This commit was manufactured by cvs2git to create tag 'bluhm_20191119'.bluhm_20191119

author: cvs2svn <admin@example.com> 2019-11-19 19:57:05 +0000
committer: cvs2svn <admin@example.com> 2019-11-19 19:57:05 +0000
commit: e9f9eb6198f1757b7c0dfef043fadf1fa8243022 (patch)
tree: b5a648f6ccaf6c1cd9915ddb45503d1fccfeba0e /src/regress/lib/libssl/unit/ssl_versions.c
parent: ab72e3a6f7e8d5c71bbba034410468781d5923b6 (diff)
download: openbsd-bluhm_20191119.tar.gz
openbsd-bluhm_20191119.tar.bz2
openbsd-bluhm_20191119.zip
1 files changed, 0 insertions, 797 deletions
diff --git a/src/regress/lib/libssl/unit/ssl_versions.c b/src/regress/lib/libssl/unit/ssl_versions.c
deleted file mode 100644
index ec16576ee9..0000000000
--- a/src/regress/lib/libssl/unit/ssl_versions.c
+++ /dev/null
@@ -1,797 +0,0 @@
-/* $OpenBSD: ssl_versions.c,v 1.7 2019/04/04 15:47:15 jsing Exp $ */
-/*
- * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-#include <openssl/ssl.h>
-#include "ssl_locl.h"
-struct version_range_test {
-        const long options;
-        const uint16_t minver;
-        const uint16_t maxver;
-        const uint16_t want_minver;
-        const uint16_t want_maxver;
-};
-static struct version_range_test version_range_tests[] = {
-        {
-                .options = 0,
-                .minver = TLS1_VERSION,
-                .maxver = TLS1_3_VERSION,
-                .want_minver = TLS1_VERSION,
-                .want_maxver = TLS1_3_VERSION,
-        },
-        {
-                .options = 0,
-                .minver = TLS1_VERSION,
-                .maxver = TLS1_2_VERSION,
-                .want_minver = TLS1_VERSION,
-                .want_maxver = TLS1_2_VERSION,
-        },
-        {
-                .options = SSL_OP_NO_TLSv1,
-                .minver = TLS1_VERSION,
-                .maxver = TLS1_2_VERSION,
-                .want_minver = TLS1_1_VERSION,
-                .want_maxver = TLS1_2_VERSION,
-        },
-        {
-                .options = SSL_OP_NO_TLSv1_3,
-                .minver = TLS1_VERSION,
-                .maxver = TLS1_3_VERSION,
-                .want_minver = TLS1_VERSION,
-                .want_maxver = TLS1_2_VERSION,
-        },
-        {
-                .options = SSL_OP_NO_TLSv1_2,
-                .minver = TLS1_VERSION,
-                .maxver = TLS1_2_VERSION,
-                .want_minver = TLS1_VERSION,
-                .want_maxver = TLS1_1_VERSION,
-        },
-        {
-                .options = SSL_OP_NO_TLSv1_1,
-                .minver = TLS1_VERSION,
-                .maxver = TLS1_2_VERSION,
-                .want_minver = TLS1_VERSION,
-                .want_maxver = TLS1_VERSION,
-        },
-        {
-                .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1,
-                .minver = TLS1_VERSION,
-                .maxver = TLS1_2_VERSION,
-                .want_minver = TLS1_2_VERSION,
-                .want_maxver = TLS1_2_VERSION,
-        },
-        {
-                .options = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
-                .minver = TLS1_VERSION,
-                .maxver = TLS1_2_VERSION,
-                .want_minver = TLS1_VERSION,
-                .want_maxver = TLS1_VERSION,
-        },
-        {
-                .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_2,
-                .minver = TLS1_VERSION,
-                .maxver = TLS1_2_VERSION,
-                .want_minver = TLS1_1_VERSION,
-                .want_maxver = TLS1_1_VERSION,
-        },
-        {
-                .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
-                    SSL_OP_NO_TLSv1_2,
-                .minver = TLS1_VERSION,
-                .maxver = TLS1_2_VERSION,
-                .want_minver = 0,
-                .want_maxver = 0,
-        },
-        {
-                .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
-                    SSL_OP_NO_TLSv1_2,
-                .minver = TLS1_VERSION,
-                .maxver = TLS1_3_VERSION,
-                .want_minver = TLS1_3_VERSION,
-                .want_maxver = TLS1_3_VERSION,
-        },
-        {
-                .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
-                    SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3,
-                .minver = TLS1_VERSION,
-                .maxver = TLS1_3_VERSION,
-                .want_minver = 0,
-                .want_maxver = 0,
-        },
-        {
-                .options = 0,
-                .minver = TLS1_VERSION,
-                .maxver = TLS1_2_VERSION,
-                .want_minver = TLS1_VERSION,
-                .want_maxver = TLS1_2_VERSION,
-        },
-        {
-                .options = 0,
-                .minver = TLS1_1_VERSION,
-                .maxver = TLS1_2_VERSION,
-                .want_minver = TLS1_1_VERSION,
-                .want_maxver = TLS1_2_VERSION,
-        },
-        {
-                .options = 0,
-                .minver = TLS1_2_VERSION,
-                .maxver = TLS1_2_VERSION,
-                .want_minver = TLS1_2_VERSION,
-                .want_maxver = TLS1_2_VERSION,
-        },
-        {
-                .options = 0,
-                .minver = TLS1_VERSION,
-                .maxver = TLS1_3_VERSION,
-                .want_minver = TLS1_VERSION,
-                .want_maxver = TLS1_3_VERSION,
-        },
-        {
-                .options = 0,
-                .minver = TLS1_1_VERSION,
-                .maxver = TLS1_3_VERSION,
-                .want_minver = TLS1_1_VERSION,
-                .want_maxver = TLS1_3_VERSION,
-        },
-        {
-                .options = 0,
-                .minver = TLS1_2_VERSION,
-                .maxver = TLS1_3_VERSION,
-                .want_minver = TLS1_2_VERSION,
-                .want_maxver = TLS1_3_VERSION,
-        },
-        {
-                .options = 0,
-                .minver = TLS1_3_VERSION,
-                .maxver = TLS1_3_VERSION,
-                .want_minver = TLS1_3_VERSION,
-                .want_maxver = TLS1_3_VERSION,
-        },
-        {
-                .options = 0,
-                .minver = TLS1_VERSION,
-                .maxver = TLS1_1_VERSION,
-                .want_minver = TLS1_VERSION,
-                .want_maxver = TLS1_1_VERSION,
-        },
-        {
-                .options = 0,
-                .minver = TLS1_VERSION,
-                .maxver = TLS1_VERSION,
-                .want_minver = TLS1_VERSION,
-                .want_maxver = TLS1_VERSION,
-        },
-};
-#define N_VERSION_RANGE_TESTS \
-    (sizeof(version_range_tests) / sizeof(*version_range_tests))
-static int
-test_ssl_enabled_version_range(void)
-{
-        struct version_range_test *vrt;
-        uint16_t minver, maxver;
-        SSL_CTX *ssl_ctx = NULL;
-        SSL *ssl = NULL;
-        int failed = 1;
-        size_t i;
-        if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL) { 
-                fprintf(stderr, "SSL_CTX_new() returned NULL\n");
-                goto failure;
-        }
-        if ((ssl = SSL_new(ssl_ctx)) == NULL) {
-                fprintf(stderr, "SSL_new() returned NULL\n");
-                goto failure;
-        }
-        failed = 0;
-        for (i = 0; i < N_VERSION_RANGE_TESTS; i++) {
-                vrt = &version_range_tests[i];
