diff options
author | Joel Sing <jsing@cvs.openbsd.org> | 2017-01-03 16:58:11 +0000 |
---|---|---|
committer | Joel Sing <jsing@cvs.openbsd.org> | 2017-01-03 16:58:11 +0000 |
commit | d74cd9a5b0398853b0296d92aeb24c9a0d334e1f (patch) | |
tree | b407df5229ca0135d8188d1bc766f436f8df4943 /regress/lib | |
parent | 3eff4e808a74a463b7a80c8e7067c7b300c65e15 (diff) |
Add regress tests for max shared version code.
Diffstat (limited to 'regress/lib')
-rw-r--r-- | regress/lib/libssl/unit/ssl_versions.c | 135 |
1 files changed, 133 insertions, 2 deletions
diff --git a/regress/lib/libssl/unit/ssl_versions.c b/regress/lib/libssl/unit/ssl_versions.c index 32f7b3eea24..d4be40cbd8b 100644 --- a/regress/lib/libssl/unit/ssl_versions.c +++ b/regress/lib/libssl/unit/ssl_versions.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_versions.c,v 1.1 2016/12/30 16:58:12 jsing Exp $ */ +/* $OpenBSD: ssl_versions.c,v 1.2 2017/01/03 16:58:10 jsing Exp $ */ /* * Copyright (c) 2016 Joel Sing <jsing@openbsd.org> * @@ -18,6 +18,7 @@ #include <openssl/ssl.h> int ssl_enabled_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver); +int ssl_max_shared_version(SSL *s, uint16_t peer_ver, uint16_t *max_ver); struct version_range_test { const long options; @@ -101,7 +102,7 @@ test_ssl_enabled_version_range(void) minver = maxver = 0xffff; - if (ssl_enabled_version_range(ssl, &minver, &maxver) == -1) { + if (ssl_enabled_version_range(ssl, &minver, &maxver) != 1) { if (vrt->minver != 0 || vrt->maxver != 0) { fprintf(stderr, "FAIL: test %zu - failed but " "wanted non-zero versions\n", i); @@ -128,6 +129,135 @@ test_ssl_enabled_version_range(void) return (failed); } +struct shared_version_test { + const long options; + const uint16_t peerver; + const uint16_t maxver; +}; + +static struct shared_version_test shared_version_tests[] = { + { + .options = 0, + .peerver = SSL2_VERSION, + .maxver = 0, + }, + { + .options = 0, + .peerver = SSL3_VERSION, + .maxver = 0, + }, + { + .options = 0, + .peerver = TLS1_VERSION, + .maxver = TLS1_VERSION, + }, + { + .options = 0, + .peerver = TLS1_1_VERSION, + .maxver = TLS1_1_VERSION, + }, + { + .options = 0, + .peerver = TLS1_2_VERSION, + .maxver = TLS1_2_VERSION, + }, + { + .options = 0, + .peerver = 0x7f12, + .maxver = TLS1_2_VERSION, + }, + { + .options = SSL_OP_NO_TLSv1_2, + .peerver = TLS1_2_VERSION, + .maxver = TLS1_1_VERSION, + }, + { + .options = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2, + .peerver = TLS1_2_VERSION, + .maxver = TLS1_VERSION, + }, + { + .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2, + .peerver = TLS1_2_VERSION, + .maxver = 0, + }, + { + .options = SSL_OP_NO_TLSv1, + .peerver = TLS1_1_VERSION, + .maxver = TLS1_1_VERSION, + }, + { + .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1, + .peerver = TLS1_1_VERSION, + .maxver = 0, + }, + { + .options = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2, + .peerver = TLS1_1_VERSION, + .maxver = TLS1_VERSION, + }, + { + .options = SSL_OP_NO_TLSv1, + .peerver = TLS1_VERSION, + .maxver = 0, + }, +}; + +#define N_SHARED_VERSION_TESTS \ + (sizeof(shared_version_tests) / sizeof(*shared_version_tests)) + +static int +test_ssl_max_shared_version(void) +{ + struct shared_version_test *srt; + SSL_CTX *ssl_ctx = NULL; + SSL *ssl = NULL; + uint16_t maxver; + int failed = 1; + size_t i; + + if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL) { + fprintf(stderr, "SSL_CTX_new() returned NULL\n"); + goto failure; + } + if ((ssl = SSL_new(ssl_ctx)) == NULL) { + fprintf(stderr, "SSL_new() returned NULL\n"); + goto failure; + } + + failed = 0; + + for (i = 0; i < N_SHARED_VERSION_TESTS; i++) { + srt = &shared_version_tests[i]; + + SSL_clear_options(ssl, SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | + SSL_OP_NO_TLSv1_2); + SSL_set_options(ssl, srt->options); + + maxver = 0; + + if (ssl_max_shared_version(ssl, srt->peerver, &maxver) != 1) { + if (srt->maxver != 0) { + fprintf(stderr, "FAIL: test %zu - failed but " + "wanted non-zero shared version\n", i); + failed++; + } + continue; + } + if (maxver != srt->maxver) { + fprintf(stderr, "FAIL: test %zu - got shared " + "version %x, want %x\n", i, maxver, srt->maxver); + failed++; + } + } + + failure: + SSL_CTX_free(ssl_ctx); + SSL_free(ssl); + + return (failed); +} + int main(int argc, char **argv) { @@ -136,6 +266,7 @@ main(int argc, char **argv) SSL_library_init(); failed |= test_ssl_enabled_version_range(); + failed |= test_ssl_max_shared_version(); if (failed == 0) printf("PASS %s\n", __FILE__); |