diff options
Diffstat (limited to 'regress/lib')
-rw-r--r-- | regress/lib/libssl/unit/ssl_versions.c | 316 |
1 files changed, 304 insertions, 12 deletions
diff --git a/regress/lib/libssl/unit/ssl_versions.c b/regress/lib/libssl/unit/ssl_versions.c index eace13e4388..c12f115c19a 100644 --- a/regress/lib/libssl/unit/ssl_versions.c +++ b/regress/lib/libssl/unit/ssl_versions.c @@ -1,6 +1,6 @@ -/* $OpenBSD: ssl_versions.c,v 1.3 2017/01/25 11:11:21 jsing Exp $ */ +/* $OpenBSD: ssl_versions.c,v 1.4 2017/05/06 20:39:03 jsing Exp $ */ /* - * Copyright (c) 2016 Joel Sing <jsing@openbsd.org> + * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -361,7 +361,7 @@ static struct shared_version_test shared_version_tests[] = { static int test_ssl_max_shared_version(void) { - struct shared_version_test *srt; + struct shared_version_test *svt; SSL_CTX *ssl_ctx = NULL; SSL *ssl = NULL; uint16_t maxver; @@ -371,9 +371,9 @@ test_ssl_max_shared_version(void) failed = 0; for (i = 0; i < N_SHARED_VERSION_TESTS; i++) { - srt = &shared_version_tests[i]; + svt = &shared_version_tests[i]; - if ((ssl_ctx = SSL_CTX_new(srt->ssl_method())) == NULL) { + if ((ssl_ctx = SSL_CTX_new(svt->ssl_method())) == NULL) { fprintf(stderr, "SSL_CTX_new() returned NULL\n"); return 1; } @@ -384,24 +384,24 @@ test_ssl_max_shared_version(void) SSL_clear_options(ssl, SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2); - SSL_set_options(ssl, srt->options); + SSL_set_options(ssl, svt->options); maxver = 0; - ssl->internal->min_version = srt->minver; - ssl->internal->max_version = srt->maxver; + ssl->internal->min_version = svt->minver; + ssl->internal->max_version = svt->maxver; - if (ssl_max_shared_version(ssl, srt->peerver, &maxver) != 1) { - if (srt->want_maxver != 0) { + if (ssl_max_shared_version(ssl, svt->peerver, &maxver) != 1) { + if (svt->want_maxver != 0) { fprintf(stderr, "FAIL: test %zu - failed but " "wanted non-zero shared version\n", i); failed++; } continue; } - if (maxver != srt->want_maxver) { + if (maxver != svt->want_maxver) { fprintf(stderr, "FAIL: test %zu - got shared " "version %x, want %x\n", i, maxver, - srt->want_maxver); + svt->want_maxver); failed++; } @@ -412,6 +412,297 @@ test_ssl_max_shared_version(void) return (failed); } +struct min_max_version_test { + const SSL_METHOD *(*ssl_method)(void); + const uint16_t minver; + const uint16_t maxver; + const uint16_t want_minver; + const uint16_t want_maxver; +}; + +static struct min_max_version_test min_max_version_tests[] = { + { + .ssl_method = TLS_method, + .minver = 0, + .maxver = 0, + .want_minver = TLS1_VERSION, + .want_maxver = TLS1_2_VERSION, + }, + { + .ssl_method = TLS_method, + .minver = TLS1_VERSION, + .maxver = 0, + .want_minver = TLS1_VERSION, + .want_maxver = TLS1_2_VERSION, + }, + { + .ssl_method = TLS_method, + .minver = 0, + .maxver = TLS1_2_VERSION, + .want_minver = TLS1_VERSION, + .want_maxver = TLS1_2_VERSION, + }, + { + .ssl_method = TLS_method, + .minver = TLS1_VERSION, + .maxver = TLS1_2_VERSION, + .want_minver = TLS1_VERSION, + .want_maxver = TLS1_2_VERSION, + }, + { + .ssl_method = TLS_method, + .minver = TLS1_1_VERSION, + .maxver = 0, + .want_minver = TLS1_1_VERSION, + .want_maxver = TLS1_2_VERSION, + }, + { + .ssl_method = TLS_method, + .minver = TLS1_2_VERSION, + .maxver = 0, + .want_minver = TLS1_2_VERSION, + .want_maxver = TLS1_2_VERSION, + }, + { + .ssl_method = TLS_method, + .minver = 0x0300, + .maxver = 0, + .want_minver = TLS1_VERSION, + .want_maxver = TLS1_2_VERSION, + }, + { + .ssl_method = TLS_method, + .minver = 0x0305, + .maxver = 0, + .want_minver = 0, + .want_maxver = 0, + }, + { + .ssl_method = TLS_method, + .minver = 0, + .maxver = 0x0305, + .want_minver = TLS1_VERSION, + .want_maxver = TLS1_2_VERSION, + }, + { + .ssl_method = TLS_method, + .minver = 0, + .maxver = TLS1_1_VERSION, + .want_minver = TLS1_VERSION, + .want_maxver = TLS1_1_VERSION, + }, + { + .ssl_method = TLS_method, + .minver = 0, + .maxver = TLS1_VERSION, + .want_minver = TLS1_VERSION, + .want_maxver = TLS1_VERSION, + }, + { + .ssl_method = TLS_method, + .minver = 0, + .maxver = 0x0300, + .want_minver = 0, + .want_maxver = 0, + }, + { + .ssl_method = TLS_method, + .minver = TLS1_2_VERSION, + .maxver = TLS1_1_VERSION, + .want_minver = TLS1_2_VERSION, + .want_maxver = 0, + }, + { + .ssl_method = TLSv1_1_method, + .minver = 0, + .maxver = 0, + .want_minver = TLS1_1_VERSION, + .want_maxver = TLS1_1_VERSION, + }, + { + .ssl_method = TLSv1_1_method, + .minver = TLS1_VERSION, + .maxver = TLS1_2_VERSION, + .want_minver = TLS1_1_VERSION, + .want_maxver = TLS1_1_VERSION, + }, + { + .ssl_method = TLSv1_1_method, + .minver = TLS1_2_VERSION, + .maxver = 0, + .want_minver = 0, + .want_maxver = 0, + }, + { + .ssl_method = TLSv1_1_method, + .minver = 0, + .maxver = TLS1_VERSION, + .want_minver = 0, + .want_maxver = 0, + }, + { + .ssl_method = DTLSv1_method, + .minver = 0, + .maxver = 0, + .want_minver = DTLS1_VERSION, + .want_maxver = DTLS1_VERSION, + }, + { + .ssl_method = DTLSv1_method, + .minver = DTLS1_VERSION, + .maxver = 0, + .want_minver = DTLS1_VERSION, + .want_maxver = DTLS1_VERSION, + }, + { + .ssl_method = DTLSv1_method, + .minver = 0, + .maxver = DTLS1_VERSION, + .want_minver = DTLS1_VERSION, + .want_maxver = DTLS1_VERSION, + }, + { + .ssl_method = DTLSv1_method, + .minver = TLS1_VERSION, + .maxver = TLS1_2_VERSION, + .want_minver = 0, + .want_maxver = 0, + }, +}; + +#define N_MIN_MAX_VERSION_TESTS \ + (sizeof(min_max_version_tests) / sizeof(*min_max_version_tests)) + +static int +test_ssl_min_max_version(void) +{ + struct min_max_version_test *mmvt; + SSL_CTX *ssl_ctx = NULL; + SSL *ssl = NULL; + int failed = 0; + size_t i; + + failed = 0; + + for (i = 0; i < N_SHARED_VERSION_TESTS; i++) { + mmvt = &min_max_version_tests[i]; + + if ((ssl_ctx = SSL_CTX_new(mmvt->ssl_method())) == NULL) { + fprintf(stderr, "SSL_CTX_new() returned NULL\n"); + return 1; + } + + if (SSL_CTX_set_min_proto_version(ssl_ctx, mmvt->minver) != 1) { + if (mmvt->want_minver != 0) { + fprintf(stderr, "FAIL: test %zu - failed to set " + "SSL_CTX min version\n", i); + failed++; + } + goto