-                SSL_clear_options(ssl, SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
-                    SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3);
-                SSL_set_options(ssl, vrt->options);
-                minver = maxver = 0xffff;
-                ssl->internal->min_version = vrt->minver;
-                ssl->internal->max_version = vrt->maxver;
-                if (ssl_enabled_version_range(ssl, &minver, &maxver) != 1) {
-                        if (vrt->want_minver != 0 || vrt->want_maxver != 0) {
-                                fprintf(stderr, "FAIL: test %zu - failed but "
-                                    "wanted non-zero versions\n", i);
-                                failed++;
-                        }
-                        continue;
-                }
-                if (minver != vrt->want_minver) {
-                        fprintf(stderr, "FAIL: test %zu - got minver %x, "
-                            "want %x\n", i, minver, vrt->want_minver);
-                        failed++;
-                }
-                if (maxver != vrt->want_maxver) {
-                        fprintf(stderr, "FAIL: test %zu - got maxver %x, "
-                            "want %x\n", i, maxver, vrt->want_maxver);
-                        failed++;
-                }
-        }
- failure:
-        SSL_CTX_free(ssl_ctx);
-        SSL_free(ssl);
-        return (failed);
-}
-struct shared_version_test {
-        const SSL_METHOD *(*ssl_method)(void);
-        const long options;
-        const uint16_t minver;
-        const uint16_t maxver;
-        const uint16_t peerver;
-        const uint16_t want_maxver;
-};
-static struct shared_version_test shared_version_tests[] = {
-        {
-                .ssl_method = TLS_method,
-                .options = 0,
-                .minver = TLS1_VERSION,
-                .maxver = TLS1_2_VERSION,
-                .peerver = SSL2_VERSION,
-                .want_maxver = 0,
-        },
-        {
-                .ssl_method = TLS_method,
-                .options = 0,
-                .minver = TLS1_VERSION,
-                .maxver = TLS1_2_VERSION,
-                .peerver = SSL3_VERSION,
-                .want_maxver = 0,
-        },
-        {
-                .ssl_method = TLS_method,
-                .options = 0,
-                .minver = TLS1_VERSION,
-                .maxver = TLS1_2_VERSION,
-                .peerver = TLS1_VERSION,
-                .want_maxver = TLS1_VERSION,
-        },
-        {
-                .ssl_method = TLS_method,
-                .options = 0,
-                .minver = TLS1_VERSION,
-                .maxver = TLS1_2_VERSION,
-                .peerver = TLS1_1_VERSION,
-                .want_maxver = TLS1_1_VERSION,
-        },
-        {
-                .ssl_method = TLS_method,
-                .options = 0,
-                .minver = TLS1_VERSION,
-                .maxver = TLS1_2_VERSION,
-                .peerver = TLS1_2_VERSION,
-                .want_maxver = TLS1_2_VERSION,
-        },
-        {
-                .ssl_method = TLS_method,
-                .options = 0,
-                .minver = TLS1_VERSION,
-                .maxver = TLS1_2_VERSION,
-                .peerver = TLS1_3_VERSION,
-                .want_maxver = TLS1_2_VERSION,
-        },
-        {
-                .ssl_method = TLS_method,
-                .options = 0,
-                .minver = TLS1_VERSION,
-                .maxver = TLS1_2_VERSION,
-                .peerver = 0x7f12,
-                .want_maxver = TLS1_2_VERSION,
-        },
-        {
-                .ssl_method = TLS_method,
-                .options = SSL_OP_NO_TLSv1_2,
-                .minver = TLS1_VERSION,
-                .maxver = TLS1_2_VERSION,
-                .peerver = TLS1_2_VERSION,
-                .want_maxver = TLS1_1_VERSION,
-        },
-        {
-                .ssl_method = TLS_method,
-                .options = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
-                .minver = TLS1_VERSION,
-                .maxver = TLS1_2_VERSION,
-                .peerver = TLS1_2_VERSION,
-                .want_maxver = TLS1_VERSION,
-        },
-        {
-                .ssl_method = TLS_method,
-                .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
-                .minver = TLS1_VERSION,
-                .maxver = TLS1_2_VERSION,
-                .peerver = TLS1_2_VERSION,
-                .want_maxver = 0,
-        },
-        {
-                .ssl_method = TLS_method,
-                .options = SSL_OP_NO_TLSv1,
-                .minver = TLS1_VERSION,
-                .maxver = TLS1_2_VERSION,
-                .peerver = TLS1_1_VERSION,
-                .want_maxver = TLS1_1_VERSION,
-        },
-        {
-                .ssl_method = TLS_method,
-                .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1,
-                .minver = TLS1_VERSION,
-                .maxver = TLS1_2_VERSION,
-                .peerver = TLS1_1_VERSION,
-                .want_maxver = 0,
-        },
-        {
-                .ssl_method = TLS_method,
-                .options = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
-                .minver = TLS1_VERSION,
-                .maxver = TLS1_2_VERSION,
-                .peerver = TLS1_1_VERSION,
-                .want_maxver = TLS1_VERSION,
-        },
-        {
-                .ssl_method = TLS_method,
-                .options = SSL_OP_NO_TLSv1,
-                .minver = TLS1_VERSION,
-                .maxver = TLS1_2_VERSION,
-                .peerver = TLS1_VERSION,
-                .want_maxver = 0,
-        },
-        {
-                .ssl_method = TLS_method,
-                .options = 0,
-                .minver = TLS1_VERSION,
-                .maxver = TLS1_1_VERSION,
-                .peerver = TLS1_2_VERSION,
-                .want_maxver = TLS1_1_VERSION,
-        },
-        {
-                .ssl_method = TLS_method,
-                .options = 0,
-                .minver = TLS1_VERSION,
-                .maxver = TLS1_VERSION,
-                .peerver = TLS1_2_VERSION,
-                .want_maxver = TLS1_VERSION,
-        },
-        {
-                .ssl_method = TLSv1_method,
-                .options = 0,
-                .minver = TLS1_VERSION,
-                .maxver = TLS1_2_VERSION,
-                .peerver = TLS1_VERSION,
-                .want_maxver = TLS1_VERSION,
-        },
-        {
-                .ssl_method = TLSv1_method,
-                .options = 0,
-                .minver = TLS1_1_VERSION,
-                .maxver = TLS1_2_VERSION,
-                .peerver = TLS1_VERSION,
-                .want_maxver = 0,
-        },
-        {
-                .ssl_method = TLSv1_1_method,
-                .options = 0,
-                .minver = TLS1_VERSION,
-                .maxver = TLS1_2_VERSION,
-                .peerver = TLS1_1_VERSION,
-                .want_maxver = TLS1_1_VERSION,
-        },
-        {
-                .ssl_method = DTLSv1_method,
-                .options = 0,
-                .minver = TLS1_VERSION,
-                .maxver = TLS1_2_VERSION,
-                .peerver = DTLS1_VERSION,
-                .want_maxver = DTLS1_VERSION,
-        },
-        {
-                .ssl_method = DTLSv1_method,
