Remove SHA224 based sigalgs from use in TLS 1.2 as SHA224 is deprecated.

Remove GOST based sigalgs from TLS 1.2 since they don't work with TLS 1.2. ok jsing@
author: beck <> 2019-01-24 00:07:58 +0000
committer: beck <> 2019-01-24 00:07:58 +0000
commit: 0c4d3f4e4b1febe6578a3147f00c5604cbbba167 (patch)
tree: 473d2df51bf1efb41163303f552794cfc223bad1 /src/regress/lib/libssl/tlsext
parent: 0a4b909395f2a5effee0b6326c75021b6d4a9968 (diff)
download: openbsd-0c4d3f4e4b1febe6578a3147f00c5604cbbba167.tar.gz
openbsd-0c4d3f4e4b1febe6578a3147f00c5604cbbba167.tar.bz2
openbsd-0c4d3f4e4b1febe6578a3147f00c5604cbbba167.zip
1 files changed, 10 insertions, 18 deletions
diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c
index 32895a49ad..05b18b5b05 100644
--- a/src/regress/lib/libssl/tlsext/tlsexttest.c
+++ b/src/regress/lib/libssl/tlsext/tlsexttest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tlsexttest.c,v 1.25 2019/01/23 18:39:28 beck Exp $ */
+/* $OpenBSD: tlsexttest.c,v 1.26 2019/01/24 00:07:58 beck Exp $ */
 /*
 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -1505,11 +1505,9 @@ test_tlsext_ri_server(void)
 */
 static unsigned char tlsext_sigalgs_client[] = {
-        0x00, 0x20, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03,
+        0x00, 0x16, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03,
-        0xef, 0xef, 0x08, 0x05, 0x05, 0x01, 0x05, 0x03,
+        0x08, 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04,
-        0x08, 0x04, 0x04, 0x01, 0x04, 0x03, 0xee, 0xee,
+        0x04, 0x01, 0x04, 0x03, 0x02, 0x01, 0x02, 0x03,
-        0xed, 0xed, 0x03, 0x01, 0x03, 0x03, 0x02, 0x01,
-        0x02, 0x03,
 };
 static int
@@ -1599,11 +1597,6 @@ test_tlsext_sigalgs_client(void)
                failure = 1;
                goto done;
        }
-        if (ssl->cert->pkeys[SSL_PKEY_GOST01].sigalg->md() != EVP_streebog512()) {
-                fprintf(stderr, "FAIL: GOST01 digest mismatch\n");
-                failure = 1;
-                goto done;
-        }
 done:
        CBB_cleanup(&cbb);
@@ -2733,14 +2726,13 @@ test_tlsext_srtp_server(void)
 #endif /* OPENSSL_NO_SRTP */
 unsigned char tlsext_clienthello_default[] = {
-        0x00, 0x3c, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00,
+        0x00, 0x32, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00,
        0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d,
        0x00, 0x17, 0x00, 0x18, 0x00, 0x23, 0x00, 0x00,
-        0x00, 0x0d, 0x00, 0x22, 0x00, 0x20, 0x08, 0x06,
+        0x00, 0x0d, 0x00, 0x18, 0x00, 0x16, 0x08, 0x06,
-        0x06, 0x01, 0x06, 0x03, 0xef, 0xef, 0x08, 0x05,
+        0x06, 0x01, 0x06, 0x03, 0x08, 0x05, 0x05, 0x01,
-        0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 0x01,
+        0x05, 0x03, 0x08, 0x04, 0x04, 0x01, 0x04, 0x03,
-        0x04, 0x03, 0xee, 0xee, 0xed, 0xed, 0x03, 0x01,
+        0x02, 0x01, 0x02, 0x03,
-        0x03, 0x03, 0x02, 0x01, 0x02, 0x03,
 };
 unsigned char tlsext_clienthello_disabled[] = {};
@@ -3097,7 +3089,7 @@ test_tlsext_keyshare_client(void)
        }
        if (dlen != sizeof(tlsext_keyshare_client)) {
-                FAIL("got client sigalgs with length %zu, "
+                FAIL("got client keyshare with length %zu, "
                    "want length %zu\n", dlen, (size_t) sizeof(tlsext_keyshare_client));
                failure = 1;
                goto done;
author	beck <>	2019-01-24 00:07:58 +0000
committer	beck <>	2019-01-24 00:07:58 +0000
commit	0c4d3f4e4b1febe6578a3147f00c5604cbbba167 (patch)
tree	473d2df51bf1efb41163303f552794cfc223bad1 /src/regress/lib/libssl/tlsext
parent	0a4b909395f2a5effee0b6326c75021b6d4a9968 (diff)
download	openbsd-0c4d3f4e4b1febe6578a3147f00c5604cbbba167.tar.gz openbsd-0c4d3f4e4b1febe6578a3147f00c5604cbbba167.tar.bz2 openbsd-0c4d3f4e4b1febe6578a3147f00c5604cbbba167.zip