From 7f5fb2b28c2de4730c13f35d7d90265c62693631 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 30 Dec 2016 17:12:11 +0000 Subject: [PATCH] Provide some tests for the sig algs API Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/2160) (cherry picked from commit f1b25aaed32f90b3309243d24353bf636c1c786b) --- test/build.info | 2 +- test/sslapitest.c | 122 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 123 insertions(+), 1 deletion(-) diff --git a/test/build.info b/test/build.info index c143cb18a3..0c2c909b31 100644 --- a/test/build.info +++ b/test/build.info @@ -268,7 +268,7 @@ IF[{- !$disabled{tests} -}] DEPEND[bioprinttest]=../libcrypto SOURCE[sslapitest]=sslapitest.c ssltestlib.c testutil.c - INCLUDE[sslapitest]=../include + INCLUDE[sslapitest]=../include .. DEPEND[sslapitest]=../libcrypto ../libssl SOURCE[dtlstest]=dtlstest.c ssltestlib.c testutil.c diff --git a/test/sslapitest.c b/test/sslapitest.c index 01811bf7e6..9caf5d107c 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -17,6 +17,7 @@ #include "ssltestlib.h" #include "testutil.h" +#include "e_os.h" static char *cert = NULL; static char *privkey = NULL; @@ -875,6 +876,126 @@ static int test_ssl_bio_change_wbio(void) EXECUTE_TEST(execute_test_ssl_bio, ssl_bio_tear_down); } +typedef struct { + /* The list of sig algs */ + const int *list; + /* The length of the list */ + size_t listlen; + /* A sigalgs list in string format */ + const char *liststr; + /* Whether setting the list should succeed */ + int valid; + /* Whether creating a connection with the list should succeed */ + int connsuccess; +} sigalgs_list; + +static const int validlist1[] = {NID_sha256, EVP_PKEY_RSA}; +static const int validlist2[] = {NID_sha256, EVP_PKEY_RSA, NID_sha512, EVP_PKEY_EC}; +static const int validlist3[] = {NID_sha512, EVP_PKEY_EC}; +static const int invalidlist1[] = {NID_undef, EVP_PKEY_RSA}; +static const int invalidlist2[] = {NID_sha256, NID_undef}; +static const int invalidlist3[] = {NID_sha256, EVP_PKEY_RSA, NID_sha256}; +static const int invalidlist4[] = {NID_sha256}; +static const sigalgs_list testsigalgs[] = { + {validlist1, OSSL_NELEM(validlist1), NULL, 1, 1}, + {validlist2, OSSL_NELEM(validlist2), NULL, 1, 1}, + {validlist3, OSSL_NELEM(validlist3), NULL, 1, 0}, + {NULL, 0, "RSA+SHA256", 1, 1}, + {NULL, 0, "RSA+SHA256:ECDSA+SHA512", 1, 1}, + {NULL, 0, "ECDSA+SHA512", 1, 0}, + {invalidlist1, OSSL_NELEM(invalidlist1), NULL, 0, 0}, + {invalidlist2, OSSL_NELEM(invalidlist2), NULL, 0, 0}, + {invalidlist3, OSSL_NELEM(invalidlist3), NULL, 0, 0}, + {invalidlist4, OSSL_NELEM(invalidlist4), NULL, 0, 0}, + {NULL, 0, "RSA", 0, 0}, + {NULL, 0, "SHA256", 0, 0}, + {NULL, 0, "RSA+SHA256:SHA256", 0, 0}, + {NULL, 0, "Invalid", 0, 0}}; + +static int test_set_sigalgs(int idx) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + const sigalgs_list *curr; + int testctx; + + /* Should never happen */ + if ((size_t)idx >= OSSL_NELEM(testsigalgs) * 2) + return 0; + + testctx = ((size_t)idx < OSSL_NELEM(testsigalgs)); + curr = testctx ? &testsigalgs[idx] + : &testsigalgs[idx - OSSL_NELEM(testsigalgs)]; + + if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), &sctx, + &cctx, cert, privkey)) { + printf("Unable to create SSL_CTX pair\n"); + return 0; + } + + if (testctx) { + int ret; + if (curr->list != NULL) + ret = SSL_CTX_set1_sigalgs(cctx, curr->list, curr->listlen); + else + ret = SSL_CTX_set1_sigalgs_list(cctx, curr->liststr); + + if (!ret) { + if (curr->valid) + printf("Unexpected failure setting sigalgs in SSL_CTX (%d)\n", + idx); + else + testresult = 1; + goto end; + } + if (!curr->valid) { + printf("Unexpected success setting sigalgs in SSL_CTX (%d)\n", idx); + goto end; + } + } + + if (!create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL)) { + printf("Unable to create SSL objects\n"); + goto end; + } + + if (!testctx) { + int ret; + + if (curr->list != NULL) + ret = SSL_set1_sigalgs(clientssl, curr->list, curr->listlen); + else + ret = SSL_set1_sigalgs_list(clientssl, curr->liststr); + if (!ret) { + if (curr->valid) + printf("Unexpected failure setting sigalgs in SSL (%d)\n", idx); + else + testresult = 1; + goto end; + } + if (!curr->valid) { + printf("Unexpected success setting sigalgs in SSL (%d)\n", idx); + goto end; + } + } + + if (curr->connsuccess != create_ssl_connection(serverssl, clientssl)) { + printf("Unexpected return value creating SSL connection (%d)\n", idx); + goto end; + } + + testresult = 1; + + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} + int main(int argc, char *argv[]) { BIO *err = NULL; @@ -909,6 +1030,7 @@ int main(int argc, char *argv[]) ADD_TEST(test_ssl_bio_pop_ssl_bio); ADD_TEST(test_ssl_bio_change_rbio); ADD_TEST(test_ssl_bio_change_wbio); + ADD_ALL_TESTS(test_set_sigalgs, OSSL_NELEM(testsigalgs) * 2); testresult = run_tests(argv[0]); -- 2.25.1