-                .options = 0,
-                .minver = TLS1_VERSION,
-                .maxver = TLS1_2_VERSION,
-                .peerver = TLS1_2_VERSION,
-                .want_maxver = 0,
-        },
-};
-#define N_SHARED_VERSION_TESTS \
-    (sizeof(shared_version_tests) / sizeof(*shared_version_tests))
-static int
-test_ssl_max_shared_version(void)
-{
-        struct shared_version_test *svt;
-        SSL_CTX *ssl_ctx = NULL;
-        SSL *ssl = NULL;
-        uint16_t maxver;
-        int failed = 0;
-        size_t i;
-        failed = 0;
-        for (i = 0; i < N_SHARED_VERSION_TESTS; i++) {
-                svt = &shared_version_tests[i];
-                if ((ssl_ctx = SSL_CTX_new(svt->ssl_method())) == NULL) { 
-                        fprintf(stderr, "SSL_CTX_new() returned NULL\n");
-                        return 1;
-                }
-                if ((ssl = SSL_new(ssl_ctx)) == NULL) {
-                        fprintf(stderr, "SSL_new() returned NULL\n");
-                        return 1;
-                }
-                SSL_clear_options(ssl, SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
-                    SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3);
-                SSL_set_options(ssl, svt->options);
-                maxver = 0;
-                ssl->internal->min_version = svt->minver;
-                ssl->internal->max_version = svt->maxver;
-                if (ssl_max_shared_version(ssl, svt->peerver, &maxver) != 1) {
-                        if (svt->want_maxver != 0) {
-                                fprintf(stderr, "FAIL: test %zu - failed but "
-                                    "wanted non-zero shared version\n", i);
-                                failed++;
-                        }
-                        continue;
-                }
-                if (maxver != svt->want_maxver) {
-                        fprintf(stderr, "FAIL: test %zu - got shared "
-                            "version %x, want %x\n", i, maxver,
-                            svt->want_maxver);
-                        failed++;
-                }
-                SSL_CTX_free(ssl_ctx);
-                SSL_free(ssl);
-        }
-        return (failed);
-}
-struct min_max_version_test {
-        const SSL_METHOD *(*ssl_method)(void);
-        const uint16_t minver;
-        const uint16_t maxver;
-        const uint16_t want_minver;
-        const uint16_t want_maxver;
-};
-static struct min_max_version_test min_max_version_tests[] = {
-        {
-                .ssl_method = TLS_method,
-                .minver = 0,
-                .maxver = 0,
-                .want_minver = TLS1_VERSION,
-                .want_maxver = TLS1_2_VERSION,
-        },
-        {
-                .ssl_method = TLS_method,
-                .minver = TLS1_VERSION,
-                .maxver = 0,
-                .want_minver = TLS1_VERSION,
-                .want_maxver = TLS1_2_VERSION,
-        },
-        {
-                .ssl_method = TLS_method,
-                .minver = 0,
-                .maxver = TLS1_2_VERSION,
-                .want_minver = TLS1_VERSION,
-                .want_maxver = TLS1_2_VERSION,
-        },
-        {
-                .ssl_method = TLS_method,
-                .minver = 0,
-                .maxver = TLS1_3_VERSION,
-                .want_minver = TLS1_VERSION,
-                .want_maxver = TLS1_2_VERSION,
-        },
-        {
-                .ssl_method = TLS_method,
-                .minver = TLS1_VERSION,
-                .maxver = TLS1_2_VERSION,
-                .want_minver = TLS1_VERSION,
-                .want_maxver = TLS1_2_VERSION,
-        },
-        {
-                .ssl_method = TLS_method,
-                .minver = TLS1_1_VERSION,
-                .maxver = 0,
-                .want_minver = TLS1_1_VERSION,
-                .want_maxver = TLS1_2_VERSION,
-        },
-        {
-                .ssl_method = TLS_method,
-                .minver = TLS1_2_VERSION,
-                .maxver = 0,
-                .want_minver = TLS1_2_VERSION,
-                .want_maxver = TLS1_2_VERSION,
-        },
-        {
-                .ssl_method = TLS_method,
-                .minver = 0x0300,
-                .maxver = 0,
-                .want_minver = TLS1_VERSION,
-                .want_maxver = TLS1_2_VERSION,
-        },
-        {
-                .ssl_method = TLS_method,
-                .minver = 0x0305,
-                .maxver = 0,
-                .want_minver = 0,
-                .want_maxver = 0,
-        },
-        {
-                .ssl_method = TLS_method,
-                .minver = 0,
-                .maxver = 0x0305,
-                .want_minver = TLS1_VERSION,
-                .want_maxver = TLS1_2_VERSION,
-        },
-        {
-                .ssl_method = TLS_method,
-                .minver = 0,
-                .maxver = TLS1_1_VERSION,
-                .want_minver = TLS1_VERSION,
-                .want_maxver = TLS1_1_VERSION,
-        },
-        {
-                .ssl_method = TLS_method,
-                .minver = 0,
-                .maxver = TLS1_VERSION,
-                .want_minver = TLS1_VERSION,
-                .want_maxver = TLS1_VERSION,
-        },
-        {
-                .ssl_method = TLS_method,
-                .minver = 0,
-                .maxver = 0x0300,
-                .want_minver = 0,
-                .want_maxver = 0,
-        },
-        {
-                .ssl_method = TLS_method,
-                .minver = TLS1_2_VERSION,
-                .maxver = TLS1_1_VERSION,
-                .want_minver = TLS1_2_VERSION,
-                .want_maxver = 0,
-        },
-        {
-                .ssl_method = TLSv1_1_method,
-                .minver = 0,
-                .maxver = 0,
-                .want_minver = TLS1_1_VERSION,
-                .want_maxver = TLS1_1_VERSION,
-        },
-        {
-                .ssl_method = TLSv1_1_method,
-                .minver = TLS1_VERSION,
-                .maxver = TLS1_2_VERSION,
-                .want_minver = TLS1_1_VERSION,
-                .want_maxver = TLS1_1_VERSION,
-        },
-        {
-                .ssl_method = TLSv1_1_method,
-                .minver = TLS1_2_VERSION,
-                .maxver = 0,
-                .want_minver = 0,
-                .want_maxver = 0,
-        },
-        {
-                .ssl_method = TLSv1_1_method,
-                .minver = 0,
-                .maxver = TLS1_VERSION,
-                .want_minver = 0,
-                .want_maxver = 0,
-        },
-        {
-                .ssl_method = DTLSv1_method,
-                .minver = 0,
-                .maxver = 0,
-                .want_minver = DTLS1_VERSION,
-                .want_maxver = DTLS1_VERSION,
-        },
-        {
-                .ssl_method = DTLSv1_method,
-                .minver = DTLS1_VERSION,
-                .maxver = 0,
-                .want_minver = DTLS1_VERSION,
-                .want_maxver = DTLS1_VERSION,
-        },
-        {
-                .ssl_method = DTLSv1_method,
-                .minver = 0,
-                .maxver = DTLS1_VERSION,
-                .want_minver = DTLS1_VERSION,
-                .want_maxver = DTLS1_VERSION,
-        },
-        {
-                .ssl_method = DTLSv1_method,
