#include "testutil.h"
#include "testutil/output.h"
#include "internal/nelem.h"
+#include "internal/tlsgroups.h"
#include "internal/ktls.h"
#include "../ssl/ssl_local.h"
#include "../ssl/record/methods/recmethod_local.h"
{validlist3, OSSL_NELEM(validlist3), NULL, 1, 0},
# endif
{NULL, 0, "RSA+SHA256", 1, 1},
+ {NULL, 0, "RSA+SHA256:?Invalid", 1, 1},
# ifndef OPENSSL_NO_EC
{NULL, 0, "RSA+SHA256:ECDSA+SHA512", 1, 1},
{NULL, 0, "ECDSA+SHA512", 1, 0},
return testresult;
}
+static int test_unknown_sigalgs_groups(void)
+{
+ int ret = 0;
+ SSL_CTX *ctx = NULL;
+
+ if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method())))
+ goto end;
+
+ if (!TEST_int_gt(SSL_CTX_set1_sigalgs_list(ctx,
+ "RSA+SHA256:?nonexistent:?RSA+SHA512"),
+ 0))
+ goto end;
+ if (!TEST_size_t_eq(ctx->cert->conf_sigalgslen, 2)
+ || !TEST_int_eq(ctx->cert->conf_sigalgs[0], TLSEXT_SIGALG_rsa_pkcs1_sha256)
+ || !TEST_int_eq(ctx->cert->conf_sigalgs[1], TLSEXT_SIGALG_rsa_pkcs1_sha512))
+ goto end;
+
+ if (!TEST_int_gt(SSL_CTX_set1_client_sigalgs_list(ctx,
+ "RSA+SHA256:?nonexistent:?RSA+SHA512"),
+ 0))
+ goto end;
+ if (!TEST_size_t_eq(ctx->cert->client_sigalgslen, 2)
+ || !TEST_int_eq(ctx->cert->client_sigalgs[0], TLSEXT_SIGALG_rsa_pkcs1_sha256)
+ || !TEST_int_eq(ctx->cert->client_sigalgs[1], TLSEXT_SIGALG_rsa_pkcs1_sha512))
+ goto end;
+
+ if (!TEST_int_le(SSL_CTX_set1_groups_list(ctx,
+ "nonexistent"),
+ 0))
+ goto end;
+
+ if (!TEST_int_le(SSL_CTX_set1_groups_list(ctx,
+ "?nonexistent1:?nonexistent2:?nonexistent3"),
+ 0))
+ goto end;
+
+#ifndef OPENSSL_NO_EC
+ if (!TEST_int_le(SSL_CTX_set1_groups_list(ctx,
+ "P-256:nonexistent"),
+ 0))
+ goto end;
+
+ if (!TEST_int_gt(SSL_CTX_set1_groups_list(ctx,
+ "P-384:?nonexistent:?P-521"),
+ 0))
+ goto end;
+ if (!TEST_size_t_eq(ctx->ext.supportedgroups_len, 2)
+ || !TEST_int_eq(ctx->ext.supportedgroups[0], OSSL_TLS_GROUP_ID_secp384r1)
+ || !TEST_int_eq(ctx->ext.supportedgroups[1], OSSL_TLS_GROUP_ID_secp521r1))
+ goto end;
+#endif
+
+ ret = 1;
+ end:
+ SSL_CTX_free(ctx);
+ return ret;
+}
+
#if !defined(OPENSSL_NO_EC) \
&& (!defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2))
/*
ADD_ALL_TESTS(test_multiblock_write, OSSL_NELEM(multiblock_cipherlist_data));
#endif
ADD_ALL_TESTS(test_servername, 10);
+ ADD_TEST(test_unknown_sigalgs_groups);
#if !defined(OPENSSL_NO_EC) \
&& (!defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2))
ADD_ALL_TESTS(test_sigalgs_available, 6);