Add regress tests for max shared version code.

author: jsing <> 2017-01-03 16:58:10 +0000
committer: jsing <> 2017-01-03 16:58:10 +0000
commit: 5da7b92521d672c4c9ed6738c3b4f70f6da48894 (patch)
tree: 85089786050c03935f120187205e757c675d3a73
parent: 5bf1d8eae1dc8ce16782f7063874adf628e6d7c8 (diff)
download: openbsd-5da7b92521d672c4c9ed6738c3b4f70f6da48894.tar.gz
openbsd-5da7b92521d672c4c9ed6738c3b4f70f6da48894.tar.bz2
openbsd-5da7b92521d672c4c9ed6738c3b4f70f6da48894.zip
1 files changed, 133 insertions, 2 deletions
diff --git a/src/regress/lib/libssl/unit/ssl_versions.c b/src/regress/lib/libssl/unit/ssl_versions.c
index 32f7b3eea2..d4be40cbd8 100644
--- a/src/regress/lib/libssl/unit/ssl_versions.c
+++ b/src/regress/lib/libssl/unit/ssl_versions.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_versions.c,v 1.1 2016/12/30 16:58:12 jsing Exp $ */
+/* $OpenBSD: ssl_versions.c,v 1.2 2017/01/03 16:58:10 jsing Exp $ */
 /*
 * Copyright (c) 2016 Joel Sing <jsing@openbsd.org>
 *
@@ -18,6 +18,7 @@
 #include <openssl/ssl.h>
 int ssl_enabled_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver);
+int ssl_max_shared_version(SSL *s, uint16_t peer_ver, uint16_t *max_ver);
 struct version_range_test {
        const long options;
@@ -101,7 +102,7 @@ test_ssl_enabled_version_range(void)
                minver = maxver = 0xffff;
-                if (ssl_enabled_version_range(ssl, &minver, &maxver) == -1) {
+                if (ssl_enabled_version_range(ssl, &minver, &maxver) != 1) {
                        if (vrt->minver != 0 || vrt->maxver != 0) {
                                fprintf(stderr, "FAIL: test %zu - failed but "
                                    "wanted non-zero versions\n", i);
@@ -128,6 +129,135 @@ test_ssl_enabled_version_range(void)
        return (failed);
 }
+struct shared_version_test {
+        const long options;
+        const uint16_t peerver;
+        const uint16_t maxver;
+};
+static struct shared_version_test shared_version_tests[] = {
+        {
+                .options = 0,
+                .peerver = SSL2_VERSION,
+                .maxver = 0,
+        },
+        {
+                .options = 0,
+                .peerver = SSL3_VERSION,
+                .maxver = 0,
+        },
+        {
+                .options = 0,
+                .peerver = TLS1_VERSION,
+                .maxver = TLS1_VERSION,
+        },
+        {
+                .options = 0,
+                .peerver = TLS1_1_VERSION,
+                .maxver = TLS1_1_VERSION,
+        },
+        {
+                .options = 0,
+                .peerver = TLS1_2_VERSION,
+                .maxver = TLS1_2_VERSION,
+        },
+        {
+                .options = 0,
+                .peerver = 0x7f12,
+                .maxver = TLS1_2_VERSION,
+        },
+        {
+                .options = SSL_OP_NO_TLSv1_2,
+                .peerver = TLS1_2_VERSION,
+                .maxver = TLS1_1_VERSION,
+        },
+        {
+                .options = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
+                .peerver = TLS1_2_VERSION,
+                .maxver = TLS1_VERSION,
+        },
+        {
+                .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
+                .peerver = TLS1_2_VERSION,
+                .maxver = 0,
+        },
+        {
+                .options = SSL_OP_NO_TLSv1,
+                .peerver = TLS1_1_VERSION,
+                .maxver = TLS1_1_VERSION,
+        },
+        {
+                .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1,
+                .peerver = TLS1_1_VERSION,
+                .maxver = 0,
+        },
+        {
+                .options = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
+                .peerver = TLS1_1_VERSION,
+                .maxver = TLS1_VERSION,
+        },
+        {
+                .options = SSL_OP_NO_TLSv1,
