From b2ccc51a505b3c4294ee0049be69ba293bcd8c06 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=A9ter=20Dimitrov?= <peterdmv@erlang.org>
Date: Fri, 11 Jan 2019 10:43:09 +0100
Subject: ssl: Skip TLS 1.3 suites if crypto lacks support

TLS 1.3 test suites requires TLS 1.3 support in crypto that is
openssl 1.1.1 or later shall be available.

This commit tests support for RSASSA-PSS signature algorithm
and x448 Diffie-Hellman key agreement.

Change-Id: I003ab376339b003fbbd3d0a66e10c368a16023ad
---
 lib/ssl/test/ssl_test_lib.erl | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'lib/ssl/test/ssl_test_lib.erl')

diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index 929b1ae12a..e80a765c22 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -1537,7 +1537,12 @@ init_tls_version(Version, Config) ->
 
 clean_tls_version(Config) ->
     proplists:delete(protocol_opts, proplists:delete(protocol, Config)).
-    
+
+sufficient_crypto_support(Version)
+  when Version == 'tlsv1.3' ->
+    CryptoSupport = crypto:supports(),
+    lists:member(rsa_pkcs1_pss_padding, proplists:get_value(rsa_opts, CryptoSupport)) andalso
+    lists:member(x448, proplists:get_value(curves, CryptoSupport));
 sufficient_crypto_support(Version)
   when Version == 'tlsv1.2'; Version == 'dtlsv1.2' ->
     CryptoSupport = crypto:supports(),
-- 
cgit v1.2.3