diff options
| author | Matt Caswell <matt@openssl.org> | 2023-01-26 18:23:32 +0000 |
|---|---|---|
| committer | Pauli <pauli@openssl.org> | 2023-02-23 18:31:44 +1100 |
| commit | 0c9646ec373e7f3f9b07f218a348ecb82219eaa7 (patch) | |
| tree | 8f08d21caba9a2c6a382b92e8e5787cee5ca50a9 /test | |
| parent | d518854cef2acc8bdc510746898f153ad628d4dc (diff) | |
Test that QUIC has the ciphersuites that we expect
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20148)
Diffstat (limited to 'test')
| -rw-r--r-- | test/quicapitest.c | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/test/quicapitest.c b/test/quicapitest.c index ce1ee1490c..a550f636f1 100644 --- a/test/quicapitest.c +++ b/test/quicapitest.c @@ -76,6 +76,55 @@ static int test_quic_write_read(void) } #endif +/* Test that a vanilla QUIC SSL object has the expected ciphersuites available */ +static int test_ciphersuites(void) +{ + SSL_CTX *ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); + SSL *ssl; + int testresult = 0; + const STACK_OF(SSL_CIPHER) *ciphers = NULL; + const SSL_CIPHER *cipher; + /* We expect this exact list of ciphersuites by default */ + int cipherids[] = { + TLS1_3_CK_AES_256_GCM_SHA384, +#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) + TLS1_3_CK_CHACHA20_POLY1305_SHA256, +#endif + TLS1_3_CK_AES_128_GCM_SHA256 + }; + size_t i, j; + + if (!TEST_ptr(ctx)) + return 0; + + ssl = SSL_new(ctx); + if (!TEST_ptr(ssl)) + goto err; + + ciphers = SSL_get_ciphers(ssl); + + for (i = 0, j = 0; i < OSSL_NELEM(cipherids); i++) { + if (cipherids[i] == TLS1_3_CK_CHACHA20_POLY1305_SHA256 && is_fips) + continue; + cipher = sk_SSL_CIPHER_value(ciphers, j++); + if (!TEST_ptr(cipher)) + goto err; + if (!TEST_uint_eq(SSL_CIPHER_get_id(cipher), cipherids[i])) + goto err; + } + + /* We should have checked all the ciphers in the stack */ + if (!TEST_int_eq(sk_SSL_CIPHER_num(ciphers), j)) + goto err; + + testresult = 1; + err: + SSL_free(ssl); + SSL_CTX_free(ctx); + + return testresult; +} + OPT_TEST_DECLARE_USAGE("provider config\n") int setup_tests(void) @@ -125,6 +174,8 @@ int setup_tests(void) #if 0 ADD_TEST(test_quic_write_read); #endif + ADD_TEST(test_ciphersuites); + return 1; } |