[PATCH 0/2] MR6124: secur32/tests: Switch to TLS 1.2 for connections to test.winehq.org.

List overview All Threads

newer

older

[PATCH 0/1] MR6125: server: Ensure...

[PATCH 0/1] MR6053: d3dx9/effect:...

Hans Leidekker (＠hans)

19 Jul 2024 19 Jul '24

12:12 p.m.

Fixes test failures introduced by the server upgrade.

-- https://gitlab.winehq.org/wine/wine/-/merge_requests/6124

Show replies by date

Hans Leidekker

19 Jul 19 Jul

12:12 p.m.

New subject: [PATCH 1/2] secur32: Handle GNUTLS_MAC_AEAD.

From: Hans Leidekker hans@codeweavers.com

--- dlls/secur32/schannel_gnutls.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/dlls/secur32/schannel_gnutls.c b/dlls/secur32/schannel_gnutls.c index 1af0682b269..aaebfda062b 100644 --- a/dlls/secur32/schannel_gnutls.c +++ b/dlls/secur32/schannel_gnutls.c @@ -904,6 +904,7 @@ static const WCHAR *get_hash_str( gnutls_session_t session, BOOL full ) static const WCHAR sha384W[] = {'S','H','A','3','8','4',0}; static const WCHAR sha512W[] = {'S','H','A','5','1','2',0}; static const WCHAR unknownW[] = {'<','u','n','k','n','o','w','n','>',0}; + static const WCHAR emptyW[] = {0}; gnutls_mac_algorithm_t mac = pgnutls_mac_get( session );

switch (mac) @@ -913,6 +914,7 @@ static const WCHAR *get_hash_str( gnutls_session_t session, BOOL full ) case GNUTLS_MAC_SHA256: return sha256W; case GNUTLS_MAC_SHA384: return sha384W; case GNUTLS_MAC_SHA512: return sha512W; + case GNUTLS_MAC_AEAD: return emptyW; default: FIXME( "unknown mac %u\n", mac ); return unknownW; @@ -991,14 +993,16 @@ static const WCHAR *get_chaining_mode_str( gnutls_session_t session )

static NTSTATUS schan_get_cipher_info( void *args ) { - const WCHAR tlsW[] = {'T','L','S','_',0}; - const WCHAR underscoreW[] = {'_',0}; - const WCHAR widthW[] = {'_','W','I','T','H','_',0}; + static const WCHAR tlsW[] = {'T','L','S','_',0}; + static const WCHAR underscoreW[] = {'_',0}; + static const WCHAR widthW[] = {'_','W','I','T','H','_',0}; + static const WCHAR sha384W[] = {'S','H','A','3','8','4',0}; const struct get_cipher_info_params *params = args; gnutls_session_t session = session_from_handle( params->session ); SecPkgContext_CipherInfo *info = params->info; char buf[11]; WCHAR *ptr; + const WCHAR *hash; int len;

info->dwProtocol = get_protocol_version( session ); @@ -1028,7 +1032,9 @@ static NTSTATUS schan_get_cipher_info( void *args ) wcscat( info->szCipherSuite, underscoreW ); wcscat( info->szCipherSuite, get_chaining_mode_str( session ) ); wcscat( info->szCipherSuite, underscoreW ); - wcscat( info->szCipherSuite, get_hash_str( session, FALSE ) ); + hash = get_hash_str( session, FALSE ); + if (hash[0]) wcscat( info->szCipherSuite, hash ); + else wcscat( info->szCipherSuite, sha384W ); /* FIXME */ return SEC_E_OK; }

-- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/6124

Hans Leidekker

12:12 p.m.

New subject: [PATCH 2/2] secur32/tests: Switch to TLS 1.2 for connections to test.winehq.org.

