[openssl] master update
Matt Caswell
matt at openssl.org
Tue Dec 8 16:08:07 UTC 2020
The branch master has been updated
via 8778f0eb8e6bfb32c0d01cf0e3c9d2e61619818e (commit)
via b1fdbc688c474ab5a843471c596b2d5863643a7c (commit)
from 142841ddc4940b6fe74d8c8a846f27d6e2ee29dd (commit)
- Log -----------------------------------------------------------------
commit 8778f0eb8e6bfb32c0d01cf0e3c9d2e61619818e
Author: Matt Caswell <matt at openssl.org>
Date: Wed Dec 2 15:58:39 2020 +0000
Fix a compilation failure with no-tls_1_2
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13596)
commit b1fdbc688c474ab5a843471c596b2d5863643a7c
Author: Matt Caswell <matt at openssl.org>
Date: Wed Dec 2 15:40:34 2020 +0000
Fix a test failure with no-tls1_3
If we're using TLSv1.2 then the test_sigalgs_available test needs to be
careful which ciphersuite is selected in order for the test to behave
correctly.
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13596)
-----------------------------------------------------------------------
Summary of changes:
test/sslapitest.c | 24 ++++++++++++++++++++----
1 file changed, 20 insertions(+), 4 deletions(-)
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 158295c034..6592b6bda6 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -7820,7 +7820,8 @@ static int test_servername(int tst)
return testresult;
}
-#ifndef OPENSSL_NO_EC
+#if !defined(OPENSSL_NO_EC) \
+ && (!defined(OPENSSL_NO_TLS1_3) || !defined(OPENSSL_NO_TLS1_2))
/*
* Test that if signature algorithms are not available, then we do not offer or
* accept them.
@@ -7889,6 +7890,17 @@ static int test_sigalgs_available(int idx)
&sctx, &cctx, cert, privkey)))
goto end;
+ /* Ensure we only use TLSv1.2 ciphersuites based on SHA256 */
+ if (idx < 4) {
+ if (!TEST_true(SSL_CTX_set_cipher_list(cctx,
+ "ECDHE-RSA-AES128-GCM-SHA256")))
+ goto end;
+ } else {
+ if (!TEST_true(SSL_CTX_set_cipher_list(cctx,
+ "ECDHE-ECDSA-AES128-GCM-SHA256")))
+ goto end;
+ }
+
if (idx < 3) {
if (!SSL_CTX_set1_sigalgs_list(cctx,
"rsa_pss_rsae_sha384"
@@ -7944,7 +7956,10 @@ static int test_sigalgs_available(int idx)
return testresult;
}
-#endif /* OPENSSL_NO_EC */
+#endif /*
+ * !defined(OPENSSL_NO_EC) \
+ * && (!defined(OPENSSL_NO_TLS1_3) || !defined(OPENSSL_NO_TLS1_2))
+ */
#ifndef OPENSSL_NO_TLS1_3
static int test_pluggable_group(int idx)
@@ -8586,7 +8601,8 @@ int setup_tests(void)
ADD_ALL_TESTS(test_multiblock_write, OSSL_NELEM(multiblock_cipherlist_data));
#endif
ADD_ALL_TESTS(test_servername, 10);
-#ifndef OPENSSL_NO_EC
+#if !defined(OPENSSL_NO_EC) \
+ && (!defined(OPENSSL_NO_TLS1_3) || !defined(OPENSSL_NO_TLS1_2))
ADD_ALL_TESTS(test_sigalgs_available, 6);
#endif
#ifndef OPENSSL_NO_TLS1_3
@@ -8611,7 +8627,7 @@ int setup_tests(void)
void cleanup_tests(void)
{
-# ifndef OPENSSL_NO_DH
+# if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DH)
EVP_PKEY_free(tmp_dh_params);
#endif
OPENSSL_free(cert);
More information about the openssl-commits
mailing list