source-git / openssl

Clone
Source Code
GIT

Blame test/gosttest.c

c8 c8s master
  1.   3c126e197bf64be56e1432546d39885b80b61a84
  2.   test
  3.   gosttest.c
Blob History Raw
Packit Service 084de1 
/*
Packit Service 084de1 
 * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
Packit Service 084de1 
 *
Packit Service 084de1 
 * Licensed under the OpenSSL license (the "License").  You may not use
Packit Service 084de1 
 * this file except in compliance with the License.  You can obtain a copy
Packit Service 084de1 
 * in the file LICENSE in the source distribution or at
Packit Service 084de1 
 * https://www.openssl.org/source/license.html
Packit Service 084de1 
 */
Packit Service 084de1
Packit Service 084de1 
#include "ssltestlib.h"
Packit Service 084de1 
#include "testutil.h"
Packit Service 084de1 
#include "internal/nelem.h"
Packit Service 084de1
Packit Service 084de1 
static char *cert1 = NULL;
Packit Service 084de1 
static char *privkey1 = NULL;
Packit Service 084de1 
static char *cert2 = NULL;
Packit Service 084de1 
static char *privkey2 = NULL;
Packit Service 084de1
Packit Service 084de1 
static struct {
Packit Service 084de1 
    char *cipher;
Packit Service 084de1 
    int expected_prot;
Packit Service 084de1 
    int certnum;
Packit Service 084de1 
} ciphers[] = {
Packit Service 084de1 
    /* Server doesn't have a cert with appropriate sig algs - should fail */
Packit Service 084de1 
    {"AES128-SHA", 0, 0},
Packit Service 084de1 
    /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
Packit Service 084de1 
    {"GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 0},
Packit Service 084de1 
    /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
Packit Service 084de1 
    {"GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 1},
Packit Service 084de1 
    /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
Packit Service 084de1 
    {"GOST2001-GOST89-GOST89", TLS1_2_VERSION, 0},
Packit Service 084de1 
};
Packit Service 084de1
Packit Service 084de1 
/* Test that we never negotiate TLSv1.3 if using GOST */
Packit Service 084de1 
static int test_tls13(int idx)
Packit Service 084de1 
{
Packit Service 084de1 
    SSL_CTX *cctx = NULL, *sctx = NULL;
Packit Service 084de1 
    SSL *clientssl = NULL, *serverssl = NULL;
Packit Service 084de1 
    int testresult = 0;
Packit Service 084de1
Packit Service 084de1 
    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
Packit Service 084de1 
                                       TLS_client_method(),
Packit Service 084de1 
                                       TLS1_VERSION,
Packit Service 084de1 
                                       TLS_MAX_VERSION,
Packit Service 084de1 
                                       &sctx, &cctx,
Packit Service 084de1 
                                       ciphers[idx].certnum == 0 ? cert1
Packit Service 084de1 
                                                                 : cert2,
Packit Service 084de1 
                                       ciphers[idx].certnum == 0 ? privkey1
Packit Service 084de1 
                                                                 : privkey2)))
Packit Service 084de1 
        goto end;
Packit Service 084de1
Packit Service 084de1 
    if (!TEST_true(SSL_CTX_set_cipher_list(cctx, ciphers[idx].cipher))
Packit Service 084de1 
            || !TEST_true(SSL_CTX_set_cipher_list(sctx, ciphers[idx].cipher))
Packit Service 084de1 
            || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
Packit Service 084de1 
                                             NULL, NULL)))
Packit Service 084de1 
        goto end;
Packit Service 084de1
Packit Service 084de1 
    if (ciphers[idx].expected_prot == 0) {
Packit Service 084de1 
        if (!TEST_false(create_ssl_connection(serverssl, clientssl,
Packit Service 084de1 
                                              SSL_ERROR_NONE)))
Packit Service 084de1 
            goto end;
Packit Service 084de1 
    } else {
Packit Service 084de1 
        if (!TEST_true(create_ssl_connection(serverssl, clientssl,
Packit Service 084de1 
                                             SSL_ERROR_NONE))
Packit Service 084de1 
                || !TEST_int_eq(SSL_version(clientssl),
Packit Service 084de1 
                                ciphers[idx].expected_prot))
Packit Service 084de1 
        goto end;
Packit Service 084de1 
    }
Packit Service 084de1
Packit Service 084de1 
    testresult = 1;
Packit Service 084de1
Packit Service 084de1 
 end:
Packit Service 084de1 
    SSL_free(serverssl);
Packit Service 084de1 
    SSL_free(clientssl);
Packit Service 084de1 
    SSL_CTX_free(sctx);
Packit Service 084de1 
    SSL_CTX_free(cctx);
Packit Service 084de1
Packit Service 084de1 
    return testresult;
Packit Service 084de1 
}
Packit Service 084de1
Packit Service 084de1 
int setup_tests(void)
Packit Service 084de1 
{
Packit Service 084de1 
    if (!TEST_ptr(cert1 = test_get_argument(0))
Packit Service 084de1 
            || !TEST_ptr(privkey1 = test_get_argument(1))
Packit Service 084de1 
            || !TEST_ptr(cert2 = test_get_argument(2))
Packit Service 084de1 
            || !TEST_ptr(privkey2 = test_get_argument(3)))
Packit Service 084de1 
        return 0;
Packit Service 084de1
Packit Service 084de1 
    ADD_ALL_TESTS(test_tls13, OSSL_NELEM(ciphers));
Packit Service 084de1 
    return 1;
Packit Service 084de1 
}

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation