Don't expect a POLY1305 ciphersuite when using no-poly1305

author Matt Caswell <matt@openssl.org>

Sun, 10 Dec 2017 11:05:19 +0000 (11:05 +0000)

committer Matt Caswell <matt@openssl.org>

Mon, 11 Dec 2017 09:41:59 +0000 (09:41 +0000)
author Matt Caswell <matt@openssl.org>
Sun, 10 Dec 2017 11:05:19 +0000 (11:05 +0000)
committer Matt Caswell <matt@openssl.org>
Mon, 11 Dec 2017 09:41:59 +0000 (09:41 +0000)
diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t

index c5472ebf0f96b5d616296be3566d474136e0b6f0..415c5c3bb8b3909cca0a7f548950167c637aaf63 100644 (file)
--- a/test/recipes/80-test_ssl_new.t
+++ b/test/recipes/80-test_ssl_new.t
@@ -66,6 +66,7 @@ my %conf_dependent_tests = (
    "19-mac-then-encrypt.conf" => !$is_default_tls,
    "20-cert-select.conf" => !$is_default_tls || $no_dh || $no_dsa,
    "22-compression.conf" => !$is_default_tls,
    "19-mac-then-encrypt.conf" => !$is_default_tls,
    "20-cert-select.conf" => !$is_default_tls || $no_dh || $no_dsa,
    "22-compression.conf" => !$is_default_tls,
+  "25-cipher.conf" => disabled("poly1305"),
  );
  
  # Add your test here if it should be skipped for some compile-time
  );
  
  # Add your test here if it should be skipped for some compile-time
diff --git a/test/ssl-tests/25-cipher.conf b/test/ssl-tests/25-cipher.conf

index 101ee7c517802c506f15d519d571f365b0f89e55..a28c1f7bed295be254a5d43b5aca1cde85ffbbfd 100644 (file)
--- a/test/ssl-tests/25-cipher.conf
+++ b/test/ssl-tests/25-cipher.conf
@@ -207,13 +207,13 @@ Options = ServerPreference,PrioritizeChaCha
  PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  
  [7-cipher-server-pref-mobile-client]
  PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  
  [7-cipher-server-pref-mobile-client]
-CipherString = ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384
+CipherString = ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305
  MaxProtocol = TLSv1.2
  VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  VerifyMode = Peer
  
  [test-7]
  MaxProtocol = TLSv1.2
  VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  VerifyMode = Peer
  
  [test-7]
-ExpectedCipher = ECDHE-RSA-CHACHA20-POLY1305
+ExpectedCipher = ECDHE-RSA-AES256-SHA384
  
  
  # ===========================================================
  
  
  # ===========================================================
@@ -233,12 +233,12 @@ Options = ServerPreference,PrioritizeChaCha
  PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  
  [8-cipher-server-pref-mobile2-client]
  PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  
  [8-cipher-server-pref-mobile2-client]
-CipherString = ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305
+CipherString = ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384
  MaxProtocol = TLSv1.2
  VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  VerifyMode = Peer
  
  [test-8]
  MaxProtocol = TLSv1.2
  VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  VerifyMode = Peer
  
  [test-8]
-ExpectedCipher = ECDHE-RSA-AES256-SHA384
+ExpectedCipher = ECDHE-RSA-CHACHA20-POLY1305
  
  
  
  
diff --git a/test/ssl-tests/25-cipher.conf.in b/test/ssl-tests/25-cipher.conf.in

index b82f77ccd9738529345f4424be32d812bb4083b4..d75e2741209084e1ba4b5792233afabe75d9a840 100644 (file)
--- a/test/ssl-tests/25-cipher.conf.in
+++ b/test/ssl-tests/25-cipher.conf.in
@@ -13,7 +13,7 @@ use strict;
  use warnings;
  
  package ssltests;
  use warnings;
  
  package ssltests;
-
+use OpenSSL::Test::Utils;
  
  our @tests = (
      {
  
  our @tests = (
      {
@@ -127,12 +127,15 @@ our @tests = (
          },
          client => {
              "MaxProtocol" => "TLSv1.2",
          },
          client => {
              "MaxProtocol" => "TLSv1.2",
-            "CipherString" => "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384",
+            "CipherString" => "ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305",
          },
          test => {
          },
          test => {
-            "ExpectedCipher" => "ECDHE-RSA-CHACHA20-POLY1305",
+            "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384",
          },
      },
          },
      },
+);
+
+my @tests_poly1305 = (
      {
          name => "cipher-server-pref-mobile2",
          server => {
      {
          name => "cipher-server-pref-mobile2",
          server => {
@@ -142,10 +145,12 @@ our @tests = (
          },
          client => {
              "MaxProtocol" => "TLSv1.2",
          },
          client => {
              "MaxProtocol" => "TLSv1.2",
-            "CipherString" => "ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305",
+            "CipherString" => "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384",
          },
          test => {
          },
          test => {
-            "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384",
+            "ExpectedCipher" => "ECDHE-RSA-CHACHA20-POLY1305",
          },
      },
  );
          },
      },
  );
+
+push @tests, @tests_poly1305 unless disabled("poly1305");
author	Matt Caswell <matt@openssl.org>
	Sun, 10 Dec 2017 11:05:19 +0000 (11:05 +0000)
committer	Matt Caswell <matt@openssl.org>
	Mon, 11 Dec 2017 09:41:59 +0000 (09:41 +0000)
test/recipes/80-test_ssl_new.t		patch \| blob \| history
test/ssl-tests/25-cipher.conf		patch \| blob \| history
test/ssl-tests/25-cipher.conf.in		patch \| blob \| history