The branch master has been updated via b4eee58a5f9dfa493d6cc34b4af871415c67beda (commit) from 10b0b5ecd93097179a2b13a7d34e0ab580d23fa2 (commit)
- Log ----------------------------------------------------------------- commit b4eee58a5f9dfa493d6cc34b4af871415c67beda Author: Matt Caswell <m...@openssl.org> Date: Thu Nov 10 15:35:42 2016 +0000 Fix test_sslcorrupt when using TLSv1.3 The test loops through all the ciphers, attempting to test each one in turn. However version negotiation happens before cipher selection, so with TLSv1.3 switched on if we use a non-TLSv1.3 compatible cipher suite we get "no share cipher". Reviewed-by: Rich Salz <rs...@openssl.org> ----------------------------------------------------------------------- Summary of changes: test/sslcorrupttest.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/test/sslcorrupttest.c b/test/sslcorrupttest.c index 34ac8f7..f07cfce 100644 --- a/test/sslcorrupttest.c +++ b/test/sslcorrupttest.c @@ -7,6 +7,7 @@ * https://www.openssl.org/source/license.html */ +#include <string.h> #include "ssltestlib.h" #include "testutil.h" @@ -182,6 +183,8 @@ static int test_ssl_corrupt(int testidx) BIO *c_to_s_fbio; int testresult = 0; static unsigned char junk[16000] = { 0 }; + STACK_OF(SSL_CIPHER) *ciphers; + const SSL_CIPHER *currcipher; printf("Starting Test %d, %s\n", testidx, cipher_list[testidx]); @@ -196,6 +199,29 @@ static int test_ssl_corrupt(int testidx) goto end; } + ciphers = SSL_CTX_get_ciphers(cctx); + if (ciphers == NULL || sk_SSL_CIPHER_num(ciphers) != 1) { + printf("Unexpected ciphers set\n"); + goto end; + } + currcipher = sk_SSL_CIPHER_value(ciphers, 0); + if (currcipher == NULL) { + printf("Failed getting the current cipher\n"); + goto end; + } + + /* + * If we haven't got a TLSv1.3 cipher, then we mustn't attempt to use + * TLSv1.3. Version negotiation happens before cipher selection, so we will + * get a "no shared cipher" error. + */ + if (strcmp(SSL_CIPHER_get_version(currcipher), "TLSv1.3") != 0) { + if (!SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION)) { + printf("Failed setting max protocol version\n"); + goto end; + } + } + c_to_s_fbio = BIO_new(bio_f_tls_corrupt_filter()); if (c_to_s_fbio == NULL) { printf("Failed to create filter BIO\n"); _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits