From: Matt Caswell <matt@openssl.org>
Date: Sun, 10 Dec 2017 11:05:19 +0000 (+0000)
Subject: Don't expect a POLY1305 ciphersuite when using no-poly1305
X-Git-Tag: OpenSSL_1_1_1-pre1~320
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=ef178b4eabe7183c5c85a961f4855c277ee7e220;p=oweals%2Fopenssl.git

Don't expect a POLY1305 ciphersuite when using no-poly1305

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4891)
---

diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t
index c5472ebf0f..415c5c3bb8 100644
--- a/test/recipes/80-test_ssl_new.t
+++ b/test/recipes/80-test_ssl_new.t
@@ -66,6 +66,7 @@ my %conf_dependent_tests = (
   "19-mac-then-encrypt.conf" => !$is_default_tls,
   "20-cert-select.conf" => !$is_default_tls || $no_dh || $no_dsa,
   "22-compression.conf" => !$is_default_tls,
+  "25-cipher.conf" => disabled("poly1305"),
 );
 
 # Add your test here if it should be skipped for some compile-time
diff --git a/test/ssl-tests/25-cipher.conf b/test/ssl-tests/25-cipher.conf
index 101ee7c517..a28c1f7bed 100644
--- a/test/ssl-tests/25-cipher.conf
+++ b/test/ssl-tests/25-cipher.conf
@@ -207,13 +207,13 @@ Options = ServerPreference,PrioritizeChaCha
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [7-cipher-server-pref-mobile-client]
-CipherString = ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384
+CipherString = ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305
 MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-7]
-ExpectedCipher = ECDHE-RSA-CHACHA20-POLY1305
+ExpectedCipher = ECDHE-RSA-AES256-SHA384
 
 
 # ===========================================================
@@ -233,12 +233,12 @@ Options = ServerPreference,PrioritizeChaCha
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [8-cipher-server-pref-mobile2-client]
-CipherString = ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305
+CipherString = ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384
 MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-8]
-ExpectedCipher = ECDHE-RSA-AES256-SHA384
+ExpectedCipher = ECDHE-RSA-CHACHA20-POLY1305
 
 
diff --git a/test/ssl-tests/25-cipher.conf.in b/test/ssl-tests/25-cipher.conf.in
index b82f77ccd9..d75e274120 100644
--- a/test/ssl-tests/25-cipher.conf.in
+++ b/test/ssl-tests/25-cipher.conf.in
@@ -13,7 +13,7 @@ use strict;
 use warnings;
 
 package ssltests;
-
+use OpenSSL::Test::Utils;
 
 our @tests = (
     {
@@ -127,12 +127,15 @@ our @tests = (
         },
         client => {
             "MaxProtocol" => "TLSv1.2",
-            "CipherString" => "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384",
+            "CipherString" => "ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305",
         },
         test => {
-            "ExpectedCipher" => "ECDHE-RSA-CHACHA20-POLY1305",
+            "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384",
         },
     },
+);
+
+my @tests_poly1305 = (
     {
         name => "cipher-server-pref-mobile2",
         server => {
@@ -142,10 +145,12 @@ our @tests = (
         },
         client => {
             "MaxProtocol" => "TLSv1.2",
-            "CipherString" => "ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305",
+            "CipherString" => "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384",
         },
         test => {
-            "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384",
+            "ExpectedCipher" => "ECDHE-RSA-CHACHA20-POLY1305",
         },
     },
 );
+
+push @tests, @tests_poly1305 unless disabled("poly1305");