[openssl] master update

Matt Caswell matt at openssl.org
Thu Jun 17 07:26:39 UTC 2021


The branch master has been updated
       via  98dc656e5f491cc29a61892d152c9779527da6f8 (commit)
      from  a515c8256e22eb8427a43ea4f709794ce2c36414 (commit)


- Log -----------------------------------------------------------------
commit 98dc656e5f491cc29a61892d152c9779527da6f8
Author: Pauli <pauli at openssl.org>
Date:   Thu Jun 17 13:31:01 2021 +1000

    gost: remove the internal GOST test.
    
    The external GOST test is sufficient according @beldmit.  This avoids having
    to manually update and build the GOST engine when something changes.
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15795)

-----------------------------------------------------------------------

Summary of changes:
 test/build.info                         |   6 +-
 test/gosttest.c                         | 106 --------------------------------
 test/recipes/90-test_gost.t             |  48 ---------------
 test/recipes/90-test_gost_data/gost.cnf |  13 ----
 4 files changed, 1 insertion(+), 172 deletions(-)
 delete mode 100644 test/gosttest.c
 delete mode 100644 test/recipes/90-test_gost.t
 delete mode 100644 test/recipes/90-test_gost_data/gost.cnf

diff --git a/test/build.info b/test/build.info
index 53d5b99b9d..f4acaa0e6a 100644
--- a/test/build.info
+++ b/test/build.info
@@ -53,7 +53,7 @@ IF[{- !$disabled{tests} -}]
           recordlentest drbgtest rand_status_test sslbuffertest \
           time_offset_test pemtest ssl_cert_table_internal_test ciphername_test \
           http_test servername_test ocspapitest fatalerrtest tls13ccstest \
-          sysdefaulttest errtest ssl_ctx_test gosttest \
+          sysdefaulttest errtest ssl_ctx_test \
           context_internal_test aesgcmtest params_test evp_pkey_dparams_test \
           keymgmt_internal_test hexstr_test provider_status_test defltfips_test \
           bio_readbuffer_test user_property_test pkcs7_test upcallstest \
@@ -784,10 +784,6 @@ IF[{- !$disabled{tests} -}]
   INCLUDE[errtest]=../include ../apps/include
   DEPEND[errtest]=../libcrypto libtestutil.a
 
