 lib/ssl/src/ssl_connection.erl | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

(limited to 'lib/ssl/src/ssl_connection.erl')

diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index 3531cdda11..98776dcd59 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -448,7 +448,7 @@ handle_session(#server_hello{cipher_suite = CipherSuite,
 	       #state{session = #session{session_id = OldId},
 		      negotiated_version = ReqVersion,
 		      negotiated_protocol = CurrentProtocol} = State0) ->
-    {KeyAlgorithm, _, _, _} =
+    #{key_exchange := KeyAlgorithm} =
 	ssl_cipher:suite_definition(CipherSuite),
     
     PremasterSecret = make_premaster_secret(ReqVersion, KeyAlgorithm),
@@ -1226,9 +1226,9 @@ connection_info(#state{sni_hostname = SNIHostname,
 		       negotiated_version =  {_,_} = Version, 
 		       ssl_options = Opts}) ->
     RecordCB = record_cb(Connection),
-    CipherSuiteDef = ssl_cipher:erl_suite_definition(CipherSuite),
-    IsNamedCurveSuite = lists:member(element(1,CipherSuiteDef),
-			      [ecdh_ecdsa, ecdhe_ecdsa, ecdh_anon]),
+    CipherSuiteDef = #{key_exchange := KexAlg} = ssl_cipher:suite_definition(CipherSuite),
+    IsNamedCurveSuite = lists:member(KexAlg,
+                                     [ecdh_ecdsa, ecdhe_ecdsa, ecdh_anon]),
     CurveInfo = case ECCCurve of
 		    {namedCurve, Curve} when IsNamedCurveSuite ->
 			[{ecc, {named_curve, pubkey_cert_records:namedCurves(Curve)}}];
@@ -1237,7 +1237,7 @@ connection_info(#state{sni_hostname = SNIHostname,
 		end,
     [{protocol, RecordCB:protocol_version(Version)},
      {session_id, SessionId},
-     {cipher_suite, CipherSuiteDef},
+     {cipher_suite, ssl_cipher:erl_suite_definition(CipherSuiteDef)},
      {sni_hostname, SNIHostname} | CurveInfo] ++ ssl_options_list(Opts).
 
 security_info(#state{connection_states = ConnectionStates}) ->
@@ -1305,7 +1305,7 @@ resumed_server_hello(#state{session = Session,
 
 server_hello(ServerHello, State0, Connection) ->
     CipherSuite = ServerHello#server_hello.cipher_suite,
-    {KeyAlgorithm, _, _, _} = ssl_cipher:suite_definition(CipherSuite),
+    #{key_exchange := KeyAlgorithm}  = ssl_cipher:suite_definition(CipherSuite),
     State = Connection:queue_handshake(ServerHello, State0),
     State#state{key_algorithm = KeyAlgorithm}.
 
@@ -1319,8 +1319,8 @@ handle_peer_cert(Role, PeerCert, PublicKeyInfo,
     State1 = State0#state{session =
 			 Session#session{peer_certificate = PeerCert},
 			 public_key_info = PublicKeyInfo},
-    {KeyAlg,_,_,_} = ssl_cipher:suite_definition(CipherSuite),
-    State2 = handle_peer_cert_key(Role, PeerCert, PublicKeyInfo, KeyAlg, State1),
+    #{key_exchange := KeyAlgorithm} = ssl_cipher:suite_definition(CipherSuite),
+    State2 = handle_peer_cert_key(Role, PeerCert, PublicKeyInfo, KeyAlgorithm, State1),
 
     {Record, State} = Connection:next_record(State2),
     Connection:next_event(certify, Record, State).
-- 
cgit v1.2.3