summaryrefslogtreecommitdiff
path: root/regress/lib
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2017-05-06 20:39:04 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2017-05-06 20:39:04 +0000
commit05b2dcb0838d823096ccb16ef14f18dd0b64236c (patch)
treea3cf03fd91979d40dd8269ebbb3bb209918897d9 /regress/lib
parente827028e44750bef4f1b35d3fcc2f5477665cea6 (diff)
Add regress coverage for SSL{,_CTX}_set_{min,max}_proto_version().
Diffstat (limited to 'regress/lib')
-rw-r--r--regress/lib/libssl/unit/ssl_versions.c316
1 files changed, 304 insertions, 12 deletions
diff --git a/regress/lib/libssl/unit/ssl_versions.c b/regress/lib/libssl/unit/ssl_versions.c
index eace13e4388..c12f115c19a 100644
--- a/regress/lib/libssl/unit/ssl_versions.c
+++ b/regress/lib/libssl/unit/ssl_versions.c
@@ -1,6 +1,6 @@
-/* $OpenBSD: ssl_versions.c,v 1.3 2017/01/25 11:11:21 jsing Exp $ */
+/* $OpenBSD: ssl_versions.c,v 1.4 2017/05/06 20:39:03 jsing Exp $ */
/*
- * Copyright (c) 2016 Joel Sing <jsing@openbsd.org>
+ * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -361,7 +361,7 @@ static struct shared_version_test shared_version_tests[] = {
static int
test_ssl_max_shared_version(void)
{
- struct shared_version_test *srt;
+ struct shared_version_test *svt;
SSL_CTX *ssl_ctx = NULL;
SSL *ssl = NULL;
uint16_t maxver;
@@ -371,9 +371,9 @@ test_ssl_max_shared_version(void)
failed = 0;
for (i = 0; i < N_SHARED_VERSION_TESTS; i++) {
- srt = &shared_version_tests[i];
+ svt = &shared_version_tests[i];
- if ((ssl_ctx = SSL_CTX_new(srt->ssl_method())) == NULL) {
+ if ((ssl_ctx = SSL_CTX_new(svt->ssl_method())) == NULL) {
fprintf(stderr, "SSL_CTX_new() returned NULL\n");
return 1;
}
@@ -384,24 +384,24 @@ test_ssl_max_shared_version(void)
SSL_clear_options(ssl, SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
SSL_OP_NO_TLSv1_2);
- SSL_set_options(ssl, srt->options);
+ SSL_set_options(ssl, svt->options);
maxver = 0;
- ssl->internal->min_version = srt->minver;
- ssl->internal->max_version = srt->maxver;
+ ssl->internal->min_version = svt->minver;
+ ssl->internal->max_version = svt->maxver;
- if (ssl_max_shared_version(ssl, srt->peerver, &maxver) != 1) {
- if (srt->want_maxver != 0) {
+ if (ssl_max_shared_version(ssl, svt->peerver, &maxver) != 1) {
+ if (svt->want_maxver != 0) {
fprintf(stderr, "FAIL: test %zu - failed but "
"wanted non-zero shared version\n", i);
failed++;
}
continue;
}
- if (maxver != srt->want_maxver) {
+ if (maxver != svt->want_maxver) {
fprintf(stderr, "FAIL: test %zu - got shared "
"version %x, want %x\n", i, maxver,
- srt->want_maxver);
+ svt->want_maxver);
failed++;
}
@@ -412,6 +412,297 @@ test_ssl_max_shared_version(void)
return (failed);
}
+struct min_max_version_test {
+ const SSL_METHOD *(*ssl_method)(void);
+ const uint16_t minver;
+ const uint16_t maxver;
+ const uint16_t want_minver;
+ const uint16_t want_maxver;
+};
+
+static struct min_max_version_test min_max_version_tests[] = {
+ {
+ .ssl_method = TLS_method,
+ .minver = 0,
+ .maxver = 0,
+ .want_minver = TLS1_VERSION,
+ .want_maxver = TLS1_2_VERSION,
+ },
+ {
+ .ssl_method = TLS_method,
+ .minver = TLS1_VERSION,
+ .maxver = 0,
+ .want_minver = TLS1_VERSION,
+ .want_maxver = TLS1_2_VERSION,
