From 270386aeb897dbe91adb8d282e1975ec3225f074 Mon Sep 17 00:00:00 2001
From: inoguchi <>
Date: Fri, 29 May 2020 14:26:01 +0000
Subject: Add checks for SH downgrade sentinel and HRR hash in appstest.sh

---
 src/regress/usr.bin/openssl/appstest.sh | 28 +++++++++++++++++++++++++++-
 1 file changed, 27 insertions(+), 1 deletion(-)

diff --git a/src/regress/usr.bin/openssl/appstest.sh b/src/regress/usr.bin/openssl/appstest.sh
index e4d2e2c5af..47229de053 100755
--- a/src/regress/usr.bin/openssl/appstest.sh
+++ b/src/regress/usr.bin/openssl/appstest.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# $OpenBSD: appstest.sh,v 1.44 2020/05/19 13:50:09 inoguchi Exp $
+# $OpenBSD: appstest.sh,v 1.45 2020/05/29 14:26:01 inoguchi Exp $
 #
 # Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org>
 #
@@ -1448,6 +1448,32 @@ function test_sc_by_protocol_version {
 		-msg -tlsextdebug < /dev/null > $s_client_out 2>&1
 	check_exit_status $?
 	
+	# check downgrade bits in SH
+	if [ $ver = "tls1" -o $ver = "tls1_1" ] ; then
+		perl -0ne \
+		    'exit (!/ServerHello\n.*\n.*44 4f\n.*57 4e 47 52 44 00/m)' \
+		    $s_client_out
+		check_exit_status $?
+	elif [ $ver = "tls1_2" ] ; then
+		perl -0ne \
+		    'exit (!/ServerHello\n.*\n.*44 4f\n.*57 4e 47 52 44 01/m)' \
+		    $s_client_out
+		check_exit_status $?
+	elif [ $ver = "tls1_3" ] ; then
+		perl -0ne \
+		    'exit (/ServerHello\n.*\n.*44 4f\n.*57 4e 47 52 44/m)' \
+		    $s_client_out
+		check_exit_status $?
+	fi
+
+	# check HRR hash
+	if [ $ver = "tls1_3" ] ; then
+		perl -0ne \
+		    'exit (!/ServerHello\n.*cf 21 ad 74 e5 9a 61 11 be 1d\n.*8c 02 1e 65 b8 91 c2 a2 11 16 7a bb 8c 5e 07 9e\n.*09 e2 c8 a8 33 9c/m)' \
+		    $s_client_out
+		check_exit_status $?
+	fi
+
 	if [ $ver = "tls1_3" ] ; then
 		grep 'Server Temp Key: ECDH, P-384, 384 bits' $s_client_out \
 			> /dev/null
-- 
cgit v1.2.3-55-g6feb