-  SOURCE[gosttest]=gosttest.c helpers/ssltestlib.c
-  INCLUDE[gosttest]=../include ../apps/include ..
-  DEPEND[gosttest]=../libcrypto ../libssl libtestutil.a
-
   SOURCE[aesgcmtest]=aesgcmtest.c
   INCLUDE[aesgcmtest]=../include ../apps/include ..
   DEPEND[aesgcmtest]=../libcrypto libtestutil.a
diff --git a/test/gosttest.c b/test/gosttest.c
deleted file mode 100644
index 84c5e6c501..0000000000
--- a/test/gosttest.c
+++ /dev/null
@@ -1,106 +0,0 @@
-/*
- * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include "helpers/ssltestlib.h"
-#include "testutil.h"
-#include "internal/nelem.h"
-
-static char *cert1 = NULL;
-static char *privkey1 = NULL;
-static char *cert2 = NULL;
-static char *privkey2 = NULL;
-
-static struct {
-    char *cipher;
-    int expected_prot;
-    int certnum;
-} ciphers[] = {
-    /* Server doesn't have a cert with appropriate sig algs - should fail */
-    {"AES128-SHA", 0, 0},
-    /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
-    {"GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 0},
-    /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
-    {"GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 1},
-    /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
-    {"IANA-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 0},
-    /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
-    {"IANA-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 1},
-    /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
-    {"LEGACY-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 0},
-    /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
-    {"LEGACY-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 1},
-    /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
-    {"GOST2001-GOST89-GOST89", TLS1_2_VERSION, 0},
-};
-
-/* Test that we never negotiate TLSv1.3 if using GOST */
-static int test_tls13(int idx)
-{
-    SSL_CTX *cctx = NULL, *sctx = NULL;
-    SSL *clientssl = NULL, *serverssl = NULL;
-    int testresult = 0;
-
-    if (!TEST_true(create_ssl_ctx_pair(NULL, TLS_server_method(),
-                                       TLS_client_method(),
-                                       TLS1_VERSION,
-                                       0,
-                                       &sctx, &cctx,
-                                       ciphers[idx].certnum == 0 ? cert1
-                                                                 : cert2,
-                                       ciphers[idx].certnum == 0 ? privkey1
-                                                                 : privkey2)))
-        goto end;
-
-    if (!TEST_true(SSL_CTX_set_cipher_list(cctx, ciphers[idx].cipher))
-            || !TEST_true(SSL_CTX_set_cipher_list(sctx, ciphers[idx].cipher))
-            || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
-                                             NULL, NULL)))
-        goto end;
-
-    if (ciphers[idx].expected_prot == 0) {
-        if (!TEST_false(create_ssl_connection(serverssl, clientssl,
-                                              SSL_ERROR_NONE)))
-            goto end;
-    } else {
-        if (!TEST_true(create_ssl_connection(serverssl, clientssl,
-                                             SSL_ERROR_NONE))
-                || !TEST_int_eq(SSL_version(clientssl),
-                                ciphers[idx].expected_prot))
-        goto end;
-    }
-
-    testresult = 1;
-
- end:
-    SSL_free(serverssl);
-    SSL_free(clientssl);
-    SSL_CTX_free(sctx);
-    SSL_CTX_free(cctx);
-
-    return testresult;
-}
-
-OPT_TEST_DECLARE_USAGE("certfile1 privkeyfile1 certfile2 privkeyfile2\n")
-
-int setup_tests(void)
-{
-    if (!test_skip_common_options()) {
-        TEST_error("Error parsing test options\n");
-        return 0;
-    }
-
-    if (!TEST_ptr(cert1 = test_get_argument(0))
-            || !TEST_ptr(privkey1 = test_get_argument(1))
-            || !TEST_ptr(cert2 = test_get_argument(2))
-            || !TEST_ptr(privkey2 = test_get_argument(3)))
-        return 0;
-
-    ADD_ALL_TESTS(test_tls13, OSSL_NELEM(ciphers));
-    return 1;
-}
diff --git a/test/recipes/90-test_gost.t b/test/recipes/90-test_gost.t
deleted file mode 100644
index 929bca2fd6..0000000000
--- a/test/recipes/90-test_gost.t
+++ /dev/null
@@ -1,48 +0,0 @@
-#! /usr/bin/env perl
-# Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-use OpenSSL::Test::Utils;
-use OpenSSL::Test qw/:DEFAULT srctop_file/;
-
-setup("test_gost");
-
-# The GOST ciphers are dynamically loaded via the GOST engine, so we must be
-# able to support that. The engine also uses DSA, CMS and CMAC symbols, so we
-# skip this test on no-dsa, no-cms or no-cmac.
-plan skip_all => "GOST support is disabled in this OpenSSL build"
-    if disabled("gost") || disabled("engine") || disabled("dynamic-engine")
-       || disabled("dsa") || disabled("cms") || disabled("cmac");
-
-plan skip_all => "TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build"
-    if disabled("tls1_3") || disabled("tls1_2");
-
-plan skip_all => "EC is disabled in this OpenSSL build"
-    if disabled("ec");
-
-#Gost engine uses some deprecated functions
-plan skip_all => "Deprecated functions are disabled in this OpenSSL build"
-    if disabled("deprecated");
-
-plan skip_all => "No test GOST engine found"
-    if !$ENV{OPENSSL_GOST_ENGINE_SO};
-
-plan tests => 1;
-
-$ENV{OPENSSL_CONF} = srctop_file("test", "recipes", "90-test_gost_data",
-                                 "gost.cnf");
-
-ok(run(test(["gosttest",
-             srctop_file("test", "recipes", "90-test_gost_data",
-                         "server-cert2001.pem"),
-             srctop_file("test", "recipes", "90-test_gost_data",
-                         "server-key2001.pem"),
-             srctop_file("test", "recipes", "90-test_gost_data",
-                         "server-cert2012.pem"),
-             srctop_file("test", "recipes", "90-test_gost_data",
-                         "server-key2012.pem")])),
-             "running gosttest");
diff --git a/test/recipes/90-test_gost_data/gost.cnf b/test/recipes/90-test_gost_data/gost.cnf
deleted file mode 100644
index 1f42b9d87f..0000000000
--- a/test/recipes/90-test_gost_data/gost.cnf
+++ /dev/null
@@ -1,13 +0,0 @@
-openssl_conf = openssl_def
-[openssl_def]
-engines = engine_section
-
-[engine_section]
-gost = gost_section
-
-[gost_section]
-engine_id = gost
-dynamic_path = $ENV::OPENSSL_GOST_ENGINE_SO
-default_algorithms = ALL
-CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
-


More information about the openssl-commits mailing list