diff options
author | Tomas Mraz <tomas@openssl.org> | 2023-12-14 17:47:43 +0100 |
---|---|---|
committer | Dmitry Belyavskiy <beldmit@gmail.com> | 2024-03-06 10:42:05 +0100 |
commit | 2b4cea1edfc0db486b3824ffbf3e520752ce05d1 (patch) | |
tree | ecfb17aa35a21348e19f79d5cb4794b0c7775551 /test | |
parent | 10f65f7282d07c308cba5e26488bc504f56abc8a (diff) |
Add test for ignoring unknown sigalgs and groups marked with ?
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23050)
Diffstat (limited to 'test')
-rw-r--r-- | test/sslapitest.c | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/test/sslapitest.c b/test/sslapitest.c index 3b0b21aa56..8515ff7cda 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -39,6 +39,7 @@ #include "testutil.h" #include "testutil/output.h" #include "internal/nelem.h" +#include "internal/tlsgroups.h" #include "internal/ktls.h" #include "../ssl/ssl_local.h" #include "../ssl/record/methods/recmethod_local.h" @@ -3147,6 +3148,7 @@ static const sigalgs_list testsigalgs[] = { {validlist3, OSSL_NELEM(validlist3), NULL, 1, 0}, # endif {NULL, 0, "RSA+SHA256", 1, 1}, + {NULL, 0, "RSA+SHA256:?Invalid", 1, 1}, # ifndef OPENSSL_NO_EC {NULL, 0, "RSA+SHA256:ECDSA+SHA512", 1, 1}, {NULL, 0, "ECDSA+SHA512", 1, 0}, @@ -9486,6 +9488,64 @@ static int test_servername(int tst) return testresult; } +static int test_unknown_sigalgs_groups(void) +{ + int ret = 0; + SSL_CTX *ctx = NULL; + + if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method()))) + goto end; + + if (!TEST_int_gt(SSL_CTX_set1_sigalgs_list(ctx, + "RSA+SHA256:?nonexistent:?RSA+SHA512"), + 0)) + goto end; + if (!TEST_size_t_eq(ctx->cert->conf_sigalgslen, 2) + || !TEST_int_eq(ctx->cert->conf_sigalgs[0], TLSEXT_SIGALG_rsa_pkcs1_sha256) + || !TEST_int_eq(ctx->cert->conf_sigalgs[1], TLSEXT_SIGALG_rsa_pkcs1_sha512)) + goto end; + + if (!TEST_int_gt(SSL_CTX_set1_client_sigalgs_list(ctx, + "RSA+SHA256:?nonexistent:?RSA+SHA512"), + 0)) + goto end; + if (!TEST_size_t_eq(ctx->cert->client_sigalgslen, 2) + || !TEST_int_eq(ctx->cert->client_sigalgs[0], TLSEXT_SIGALG_rsa_pkcs1_sha256) + || !TEST_int_eq(ctx->cert->client_sigalgs[1], TLSEXT_SIGALG_rsa_pkcs1_sha512)) + goto end; + + if (!TEST_int_le(SSL_CTX_set1_groups_list(ctx, + "nonexistent"), + 0)) + goto end; + + if (!TEST_int_le(SSL_CTX_set1_groups_list(ctx, + "?nonexistent1:?nonexistent2:?nonexistent3"), + 0)) + goto end; + +#ifndef OPENSSL_NO_EC + if (!TEST_int_le(SSL_CTX_set1_groups_list(ctx, + "P-256:nonexistent"), + 0)) + goto end; + + if (!TEST_int_gt(SSL_CTX_set1_groups_list(ctx, + "P-384:?nonexistent:?P-521"), + 0)) + goto end; + if (!TEST_size_t_eq(ctx->ext.supportedgroups_len, 2) + || !TEST_int_eq(ctx->ext.supportedgroups[0], OSSL_TLS_GROUP_ID_secp384r1) + || !TEST_int_eq(ctx->ext.supportedgroups[1], OSSL_TLS_GROUP_ID_secp521r1)) + goto end; +#endif + + ret = 1; + end: + SSL_CTX_free(ctx); + return ret; +} + #if !defined(OPENSSL_NO_EC) \ && (!defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2)) /* @@ -11725,6 +11785,7 @@ int setup_tests(void) ADD_ALL_TESTS(test_multiblock_write, OSSL_NELEM(multiblock_cipherlist_data)); #endif ADD_ALL_TESTS(test_servername, 10); + ADD_TEST(test_unknown_sigalgs_groups); #if !defined(OPENSSL_NO_EC) \ && (!defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2)) ADD_ALL_TESTS(test_sigalgs_available, 6); |