Project homepage Mailing List  Warmcat.com  API Docs  Github Mirror 
{"schema":"libjg2-1", "vpath":"/git/", "avatar":"/git/avatar/", "alang":"", "gen_ut":1752656127, "reponame":"openssl", "desc":"OpenSSL", "owner": { "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" },"url":"https://warmcat.com/repo/openssl", "f":3, "items": [ {"schema":"libjg2-1", "cid":"21c9095b4b3cae9c9436313c8323cefd", "commit": {"type":"commit", "time": 1542195204, "time_ofs": 0, "oid_tree": { "oid": "1669bf4de988f91514a966d7035086a19989b07b", "alias": []}, "oid":{ "oid": "eaa32f3679a8f36975142ece0958a68422af8bbc", "alias": []}, "msg": "Fix no-ec and no-tls1_2", "sig_commit": { "git_time": { "time": 1542195204, "offset": 0 }, "name": "Matt Caswell", "email": "matt@openssl.org", "md5": "10f7b441a32d5790efad9fc68cae4af2" }, "sig_author": { "git_time": { "time": 1542032587, "offset": 0 }, "name": "Matt Caswell", "email": "matt@openssl.org", "md5": "10f7b441a32d5790efad9fc68cae4af2" }}, "body": "Fix no-ec and no-tls1_2\n\nReviewed-by: Richard Levitte \u003clevitte@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/7620)\n\n(cherry picked from commit 65d2c16cbe0da8efed2f285f59930297326fb435)\n" , "diff": "diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h\nindex e9c5c5c..70e5a17 100644\n--- a/ssl/ssl_locl.h\n+++ b/ssl/ssl_locl.h\n@@ -2572,7 +2572,9 @@ __owur int tls1_process_sigalgs(SSL *s);\n __owur int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey);\n __owur int tls1_lookup_md(const SIGALG_LOOKUP *lu, const EVP_MD **pmd);\n __owur size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs);\n+# ifndef OPENSSL_NO_EC\n __owur int tls_check_sigalg_curve(const SSL *s, int curve);\n+# endif\n __owur int tls12_check_peer_sigalg(SSL *s, uint16_t, EVP_PKEY *pkey);\n __owur int ssl_set_client_disabled(SSL *s);\n __owur int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op, int echde);\ndiff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c\nindex 95c2206..4324896 100644\n--- a/ssl/statem/statem_lib.c\n+++ b/ssl/statem/statem_lib.c\n@@ -1506,8 +1506,11 @@ static int ssl_method_error(const SSL *s, const SSL_METHOD *method)\n */\n static int is_tls13_capable(const SSL *s)\n {\n- int i, curve;\n+ int i;\n+#ifndef OPENSSL_NO_EC\n+ int curve;\n EC_KEY *eckey;\n+#endif\n \n #ifndef OPENSSL_NO_PSK\n if (s-\u003epsk_server_callback !\u003d NULL)\n@@ -1530,6 +1533,7 @@ static int is_tls13_capable(const SSL *s)\n }\n if (!ssl_has_cert(s, i))\n continue;\n+#ifndef OPENSSL_NO_EC\n if (i !\u003d SSL_PKEY_ECC)\n return 1;\n /*\n@@ -1543,6 +1547,9 @@ static int is_tls13_capable(const SSL *s)\n curve \u003d EC_GROUP_get_curve_name(EC_KEY_get0_group(eckey));\n if (tls_check_sigalg_curve(s, curve))\n return 1;\n+#else\n+ return 1;\n+#endif\n }\n \n return 0;\ndiff --git a/ssl/t1_lib.c b/ssl/t1_lib.c\nindex e79c7bf..fc41ed9 100644\n--- a/ssl/t1_lib.c\n+++ b/ssl/t1_lib.c\n@@ -949,6 +949,7 @@ size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs)\n }\n }\n \n+#ifndef OPENSSL_NO_EC\n /*\n * Called by servers only. Checks that we have a sig alg that supports the\n * specified EC curve.\n@@ -979,6 +980,7 @@ int tls_check_sigalg_curve(const SSL *s, int curve)\n \n return 0;\n }\n+#endif\n \n /*\n * Check signature algorithm is consistent with sent supported signature\ndiff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t\nindex da8302d..db2271c 100644\n--- a/test/recipes/80-test_ssl_new.t\n+++ b/test/recipes/80-test_ssl_new.t\n@@ -69,6 +69,7 @@ my %conf_dependent_tests \u003d (\n \u002222-compression.conf\u0022 \u003d\u003e !