[openssl] OpenSSL_1_1_1-stable update

Kurt Roeckx kurt at openssl.org
Sat Jan 25 13:12:16 UTC 2020


The branch OpenSSL_1_1_1-stable has been updated
       via  cc7c6eb8135be665d0acc176a5963e1eaf52e4e2 (commit)
       via  2dbcdb693597a20ae4e84126b02f8f05b70fa831 (commit)
      from  59f92fa27eb41a7513e584b665c87669171f60dd (commit)


- Log -----------------------------------------------------------------
commit cc7c6eb8135be665d0acc176a5963e1eaf52e4e2
Author: Kurt Roeckx <kurt at roeckx.be>
Date:   Thu Jan 2 22:53:32 2020 +0100

    Check that the default signature type is allowed
    
    TLS < 1.2 has fixed signature algorithms: MD5+SHA1 for RSA and SHA1 for the
    others. TLS 1.2 sends a list of supported ciphers, but allows not sending
    it in which case SHA1 is used. TLS 1.3 makes sending the list mandatory.
    
    When we didn't receive a list from the client, we always used the
    defaults without checking that they are allowed by the configuration.
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    GH: #10784
    (cherry picked from commit b0031e5dc2c8c99a6c04bc7625aa00d3d20a59a5)

commit 2dbcdb693597a20ae4e84126b02f8f05b70fa831
Author: Kurt Roeckx <kurt at roeckx.be>
Date:   Sun Jan 12 16:44:01 2020 +0100

    Replace apps/server.pem with certificate with a sha256 signature.
    
    It replaces apps/server.pem that used a sha1 signature with a copy of
    test/certs/servercert.pem that is uses sha256.
    
    This caused the dtlstest to start failing. It's testing connection
    sbetween a dtls client and server. In particular it was checking that if
    we drop a record that the handshake recovers and still completes
    successfully. The test iterates a number of times. The first time
    through it drops the first record. The second time it drops the second
    one, and so on. In order to do this it has a hard-coded value for the
    expected number of records it should see in a handshake. That's ok
    because we completely control both sides of the handshake and know what
    records we expect to see. Small changes in message size would be
    tolerated because that is unlikely to have an impact on the number of
    records. Larger changes in message size however could increase or
    decrease the number of records and hence cause the test to fail.
    
    This particular test uses a mem bio which doesn't have all the CTRLs
    that the dgram BIO has. When we are using a dgram BIO we query that BIO
    to determine the MTU size. The smaller the MTU the more fragmented
    handshakes become. Since the mem BIO doesn't report an MTU we use a
    rather small default value and get quite a lot of records in our
    handshake. This has the tendency to increase the likelihood of the
    number of records changing in the test if the message size changes.
    
    It so happens that the new server certificate is smaller than the old
    one. AFAICT this is probably because the DNs for the Subject and Issuer
    are significantly shorter than previously. The result is that the number
    of records used to transmit the Certificate message is one less than it
    was before. This actually has a knock on impact for subsequent messages
    and how we fragment them resulting in one less ServerKeyExchange record
    too (the actual size of the ServerKeyExchange message hasn't changed,
    but where in that message it gets fragmented has). In total the number
    of records used in the handshake has decreased by 2 with the new
    server.pem file.
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    GH: #10784
    (cherry picked from commit 5fd72d96a592c3c4ef28ff11c6ef334a856b0cd1)

-----------------------------------------------------------------------

Summary of changes:
 apps/server.pem                   | 95 +++++++++++++++++++--------------------
 ssl/ssl_local.h                   |  2 +-
 ssl/t1_lib.c                      | 16 +++++--
 test/dtlstest.c                   |  2 +-
 test/recipes/70-test_sslsigalgs.t | 57 +++++++++++++++--------
 5 files changed, 98 insertions(+), 74 deletions(-)