-                .minver = TLS1_VERSION,
-                .maxver = TLS1_2_VERSION,
-                .want_minver = 0,
-                .want_maxver = 0,
-        },
-};
-#define N_MIN_MAX_VERSION_TESTS \
-    (sizeof(min_max_version_tests) / sizeof(*min_max_version_tests))
-static int
-test_ssl_min_max_version(void)
-{
-        struct min_max_version_test *mmvt;
-        SSL_CTX *ssl_ctx = NULL;
-        SSL *ssl = NULL;
-        int failed = 0;
-        size_t i;
-        failed = 0;
-        for (i = 0; i < N_MIN_MAX_VERSION_TESTS; i++) {
-                mmvt = &min_max_version_tests[i];
-                if ((ssl_ctx = SSL_CTX_new(mmvt->ssl_method())) == NULL) { 
-                        fprintf(stderr, "SSL_CTX_new() returned NULL\n");
-                        return 1;
-                }
-                if (SSL_CTX_set_min_proto_version(ssl_ctx, mmvt->minver) != 1) {
-                        if (mmvt->want_minver != 0) {
-                                fprintf(stderr, "FAIL: test %zu - failed to set "
-                                    "SSL_CTX min version\n", i);
-                                failed++;
-                        }
-                        goto next;
-                }
-                if (SSL_CTX_set_max_proto_version(ssl_ctx, mmvt->maxver) != 1) {
-                        if (mmvt->want_maxver != 0) {
-                                fprintf(stderr, "FAIL: test %zu - failed to set "
-                                    "SSL_CTX min version\n", i);
-                                failed++;
-                        }
-                        goto next;
-                }
-                if (mmvt->want_minver == 0) {
-                        fprintf(stderr, "FAIL: test %zu - successfully set "
-                            "SSL_CTX min version, should have failed\n", i);
-                        goto next;
-                }
-                if (mmvt->want_maxver == 0) {
-                        fprintf(stderr, "FAIL: test %zu - successfully set "
-                            "SSL_CTX max version, should have failed\n", i);
-                        goto next;
-                }
-                if (SSL_CTX_get_min_proto_version(ssl_ctx) != mmvt->want_minver) {
-                        fprintf(stderr, "FAIL: test %zu - got SSL_CTX min "
-                            "version 0x%x, want 0x%x\n", i,
-                            SSL_CTX_get_min_proto_version(ssl_ctx), mmvt->want_minver);
-                        goto next;
-                }
-                if (SSL_CTX_get_max_proto_version(ssl_ctx) != mmvt->want_maxver) {
-                        fprintf(stderr, "FAIL: test %zu - got SSL_CTX max "
-                            "version 0x%x, want 0x%x\n", i,
-                            SSL_CTX_get_max_proto_version(ssl_ctx), mmvt->want_maxver);
-                        goto next;
-                }
-                if ((ssl = SSL_new(ssl_ctx)) == NULL) {
-                        fprintf(stderr, "SSL_new() returned NULL\n");
-                        return 1;
-                }
-                if (SSL_get_min_proto_version(ssl) != mmvt->want_minver) {
-                        fprintf(stderr, "FAIL: test %zu - initial SSL min "
-                            "version 0x%x, want 0x%x\n", i,
-                            SSL_get_min_proto_version(ssl), mmvt->want_minver);
-                        goto next;
-                }
-                if (SSL_get_max_proto_version(ssl) != mmvt->want_maxver) {
-                        fprintf(stderr, "FAIL: test %zu - initial SSL max "
-                            "version 0x%x, want 0x%x\n", i,
-                            SSL_get_max_proto_version(ssl), mmvt->want_maxver);
-                        goto next;
-                }
-                if (SSL_set_min_proto_version(ssl, mmvt->minver) != 1) {
-                        if (mmvt->want_minver != 0) {
-                                fprintf(stderr, "FAIL: test %zu - failed to set "
-                                    "SSL min version\n", i);
-                                failed++;
-                        }
-                        goto next;
-                }
-                if (SSL_set_max_proto_version(ssl, mmvt->maxver) != 1) {
-                        if (mmvt->want_maxver != 0) {
-                                fprintf(stderr, "FAIL: test %zu - failed to set "
-                                    "SSL min version\n", i);
-                                failed++;
-                        }
-                        goto next;
-                }
-                if (mmvt->want_minver == 0) {
-                        fprintf(stderr, "FAIL: test %zu - successfully set SSL "
-                            "min version, should have failed\n", i);
-                        goto next;
-                }
-                if (mmvt->want_maxver == 0) {
-                        fprintf(stderr, "FAIL: test %zu - successfully set SSL "
-                            "max version, should have failed\n", i);
-                        goto next;
-                }
-                if (SSL_get_min_proto_version(ssl) != mmvt->want_minver) {
-                        fprintf(stderr, "FAIL: test %zu - got SSL min "
-                            "version 0x%x, want 0x%x\n", i,
-                            SSL_get_min_proto_version(ssl), mmvt->want_minver);
-                        goto next;
-                }
-                if (SSL_get_max_proto_version(ssl) != mmvt->want_maxver) {
-                        fprintf(stderr, "FAIL: test %zu - got SSL max "
-                            "version 0x%x, want 0x%x\n", i,
-                            SSL_get_max_proto_version(ssl), mmvt->want_maxver);
-                        goto next;
-                }
- next:
-                SSL_CTX_free(ssl_ctx);
-                SSL_free(ssl);
-                ssl_ctx = NULL;
-                ssl = NULL;
-        }
-        return (failed);
-}
-int
-main(int argc, char **argv)
-{
-        int failed = 0;
-        SSL_library_init();
-        /* XXX - Test ssl_supported_version_range() */
-        failed |= test_ssl_enabled_version_range();
-        failed |= test_ssl_max_shared_version();
-        failed |= test_ssl_min_max_version();
-        if (failed == 0)
-                printf("PASS %s\n", __FILE__);
-        return (failed);
-}
author	cvs2svn <admin@example.com>	2019-11-19 19:57:05 +0000
committer	cvs2svn <admin@example.com>	2019-11-19 19:57:05 +0000
commit	e9f9eb6198f1757b7c0dfef043fadf1fa8243022 (patch)
tree	b5a648f6ccaf6c1cd9915ddb45503d1fccfeba0e /src/regress/lib/libssl/unit/ssl_versions.c
parent	ab72e3a6f7e8d5c71bbba034410468781d5923b6 (diff)
download	openbsd-bluhm_20191119.tar.gz openbsd-bluhm_20191119.tar.bz2 openbsd-bluhm_20191119.zip

diff --git a/src/regress/lib/libssl/unit/ssl_versions.c b/src/regress/lib/libssl/unit/ssl_versions.c deleted file mode 100644 index ec16576ee9..0000000000 --- a/src/regress/lib/libssl/unit/ssl_versions.c +++ /dev/null
@@ -1,797 +0,0 @@
1	/* $OpenBSD: ssl_versions.c,v 1.7 2019/04/04 15:47:15 jsing Exp $ */
2	/*
3	* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
4	*
5	* Permission to use, copy, modify, and distribute this software for any
6	* purpose with or without fee is hereby granted, provided that the above
7	* copyright notice and this permission notice appear in all copies.