next; + } + if (SSL_CTX_set_max_proto_version(ssl_ctx, mmvt->maxver) != 1) { + if (mmvt->want_maxver != 0) { + fprintf(stderr, "FAIL: test %zu - failed to set " + "SSL_CTX min version\n", i); + failed++; + } + goto next; + } + + if (mmvt->want_minver == 0) { + fprintf(stderr, "FAIL: test %zu - successfully set " + "SSL_CTX min version, should have failed\n", i); + goto next; + } + if (mmvt->want_maxver == 0) { + fprintf(stderr, "FAIL: test %zu - successfully set " + "SSL_CTX max version, should have failed\n", i); + goto next; + } + + if (ssl_ctx->internal->min_version != mmvt->want_minver) { + fprintf(stderr, "FAIL: test %zu - got SSL_CTX min " + "version 0x%x, want 0x%x\n", i, + ssl_ctx->internal->min_version, mmvt->want_minver); + goto next; + } + if (ssl_ctx->internal->max_version != mmvt->want_maxver) { + fprintf(stderr, "FAIL: test %zu - got SSL_CTX max " + "version 0x%x, want 0x%x\n", i, + ssl_ctx->internal->max_version, mmvt->want_maxver); + goto next; + } + + if ((ssl = SSL_new(ssl_ctx)) == NULL) { + fprintf(stderr, "SSL_new() returned NULL\n"); + return 1; + } + + if (ssl->internal->min_version != mmvt->want_minver) { + fprintf(stderr, "FAIL: test %zu - initial SSL min " + "version 0x%x, want 0x%x\n", i, + ssl_ctx->internal->min_version, mmvt->want_minver); + goto next; + } + if (ssl->internal->max_version != mmvt->want_maxver) { + fprintf(stderr, "FAIL: test %zu - initial SSL max " + "version 0x%x, want 0x%x\n", i, + ssl_ctx->internal->max_version, mmvt->want_maxver); + goto next; + } + + if (SSL_set_min_proto_version(ssl, mmvt->minver) != 1) { + if (mmvt->want_minver != 0) { + fprintf(stderr, "FAIL: test %zu - failed to set " + "SSL min version\n", i); + failed++; + } + goto next; + } + if (SSL_set_max_proto_version(ssl, mmvt->maxver) != 1) { + if (mmvt->want_maxver != 0) { + fprintf(stderr, "FAIL: test %zu - failed to set " + "SSL min version\n", i); + failed++; + } + goto next; + } + + if (mmvt->want_minver == 0) { + fprintf(stderr, "FAIL: test %zu - successfully set SSL " + "min version, should have failed\n", i); + goto next; + } + if (mmvt->want_maxver == 0) { + fprintf(stderr, "FAIL: test %zu - successfully set SSL " + "max version, should have failed\n", i); + goto next; + } + + if (ssl->internal->min_version != mmvt->want_minver) { + fprintf(stderr, "FAIL: test %zu - got SSL min " + "version 0x%x, want 0x%x\n", i, + ssl_ctx->internal->min_version, mmvt->want_minver); + goto next; + } + if (ssl->internal->max_version != mmvt->want_maxver) { + fprintf(stderr, "FAIL: test %zu - got SSL max " + "version 0x%x, want 0x%x\n", i, + ssl->internal->max_version, mmvt->want_maxver); + goto next; + } + + next: + SSL_CTX_free(ssl_ctx); + SSL_free(ssl); + + ssl_ctx = NULL; + ssl = NULL; + } + + return (failed); +} + int main(int argc, char **argv) { @@ -421,6 +712,7 @@ main(int argc, char **argv) failed |= test_ssl_enabled_version_range(); failed |= test_ssl_max_shared_version(); + failed |= test_ssl_min_max_version(); if (failed == 0) printf("PASS %s\n", __FILE__); |