diff options
| author | Ingela Anderton Andin <[email protected]> | 2013-05-28 09:22:12 +0200 |
|---|---|---|
| committer | Ingela Anderton Andin <[email protected]> | 2013-05-28 09:22:12 +0200 |
| commit | 7f5fa1b06671d31476e0fc0f28b878a6b5059b1b (patch) | |
| tree | eaaecc247d03c90cb46fc3f9f2f2c085f9c653c0 /lib/ssl/test/ssl_test_lib.erl | |
| parent | 58de241d5d8e4b0536389b317ecc6e7a2a570997 (diff) | |
| parent | 6ec1399aa8e6f80d8423acc37027eeda4394e7ad (diff) | |
| download | otp-7f5fa1b06671d31476e0fc0f28b878a6b5059b1b.tar.gz otp-7f5fa1b06671d31476e0fc0f28b878a6b5059b1b.tar.bz2 otp-7f5fa1b06671d31476e0fc0f28b878a6b5059b1b.zip | |
Merge branch 'ia/ssl/public_key/crypto/elliptic_curve/OTP-11009' into maint
* ia/ssl/public_key/crypto/elliptic_curve/OTP-11009: (21 commits)
ssl: Do not advertise EC ciphers if crypto support is insufficient
crypto: Ctify tests and test new API
crypto: Allow integer as srp_private arguments according to docs
ssl: Remove unused `srp_parameters` type spec
crypto, public_key & ssl: Make more functions accept integer keys
snmp: Remove use of deprecated crypto functions
crypto,ssh, netconf, inets: binary_to_integer -> bytes_to_integer
netconf: Remove use of deprecated crypto functions
crypto: Documentation fixes from review
crypto: Change argument order of crypto:next_iv/3
crypto,public_key,ssl: Change return value of crypto:generate_key(ecdh,..)
ssl, public_key, crypto: crypto:algorithms/0 -> crypto:supports/0
ssl, public_key & inets: Remove use of deprecated crypto functions from test code
ssl: Remove use of deprecated crypto functions
public_key: Remove use of deprecated crypto functions
dialyzer: Remove use of deprecated crypto functions
ssh & crypto: Remove use of deprecated crypto functions from ssh
Update primary bootstrap
common_test: Replace use of deprecated crypto functions
beam_lib, compile: Replace use of deprecated crypto functions
...
Diffstat (limited to 'lib/ssl/test/ssl_test_lib.erl')
| -rw-r--r-- | lib/ssl/test/ssl_test_lib.erl | 38 |
1 files changed, 29 insertions, 9 deletions
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl index a8ff5187b6..34c52b10b3 100644 --- a/lib/ssl/test/ssl_test_lib.erl +++ b/lib/ssl/test/ssl_test_lib.erl @@ -285,7 +285,7 @@ user_lookup(psk, _Identity, UserState) -> {ok, UserState}; user_lookup(srp, Username, _UserState) -> Salt = ssl:random_bytes(16), - UserPassHash = crypto:sha([Salt, crypto:sha([Username, <<$:>>, <<"secret">>])]), + UserPassHash = crypto:hash(sha, [Salt, crypto:hash(sha, [Username, <<$:>>, <<"secret">>])]), {ok, {srp_1024, Salt, UserPassHash}}. cert_options(Config) -> @@ -405,7 +405,8 @@ make_dsa_cert(Config) -> | Config]. make_ecdsa_cert(Config) -> - case proplists:get_bool(ec, crypto:algorithms()) of + CryptoSupport = crypto:supports(), + case proplists:get_bool(ecdsa, proplists:get_value(public_keys, CryptoSupport)) of true -> {ServerCaCertFile, ServerCertFile, ServerKeyFile} = make_cert_files("server", Config, ec, ec, ""), {ClientCaCertFile, ClientCertFile, ClientKeyFile} = make_cert_files("client", Config, ec, ec, ""), @@ -429,7 +430,8 @@ make_ecdsa_cert(Config) -> %% This key exchange algorithm is the same as ECDH_ECDSA except that the %% server's certificate MUST be signed with RSA rather than ECDSA. make_ecdh_rsa_cert(Config) -> - case proplists:get_bool(ec, crypto:algorithms()) of + CryptoSupport = crypto:supports(), + case proplists:get_bool(ecdh, proplists:get_value(public_keys, CryptoSupport)) of true -> {ServerCaCertFile, ServerCertFile, ServerKeyFile} = make_cert_files("server", Config, rsa, ec, "rsa_"), {ClientCaCertFile, ClientCertFile, ClientKeyFile} = make_cert_files("client", Config, rsa, ec, "rsa_"), @@ -754,14 +756,20 @@ ecdh_rsa_suites() -> end, ssl:cipher_suites()). -openssl_rsa_suites() -> +openssl_rsa_suites(CounterPart) -> Ciphers = ssl:cipher_suites(openssl), + Names = case is_sane_ecc(CounterPart) of + true -> + "DSS | ECDSA"; + false -> + "DSS | ECDHE | ECDH" + end, lists:filter(fun(Str) -> - case re:run(Str,"DSS|ECDH-RSA|ECDSA",[]) of + case re:run(Str, Names,[]) of nomatch -> - true; + false; _ -> - false + true end end, Ciphers). @@ -939,9 +947,11 @@ init_tls_version(Version) -> ssl:start(). sufficient_crypto_support('tlsv1.2') -> - proplists:get_bool(sha256, crypto:algorithms()); + CryptoSupport = crypto:supports(), + proplists:get_bool(sha256, proplists:get_value(hashs, CryptoSupport)); sufficient_crypto_support(ciphers_ec) -> - proplists:get_bool(ec, crypto:algorithms()); + CryptoSupport = crypto:supports(), + proplists:get_bool(ecdh, proplists:get_value(public_keys, CryptoSupport)); sufficient_crypto_support(_) -> true. @@ -990,6 +1000,16 @@ is_sane_ecc(openssl) -> _ -> true end; +is_sane_ecc(crypto) -> + [{_,_, Bin}] = crypto:info_lib(), + case binary_to_list(Bin) of + "OpenSSL 0.9.8" ++ _ -> % Does not support ECC + false; + "OpenSSL 0.9.7" ++ _ -> % Does not support ECC + false; + _ -> + true + end; is_sane_ecc(_) -> true. |