From: Hans Leidekker hans@codeweavers.com

Fixes test failures introduced by the server upgrade. --- dlls/secur32/tests/schannel.c | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-)

diff --git a/dlls/secur32/tests/schannel.c b/dlls/secur32/tests/schannel.c index 412d3703453..d17d6345af3 100644 --- a/dlls/secur32/tests/schannel.c +++ b/dlls/secur32/tests/schannel.c @@ -1014,7 +1014,7 @@ static void test_communication(void)

/* Create client credentials */ init_cred(&cred); - cred.grbitEnabledProtocols = SP_PROT_TLS1_CLIENT; + cred.grbitEnabledProtocols = SP_PROT_TLS1_2_CLIENT; cred.dwFlags = SCH_CRED_NO_DEFAULT_CREDS|SCH_CRED_MANUAL_CRED_VALIDATION;

status = AcquireCredentialsHandleA(NULL, (SEC_CHAR *)UNISP_NAME_A, SECPKG_CRED_OUTBOUND, NULL, @@ -1265,7 +1265,7 @@ static void test_communication(void) ok(status == SEC_E_OK, "QueryContextAttributesW(SECPKG_ATTR_CONNECTION_INFO) failed: %08lx\n", status); if(status == SEC_E_OK) { ok(conn_info.dwCipherStrength >= 128, "conn_info.dwCipherStrength = %ld\n", conn_info.dwCipherStrength); - ok(conn_info.dwHashStrength >= 128, "conn_info.dwHashStrength = %ld\n", conn_info.dwHashStrength); + ok(!conn_info.dwHashStrength, "conn_info.dwHashStrength = %ld\n", conn_info.dwHashStrength); }

memset(&cipher, 0, sizeof(cipher)); @@ -1274,17 +1274,16 @@ static void test_communication(void) ok(status == SEC_E_OK, "got %08lx\n", status); if (status == SEC_E_OK) { - ok(cipher.dwProtocol == 0x301, "got %lx\n", cipher.dwProtocol); - todo_wine ok(cipher.dwCipherSuite == 0xc014, "got %lx\n", cipher.dwCipherSuite); - todo_wine ok(cipher.dwBaseCipherSuite == 0xc014, "got %lx\n", cipher.dwBaseCipherSuite); - ok(!wcscmp(cipher.szCipherSuite, L"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA") || - !wcscmp(cipher.szCipherSuite, L"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256"), /* < win10 */ + ok(cipher.dwProtocol == 0x303, "got %lx\n", cipher.dwProtocol); + todo_wine ok(cipher.dwCipherSuite == 0xc030, "got %lx\n", cipher.dwCipherSuite); + todo_wine ok(cipher.dwBaseCipherSuite == 0xc030, "got %lx\n", cipher.dwBaseCipherSuite); + ok(!wcscmp(cipher.szCipherSuite, L"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"), "got %s\n", wine_dbgstr_w(cipher.szCipherSuite)); ok(!wcscmp(cipher.szCipher, L"AES"), "got %s\n", wine_dbgstr_w(cipher.szCipher)); ok(cipher.dwCipherLen == 256, "got %lu\n", cipher.dwCipherLen); ok(cipher.dwCipherBlockLen == 16, "got %lu\n", cipher.dwCipherBlockLen); - ok(!wcscmp(cipher.szHash, L"SHA1"), "got %s\n", wine_dbgstr_w(cipher.szHash)); - ok(cipher.dwHashLen == 160, "got %lu\n", cipher.dwHashLen); + ok(!cipher.szHash[0], "got %s\n", wine_dbgstr_w(cipher.szHash)); + ok(!cipher.dwHashLen, "got %lu\n", cipher.dwHashLen); ok(!wcscmp(cipher.szExchange, L"ECDH") || !wcscmp(cipher.szExchange, L"ECDH_P256"), /* < win10 */ "got %s\n", wine_dbgstr_w(cipher.szExchange)); ok(cipher.dwMinExchangeLen == 0 || cipher.dwMinExchangeLen == 256, /* < win10 */ @@ -1381,11 +1380,11 @@ static void test_communication(void) status = DecryptMessage(&context, &buffers[0], 0, NULL); ok(status == SEC_I_RENEGOTIATE, "Expected SEC_I_RENEGOTIATE, got %08lx\n", status); ok(buffers[0].pBuffers[0].BufferType == SECBUFFER_STREAM_HEADER, "got %lu\n", buffers[0].pBuffers[0].BufferType); - ok(buffers[0].pBuffers[0].cbBuffer == 5, "got %lu\n", buffers[0].pBuffers[0].cbBuffer); + todo_wine ok(buffers[0].pBuffers[0].cbBuffer == 13, "got %lu\n", buffers[0].pBuffers[0].cbBuffer); ok(buffers[0].pBuffers[1].BufferType == SECBUFFER_DATA, "got %lu\n", buffers[0].pBuffers[1].BufferType); ok(buffers[0].pBuffers[1].cbBuffer == 0, "got %lu\n", buffers[0].pBuffers[1].cbBuffer); ok(buffers[0].pBuffers[2].BufferType == SECBUFFER_STREAM_TRAILER, "got %lu\n", buffers[0].pBuffers[2].BufferType); - todo_wine ok(buffers[0].pBuffers[2].cbBuffer == 32, "got %lu\n", buffers[0].pBuffers[2].cbBuffer); + todo_wine ok(buffers[0].pBuffers[2].cbBuffer == 20, "got %lu\n", buffers[0].pBuffers[2].cbBuffer);

