From bc2ea32c32d7476eee4163a89371b40e54949e76 Mon Sep 17 00:00:00 2001 From: David Cooper Date: Wed, 10 Nov 2021 09:16:46 -0500 Subject: [PATCH] Support OpenSSL 3.0.1-dev and 3.1.0-dev Same as #2040, but for the 3.0 branch. --- testssl.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/testssl.sh b/testssl.sh index 05aac9e..e7ec88a 100755 --- a/testssl.sh +++ b/testssl.sh @@ -1807,7 +1807,7 @@ check_revocation_ocsp() { if [[ "$OSSL_NAME" =~ LibreSSL ]]; then host_header="-header Host ${host_header}" elif [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == 1.1.0* ]] || [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == 1.1.1* ]] || \ - [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == 3.0.0* ]]; then + [[ $OSSL_VER_MAJOR == 3 ]]; then host_header="-header Host=${host_header}" else host_header="-header Host ${host_header}" @@ -4039,7 +4039,7 @@ ciphers_by_strength() { ossl_ciphers_proto="" elif [[ "$proto" == -ssl2 ]] || [[ "$proto" == -ssl3 ]] || \ [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == 1.1.0* ]] || [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == 1.1.1* ]] || \ - [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == 3.0.0* ]]; then + [[ $OSSL_VER_MAJOR == 3 ]]; then ossl_ciphers_proto="$proto" else ossl_ciphers_proto="-tls1" @@ -6168,7 +6168,7 @@ sub_session_resumption() { return 7 fi if "$byID" && [[ ! "$OSSL_NAME" =~ LibreSSL ]] && \ - ( [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == 1.1.1* ]] || [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == 3.0.0* ]] ) && \ + ( [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == 1.1.1* ]] || [[ $OSSL_VER_MAJOR == 3 ]] ) && \ [[ ! -s "$sess_data" ]]; then # it seems OpenSSL indicates no Session ID resumption by just not generating output debugme echo -n "No session resumption byID (empty file)" @@ -10957,7 +10957,7 @@ hmac() { local key="$2" text="$3" output local -i ret - if [[ ! "$OSSL_NAME" =~ LibreSSL ]] && [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == 3.0.0* ]]; then + if [[ ! "$OSSL_NAME" =~ LibreSSL ]] && [[ $OSSL_VER_MAJOR == 3 ]]; then output="$(asciihex_to_binary "$text" | $OPENSSL mac -macopt digest:"${hash_fn/-/}" -macopt hexkey:"$key" HMAC 2>/dev/null)" ret=$? tm_out "$(strip_lf "$output")" @@ -13018,7 +13018,7 @@ generate_key_share_extension() { [[ "$OSSL_NAME" =~ LibreSSL ]] && continue if [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR != 1.1.0* ]] && \ [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR != 1.1.1* ]] && \ - [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR != 3.0.0* ]]; then + [[ $OSSL_VER_MAJOR != 3 ]]; then continue fi fi @@ -13030,7 +13030,7 @@ generate_key_share_extension() { if [[ $i -gt 12 ]] && [[ $group -eq 30 ]] && [[ "$2" == all ]]; then [[ "$OSSL_NAME" =~ LibreSSL ]] && continue if [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR != 1.1.1* ]] && \ - [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR != 3.0.0* ]]; then + [[ $OSSL_VER_MAJOR != 3 ]]; then continue fi fi @@ -13197,7 +13197,7 @@ prepare_tls_clienthello() { # Supported Groups Extension if [[ ! "$process_full" =~ all ]] || ( [[ ! "$OSSL_NAME" =~ LibreSSL ]] && \ ( [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == 1.1.1* ]] || \ - [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == 3.0.0* ]] ) ); then + [[ $OSSL_VER_MAJOR == 3 ]] ) ); then extension_supported_groups=" 00,0a, # Type: Supported Groups, see RFC 8446 00,10, 00,0e, # lengths @@ -17062,7 +17062,7 @@ find_openssl_binary() { # see #190, reverting logic: unless otherwise proved openssl has no dh bits case "$OSSL_VER_MAJOR.$OSSL_VER_MINOR" in - 1.0.2|1.1.0|1.1.1|3.0.0) HAS_DH_BITS=true ;; + 1.0.2|1.1.0|1.1.1|3*) HAS_DH_BITS=true ;; esac if [[ "$OSSL_NAME" =~ LibreSSL ]]; then [[ ${OSSL_VER//./} -ge 210 ]] && HAS_DH_BITS=true