From 98dc656e5f491cc29a61892d152c9779527da6f8 Mon Sep 17 00:00:00 2001 From: Pauli Date: Thu, 17 Jun 2021 13:31:01 +1000 Subject: gost: remove the internal GOST test. The external GOST test is sufficient according @beldmit. This avoids having to manually update and build the GOST engine when something changes. Reviewed-by: Tim Hudson Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/15795) --- test/build.info | 6 +- test/gosttest.c | 106 -------------------------------- test/recipes/90-test_gost.t | 48 --------------- test/recipes/90-test_gost_data/gost.cnf | 13 ---- 4 files changed, 1 insertion(+), 172 deletions(-) delete mode 100644 test/gosttest.c delete mode 100644 test/recipes/90-test_gost.t delete mode 100644 test/recipes/90-test_gost_data/gost.cnf diff --git a/test/build.info b/test/build.info index 53d5b99b9d..f4acaa0e6a 100644 --- a/test/build.info +++ b/test/build.info @@ -53,7 +53,7 @@ IF[{- !$disabled{tests} -}] recordlentest drbgtest rand_status_test sslbuffertest \ time_offset_test pemtest ssl_cert_table_internal_test ciphername_test \ http_test servername_test ocspapitest fatalerrtest tls13ccstest \ - sysdefaulttest errtest ssl_ctx_test gosttest \ + sysdefaulttest errtest ssl_ctx_test \ context_internal_test aesgcmtest params_test evp_pkey_dparams_test \ keymgmt_internal_test hexstr_test provider_status_test defltfips_test \ bio_readbuffer_test user_property_test pkcs7_test upcallstest \ @@ -784,10 +784,6 @@ IF[{- !$disabled{tests} -}] INCLUDE[errtest]=../include ../apps/include DEPEND[errtest]=../libcrypto libtestutil.a - SOURCE[gosttest]=gosttest.c helpers/ssltestlib.c - INCLUDE[gosttest]=../include ../apps/include .. - DEPEND[gosttest]=../libcrypto ../libssl libtestutil.a - SOURCE[aesgcmtest]=aesgcmtest.c INCLUDE[aesgcmtest]=../include ../apps/include .. DEPEND[aesgcmtest]=../libcrypto libtestutil.a diff --git a/test/gosttest.c b/test/gosttest.c deleted file mode 100644 index 84c5e6c501..0000000000 --- a/test/gosttest.c +++ /dev/null @@ -1,106 +0,0 @@ -/* - * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "helpers/ssltestlib.h" -#include "testutil.h" -#include "internal/nelem.h" - -static char *cert1 = NULL; -static char *privkey1 = NULL; -static char *cert2 = NULL; -static char *privkey2 = NULL; - -static struct { - char *cipher; - int expected_prot; - int certnum; -} ciphers[] = { - /* Server doesn't have a cert with appropriate sig algs - should fail */ - {"AES128-SHA", 0, 0}, - /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */ - {"GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 0}, - /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */ - {"GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 1}, - /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */ - {"IANA-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 0}, - /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */ - {"IANA-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 1}, - /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */ - {"LEGACY-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 0}, - /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */ - {"LEGACY-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 1}, - /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */ - {"GOST2001-GOST89-GOST89", TLS1_2_VERSION, 0}, -}; - -/* Test that we never negotiate TLSv1.3 if using GOST */ -static int test_tls13(int idx) -{ - SSL_CTX *cctx = NULL, *sctx = NULL; - SSL *clientssl = NULL, *serverssl = NULL; - int testresult = 0; - - if (!TEST_true(create_ssl_ctx_pair(NULL, TLS_server_method(), - TLS_client_method(), - TLS1_VERSION, - 0, - &sctx, &cctx, - ciphers[idx].certnum == 0 ? cert1 - : cert2, - ciphers[idx].certnum == 0 ? privkey1 - : privkey2))) - goto end; - - if (!TEST_true(SSL_CTX_set_cipher_list(cctx, ciphers[idx].cipher)) - || !TEST_true(SSL_CTX_set_cipher_list(sctx, ciphers[idx].cipher)) - || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, - NULL, NULL))) - goto end; - - if (ciphers[idx].expected_prot == 0) { - if (!TEST_false(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE))) - goto end; - } else { - if (!TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE)) - || !TEST_int_eq(SSL_version(clientssl), - ciphers[idx].expected_prot)) - goto end; - } - - testresult = 1; - - end: - SSL_free(serverssl); - SSL_free(clientssl); - SSL_CTX_free(sctx); - SSL_CTX_free(cctx); - - return testresult; -} - -OPT_TEST_DECLARE_USAGE("certfile1 privkeyfile1 certfile2 privkeyfile2\n") - -int setup_tests(void) -{ - if (!test_skip_common_options()) { - TEST_error("Error parsing test options\n"); - return 0; - } - - if (!TEST_ptr(cert1 = test_get_argument(0)) - || !TEST_ptr(privkey1 = test_get_argument(1)) - || !TEST_ptr(cert2 = test_get_argument(2)) - || !TEST_ptr(privkey2 = test_get_argument(3))) - return 0; - - ADD_ALL_TESTS(test_tls13, OSSL_NELEM(ciphers)); - return 1; -} diff --git a/test/recipes/90-test_gost.t b/test/recipes/90-test_gost.t deleted file mode 100644 index 929bca2fd6..0000000000 --- a/test/recipes/90-test_gost.t +++ /dev/null @@ -1,48 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -use OpenSSL::Test::Utils; -use OpenSSL::Test qw/:DEFAULT srctop_file/; - -setup("test_gost"); - -# The GOST ciphers are dynamically loaded via the GOST engine, so we must be -# able to support that. The engine also uses DSA, CMS and CMAC symbols, so we -# skip this test on no-dsa, no-cms or no-cmac. -plan skip_all => "GOST support is disabled in this OpenSSL build" - if disabled("gost") || disabled("engine") || disabled("dynamic-engine") - || disabled("dsa") || disabled("cms") || disabled("cmac"); - -plan skip_all => "TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build" - if disabled("tls1_3") || disabled("tls1_2"); - -plan skip_all => "EC is disabled in this OpenSSL build" - if disabled("ec"); - -#Gost engine uses some deprecated functions -plan skip_all => "Deprecated functions are disabled in this OpenSSL build" - if disabled("deprecated"); - -plan skip_all => "No test GOST engine found" - if !$ENV{OPENSSL_GOST_ENGINE_SO}; - -plan tests => 1; - -$ENV{OPENSSL_CONF} = srctop_file("test", "recipes", "90-test_gost_data", - "gost.cnf"); - -ok(run(test(["gosttest", - srctop_file("test", "recipes", "90-test_gost_data", - "server-cert2001.pem"), - srctop_file("test", "recipes", "90-test_gost_data", - "server-key2001.pem"), - srctop_file("test", "recipes", "90-test_gost_data", - "server-cert2012.pem"), - srctop_file("test", "recipes", "90-test_gost_data", - "server-key2012.pem")])), - "running gosttest"); diff --git a/test/recipes/90-test_gost_data/gost.cnf b/test/recipes/90-test_gost_data/gost.cnf deleted file mode 100644 index 1f42b9d87f..0000000000 --- a/test/recipes/90-test_gost_data/gost.cnf +++ /dev/null @@ -1,13 +0,0 @@ -openssl_conf = openssl_def -[openssl_def] -engines = engine_section - -[engine_section] -gost = gost_section - -[gost_section] -engine_id = gost -dynamic_path = $ENV::OPENSSL_GOST_ENGINE_SO -default_algorithms = ALL -CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet - -- cgit v1.2.3