openssl/test/gosttest.c
Matt Caswell 8d242823ed Fix common test framework options
PR#6975 added the ability to our test framework to have common options to
all tests. For example providing the option "-test 5" to one of our test
programs will just run test number 5. This can be useful when debugging
tests.

Unforuntately this does not work well for a number of tests. In particular
those tests that call test_get_argument() without first skipping over these
common test options will not get the expected value. Some tests did this
correctly but a large number did not.

A helper function is introduced, test_skip_common_options(), to make this
easier for those tests which do not have their own specialised test option
handling, but yet still need to call test_get_argument(). This function
call is then added to all those tests that need it.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10975)
2020-02-03 11:41:56 +00:00

99 lines
3.3 KiB
C

/*
* Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "ssltestlib.h"
#include "testutil.h"
#include "internal/nelem.h"
static char *cert1 = NULL;
static char *privkey1 = NULL;
static char *cert2 = NULL;
static char *privkey2 = NULL;
static struct {
char *cipher;
int expected_prot;
int certnum;
} ciphers[] = {
/* Server doesn't have a cert with appropriate sig algs - should fail */
{"AES128-SHA", 0, 0},
/* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
{"GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 0},
/* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
{"GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 1},
/* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
{"GOST2001-GOST89-GOST89", TLS1_2_VERSION, 0},
};
/* Test that we never negotiate TLSv1.3 if using GOST */
static int test_tls13(int idx)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
TLS_client_method(),
TLS1_VERSION,
0,
&sctx, &cctx,
ciphers[idx].certnum == 0 ? cert1
: cert2,
ciphers[idx].certnum == 0 ? privkey1
: privkey2)))
goto end;
if (!TEST_true(SSL_CTX_set_cipher_list(cctx, ciphers[idx].cipher))
|| !TEST_true(SSL_CTX_set_cipher_list(sctx, ciphers[idx].cipher))
|| !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL)))
goto end;
if (ciphers[idx].expected_prot == 0) {
if (!TEST_false(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE)))
goto end;
} else {
if (!TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE))
|| !TEST_int_eq(SSL_version(clientssl),
ciphers[idx].expected_prot))
goto end;
}
testresult = 1;
end:
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
OPT_TEST_DECLARE_USAGE("certfile1 privkeyfile1 certfile2 privkeyfile2\n")
int setup_tests(void)
{
if (!test_skip_common_options()) {
TEST_error("Error parsing test options\n");
return 0;
}
if (!TEST_ptr(cert1 = test_get_argument(0))
|| !TEST_ptr(privkey1 = test_get_argument(1))
|| !TEST_ptr(cert2 = test_get_argument(2))
|| !TEST_ptr(privkey2 = test_get_argument(3)))
return 0;
ADD_ALL_TESTS(test_tls13, OSSL_NELEM(ciphers));
return 1;
}