From 07044c29b6f3a553bcbeaf9437f05c3ac19f1775 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Wed, 3 Jan 2018 16:42:52 +0100
Subject: dtls: We do not need to wait for DTLS over UDP server

Client will retransmit until server becomes responsive
---
 lib/ssl/test/ssl_test_lib.erl | 95 ++-----------------------------------------
 1 file changed, 3 insertions(+), 92 deletions(-)

(limited to 'lib/ssl')

diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index 7248411d15..29af57605c 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -1335,8 +1335,9 @@ enough_openssl_crl_support(_) -> true.
 
 wait_for_openssl_server(Port, tls) ->
     do_wait_for_openssl_tls_server(Port, 10);
-wait_for_openssl_server(Port, dtls) ->
-    do_wait_for_openssl_dtls_server(Port, 10).
+wait_for_openssl_server(_Port, dtls) ->
+    ok. %% No need to wait for DTLS over UDP server
+        %% client will retransmitt until it is up.
 
 do_wait_for_openssl_tls_server(_, 0) ->
     exit(failed_to_connect_to_openssl);
@@ -1349,21 +1350,6 @@ do_wait_for_openssl_tls_server(Port, N) ->
 	    do_wait_for_openssl_tls_server(Port, N-1)
     end.
 
-do_wait_for_openssl_dtls_server(_, 0) ->
-    %%exit(failed_to_connect_to_openssl);
-    ok;
-do_wait_for_openssl_dtls_server(Port, N) ->
-    %% case gen_udp:open(0) of
-    %%     {ok, S} ->
-    %%         gen_udp:connect(S, "localhost", Port),
-    %%         gen_udp:close(S);
-    %%     _  ->
-    %%         ct:sleep(?SLEEP),
-    %%         do_wait_for_openssl_dtls_server(Port, N-1)
-    %% end.
-    ct:sleep(500),
-    do_wait_for_openssl_dtls_server(Port, N-1).
-
 version_flag(tlsv1) ->
     "-tls1";
 version_flag('tlsv1.1') ->
@@ -1660,78 +1646,3 @@ hardcode_dsa_key(3) ->
        y =  48598545580251057979126570873881530215432219542526130654707948736559463436274835406081281466091739849794036308281564299754438126857606949027748889019480936572605967021944405048011118039171039273602705998112739400664375208228641666852589396502386172780433510070337359132965412405544709871654840859752776060358,
        x = 1457508827177594730669011716588605181448418352823}.
 
-dtls_hello() ->
-    [1,
-     <<0,1,4>>,
-     <<0,0>>,
-     <<0,0,0>>,
-     <<0,1,4>>,
-     <<254,253,88,
-       156,129,61,
-       131,216,15,
-       131,194,242,
-       46,154,190,
-       20,228,234,
-       234,150,44,
-       62,96,96,103,
-       127,95,103,
-       23,24,42,138,
-       13,142,32,57,
-       230,177,32,
-       210,154,152,
-       188,121,134,
-       136,53,105,
-       118,96,106,
-       103,231,223,
-       133,10,165,
-       50,32,211,
-       227,193,14,
-       181,143,48,
-       66,0,0,100,0,
-       255,192,44,
-       192,48,192,
-       36,192,40,
-       192,46,192,
-       50,192,38,
-       192,42,0,159,
-       0,163,0,107,
-       0,106,0,157,
-       0,61,192,43,
-       192,47,192,
-       35,192,39,
-       192,45,192,
-       49,192,37,
-       192,41,0,158,
-       0,162,0,103,
-       0,64,0,156,0,
-       60,192,10,
-       192,20,0,57,
-       0,56,192,5,
-       192,15,0,53,
-       192,8,192,18,
-       0,22,0,19,
-       192,3,192,13,
-       0,10,192,9,
-       192,19,0,51,
-       0,50,192,4,
-       192,14,0,47,
-       1,0,0,86,0,0,
-       0,14,0,12,0,
-       0,9,108,111,
-       99,97,108,
-       104,111,115,
-       116,0,10,0,
-       58,0,56,0,14,
-       0,13,0,25,0,
-       28,0,11,0,12,
-       0,27,0,24,0,
-       9,0,10,0,26,
-       0,22,0,23,0,
-       8,0,6,0,7,0,
-       20,0,21,0,4,
-       0,5,0,18,0,
-       19,0,1,0,2,0,
-       3,0,15,0,16,
-       0,17,0,11,0,
-       2,1,0>>].
-
-- 
cgit v1.2.3