diff --git a/apps/server.pem b/apps/server.pem
index d0fc265f04..b380759199 100644
--- a/apps/server.pem
+++ b/apps/server.pem
@@ -1,52 +1,47 @@
-subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Server Cert
-issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA
 -----BEGIN CERTIFICATE-----
-MIID5zCCAs+gAwIBAgIJALnu1NlVpZ6zMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
-BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
-VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt
-ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZDELMAkG
-A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU
-RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgU2VydmVyIENlcnQw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzhPOSNtyyRspmeuUpxfNJ
-KCLTuf7g3uQ4zu4iHOmRO5TQci+HhVlLZrHF9XqFXcIP0y4pWDbMSGuiorUmzmfi
-R7bfSdI/+qIQt8KXRH6HNG1t8ou0VSvWId5TS5Dq/er5ODUr9OaaDva7EquHIcMv
-vPQGuI+OEAcnleVCy9HVEIySrO4P3CNIicnGkwwiAud05yUAq/gPXBC1hTtmlPD7
-TVcGVSEiJdvzqqlgv02qedGrkki6GY4S7GjZxrrf7Foc2EP+51LJzwLQx3/JfrCU
-41NEWAsu/Sl0tQabXESN+zJ1pDqoZ3uHMgpQjeGiE0olr+YcsSW/tJmiU9OiAr8R
-AgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJYIZI
-AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
-BBSCvM8AABPR9zklmifnr9LvIBturDAfBgNVHSMEGDAWgBQ2w2yI55X+sL3szj49
-hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEAqb1NV0B0/pbpK9Z4/bNjzPQLTRLK
-WnSNm/Jh5v0GEUOE/Beg7GNjNrmeNmqxAlpqWz9qoeoFZax+QBpIZYjROU3TS3fp
-yLsrnlr0CDQ5R7kCCDGa8dkXxemmpZZLbUCpW2Uoy8sAA4JjN9OtsZY7dvUXFgJ7
-vVNTRnI01ghknbtD+2SxSQd3CWF6QhcRMAzZJ1z1cbbwGDDzfvGFPzJ+Sq+zEPds
-xoVLLSetCiBc+40ZcDS5dV98h9XD7JMTQfxzA7mNGv73JoZJA6nFgj+ADSlJsY/t
-JBv+z1iQRueoh9Qeee+ZbRifPouCB8FDx+AltvHTANdAq0t/K3o+pplMVA==
+MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDExNDIyMjk0NloYDzIxMTYwMTE1MjIyOTQ2WjAZMRcwFQYDVQQD
+DA5zZXJ2ZXIuZXhhbXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ANVdYGrf/GHuSKqMEUhDpW22Ul2qmEmxYZI1sfw6BCUMbXn/tNXJ6VwcO+Crs7h9
+o95tveDd11q/FEcRQl6mgtBhwX/dE0bmCYUHDvLU/Bpk0gqtIKsga5bwrczEGVNV
+3AEdpLPvirRJU12KBRzx3OFEv8XX4ncZV1yXC3XuiENxD8pswbSyUKd3RmxYDxG/
+8XYkWq45QrdRZynh0FUwbxfkkeqt+CjCQ2+iZKn7nZiSYkg+6w1PgkqK/z9y7pa1
+rqHBmLrvfZB1bf9aUp6r9cB+0IdD24UHBw99OHr90dPuZR3T6jlqhzfuStPgDW71
+cKzCvfFu85KVXqnwoWWVk40CAwEAAaN9MHswHQYDVR0OBBYEFMDnhL/oWSczELBS
