]>
Commit | Line | Data |
---|---|---|
1e839545 MC |
1 | /* |
2 | * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * | |
909f1a2e | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
1e839545 MC |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | #include "ssltestlib.h" | |
11 | #include "testutil.h" | |
12 | #include "internal/nelem.h" | |
13 | ||
14 | static char *cert1 = NULL; | |
15 | static char *privkey1 = NULL; | |
16 | static char *cert2 = NULL; | |
17 | static char *privkey2 = NULL; | |
18 | ||
19 | static struct { | |
20 | char *cipher; | |
21 | int expected_prot; | |
22 | int certnum; | |
23 | } ciphers[] = { | |
24 | /* Server doesn't have a cert with appropriate sig algs - should fail */ | |
25 | {"AES128-SHA", 0, 0}, | |
26 | /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */ | |
27 | {"GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 0}, | |
28 | /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */ | |
29 | {"GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 1}, | |
30 | /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */ | |
31 | {"GOST2001-GOST89-GOST89", TLS1_2_VERSION, 0}, | |
32 | }; | |
33 | ||
34 | /* Test that we never negotiate TLSv1.3 if using GOST */ | |
35 | static int test_tls13(int idx) | |
36 | { | |
37 | SSL_CTX *cctx = NULL, *sctx = NULL; | |
38 | SSL *clientssl = NULL, *serverssl = NULL; | |
39 | int testresult = 0; | |
40 | ||
41 | if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), | |
42 | TLS_client_method(), | |
43 | TLS1_VERSION, | |
5c587fb6 | 44 | 0, |
1e839545 MC |
45 | &sctx, &cctx, |
46 | ciphers[idx].certnum == 0 ? cert1 | |
47 | : cert2, | |
48 | ciphers[idx].certnum == 0 ? privkey1 | |
49 | : privkey2))) | |
50 | goto end; | |
51 | ||
52 | if (!TEST_true(SSL_CTX_set_cipher_list(cctx, ciphers[idx].cipher)) | |
53 | || !TEST_true(SSL_CTX_set_cipher_list(sctx, ciphers[idx].cipher)) | |
54 | || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, | |
55 | NULL, NULL))) | |
56 | goto end; | |
57 | ||
58 | if (ciphers[idx].expected_prot == 0) { | |
59 | if (!TEST_false(create_ssl_connection(serverssl, clientssl, | |
60 | SSL_ERROR_NONE))) | |
61 | goto end; | |
62 | } else { | |
63 | if (!TEST_true(create_ssl_connection(serverssl, clientssl, | |
64 | SSL_ERROR_NONE)) | |
65 | || !TEST_int_eq(SSL_version(clientssl), | |
66 | ciphers[idx].expected_prot)) | |
67 | goto end; | |
68 | } | |
69 | ||
70 | testresult = 1; | |
71 | ||
72 | end: | |
73 | SSL_free(serverssl); | |
74 | SSL_free(clientssl); | |
75 | SSL_CTX_free(sctx); | |
76 | SSL_CTX_free(cctx); | |
77 | ||
78 | return testresult; | |
79 | } | |
80 | ||
a43ce58f SL |
81 | OPT_TEST_DECLARE_USAGE("certfile1 privkeyfile1 certfile2 privkeyfile2\n") |
82 | ||
1e839545 MC |
83 | int setup_tests(void) |
84 | { | |
85 | if (!TEST_ptr(cert1 = test_get_argument(0)) | |
86 | || !TEST_ptr(privkey1 = test_get_argument(1)) | |
87 | || !TEST_ptr(cert2 = test_get_argument(2)) | |
88 | || !TEST_ptr(privkey2 = test_get_argument(3))) | |
89 | return 0; | |
90 | ||
91 | ADD_ALL_TESTS(test_tls13, OSSL_NELEM(ciphers)); | |
92 | return 1; | |
93 | } |