]>
Commit | Line | Data |
---|---|---|
1 | /* | |
2 | * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * | |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | #include "ssltestlib.h" | |
11 | #include "testutil.h" | |
12 | #include "internal/nelem.h" | |
13 | ||
14 | static char *cert1 = NULL; | |
15 | static char *privkey1 = NULL; | |
16 | static char *cert2 = NULL; | |
17 | static char *privkey2 = NULL; | |
18 | ||
19 | static struct { | |
20 | char *cipher; | |
21 | int expected_prot; | |
22 | int certnum; | |
23 | } ciphers[] = { | |
24 | /* Server doesn't have a cert with appropriate sig algs - should fail */ | |
25 | {"AES128-SHA", 0, 0}, | |
26 | /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */ | |
27 | {"GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 0}, | |
28 | /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */ | |
29 | {"GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 1}, | |
30 | /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */ | |
31 | {"IANA-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 0}, | |
32 | /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */ | |
33 | {"IANA-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 1}, | |
34 | /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */ | |
35 | {"LEGACY-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 0}, | |
36 | /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */ | |
37 | {"LEGACY-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 1}, | |
38 | /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */ | |
39 | {"GOST2001-GOST89-GOST89", TLS1_2_VERSION, 0}, | |
40 | }; | |
41 | ||
42 | /* Test that we never negotiate TLSv1.3 if using GOST */ | |
43 | static int test_tls13(int idx) | |
44 | { | |
45 | SSL_CTX *cctx = NULL, *sctx = NULL; | |
46 | SSL *clientssl = NULL, *serverssl = NULL; | |
47 | int testresult = 0; | |
48 | ||
49 | if (!TEST_true(create_ssl_ctx_pair(NULL, TLS_server_method(), | |
50 | TLS_client_method(), | |
51 | TLS1_VERSION, | |
52 | 0, | |
53 | &sctx, &cctx, | |
54 | ciphers[idx].certnum == 0 ? cert1 | |
55 | : cert2, | |
56 | ciphers[idx].certnum == 0 ? privkey1 | |
57 | : privkey2))) | |
58 | goto end; | |
59 | ||
60 | if (!TEST_true(SSL_CTX_set_cipher_list(cctx, ciphers[idx].cipher)) | |
61 | || !TEST_true(SSL_CTX_set_cipher_list(sctx, ciphers[idx].cipher)) | |
62 | || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, | |
63 | NULL, NULL))) | |
64 | goto end; | |
65 | ||
66 | if (ciphers[idx].expected_prot == 0) { | |
67 | if (!TEST_false(create_ssl_connection(serverssl, clientssl, | |
68 | SSL_ERROR_NONE))) | |
69 | goto end; | |
70 | } else { | |
71 | if (!TEST_true(create_ssl_connection(serverssl, clientssl, | |
72 | SSL_ERROR_NONE)) | |
73 | || !TEST_int_eq(SSL_version(clientssl), | |
74 | ciphers[idx].expected_prot)) | |
75 | goto end; | |
76 | } | |
77 | ||
78 | testresult = 1; | |
79 | ||
80 | end: | |
81 | SSL_free(serverssl); | |
82 | SSL_free(clientssl); | |
83 | SSL_CTX_free(sctx); | |
84 | SSL_CTX_free(cctx); | |
85 | ||
86 | return testresult; | |
87 | } | |
88 | ||
89 | OPT_TEST_DECLARE_USAGE("certfile1 privkeyfile1 certfile2 privkeyfile2\n") | |
90 | ||
91 | int setup_tests(void) | |
92 | { | |
93 | if (!test_skip_common_options()) { | |
94 | TEST_error("Error parsing test options\n"); | |
95 | return 0; | |
96 | } | |
97 | ||
98 | if (!TEST_ptr(cert1 = test_get_argument(0)) | |
99 | || !TEST_ptr(privkey1 = test_get_argument(1)) | |
100 | || !TEST_ptr(cert2 = test_get_argument(2)) | |
101 | || !TEST_ptr(privkey2 = test_get_argument(3))) | |
102 | return 0; | |
103 | ||
104 | ADD_ALL_TESTS(test_tls13, OSSL_NELEM(ciphers)); | |
105 | return 1; | |
106 | } |