1 files changed, 97 insertions, 15 deletions
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index 50afad95a5..fc1817ec49 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -404,6 +404,49 @@ make_dsa_cert(Config) ->
 		       {certfile, ClientCertFile}, {keyfile, ClientKeyFile}]}
      | Config].
 
+make_ecdsa_cert(Config) ->
+    case proplists:get_bool(ec, crypto:algorithms()) of
+	    true ->
+	    {ServerCaCertFile, ServerCertFile, ServerKeyFile} = make_cert_files("server", Config, ec, ec, ""),
+	    {ClientCaCertFile, ClientCertFile, ClientKeyFile} = make_cert_files("client", Config, ec, ec, ""),
+	    [{server_ecdsa_opts, [{ssl_imp, new},{reuseaddr, true},
+				  {cacertfile, ServerCaCertFile},
+				  {certfile, ServerCertFile}, {keyfile, ServerKeyFile}]},
+	     {server_ecdsa_verify_opts, [{ssl_imp, new},{reuseaddr, true},
+					 {cacertfile, ClientCaCertFile},
+					 {certfile, ServerCertFile}, {keyfile, ServerKeyFile},
+					 {verify, verify_peer}]},
+	     {client_ecdsa_opts, [{ssl_imp, new},{reuseaddr, true},
+				  {cacertfile, ClientCaCertFile},
+				  {certfile, ClientCertFile}, {keyfile, ClientKeyFile}]}
+	     | Config];
+	_ ->
+	    Config
+    end.
+
+%% RFC 4492, Sect. 2.3.  ECDH_RSA
+%%
+%%    This key exchange algorithm is the same as ECDH_ECDSA except that the
+%%    server's certificate MUST be signed with RSA rather than ECDSA.
+make_ecdh_rsa_cert(Config) ->
+    case proplists:get_bool(ec, crypto:algorithms()) of
+	true ->
+	    {ServerCaCertFile, ServerCertFile, ServerKeyFile} = make_cert_files("server", Config, rsa, ec, "rsa_"),
+	    {ClientCaCertFile, ClientCertFile, ClientKeyFile} = make_cert_files("client", Config, rsa, ec, "rsa_"),
+	    [{server_ecdh_rsa_opts, [{ssl_imp, new},{reuseaddr, true},
+				     {cacertfile, ServerCaCertFile},
+				     {certfile, ServerCertFile}, {keyfile, ServerKeyFile}]},
+	     {server_ecdh_rsa_verify_opts, [{ssl_imp, new},{reuseaddr, true},
+					    {cacertfile, ClientCaCertFile},
+					    {certfile, ServerCertFile}, {keyfile, ServerKeyFile},
+					    {verify, verify_peer}]},
+	     {client_ecdh_rsa_opts, [{ssl_imp, new},{reuseaddr, true},
+				     {cacertfile, ClientCaCertFile},
+				     {certfile, ClientCertFile}, {keyfile, ClientKeyFile}]}
+	     | Config];
+	_ ->
+	    Config
+    end.
 
 make_mix_cert(Config) ->
     {ServerCaCertFile, ServerCertFile, ServerKeyFile} = make_cert_files("server", Config, dsa,
@@ -667,10 +710,14 @@ send_selected_port(_,_,_) ->
     ok.
 
 rsa_suites() ->
-    lists:filter(fun({dhe_dss, _, _}) ->
-			 false;
+    lists:filter(fun({rsa, _, _}) ->
+			 true;
+		    ({dhe_rsa, _, _}) ->
+			 true;
+		    ({ecdhe_rsa, _, _}) ->
+			 true;
 		    (_) ->
-			 true
+			 false
 		 end,
 		 ssl:cipher_suites()).
 
@@ -690,17 +737,32 @@ dsa_suites() ->
 		 end,
 		 ssl:cipher_suites()).
 
+ecdsa_suites() ->
+     lists:filter(fun({ecdhe_ecdsa, _, _}) ->
+			 true;
+		    (_) ->
+			 false
+		 end,
+		 ssl:cipher_suites()).
+
+ecdh_rsa_suites() ->
+     lists:filter(fun({ecdh_rsa, _, _}) ->
+			 true;
+		    (_) ->
+			 false
+		 end,
+		 ssl:cipher_suites()).
 
 openssl_rsa_suites() ->
     Ciphers = ssl:cipher_suites(openssl),
     lists:filter(fun(Str) ->
-			 case re:run(Str,"DSS",[]) of
+			 case re:run(Str,"DSS|ECDH-RSA|ECDSA",[]) of
 			     nomatch ->
 				 true;
 			     _ ->
 				 false
 			 end 
-		 end, Ciphers).
+		     end, Ciphers).
 
 openssl_dsa_suites() ->
     Ciphers = ssl:cipher_suites(openssl),
@@ -713,13 +775,39 @@ openssl_dsa_suites() ->
 			 end 
 		 end, Ciphers).
 
+openssl_ecdsa_suites() ->
+    Ciphers = ssl:cipher_suites(openssl),
+    lists:filter(fun(Str) ->
+			 case re:run(Str,"ECDHE-ECDSA",[]) of
+			     nomatch ->
+				 false;
+			     _ ->
+				 true
+			 end
+		 end, Ciphers).
+
+openssl_ecdh_rsa_suites() ->
+    Ciphers = ssl:cipher_suites(openssl),
+    lists:filter(fun(Str) ->
+			 case re:run(Str,"ECDH-RSA",[]) of
+			     nomatch ->
+				 false;
+			     _ ->
+				 true
+			 end
+		 end, Ciphers).
+
 anonymous_suites() ->
     Suites =
 	[{dh_anon, rc4_128, md5},
 	 {dh_anon, des_cbc, sha},
 	 {dh_anon, '3des_ede_cbc', sha},
 	 {dh_anon, aes_128_cbc, sha},
-	 {dh_anon, aes_256_cbc, sha}],
+	 {dh_anon, aes_256_cbc, sha},
+	 {ecdh_anon,rc4_128,sha},
+	 {ecdh_anon,'3des_ede_cbc',sha},
+	 {ecdh_anon,aes_128_cbc,sha},
+	 {ecdh_anon,aes_256_cbc,sha}],
     ssl_cipher:filter_suites(Suites).
 
 psk_suites() ->
@@ -840,15 +928,9 @@ init_tls_version(Version) ->
     ssl:start().
 
 sufficient_crypto_support('tlsv1.2') ->
-    Data = "Sampl",
-    Data2 = "e #1",
-    Key = <<0,1,2,3,16,17,18,19,32,33,34,35,48,49,50,51,4,5,6,7,20,21,22,23,36,37,38,39,
-	    52,53,54,55,8,9,10,11,24,25,26,27,40,41,42,43,56,57,58,59>>,
-    try
-	crypto:sha256_mac(Key, lists:flatten([Data, Data2])),
-	true
-    catch _:_ -> false
-    end;
+    proplists:get_bool(sha256, crypto:algorithms());
+sufficient_crypto_support(ciphers_ec) ->
+    proplists:get_bool(ec, crypto:algorithms());
 sufficient_crypto_support(_) ->
     true.