8	*
9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	*/
17
18	#include <openssl/ssl.h>
19
20	#include "ssl_locl.h"
21
22	struct version_range_test {
23	const long options;
24	const uint16_t minver;
25	const uint16_t maxver;
26	const uint16_t want_minver;
27	const uint16_t want_maxver;
28	};
29
30	static struct version_range_test version_range_tests[] = {
31	{
32	.options = 0,
33	.minver = TLS1_VERSION,
34	.maxver = TLS1_3_VERSION,
35	.want_minver = TLS1_VERSION,
36	.want_maxver = TLS1_3_VERSION,
37	},
38	{
39	.options = 0,
40	.minver = TLS1_VERSION,
41	.maxver = TLS1_2_VERSION,
42	.want_minver = TLS1_VERSION,
43	.want_maxver = TLS1_2_VERSION,
44	},
45	{
46	.options = SSL_OP_NO_TLSv1,
47	.minver = TLS1_VERSION,
48	.maxver = TLS1_2_VERSION,
49	.want_minver = TLS1_1_VERSION,
50	.want_maxver = TLS1_2_VERSION,
51	},
52	{
53	.options = SSL_OP_NO_TLSv1_3,
54	.minver = TLS1_VERSION,
55	.maxver = TLS1_3_VERSION,
56	.want_minver = TLS1_VERSION,
57	.want_maxver = TLS1_2_VERSION,
58	},
59	{
60	.options = SSL_OP_NO_TLSv1_2,
61	.minver = TLS1_VERSION,
62	.maxver = TLS1_2_VERSION,
63	.want_minver = TLS1_VERSION,
64	.want_maxver = TLS1_1_VERSION,
65	},
66	{
67	.options = SSL_OP_NO_TLSv1_1,
68	.minver = TLS1_VERSION,
69	.maxver = TLS1_2_VERSION,
70	.want_minver = TLS1_VERSION,
71	.want_maxver = TLS1_VERSION,
72	},
73	{
74	.options = SSL_OP_NO_TLSv1 \| SSL_OP_NO_TLSv1_1,
75	.minver = TLS1_VERSION,
76	.maxver = TLS1_2_VERSION,
77	.want_minver = TLS1_2_VERSION,
78	.want_maxver = TLS1_2_VERSION,
79	},
80	{
81	.options = SSL_OP_NO_TLSv1_1 \| SSL_OP_NO_TLSv1_2,
82	.minver = TLS1_VERSION,
83	.maxver = TLS1_2_VERSION,
84	.want_minver = TLS1_VERSION,
85	.want_maxver = TLS1_VERSION,
86	},
87	{
88	.options = SSL_OP_NO_TLSv1 \| SSL_OP_NO_TLSv1_2,
89	.minver = TLS1_VERSION,
90	.maxver = TLS1_2_VERSION,
91	.want_minver = TLS1_1_VERSION,
92	.want_maxver = TLS1_1_VERSION,
93	},
94	{
95	.options = SSL_OP_NO_TLSv1 \| SSL_OP_NO_TLSv1_1 \|
96	SSL_OP_NO_TLSv1_2,
97	.minver = TLS1_VERSION,
98	.maxver = TLS1_2_VERSION,
99	.want_minver = 0,
100	.want_maxver = 0,
101	},
102	{
103	.options = SSL_OP_NO_TLSv1 \| SSL_OP_NO_TLSv1_1 \|
104	SSL_OP_NO_TLSv1_2,
105	.minver = TLS1_VERSION,
106	.maxver = TLS1_3_VERSION,
107	.want_minver = TLS1_3_VERSION,
108	.want_maxver = TLS1_3_VERSION,
109	},
110	{
111	.options = SSL_OP_NO_TLSv1 \| SSL_OP_NO_TLSv1_1 \|
112	SSL_OP_NO_TLSv1_2 \| SSL_OP_NO_TLSv1_3,
113	.minver = TLS1_VERSION,
114	.maxver = TLS1_3_VERSION,
115	.want_minver = 0,
116	.want_maxver = 0,
117	},
118	{
119	.options = 0,
120	.minver = TLS1_VERSION,
121	.maxver = TLS1_2_VERSION,
122	.want_minver = TLS1_VERSION,
123	.want_maxver = TLS1_2_VERSION,
124	},
125	{
126	.options = 0,
127	.minver = TLS1_1_VERSION,
128	.maxver = TLS1_2_VERSION,
129	.want_minver = TLS1_1_VERSION,
130	.want_maxver = TLS1_2_VERSION,
131	},
132	{
133	.options = 0,
134	.minver = TLS1_2_VERSION,
135	.maxver = TLS1_2_VERSION,
136	.want_minver = TLS1_2_VERSION,
137	.want_maxver = TLS1_2_VERSION,
138	},
139	{
140	.options = 0,
141	.minver = TLS1_VERSION,
142	.maxver = TLS1_3_VERSION,
143	.want_minver = TLS1_VERSION,
144	.want_maxver = TLS1_3_VERSION,
145	},
146	{
147	.options = 0,
148	.minver = TLS1_1_VERSION,
149	.maxver = TLS1_3_VERSION,
150	.want_minver = TLS1_1_VERSION,
151	.want_maxver = TLS1_3_VERSION,
152	},
153	{
154	.options = 0,
155	.minver = TLS1_2_VERSION,
156	.maxver = TLS1_3_VERSION,
157	.want_minver = TLS1_2_VERSION,
158	.want_maxver = TLS1_3_VERSION,
159	},
160	{
161	.options = 0,
162	.minver = TLS1_3_VERSION,
163	.maxver = TLS1_3_VERSION,
164	.want_minver = TLS1_3_VERSION,
165	.want_maxver = TLS1_3_VERSION,
166	},
167	{
168	.options = 0,
169	.minver = TLS1_VERSION,
170	.maxver = TLS1_1_VERSION,
171	.want_minver = TLS1_VERSION,
172	.want_maxver = TLS1_1_VERSION,
173	},
174	{
175	.options = 0,
176	.minver = TLS1_VERSION,
177	.maxver = TLS1_VERSION,
178	.want_minver = TLS1_VERSION,
179	.want_maxver = TLS1_VERSION,
180	},
181	};
182
183	#define N_VERSION_RANGE_TESTS \
184	(sizeof(version_range_tests) / sizeof(*version_range_tests))
185
186	static int
187	test_ssl_enabled_version_range(void)
188	{
189	struct version_range_test *vrt;
190	uint16_t minver, maxver;
191	SSL_CTX *ssl_ctx = NULL;
192	SSL *ssl = NULL;
193	int failed = 1;
194	size_t i;
195
196	if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL) {
197	fprintf(stderr, "SSL_CTX_new() returned NULL\n");
