diff options
author | Fredrik Gustafsson <[email protected]> | 2013-04-29 14:21:24 +0200 |
---|---|---|
committer | Fredrik Gustafsson <[email protected]> | 2013-04-29 14:21:24 +0200 |
commit | d93043ca0839e659abada62b0c6cf4d441808acf (patch) | |
tree | 88f74177c6778a358ead9d8583d1a2559e94acd9 /lib/ssl | |
parent | d0f2388935c6ef7e430bd0bc03eea6307e38a136 (diff) | |
parent | 69833e8f64e900eece91f5430c2462dd584fff31 (diff) | |
download | otp-d93043ca0839e659abada62b0c6cf4d441808acf.tar.gz otp-d93043ca0839e659abada62b0c6cf4d441808acf.tar.bz2 otp-d93043ca0839e659abada62b0c6cf4d441808acf.zip |
Merge branch 'as/fix-srp-psk-anon/OTP-11071' into maint
* as/fix-srp-psk-anon/OTP-11071:
fix srp_anon ciphers suites requiring certificates to work.
Diffstat (limited to 'lib/ssl')
-rw-r--r-- | lib/ssl/src/ssl_connection.erl | 2 | ||||
-rw-r--r-- | lib/ssl/test/ssl_basic_SUITE.erl | 33 | ||||
-rw-r--r-- | lib/ssl/test/ssl_test_lib.erl | 32 |
3 files changed, 57 insertions, 10 deletions
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl index 1843377582..fa64915fd0 100644 --- a/lib/ssl/src/ssl_connection.erl +++ b/lib/ssl/src/ssl_connection.erl @@ -1547,7 +1547,7 @@ server_hello_done(#state{transport_cb = Transport, tls_handshake_history = Handshake}. certify_server(#state{key_algorithm = Algo} = State) - when Algo == dh_anon; Algo == psk; Algo == dhe_psk -> + when Algo == dh_anon; Algo == psk; Algo == dhe_psk; Algo == srp_anon -> State; certify_server(#state{transport_cb = Transport, diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl index 5cedde5d27..10bbd4d88b 100644 --- a/lib/ssl/test/ssl_basic_SUITE.erl +++ b/lib/ssl/test/ssl_basic_SUITE.erl @@ -156,7 +156,10 @@ cipher_tests() -> anonymous_cipher_suites, psk_cipher_suites, psk_with_hint_cipher_suites, + psk_anon_cipher_suites, + psk_anon_with_hint_cipher_suites, srp_cipher_suites, + srp_anon_cipher_suites, srp_dsa_cipher_suites, default_reject_anonymous]. @@ -1594,6 +1597,20 @@ psk_with_hint_cipher_suites(Config) when is_list(Config) -> Ciphers = ssl_test_lib:psk_suites(), run_suites(Ciphers, Version, Config, psk_with_hint). %%------------------------------------------------------------------- +psk_anon_cipher_suites() -> + [{doc, "Test the anonymous PSK ciphersuites WITHOUT server supplied identity hint"}]. +psk_anon_cipher_suites(Config) when is_list(Config) -> + Version = ssl_record:protocol_version(ssl_record:highest_protocol_version([])), + Ciphers = ssl_test_lib:psk_anon_suites(), + run_suites(Ciphers, Version, Config, psk_anon). +%%------------------------------------------------------------------- +psk_anon_with_hint_cipher_suites()-> + [{doc, "Test the anonymous PSK ciphersuites WITH server supplied identity hint"}]. +psk_anon_with_hint_cipher_suites(Config) when is_list(Config) -> + Version = ssl_record:protocol_version(ssl_record:highest_protocol_version([])), + Ciphers = ssl_test_lib:psk_anon_suites(), + run_suites(Ciphers, Version, Config, psk_anon_with_hint). +%%------------------------------------------------------------------- srp_cipher_suites()-> [{doc, "Test the SRP ciphersuites"}]. srp_cipher_suites(Config) when is_list(Config) -> @@ -1601,6 +1618,13 @@ srp_cipher_suites(Config) when is_list(Config) -> Ciphers = ssl_test_lib:srp_suites(), run_suites(Ciphers, Version, Config, srp). %%------------------------------------------------------------------- +srp_anon_cipher_suites()-> + [{doc, "Test