|
Packit Service |
084de1 |
/*
|
|
Packit Service |
084de1 |
* Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
|
|
Packit Service |
084de1 |
*
|
|
Packit Service |
084de1 |
* Licensed under the OpenSSL license (the "License"). You may not use
|
|
Packit Service |
084de1 |
* this file except in compliance with the License. You can obtain a copy
|
|
Packit Service |
084de1 |
* in the file LICENSE in the source distribution or at
|
|
Packit Service |
084de1 |
* https://www.openssl.org/source/license.html
|
|
Packit Service |
084de1 |
*/
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
#include "ssltestlib.h"
|
|
Packit Service |
084de1 |
#include "testutil.h"
|
|
Packit Service |
084de1 |
#include "internal/nelem.h"
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
static char *cert1 = NULL;
|
|
Packit Service |
084de1 |
static char *privkey1 = NULL;
|
|
Packit Service |
084de1 |
static char *cert2 = NULL;
|
|
Packit Service |
084de1 |
static char *privkey2 = NULL;
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
static struct {
|
|
Packit Service |
084de1 |
char *cipher;
|
|
Packit Service |
084de1 |
int expected_prot;
|
|
Packit Service |
084de1 |
int certnum;
|
|
Packit Service |
084de1 |
} ciphers[] = {
|
|
Packit Service |
084de1 |
/* Server doesn't have a cert with appropriate sig algs - should fail */
|
|
Packit Service |
084de1 |
{"AES128-SHA", 0, 0},
|
|
Packit Service |
084de1 |
/* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
|
|
Packit Service |
084de1 |
{"GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 0},
|
|
Packit Service |
084de1 |
/* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
|
|
Packit Service |
084de1 |
{"GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 1},
|
|
Packit Service |
084de1 |
/* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
|
|
Packit Service |
084de1 |
{"GOST2001-GOST89-GOST89", TLS1_2_VERSION, 0},
|
|
Packit Service |
084de1 |
};
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
/* Test that we never negotiate TLSv1.3 if using GOST */
|
|
Packit Service |
084de1 |
static int test_tls13(int idx)
|
|
Packit Service |
084de1 |
{
|
|
Packit Service |
084de1 |
SSL_CTX *cctx = NULL, *sctx = NULL;
|
|
Packit Service |
084de1 |
SSL *clientssl = NULL, *serverssl = NULL;
|
|
Packit Service |
084de1 |
int testresult = 0;
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
|
|
Packit Service |
084de1 |
TLS_client_method(),
|
|
Packit Service |
084de1 |
TLS1_VERSION,
|
|
Packit Service |
084de1 |
TLS_MAX_VERSION,
|
|
Packit Service |
084de1 |
&sctx, &cctx,
|
|
Packit Service |
084de1 |
ciphers[idx].certnum == 0 ? cert1
|
|
Packit Service |
084de1 |
: cert2,
|
|
Packit Service |
084de1 |
ciphers[idx].certnum == 0 ? privkey1
|
|
Packit Service |
084de1 |
: privkey2)))
|
|
Packit Service |
084de1 |
goto end;
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
if (!TEST_true(SSL_CTX_set_cipher_list(cctx, ciphers[idx].cipher))
|
|
Packit Service |
084de1 |
|| !TEST_true(SSL_CTX_set_cipher_list(sctx, ciphers[idx].cipher))
|
|
Packit Service |
084de1 |
|| !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
|
|
Packit Service |
084de1 |
NULL, NULL)))
|
|
Packit Service |
084de1 |
goto end;
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
if (ciphers[idx].expected_prot == 0) {
|
|
Packit Service |
084de1 |
if (!TEST_false(create_ssl_connection(serverssl, clientssl,
|
|
Packit Service |
084de1 |
SSL_ERROR_NONE)))
|
|
Packit Service |
084de1 |
goto end;
|
|
Packit Service |
084de1 |
} else {
|
|
Packit Service |
084de1 |
if (!TEST_true(create_ssl_connection(serverssl, clientssl,
|
|
Packit Service |
084de1 |
SSL_ERROR_NONE))
|
|
Packit Service |
084de1 |
|| !TEST_int_eq(SSL_version(clientssl),
|
|
Packit Service |
084de1 |
ciphers[idx].expected_prot))
|
|
Packit Service |
084de1 |
goto end;
|
|
Packit Service |
084de1 |
}
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
testresult = 1;
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
end:
|
|
Packit Service |
084de1 |
SSL_free(serverssl);
|
|
Packit Service |
084de1 |
SSL_free(clientssl);
|
|
Packit Service |
084de1 |
SSL_CTX_free(sctx);
|
|
Packit Service |
084de1 |
SSL_CTX_free(cctx);
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
return testresult;
|
|
Packit Service |
084de1 |
}
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
int setup_tests(void)
|
|
Packit Service |
084de1 |
{
|
|
Packit Service |
084de1 |
if (!TEST_ptr(cert1 = test_get_argument(0))
|
|
Packit Service |
084de1 |
|| !TEST_ptr(privkey1 = test_get_argument(1))
|
|
Packit Service |
084de1 |
|| !TEST_ptr(cert2 = test_get_argument(2))
|
|
Packit Service |
084de1 |
|| !TEST_ptr(privkey2 = test_get_argument(3)))
|
|
Packit Service |
084de1 |
return 0;
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
ADD_ALL_TESTS(test_tls13, OSSL_NELEM(ciphers));
|
|
Packit Service |
084de1 |
return 1;
|
|
Packit Service |
084de1 |
}
|