198	goto failure;
199	}
200	if ((ssl = SSL_new(ssl_ctx)) == NULL) {
201	fprintf(stderr, "SSL_new() returned NULL\n");
202	goto failure;
203	}
204
205	failed = 0;
206
207	for (i = 0; i < N_VERSION_RANGE_TESTS; i++) {
208	vrt = &version_range_tests[i];
209
210	SSL_clear_options(ssl, SSL_OP_NO_TLSv1 \| SSL_OP_NO_TLSv1_1 \|
211	SSL_OP_NO_TLSv1_2 \| SSL_OP_NO_TLSv1_3);
212	SSL_set_options(ssl, vrt->options);
213
214	minver = maxver = 0xffff;
215	ssl->internal->min_version = vrt->minver;
216	ssl->internal->max_version = vrt->maxver;
217
218	if (ssl_enabled_version_range(ssl, &minver, &maxver) != 1) {
219	if (vrt->want_minver != 0 \|\| vrt->want_maxver != 0) {
220	fprintf(stderr, "FAIL: test %zu - failed but "
221	"wanted non-zero versions\n", i);
222	failed++;
223	}
224	continue;
225	}
226	if (minver != vrt->want_minver) {
227	fprintf(stderr, "FAIL: test %zu - got minver %x, "
228	"want %x\n", i, minver, vrt->want_minver);
229	failed++;
230	}
231	if (maxver != vrt->want_maxver) {
232	fprintf(stderr, "FAIL: test %zu - got maxver %x, "
233	"want %x\n", i, maxver, vrt->want_maxver);
234	failed++;
235	}
236	}
237
238	failure:
239	SSL_CTX_free(ssl_ctx);
240	SSL_free(ssl);
241
242	return (failed);
243	}
244
245	struct shared_version_test {
246	const SSL_METHOD (ssl_method)(void);
247	const long options;
248	const uint16_t minver;
249	const uint16_t maxver;
250	const uint16_t peerver;
251	const uint16_t want_maxver;
252	};
253
254	static struct shared_version_test shared_version_tests[] = {
255	{
256	.ssl_method = TLS_method,
257	.options = 0,
258	.minver = TLS1_VERSION,
259	.maxver = TLS1_2_VERSION,
260	.peerver = SSL2_VERSION,
261	.want_maxver = 0,
262	},
263	{
264	.ssl_method = TLS_method,
265	.options = 0,
266	.minver = TLS1_VERSION,
267	.maxver = TLS1_2_VERSION,
268	.peerver = SSL3_VERSION,
269	.want_maxver = 0,
270	},
271	{
272	.ssl_method = TLS_method,
273	.options = 0,
274	.minver = TLS1_VERSION,
275	.maxver = TLS1_2_VERSION,
276	.peerver = TLS1_VERSION,
277	.want_maxver = TLS1_VERSION,
278	},
279	{
280	.ssl_method = TLS_method,
281	.options = 0,
282	.minver = TLS1_VERSION,
283	.maxver = TLS1_2_VERSION,
284	.peerver = TLS1_1_VERSION,
285	.want_maxver = TLS1_1_VERSION,
286	},
287	{
288	.ssl_method = TLS_method,
289	.options = 0,
290	.minver = TLS1_VERSION,
291	.maxver = TLS1_2_VERSION,
292	.peerver = TLS1_2_VERSION,
293	.want_maxver = TLS1_2_VERSION,
294	},
295	{
296	.ssl_method = TLS_method,
297	.options = 0,
298	.minver = TLS1_VERSION,
299	.maxver = TLS1_2_VERSION,
300	.peerver = TLS1_3_VERSION,
301	.want_maxver = TLS1_2_VERSION,
302	},
303	{
304	.ssl_method = TLS_method,
305	.options = 0,
306	.minver = TLS1_VERSION,
307	.maxver = TLS1_2_VERSION,
308	.peerver = 0x7f12,
309	.want_maxver = TLS1_2_VERSION,
310	},
311	{
312	.ssl_method = TLS_method,
313	.options = SSL_OP_NO_TLSv1_2,
314	.minver = TLS1_VERSION,
315	.maxver = TLS1_2_VERSION,
316	.peerver = TLS1_2_VERSION,
317	.want_maxver = TLS1_1_VERSION,
318	},
319	{
320	.ssl_method = TLS_method,
321	.options = SSL_OP_NO_TLSv1_1 \| SSL_OP_NO_TLSv1_2,
322	.minver = TLS1_VERSION,
323	.maxver = TLS1_2_VERSION,
324	.peerver = TLS1_2_VERSION,
325	.want_maxver = TLS1_VERSION,
326	},
327	{
328	.ssl_method = TLS_method,
329	.options = SSL_OP_NO_TLSv1 \| SSL_OP_NO_TLSv1_1 \| SSL_OP_NO_TLSv1_2,
330	.minver = TLS1_VERSION,
331	.maxver = TLS1_2_VERSION,
332	.peerver = TLS1_2_VERSION,
333	.want_maxver = 0,
334	},
335	{
336	.ssl_method = TLS_method,
337	.options = SSL_OP_NO_TLSv1,
338	.minver = TLS1_VERSION,
339	.maxver = TLS1_2_VERSION,
340	.peerver = TLS1_1_VERSION,
341	.want_maxver = TLS1_1_VERSION,
342	},
343	{
344	.ssl_method = TLS_method,
345	.options = SSL_OP_NO_TLSv1 \| SSL_OP_NO_TLSv1_1,
346	.minver = TLS1_VERSION,
347	.maxver = TLS1_2_VERSION,
348	.peerver = TLS1_1_VERSION,
349	.want_maxver = 0,
350	},
351	{
352	.ssl_method = TLS_method,
353	.options = SSL_OP_NO_TLSv1_1 \| SSL_OP_NO_TLSv1_2,
354	.minver = TLS1_VERSION,
355	.maxver = TLS1_2_VERSION,
356	.peerver = TLS1_1_VERSION,
357	.want_maxver = TLS1_VERSION,
358	},
359	{
360	.ssl_method = TLS_method,
361	.options = SSL_OP_NO_TLSv1,
362	.minver = TLS1_VERSION,
363	.maxver = TLS1_2_VERSION,
364	.peerver = TLS1_VERSION,
365	.want_maxver = 0,
366	},
367	{
368	.ssl_method = TLS_method,
369	.options = 0,
370	.minver = TLS1_VERSION,
371	.maxver = TLS1_1_VERSION,
372	.peerver = TLS1_2_VERSION,
