Merge branch 'ia/ssl/public_key/crypto/elliptic_curve/OTP-11009' into maint

* ia/ssl/public_key/crypto/elliptic_curve/OTP-11009: (21 commits)
  ssl: Do not advertise EC ciphers if crypto support is insufficient
  crypto: Ctify tests and test new API
  crypto: Allow integer as srp_private arguments according to docs
  ssl: Remove unused `srp_parameters` type spec
  crypto, public_key & ssl: Make more functions accept integer keys
  snmp: Remove use of deprecated crypto functions
  crypto,ssh, netconf, inets: binary_to_integer -> bytes_to_integer
  netconf: Remove use of deprecated crypto functions
  crypto: Documentation fixes from review
  crypto: Change argument order of crypto:next_iv/3
  crypto,public_key,ssl: Change return value of crypto:generate_key(ecdh,..)
  ssl, public_key, crypto: crypto:algorithms/0 -> crypto:supports/0
  ssl, public_key & inets: Remove use of deprecated crypto functions from test code
  ssl: Remove use of deprecated crypto functions
  public_key: Remove use of deprecated crypto functions
  dialyzer: Remove use of deprecated crypto functions
  ssh & crypto: Remove use of deprecated crypto functions from ssh
  Update primary bootstrap
  common_test: Replace use of deprecated crypto functions
  beam_lib, compile: Replace use of deprecated crypto functions
  ...

4 files changed, 59 insertions, 39 deletions

diff --git a/lib/ssl/test/erl_make_certs.erl b/lib/ssl/test/erl_make_certs.erl
index 723ccf4496..22dc951ac1 100644
--- a/lib/ssl/test/erl_make_certs.erl
+++ b/lib/ssl/test/erl_make_certs.erl
@@ -391,35 +391,32 @@ gen_dsa2(LSize, NSize) ->
 	error -> 
 	    gen_dsa2(LSize, NSize);
 	P ->	    
-	    G = crypto:mod_exp(2, (P-1) div Q, P), % Choose G a number whose multiplicative order modulo p is q.
+	    G = crypto:mod_pow(2, (P-1) div Q, P), % Choose G a number whose multiplicative order modulo p is q.
 	    %%                 such that This may be done by setting g = h^(p-1)/q mod p, commonly h=2 is used.
 	    
 	    X = prime(20),               %% Choose x by some random method, where 0 < x < q.
-	    Y = crypto:mod_exp(G, X, P), %% Calculate y = g^x mod p.
+	    Y = crypto:mod_pow(G, X, P), %% Calculate y = g^x mod p.
 	    
-	    #'DSAPrivateKey'{version=0, p=P, q=Q, g=G, y=Y, x=X}
+	    #'DSAPrivateKey'{version=0, p = P, q = Q, 
+			     g = crypto:bytes_to_integer(G), y = crypto:bytes_to_integer(Y), x = X}
     end.
     
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% EC key generation  (OBS: for testing only)
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
-int2list(I) ->
-    L = (length(integer_to_list(I, 16)) + 1) div 2,
-    binary_to_list(<<I:(L*8)>>).
-
 gen_ec2(CurveId) ->
-     {PrivKey, PubKey} = crypto:generate_key(ecdh, CurveId),
+     {PubKey, PrivKey} = crypto:generate_key(ecdh, CurveId),
 
     #'ECPrivateKey'{version = 1,
-		    privateKey = int2list(PrivKey),
+		    privateKey = binary_to_list(PrivKey),
 		    parameters = {namedCurve, pubkey_cert_records:namedCurves(CurveId)},
 		    publicKey = {0, PubKey}}.
 
 %% See fips_186-3.pdf
 dsa_search(T, P0, Q, Iter) when Iter > 0 ->
     P = 2*T*Q*P0 + 1,
-    case is_prime(crypto:mpint(P), 50) of
+    case is_prime(P, 50) of
 	true -> P;
 	false -> dsa_search(T+1, P0, Q, Iter-1)
     end;
@@ -430,38 +427,40 @@ dsa_search(_,_,_,_) ->
 %%%%%%% Crypto Math %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 prime(ByteSize) ->
     Rand = odd_rand(ByteSize),
-    crypto:erlint(prime_odd(Rand, 0)).
+    prime_odd(Rand, 0).
 
 prime_odd(Rand, N) ->
     case is_prime(Rand, 50) of
 	true -> 
 	    Rand;
 	false -> 
-	    NotPrime = crypto:erlint(Rand),
-	    prime_odd(crypto:mpint(NotPrime+2), N+1)
+	    prime_odd(Rand+2, N+1)
     end.
 