+                .peerver = TLS1_VERSION,
+                .maxver = 0,
+        },
+};
+#define N_SHARED_VERSION_TESTS \
+    (sizeof(shared_version_tests) / sizeof(*shared_version_tests))
+static int
+test_ssl_max_shared_version(void)
+{
+        struct shared_version_test *srt;
+        SSL_CTX *ssl_ctx = NULL;
+        SSL *ssl = NULL;
+        uint16_t maxver;
+        int failed = 1;
+        size_t i;
+        if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL) { 
+                fprintf(stderr, "SSL_CTX_new() returned NULL\n");
+                goto failure;
+        }
+        if ((ssl = SSL_new(ssl_ctx)) == NULL) {
+                fprintf(stderr, "SSL_new() returned NULL\n");
+                goto failure;
+        }
+        failed = 0;
+        for (i = 0; i < N_SHARED_VERSION_TESTS; i++) {
+                srt = &shared_version_tests[i];
+                SSL_clear_options(ssl, SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
+                    SSL_OP_NO_TLSv1_2);
+                SSL_set_options(ssl, srt->options);
+                maxver = 0;
+                if (ssl_max_shared_version(ssl, srt->peerver, &maxver) != 1) {
+                        if (srt->maxver != 0) {
+                                fprintf(stderr, "FAIL: test %zu - failed but "
+                                    "wanted non-zero shared version\n", i);
+                                failed++;
+                        }
+                        continue;
+                }
+                if (maxver != srt->maxver) {
+                        fprintf(stderr, "FAIL: test %zu - got shared "
+                            "version %x, want %x\n", i, maxver, srt->maxver);
+                        failed++;
+                }
+        }
+ failure:
+        SSL_CTX_free(ssl_ctx);
+        SSL_free(ssl);
+        return (failed);
+}
 int
 main(int argc, char **argv)
 {
@@ -136,6 +266,7 @@ main(int argc, char **argv)
        SSL_library_init();
        failed |= test_ssl_enabled_version_range();
+        failed |= test_ssl_max_shared_version();
        if (failed == 0)
                printf("PASS %s\n", __FILE__);
author	jsing <>	2017-01-03 16:58:10 +0000
committer	jsing <>	2017-01-03 16:58:10 +0000
commit	5da7b92521d672c4c9ed6738c3b4f70f6da48894 (patch)
tree	85089786050c03935f120187205e757c675d3a73
parent	5bf1d8eae1dc8ce16782f7063874adf628e6d7c8 (diff)
download	openbsd-5da7b92521d672c4c9ed6738c3b4f70f6da48894.tar.gz openbsd-5da7b92521d672c4c9ed6738c3b4f70f6da48894.tar.bz2 openbsd-5da7b92521d672c4c9ed6738c3b4f70f6da48894.zip

diff --git a/src/regress/lib/libssl/unit/ssl_versions.c b/src/regress/lib/libssl/unit/ssl_versions.c index 32f7b3eea2..d4be40cbd8 100644 --- a/src/regress/lib/libssl/unit/ssl_versions.c +++ b/src/regress/lib/libssl/unit/ssl_versions.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_versions.c,v 1.1 2016/12/30 16:58:12 jsing Exp $ */	1	/* $OpenBSD: ssl_versions.c,v 1.2 2017/01/03 16:58:10 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2016 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2016 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -18,6 +18,7 @@
18	#include <openssl/ssl.h>	18	#include <openssl/ssl.h>
19		19
20	int ssl_enabled_version_range(SSL s, uint16_t min_ver, uint16_t *max_ver);	20	int ssl_enabled_version_range(SSL s, uint16_t min_ver, uint16_t *max_ver);
		21	int ssl_max_shared_version(SSL s, uint16_t peer_ver, uint16_t max_ver);
21		22
22	struct version_range_test {	23	struct version_range_test {
23	const long options;	24	const long options;
@@ -101,7 +102,7 @@ test_ssl_enabled_version_range(void)
101		102
102	minver = maxver = 0xffff;	103	minver = maxver = 0xffff;
103		104
104	if (ssl_enabled_version_range(ssl, &minver, &maxver) == -1) {	105	if (ssl_enabled_version_range(ssl, &minver, &maxver) != 1) {
105	if (vrt->minver != 0 \|\| vrt->maxver != 0) {	106	if (vrt->minver != 0 \|\| vrt->maxver != 0) {
