From 69833e8f64e900eece91f5430c2462dd584fff31 Mon Sep 17 00:00:00 2001
From: Andreas Schultz <aschultz@tpip.net>
Date: Fri, 12 Apr 2013 10:42:31 +0200
Subject: fix srp_anon ciphers suites requiring certificates to work.

This problem was not caught by the test suites since all PSK and SRP
suites where always tested with certificates. Split those tests into
test with and without certificates.
---
 lib/ssl/src/ssl_connection.erl   |  2 +-
 lib/ssl/test/ssl_basic_SUITE.erl | 33 +++++++++++++++++++++++++++++++++
 lib/ssl/test/ssl_test_lib.erl    | 32 +++++++++++++++++++++++---------
 3 files changed, 57 insertions(+), 10 deletions(-)

diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index 1843377582..fa64915fd0 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -1547,7 +1547,7 @@ server_hello_done(#state{transport_cb = Transport,
 		tls_handshake_history = Handshake}.
 
 certify_server(#state{key_algorithm = Algo} = State)
-  when Algo == dh_anon; Algo == psk; Algo == dhe_psk ->
+  when Algo == dh_anon; Algo == psk; Algo == dhe_psk; Algo == srp_anon ->
     State;
 
 certify_server(#state{transport_cb = Transport,
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index 5cedde5d27..10bbd4d88b 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -156,7 +156,10 @@ cipher_tests() ->
      anonymous_cipher_suites,
      psk_cipher_suites,
      psk_with_hint_cipher_suites,
+     psk_anon_cipher_suites,
+     psk_anon_with_hint_cipher_suites,
      srp_cipher_suites,
+     srp_anon_cipher_suites,
      srp_dsa_cipher_suites,
      default_reject_anonymous].
 
@@ -1594,6 +1597,20 @@ psk_with_hint_cipher_suites(Config) when is_list(Config) ->
     Ciphers = ssl_test_lib:psk_suites(),
     run_suites(Ciphers, Version, Config, psk_with_hint).
 %%-------------------------------------------------------------------
+psk_anon_cipher_suites() ->
+    [{doc, "Test the anonymous PSK ciphersuites WITHOUT server supplied identity hint"}].
+psk_anon_cipher_suites(Config) when is_list(Config) ->
+    Version = ssl_record:protocol_version(ssl_record:highest_protocol_version([])),
+    Ciphers = ssl_test_lib:psk_anon_suites(),
+    run_suites(Ciphers, Version, Config, psk_anon).
+%%-------------------------------------------------------------------
+psk_anon_with_hint_cipher_suites()->
+    [{doc, "Test the anonymous PSK ciphersuites WITH server supplied identity hint"}].
+psk_anon_with_hint_cipher_suites(Config) when is_list(Config) ->
+    Version = ssl_record:protocol_version(ssl_record:highest_protocol_version([])),
+    Ciphers = ssl_test_lib:psk_anon_suites(),
+    run_suites(Ciphers, Version, Config, psk_anon_with_hint).
+%%-------------------------------------------------------------------
 srp_cipher_suites()->
     [{doc, "Test the SRP ciphersuites"}].
 srp_cipher_suites(Config) when is_list(Config) ->
@@ -1601,6 +1618,13 @@ srp_cipher_suites(Config) when is_list(Config) ->
     Ciphers = ssl_test_lib:srp_suites(),
     run_suites(Ciphers, Version, Config, srp).
 %%-------------------------------------------------------------------
+srp_anon_cipher_suites()->
+    [{doc, "Test the anonymous SRP ciphersuites"}].
+srp_anon_cipher_suites(Config) when is_list(Config) ->
+    Version = ssl_record:protocol_version(ssl_record:highest_protocol_version([])),
+    Ciphers = ssl_test_lib:srp_anon_suites(),
+    run_suites(Ciphers, Version, Config, srp_anon).
+%%-------------------------------------------------------------------
 srp_dsa_cipher_suites()->
     [{doc, "Test the SRP DSA ciphersuites"}].
 srp_dsa_cipher_suites(Config) when is_list(Config) ->
@@ -3151,9 +3175,18 @@ run_suites(Ciphers, Version, Config, Type) ->
 	    psk_with_hint ->
 		{?config(client_psk, Config),
 		 ?config(server_psk_hint, Config)};
+	    psk_anon ->
+		{?config(client_psk, Config),
+		 ?config(server_psk_anon, Config)};
+	    psk_anon_with_hint ->
+		{?config(client_psk, Config),
+		 ?config(server_psk_anon_hint, Config)};
 	    srp ->
 		{?config(client_srp, Config),
 		 ?config(server_srp, Config)};
+	    srp_anon ->
+		{?config(client_srp, Config),
+		 ?config(server_srp_anon, Config)};
 	    srp_dsa ->
 		{?config(client_srp_dsa, Config),
 		 ?config(server_srp_dsa, Config)}
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index d655d7659e..e4fedcd118 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -339,12 +339,22 @@ cert_options(Config) ->
 			{psk_identity, "HINT"},
 			{user_lookup_fun, {fun user_lookup/3, PskSharedSecret}},
 			{ciphers, psk_suites()}]},
+     {server_psk_anon, [{ssl_imp, new},{reuseaddr, true},
+			{user_lookup_fun, {fun user_lookup/3, PskSharedSecret}},
+			{ciphers, psk_anon_suites()}]},
+     {server_psk_anon_hint, [{ssl_imp, new},{reuseaddr, true},
+			     {psk_identity, "HINT"},
+			     {user_lookup_fun, {fun user_lookup/3, PskSharedSecret}},
+			     {ciphers, psk_anon_suites()}]},
      {client_srp, [{ssl_imp, new},{reuseaddr, true},
 		   {srp_identity, {"Test-User", "secret"}}]},
      {server_srp, [{ssl_imp, new},{reuseaddr, true},
 		   {certfile, ServerCertFile}, {keyfile, ServerKeyFile},
 		   {user_lookup_fun, {fun user_lookup/3, undefined}},
 		   {ciphers, srp_suites()}]},
+     {server_srp_anon, [{ssl_imp, new},{reuseaddr, true},
+			{user_lookup_fun, {fun user_lookup/3, undefined}},
+			{ciphers, srp_anon_suites()}]},
      {server_verification_opts, [{ssl_imp, new},{reuseaddr, true}, 
 		    {cacertfile, ServerCaCertFile},
 		    {certfile, ServerCertFile}, {keyfile, ServerKeyFile}]},
@@ -711,6 +721,12 @@ anonymous_suites() ->
      {dh_anon, aes_256_cbc, sha}].
 