+T1FSLwbWwHrNMB8GA1UdIwQYMBaAFHB/Lq6DaFmYBCMqzes+F80k3QFJMAkGA1Ud
+EwQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGQYDVR0RBBIwEIIOc2VydmVyLmV4
+YW1wbGUwDQYJKoZIhvcNAQELBQADggEBAHvTBEN1ig8RrsT716Ginv4gGNX0LzGI
+RrZ1jO7lm5emuaPNYJpGw0iX5Zdo91qGNXPZaZ75X3S55pQTActq3OPEBOll2pyk
+iyjz+Zp/v5cfRZLlBbFW5gv2R94eibYr4U3fSn4B0yPcl4xH/l/HzJhGDsSDW8qK
+8VIJvmvsPwmL0JMCv+FR59F+NFYZdND/KCXet59WUpF9ICmFCoBEX3EyJXEPwhbi
+X2sdPzJbCjx0HLli8e0HUKNttLQxCsBTRGo6iISLLamwN47mGDa9miBADwGSiz2q
+YeeuLO02zToHhnQ6KbPXOrQAqcL1kngO4g+j/ru+4AZThFkdkGnltvk=
 -----END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA84TzkjbcskbKZnrlKcXzSSgi07n+4N7kOM7uIhzpkTuU0HIv
-h4VZS2axxfV6hV3CD9MuKVg2zEhroqK1Js5n4ke230nSP/qiELfCl0R+hzRtbfKL
-tFUr1iHeU0uQ6v3q+Tg1K/Tmmg72uxKrhyHDL7z0BriPjhAHJ5XlQsvR1RCMkqzu
-D9wjSInJxpMMIgLndOclAKv4D1wQtYU7ZpTw+01XBlUhIiXb86qpYL9NqnnRq5JI
-uhmOEuxo2ca63+xaHNhD/udSyc8C0Md/yX6wlONTRFgLLv0pdLUGm1xEjfsydaQ6
-qGd7hzIKUI3hohNKJa/mHLElv7SZolPTogK/EQIDAQABAoIBAADq9FwNtuE5IRQn
-zGtO4q7Y5uCzZ8GDNYr9RKp+P2cbuWDbvVAecYq2NV9QoIiWJOAYZKklOvekIju3
-r0UZLA0PRiIrTg6NrESx3JrjWDK8QNlUO7CPTZ39/K+FrmMkV9lem9yxjJjyC34D
-AQB+YRTx+l14HppjdxNwHjAVQpIx/uO2F5xAMuk32+3K+pq9CZUtrofe1q4Agj9R
-5s8mSy9pbRo9kW9wl5xdEotz1LivFOEiqPUJTUq5J5PeMKao3vdK726XI4Z455Nm
-W2/MA0YV0ug2FYinHcZdvKM6dimH8GLfa3X8xKRfzjGjTiMSwsdjgMa4awY3tEHH
-674jhAECgYEA/zqMrc0zsbNk83sjgaYIug5kzEpN4ic020rSZsmQxSCerJTgNhmg
-utKSCt0Re09Jt3LqG48msahX8ycqDsHNvlEGPQSbMu9IYeO3Wr3fAm75GEtFWePY
-BhM73I7gkRt4s8bUiUepMG/wY45c5tRF23xi8foReHFFe9MDzh8fJFECgYEA9EFX
-4qAik1pOJGNei9BMwmx0I0gfVEIgu0tzeVqT45vcxbxr7RkTEaDoAG6PlbWP6D9a
-WQNLp4gsgRM90ZXOJ4up5DsAWDluvaF4/omabMA+MJJ5kGZ0gCj5rbZbKqUws7x8
-bp+6iBfUPJUbcqNqFmi/08Yt7vrDnMnyMw2A/sECgYEAiiuRMxnuzVm34hQcsbhH
-6ymVqf7j0PW2qK0F4H1ocT9qhzWFd+RB3kHWrCjnqODQoI6GbGr/4JepHUpre1ex
-4UEN5oSS3G0ru0rC3U4C59dZ5KwDHFm7ffZ1pr52ljfQDUsrjjIMRtuiwNK2OoRa
-WSsqiaL+SDzSB+nBmpnAizECgYBdt/y6rerWUx4MhDwwtTnel7JwHyo2MDFS6/5g
-n8qC2Lj6/fMDRE22w+CA2esp7EJNQJGv+b27iFpbJEDh+/Lf5YzIT4MwVskQ5bYB
-JFcmRxUVmf4e09D7o705U/DjCgMH09iCsbLmqQ38ONIRSHZaJtMDtNTHD1yi+jF+
-OT43gQKBgQC/2OHZoko6iRlNOAQ/tMVFNq7fL81GivoQ9F1U0Qr+DH3ZfaH8eIkX
-xT0ToMPJUzWAn8pZv0snA0um6SIgvkCuxO84OkANCVbttzXImIsL7pFzfcwV/ERK
-UM6j0ZuSMFOCr/lGPAoOQU0fskidGEHi1/kW+suSr28TqsyYZpwBDQ==