373	.want_maxver = TLS1_1_VERSION,
374	},
375	{
376	.ssl_method = TLS_method,
377	.options = 0,
378	.minver = TLS1_VERSION,
379	.maxver = TLS1_VERSION,
380	.peerver = TLS1_2_VERSION,
381	.want_maxver = TLS1_VERSION,
382	},
383	{
384	.ssl_method = TLSv1_method,
385	.options = 0,
386	.minver = TLS1_VERSION,
387	.maxver = TLS1_2_VERSION,
388	.peerver = TLS1_VERSION,
389	.want_maxver = TLS1_VERSION,
390	},
391	{
392	.ssl_method = TLSv1_method,
393	.options = 0,
394	.minver = TLS1_1_VERSION,
395	.maxver = TLS1_2_VERSION,
396	.peerver = TLS1_VERSION,
397	.want_maxver = 0,
398	},
399	{
400	.ssl_method = TLSv1_1_method,
401	.options = 0,
402	.minver = TLS1_VERSION,
403	.maxver = TLS1_2_VERSION,
404	.peerver = TLS1_1_VERSION,
405	.want_maxver = TLS1_1_VERSION,
406	},
407	{
408	.ssl_method = DTLSv1_method,
409	.options = 0,
410	.minver = TLS1_VERSION,
411	.maxver = TLS1_2_VERSION,
412	.peerver = DTLS1_VERSION,
413	.want_maxver = DTLS1_VERSION,
414	},
415	{
416	.ssl_method = DTLSv1_method,
417	.options = 0,
418	.minver = TLS1_VERSION,
419	.maxver = TLS1_2_VERSION,
420	.peerver = TLS1_2_VERSION,
421	.want_maxver = 0,
422	},
423	};
424
425	#define N_SHARED_VERSION_TESTS \
426	(sizeof(shared_version_tests) / sizeof(*shared_version_tests))
427
428	static int
429	test_ssl_max_shared_version(void)
430	{
431	struct shared_version_test *svt;
432	SSL_CTX *ssl_ctx = NULL;
433	SSL *ssl = NULL;
434	uint16_t maxver;
435	int failed = 0;
436	size_t i;
437
438	failed = 0;
439
440	for (i = 0; i < N_SHARED_VERSION_TESTS; i++) {
441	svt = &shared_version_tests[i];
442
443	if ((ssl_ctx = SSL_CTX_new(svt->ssl_method())) == NULL) {
444	fprintf(stderr, "SSL_CTX_new() returned NULL\n");
445	return 1;
446	}
447	if ((ssl = SSL_new(ssl_ctx)) == NULL) {
448	fprintf(stderr, "SSL_new() returned NULL\n");
449	return 1;
450	}
451
452	SSL_clear_options(ssl, SSL_OP_NO_TLSv1 \| SSL_OP_NO_TLSv1_1 \|
453	SSL_OP_NO_TLSv1_2 \| SSL_OP_NO_TLSv1_3);
454	SSL_set_options(ssl, svt->options);
455
456	maxver = 0;
457	ssl->internal->min_version = svt->minver;
458	ssl->internal->max_version = svt->maxver;
459
460	if (ssl_max_shared_version(ssl, svt->peerver, &maxver) != 1) {
461	if (svt->want_maxver != 0) {
462	fprintf(stderr, "FAIL: test %zu - failed but "
463	"wanted non-zero shared version\n", i);
464	failed++;
465	}
466	continue;
467	}
468	if (maxver != svt->want_maxver) {
469	fprintf(stderr, "FAIL: test %zu - got shared "
470	"version %x, want %x\n", i, maxver,
471	svt->want_maxver);
472	failed++;
473	}
474
475	SSL_CTX_free(ssl_ctx);
476	SSL_free(ssl);
477	}
478
479	return (failed);
480	}
481
482	struct min_max_version_test {
483	const SSL_METHOD (ssl_method)(void);
484	const uint16_t minver;
485	const uint16_t maxver;
486	const uint16_t want_minver;
487	const uint16_t want_maxver;
488	};
489
490	static struct min_max_version_test min_max_version_tests[] = {
491	{
492	.ssl_method = TLS_method,
493	.minver = 0,
494	.maxver = 0,
495	.want_minver = TLS1_VERSION,
496	.want_maxver = TLS1_2_VERSION,
497	},
498	{
499	.ssl_method = TLS_method,
500	.minver = TLS1_VERSION,
501	.maxver = 0,
502	.want_minver = TLS1_VERSION,
503	.want_maxver = TLS1_2_VERSION,
504	},
505	{
506	.ssl_method = TLS_method,
507	.minver = 0,
508	.maxver = TLS1_2_VERSION,
509	.want_minver = TLS1_VERSION,
510	.want_maxver = TLS1_2_VERSION,
511	},
512	{
513	.ssl_method = TLS_method,
514	.minver = 0,
515	.maxver = TLS1_3_VERSION,
516	.want_minver = TLS1_VERSION,
517	.want_maxver = TLS1_2_VERSION,
518	},
519	{
520	.ssl_method = TLS_method,
521	.minver = TLS1_VERSION,
522	.maxver = TLS1_2_VERSION,
523	.want_minver = TLS1_VERSION,
524	.want_maxver = TLS1_2_VERSION,
525	},
526	{
527	.ssl_method = TLS_method,
528	.minver = TLS1_1_VERSION,
529	.maxver = 0,
530	.want_minver = TLS1_1_VERSION,
531	.want_maxver = TLS1_2_VERSION,
532	},
533	{
534	.ssl_method = TLS_method,
535	.minver = TLS1_2_VERSION,
536	.maxver = 0,
537	.want_minver = TLS1_2_VERSION,
538	.want_maxver = TLS1_2_VERSION,
539	},
540	{
541	.ssl_method = TLS_method,
542	.minver = 0x0300,
543	.maxver = 0,
544	.want_minver = TLS1_VERSION,
545	.want_maxver = TLS1_2_VERSION,
546	},
547	{
548	.ssl_method = TLS_method,
549	.minver = 0x0305,
550	.maxver = 0,
551	.want_minver = 0,
552	.want_maxver = 0,
553	},
554	{
555	.ssl_method = TLS_method,
556	.minver = 0,
557	.maxver = 0x0305,
558	.want_minver = TLS1_VERSION,
