diff options
Diffstat (limited to 'test/gosttest.c')
-rw-r--r-- | test/gosttest.c | 106 |
1 files changed, 0 insertions, 106 deletions
diff --git a/test/gosttest.c b/test/gosttest.c deleted file mode 100644 index 84c5e6c501..0000000000 --- a/test/gosttest.c +++ /dev/null @@ -1,106 +0,0 @@ -/* - * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "helpers/ssltestlib.h" -#include "testutil.h" -#include "internal/nelem.h" - -static char *cert1 = NULL; -static char *privkey1 = NULL; -static char *cert2 = NULL; -static char *privkey2 = NULL; - -static struct { - char *cipher; - int expected_prot; - int certnum; -} ciphers[] = { - /* Server doesn't have a cert with appropriate sig algs - should fail */ - {"AES128-SHA", 0, 0}, - /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */ - {"GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 0}, - /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */ - {"GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 1}, - /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */ - {"IANA-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 0}, - /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */ - {"IANA-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 1}, - /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */ - {"LEGACY-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 0}, - /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */ - {"LEGACY-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 1}, - /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */ - {"GOST2001-GOST89-GOST89", TLS1_2_VERSION, 0}, -}; - -/* Test that we never negotiate TLSv1.3 if using GOST */ -static int test_tls13(int idx) -{ - SSL_CTX *cctx = NULL, *sctx = NULL; - SSL *clientssl = NULL, *serverssl = NULL; - int testresult = 0; - - if (!TEST_true(create_ssl_ctx_pair(NULL, TLS_server_method(), - TLS_client_method(), - TLS1_VERSION, - 0, - &sctx, &cctx, - ciphers[idx].certnum == 0 ? cert1 - : cert2, - ciphers[idx].certnum == 0 ? privkey1 - : privkey2))) - goto end; - - if (!TEST_true(SSL_CTX_set_cipher_list(cctx, ciphers[idx].cipher)) - || !TEST_true(SSL_CTX_set_cipher_list(sctx, ciphers[idx].cipher)) - || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL))) - goto end; - - if (ciphers[idx].expected_prot == 0) { - if (!TEST_false(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE))) - goto end; - } else { - if (!TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE)) - || !TEST_int_eq(SSL_version(clientssl), - ciphers[idx].expected_prot)) - goto end; - } - - testresult = 1; - - end: - SSL_free(serverssl); - SSL_free(clientssl); - SSL_CTX_free(sctx); - SSL_CTX_free(cctx); - - return testresult; -} - -OPT_TEST_DECLARE_USAGE("certfile1 privkeyfile1 certfile2 privkeyfile2\n") - -int setup_tests(void) -{ - if (!test_skip_common_options()) { - TEST_error("Error parsing test options\n"); - return 0; - } - - if (!TEST_ptr(cert1 = test_get_argument(0)) - || !TEST_ptr(privkey1 = test_get_argument(1)) - || !TEST_ptr(cert2 = test_get_argument(2)) - || !TEST_ptr(privkey2 = test_get_argument(3))) - return 0; - - ADD_ALL_TESTS(test_tls13, OSSL_NELEM(ciphers)); - return 1; -} |