[openssl] master update
Matt Caswell
matt at openssl.org
Thu Jun 17 07:26:39 UTC 2021
The branch master has been updated
via 98dc656e5f491cc29a61892d152c9779527da6f8 (commit)
from a515c8256e22eb8427a43ea4f709794ce2c36414 (commit)
- Log -----------------------------------------------------------------
commit 98dc656e5f491cc29a61892d152c9779527da6f8
Author: Pauli <pauli at openssl.org>
Date: Thu Jun 17 13:31:01 2021 +1000
gost: remove the internal GOST test.
The external GOST test is sufficient according @beldmit. This avoids having
to manually update and build the GOST engine when something changes.
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15795)
-----------------------------------------------------------------------
Summary of changes:
test/build.info | 6 +-
test/gosttest.c | 106 --------------------------------
test/recipes/90-test_gost.t | 48 ---------------
test/recipes/90-test_gost_data/gost.cnf | 13 ----
4 files changed, 1 insertion(+), 172 deletions(-)
delete mode 100644 test/gosttest.c
delete mode 100644 test/recipes/90-test_gost.t
delete mode 100644 test/recipes/90-test_gost_data/gost.cnf
diff --git a/test/build.info b/test/build.info
index 53d5b99b9d..f4acaa0e6a 100644
--- a/test/build.info
+++ b/test/build.info
@@ -53,7 +53,7 @@ IF[{- !$disabled{tests} -}]
recordlentest drbgtest rand_status_test sslbuffertest \
time_offset_test pemtest ssl_cert_table_internal_test ciphername_test \
http_test servername_test ocspapitest fatalerrtest tls13ccstest \
- sysdefaulttest errtest ssl_ctx_test gosttest \
+ sysdefaulttest errtest ssl_ctx_test \
context_internal_test aesgcmtest params_test evp_pkey_dparams_test \
keymgmt_internal_test hexstr_test provider_status_test defltfips_test \
bio_readbuffer_test user_property_test pkcs7_test upcallstest \
@@ -784,10 +784,6 @@ IF[{- !$disabled{tests} -}]
INCLUDE[errtest]=../include ../apps/include
DEPEND[errtest]=../libcrypto libtestutil.a
- SOURCE[gosttest]=gosttest.c helpers/ssltestlib.c
- INCLUDE[gosttest]=../include ../apps/include ..
- DEPEND[gosttest]=../libcrypto ../libssl libtestutil.a
-
SOURCE[aesgcmtest]=aesgcmtest.c
INCLUDE[aesgcmtest]=../include ../apps/include ..
DEPEND[aesgcmtest]=../libcrypto libtestutil.a
diff --git a/test/gosttest.c b/test/gosttest.c
deleted file mode 100644
index 84c5e6c501..0000000000
--- a/test/gosttest.c
+++ /dev/null
@@ -1,106 +0,0 @@
-/*
- * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include "helpers/ssltestlib.h"
-#include "testutil.h"
-#include "internal/nelem.h"
-
-static char *cert1 = NULL;
-static char *privkey1 = NULL;
-static char *cert2 = NULL;
-static char *privkey2 = NULL;
-
-static struct {
- char *cipher;
- int expected_prot;
- int certnum;
-} ciphers[] = {
- /* Server doesn't have a cert with appropriate sig algs - should fail */
- {"AES128-SHA", 0, 0},
- /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
- {"GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 0},
- /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
- {"GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 1},
- /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
- {"IANA-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 0},
- /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
- {"IANA-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 1},
- /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
- {"LEGACY-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 0},
- /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
- {"LEGACY-GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 1},
- /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */
- {"GOST2001-GOST89-GOST89", TLS1_2_VERSION, 0},
-};
-
-/* Test that we never negotiate TLSv1.3 if using GOST */
-static int test_tls13(int idx)
-{
- SSL_CTX *cctx = NULL, *sctx = NULL;
- SSL *clientssl = NULL, *serverssl = NULL;