 %% see http://en.wikipedia.org/wiki/Fermat_primality_test
 is_prime(_, 0) -> true;
 is_prime(Candidate, Test) -> 
-    CoPrime = odd_rand(<<0,0,0,4, 10000:32>>, Candidate),
-    case crypto:mod_exp(CoPrime, Candidate, Candidate) of
-	CoPrime -> is_prime(Candidate, Test-1);
-	_       -> false
-    end.
+    CoPrime = odd_rand(10000, Candidate),
+    Result = crypto:mod_pow(CoPrime, Candidate, Candidate) ,
+    is_prime(CoPrime, crypto:bytes_to_integer(Result), Candidate, Test).
+
+is_prime(CoPrime, CoPrime, Candidate, Test) ->
+    is_prime(Candidate, Test-1);
+is_prime(_,_,_,_) ->
+    false.
 
 odd_rand(Size) ->
     Min = 1 bsl (Size*8-1),
     Max = (1 bsl (Size*8))-1,
-    odd_rand(crypto:mpint(Min), crypto:mpint(Max)).
+    odd_rand(Min, Max).
 
 odd_rand(Min,Max) ->
-    Rand = <<Sz:32, _/binary>> = crypto:rand_uniform(Min,Max),
-    BitSkip = (Sz+4)*8-1,
-    case Rand of
-	Odd  = <<_:BitSkip,  1:1>> -> Odd;
-	Even = <<_:BitSkip,  0:1>> -> 
-	    crypto:mpint(crypto:erlint(Even)+1)
+    Rand = crypto:rand_uniform(Min,Max),
+    case Rand rem 2 of
+	0 -> 
+	    Rand + 1;
+	_ -> 
+	    Rand
     end.
 
 extended_gcd(A, B) ->
@@ -480,3 +479,4 @@ pem_to_der(File) ->
 der_to_pem(File, Entries) ->
     PemBin = public_key:pem_encode(Entries),
     file:write_file(File, PemBin).
+
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index 165a8a5fcc..c4a6cf1407 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -1549,7 +1549,7 @@ ciphers_rsa_signed_certs(Config) when is_list(Config) ->
     Version = 
 	ssl_record:protocol_version(ssl_record:highest_protocol_version([])),
 
-    Ciphers = ssl_test_lib:rsa_suites(erlang),
+    Ciphers = ssl_test_lib:rsa_suites(crypto),
     ct:log("~p erlang cipher suites ~p~n", [Version, Ciphers]),
     run_suites(Ciphers, Version, Config, rsa).
 %%-------------------------------------------------------------------
@@ -1559,7 +1559,7 @@ ciphers_rsa_signed_certs_openssl_names() ->
 ciphers_rsa_signed_certs_openssl_names(Config) when is_list(Config) ->
     Version = 
 	ssl_record:protocol_version(ssl_record:highest_protocol_version([])),
-    Ciphers = ssl_test_lib:openssl_rsa_suites(),  
+    Ciphers = ssl_test_lib:openssl_rsa_suites(crypto),  
     ct:log("tls1 openssl cipher suites ~p~n", [Ciphers]),
     run_suites(Ciphers, Version, Config, rsa).
 
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index a8ff5187b6..34c52b10b3 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -285,7 +285,7 @@ user_lookup(psk, _Identity, UserState) ->
     {ok, UserState};
 user_lookup(srp, Username, _UserState) ->
     Salt = ssl:random_bytes(16),
-    UserPassHash = crypto:sha([Salt, crypto:sha([Username, <<$:>>, <<"secret">>])]),
+    UserPassHash = crypto:hash(sha, [Salt, crypto:hash(sha, [Username, <<$:>>, <<"secret">>])]),
     {ok, {srp_1024, Salt, UserPassHash}}.
 
 cert_options(Config) ->
@@ -405,7 +405,8 @@ make_dsa_cert(Config) ->
      | Config].
 
