diff options
| author | beck <> | 2019-01-23 18:39:28 +0000 |
|---|---|---|
| committer | beck <> | 2019-01-23 18:39:28 +0000 |
| commit | 934b3985a409d7e0a88557dd4313222194a110bd (patch) | |
| tree | e5f32c31b20068e7d8674ff7ddb1ea2fe2ca16fa /src/regress/lib/libssl/tlsext | |
| parent | 03a77eef903481d4308502d32fca33a961c4bb3a (diff) | |
| download | openbsd-934b3985a409d7e0a88557dd4313222194a110bd.tar.gz openbsd-934b3985a409d7e0a88557dd4313222194a110bd.tar.bz2 openbsd-934b3985a409d7e0a88557dd4313222194a110bd.zip | |
Modify sigalgs extension processing to accomodate TLS 1.3.
- Make a separate sigalgs list for TLS 1.3 including only modern
algorithm choices which we use when the handshake will not negotiate
TLS 1.2.
- Modify the legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as
mandated by RFC8446 when the handshake will permit negotiation of TLS 1.2
from a 1.3 handshake.
ok jsing@ tb@
Diffstat (limited to 'src/regress/lib/libssl/tlsext')
| -rw-r--r-- | src/regress/lib/libssl/tlsext/tlsexttest.c | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c index 5689a1c29e..32895a49ad 100644 --- a/src/regress/lib/libssl/tlsext/tlsexttest.c +++ b/src/regress/lib/libssl/tlsext/tlsexttest.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tlsexttest.c,v 1.24 2019/01/23 18:24:40 beck Exp $ */ | 1 | /* $OpenBSD: tlsexttest.c,v 1.25 2019/01/23 18:39:28 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2017 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2017 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> | 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> |
| @@ -1505,10 +1505,11 @@ test_tlsext_ri_server(void) | |||
| 1505 | */ | 1505 | */ |
| 1506 | 1506 | ||
| 1507 | static unsigned char tlsext_sigalgs_client[] = { | 1507 | static unsigned char tlsext_sigalgs_client[] = { |
| 1508 | 0x00, 0x1a, 0x06, 0x01, 0x06, 0x03, 0xef, 0xef, | 1508 | 0x00, 0x20, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, |
| 1509 | 0x05, 0x01, 0x05, 0x03, 0x04, 0x01, 0x04, 0x03, | 1509 | 0xef, 0xef, 0x08, 0x05, 0x05, 0x01, 0x05, 0x03, |
| 1510 | 0xee, 0xee, 0xed, 0xed, 0x03, 0x01, 0x03, 0x03, | 1510 | 0x08, 0x04, 0x04, 0x01, 0x04, 0x03, 0xee, 0xee, |
| 1511 | 0x02, 0x01, 0x02, 0x03, | 1511 | 0xed, 0xed, 0x03, 0x01, 0x03, 0x03, 0x02, 0x01, |
| 1512 | 0x02, 0x03, | ||
| 1512 | }; | 1513 | }; |
| 1513 | 1514 | ||
| 1514 | static int | 1515 | static int |
| @@ -2732,13 +2733,14 @@ test_tlsext_srtp_server(void) | |||
| 2732 | #endif /* OPENSSL_NO_SRTP */ | 2733 | #endif /* OPENSSL_NO_SRTP */ |
| 2733 | 2734 | ||
| 2734 | unsigned char tlsext_clienthello_default[] = { | 2735 | unsigned char tlsext_clienthello_default[] = { |
| 2735 | 0x00, 0x36, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, | 2736 | 0x00, 0x3c, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, |
| 2736 | 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, | 2737 | 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, |
| 2737 | 0x00, 0x17, 0x00, 0x18, 0x00, 0x23, 0x00, 0x00, | 2738 | 0x00, 0x17, 0x00, 0x18, 0x00, 0x23, 0x00, 0x00, |
| 2738 | 0x00, 0x0d, 0x00, 0x1c, 0x00, 0x1a, 0x06, 0x01, | 2739 | 0x00, 0x0d, 0x00, 0x22, 0x00, 0x20, 0x08, 0x06, |
| 2739 | 0x06, 0x03, 0xef, 0xef, 0x05, 0x01, 0x05, 0x03, | 2740 | 0x06, 0x01, 0x06, 0x03, 0xef, 0xef, 0x08, 0x05, |
| 2740 | 0x04, 0x01, 0x04, 0x03, 0xee, 0xee, 0xed, 0xed, | 2741 | 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 0x01, |
| 2741 | 0x03, 0x01, 0x03, 0x03, 0x02, 0x01, 0x02, 0x03, | 2742 | 0x04, 0x03, 0xee, 0xee, 0xed, 0xed, 0x03, 0x01, |
| 2743 | 0x03, 0x03, 0x02, 0x01, 0x02, 0x03, | ||
| 2742 | }; | 2744 | }; |
| 2743 | 2745 | ||
| 2744 | unsigned char tlsext_clienthello_disabled[] = {}; | 2746 | unsigned char tlsext_clienthello_disabled[] = {}; |