diff -up ./gtests/ssl_gtest/ssl_auth_unittest.cc.reorder-cipher-suites-gtests ./gtests/ssl_gtest/ssl_auth_unittest.cc
--- ./gtests/ssl_gtest/ssl_auth_unittest.cc.reorder-cipher-suites-gtests 2021-05-28 02:50:43.000000000 -0700
+++ ./gtests/ssl_gtest/ssl_auth_unittest.cc 2021-06-03 17:01:27.530383629 -0700
@@ -1036,7 +1036,9 @@ static SSLNamedGroup NamedGroupForEcdsa3
// NSS tries to match the group size to the symmetric cipher. In TLS 1.1 and
// 1.0, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is the highest priority suite, so
// we use P-384. With TLS 1.2 on we pick AES-128 GCM so use x25519.
- if (version <= SSL_LIBRARY_VERSION_TLS_1_1) {
+ // FIXME: In RHEL, we assign TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+ // a higher priority than AES-128 GCM.
+ if (version <= SSL_LIBRARY_VERSION_TLS_1_2) {
return ssl_grp_ec_secp384r1;
}
return ssl_grp_ec_curve25519;
@@ -1831,27 +1833,31 @@ INSTANTIATE_TEST_SUITE_P(
::testing::Values(TlsAgent::kServerRsa),
::testing::Values(ssl_auth_rsa_sign),
::testing::Values(ssl_sig_rsa_pkcs1_sha1)));
+// FIXME: In RHEL, we assign TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+// a higher priority than AES-128 GCM, and that causes the following
+// 4 TLS 1.2 tests to fail.
INSTANTIATE_TEST_SUITE_P(
SignatureSchemeEcdsaP256, TlsSignatureSchemeConfiguration,
::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
- TlsConnectTestBase::kTlsV12Plus,
+ TlsConnectTestBase::kTlsV13,
::testing::Values(TlsAgent::kServerEcdsa256),
::testing::Values(ssl_auth_ecdsa),
::testing::Values(ssl_sig_ecdsa_secp256r1_sha256)));
INSTANTIATE_TEST_SUITE_P(
SignatureSchemeEcdsaP384, TlsSignatureSchemeConfiguration,
::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
- TlsConnectTestBase::kTlsV12Plus,
+ TlsConnectTestBase::kTlsV13,
::testing::Values(TlsAgent::kServerEcdsa384),
::testing::Values(ssl_auth_ecdsa),
::testing::Values(ssl_sig_ecdsa_secp384r1_sha384)));
INSTANTIATE_TEST_SUITE_P(
SignatureSchemeEcdsaP521, TlsSignatureSchemeConfiguration,
::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
- TlsConnectTestBase::kTlsV12Plus,
+ TlsConnectTestBase::kTlsV13,
::testing::Values(TlsAgent::kServerEcdsa521),
::testing::Values(ssl_auth_ecdsa),
::testing::Values(ssl_sig_ecdsa_secp521r1_sha512)));
+#if 0
INSTANTIATE_TEST_SUITE_P(
SignatureSchemeEcdsaSha1, TlsSignatureSchemeConfiguration,
::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
@@ -1860,4 +1866,5 @@ INSTANTIATE_TEST_SUITE_P(
TlsAgent::kServerEcdsa384),
::testing::Values(ssl_auth_ecdsa),
::testing::Values(ssl_sig_ecdsa_sha1)));
+#endif
} // namespace nss_test
diff -up ./gtests/ssl_gtest/ssl_recordsize_unittest.cc.reorder-cipher-suites-gtests ./gtests/ssl_gtest/ssl_recordsize_unittest.cc
--- ./gtests/ssl_gtest/ssl_recordsize_unittest.cc.reorder-cipher-suites-gtests 2021-05-28 02:50:43.000000000 -0700
+++ ./gtests/ssl_gtest/ssl_recordsize_unittest.cc 2021-06-03 16:47:23.130301387 -0700
@@ -72,11 +72,13 @@ void CheckRecordSizes(const std::shared_
break;
case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
+ case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
expansion = 16;
iv = 8;
break;
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
+ case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
// Expansion is 20 for the MAC. Maximum block padding is 16. Maximum
// padding is added when the input plus the MAC is an exact multiple of
// the block size.
diff -up ./gtests/ssl_gtest/ssl_staticrsa_unittest.cc.reorder-cipher-suites-gtests ./gtests/ssl_gtest/ssl_staticrsa_unittest.cc
--- ./gtests/ssl_gtest/ssl_staticrsa_unittest.cc.reorder-cipher-suites-gtests 2021-05-28 02:50:43.000000000 -0700
+++ ./gtests/ssl_gtest/ssl_staticrsa_unittest.cc 2021-06-03 16:47:23.130301387 -0700
@@ -133,7 +133,19 @@ TEST_P(TlsConnectGenericPre13, TooLargeR
TEST_P(TlsConnectGeneric, ServerAuthBiggestRsa) {
Reset(TlsAgent::kRsa8192);
Connect();
- CheckKeys();
+ if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+ CheckKeys();
+ } else {
+ // in TLS 1.2 or TLS 1.1, AES-256 is selected by default, which
+ // needs a different kea setup
+ SSLSignatureScheme scheme;
+ if (version_ >= SSL_LIBRARY_VERSION_TLS_1_2) {
+ scheme = ssl_sig_rsa_pss_rsae_sha256;
+ } else {
+ scheme = ssl_sig_rsa_pkcs1_sha256;
+ }
+ CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp521r1, ssl_auth_rsa_sign, scheme);
+ }
}
} // namespace nss_test
diff -up ./gtests/ssl_gtest/tls_agent.cc.reorder-cipher-suites-gtests ./gtests/ssl_gtest/tls_agent.cc
--- ./gtests/ssl_gtest/tls_agent.cc.reorder-cipher-suites-gtests 2021-05-28 02:50:43.000000000 -0700
+++ ./gtests/ssl_gtest/tls_agent.cc 2021-06-03 16:47:23.130301387 -0700
@@ -603,6 +603,9 @@ void TlsAgent::CheckKEA(SSLKEAType kea,
case ssl_grp_ec_secp384r1:
kea_size = 384;
break;
+ case ssl_grp_ec_secp521r1:
+ kea_size = 521;
+ break;
case ssl_grp_ffdhe_2048:
kea_size = 2048;
break;