pfx.pbData = (BYTE *)pfxdata; pfx.cbData = sizeof(pfxdata); @@ -1454,7 +1453,7 @@ static void test_communication(void) ISC_REQ_USE_SUPPLIED_CREDS, 0, 0, &buffers[1], 0, &context2, &buffers[0], &attrs, NULL); buffers[1].pBuffers[0].cbBuffer = buf_size; } - ok (status == SEC_E_CERT_EXPIRED, "got %08lx\n", status); + ok (status == SEC_E_ALGORITHM_MISMATCH, "got %08lx\n", status);

done: DeleteSecurityContext(&context); @@ -1494,7 +1493,7 @@ static void test_application_protocol_negotiation(void) if ((sock = create_ssl_socket( "test.winehq.org" )) == -1) return;

init_cred(&cred); - cred.grbitEnabledProtocols = SP_PROT_TLS1_CLIENT; + cred.grbitEnabledProtocols = SP_PROT_TLS1_2_CLIENT; cred.dwFlags = SCH_CRED_NO_DEFAULT_CREDS|SCH_CRED_MANUAL_CRED_VALIDATION;

status = AcquireCredentialsHandleA(NULL, (SEC_CHAR *)UNISP_NAME_A, SECPKG_CRED_OUTBOUND, NULL,

-- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/6124

Marvin

12:36 p.m.

New subject: [PATCH 2/2] secur32/tests: Switch to TLS 1.2 for connections to test.winehq.org.

Hi,

It looks like your patch introduced the new failures shown below. Please investigate and fix them before resubmitting your patch. If they are not new, fixing them anyway would help a lot. Otherwise please ask for the known failures list to be updated.

The tests also ran into some preexisting test failures. If you know how to fix them that would be helpful. See the TestBot job for the details:

The full results can be found at: https://testbot.winehq.org/JobDetails.pl?Key=147231

Your paranoid android.

=== w7u_2qxl (32 bit report) ===

secur32: schannel.c:1278: Test failed: got 9f schannel.c:1279: Test failed: got 9f schannel.c:1280: Test failed: got L"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" schannel.c:1287: Test failed: got L"DH" schannel.c:1289: Test failed: got 1024 schannel.c:1291: Test failed: got 1024 schannel.c:1294: Test failed: got 0 schannel.c:1456: Test failed: got 80090328

=== w7u_adm (32 bit report) ===

=== w7u_el (32 bit report) ===

=== w8 (32 bit report) ===

=== w8adm (32 bit report) ===

=== w864 (32 bit report) ===

=== w1064v1507 (32 bit report) ===

secur32: schannel.c:1456: Test failed: got 80090328

=== w7pro64 (64 bit report) ===

=== w864 (64 bit report) ===

=== w1064v1507 (64 bit report) ===

secur32: schannel.c:1456: Test failed: got 80090328

203

Age (days ago)

203

Last active (days ago)

wine-gitlab@winehq.org

3 comments

3 participants

tags (0)

participants (3)

Hans Leidekker
Hans Leidekker (＠hans)
Marvin