From 39fb981193c137ba6e3621bae49c07eb0b4d92cf Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Fri, 5 Jan 2018 22:35:43 +0100
Subject: dtls: Filter out rc4 for DTLS psk suites

Stream ciphers are not valid fro DTLS
---
 lib/ssl/src/ssl_cipher.erl    |  2 +-
 lib/ssl/test/ssl_test_lib.erl | 29 ++++++++++++++++++++---------
 2 files changed, 21 insertions(+), 10 deletions(-)

(limited to 'lib/ssl')

diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl
index 18271f325a..7efc39e659 100644
--- a/lib/ssl/src/ssl_cipher.erl
+++ b/lib/ssl/src/ssl_cipher.erl
@@ -2148,7 +2148,7 @@ calc_mac_hash(Type, Version,
 	     MacSecret, SeqNo, Type,
 	     Length, PlainFragment).
 
-is_stream_ciphersuite({_, rc4_128, _, _}) ->
+is_stream_ciphersuite(#{cipher := rc4_128}) ->
     true;
 is_stream_ciphersuite(_) ->
     false.
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index 29af57605c..f9cc6ab8b7 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -1024,15 +1024,26 @@ string_regex_filter(Str, Search) when is_list(Str) ->
 string_regex_filter(_Str, _Search) ->
     false.
 
-anonymous_suites(Version) ->
-    [ssl_cipher:erl_suite_definition(S) || S <- ssl_cipher:filter_suites(ssl_cipher:anonymous_suites(Version))].
-
-psk_suites(Version) ->
-    [ssl_cipher:erl_suite_definition(S) || S <-  ssl_cipher:filter_suites(ssl_cipher:psk_suites(Version))].
-
-psk_anon_suites(Version) ->
-    [Suite || Suite <-  psk_suites(Version), is_psk_anon_suite(Suite)].
-
+anonymous_suites({3,_ } = Version) ->
+    [ssl_cipher:erl_suite_definition(S) || S <- ssl_cipher:filter_suites(ssl_cipher:anonymous_suites(Version))];
+anonymous_suites(DTLSVersion) ->
+    Version = dtls_v1:corresponding_tls_version(DTLSVersion),
+    [ssl_cipher:erl_suite_definition(S) || S <- ssl_cipher:filter_suites(ssl_cipher:anonymous_suites(Version)), 
+                                           not ssl_cipher:is_stream_ciphersuite(tuple_to_map(ssl_cipher:erl_suite_definition(S)))].
+
+psk_suites({3,_ } = Version) ->
+    [ssl_cipher:erl_suite_definition(S) || S <-  ssl_cipher:filter_suites(ssl_cipher:psk_suites(Version))];
+psk_suites(DTLSVersion) ->
+    Version = dtls_v1:corresponding_tls_version(DTLSVersion),
+    [ssl_cipher:erl_suite_definition(S) || S <-  ssl_cipher:filter_suites(ssl_cipher:psk_suites(Version)),  
+                                           not ssl_cipher:is_stream_ciphersuite(tuple_to_map(ssl_cipher:erl_suite_definition(S)))].
+
+psk_anon_suites({3,_ } = Version) ->
+    [Suite || Suite <-  psk_suites(Version), is_psk_anon_suite(Suite)];
+psk_anon_suites(DTLSVersion) ->
+    Version = dtls_v1:corresponding_tls_version(DTLSVersion),
+    [Suite || Suite <- psk_suites(Version), is_psk_anon_suite(Suite),  
+              not ssl_cipher:is_stream_ciphersuite(tuple_to_map(Suite))].
 srp_suites() ->
     [ssl_cipher:erl_suite_definition(Suite) || 
         Suite  <-
-- 
cgit v1.2.3