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDVXWBq3/xh7kiq
+jBFIQ6VttlJdqphJsWGSNbH8OgQlDG15/7TVyelcHDvgq7O4faPebb3g3ddavxRH
+EUJepoLQYcF/3RNG5gmFBw7y1PwaZNIKrSCrIGuW8K3MxBlTVdwBHaSz74q0SVNd
+igUc8dzhRL/F1+J3GVdclwt17ohDcQ/KbMG0slCnd0ZsWA8Rv/F2JFquOUK3UWcp
+4dBVMG8X5JHqrfgowkNvomSp+52YkmJIPusNT4JKiv8/cu6Wta6hwZi6732QdW3/
+WlKeq/XAftCHQ9uFBwcPfTh6/dHT7mUd0+o5aoc37krT4A1u9XCswr3xbvOSlV6p
+8KFllZONAgMBAAECggEADLTt7A+A2Vg2jamf0dztejY0e42QWjstI2b9PZc67fXq
+gyx+WYkX07t+uWegYWliG/oPJ9guXiIpE/5sJHToL37S5kmFP2CtynVcJ4wVo4DD
+nY0n9+kLX0bgIuS+2V6wpoRcbbbjXM9NHrH8kfe5ftT4UtEDlLI2qLX6IcDd7p4u
+OYjILChR8GSGTw96yIy2Ws/1Uq9PMw64JoT4RcK5QqnkcPMDFRH1SeLOL+zXP2c4
+nEl9yOy3HauZKxwl/Ry/XK1s3DdjopIAU29ut+hAuMiTb06kzZnumL9NoplKoZtU
+otw/gVcCKhT+Ep+p6i8InLF0XEME8A0qUR0niWebgQKBgQD6vkxR49B8ZZQrzjw4
+XKs1lI9cP7cgPiuWlDHMNjYou3WbOaGrMeScvbB1Ldh9A8pjAhxlw8AaV/xs4qcA
+trmVmSISVMVyc1wSGlJXWi2nUzTNs9OE3vj22SyStihf8UUZtWwX2b5Y4JrYhA/V
++ThGGqHR03oLNLShNLtJc2c7YQKBgQDZ1nkibEyrepexw/fnwkw61IJKq9wRIh1G
+PREakhbe9wU5ie0knuf9razt7awzQiwFmlixmWqsM7UEtLuXNnNPciwdrKhhbvrd
+vD/rkbIEHEPllIhFlDtOzn3hRBWTzWmXFjpou/2LvHTSbVis4IYVZymTp2jb1ZLs
+7VbiG9JTrQKBgQDc6n75g1szzpdehQT/r33U5j/syeJBUSU8NPMu9fB/sLHsgjlT
+SNEf2+y1QSBE/Or6kmiMrIv7advn30W+Vj9qc5HWTsPrk4HiHTjA553jl2alebN5
+lK4LZspjtIQcC8mS3goPdXPEgJdM/gWpwzr2YQ6DfOxBJT2j7n64NyoT4QKBgH7/
+yx+GhCx1DHtXBPDZFhg2TL+78lEK0oZgk9gp06up2CHzh44SFq6O0oLkTcCUk5Ww
+poTkLIy4mJBlzfgahp+KsK2cO46SZS9g0ONFzcMXt33hWpE2Gl2XhUwPpYTF/QlY
+rDTjZK5S8Mi9dzVSsNlJi7PJphiEK2R1+nFYRwcBAoGBANWoIG85jpXAOnq/Kcgx
+Rl3YivR0Ke6r1tFlP58rT7X3EkiboXyQl5vLIFCAwUte6RGrLl1dy3Qyh80B9ySL
+Jx6vj42CK7vgv6A96TuVYhnXTnEI6ZvwAQ2VGaw4BizhjALs/kdSE/og9aSCs3ws
+KQypwAFz0tbHxaNag/bSAN0J
+-----END PRIVATE KEY-----
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index d335df252e..9a04fdd5b4 100644
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -2581,7 +2581,7 @@ __owur int tls_check_sigalg_curve(const SSL *s, int curve);
 #  endif
 __owur int tls12_check_peer_sigalg(SSL *s, uint16_t, EVP_PKEY *pkey);
 __owur int ssl_set_client_disabled(SSL *s);
-__owur int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op, int echde);
+__owur int ssl_cipher_disabled(const SSL *s, const SSL_CIPHER *c, int op, int echde);
 
