diff options
author | Kinichiro Inoguchi <inoguchi@cvs.openbsd.org> | 2020-05-29 14:26:02 +0000 |
---|---|---|
committer | Kinichiro Inoguchi <inoguchi@cvs.openbsd.org> | 2020-05-29 14:26:02 +0000 |
commit | 6d02a6ace8576f34a7e1bf17b29902ee282cf985 (patch) | |
tree | c5632502b4649509aad1e5074e13de30e965035f /regress/usr.bin/openssl | |
parent | eaa4df00e6b75d3cf42581c360e5da81b6eb2475 (diff) |
Add checks for SH downgrade sentinel and HRR hash in appstest.sh
Diffstat (limited to 'regress/usr.bin/openssl')
-rwxr-xr-x | regress/usr.bin/openssl/appstest.sh | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/regress/usr.bin/openssl/appstest.sh b/regress/usr.bin/openssl/appstest.sh index e4d2e2c5afd..47229de0536 100755 --- a/regress/usr.bin/openssl/appstest.sh +++ b/regress/usr.bin/openssl/appstest.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# $OpenBSD: appstest.sh,v 1.44 2020/05/19 13:50:09 inoguchi Exp $ +# $OpenBSD: appstest.sh,v 1.45 2020/05/29 14:26:01 inoguchi Exp $ # # Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org> # @@ -1448,6 +1448,32 @@ function test_sc_by_protocol_version { -msg -tlsextdebug < /dev/null > $s_client_out 2>&1 check_exit_status $? + # check downgrade bits in SH + if [ $ver = "tls1" -o $ver = "tls1_1" ] ; then + perl -0ne \ + 'exit (!/ServerHello\n.*\n.*44 4f\n.*57 4e 47 52 44 00/m)' \ + $s_client_out + check_exit_status $? + elif [ $ver = "tls1_2" ] ; then + perl -0ne \ + 'exit (!/ServerHello\n.*\n.*44 4f\n.*57 4e 47 52 44 01/m)' \ + $s_client_out + check_exit_status $? + elif [ $ver = "tls1_3" ] ; then + perl -0ne \ + 'exit (/ServerHello\n.*\n.*44 4f\n.*57 4e 47 52 44/m)' \ + $s_client_out + check_exit_status $? + fi + + # check HRR hash + if [ $ver = "tls1_3" ] ; then + perl -0ne \ + 'exit (!/ServerHello\n.*cf 21 ad 74 e5 9a 61 11 be 1d\n.*8c 02 1e 65 b8 91 c2 a2 11 16 7a bb 8c 5e 07 9e\n.*09 e2 c8 a8 33 9c/m)' \ + $s_client_out + check_exit_status $? + fi + if [ $ver = "tls1_3" ] ; then grep 'Server Temp Key: ECDH, P-384, 384 bits' $s_client_out \ > /dev/null |