summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2017-01-25 11:11:22 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2017-01-25 11:11:22 +0000
commita538b8c6c7fe15b757c2802cf3ba221be35876ac (patch)
treea4fcb1ddccaadaee979bbe58bdb14d69bac47f4b
parentf909599375c07a2a6bc1c1718c3c9911a3e3869b (diff)
Update ssl versions regress to handle min/max configured versions and
the cover the ssl_supported_version_range() function.
Diffstat
-rw-r--r--regress/lib/libssl/unit/ssl_versions.c248
1 files changed, 201 insertions, 47 deletions
diff --git a/regress/lib/libssl/unit/ssl_versions.c b/regress/lib/libssl/unit/ssl_versions.c
index d4be40cbd8b..eace13e4388 100644
--- a/regress/lib/libssl/unit/ssl_versions.c
+++ b/regress/lib/libssl/unit/ssl_versions.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_versions.c,v 1.2 2017/01/03 16:58:10 jsing Exp $ */
+/* $OpenBSD: ssl_versions.c,v 1.3 2017/01/25 11:11:21 jsing Exp $ */
/*
* Copyright (c) 2016 Joel Sing <jsing@openbsd.org>
*
@@ -17,13 +17,14 @@
#include <openssl/ssl.h>
-int ssl_enabled_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver);
-int ssl_max_shared_version(SSL *s, uint16_t peer_ver, uint16_t *max_ver);
+#include "ssl_locl.h"
struct version_range_test {
const long options;
const uint16_t minver;
const uint16_t maxver;
+ const uint16_t want_minver;
+ const uint16_t want_maxver;
};
static struct version_range_test version_range_tests[] = {
@@ -31,41 +32,92 @@ static struct version_range_test version_range_tests[] = {
.options = 0,
.minver = TLS1_VERSION,
.maxver = TLS1_2_VERSION,
+ .want_minver = TLS1_VERSION,
+ .want_maxver = TLS1_2_VERSION,
},
{
.options = SSL_OP_NO_TLSv1,
- .minver = TLS1_1_VERSION,
+ .minver = TLS1_VERSION,
.maxver = TLS1_2_VERSION,
+ .want_minver = TLS1_1_VERSION,
+ .want_maxver = TLS1_2_VERSION,
},
{
.options = SSL_OP_NO_TLSv1_2,
.minver = TLS1_VERSION,
- .maxver = TLS1_1_VERSION,
+ .maxver = TLS1_2_VERSION,
+ .want_minver = TLS1_VERSION,
+ .want_maxver = TLS1_1_VERSION,
},
{
.options = SSL_OP_NO_TLSv1_1,
.minver = TLS1_VERSION,
- .maxver = TLS1_VERSION,
+ .maxver = TLS1_2_VERSION,
+ .want_minver = TLS1_VERSION,
+ .want_maxver = TLS1_VERSION,
},
{
.options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1,
- .minver = TLS1_2_VERSION,
+ .minver = TLS1_VERSION,
.maxver = TLS1_2_VERSION,
+ .want_minver = TLS1_2_VERSION,
+ .want_maxver = TLS1_2_VERSION,
},
{
.options = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
.minver = TLS1_VERSION,
- .maxver = TLS1_VERSION,
+ .maxver = TLS1_2_VERSION,
+ .want_minver = TLS1_VERSION,
+ .want_maxver = TLS1_VERSION,
},
{
.options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_2,
+ .minver = TLS1_VERSION,
+ .maxver = TLS1_2_VERSION,
+ .want_minver = TLS1_1_VERSION,
+ .want_maxver = TLS1_1_VERSION,
+ },
+ {
+ .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
+ .minver = TLS1_VERSION,
+ .maxver = TLS1_2_VERSION,
+ .want_minver = 0,
+ .want_maxver = 0,
+ },
+ {
+ .options = 0,
+ .minver = TLS1_VERSION,
+ .maxver = TLS1_2_VERSION,
+ .want_minver = TLS1_VERSION,
+ .want_maxver = TLS1_2_VERSION,
+ },
+ {
+ .options = 0,
.minver = TLS1_1_VERSION,
+ .maxver = TLS1_2_VERSION,
+ .want_minver = TLS1_1_VERSION,
+ .want_maxver = TLS1_2_VERSION,
+ },
+ {
+ .options = 0,
+ .minver = TLS1_2_VERSION,
+ .maxver = TLS1_2_VERSION,
+ .want_minver = TLS1_2_VERSION,
+ .want_maxver = TLS1_2_VERSION,
+ },
+ {
+ .options = 0,
+ .minver = TLS1_VERSION,
.maxver = TLS1_1_VERSION,
