sync code with last improvements from OpenBSD

This commit is contained in:
purplerain 2023-08-17 07:36:55 +00:00
parent 454dab66ed
commit 27298272ec
Signed by: purplerain
GPG key ID: F42C07F07E2E35B7
237 changed files with 4666 additions and 2149 deletions

View file

@ -1,4 +1,4 @@
/* $OpenBSD: ssltest.c,v 1.42 2023/07/27 07:08:09 tb Exp $ */
/* $OpenBSD: ssltest.c,v 1.43 2023/08/15 11:20:57 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -281,8 +281,8 @@ verify_alpn(SSL *client, SSL *server)
free(alpn_selected);
alpn_selected = NULL;
if (client_proto_len != server_proto_len ||
memcmp(client_proto, server_proto, client_proto_len) != 0) {
if (client_proto_len != server_proto_len || (client_proto_len > 0 &&
memcmp(client_proto, server_proto, client_proto_len) != 0)) {
BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
goto err;
}

View file

@ -1,4 +1,4 @@
# $OpenBSD: tlsfuzzer.py,v 1.51 2023/08/03 20:13:12 tb Exp $
# $OpenBSD: tlsfuzzer.py,v 1.52 2023/08/14 18:10:42 tb Exp $
#
# Copyright (c) 2020 Theo Buehler <tb@openbsd.org>
#
@ -370,7 +370,6 @@ tls12_tests = TestGroup("TLSv1.2 tests", [
Test("test-message-skipping.py"),
Test("test-no-heartbeat.py"),
Test("test-record-layer-fragmentation.py"),
Test("test-sessionID-resumption.py"),
Test("test-sslv2-connection.py"),
Test("test-truncating-of-finished.py"),
Test("test-truncating-of-kRSA-client-key-exchange.py"),
@ -388,7 +387,7 @@ tls12_tests = TestGroup("TLSv1.2 tests", [
Test(
"test-ccs.py", [
"-x", "two bytes long CCS",
"-X", "does not match received \"decode_error\"",
"-X", substitute_alert("unexpected_message", "decode_error"),
]
),
Test(
@ -439,6 +438,11 @@ tls12_tests = TestGroup("TLSv1.2 tests", [
"-e", "drop extended_master_secret in renegotiation",
]),
Test("test-sessionID-resumption.py", [
"-x", "Client Hello too long session ID",
"-X", substitute_alert("decode_error", "illegal_parameter"),
]),
# Without --sig-algs-drop-ok, two tests fail since we do not currently
# implement the signature_algorithms_cert extension (although we MUST).
Test("test-sig-algs-renegotiation-resumption.py", ["--sig-algs-drop-ok"]),
@ -558,6 +562,12 @@ tls12_failing_tests = TestGroup("failing TLSv1.2 tests", [
# 'resumption with cipher from old CH but not selected by server'
Test("test-resumption-with-wrong-ciphers.py"),
# 'session resumption with empty session_id'
# 'session resumption with random session_id'
# 'session resumption with renegotiation'
# AssertionError: Server did not send extension(s): session_ticket
Test("test-session-ticket-resumption.py"),
# 5 failures:
# 'empty sigalgs'
# 'only undefined sigalgs'