Home | History | Annotate | Line # | Download | only in test 
      1 /*
      2  * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
      3  *
      4  * Licensed under the OpenSSL license (the "License").  You may not use
      5  * this file except in compliance with the License.  You can obtain a copy
      6  * in the file LICENSE in the source distribution or at
      7  * https://www.openssl.org/source/license.html
      8  */
      9 
     10 #include "ssltestlib.h"
     11 #include "testutil.h"
     12 #include "internal/nelem.h"
     13 
     14 static char *cert1 = NULL;
     15 static char *privkey1 = NULL;
     16 static char *cert2 = NULL;
     17 static char *privkey2 = NULL;
     18 
     19 static struct {
     20     char *cipher;
     21     int expected_prot;
     22     int certnum;
     23 } ciphers[] = {
     24     /* Server doesn't have a cert with appropriate sig algs - should fail */
     25     {"AES128-SHA", 0, 0},
     26     /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
     27     {"GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 0},
     28     /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
     29     {"GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 1},
     30     /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
     31     {"GOST2001-GOST89-GOST89", TLS1_2_VERSION, 0},
     32 };
     33 
     34 /* Test that we never negotiate TLSv1.3 if using GOST */
     35 static int test_tls13(int idx)
     36 {
     37     SSL_CTX *cctx = NULL, *sctx = NULL;
     38     SSL *clientssl = NULL, *serverssl = NULL;
     39     int testresult = 0;
     40 
     41     if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
     42                                        TLS_client_method(),
     43                                        TLS1_VERSION,
     44                                        TLS_MAX_VERSION,
     45                                        &sctx, &cctx,
     46                                        ciphers[idx].certnum == 0 ? cert1
     47                                                                  : cert2,
     48                                        ciphers[idx].certnum == 0 ? privkey1
     49                                                                  : privkey2)))
     50         goto end;
     51 
     52     if (!TEST_true(SSL_CTX_set_cipher_list(cctx, ciphers[idx].cipher))
     53             || !TEST_true(SSL_CTX_set_cipher_list(sctx, ciphers[idx].cipher))
     54             || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
     55                                              NULL, NULL)))
     56         goto end;
     57 
     58     if (ciphers[idx].expected_prot == 0) {
     59         if (!TEST_false(create_ssl_connection(serverssl, clientssl,
     60                                               SSL_ERROR_NONE)))
     61             goto end;
     62     } else {
     63         if (!TEST_true(create_ssl_connection(serverssl, clientssl,
     64                                              SSL_ERROR_NONE))
     65                 || !TEST_int_eq(SSL_version(clientssl),
     66                                 ciphers[idx].expected_prot))
     67         goto end;
     68     }
     69 
     70     testresult = 1;
     71 
     72  end:
     73     SSL_free(serverssl);
     74     SSL_free(clientssl);
     75     SSL_CTX_free(sctx);
     76     SSL_CTX_free(cctx);
     77 
     78     return testresult;
     79 }
     80 
     81 int setup_tests(void)
     82 {
     83     if (!TEST_ptr(cert1 = test_get_argument(0))
     84             || !TEST_ptr(privkey1 = test_get_argument(1))
     85             || !TEST_ptr(cert2 = test_get_argument(2))
     86             || !TEST_ptr(privkey2 = test_get_argument(3)))
     87         return 0;
     88 
     89     ADD_ALL_TESTS(test_tls13, OSSL_NELEM(ciphers));
     90     return 1;
     91 }
     92