gost: remove the internal GOST test.

The external GOST test is sufficient according @beldmit. This avoids having to manually update and build the GOST engine when something changes. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15795)
2025-02-17 14:32:04 +08:00 · 2021-06-17 13:31:01 +10:00 · 2021-06-17 13:31:01 +10:00 · 98dc656e5f
commit 98dc656e5f
parent a515c8256e
4 changed files with 1 additions and 172 deletions
--- a/test/build.info
+++ b/test/build.info
@ -53,7 +53,7 @@ IF[{- !$disabled{tests} -}]
          recordlentest drbgtest rand_status_test sslbuffertest \
          time_offset_test pemtest ssl_cert_table_internal_test ciphername_test \
          http_test servername_test ocspapitest fatalerrtest tls13ccstest \
-          sysdefaulttest errtest ssl_ctx_test gosttest \
+          sysdefaulttest errtest ssl_ctx_test \
          context_internal_test aesgcmtest params_test evp_pkey_dparams_test \
          keymgmt_internal_test hexstr_test provider_status_test defltfips_test \
          bio_readbuffer_test user_property_test pkcs7_test upcallstest \
@ -784,10 +784,6 @@ IF[{- !$disabled{tests} -}]
  INCLUDE[errtest]=../include ../apps/include
  DEPEND[errtest]=../libcrypto libtestutil.a

-  SOURCE[gosttest]=gosttest.c helpers/ssltestlib.c
-  INCLUDE[gosttest]=../include ../apps/include ..
-  DEPEND[gosttest]=../libcrypto ../libssl libtestutil.a
-
  SOURCE[aesgcmtest]=aesgcmtest.c
  INCLUDE[aesgcmtest]=../include ../apps/include ..
  DEPEND[aesgcmtest]=../libcrypto libtestutil.a
--- a/test/gosttest.c
+++ b/test/gosttest.c
@ -1,106 +0,0 @@
-/*
- * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include "helpers/ssltestlib.h"
-#include "testutil.h"
-#include "internal/nelem.h"
-
-static char *cert1 = NULL;
-static char *privkey1 = NULL;
-static char *cert2 = NULL;
-static char *privkey2 = NULL;
-
-static struct {
-    char *cipher;
-    int expected_prot;
-    int certnum;
-} ciphers[] = {
-    /* Server doesn't have a cert with appropriate sig algs - should fail */
-    {"AES128-SHA", 0, 0},
-    /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
-    {"GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 0},
-    /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
-    {"GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 1},
-    /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
-    {"IANA-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 0},
-    /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
-    {"IANA-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 1},
-    /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
-    {"LEGACY-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 0},
-    /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
-    {"LEGACY-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 1},
-    /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
-    {"GOST2001-GOST89-GOST89", TLS1_2_VERSION, 0},
-};
-
-/* Test that we never negotiate TLSv1.3 if using GOST */
-static int test_tls13(int idx)
-{
-    SSL_CTX *cctx = NULL, *sctx = NULL;
-    SSL *clientssl = NULL, *serverssl = NULL;
-    int testresult = 0;
-
-    if (!TEST_true(create_ssl_ctx_pair(NULL, TLS_server_method(),
-                                       TLS_client_method(),
-                                       TLS1_VERSION,
-                                       0,
-                                       &sctx, &cctx,
-                                       ciphers[idx].certnum == 0 ? cert1
-                                                                 : cert2,
-                                       ciphers[idx].certnum == 0 ? privkey1
-                                                                 : privkey2)))
-        goto end;
-
-    if (!TEST_true(SSL_CTX_set_cipher_list(cctx, ciphers[idx].cipher))
-            || !TEST_true(SSL_CTX_set_cipher_list(sctx, ciphers[idx].cipher))
-            || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
-                                             NULL, NULL)))
-        goto end;
-
-    if (ciphers[idx].expected_prot == 0) {
-        if (!TEST_false(create_ssl_connection(serverssl, clientssl,
-                                              SSL_ERROR_NONE)))
-            goto end;
-    } else {
-        if (!TEST_true(create_ssl_connection(serverssl, clientssl,
-                                             SSL_ERROR_NONE))
-                || !TEST_int_eq(SSL_version(clientssl),
-                                ciphers[idx].expected_prot))
-        goto end;
-    }
-
-    testresult = 1;
-
- end:
-    SSL_free(serverssl);
-    SSL_free(clientssl);
-    SSL_CTX_free(sctx);
-    SSL_CTX_free(cctx);
-
-    return testresult;
-}
-
-OPT_TEST_DECLARE_USAGE("certfile1 privkeyfile1 certfile2 privkeyfile2\n")
-
-int setup_tests(void)
-{
-    if (!test_skip_common_options()) {
-        TEST_error("Error parsing test options\n");
-        return 0;
-    }
-
-    if (!TEST_ptr(cert1 = test_get_argument(0))
-            || !TEST_ptr(privkey1 = test_get_argument(1))
-            || !TEST_ptr(cert2 = test_get_argument(2))
-            || !TEST_ptr(privkey2 = test_get_argument(3)))
-        return 0;
-
-    ADD_ALL_TESTS(test_tls13, OSSL_NELEM(ciphers));
-    return 1;
-}
--- a/test/recipes/90-test_gost.t
+++ b/test/recipes/90-test_gost.t
@ -1,48 +0,0 @@
-#! /usr/bin/env perl
-# Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-use OpenSSL::Test::Utils;
-use OpenSSL::Test qw/:DEFAULT srctop_file/;
-
-setup("test_gost");
-
-# The GOST ciphers are dynamically loaded via the GOST engine, so we must be
-# able to support that. The engine also uses DSA, CMS and CMAC symbols, so we
-# skip this test on no-dsa, no-cms or no-cmac.
-plan skip_all => "GOST support is disabled in this OpenSSL build"
-    if disabled("gost") || disabled("engine") || disabled("dynamic-engine")
-       || disabled("dsa") || disabled("cms") || disabled("cmac");
-
-plan skip_all => "TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build"
-    if disabled("tls1_3") || disabled("tls1_2");
-
-plan skip_all => "EC is disabled in this OpenSSL build"
-    if disabled("ec");
-
-#Gost engine uses some deprecated functions
-plan skip_all => "Deprecated functions are disabled in this OpenSSL build"
-    if disabled("deprecated");
-
-plan skip_all => "No test GOST engine found"
-    if !$ENV{OPENSSL_GOST_ENGINE_SO};
-
-plan tests => 1;
-
-$ENV{OPENSSL_CONF} = srctop_file("test", "recipes", "90-test_gost_data",
-                                 "gost.cnf");
-
-ok(run(test(["gosttest",
-             srctop_file("test", "recipes", "90-test_gost_data",
-                         "server-cert2001.pem"),
-             srctop_file("test", "recipes", "90-test_gost_data",
-                         "server-key2001.pem"),
-             srctop_file("test", "recipes", "90-test_gost_data",
-                         "server-cert2012.pem"),
-             srctop_file("test", "recipes", "90-test_gost_data",
-                         "server-key2012.pem")])),
-             "running gosttest");
--- a/test/recipes/90-test_gost_data/gost.cnf
+++ b/test/recipes/90-test_gost_data/gost.cnf
@ -1,13 +0,0 @@
-openssl_conf = openssl_def
-[openssl_def]
-engines = engine_section
-
-[engine_section]
-gost = gost_section
-
-[gost_section]
-engine_id = gost
-dynamic_path = $ENV::OPENSSL_GOST_ENGINE_SO
-default_algorithms = ALL
-CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
-