summaryrefslogtreecommitdiff
path: root/regress/usr.bin/openssl
diff options
context:
space:
mode:
authorKinichiro Inoguchi <inoguchi@cvs.openbsd.org>2020-05-29 14:26:02 +0000
committerKinichiro Inoguchi <inoguchi@cvs.openbsd.org>2020-05-29 14:26:02 +0000
commit6d02a6ace8576f34a7e1bf17b29902ee282cf985 (patch)
treec5632502b4649509aad1e5074e13de30e965035f /regress/usr.bin/openssl
parenteaa4df00e6b75d3cf42581c360e5da81b6eb2475 (diff)
Add checks for SH downgrade sentinel and HRR hash in appstest.sh
Diffstat (limited to 'regress/usr.bin/openssl')
-rwxr-xr-xregress/usr.bin/openssl/appstest.sh28
1 files changed, 27 insertions, 1 deletions
diff --git a/regress/usr.bin/openssl/appstest.sh b/regress/usr.bin/openssl/appstest.sh
index e4d2e2c5afd..47229de0536 100755
--- a/regress/usr.bin/openssl/appstest.sh
+++ b/regress/usr.bin/openssl/appstest.sh
@@ -1,6 +1,6 @@
#!/bin/sh
#
-# $OpenBSD: appstest.sh,v 1.44 2020/05/19 13:50:09 inoguchi Exp $
+# $OpenBSD: appstest.sh,v 1.45 2020/05/29 14:26:01 inoguchi Exp $
#
# Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org>
#
@@ -1448,6 +1448,32 @@ function test_sc_by_protocol_version {
-msg -tlsextdebug < /dev/null > $s_client_out 2>&1
check_exit_status $?
+ # check downgrade bits in SH
+ if [ $ver = "tls1" -o $ver = "tls1_1" ] ; then
+ perl -0ne \
+ 'exit (!/ServerHello\n.*\n.*44 4f\n.*57 4e 47 52 44 00/m)' \
+ $s_client_out
+ check_exit_status $?
+ elif [ $ver = "tls1_2" ] ; then
+ perl -0ne \
+ 'exit (!/ServerHello\n.*\n.*44 4f\n.*57 4e 47 52 44 01/m)' \
+ $s_client_out
+ check_exit_status $?
+ elif [ $ver = "tls1_3" ] ; then
+ perl -0ne \
+ 'exit (/ServerHello\n.*\n.*44 4f\n.*57 4e 47 52 44/m)' \
+ $s_client_out
+ check_exit_status $?
+ fi
+
+ # check HRR hash
+ if [ $ver = "tls1_3" ] ; then
+ perl -0ne \
+ 'exit (!/ServerHello\n.*cf 21 ad 74 e5 9a 61 11 be 1d\n.*8c 02 1e 65 b8 91 c2 a2 11 16 7a bb 8c 5e 07 9e\n.*09 e2 c8 a8 33 9c/m)' \
+ $s_client_out
+ check_exit_status $?
+ fi
+
if [ $ver = "tls1_3" ] ; then
grep 'Server Temp Key: ECDH, P-384, 384 bits' $s_client_out \
> /dev/null