]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/gosttest.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Remove getenv(OPENSSL_FIPS) in openssl command
[thirdparty/openssl.git] / test / gosttest.c
1 /*
2 * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include "ssltestlib.h"
11 #include "testutil.h"
12 #include "internal/nelem.h"
13
14 static char *cert1 = NULL;
15 static char *privkey1 = NULL;
16 static char *cert2 = NULL;
17 static char *privkey2 = NULL;
18
19 static struct {
20 char *cipher;
21 int expected_prot;
22 int certnum;
23 } ciphers[] = {
24 /* Server doesn't have a cert with appropriate sig algs - should fail */
25 {"AES128-SHA", 0, 0},
26 /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
27 {"GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 0},
28 /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
29 {"GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 1},
30 /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
31 {"IANA-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 0},
32 /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
33 {"IANA-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 1},
34 /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
35 {"LEGACY-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 0},
36 /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
37 {"LEGACY-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 1},
38 /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
39 {"GOST2001-GOST89-GOST89", TLS1_2_VERSION, 0},
40 };
41
42 /* Test that we never negotiate TLSv1.3 if using GOST */
43 static int test_tls13(int idx)
44 {
45 SSL_CTX *cctx = NULL, *sctx = NULL;
46 SSL *clientssl = NULL, *serverssl = NULL;
47 int testresult = 0;
48
49 if (!TEST_true(create_ssl_ctx_pair(NULL, TLS_server_method(),
50 TLS_client_method(),
51 TLS1_VERSION,
52 0,
53 &sctx, &cctx,
54 ciphers[idx].certnum == 0 ? cert1
55 : cert2,
56 ciphers[idx].certnum == 0 ? privkey1
57 : privkey2)))
58 goto end;
59
60 if (!TEST_true(SSL_CTX_set_cipher_list(cctx, ciphers[idx].cipher))
61 || !TEST_true(SSL_CTX_set_cipher_list(sctx, ciphers[idx].cipher))
62 || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
63 NULL, NULL)))
64 goto end;
65
66 if (ciphers[idx].expected_prot == 0) {
67 if (!TEST_false(create_ssl_connection(serverssl, clientssl,
68 SSL_ERROR_NONE)))
69 goto end;
70 } else {
71 if (!TEST_true(create_ssl_connection(serverssl, clientssl,
72 SSL_ERROR_NONE))
73 || !TEST_int_eq(SSL_version(clientssl),
74 ciphers[idx].expected_prot))
75 goto end;
76 }
77
78 testresult = 1;
79
80 end:
81 SSL_free(serverssl);
82 SSL_free(clientssl);
83 SSL_CTX_free(sctx);
84 SSL_CTX_free(cctx);
85
86 return testresult;
87 }
88
89 OPT_TEST_DECLARE_USAGE("certfile1 privkeyfile1 certfile2 privkeyfile2\n")
90
91 int setup_tests(void)
92 {
93 if (!test_skip_common_options()) {
94 TEST_error("Error parsing test options\n");
95 return 0;
96 }
97
98 if (!TEST_ptr(cert1 = test_get_argument(0))
99 || !TEST_ptr(privkey1 = test_get_argument(1))
100 || !TEST_ptr(cert2 = test_get_argument(2))
101 || !TEST_ptr(privkey2 = test_get_argument(3)))
102 return 0;
103
104 ADD_ALL_TESTS(test_tls13, OSSL_NELEM(ciphers));
105 return 1;
106 }
A mirror of the official openssl repository