From 934b3985a409d7e0a88557dd4313222194a110bd Mon Sep 17 00:00:00 2001 From: beck <> Date: Wed, 23 Jan 2019 18:39:28 +0000 Subject: Modify sigalgs extension processing to accomodate TLS 1.3. - Make a separate sigalgs list for TLS 1.3 including only modern algorithm choices which we use when the handshake will not negotiate TLS 1.2. - Modify the legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as mandated by RFC8446 when the handshake will permit negotiation of TLS 1.2 from a 1.3 handshake. ok jsing@ tb@ --- src/regress/lib/libssl/tlsext/tlsexttest.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) (limited to 'src/regress/lib/libssl/tlsext/tlsexttest.c') diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c index 5689a1c29e..32895a49ad 100644 --- a/src/regress/lib/libssl/tlsext/tlsexttest.c +++ b/src/regress/lib/libssl/tlsext/tlsexttest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tlsexttest.c,v 1.24 2019/01/23 18:24:40 beck Exp $ */ +/* $OpenBSD: tlsexttest.c,v 1.25 2019/01/23 18:39:28 beck Exp $ */ /* * Copyright (c) 2017 Joel Sing * Copyright (c) 2017 Doug Hogan @@ -1505,10 +1505,11 @@ test_tlsext_ri_server(void) */ static unsigned char tlsext_sigalgs_client[] = { - 0x00, 0x1a, 0x06, 0x01, 0x06, 0x03, 0xef, 0xef, - 0x05, 0x01, 0x05, 0x03, 0x04, 0x01, 0x04, 0x03, - 0xee, 0xee, 0xed, 0xed, 0x03, 0x01, 0x03, 0x03, - 0x02, 0x01, 0x02, 0x03, + 0x00, 0x20, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, + 0xef, 0xef, 0x08, 0x05, 0x05, 0x01, 0x05, 0x03, + 0x08, 0x04, 0x04, 0x01, 0x04, 0x03, 0xee, 0xee, + 0xed, 0xed, 0x03, 0x01, 0x03, 0x03, 0x02, 0x01, + 0x02, 0x03, }; static int @@ -2732,13 +2733,14 @@ test_tlsext_srtp_server(void) #endif /* OPENSSL_NO_SRTP */ unsigned char tlsext_clienthello_default[] = { - 0x00, 0x36, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, + 0x00, 0x3c, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x23, 0x00, 0x00, - 0x00, 0x0d, 0x00, 0x1c, 0x00, 0x1a, 0x06, 0x01, - 0x06, 0x03, 0xef, 0xef, 0x05, 0x01, 0x05, 0x03, - 0x04, 0x01, 0x04, 0x03, 0xee, 0xee, 0xed, 0xed, - 0x03, 0x01, 0x03, 0x03, 0x02, 0x01, 0x02, 0x03, + 0x00, 0x0d, 0x00, 0x22, 0x00, 0x20, 0x08, 0x06, + 0x06, 0x01, 0x06, 0x03, 0xef, 0xef, 0x08, 0x05, + 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 0x01, + 0x04, 0x03, 0xee, 0xee, 0xed, 0xed, 0x03, 0x01, + 0x03, 0x03, 0x02, 0x01, 0x02, 0x03, }; unsigned char tlsext_clienthello_disabled[] = {}; -- cgit v1.2.3-55-g6feb