+ },
+ {
+ .ssl_method = TLS_method,
+ .minver = 0,
+ .maxver = TLS1_2_VERSION,
+ .want_minver = TLS1_VERSION,
+ .want_maxver = TLS1_2_VERSION,
+ },
+ {
+ .ssl_method = TLS_method,
+ .minver = TLS1_VERSION,
+ .maxver = TLS1_2_VERSION,
+ .want_minver = TLS1_VERSION,
+ .want_maxver = TLS1_2_VERSION,
+ },
+ {
+ .ssl_method = TLS_method,
+ .minver = TLS1_1_VERSION,
+ .maxver = 0,
+ .want_minver = TLS1_1_VERSION,
+ .want_maxver = TLS1_2_VERSION,
+ },
+ {
+ .ssl_method = TLS_method,
+ .minver = TLS1_2_VERSION,
+ .maxver = 0,
+ .want_minver = TLS1_2_VERSION,
+ .want_maxver = TLS1_2_VERSION,
+ },
+ {
+ .ssl_method = TLS_method,
+ .minver = 0x0300,
+ .maxver = 0,
+ .want_minver = TLS1_VERSION,
+ .want_maxver = TLS1_2_VERSION,
+ },
+ {
+ .ssl_method = TLS_method,
+ .minver = 0x0305,
+ .maxver = 0,
+ .want_minver = 0,
+ .want_maxver = 0,
+ },
+ {
+ .ssl_method = TLS_method,
+ .minver = 0,
+ .maxver = 0x0305,
+ .want_minver = TLS1_VERSION,
+ .want_maxver = TLS1_2_VERSION,
+ },
+ {
+ .ssl_method = TLS_method,
+ .minver = 0,
+ .maxver = TLS1_1_VERSION,
+ .want_minver = TLS1_VERSION,
+ .want_maxver = TLS1_1_VERSION,
+ },
+ {
+ .ssl_method = TLS_method,
+ .minver = 0,
+ .maxver = TLS1_VERSION,
+ .want_minver = TLS1_VERSION,
+ .want_maxver = TLS1_VERSION,
+ },
+ {
+ .ssl_method = TLS_method,
+ .minver = 0,
+ .maxver = 0x0300,
+ .want_minver = 0,
+ .want_maxver = 0,
+ },
+ {
+ .ssl_method = TLS_method,
+ .minver = TLS1_2_VERSION,
+ .maxver = TLS1_1_VERSION,
+ .want_minver = TLS1_2_VERSION,
+ .want_maxver = 0,
+ },
+ {
+ .ssl_method = TLSv1_1_method,
+ .minver = 0,
+ .maxver = 0,
+ .want_minver = TLS1_1_VERSION,
+ .want_maxver = TLS1_1_VERSION,
+ },
+ {
+ .ssl_method = TLSv1_1_method,
+ .minver = TLS1_VERSION,
+ .maxver = TLS1_2_VERSION,
+ .want_minver = TLS1_1_VERSION,
+ .want_maxver = TLS1_1_VERSION,
+ },
+ {
+ .ssl_method = TLSv1_1_method,
+ .minver = TLS1_2_VERSION,
+ .maxver = 0,
+ .want_minver = 0,
+ .want_maxver = 0,
+ },
+ {
+ .ssl_method = TLSv1_1_method,
+ .minver = 0,
+ .maxver = TLS1_VERSION,
+ .want_minver = 0,
+ .want_maxver = 0,
+ },
+ {
+ .ssl_method = DTLSv1_method,
+ .minver = 0,
+ .maxver = 0,
+ .want_minver = DTLS1_VERSION,
+ .want_maxver = DTLS1_VERSION,
+ },
+ {
+ .ssl_method = DTLSv1_method,
+ .minver = DTLS1_VERSION,
+ .maxver = 0,
+ .want_minver = DTLS1_VERSION,
+ .want_maxver = DTLS1_VERSION,
+ },
+ {
+ .ssl_method = DTLSv1_method,
+ .minver = 0,
+ .maxver = DTLS1_VERSION,
+ .want_minver = DTLS1_VERSION,
+ .want_maxver = DTLS1_VERSION,
+ },
+ {
+ .ssl_method = DTLSv1_method,
+ .minver = TLS1_VERSION,
+ .maxver = TLS1_2_VERSION,
+ .want_minver = 0,
+ .want_maxver = 0,
+ },
+};
+
+#define N_MIN_MAX_VERSION_TESTS \
+ (sizeof(min_max_version_tests) / sizeof(*min_max_version_tests))
+
+static int
+test_ssl_min_max_version(void)
+{
+ struct min_max_version_test *mmvt;
+ SSL_CTX *ssl_ctx = NULL;
+ SSL *ssl = NULL;
+ int failed = 0;
+ size_t i;
+
+ failed = 0;
+
+ for (i = 0; i < N_SHARED_VERSION_TESTS; i++) {
+ mmvt = &min_max_version_tests[i];
+
+ if ((ssl_ctx = SSL_CTX_new(mmvt->ssl_method())) == NULL) {
+ fprintf(stderr, "SSL_CTX_new() returned NULL\n");
+ return 1;
+ }
+
+ if (SSL_CTX_set_min_proto_version(ssl_ctx, mmvt->minver) != 1) {