$is_default_tls,\n \u002225-cipher.conf\u0022 \u003d\u003e disabled(\u0022poly1305\u0022) || disabled(\u0022chacha\u0022),\n \u002227-ticket-appdata.conf\u0022 \u003d\u003e !$is_default_tls,\n+ \u002228-seclevel.conf\u0022 \u003d\u003e disabled(\u0022tls1_2\u0022) || $no_ec,\n );\n \n # Add your test here if it should be skipped for some compile-time\ndiff --git a/test/ssl-tests/28-seclevel.conf b/test/ssl-tests/28-seclevel.conf\nindex ddc2448..f863f68 100644\n--- a/test/ssl-tests/28-seclevel.conf\n+++ b/test/ssl-tests/28-seclevel.conf\n@@ -4,8 +4,8 @@ num_tests \u003d 4\n \n test-0 \u003d 0-SECLEVEL 3 with default key\n test-1 \u003d 1-SECLEVEL 3 with ED448 key\n-test-2 \u003d 2-SECLEVEL 3 with ED448 key, TLSv1.2\n-test-3 \u003d 3-SECLEVEL 3 with P-384 key, X25519 ECDHE\n+test-2 \u003d 2-SECLEVEL 3 with P-384 key, X25519 ECDHE\n+test-3 \u003d 3-SECLEVEL 3 with ED448 key, TLSv1.2\n # \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n \n [0-SECLEVEL 3 with default key]\n@@ -54,22 +54,22 @@ ExpectedResult \u003d Success\n \n # \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n \n-[2-SECLEVEL 3 with ED448 key, TLSv1.2]\n-ssl_conf \u003d 2-SECLEVEL 3 with ED448 key, TLSv1.2-ssl\n+[2-SECLEVEL 3 with P-384 key, X25519 ECDHE]\n+ssl_conf \u003d 2-SECLEVEL 3 with P-384 key, X25519 ECDHE-ssl\n \n-[2-SECLEVEL 3 with ED448 key, TLSv1.2-ssl]\n-server \u003d 2-SECLEVEL 3 with ED448 key, TLSv1.2-server\n-client \u003d 2-SECLEVEL 3 with ED448 key, TLSv1.2-client\n+[2-SECLEVEL 3 with P-384 key, X25519 ECDHE-ssl]\n+server \u003d 2-SECLEVEL 3 with P-384 key, X25519 ECDHE-server\n+client \u003d 2-SECLEVEL 3 with P-384 key, X25519 ECDHE-client\n \n-[2-SECLEVEL 3 with ED448 key, TLSv1.2-server]\n-Certificate \u003d ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem\n+[2-SECLEVEL 3 with P-384 key, X25519 ECDHE-server]\n+Certificate \u003d ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem\n CipherString \u003d DEFAULT:@SECLEVEL\u003d3\n-MaxProtocol \u003d TLSv1.2\n-PrivateKey \u003d ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem\n+Groups \u003d X25519\n+PrivateKey \u003d ${ENV::TEST_CERTS_DIR}/p384-server-key.pem\n \n-[2-SECLEVEL 3 with ED448 key, TLSv1.2-client]\n-CipherString \u003d DEFAULT\n-VerifyCAFile \u003d ${ENV::TEST_CERTS_DIR}/rootcert.pem\n+[2-SECLEVEL 3 with P-384 key, X25519 ECDHE-client]\n+CipherString \u003d ECDHE:@SECLEVEL\u003d3\n+VerifyCAFile \u003d ${ENV::TEST_CERTS_DIR}/p384-root.pem\n VerifyMode \u003d Peer\n \n [test-2]\n@@ -78,22 +78,22 @@ ExpectedResult \u003d Success\n \n # \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n \n-[3-SECLEVEL 3 with P-384 key, X25519 ECDHE]\n-ssl_conf \u003d 3-SECLEVEL 3 with P-384 key, X25519 ECDHE-ssl\n+[3-SECLEVEL 3 with ED448 key, TLSv1.2]\n+ssl_conf \u003d 3-SECLEVEL 3 with ED448 key, TLSv1.2-ssl\n \n-[3-SECLEVEL 3 with P-384 key, X25519 ECDHE-ssl]\n-server \u003d 3-SECLEVEL 3 with P-384 key, X25519 ECDHE-server\n-client \u003d 3-SECLEVEL 3 with P-384 key, X25519 ECDHE-client\n+[3-SECLEVEL 3 with ED448 key, TLSv1.2-ssl]\n+server \u003d 3-SECLEVEL 3 with ED448 key, TLSv1.2-server\n+client \u003d 3-SECLEVEL 3 with ED448 key, TLSv1.2-client\n \n-[3-SECLEVEL 3 with P-384 key, X25519 ECDHE-server]\n-Certificate \u003d ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem\n+[3-SECLEVEL 3 with ED448 key, TLSv1.2-server]\n+Certificate \u003d ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem\n CipherString \u003d DEFAULT:@SECLEVEL\u003d3\n-Groups \u003d X25519\n-PrivateKey \u003d ${ENV::TEST_CERTS_DIR}/p384-server-key.pem\n+MaxProtocol \u003d TLSv1.2\n+PrivateKey \u003d ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem\n \n-[3-SECLEVEL 3 with P-384 key, X25519 ECDHE-client]\n-CipherString \u003d ECDHE:@SECLEVEL\u003d3\n-VerifyCAFile \u003d ${ENV::TEST_CERTS_DIR}/p384-root.pem\n+[3-SECLEVEL 3 with ED448 key, TLSv1.2-client]\n+CipherString \u003d DEFAULT\n+VerifyCAFile \u003d ${ENV::TEST_CERTS_DIR}/rootcert.pem\n VerifyMode \u003d Peer\n \n [test-3]\ndiff --git a/test/ssl-tests/28-seclevel.conf.in b/test/ssl-tests/28-seclevel.conf.in\nindex 5a1ee46..9f85a95 100644\n--- a/test/ssl-tests/28-seclevel.conf.in\n+++ b/test/ssl-tests/28-seclevel.conf.in\n@@ -10,6 +10,7 @@\n ## SSL test configurations\n \n package ssltests;\n+use OpenSSL::Test::Utils;\n \n our @tests \u003d (\n {\n@@ -18,6 +19,9 @@ our @tests \u003d (\n client \u003d\u003e { },\n test \u003d\u003e { \u0022ExpectedResult\u0022 \u003d\u003e \u0022ServerFail\u0022 },\n },\n+);\n+\n+our @tests_ec \u003d (\n {\n name \u003d\u003e \u0022SECLEVEL 3 with ED448 key\u0022,\n server \u003d\u003e { \u0022CipherString\u0022 \u003d\u003e \u0022DEFAULT:\u005c@SECLEVEL\u003d3\u0022,\n@@ -27,15 +31,6 @@ our @tests \u003d (\n test \u003d\u003e { \u0022ExpectedResult\u0022 \u003d\u003e \u0022Success\u0022 },\n },\n {\n- name \u003d\u003e \u0022SECLEVEL 3 with ED448 key, TLSv1.2\u0022,\n- server \u003d\u003e { \u0022CipherString\u0022 \u003d\u003e \u0022DEFAULT:\u005c@SECLEVEL\u003d3\u0022,\n- \u0022Certificate\u0022 \u003d\u003e test_pem(\u0022server-ed448-cert.pem\u0022),\n- \u0022PrivateKey\u0022 \u003d\u003e test_pem(\u0022server-ed448-key.pem\u0022),\n- \u0022MaxProtocol\u0022 \u003d\u003e \u0022TLSv1.2\u0022 },\n- client \u003d\u003e { },\n- test \u003d\u003e { \u0022ExpectedResult\u0022 \u003d\u003e \u0022Success\u0022 },\n- },\n- {\n name \u003d\u003e \u0022SECLEVEL 3 with P-384 key, X25519 ECDHE\u0022,\n server \u003d\u003e { \u0022CipherString\u0022 \u003d\u003e \u0022DEFAULT:\u005c@SECLEVEL\u003d3\u0022,\n \u0022Certificate\u0022 \u003d\u003e test_pem(\u0022p384-server-cert.pem\u0022),\n@@ -46,3 +41,18 @@ our @tests \u003d (\n test \u003d\u003e { \u0022ExpectedResult\u0022 \u003d\u003e \u0022Success\u0022 },\n },\n );\n+\n+our @tests_tls1_2 \u003d (\n+ {\n+ name \u003d\u003e \u0022SECLEVEL 3 with ED448 key, TLSv1.2\u0022,\n+ server \u003d\u003e { \u0022CipherString\u0022 \u003d\u003e \u0022DEFAULT:\u005c@SECLEVEL\u003d3\u0022,\n+ \u0022Certificate\u0022 \u003d\u003e test_pem(\u0022server-ed448-cert.pem\u0022),\n+ \u0022PrivateKey\u0022 \u003d\u003e test_pem(\u0022server-ed448-key.pem\u0022),\n+ \u0022MaxProtocol\u0022 \u003d\u003e \u0022TLSv1.2\u0022 },\n+ client \u003d\u003e { },\n+ test \u003d\u003e { \u0022ExpectedResult\u0022 \u003d\u003e \u0022Success\u0022 },\n+ },\n+);\n+\n+push @tests, @tests_ec unless disabled(\u0022ec\u0022);\n+push @tests, @tests_tls1_2 unless disabled(\u0022tls1_2\u0022) || disabled(\u0022ec\u0022);\n","s":{"c":1752656127,"u": 46781}} ],"g": 49107,"chitpc": 0,"ehitpc": 0,"indexed":0 , "ab": 0, "si": 0, "db":0, "di":0, "sat":0, "lfc": "0000"}