1 files changed, 60 insertions, 10 deletions

diff --git a/lib/ssl/test/openssl_cipher_suite_SUITE.erl b/lib/ssl/test/openssl_cipher_suite_SUITE.erl
index 64c3899889..61297a5f18 100644
--- a/lib/ssl/test/openssl_cipher_suite_SUITE.erl
+++ b/lib/ssl/test/openssl_cipher_suite_SUITE.erl
@@ -82,7 +82,11 @@
          aes_128_gcm_sha256/1,
          chacha20_poly1305_sha256/1,
          aes_128_ccm_sha256/1,
-         aes_128_ccm_8_sha256/1
+         aes_128_ccm_8_sha256/1,
+         ecdhe_ecdsa_with_aes_128_ccm/1,
+         ecdhe_ecdsa_with_aes_256_ccm/1,
+         ecdhe_ecdsa_with_aes_128_ccm_8/1,
+         ecdhe_ecdsa_with_aes_256_ccm_8/1
         ]).
 
 -define(DEFAULT_TIMEOUT, {seconds, 6}).
@@ -140,7 +144,11 @@ groups() ->
                        ecdhe_ecdsa_aes_128_gcm,
                        ecdhe_ecdsa_aes_256_cbc,
                        ecdhe_ecdsa_aes_256_gcm,
-                       ecdhe_ecdsa_chacha20_poly1305
+                       ecdhe_ecdsa_chacha20_poly1305,
+                       ecdhe_ecdsa_with_aes_128_ccm,
+                       ecdhe_ecdsa_with_aes_256_ccm,
+                       ecdhe_ecdsa_with_aes_128_ccm_8,
+                       ecdhe_ecdsa_with_aes_256_ccm_8
                       ]},
      {rsa, [], [rsa_des_cbc,
                 rsa_3des_ede_cbc,
@@ -298,7 +306,8 @@ do_init_per_group(ecdhe_ecdsa = GroupName, Config) ->
     end;
 do_init_per_group(dhe_dss = GroupName, Config) ->
     PKAlg = proplists:get_value(public_keys, crypto:supports()),
-    case lists:member(dss, PKAlg) andalso lists:member(dh, PKAlg) of
+    case lists:member(dss, PKAlg) andalso lists:member(dh, PKAlg)
+        andalso (ssl_test_lib:openssl_dsa_suites() =/= []) of
         true ->
             init_certs(GroupName, Config);
         false ->
@@ -306,7 +315,8 @@ do_init_per_group(dhe_dss = GroupName, Config) ->
     end;
 do_init_per_group(srp_dss = GroupName, Config) ->
     PKAlg = proplists:get_value(public_keys, crypto:supports()),
-    case lists:member(dss, PKAlg) andalso lists:member(srp, PKAlg) of
+    case lists:member(dss, PKAlg) andalso lists:member(srp, PKAlg) 
+        andalso (ssl_test_lib:openssl_dsa_suites() =/= []) of
         true ->
             init_certs(GroupName, Config);
         false ->
@@ -339,11 +349,11 @@ do_init_per_group(dhe_rsa = GroupName, Config) ->
     end;
 do_init_per_group(rsa = GroupName, Config) ->
     PKAlg = proplists:get_value(public_keys, crypto:supports()),
-    case lists:member(rsa, PKAlg) of
+    case lists:member(rsa, PKAlg) andalso ssl_test_lib:openssl_support_rsa_kex() of
         true ->
             init_certs(GroupName, Config);
         false ->
-            {skip, "Missing SRP crypto support"}
+            {skip, "Missing RSA key exchange support"}
     end;
 do_init_per_group(dh_anon = GroupName, Config) ->
     PKAlg = proplists:get_value(public_keys, crypto:supports()),
@@ -478,6 +488,28 @@ init_per_testcase(aes_128_ccm_8_sha256, Config) ->
             {skip, "Missing AES_128_CCM_8 crypto support"}
     end;
 