+ if (mmvt->want_minver != 0) {
+ fprintf(stderr, "FAIL: test %zu - failed to set "
+ "SSL_CTX min version\n", i);
+ failed++;
+ }
+ goto next;
+ }
+ if (SSL_CTX_set_max_proto_version(ssl_ctx, mmvt->maxver) != 1) {
+ if (mmvt->want_maxver != 0) {
+ fprintf(stderr, "FAIL: test %zu - failed to set "
+ "SSL_CTX min version\n", i);
+ failed++;
+ }
+ goto next;
+ }
+
+ if (mmvt->want_minver == 0) {
+ fprintf(stderr, "FAIL: test %zu - successfully set "
+ "SSL_CTX min version, should have failed\n", i);
+ goto next;
+ }
+ if (mmvt->want_maxver == 0) {
+ fprintf(stderr, "FAIL: test %zu - successfully set "
+ "SSL_CTX max version, should have failed\n", i);
+ goto next;
+ }
+
+ if (ssl_ctx->internal->min_version != mmvt->want_minver) {
+ fprintf(stderr, "FAIL: test %zu - got SSL_CTX min "
+ "version 0x%x, want 0x%x\n", i,
+ ssl_ctx->internal->min_version, mmvt->want_minver);
+ goto next;
+ }
+ if (ssl_ctx->internal->max_version != mmvt->want_maxver) {
+ fprintf(stderr, "FAIL: test %zu - got SSL_CTX max "
+ "version 0x%x, want 0x%x\n", i,
+ ssl_ctx->internal->max_version, mmvt->want_maxver);
+ goto next;
+ }
+
+ if ((ssl = SSL_new(ssl_ctx)) == NULL) {
+ fprintf(stderr, "SSL_new() returned NULL\n");
+ return 1;
+ }
+
+ if (ssl->internal->min_version != mmvt->want_minver) {
+ fprintf(stderr, "FAIL: test %zu - initial SSL min "
+ "version 0x%x, want 0x%x\n", i,
+ ssl_ctx->internal->min_version, mmvt->want_minver);
+ goto next;
+ }
+ if (ssl->internal->max_version != mmvt->want_maxver) {
+ fprintf(stderr, "FAIL: test %zu - initial SSL max "
+ "version 0x%x, want 0x%x\n", i,
+ ssl_ctx->internal->max_version, mmvt->want_maxver);
+ goto next;
+ }
+
+ if (SSL_set_min_proto_version(ssl, mmvt->minver) != 1) {
+ if (mmvt->want_minver != 0) {
+ fprintf(stderr, "FAIL: test %zu - failed to set "
+ "SSL min version\n", i);
+ failed++;
+ }
+ goto next;
+ }
+ if (SSL_set_max_proto_version(ssl, mmvt->maxver) != 1) {
+ if (mmvt->want_maxver != 0) {
+ fprintf(stderr, "FAIL: test %zu - failed to set "
+ "SSL min version\n", i);
+ failed++;
+ }
+ goto next;
+ }
+
+ if (mmvt->want_minver == 0) {
+ fprintf(stderr, "FAIL: test %zu - successfully set SSL "
+ "min version, should have failed\n", i);
+ goto next;
+ }
+ if (mmvt->want_maxver == 0) {
+ fprintf(stderr, "FAIL: test %zu - successfully set SSL "
+ "max version, should have failed\n", i);
+ goto next;
+ }
+
+ if (ssl->internal->min_version != mmvt->want_minver) {
+ fprintf(stderr, "FAIL: test %zu - got SSL min "
+ "version 0x%x, want 0x%x\n", i,
+ ssl_ctx->internal->min_version, mmvt->want_minver);
+ goto next;
+ }
+ if (ssl->internal->max_version != mmvt->want_maxver) {
+ fprintf(stderr, "FAIL: test %zu - got SSL max "
+ "version 0x%x, want 0x%x\n", i,
+ ssl->internal->max_version, mmvt->want_maxver);
+ goto next;
+ }
+
+ next:
+ SSL_CTX_free(ssl_ctx);
+ SSL_free(ssl);
+
+ ssl_ctx = NULL;
+ ssl = NULL;
+ }
+
+ return (failed);
+}
+
int
main(int argc, char **argv)
{
@@ -421,6 +712,7 @@ main(int argc, char **argv)
failed |= test_ssl_enabled_version_range();
failed |= test_ssl_max_shared_version();
+ failed |= test_ssl_min_max_version();
if (failed == 0)
printf("PASS %s\n", __FILE__);