106	fprintf(stderr, "FAIL: test %zu - failed but "	107	fprintf(stderr, "FAIL: test %zu - failed but "
107	"wanted non-zero versions\n", i);	108	"wanted non-zero versions\n", i);
@@ -128,6 +129,135 @@ test_ssl_enabled_version_range(void)
128	return (failed);	129	return (failed);
129	}	130	}
130		131
		132	struct shared_version_test {
		133	const long options;
		134	const uint16_t peerver;
		135	const uint16_t maxver;
		136	};
		137
		138	static struct shared_version_test shared_version_tests[] = {
		139	{
		140	.options = 0,
		141	.peerver = SSL2_VERSION,
		142	.maxver = 0,
		143	},
		144	{
		145	.options = 0,
		146	.peerver = SSL3_VERSION,
		147	.maxver = 0,
		148	},
		149	{
		150	.options = 0,
		151	.peerver = TLS1_VERSION,
		152	.maxver = TLS1_VERSION,
		153	},
		154	{
		155	.options = 0,
		156	.peerver = TLS1_1_VERSION,
		157	.maxver = TLS1_1_VERSION,
		158	},
		159	{
		160	.options = 0,
		161	.peerver = TLS1_2_VERSION,
		162	.maxver = TLS1_2_VERSION,
		163	},
		164	{
		165	.options = 0,
		166	.peerver = 0x7f12,
		167	.maxver = TLS1_2_VERSION,
		168	},
		169	{
		170	.options = SSL_OP_NO_TLSv1_2,
		171	.peerver = TLS1_2_VERSION,
		172	.maxver = TLS1_1_VERSION,
		173	},
		174	{
		175	.options = SSL_OP_NO_TLSv1_1 \| SSL_OP_NO_TLSv1_2,
		176	.peerver = TLS1_2_VERSION,
		177	.maxver = TLS1_VERSION,
		178	},
		179	{
		180	.options = SSL_OP_NO_TLSv1 \| SSL_OP_NO_TLSv1_1 \| SSL_OP_NO_TLSv1_2,
		181	.peerver = TLS1_2_VERSION,
		182	.maxver = 0,
		183	},
		184	{
		185	.options = SSL_OP_NO_TLSv1,
		186	.peerver = TLS1_1_VERSION,
		187	.maxver = TLS1_1_VERSION,
		188	},
		189	{
		190	.options = SSL_OP_NO_TLSv1 \| SSL_OP_NO_TLSv1_1,
		191	.peerver = TLS1_1_VERSION,
		192	.maxver = 0,
		193	},
		194	{
		195	.options = SSL_OP_NO_TLSv1_1 \| SSL_OP_NO_TLSv1_2,
		196	.peerver = TLS1_1_VERSION,
		197	.maxver = TLS1_VERSION,
		198	},
		199	{
		200	.options = SSL_OP_NO_TLSv1,
		201	.peerver = TLS1_VERSION,
		202	.maxver = 0,
		203	},
		204	};
		205
		206	#define N_SHARED_VERSION_TESTS \
		207	(sizeof(shared_version_tests) / sizeof(*shared_version_tests))
		208
		209	static int
		210	test_ssl_max_shared_version(void)
		211	{
		212	struct shared_version_test *srt;
		213	SSL_CTX *ssl_ctx = NULL;
		214	SSL *ssl = NULL;
		215	uint16_t maxver;
		216	int failed = 1;
		217	size_t i;
		218
		219	if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL) {
		220	fprintf(stderr, "SSL_CTX_new() returned NULL\n");
		221	goto failure;
		222	}
		223	if ((ssl = SSL_new(ssl_ctx)) == NULL) {
		224	fprintf(stderr, "SSL_new() returned NULL\n");
		225	goto failure;
		226	}
		227
		228	failed = 0;
		229
		230	for (i = 0; i < N_SHARED_VERSION_TESTS; i++) {
		231	srt = &shared_version_tests[i];
		232
		233	SSL_clear_options(ssl, SSL_OP_NO_TLSv1 \| SSL_OP_NO_TLSv1_1 \|
		234	SSL_OP_NO_TLSv1_2);
		235	SSL_set_options(ssl, srt->options);
		236
		237	maxver = 0;
		238
		239	if (ssl_max_shared_version(ssl, srt->peerver, &maxver) != 1) {
		240	if (srt->maxver != 0) {
		241	fprintf(stderr, "FAIL: test %zu - failed but "
		242	"wanted non-zero shared version\n", i);
		243	failed++;
		244	}
		245	continue;
		246	}
		247	if (maxver != srt->maxver) {
		248	fprintf(stderr, "FAIL: test %zu - got shared "
		249	"version %x, want %x\n", i, maxver, srt->maxver);
		250	failed++;
		251	}
		252	}
		253
		254	failure:
		255	SSL_CTX_free(ssl_ctx);
		256	SSL_free(ssl);
		257
		258	return (failed);
		259	}
		260
131	int	261	int
132	main(int argc, char **argv)	262	main(int argc, char **argv)
133	{	263	{
@@ -136,6 +266,7 @@ main(int argc, char **argv)
136	SSL_library_init();	266	SSL_library_init();
137		267
138	failed \|= test_ssl_enabled_version_range();	268	failed \|= test_ssl_enabled_version_range();
		269	failed \|= test_ssl_max_shared_version();
139		270
140	if (failed == 0)	271	if (failed == 0)
141	printf("PASS %s\n", __FILE__);	272	printf("PASS %s\n", __FILE__);