[openssl] master update

Matt Caswell matt at openssl.org
Tue Dec 8 16:08:07 UTC 2020


The branch master has been updated
       via  8778f0eb8e6bfb32c0d01cf0e3c9d2e61619818e (commit)
       via  b1fdbc688c474ab5a843471c596b2d5863643a7c (commit)
      from  142841ddc4940b6fe74d8c8a846f27d6e2ee29dd (commit)


- Log -----------------------------------------------------------------
commit 8778f0eb8e6bfb32c0d01cf0e3c9d2e61619818e
Author: Matt Caswell <matt at openssl.org>
Date:   Wed Dec 2 15:58:39 2020 +0000

    Fix a compilation failure with no-tls_1_2
    
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/13596)

commit b1fdbc688c474ab5a843471c596b2d5863643a7c
Author: Matt Caswell <matt at openssl.org>
Date:   Wed Dec 2 15:40:34 2020 +0000

    Fix a test failure with no-tls1_3
    
    If we're using TLSv1.2 then the test_sigalgs_available test needs to be
    careful which ciphersuite is selected in order for the test to behave
    correctly.
    
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/13596)

-----------------------------------------------------------------------

Summary of changes:
 test/sslapitest.c | 24 ++++++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

diff --git a/test/sslapitest.c b/test/sslapitest.c
index 158295c034..6592b6bda6 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -7820,7 +7820,8 @@ static int test_servername(int tst)
     return testresult;
 }
 
-#ifndef OPENSSL_NO_EC
+#if !defined(OPENSSL_NO_EC) \
+    && (!defined(OPENSSL_NO_TLS1_3) || !defined(OPENSSL_NO_TLS1_2))
 /*
  * Test that if signature algorithms are not available, then we do not offer or
  * accept them.
@@ -7889,6 +7890,17 @@ static int test_sigalgs_available(int idx)
                                        &sctx, &cctx, cert, privkey)))
         goto end;
 
+    /* Ensure we only use TLSv1.2 ciphersuites based on SHA256 */
+    if (idx < 4) {
+        if (!TEST_true(SSL_CTX_set_cipher_list(cctx,
+                                               "ECDHE-RSA-AES128-GCM-SHA256")))
+            goto end;
+    } else {
+        if (!TEST_true(SSL_CTX_set_cipher_list(cctx,
+                                               "ECDHE-ECDSA-AES128-GCM-SHA256")))
+            goto end;
+    }
+
     if (idx < 3) {
         if (!SSL_CTX_set1_sigalgs_list(cctx,
                                        "rsa_pss_rsae_sha384"
@@ -7944,7 +7956,10 @@ static int test_sigalgs_available(int idx)
 
     return testresult;
 }
-#endif /* OPENSSL_NO_EC */
+#endif /*
+        * !defined(OPENSSL_NO_EC) \
+        * && (!defined(OPENSSL_NO_TLS1_3) || !defined(OPENSSL_NO_TLS1_2))
+        */
 
 #ifndef OPENSSL_NO_TLS1_3
 static int test_pluggable_group(int idx)
@@ -8586,7 +8601,8 @@ int setup_tests(void)
     ADD_ALL_TESTS(test_multiblock_write, OSSL_NELEM(multiblock_cipherlist_data));
 #endif
     ADD_ALL_TESTS(test_servername, 10);
-#ifndef OPENSSL_NO_EC
+#if !defined(OPENSSL_NO_EC) \
+    && (!defined(OPENSSL_NO_TLS1_3) || !defined(OPENSSL_NO_TLS1_2))
     ADD_ALL_TESTS(test_sigalgs_available, 6);
 #endif
 #ifndef OPENSSL_NO_TLS1_3
@@ -8611,7 +8627,7 @@ int setup_tests(void)
 
 void cleanup_tests(void)
 {
-# ifndef OPENSSL_NO_DH
+# if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DH)
     EVP_PKEY_free(tmp_dh_params);
 #endif
     OPENSSL_free(cert);


More information about the openssl-commits mailing list