Add a GOST test (1e839545) · Commits · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

test/build.info

+5 −1

Original line number	Diff line number	Diff line
		@@ -50,7 +50,7 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
		recordlentest drbgtest drbg_cavs_test sslbuffertest \
		time_offset_test pemtest ssl_cert_table_internal_test ciphername_test \
		servername_test ocspapitest rsa_mp_test fatalerrtest tls13ccstest \
		sysdefaulttest errtest
		sysdefaulttest errtest gosttest

		SOURCE[versions]=versions.c
		INCLUDE[versions]=../include
		@@ -537,6 +537,10 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
		SOURCE[errtest]=errtest.c
		INCLUDE[errtest]=../include
		DEPEND[errtest]=../libcrypto libtestutil.a

		SOURCE[gosttest]=gosttest.c ssltestlib.c
		INCLUDE[gosttest]=../include ..
		DEPEND[gosttest]=../libcrypto ../libssl libtestutil.a
		ENDIF

		{-

test/gosttest.c

0 → 100644

+91 −0

Original line number	Diff line number	Diff line
		/*
		* Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
		*
		* Licensed under the OpenSSL license (the "License"). You may not use
		* this file except in compliance with the License. You can obtain a copy
		* in the file LICENSE in the source distribution or at
		* https://www.openssl.org/source/license.html
		*/

		#include "ssltestlib.h"
		#include "testutil.h"
		#include "internal/nelem.h"

		static char *cert1 = NULL;
		static char *privkey1 = NULL;
		static char *cert2 = NULL;
		static char *privkey2 = NULL;

		static struct {
		char *cipher;
		int expected_prot;
		int certnum;
		} ciphers[] = {
		/* Server doesn't have a cert with appropriate sig algs - should fail */
		{"AES128-SHA", 0, 0},
		/* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
		{"GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 0},
		/* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
		{"GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 1},
		/* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
		{"GOST2001-GOST89-GOST89", TLS1_2_VERSION, 0},
		};

		/* Test that we never negotiate TLSv1.3 if using GOST */
		static int test_tls13(int idx)
		{
		SSL_CTX cctx = NULL, sctx = NULL;
		SSL clientssl = NULL, serverssl = NULL;
		int testresult = 0;

		if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
		TLS_client_method(),
		TLS1_VERSION,
		TLS_MAX_VERSION,
		&sctx, &cctx,
		ciphers[idx].certnum == 0 ? cert1
		: cert2,
		ciphers[idx].certnum == 0 ? privkey1
		: privkey2)))
		goto end;

		if (!TEST_true(SSL_CTX_set_cipher_list(cctx, ciphers[idx].cipher))
		\|\| !TEST_true(SSL_CTX_set_cipher_list(sctx, ciphers[idx].cipher))
		\|\| !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
		NULL, NULL)))
		goto end;

		if (ciphers[idx].expected_prot == 0) {
		if (!TEST_false(create_ssl_connection(serverssl, clientssl,
		SSL_ERROR_NONE)))
		goto end;
		} else {
		if (!TEST_true(create_ssl_connection(serverssl, clientssl,
		SSL_ERROR_NONE))
		\|\| !TEST_int_eq(SSL_version(clientssl),
		ciphers[idx].expected_prot))
		goto end;
		}

		testresult = 1;

		end:
		SSL_free(serverssl);
		SSL_free(clientssl);
		SSL_CTX_free(sctx);
		SSL_CTX_free(cctx);

		return testresult;
		}

		int setup_tests(void)
		{
		if (!TEST_ptr(cert1 = test_get_argument(0))
		\|\| !TEST_ptr(privkey1 = test_get_argument(1))
		\|\| !TEST_ptr(cert2 = test_get_argument(2))
		\|\| !TEST_ptr(privkey2 = test_get_argument(3)))
		return 0;

		ADD_ALL_TESTS(test_tls13, OSSL_NELEM(ciphers));
		return 1;
		}

test/recipes/90-test_gost.t

0 → 100644

+37 −0

Original line number	Diff line number	Diff line
		#! /usr/bin/env perl
		# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
		#
		# Licensed under the OpenSSL license (the "License"). You may not use
		# this file except in compliance with the License. You can obtain a copy
		# in the file LICENSE in the source distribution or at
		# https://www.openssl.org/source/license.html

		use OpenSSL::Test::Utils;
		use OpenSSL::Test qw/:DEFAULT srctop_file/;

		setup("test_gost");

		plan skip_all => "GOST support is disabled in this OpenSSL build"
		if disabled("gost");

		plan skip_all => "TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build"
		if disabled("tls1_3") \|\| disabled("tls1_2");

		plan skip_all => "No test GOST engine found"
		if !$ENV{OPENSSL_GOST_ENGINE_SO};

		plan tests => 1;

		$ENV{OPENSSL_CONF} = srctop_file("test", "recipes", "90-test_gost_data",
		"gost.conf");

		ok(run(test(["gosttest",
		srctop_file("test", "recipes", "90-test_gost_data",
		"server-cert2001.pem"),
		srctop_file("test", "recipes", "90-test_gost_data",
		"server-key2001.pem"),
		srctop_file("test", "recipes", "90-test_gost_data",
		"server-cert2012.pem"),
		srctop_file("test", "recipes", "90-test_gost_data",
		"server-key2012.pem")])),
		"running gosttest");

test/recipes/90-test_gost_data/gost.conf

0 → 100644

+13 −0

Original line number	Diff line number	Diff line
		openssl_conf = openssl_def
		[openssl_def]
		engines = engine_section

		[engine_section]
		gost = gost_section

		[gost_section]
		engine_id = gost
		dynamic_path = $ENV::OPENSSL_GOST_ENGINE_SO
		default_algorithms = ALL
		CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet

test/recipes/90-test_gost_data/server-cert2001.pem

0 → 100644

+13 −0

Original line number	Diff line number	Diff line
		-----BEGIN CERTIFICATE-----
		MIIB4jCCAY+gAwIBAgIUNKO10+LkPoYGkOqNJ2wv1YI8RpQwCgYGKoUDAgIDBQAw
		RTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGElu
		dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0xODA3MTMxNTAzMDFaFw0yODA3MTAx
		NTAzMDFaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYD
		VQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwYzAcBgYqhQMCAhMwEgYHKoUD
		AgIjAQYHKoUDAgIeAQNDAARAyDUhXsZP1JSLkvZ3xaU4aHXxAGKDwpawJ89+3B+N
		lD7FS48QUIeoQrv9hn1B/kVuVxJwU4CeZRQohLvc5IkzJ6NTMFEwHQYDVR0OBBYE
		FEz6BbScOOWYqklNGMTbyikZG/cRMB8GA1UdIwQYMBaAFEz6BbScOOWYqklNGMTb
		yikZG/cRMA8GA1UdEwEB/wQFMAMBAf8wCgYGKoUDAgIDBQADQQAbkdWo441FqSbB
		13JTW498NOzHZn69wnjYsOmMHLCdEHBTHVCa/g1wHPc4CyYk4UfMRWz5awzb6zNB
		TncjMl2a
		-----END CERTIFICATE-----