diff options
author | Ingela Anderton Andin <[email protected]> | 2012-08-09 15:15:51 +0200 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2012-08-22 14:00:46 +0200 |
commit | 4f68e36b57bf7b2cc608bf1fb5d50486529bff10 (patch) | |
tree | 937e5288965e629e924a95f44625bc4cd7bbe976 /lib | |
parent | a0bd4951be74a5db1c382a7e19432903db10e576 (diff) | |
download | otp-4f68e36b57bf7b2cc608bf1fb5d50486529bff10.tar.gz otp-4f68e36b57bf7b2cc608bf1fb5d50486529bff10.tar.bz2 otp-4f68e36b57bf7b2cc608bf1fb5d50486529bff10.zip |
ssl: Add crypto support check (TLS 1.2 require sha256 support)
Diffstat (limited to 'lib')
-rw-r--r-- | lib/ssl/src/ssl_tls1.erl | 2 | ||||
-rw-r--r-- | lib/ssl/test/ssl_basic_SUITE.erl | 15 | ||||
-rw-r--r-- | lib/ssl/test/ssl_payload_SUITE.erl | 16 | ||||
-rw-r--r-- | lib/ssl/test/ssl_test_lib.erl | 13 | ||||
-rw-r--r-- | lib/ssl/test/ssl_to_openssl_SUITE.erl | 6 |
5 files changed, 39 insertions, 13 deletions
diff --git a/lib/ssl/src/ssl_tls1.erl b/lib/ssl/src/ssl_tls1.erl index d62ea6e5a4..91b321bcd9 100644 --- a/lib/ssl/src/ssl_tls1.erl +++ b/lib/ssl/src/ssl_tls1.erl @@ -222,8 +222,6 @@ hmac_hash(?MD5, Key, Value) -> crypto:md5_mac(Key, Value); hmac_hash(?SHA, Key, Value) -> crypto:sha_mac(Key, Value); -hmac_hash(?MD5SHA, Key, Value) -> - crypto:sha256_mac(Key, Value); hmac_hash(?SHA256, Key, Value) -> crypto:sha256_mac(Key, Value); hmac_hash(?SHA384, Key, Value) -> diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl index 1cfe8d0367..de883d5425 100644 --- a/lib/ssl/test/ssl_basic_SUITE.erl +++ b/lib/ssl/test/ssl_basic_SUITE.erl @@ -198,11 +198,18 @@ all_versions_groups ()-> init_per_group(GroupName, Config) -> case ssl_test_lib:is_tls_version(GroupName) of true -> - ssl_test_lib:init_tls_version(GroupName); + case ssl_test_lib:sufficient_crypto_support(GroupName) of + true -> + ssl_test_lib:init_tls_version(GroupName), + Config; + false -> + {skip, "Missing crypto support"} + end; _ -> - ssl:start() - end, - Config. + ssl:start(), + Config + end. + end_per_group(_GroupName, Config) -> Config. diff --git a/lib/ssl/test/ssl_payload_SUITE.erl b/lib/ssl/test/ssl_payload_SUITE.erl index 9633942ac3..c97f97e70b 100644 --- a/lib/ssl/test/ssl_payload_SUITE.erl +++ b/lib/ssl/test/ssl_payload_SUITE.erl @@ -140,13 +140,19 @@ payload_tests() -> init_per_group(GroupName, Config) -> - case ssl_test_lib:is_tls_version(GroupName) of + case ssl_test_lib:is_tls_version(GroupName) of true -> - ssl_test_lib:init_tls_version(GroupName); + case ssl_test_lib:sufficient_crypto_support(GroupName) of + true -> + ssl_test_lib:init_tls_version(GroupName), + Config; + false -> + {skip, "Missing crypto support"} + end; _ -> - ssl:start() - end, - Config. + ssl:start(), + Config + end. end_per_group(_GroupName, Config) -> Config. diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl index 905801fe3d..b39c995552 100644 --- a/lib/ssl/test/ssl_test_lib.erl +++ b/lib/ssl/test/ssl_test_lib.erl @@ -725,3 +725,16 @@ init_tls_version(Version) -> application:load(ssl), application:set_env(ssl, protocol_version, Version), ssl:start(). + +sufficient_crypto_support('tlsv1.2') -> + Data = "Sampl", + Data2 = "e #1", + Key = <<0,1,2,3,16,17,18,19,32,33,34,35,48,49,50,51,4,5,6,7,20,21,22,23,36,37,38,39, + 52,53,54,55,8,9,10,11,24,25,26,27,40,41,42,43,56,57,58,59>>, + try + crypto:sha256_mac(Key, lists:flatten([Data, Data2])), + true + catch _:_ -> false + end; +sufficient_crypto_support(_) -> + true. diff --git a/lib/ssl/test/ssl_to_openssl_SUITE.erl b/lib/ssl/test/ssl_to_openssl_SUITE.erl index e5f8d4ae4e..ec35c42773 100644 --- a/lib/ssl/test/ssl_to_openssl_SUITE.erl +++ b/lib/ssl/test/ssl_to_openssl_SUITE.erl @@ -112,7 +112,9 @@ special_init(TestCase, Config) special_init(ssl2_erlang_server_openssl_client, Config) -> check_sane_openssl_sslv2(Config); -special_init(ciphers_dsa_signed_certs, Config) -> +special_init(TestCase, Config) when TestCase == erlang_client_openssl_server_dsa_cert; + TestCase == erlang_server_openssl_client_dsa_cert; + TestCase == ciphers_dsa_signed_certs -> check_sane_openssl_dsa(Config); special_init(_, Config) -> @@ -1186,7 +1188,7 @@ check_sane_openssl_renegotaite(Config) -> {skip, "Known renegotiation bug in OpenSSL"}; "OpenSSL 0.9.7" ++ _ -> {skip, "Known renegotiation bug in OpenSSL"}; - "OpenSSL 1.0.1c" ++ _ -> + "OpenSSL 1.0.1" ++ _ -> {skip, "Known renegotiation bug in OpenSSL"}; _ -> Config |