 __owur int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen,
                                  size_t *hashlen);
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 8498528b71..d7ce6541d3 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -22,6 +22,7 @@
 #include <openssl/ct.h>
 
 static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey);
+static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu);
 
 SSL3_ENC_METHOD const TLSv1_enc_data = {
     tls1_enc,
@@ -849,8 +850,11 @@ static int rsa_pss_check_min_key_size(const RSA *rsa, const SIGALG_LOOKUP *lu)
 }
 
 /*
- * Return a signature algorithm for TLS < 1.2 where the signature type
- * is fixed by the certificate type.
+ * Returns a signature algorithm when the peer did not send a list of supported
+ * signature algorithms. The signature algorithm is fixed for the certificate
+ * type. |idx| is a certificate type index (SSL_PKEY_*). When |idx| is -1 the
+ * certificate type from |s| will be used.
+ * Returns the signature algorithm to use, or NULL on error.
  */
 static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL *s, int idx)
 {
@@ -893,8 +897,12 @@ static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL *s, int idx)
 
         if (!tls1_lookup_md(lu, NULL))
             return NULL;
+        if (!tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, lu))
+            return NULL;
         return lu;
     }
+    if (!tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, &legacy_rsa_sigalg))
+        return NULL;
     return &legacy_rsa_sigalg;
 }
 /* Set peer sigalg based key type */
@@ -1176,7 +1184,7 @@ int ssl_set_client_disabled(SSL *s)
  *
  * Returns 1 when it's disabled, 0 when enabled.
  */
-int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op, int ecdhe)
+int ssl_cipher_disabled(const SSL *s, const SSL_CIPHER *c, int op, int ecdhe)
 {
     if (c->algorithm_mkey & s->s3->tmp.mask_k
         || c->algorithm_auth & s->s3->tmp.mask_a)
@@ -1556,7 +1564,7 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick,
 }
 
 /* Check to see if a signature algorithm is allowed */
-static int tls12_sigalg_allowed(SSL *s, int op, const SIGALG_LOOKUP *lu)
+static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu)
 {
     unsigned char sigalgstr[2];
     int secbits;
diff --git a/test/dtlstest.c b/test/dtlstest.c
index ab4d4c15c0..0bba08856a 100644
--- a/test/dtlstest.c
+++ b/test/dtlstest.c
@@ -122,7 +122,7 @@ static int test_dtls_unprocessed(int testidx)
 #define CLI_TO_SRV_EPOCH_0_RECS 3
 #define CLI_TO_SRV_EPOCH_1_RECS 1
 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
-# define SRV_TO_CLI_EPOCH_0_RECS 12
+# define SRV_TO_CLI_EPOCH_0_RECS 10
 #else
 /*
  * In this case we have no ServerKeyExchange message, because we don't have
diff --git a/test/recipes/70-test_sslsigalgs.t b/test/recipes/70-test_sslsigalgs.t
index f805dcf221..3b15c465a9 100644
--- a/test/recipes/70-test_sslsigalgs.t
+++ b/test/recipes/70-test_sslsigalgs.t
@@ -53,7 +53,7 @@ use constant {
 
 #Test 1: Default sig algs should succeed
 $proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
-plan tests => 22;
+plan tests => 24;
 ok(TLSProxy::Message->success, "Default sigalgs");
 my $testtype;
 