the anonymous SRP ciphersuites"}]. +srp_anon_cipher_suites(Config) when is_list(Config) -> + Version = ssl_record:protocol_version(ssl_record:highest_protocol_version([])), + Ciphers = ssl_test_lib:srp_anon_suites(), + run_suites(Ciphers, Version, Config, srp_anon). +%%------------------------------------------------------------------- srp_dsa_cipher_suites()-> [{doc, "Test the SRP DSA ciphersuites"}]. srp_dsa_cipher_suites(Config) when is_list(Config) -> @@ -3151,9 +3175,18 @@ run_suites(Ciphers, Version, Config, Type) -> psk_with_hint -> {?config(client_psk, Config), ?config(server_psk_hint, Config)}; + psk_anon -> + {?config(client_psk, Config), + ?config(server_psk_anon, Config)}; + psk_anon_with_hint -> + {?config(client_psk, Config), + ?config(server_psk_anon_hint, Config)}; srp -> {?config(client_srp, Config), ?config(server_srp, Config)}; + srp_anon -> + {?config(client_srp, Config), + ?config(server_srp_anon, Config)}; srp_dsa -> {?config(client_srp_dsa, Config), ?config(server_srp_dsa, Config)} diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl index d655d7659e..e4fedcd118 100644 --- a/lib/ssl/test/ssl_test_lib.erl +++ b/lib/ssl/test/ssl_test_lib.erl @@ -339,12 +339,22 @@ cert_options(Config) -> {psk_identity, "HINT"}, {user_lookup_fun, {fun user_lookup/3, PskSharedSecret}}, {ciphers, psk_suites()}]}, + {server_psk_anon, [{ssl_imp, new},{reuseaddr, true}, + {user_lookup_fun, {fun user_lookup/3, PskSharedSecret}}, + {ciphers, psk_anon_suites()}]}, + {server_psk_anon_hint, [{ssl_imp, new},{reuseaddr, true}, + {psk_identity, "HINT"}, + {user_lookup_fun, {fun user_lookup/3, PskSharedSecret}}, + {ciphers, psk_anon_suites()}]}, {client_srp, [{ssl_imp, new},{reuseaddr, true}, {srp_identity, {"Test-User", "secret"}}]}, {server_srp, [{ssl_imp, new},{reuseaddr, true}, {certfile, ServerCertFile}, {keyfile, ServerKeyFile}, {user_lookup_fun, {fun user_lookup/3, undefined}}, {ciphers, srp_suites()}]}, + {server_srp_anon, [{ssl_imp, new},{reuseaddr, true}, + {user_lookup_fun, {fun user_lookup/3, undefined}}, + {ciphers, srp_anon_suites()}]}, {server_verification_opts, [{ssl_imp, new},{reuseaddr, true}, {cacertfile, ServerCaCertFile}, {certfile, ServerCertFile}, {keyfile, ServerKeyFile}]}, @@ -711,6 +721,12 @@ anonymous_suites() -> {dh_anon, aes_256_cbc, sha}]. psk_suites() -> + [{rsa_psk, rc4_128, sha}, + {rsa_psk, '3des_ede_cbc', sha}, + {rsa_psk, aes_128_cbc, sha}, + {rsa_psk, aes_256_cbc, sha}]. + +psk_anon_suites() -> [{psk, rc4_128, sha}, {psk, '3des_ede_cbc', sha}, {psk, aes_128_cbc, sha}, @@ -718,20 +734,18 @@ psk_suites() -> {dhe_psk, rc4_128, sha}, {dhe_psk, '3des_ede_cbc', sha}, {dhe_psk, aes_128_cbc, sha}, - {dhe_psk, aes_256_cbc, sha}, - {rsa_psk, rc4_128, sha}, - {rsa_psk, '3des_ede_cbc', sha}, - {rsa_psk, aes_128_cbc, sha}, - {rsa_psk, aes_256_cbc, sha}]. + {dhe_psk, aes_256_cbc, sha}]. srp_suites() -> - [{srp_anon, '3des_ede_cbc', sha}, - {srp_rsa, '3des_ede_cbc', sha}, - {srp_anon, aes_128_cbc, sha}, + [{srp_rsa, '3des_ede_cbc', sha}, {srp_rsa, aes_128_cbc, sha}, - {srp_anon, aes_256_cbc, sha}, {srp_rsa, aes_256_cbc, sha}]. +srp_anon_suites() -> + [{srp_anon, '3des_ede_cbc', sha}, + {srp_anon, aes_128_cbc, sha}, + {srp_anon, aes_256_cbc, sha}]. + srp_dss_suites() -> [{srp_dss, '3des_ede_cbc', sha}, {srp_dss, aes_128_cbc, sha}, |