gosttest.c 3.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106
  1. /*
  2. * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include "ssltestlib.h"
  10. #include "testutil.h"
  11. #include "internal/nelem.h"
  12. static char *cert1 = NULL;
  13. static char *privkey1 = NULL;
  14. static char *cert2 = NULL;
  15. static char *privkey2 = NULL;
  16. static struct {
  17. char *cipher;
  18. int expected_prot;
  19. int certnum;
  20. } ciphers[] = {
  21. /* Server doesn't have a cert with appropriate sig algs - should fail */
  22. {"AES128-SHA", 0, 0},
  23. /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
  24. {"GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 0},
  25. /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
  26. {"GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 1},
  27. /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
  28. {"IANA-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 0},
  29. /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
  30. {"IANA-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 1},
  31. /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
  32. {"LEGACY-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 0},
  33. /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
  34. {"LEGACY-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 1},
  35. /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
  36. {"GOST2001-GOST89-GOST89", TLS1_2_VERSION, 0},
  37. };
  38. /* Test that we never negotiate TLSv1.3 if using GOST */
  39. static int test_tls13(int idx)
  40. {
  41. SSL_CTX *cctx = NULL, *sctx = NULL;
  42. SSL *clientssl = NULL, *serverssl = NULL;
  43. int testresult = 0;
  44. if (!TEST_true(create_ssl_ctx_pair(NULL, TLS_server_method(),
  45. TLS_client_method(),
  46. TLS1_VERSION,
  47. 0,
  48. &sctx, &cctx,
  49. ciphers[idx].certnum == 0 ? cert1
  50. : cert2,
  51. ciphers[idx].certnum == 0 ? privkey1
  52. : privkey2)))
  53. goto end;
  54. if (!TEST_true(SSL_CTX_set_cipher_list(cctx, ciphers[idx].cipher))
  55. || !TEST_true(SSL_CTX_set_cipher_list(sctx, ciphers[idx].cipher))
  56. || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
  57. NULL, NULL)))
  58. goto end;
  59. if (ciphers[idx].expected_prot == 0) {
  60. if (!TEST_false(create_ssl_connection(serverssl, clientssl,
  61. SSL_ERROR_NONE)))
  62. goto end;
  63. } else {
  64. if (!TEST_true(create_ssl_connection(serverssl, clientssl,
  65. SSL_ERROR_NONE))
  66. || !TEST_int_eq(SSL_version(clientssl),
  67. ciphers[idx].expected_prot))
  68. goto end;
  69. }
  70. testresult = 1;
  71. end:
  72. SSL_free(serverssl);
  73. SSL_free(clientssl);
  74. SSL_CTX_free(sctx);
  75. SSL_CTX_free(cctx);
  76. return testresult;
  77. }
  78. OPT_TEST_DECLARE_USAGE("certfile1 privkeyfile1 certfile2 privkeyfile2\n")
  79. int setup_tests(void)
  80. {
  81. if (!test_skip_common_options()) {
  82. TEST_error("Error parsing test options\n");
  83. return 0;
  84. }
  85. if (!TEST_ptr(cert1 = test_get_argument(0))
  86. || !TEST_ptr(privkey1 = test_get_argument(1))
  87. || !TEST_ptr(cert2 = test_get_argument(2))
  88. || !TEST_ptr(privkey2 = test_get_argument(3)))
  89. return 0;
  90. ADD_ALL_TESTS(test_tls13, OSSL_NELEM(ciphers));
  91. return 1;
  92. }