@@ -132,19 +132,40 @@ SKIP: {
 }
 
 SKIP: {
-    skip "EC or TLSv1.2 disabled", 8 if disabled("tls1_2") || disabled("ec");
+    skip "EC or TLSv1.2 disabled", 10 if disabled("tls1_2") || disabled("ec");
 
     $proxy->filter(\&sigalgs_filter);
 
-    #Test 10: Sending no sig algs extension in TLSv1.2 should succeed
+    #Test 10: Sending no sig algs extension in TLSv1.2 should succeed at
+    #         security level 1
     $proxy->clear();
     $testtype = NO_SIG_ALGS_EXT;
-    $proxy->clientflags("-no_tls1_3");
-    $proxy->ciphers("ECDHE-RSA-AES128-SHA");
+    $proxy->clientflags("-no_tls1_3 -cipher DEFAULT\@SECLEVEL=1");
+    $proxy->ciphers("ECDHE-RSA-AES128-SHA\@SECLEVEL=1");
+    $proxy->start();
+    ok(TLSProxy::Message->success, "No TLSv1.2 sigalgs seclevel 1");
+
+    #Test 11: Sending no sig algs extension in TLSv1.2 should fail at security
+    #         level 2 since it will try to use SHA1. Testing client at level 1,
+    #         server level 2.
+    $proxy->clear();
+    $testtype = NO_SIG_ALGS_EXT;
+    $proxy->clientflags("-tls1_2 -cipher DEFAULT\@SECLEVEL=1");
+    $proxy->ciphers("DEFAULT\@SECLEVEL=2");
+    $proxy->start();
+    ok(TLSProxy::Message->fail, "No TLSv1.2 sigalgs server seclevel 2");
+
+    #Test 12: Sending no sig algs extension in TLSv1.2 should fail at security
+    #         level 2 since it will try to use SHA1. Testing client at level 2,
+    #         server level 1.
+    $proxy->clear();
+    $testtype = NO_SIG_ALGS_EXT;
+    $proxy->clientflags("-tls1_2 -cipher DEFAULT\@SECLEVEL=2");
+    $proxy->ciphers("DEFAULT\@SECLEVEL=1");
     $proxy->start();
-    ok(TLSProxy::Message->success, "No TLSv1.2 sigalgs");
+    ok(TLSProxy::Message->fail, "No TLSv1.2 sigalgs client seclevel 2");
 
-    #Test 11: Sending an empty sig algs extension in TLSv1.2 should fail
+    #Test 13: Sending an empty sig algs extension in TLSv1.2 should fail
     $proxy->clear();
     $testtype = EMPTY_SIG_ALGS_EXT;
     $proxy->clientflags("-no_tls1_3");
@@ -152,7 +173,7 @@ SKIP: {
     $proxy->start();
     ok(TLSProxy::Message->fail, "Empty TLSv1.2 sigalgs");
 
-    #Test 12: Sending a list with no recognised sig algs in TLSv1.2 should fail
+    #Test 14: Sending a list with no recognised sig algs in TLSv1.2 should fail
     $proxy->clear();
     $testtype = NO_KNOWN_SIG_ALGS;
     $proxy->clientflags("-no_tls1_3");
@@ -160,7 +181,7 @@ SKIP: {
     $proxy->start();
     ok(TLSProxy::Message->fail, "No known TLSv1.3 sigalgs");
 
-    #Test 13: Sending a sig algs list without pss for an RSA cert in TLSv1.2
+    #Test 15: Sending a sig algs list without pss for an RSA cert in TLSv1.2
     #         should succeed
     $proxy->clear();
     $testtype = NO_PSS_SIG_ALGS;
@@ -169,7 +190,7 @@ SKIP: {
     $proxy->start();
     ok(TLSProxy::Message->success, "No PSS TLSv1.2 sigalgs");
 
-    #Test 14: Sending only TLSv1.3 PSS sig algs in TLSv1.2 should succeed
+    #Test 16: Sending only TLSv1.3 PSS sig algs in TLSv1.2 should succeed
     $proxy->clear();
     $testtype = PSS_ONLY_SIG_ALGS;
     $proxy->serverflags("-no_tls1_3");
@@ -177,7 +198,7 @@ SKIP: {
     $proxy->start();
     ok(TLSProxy::Message->success, "PSS only sigalgs in TLSv1.2");
 
