From fa8b8cd60406ddcb2781f27e291949a8698c2886 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Wed, 4 Sep 2013 12:19:09 +0200
Subject: ssl: Dialyzer fixes

---
 lib/ssl/src/ssl_cipher.erl    | 10 +++++-----
 lib/ssl/src/ssl_cipher.hrl    |  2 +-
 lib/ssl/src/ssl_handshake.erl | 25 ++++++++++++++-----------
 lib/ssl/src/tls_handshake.erl |  4 ++--
 4 files changed, 22 insertions(+), 19 deletions(-)

(limited to 'lib')

diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl
index d958b74e9f..3fe4df99c9 100644
--- a/lib/ssl/src/ssl_cipher.erl
+++ b/lib/ssl/src/ssl_cipher.erl
@@ -1192,15 +1192,15 @@ hash_size(md5) ->
 hash_size(sha) ->
     20;
 %% Uncomment when adding cipher suite that needs it
-hash_size(sha224) ->
-    28;
+%hash_size(sha224) ->
+%    28;
 hash_size(sha256) ->
     32;
 hash_size(sha384) ->
-    48;
+    48.
 %% Uncomment when adding cipher suite that needs it
-hash_size(sha512) ->
-    64.
+%hash_size(sha512) ->
+%    64.
 
 %% RFC 5246: 6.2.3.2.  CBC Block Cipher
 %%
diff --git a/lib/ssl/src/ssl_cipher.hrl b/lib/ssl/src/ssl_cipher.hrl
index c7c71ee1a7..8417564d41 100644
--- a/lib/ssl/src/ssl_cipher.hrl
+++ b/lib/ssl/src/ssl_cipher.hrl
@@ -28,7 +28,7 @@
 
 -type cipher()            :: null |rc4_128 | idea_cbc | des40_cbc | des_cbc | '3des_ede_cbc' 
 			   | aes_128_cbc |  aes_256_cbc.
--type hash()              :: null | sha | md5 | ssh224 | sha256 | sha384 | sha512.
+-type hash()              :: null | sha | md5 | sha224 | sha256 | sha384 | sha512.
 -type erl_cipher_suite()  :: {key_algo(), cipher(), hash()}.
 -type int_cipher_suite()  :: {key_algo(), cipher(), hash(), hash() | default_prf}.
 -type cipher_suite()      :: binary().
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index bef42d9071..189e5e7051 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -229,15 +229,15 @@ key_exchange(client, _Version, {psk_premaster_secret, PskIdentity, Secret, {_, P
     EncPremasterSecret =
 	encrypted_premaster_secret(Secret, PublicKey),
     #client_key_exchange{
-		exchange_keys = #client_rsa_psk_identity{
-				   identity = PskIdentity,
-		  exchange_keys = EncPremasterSecret}};
+       exchange_keys = #client_rsa_psk_identity{
+			  identity = PskIdentity,
+			  exchange_keys = EncPremasterSecret}};
 
 key_exchange(client, _Version, {srp, PublicKey}) ->
     #client_key_exchange{
-	      exchange_keys = #client_srp_public{
-		srp_a = PublicKey}
-	       };
+       exchange_keys = #client_srp_public{
+			  srp_a = PublicKey}
+      };
 
 key_exchange(server, Version, {dh, {PublicKey, _},
 			       #'DHParameter'{prime = P, base = G},
@@ -441,7 +441,7 @@ prf({3,1}, Secret, Label, Seed, WantedLength) ->
 prf({3,_N}, Secret, Label, Seed, WantedLength) ->
     {ok, tls_v1:prf(?SHA256, Secret, Label, Seed, WantedLength)}.
 %%--------------------------------------------------------------------
--spec select_hashsign(#hash_sign_algos{}| undefined,  undefined | term()) ->
+-spec select_hashsign(#hash_sign_algos{}| undefined,  undefined | binary()) ->
 			      [{atom(), atom()}] | undefined.
 
 %%
@@ -472,11 +472,14 @@ select_hashsign(#hash_sign_algos{hash_sign_algos = HashSigns}, Cert) ->
 	    HashSign
     end.
 %%--------------------------------------------------------------------
--spec select_cert_hashsign(#hash_sign_algos{}| undefined, oid(), tls_version()) ->
-				  [{atom(), atom()}].
+-spec select_cert_hashsign(#hash_sign_algos{}| undefined, oid(), tls_version() | {undefined, undefined}) ->
+				  {atom(), atom()}.
 
 %%
-%% Description:
+%% Description: For TLS 1.2 selected cert_hash_sign will be recived
+%% in the handshake message, for previous versions use appropriate defaults.
+%% This function is also used by select_hashsign to extract
+%% the alogrithm of the server cert key.
 %%--------------------------------------------------------------------
 select_cert_hashsign(HashSign, _, {Major, Minor}) when HashSign =/= undefined andalso Major >= 3 andalso Minor >= 3 ->
     HashSign;
@@ -765,7 +768,7 @@ decode_handshake(_, _, _) ->
     throw(?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE)).
 
 %%--------------------------------------------------------------------
--spec decode_hello_extensions(binary()) -> #hello_extensions{}.
+-spec decode_hello_extensions({client, binary()} | binary()) -> #hello_extensions{}.
 %%
 %% Description: Decodes TLS hello extensions
 %%--------------------------------------------------------------------
diff --git a/lib/ssl/src/tls_handshake.erl b/lib/ssl/src/tls_handshake.erl
index fef1464c64..0f1d544821 100644
--- a/lib/ssl/src/tls_handshake.erl
+++ b/lib/ssl/src/tls_handshake.erl
@@ -91,7 +91,7 @@ server_hello(SessionId, Version, ConnectionStates, Extensions) ->
 %%--------------------------------------------------------------------
 -spec hello(#server_hello{} | #client_hello{}, #ssl_options{},
 	    #connection_states{} | {inet:port_number(), #session{}, db_handle(),
-				    atom(), #connection_states{}, binary()},
+				    atom(), #connection_states{}, binary() | undefined},
 	    boolean()) ->
 			  {tls_version(), session_id(), #connection_states{}, binary() | undefined}|
 			  {tls_version(), {resumed | new, #session{}}, #connection_states{},
@@ -264,7 +264,7 @@ enc_handshake(#client_hello{client_version = {Major, Minor},
     ExtensionsBin = ssl_handshake:encode_hello_extensions(HelloExtensions),
 
     {?CLIENT_HELLO, <<?BYTE(Major), ?BYTE(Minor), Random:32/binary,
-		     ?BYTE(SIDLength), SessionID/binary,
+		      ?BYTE(SIDLength), SessionID/binary,
 		      ?UINT16(CsLength), BinCipherSuites/binary,
 		      ?BYTE(CmLength), BinCompMethods/binary, ExtensionsBin/binary>>};
 
-- 
cgit v1.2.3