+ .want_minver = TLS1_VERSION,
+ .want_maxver = TLS1_1_VERSION,
},
{
- .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
- .minver = 0,
- .maxver = 0,
+ .options = 0,
+ .minver = TLS1_VERSION,
+ .maxver = TLS1_VERSION,
+ .want_minver = TLS1_VERSION,
+ .want_maxver = TLS1_VERSION,
},
};
@@ -101,23 +153,25 @@ test_ssl_enabled_version_range(void)
SSL_set_options(ssl, vrt->options);
minver = maxver = 0xffff;
+ ssl->internal->min_version = vrt->minver;
+ ssl->internal->max_version = vrt->maxver;
if (ssl_enabled_version_range(ssl, &minver, &maxver) != 1) {
- if (vrt->minver != 0 || vrt->maxver != 0) {
+ if (vrt->want_minver != 0 || vrt->want_maxver != 0) {
fprintf(stderr, "FAIL: test %zu - failed but "
"wanted non-zero versions\n", i);
failed++;
}
continue;
}
- if (minver != vrt->minver) {
+ if (minver != vrt->want_minver) {
fprintf(stderr, "FAIL: test %zu - got minver %x, "
- "want %x\n", i, minver, vrt->minver);
+ "want %x\n", i, minver, vrt->want_minver);
failed++;
}
- if (maxver != vrt->maxver) {
+ if (maxver != vrt->want_maxver) {
fprintf(stderr, "FAIL: test %zu - got maxver %x, "
- "want %x\n", i, maxver, vrt->maxver);
+ "want %x\n", i, maxver, vrt->want_maxver);
failed++;
}
}
@@ -130,76 +184,174 @@ test_ssl_enabled_version_range(void)
}
struct shared_version_test {
+ const SSL_METHOD *(*ssl_method)(void);
const long options;
- const uint16_t peerver;
+ const uint16_t minver;
const uint16_t maxver;
+ const uint16_t peerver;
+ const uint16_t want_maxver;
};
static struct shared_version_test shared_version_tests[] = {
{
+ .ssl_method = TLS_method,
.options = 0,
+ .minver = TLS1_VERSION,
+ .maxver = TLS1_2_VERSION,
.peerver = SSL2_VERSION,
- .maxver = 0,
+ .want_maxver = 0,
},
{
+ .ssl_method = TLS_method,
.options = 0,
+ .minver = TLS1_VERSION,
+ .maxver = TLS1_2_VERSION,
.peerver = SSL3_VERSION,
- .maxver = 0,
+ .want_maxver = 0,
},
{
+ .ssl_method = TLS_method,
.options = 0,
+ .minver = TLS1_VERSION,
+ .maxver = TLS1_2_VERSION,
.peerver = TLS1_VERSION,
- .maxver = TLS1_VERSION,
+ .want_maxver = TLS1_VERSION,
},
{
+ .ssl_method = TLS_method,
.options = 0,
+ .minver = TLS1_VERSION,
+ .maxver = TLS1_2_VERSION,
.peerver = TLS1_1_VERSION,
- .maxver = TLS1_1_VERSION,
+ .want_maxver = TLS1_1_VERSION,
},
{
+ .ssl_method = TLS_method,
.options = 0,
- .peerver = TLS1_2_VERSION,
+ .minver = TLS1_VERSION,
.maxver = TLS1_2_VERSION,
+ .peerver = TLS1_2_VERSION,
+ .want_maxver = TLS1_2_VERSION,
},
{
+ .ssl_method = TLS_method,
.options = 0,
- .peerver = 0x7f12,
+ .minver = TLS1_VERSION,
.maxver = TLS1_2_VERSION,
+ .peerver = 0x7f12,
+ .want_maxver = TLS1_2_VERSION,
},
{
+ .ssl_method = TLS_method,
.options = SSL_OP_NO_TLSv1_2,
+ .minver = TLS1_VERSION,
+ .maxver = TLS1_2_VERSION,
.peerver = TLS1_2_VERSION,
- .maxver = TLS1_1_VERSION,
+ .want_maxver = TLS1_1_VERSION,
},
{
+ .ssl_method = TLS_method,
.options = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
+ .minver = TLS1_VERSION,
+ .maxver = TLS1_2_VERSION,
.peerver = TLS1_2_VERSION,
- .maxver = TLS1_VERSION,
+ .want_maxver = TLS1_VERSION,
},
{
+ .ssl_method = TLS_method,
.options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
+ .minver = TLS1_VERSION,
+ .maxver = TLS1_2_VERSION,
.peerver = TLS1_2_VERSION,
- .maxver = 0,
+ .want_maxver = 0,
},
{
+ .ssl_method = TLS_method,
.options = SSL_OP_NO_TLSv1,
+ .minver = TLS1_VERSION,
+ .maxver = TLS1_2_VERSION,
.peerver = TLS1_1_VERSION,
- .maxver = TLS1_1_VERSION,
