ssl: Avoid unnecessary duplicates

[IngelaAndin]

No description provided.

[github-actions]

CT Test Results

  1 files   11 suites   4m 4s ⏱️
 93 tests  91 ✅ 2 💤 0 ❌
109 runs  107 ✅ 2 💤 0 ❌

Results for commit 05bced8.

♻️ This comment has been updated with latest results.

To speed up review, make sure that you have read Contributing to Erlang/OTP and that all checks pass.

See the TESTING and DEVELOPMENT HowTo guides for details about how to run test locally.

Artifacts

• Complete CT logs (Download Logs)
• HTML Documentation (Download HTML Docs)
• Windows Installer

// Erlang/OTP Github Action Bot

[williamthome]

Not tested, but in my mind produces the same result and avoids the use of lists:reverse/1:

signature_schemes_1_2(SigAlgs) ->
    Schemes = lists:filtermap(fun
        (Alg) when is_atom(Alg) ->
            case scheme_to_components(Alg) of
                {Hash, Sign = rsa_pss_pss, _} ->
                    {true, {Hash, Sign}};
                {Hash, Sign = rsa_pss_rsae, _} ->
                    {true, {Hash, Sign}};
                %% TLS-1.2 do not constraint the
                %% curve, however must be one
                %% present in "supported groups" (eccs)
                {Hash, ecdsa = Sign, _} ->
                    {true, {Hash, Sign}};
                {Hash, Sign, undefined} ->
                    {true, {Hash, format_sign(Sign)}};
                {_, _, _} ->
                    false
            end;
        (_Alg) ->
            true
    end, SigAlgs),
    %% Make sure that if ECDSA TLS-1.2 names are specified do not duplicate them
    %% earlier in list by allowing TLS-1.3 schemes to be interpreted as TLS-1.2 algs
    %% unless the ECDSA TLS-1.2 representation is missing and we want to work around it.
    lists:uniq(Schemes).

[IngelaAndin]

Not tested, but in my mind produces the same result and avoids the use of lists:reverse/1:

signature_schemes_1_2(SigAlgs) ->
    Schemes = lists:filtermap(fun
        (Alg) when is_atom(Alg) ->
            case scheme_to_components(Alg) of
                {Hash, Sign = rsa_pss_pss, _} ->
                    {true, {Hash, Sign}};
                {Hash, Sign = rsa_pss_rsae, _} ->
                    {true, {Hash, Sign}};
                %% TLS-1.2 do not constraint the
                %% curve, however must be one
                %% present in "supported groups" (eccs)
                {Hash, ecdsa = Sign, _} ->
                    {true, {Hash, Sign}};
                {Hash, Sign, undefined} ->
                    {true, {Hash, format_sign(Sign)}};
                {_, _, _} ->
                    false
            end;
        (_Alg) ->
            true
    end, SigAlgs),
    %% Make sure that if ECDSA TLS-1.2 names are specified do not duplicate them
    %% earlier in list by allowing TLS-1.3 schemes to be interpreted as TLS-1.2 algs
    %% unless the ECDSA TLS-1.2 representation is missing and we want to work around it.
    lists:uniq(Schemes).

This solution will not preserver the the order of the initial configuration if the TLS-1.2 version names are configured by the user, which I think it should. The workaround will perhaps make these algorithms more preferred with the tradeoff that interoperability is better. But if the user configures something explicitly I think we should adhere to that. These lists are fairly small so I do not think the extra reverse is a big deal in the bigger picture.