 make_ecdsa_cert(Config) ->
-    case proplists:get_bool(ec, crypto:algorithms()) of
+    CryptoSupport = crypto:supports(),
+    case proplists:get_bool(ecdsa, proplists:get_value(public_keys, CryptoSupport)) of
 	    true ->
 	    {ServerCaCertFile, ServerCertFile, ServerKeyFile} = make_cert_files("server", Config, ec, ec, ""),
 	    {ClientCaCertFile, ClientCertFile, ClientKeyFile} = make_cert_files("client", Config, ec, ec, ""),
@@ -429,7 +430,8 @@ make_ecdsa_cert(Config) ->
 %%    This key exchange algorithm is the same as ECDH_ECDSA except that the
 %%    server's certificate MUST be signed with RSA rather than ECDSA.
 make_ecdh_rsa_cert(Config) ->
-    case proplists:get_bool(ec, crypto:algorithms()) of
+    CryptoSupport = crypto:supports(),
+    case proplists:get_bool(ecdh, proplists:get_value(public_keys, CryptoSupport)) of
 	true ->
 	    {ServerCaCertFile, ServerCertFile, ServerKeyFile} = make_cert_files("server", Config, rsa, ec, "rsa_"),
 	    {ClientCaCertFile, ClientCertFile, ClientKeyFile} = make_cert_files("client", Config, rsa, ec, "rsa_"),
@@ -754,14 +756,20 @@ ecdh_rsa_suites() ->
 		 end,
 		 ssl:cipher_suites()).
 
-openssl_rsa_suites() ->
+openssl_rsa_suites(CounterPart) ->
     Ciphers = ssl:cipher_suites(openssl),
+    Names = case is_sane_ecc(CounterPart) of
+		true ->
+		    "DSS | ECDSA";
+		false ->
+		    "DSS | ECDHE | ECDH"
+		end,
     lists:filter(fun(Str) ->
-			 case re:run(Str,"DSS|ECDH-RSA|ECDSA",[]) of
+			 case re:run(Str, Names,[]) of
 			     nomatch ->
-				 true;
+				 false;
 			     _ ->
-				 false
+				 true
 			 end 
 		     end, Ciphers).
 
@@ -939,9 +947,11 @@ init_tls_version(Version) ->
     ssl:start().
 
 sufficient_crypto_support('tlsv1.2') ->
-    proplists:get_bool(sha256, crypto:algorithms());
+    CryptoSupport = crypto:supports(),
+    proplists:get_bool(sha256, proplists:get_value(hashs, CryptoSupport));
 sufficient_crypto_support(ciphers_ec) ->
-    proplists:get_bool(ec, crypto:algorithms());
+    CryptoSupport = crypto:supports(),
+    proplists:get_bool(ecdh, proplists:get_value(public_keys, CryptoSupport));
 sufficient_crypto_support(_) ->
     true.
 
@@ -990,6 +1000,16 @@ is_sane_ecc(openssl) ->
 	_ ->
 	    true
     end;
+is_sane_ecc(crypto) ->
+    [{_,_, Bin}]  = crypto:info_lib(), 
+    case binary_to_list(Bin) of
+	"OpenSSL 0.9.8" ++ _ -> % Does not support ECC
+	    false;
+	"OpenSSL 0.9.7" ++ _ -> % Does not support ECC
+	    false;
+	_ ->
+	    true
+    end;
 is_sane_ecc(_) ->
     true.
 
diff --git a/lib/ssl/test/ssl_to_openssl_SUITE.erl b/lib/ssl/test/ssl_to_openssl_SUITE.erl
index 075b4b1ec4..7f91865a86 100644
--- a/lib/ssl/test/ssl_to_openssl_SUITE.erl
+++ b/lib/ssl/test/ssl_to_openssl_SUITE.erl
@@ -106,9 +106,9 @@ init_per_suite(Config0) ->
 					      ?config(priv_dir, Config0))),
 		    ct:log("Make certs  ~p~n", [Result]),
 		    Config1 = ssl_test_lib:make_dsa_cert(Config0),
-		    Config = ssl_test_lib:cert_options(Config1),
-		    NewConfig = [{watchdog, Dog} | Config],
-		    ssl_test_lib:cipher_restriction(NewConfig)
+		    Config2 = ssl_test_lib:cert_options(Config1),
+		    Config = [{watchdog, Dog} | Config2],
+		    ssl_test_lib:cipher_restriction(Config)
 		catch _:_  ->
 		    {skip, "Crypto did not start"}
 	    end