- int testresult = 0;
-
- if (!TEST_true(create_ssl_ctx_pair(NULL, TLS_server_method(),
- TLS_client_method(),
- TLS1_VERSION,
- 0,
- &sctx, &cctx,
- ciphers[idx].certnum == 0 ? cert1
- : cert2,
- ciphers[idx].certnum == 0 ? privkey1
- : privkey2)))
- goto end;
-
- if (!TEST_true(SSL_CTX_set_cipher_list(cctx, ciphers[idx].cipher))
- || !TEST_true(SSL_CTX_set_cipher_list(sctx, ciphers[idx].cipher))
- || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
- NULL, NULL)))
- goto end;
-
- if (ciphers[idx].expected_prot == 0) {
- if (!TEST_false(create_ssl_connection(serverssl, clientssl,
- SSL_ERROR_NONE)))
- goto end;
- } else {
- if (!TEST_true(create_ssl_connection(serverssl, clientssl,
- SSL_ERROR_NONE))
- || !TEST_int_eq(SSL_version(clientssl),
- ciphers[idx].expected_prot))
- goto end;
- }
-
- testresult = 1;
-
- end:
- SSL_free(serverssl);
- SSL_free(clientssl);
- SSL_CTX_free(sctx);
- SSL_CTX_free(cctx);
-
- return testresult;
-}
-
-OPT_TEST_DECLARE_USAGE("certfile1 privkeyfile1 certfile2 privkeyfile2\n")
-
-int setup_tests(void)
-{
- if (!test_skip_common_options()) {
- TEST_error("Error parsing test options\n");
- return 0;
- }
-
- if (!TEST_ptr(cert1 = test_get_argument(0))
- || !TEST_ptr(privkey1 = test_get_argument(1))
- || !TEST_ptr(cert2 = test_get_argument(2))
- || !TEST_ptr(privkey2 = test_get_argument(3)))
- return 0;
-
- ADD_ALL_TESTS(test_tls13, OSSL_NELEM(ciphers));
- return 1;
-}
diff --git a/test/recipes/90-test_gost.t b/test/recipes/90-test_gost.t
deleted file mode 100644
index 929bca2fd6..0000000000
--- a/test/recipes/90-test_gost.t
+++ /dev/null
@@ -1,48 +0,0 @@
-#! /usr/bin/env perl
-# Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License"). You may not use
-# this file except in compliance with the License. You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-use OpenSSL::Test::Utils;
-use OpenSSL::Test qw/:DEFAULT srctop_file/;
-
-setup("test_gost");
-
-# The GOST ciphers are dynamically loaded via the GOST engine, so we must be
-# able to support that. The engine also uses DSA, CMS and CMAC symbols, so we
-# skip this test on no-dsa, no-cms or no-cmac.
-plan skip_all => "GOST support is disabled in this OpenSSL build"
- if disabled("gost") || disabled("engine") || disabled("dynamic-engine")
- || disabled("dsa") || disabled("cms") || disabled("cmac");
-
-plan skip_all => "TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build"
- if disabled("tls1_3") || disabled("tls1_2");
-
-plan skip_all => "EC is disabled in this OpenSSL build"
- if disabled("ec");
-
-#Gost engine uses some deprecated functions
-plan skip_all => "Deprecated functions are disabled in this OpenSSL build"
- if disabled("deprecated");
-
-plan skip_all => "No test GOST engine found"
- if !$ENV{OPENSSL_GOST_ENGINE_SO};
-
-plan tests => 1;
-
-$ENV{OPENSSL_CONF} = srctop_file("test", "recipes", "90-test_gost_data",
- "gost.cnf");
-
-ok(run(test(["gosttest",
- srctop_file("test", "recipes", "90-test_gost_data",
- "server-cert2001.pem"),
- srctop_file("test", "recipes", "90-test_gost_data",
- "server-key2001.pem"),
- srctop_file("test", "recipes", "90-test_gost_data",
- "server-cert2012.pem"),
- srctop_file("test", "recipes", "90-test_gost_data",
- "server-key2012.pem")])),
- "running gosttest");
diff --git a/test/recipes/90-test_gost_data/gost.cnf b/test/recipes/90-test_gost_data/gost.cnf
deleted file mode 100644
index 1f42b9d87f..0000000000
--- a/test/recipes/90-test_gost_data/gost.cnf
+++ /dev/null
@@ -1,13 +0,0 @@
-openssl_conf = openssl_def
-[openssl_def]
-engines = engine_section
-
-[engine_section]
-gost = gost_section
-
-[gost_section]
-engine_id = gost
-dynamic_path = $ENV::OPENSSL_GOST_ENGINE_SO
-default_algorithms = ALL
-CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
-
More information about the openssl-commits
mailing list