summaryrefslogtreecommitdiff
path: root/regress/lib
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2017-01-03 16:58:11 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2017-01-03 16:58:11 +0000
commitd74cd9a5b0398853b0296d92aeb24c9a0d334e1f (patch)
treeb407df5229ca0135d8188d1bc766f436f8df4943 /regress/lib
parent3eff4e808a74a463b7a80c8e7067c7b300c65e15 (diff)
Add regress tests for max shared version code.
Diffstat (limited to 'regress/lib')
-rw-r--r--regress/lib/libssl/unit/ssl_versions.c135
1 files changed, 133 insertions, 2 deletions
diff --git a/regress/lib/libssl/unit/ssl_versions.c b/regress/lib/libssl/unit/ssl_versions.c
index 32f7b3eea24..d4be40cbd8b 100644
--- a/regress/lib/libssl/unit/ssl_versions.c
+++ b/regress/lib/libssl/unit/ssl_versions.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_versions.c,v 1.1 2016/12/30 16:58:12 jsing Exp $ */
+/* $OpenBSD: ssl_versions.c,v 1.2 2017/01/03 16:58:10 jsing Exp $ */
/*
* Copyright (c) 2016 Joel Sing <jsing@openbsd.org>
*
@@ -18,6 +18,7 @@
#include <openssl/ssl.h>
int ssl_enabled_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver);
+int ssl_max_shared_version(SSL *s, uint16_t peer_ver, uint16_t *max_ver);
struct version_range_test {
const long options;
@@ -101,7 +102,7 @@ test_ssl_enabled_version_range(void)
minver = maxver = 0xffff;
- if (ssl_enabled_version_range(ssl, &minver, &maxver) == -1) {
+ if (ssl_enabled_version_range(ssl, &minver, &maxver) != 1) {
if (vrt->minver != 0 || vrt->maxver != 0) {
fprintf(stderr, "FAIL: test %zu - failed but "
"wanted non-zero versions\n", i);
@@ -128,6 +129,135 @@ test_ssl_enabled_version_range(void)
return (failed);
}
+struct shared_version_test {
+ const long options;
+ const uint16_t peerver;
+ const uint16_t maxver;
+};
+
+static struct shared_version_test shared_version_tests[] = {
+ {
+ .options = 0,
+ .peerver = SSL2_VERSION,
+ .maxver = 0,
+ },
+ {
+ .options = 0,
+ .peerver = SSL3_VERSION,
+ .maxver = 0,
+ },
+ {
+ .options = 0,
+ .peerver = TLS1_VERSION,
+ .maxver = TLS1_VERSION,
+ },
+ {
+ .options = 0,
+ .peerver = TLS1_1_VERSION,
+ .maxver = TLS1_1_VERSION,
+ },
+ {
+ .options = 0,
+ .peerver = TLS1_2_VERSION,
+ .maxver = TLS1_2_VERSION,
+ },
+ {
+ .options = 0,
+ .peerver = 0x7f12,
+ .maxver = TLS1_2_VERSION,
+ },
+ {
+ .options = SSL_OP_NO_TLSv1_2,
+ .peerver = TLS1_2_VERSION,
+ .maxver = TLS1_1_VERSION,
+ },
+ {
+ .options = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
+ .peerver = TLS1_2_VERSION,
+ .maxver = TLS1_VERSION,
+ },
+ {
+ .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
+ .peerver = TLS1_2_VERSION,
+ .maxver = 0,
+ },
+ {
+ .options = SSL_OP_NO_TLSv1,
+ .peerver = TLS1_1_VERSION,
+ .maxver = TLS1_1_VERSION,
+ },
+ {
+ .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1,
+ .peerver = TLS1_1_VERSION,
+ .maxver = 0,
+ },
+ {
+ .options = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
+ .peerver = TLS1_1_VERSION,
+ .maxver = TLS1_VERSION,
+ },
+ {
+ .options = SSL_OP_NO_TLSv1,
+ .peerver = TLS1_VERSION,
+ .maxver = 0,
+ },
+};
+
+#define N_SHARED_VERSION_TESTS \
+ (sizeof(shared_version_tests) / sizeof(*shared_version_tests))
+
+static int
+test_ssl_max_shared_version(void)
+{
+ struct shared_version_test *srt;
+ SSL_CTX *ssl_ctx = NULL;
+ SSL *ssl = NULL;
+ uint16_t maxver;
+ int failed = 1;
+ size_t i;
+
+ if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL) {
+ fprintf(stderr, "SSL_CTX_new() returned NULL\n");
+ goto failure;
+ }
+ if ((ssl = SSL_new(ssl_ctx)) == NULL) {
+ fprintf(stderr, "SSL_new() returned NULL\n");
+ goto failure;
+ }
+
+ failed = 0;
+
+ for (i = 0; i < N_SHARED_VERSION_TESTS; i++) {
+ srt = &shared_version_tests[i];
+
+ SSL_clear_options(ssl, SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
+ SSL_OP_NO_TLSv1_2);
+ SSL_set_options(ssl, srt->options);
+
+ maxver = 0;
+
+ if (ssl_max_shared_version(ssl, srt->peerver, &maxver) != 1) {
+ if (srt->maxver != 0) {
+ fprintf(stderr, "FAIL: test %zu - failed but "
+ "wanted non-zero shared version\n", i);
+ failed++;
+ }
+ continue;
+ }
+ if (maxver != srt->maxver) {
+ fprintf(stderr, "FAIL: test %zu - got shared "
+ "version %x, want %x\n", i, maxver, srt->maxver);
+ failed++;
+ }
+ }
+
+ failure:
+ SSL_CTX_free(ssl_ctx);
+ SSL_free(ssl);
+
+ return (failed);
+}
+
int
main(int argc, char **argv)
{
@@ -136,6 +266,7 @@ main(int argc, char **argv)
SSL_library_init();
failed |= test_ssl_enabled_version_range();
+ failed |= test_ssl_max_shared_version();
if (failed == 0)
printf("PASS %s\n", __FILE__);