+ .want_maxver = TLS1_1_VERSION,
},
{
+ .ssl_method = TLS_method,
.options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1,
+ .minver = TLS1_VERSION,
+ .maxver = TLS1_2_VERSION,
.peerver = TLS1_1_VERSION,
- .maxver = 0,
+ .want_maxver = 0,
},
{
+ .ssl_method = TLS_method,
.options = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
+ .minver = TLS1_VERSION,
+ .maxver = TLS1_2_VERSION,
.peerver = TLS1_1_VERSION,
- .maxver = TLS1_VERSION,
+ .want_maxver = TLS1_VERSION,
},
{
+ .ssl_method = TLS_method,
.options = SSL_OP_NO_TLSv1,
+ .minver = TLS1_VERSION,
+ .maxver = TLS1_2_VERSION,
+ .peerver = TLS1_VERSION,
+ .want_maxver = 0,
+ },
+ {
+ .ssl_method = TLS_method,
+ .options = 0,
+ .minver = TLS1_VERSION,
+ .maxver = TLS1_1_VERSION,
+ .peerver = TLS1_2_VERSION,
+ .want_maxver = TLS1_1_VERSION,
+ },
+ {
+ .ssl_method = TLS_method,
+ .options = 0,
+ .minver = TLS1_VERSION,
+ .maxver = TLS1_VERSION,
+ .peerver = TLS1_2_VERSION,
+ .want_maxver = TLS1_VERSION,
+ },
+ {
+ .ssl_method = TLSv1_method,
+ .options = 0,
+ .minver = TLS1_VERSION,
+ .maxver = TLS1_2_VERSION,
.peerver = TLS1_VERSION,
- .maxver = 0,
+ .want_maxver = TLS1_VERSION,
+ },
+ {
+ .ssl_method = TLSv1_method,
+ .options = 0,
+ .minver = TLS1_1_VERSION,
+ .maxver = TLS1_2_VERSION,
+ .peerver = TLS1_VERSION,
+ .want_maxver = 0,
+ },
+ {
+ .ssl_method = TLSv1_1_method,
+ .options = 0,
+ .minver = TLS1_VERSION,
+ .maxver = TLS1_2_VERSION,
+ .peerver = TLS1_1_VERSION,
+ .want_maxver = TLS1_1_VERSION,
+ },
+ {
+ .ssl_method = DTLSv1_method,
+ .options = 0,
+ .minver = TLS1_VERSION,
+ .maxver = TLS1_2_VERSION,
+ .peerver = DTLS1_VERSION,
+ .want_maxver = DTLS1_VERSION,
+ },
+ {
+ .ssl_method = DTLSv1_method,
+ .options = 0,
+ .minver = TLS1_VERSION,
+ .maxver = TLS1_2_VERSION,
+ .peerver = TLS1_2_VERSION,
+ .want_maxver = 0,
},
};
@@ -213,47 +365,49 @@ test_ssl_max_shared_version(void)
SSL_CTX *ssl_ctx = NULL;
SSL *ssl = NULL;
uint16_t maxver;
- int failed = 1;
+ int failed = 0;
size_t i;
- if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL) {
- fprintf(stderr, "SSL_CTX_new() returned NULL\n");
- goto failure;
- }
- if ((ssl = SSL_new(ssl_ctx)) == NULL) {
- fprintf(stderr, "SSL_new() returned NULL\n");
- goto failure;
- }
-
failed = 0;
for (i = 0; i < N_SHARED_VERSION_TESTS; i++) {
srt = &shared_version_tests[i];
+ if ((ssl_ctx = SSL_CTX_new(srt->ssl_method())) == NULL) {
+ fprintf(stderr, "SSL_CTX_new() returned NULL\n");
+ return 1;
+ }
+ if ((ssl = SSL_new(ssl_ctx)) == NULL) {
+ fprintf(stderr, "SSL_new() returned NULL\n");
+ return 1;
+ }
+
SSL_clear_options(ssl, SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
SSL_OP_NO_TLSv1_2);
SSL_set_options(ssl, srt->options);
maxver = 0;
+ ssl->internal->min_version = srt->minver;
+ ssl->internal->max_version = srt->maxver;
if (ssl_max_shared_version(ssl, srt->peerver, &maxver) != 1) {
- if (srt->maxver != 0) {
+ if (srt->want_maxver != 0) {
fprintf(stderr, "FAIL: test %zu - failed but "
"wanted non-zero shared version\n", i);
failed++;
}
continue;
}
- if (maxver != srt->maxver) {
+ if (maxver != srt->want_maxver) {
fprintf(stderr, "FAIL: test %zu - got shared "
- "version %x, want %x\n", i, maxver, srt->maxver);
+ "version %x, want %x\n", i, maxver,
+ srt->want_maxver);
failed++;
}
- }
- failure:
- SSL_CTX_free(ssl_ctx);
- SSL_free(ssl);
+ SSL_CTX_free(ssl_ctx);
+ SSL_free(ssl);
+ }
return (failed);
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-17 12:57:41 +0000