diff options
| author | Bob Beck <beck@cvs.openbsd.org> | 2019-01-24 00:07:59 +0000 |
|---|---|---|
| committer | Bob Beck <beck@cvs.openbsd.org> | 2019-01-24 00:07:59 +0000 |
| commit | 66f6ef806362b0bbd9f86657657c5218bc6a1d0e (patch) | |
| tree | eeb0eb5bb9d18b506910b43963da145ef6408842 /regress | |
| parent | f07d8f25946e9e591905a159bb8052776d040d3f (diff) | |
Remove SHA224 based sigalgs from use in TLS 1.2 as SHA224 is deprecated.
Remove GOST based sigalgs from TLS 1.2 since they don't work with TLS 1.2.
ok jsing@
Diffstat (limited to 'regress')
| -rw-r--r-- | regress/lib/libssl/client/clienttest.c | 24 | ||||
| -rw-r--r-- | regress/lib/libssl/tlsext/tlsexttest.c | 28 |
2 files changed, 21 insertions, 31 deletions
diff --git a/regress/lib/libssl/client/clienttest.c b/regress/lib/libssl/client/clienttest.c index 25a8790e61e..6b8ea7d8bd9 100644 --- a/regress/lib/libssl/client/clienttest.c +++ b/regress/lib/libssl/client/clienttest.c @@ -141,12 +141,12 @@ static unsigned char cipher_list_tls12_chacha[] = { }; static unsigned char client_hello_tls12[] = { - 0x16, 0x03, 0x01, 0x00, 0xc5, 0x01, 0x00, 0x00, - 0xc1, 0x03, 0x03, 0xc9, 0xf9, 0x1f, 0x05, 0xaf, - 0x61, 0xd7, 0xe7, 0x84, 0xd1, 0x1c, 0x6f, 0x79, - 0x32, 0x04, 0x8e, 0x5c, 0xe3, 0x18, 0x5a, 0x85, - 0xee, 0x44, 0xe1, 0xca, 0x32, 0xce, 0x07, 0xd3, - 0xdb, 0x0f, 0x91, 0x00, 0x00, 0x5c, 0xc0, 0x30, + 0x16, 0x03, 0x01, 0x00, 0xbb, 0x01, 0x00, 0x00, + 0xb7, 0x03, 0x03, 0x2b, 0x39, 0xcc, 0x56, 0xfc, + 0xc4, 0x98, 0x8e, 0xfc, 0x22, 0x89, 0xc5, 0x1e, + 0xa9, 0x88, 0xbd, 0x6e, 0xd8, 0xd1, 0xd6, 0xc1, + 0xc3, 0x12, 0xe8, 0xe0, 0x1e, 0xfa, 0xa8, 0x21, + 0xd9, 0x2d, 0x4d, 0x00, 0x00, 0x5c, 0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xff, 0x85, @@ -158,15 +158,13 @@ static unsigned char client_hello_tls12[] = { 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, - 0x00, 0xff, 0x01, 0x00, 0x00, 0x3c, 0x00, 0x0b, + 0x00, 0xff, 0x01, 0x00, 0x00, 0x32, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, - 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x22, - 0x00, 0x20, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, - 0xef, 0xef, 0x08, 0x05, 0x05, 0x01, 0x05, 0x03, - 0x08, 0x04, 0x04, 0x01, 0x04, 0x03, 0xee, 0xee, - 0xed, 0xed, 0x03, 0x01, 0x03, 0x03, 0x02, 0x01, - 0x02, 0x03, + 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x18, + 0x00, 0x16, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, + 0x08, 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, + 0x04, 0x01, 0x04, 0x03, 0x02, 0x01, 0x02, 0x03, }; struct client_hello_test { diff --git a/regress/lib/libssl/tlsext/tlsexttest.c b/regress/lib/libssl/tlsext/tlsexttest.c index 32895a49add..05b18b5b05f 100644 --- a/regress/lib/libssl/tlsext/tlsexttest.c +++ b/regress/lib/libssl/tlsext/tlsexttest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tlsexttest.c,v 1.25 2019/01/23 18:39:28 beck Exp $ */ +/* $OpenBSD: tlsexttest.c,v 1.26 2019/01/24 00:07:58 beck Exp $ */ /* * Copyright (c) 2017 Joel Sing <jsing@openbsd.org> * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> @@ -1505,11 +1505,9 @@ test_tlsext_ri_server(void) */ static unsigned char tlsext_sigalgs_client[] = { - 0x00, 0x20, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, - 0xef, 0xef, 0x08, 0x05, 0x05, 0x01, 0x05, 0x03, - 0x08, 0x04, 0x04, 0x01, 0x04, 0x03, 0xee, 0xee, - 0xed, 0xed, 0x03, 0x01, 0x03, 0x03, 0x02, 0x01, - 0x02, 0x03, + 0x00, 0x16, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, + 0x08, 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, + 0x04, 0x01, 0x04, 0x03, 0x02, 0x01, 0x02, 0x03, }; static int @@ -1599,11 +1597,6 @@ test_tlsext_sigalgs_client(void) failure = 1; goto done; } - if (ssl->cert->pkeys[SSL_PKEY_GOST01].sigalg->md() != EVP_streebog512()) { - fprintf(stderr, "FAIL: GOST01 digest mismatch\n"); - failure = 1; - goto done; - } done: CBB_cleanup(&cbb); @@ -2733,14 +2726,13 @@ test_tlsext_srtp_server(void) #endif /* OPENSSL_NO_SRTP */ unsigned char tlsext_clienthello_default[] = { - 0x00, 0x3c, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, + 0x00, 0x32, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x23, 0x00, 0x00, - 0x00, 0x0d, 0x00, 0x22, 0x00, 0x20, 0x08, 0x06, - 0x06, 0x01, 0x06, 0x03, 0xef, 0xef, 0x08, 0x05, - 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 0x01, - 0x04, 0x03, 0xee, 0xee, 0xed, 0xed, 0x03, 0x01, - 0x03, 0x03, 0x02, 0x01, 0x02, 0x03, + 0x00, 0x0d, 0x00, 0x18, 0x00, 0x16, 0x08, 0x06, + 0x06, 0x01, 0x06, 0x03, 0x08, 0x05, 0x05, 0x01, + 0x05, 0x03, 0x08, 0x04, 0x04, 0x01, 0x04, 0x03, + 0x02, 0x01, 0x02, 0x03, }; unsigned char tlsext_clienthello_disabled[] = {}; @@ -3097,7 +3089,7 @@ test_tlsext_keyshare_client(void) } if (dlen != sizeof(tlsext_keyshare_client)) { - FAIL("got client sigalgs with length %zu, " + FAIL("got client keyshare with length %zu, " "want length %zu\n", dlen, (size_t) sizeof(tlsext_keyshare_client)); failure = 1; goto done; |