-    #Test 15: Responding with a sig alg we did not send in TLSv1.2 should fail
+    #Test 17: Responding with a sig alg we did not send in TLSv1.2 should fail
     #         We send rsa_pkcs1_sha256 and respond with rsa_pss_rsae_sha256
     #         TODO(TLS1.3): Add a similar test to the TLSv1.3 section above
     #         when we have an API capable of configuring the TLSv1.3 sig algs
@@ -188,7 +209,7 @@ SKIP: {
     $proxy->start();
     ok(TLSProxy::Message->fail, "Sigalg we did not send in TLSv1.2");
 
-    #Test 16: Sending a valid sig algs list but not including a sig type that
+    #Test 18: Sending a valid sig algs list but not including a sig type that
     #         matches the certificate should fail in TLSv1.2
     $proxy->clear();
     $proxy->clientflags("-no_tls1_3 -sigalgs ECDSA+SHA256");
@@ -198,7 +219,7 @@ SKIP: {
     ok(TLSProxy::Message->fail, "No matching TLSv1.2 sigalgs");
     $proxy->filter(\&sigalgs_filter);
 
-    #Test 17: No sig algs extension, ECDSA cert, TLSv1.2 should succeed
+    #Test 19: No sig algs extension, ECDSA cert, TLSv1.2 should succeed
     $proxy->clear();
     $testtype = NO_SIG_ALGS_EXT;
     $proxy->clientflags("-no_tls1_3");
@@ -214,7 +235,7 @@ SKIP: {
 my ($dsa_status, $sha1_status, $sha224_status);
 SKIP: {
     skip "TLSv1.3 disabled", 2 if disabled("tls1_3") || disabled("dsa");
-    #Test 18: signature_algorithms with 1.3-only ClientHello
+    #Test 20: signature_algorithms with 1.3-only ClientHello
     $testtype = PURE_SIGALGS;
     $dsa_status = $sha1_status = $sha224_status = 0;
     $proxy->clear();
@@ -224,7 +245,7 @@ SKIP: {
     ok($dsa_status && $sha1_status && $sha224_status,
        "DSA/SHA2 sigalg sent for 1.3-only ClientHello");
 
-    #Test 19: signature_algorithms with backwards compatible ClientHello
+    #Test 21: signature_algorithms with backwards compatible ClientHello
     SKIP: {
         skip "TLSv1.2 disabled", 1 if disabled("tls1_2");
         $testtype = COMPAT_SIGALGS;
@@ -239,21 +260,21 @@ SKIP: {
 
 SKIP: {
     skip "TLSv1.3 disabled", 3 if disabled("tls1_3");
-    #Test 20: Insert signature_algorithms_cert that match normal sigalgs
+    #Test 22: Insert signature_algorithms_cert that match normal sigalgs
     $testtype = SIGALGS_CERT_ALL;
     $proxy->clear();
     $proxy->filter(\&modify_sigalgs_cert_filter);
     $proxy->start();
     ok(TLSProxy::Message->success, "sigalgs_cert in TLSv1.3");
 
-    #Test 21: Insert signature_algorithms_cert that forces PKCS#1 cert
+    #Test 23: Insert signature_algorithms_cert that forces PKCS#1 cert
     $testtype = SIGALGS_CERT_PKCS;
     $proxy->clear();
     $proxy->filter(\&modify_sigalgs_cert_filter);
     $proxy->start();
     ok(TLSProxy::Message->success, "sigalgs_cert in TLSv1.3 with PKCS#1 cert");
 
-    #Test 22: Insert signature_algorithms_cert that fails
+    #Test 24: Insert signature_algorithms_cert that fails
     $testtype = SIGALGS_CERT_INVALID;
     $proxy->clear();
     $proxy->filter(\&modify_sigalgs_cert_filter);


More information about the openssl-commits mailing list