 psk_suites() ->
+    [{rsa_psk, rc4_128, sha},
+     {rsa_psk, '3des_ede_cbc', sha},
+     {rsa_psk, aes_128_cbc, sha},
+     {rsa_psk, aes_256_cbc, sha}].
+
+psk_anon_suites() ->
     [{psk, rc4_128, sha},
      {psk, '3des_ede_cbc', sha},
      {psk, aes_128_cbc, sha},
@@ -718,20 +734,18 @@ psk_suites() ->
      {dhe_psk, rc4_128, sha},
      {dhe_psk, '3des_ede_cbc', sha},
      {dhe_psk, aes_128_cbc, sha},
-     {dhe_psk, aes_256_cbc, sha},
-     {rsa_psk, rc4_128, sha},
-     {rsa_psk, '3des_ede_cbc', sha},
-     {rsa_psk, aes_128_cbc, sha},
-     {rsa_psk, aes_256_cbc, sha}].
+     {dhe_psk, aes_256_cbc, sha}].
 
 srp_suites() ->
-    [{srp_anon, '3des_ede_cbc', sha},
-     {srp_rsa, '3des_ede_cbc', sha},
-     {srp_anon, aes_128_cbc, sha},
+    [{srp_rsa, '3des_ede_cbc', sha},
      {srp_rsa, aes_128_cbc, sha},
-     {srp_anon, aes_256_cbc, sha},
      {srp_rsa, aes_256_cbc, sha}].
 
+srp_anon_suites() ->
+    [{srp_anon, '3des_ede_cbc', sha},
+     {srp_anon, aes_128_cbc, sha},
+     {srp_anon, aes_256_cbc, sha}].
+
 srp_dss_suites() ->
     [{srp_dss, '3des_ede_cbc', sha},
      {srp_dss, aes_128_cbc, sha},
-- 
cgit v1.2.3