+init_per_testcase(TestCase, Config) when TestCase == ecdhe_ecdsa_with_aes_128_ccm;
+                                         TestCase == ecdhe_ecdsa_with_aes_128_ccm_8->
+    SupCiphers = proplists:get_value(ciphers, crypto:supports()),
+    case lists:member(aes_128_ccm, SupCiphers) of
+        true ->
+            ct:timetrap(?DEFAULT_TIMEOUT),
+            Config;
+        _ ->
+            {skip, "Missing AES_128_CCM crypto support"}
+    end;
+
+init_per_testcase(TestCase, Config) when TestCase == ecdhe_ecdsa_with_aes_256_ccm;
+                                         TestCase == ecdhe_ecdsa_with_aes_256_ccm_8 ->
+    SupCiphers = proplists:get_value(ciphers, crypto:supports()),
+    case lists:member(aes_256_ccm, SupCiphers) of
+        true ->
+            ct:timetrap(?DEFAULT_TIMEOUT),
+            Config;
+        _ ->
+            {skip, "Missing AES_256_CCM crypto support"}
+    end;
+
 init_per_testcase(TestCase, Config) ->
     Cipher = ssl_test_lib:test_cipher(TestCase, Config),
     SupCiphers = proplists:get_value(ciphers, crypto:supports()),
@@ -728,6 +760,18 @@ ecdhe_ecdsa_aes_256_gcm(Config) when is_list(Config) ->
 
 ecdhe_ecdsa_chacha20_poly1305(Config) when is_list(Config) ->
     run_ciphers_test(ecdhe_ecdsa, 'chacha20_poly1305', Config).
+
+ecdhe_ecdsa_with_aes_128_ccm(Config) when is_list(Config) ->
+    run_ciphers_test(ecdhe_ecdsa, 'aes_128_ccm', Config). 
+
+ecdhe_ecdsa_with_aes_256_ccm(Config) when is_list(Config) ->
+    run_ciphers_test(ecdhe_ecdsa, 'aes_256_ccm', Config). 
+
+ecdhe_ecdsa_with_aes_128_ccm_8(Config) when is_list(Config) ->
+    run_ciphers_test(ecdhe_ecdsa, 'aes_128_ccm_8', Config). 
+
+ecdhe_ecdsa_with_aes_256_ccm_8(Config) when is_list(Config) ->
+    run_ciphers_test(ecdhe_ecdsa, 'aes_256_ccm_8', Config). 
 %%--------------------------------------------------------------------
 %% DHE_DSS --------------------------------------------------------
 %%--------------------------------------------------------------------
@@ -897,7 +941,7 @@ run_ciphers_test(Kex, Cipher, Config) ->
             {skip, {not_sup, Kex, Cipher, Version}}
     end.
 
-cipher_suite_test(CipherSuite, _Version, Config) ->
+cipher_suite_test(CipherSuite, Version, Config) ->
     #{server_config := SOpts,
       client_config := COpts} = proplists:get_value(tls_config, Config),
     ServerOpts = ssl_test_lib:ssl_options(SOpts, Config),
@@ -905,11 +949,17 @@ cipher_suite_test(CipherSuite, _Version, Config) ->
     ct:log("Testing CipherSuite ~p~n", [CipherSuite]),
     ct:log("Server Opts ~p~n", [ServerOpts]),
     ct:log("Client Opts ~p~n", [ClientOpts]),
-    ssl_test_lib:basic_test([{ciphers, [CipherSuite]} | COpts], SOpts, Config).
-
+    case proplists:get_value(server_type, Config) of
+        erlang ->
+            ssl_test_lib:basic_test([{ciphers, ssl:cipher_suites(all, Version)} | COpts], 
+                                    [{ciphers, [CipherSuite]} | SOpts], Config);
+        _ ->
+            ssl_test_lib:basic_test([{versions, [Version]}, {ciphers, [CipherSuite]} | COpts], 
+                                    [{ciphers, ssl:cipher_suites(all, Version)} | SOpts], Config)
+    end.
 
 test_ciphers(Kex, Cipher, Version) ->
-    Ciphers = ssl:filter_cipher_suites(ssl:cipher_suites(default, Version) ++ ssl:cipher_suites(anonymous, Version), 
+    Ciphers = ssl:filter_cipher_suites(ssl:cipher_suites(all, Version) ++ ssl:cipher_suites(anonymous, Version), 
                                        [{key_exchange,
                                          fun(Kex0) when (Kex0 == Kex) andalso (Version =/= 'tlsv1.3') -> true;
                                             (Kex0) when (Kex0 == any) andalso (Version == 'tlsv1.3') -> true;