]>
git.ipfire.org Git - thirdparty/openssl.git/blob - test/gosttest.c
2 * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include "ssltestlib.h"
12 #include "internal/nelem.h"
14 static char *cert1
= NULL
;
15 static char *privkey1
= NULL
;
16 static char *cert2
= NULL
;
17 static char *privkey2
= NULL
;
24 /* Server doesn't have a cert with appropriate sig algs - should fail */
26 /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
27 {"GOST2012-GOST8912-GOST8912", TLS1_2_VERSION
, 0},
28 /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
29 {"GOST2012-GOST8912-GOST8912", TLS1_2_VERSION
, 1},
30 /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
31 {"IANA-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION
, 0},
32 /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
33 {"IANA-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION
, 1},
34 /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
35 {"LEGACY-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION
, 0},
36 /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
37 {"LEGACY-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION
, 1},
38 /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
39 {"GOST2001-GOST89-GOST89", TLS1_2_VERSION
, 0},
42 /* Test that we never negotiate TLSv1.3 if using GOST */
43 static int test_tls13(int idx
)
45 SSL_CTX
*cctx
= NULL
, *sctx
= NULL
;
46 SSL
*clientssl
= NULL
, *serverssl
= NULL
;
49 if (!TEST_true(create_ssl_ctx_pair(NULL
, TLS_server_method(),
54 ciphers
[idx
].certnum
== 0 ? cert1
56 ciphers
[idx
].certnum
== 0 ? privkey1
60 if (!TEST_true(SSL_CTX_set_cipher_list(cctx
, ciphers
[idx
].cipher
))
61 || !TEST_true(SSL_CTX_set_cipher_list(sctx
, ciphers
[idx
].cipher
))
62 || !TEST_true(create_ssl_objects(sctx
, cctx
, &serverssl
, &clientssl
,
66 if (ciphers
[idx
].expected_prot
== 0) {
67 if (!TEST_false(create_ssl_connection(serverssl
, clientssl
,
71 if (!TEST_true(create_ssl_connection(serverssl
, clientssl
,
73 || !TEST_int_eq(SSL_version(clientssl
),
74 ciphers
[idx
].expected_prot
))
89 OPT_TEST_DECLARE_USAGE("certfile1 privkeyfile1 certfile2 privkeyfile2\n")
93 if (!test_skip_common_options()) {
94 TEST_error("Error parsing test options\n");
98 if (!TEST_ptr(cert1
= test_get_argument(0))
99 || !TEST_ptr(privkey1
= test_get_argument(1))
100 || !TEST_ptr(cert2
= test_get_argument(2))
101 || !TEST_ptr(privkey2
= test_get_argument(3)))
104 ADD_ALL_TESTS(test_tls13
, OSSL_NELEM(ciphers
));