From 4f68e36b57bf7b2cc608bf1fb5d50486529bff10 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Thu, 9 Aug 2012 15:15:51 +0200 Subject: ssl: Add crypto support check (TLS 1.2 require sha256 support) --- lib/ssl/src/ssl_tls1.erl | 2 -- lib/ssl/test/ssl_basic_SUITE.erl | 15 +++++++++++---- lib/ssl/test/ssl_payload_SUITE.erl | 16 +++++++++++----- lib/ssl/test/ssl_test_lib.erl | 13 +++++++++++++ lib/ssl/test/ssl_to_openssl_SUITE.erl | 6 ++++-- 5 files changed, 39 insertions(+), 13 deletions(-) (limited to 'lib/ssl') diff --git a/lib/ssl/src/ssl_tls1.erl b/lib/ssl/src/ssl_tls1.erl index d62ea6e5a4..91b321bcd9 100644 --- a/lib/ssl/src/ssl_tls1.erl +++ b/lib/ssl/src/ssl_tls1.erl @@ -222,8 +222,6 @@ hmac_hash(?MD5, Key, Value) -> crypto:md5_mac(Key, Value); hmac_hash(?SHA, Key, Value) -> crypto:sha_mac(Key, Value); -hmac_hash(?MD5SHA, Key, Value) -> - crypto:sha256_mac(Key, Value); hmac_hash(?SHA256, Key, Value) -> crypto:sha256_mac(Key, Value); hmac_hash(?SHA384, Key, Value) -> diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl index 1cfe8d0367..de883d5425 100644 --- a/lib/ssl/test/ssl_basic_SUITE.erl +++ b/lib/ssl/test/ssl_basic_SUITE.erl @@ -198,11 +198,18 @@ all_versions_groups ()-> init_per_group(GroupName, Config) -> case ssl_test_lib:is_tls_version(GroupName) of true -> - ssl_test_lib:init_tls_version(GroupName); + case ssl_test_lib:sufficient_crypto_support(GroupName) of + true -> + ssl_test_lib:init_tls_version(GroupName), + Config; + false -> + {skip, "Missing crypto support"} + end; _ -> - ssl:start() - end, - Config. + ssl:start(), + Config + end. + end_per_group(_GroupName, Config) -> Config. diff --git a/lib/ssl/test/ssl_payload_SUITE.erl b/lib/ssl/test/ssl_payload_SUITE.erl index 9633942ac3..c97f97e70b 100644 --- a/lib/ssl/test/ssl_payload_SUITE.erl +++ b/lib/ssl/test/ssl_payload_SUITE.erl @@ -140,13 +140,19 @@ payload_tests() -> init_per_group(GroupName, Config) -> - case ssl_test_lib:is_tls_version(GroupName) of + case ssl_test_lib:is_tls_version(GroupName) of true -> - ssl_test_lib:init_tls_version(GroupName); + case ssl_test_lib:sufficient_crypto_support(GroupName) of + true -> + ssl_test_lib:init_tls_version(GroupName), + Config; + false -> + {skip, "Missing crypto support"} + end; _ -> - ssl:start() - end, - Config. + ssl:start(), + Config + end. end_per_group(_GroupName, Config) -> Config. diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl index 905801fe3d..b39c995552 100644 --- a/lib/ssl/test/ssl_test_lib.erl +++ b/lib/ssl/test/ssl_test_lib.erl @@ -725,3 +725,16 @@ init_tls_version(Version) -> application:load(ssl), application:set_env(ssl, protocol_version, Version), ssl:start(). + +sufficient_crypto_support('tlsv1.2') -> + Data = "Sampl", + Data2 = "e #1", + Key = <<0,1,2,3,16,17,18,19,32,33,34,35,48,49,50,51,4,5,6,7,20,21,22,23,36,37,38,39, + 52,53,54,55,8,9,10,11,24,25,26,27,40,41,42,43,56,57,58,59>>, + try + crypto:sha256_mac(Key, lists:flatten([Data, Data2])), + true + catch _:_ -> false + end; +sufficient_crypto_support(_) -> + true. diff --git a/lib/ssl/test/ssl_to_openssl_SUITE.erl b/lib/ssl/test/ssl_to_openssl_SUITE.erl index e5f8d4ae4e..ec35c42773 100644 --- a/lib/ssl/test/ssl_to_openssl_SUITE.erl +++ b/lib/ssl/test/ssl_to_openssl_SUITE.erl @@ -112,7 +112,9 @@ special_init(TestCase, Config) special_init(ssl2_erlang_server_openssl_client, Config) -> check_sane_openssl_sslv2(Config); -special_init(ciphers_dsa_signed_certs, Config) -> +special_init(TestCase, Config) when TestCase == erlang_client_openssl_server_dsa_cert; + TestCase == erlang_server_openssl_client_dsa_cert; + TestCase == ciphers_dsa_signed_certs -> check_sane_openssl_dsa(Config); special_init(_, Config) -> @@ -1186,7 +1188,7 @@ check_sane_openssl_renegotaite(Config) -> {skip, "Known renegotiation bug in OpenSSL"}; "OpenSSL 0.9.7" ++ _ -> {skip, "Known renegotiation bug in OpenSSL"}; - "OpenSSL 1.0.1c" ++ _ -> + "OpenSSL 1.0.1" ++ _ -> {skip, "Known renegotiation bug in OpenSSL"}; _ -> Config -- cgit v1.2.3