559	.want_maxver = TLS1_2_VERSION,
560	},
561	{
562	.ssl_method = TLS_method,
563	.minver = 0,
564	.maxver = TLS1_1_VERSION,
565	.want_minver = TLS1_VERSION,
566	.want_maxver = TLS1_1_VERSION,
567	},
568	{
569	.ssl_method = TLS_method,
570	.minver = 0,
571	.maxver = TLS1_VERSION,
572	.want_minver = TLS1_VERSION,
573	.want_maxver = TLS1_VERSION,
574	},
575	{
576	.ssl_method = TLS_method,
577	.minver = 0,
578	.maxver = 0x0300,
579	.want_minver = 0,
580	.want_maxver = 0,
581	},
582	{
583	.ssl_method = TLS_method,
584	.minver = TLS1_2_VERSION,
585	.maxver = TLS1_1_VERSION,
586	.want_minver = TLS1_2_VERSION,
587	.want_maxver = 0,
588	},
589	{
590	.ssl_method = TLSv1_1_method,
591	.minver = 0,
592	.maxver = 0,
593	.want_minver = TLS1_1_VERSION,
594	.want_maxver = TLS1_1_VERSION,
595	},
596	{
597	.ssl_method = TLSv1_1_method,
598	.minver = TLS1_VERSION,
599	.maxver = TLS1_2_VERSION,
600	.want_minver = TLS1_1_VERSION,
601	.want_maxver = TLS1_1_VERSION,
602	},
603	{
604	.ssl_method = TLSv1_1_method,
605	.minver = TLS1_2_VERSION,
606	.maxver = 0,
607	.want_minver = 0,
608	.want_maxver = 0,
609	},
610	{
611	.ssl_method = TLSv1_1_method,
612	.minver = 0,
613	.maxver = TLS1_VERSION,
614	.want_minver = 0,
615	.want_maxver = 0,
616	},
617	{
618	.ssl_method = DTLSv1_method,
619	.minver = 0,
620	.maxver = 0,
621	.want_minver = DTLS1_VERSION,
622	.want_maxver = DTLS1_VERSION,
623	},
624	{
625	.ssl_method = DTLSv1_method,
626	.minver = DTLS1_VERSION,
627	.maxver = 0,
628	.want_minver = DTLS1_VERSION,
629	.want_maxver = DTLS1_VERSION,
630	},
631	{
632	.ssl_method = DTLSv1_method,
633	.minver = 0,
634	.maxver = DTLS1_VERSION,
635	.want_minver = DTLS1_VERSION,
636	.want_maxver = DTLS1_VERSION,
637	},
638	{
639	.ssl_method = DTLSv1_method,
640	.minver = TLS1_VERSION,
641	.maxver = TLS1_2_VERSION,
642	.want_minver = 0,
643	.want_maxver = 0,
644	},
645	};
646
647	#define N_MIN_MAX_VERSION_TESTS \
648	(sizeof(min_max_version_tests) / sizeof(*min_max_version_tests))
649
650	static int
651	test_ssl_min_max_version(void)
652	{
653	struct min_max_version_test *mmvt;
654	SSL_CTX *ssl_ctx = NULL;
655	SSL *ssl = NULL;
656	int failed = 0;
657	size_t i;
658
659	failed = 0;
660
661	for (i = 0; i < N_MIN_MAX_VERSION_TESTS; i++) {
662	mmvt = &min_max_version_tests[i];
663
664	if ((ssl_ctx = SSL_CTX_new(mmvt->ssl_method())) == NULL) {
665	fprintf(stderr, "SSL_CTX_new() returned NULL\n");
666	return 1;
667	}
668
669	if (SSL_CTX_set_min_proto_version(ssl_ctx, mmvt->minver) != 1) {
670	if (mmvt->want_minver != 0) {
671	fprintf(stderr, "FAIL: test %zu - failed to set "
672	"SSL_CTX min version\n", i);
673	failed++;
674	}
675	goto next;
676	}
677	if (SSL_CTX_set_max_proto_version(ssl_ctx, mmvt->maxver) != 1) {
678	if (mmvt->want_maxver != 0) {
679	fprintf(stderr, "FAIL: test %zu - failed to set "
680	"SSL_CTX min version\n", i);
681	failed++;
682	}
683	goto next;
684	}
685
686	if (mmvt->want_minver == 0) {
687	fprintf(stderr, "FAIL: test %zu - successfully set "
688	"SSL_CTX min version, should have failed\n", i);
689	goto next;
690	}
691	if (mmvt->want_maxver == 0) {
692	fprintf(stderr, "FAIL: test %zu - successfully set "
693	"SSL_CTX max version, should have failed\n", i);
694	goto next;
695	}
696
697	if (SSL_CTX_get_min_proto_version(ssl_ctx) != mmvt->want_minver) {
698	fprintf(stderr, "FAIL: test %zu - got SSL_CTX min "
699	"version 0x%x, want 0x%x\n", i,
700	SSL_CTX_get_min_proto_version(ssl_ctx), mmvt->want_minver);
701	goto next;
702	}
703	if (SSL_CTX_get_max_proto_version(ssl_ctx) != mmvt->want_maxver) {
704	fprintf(stderr, "FAIL: test %zu - got SSL_CTX max "
705	"version 0x%x, want 0x%x\n", i,
706	SSL_CTX_get_max_proto_version(ssl_ctx), mmvt->want_maxver);
707	goto next;
708	}
709
710	if ((ssl = SSL_new(ssl_ctx)) == NULL) {
711	fprintf(stderr, "SSL_new() returned NULL\n");
712	return 1;
713	}
714
715	if (SSL_get_min_proto_version(ssl) != mmvt->want_minver) {
716	fprintf(stderr, "FAIL: test %zu - initial SSL min "
717	"version 0x%x, want 0x%x\n", i,
718	SSL_get_min_proto_version(ssl), mmvt->want_minver);
719	goto next;
720	}
721	if (SSL_get_max_proto_version(ssl) != mmvt->want_maxver) {
722	fprintf(stderr, "FAIL: test %zu - initial SSL max "
723	"version 0x%x, want 0x%x\n", i,
724	SSL_get_max_proto_version(ssl), mmvt->want_maxver);
725	goto next;
726	}
727
728	if (SSL_set_min_proto_version(ssl, mmvt->minver) != 1) {
729	if (mmvt->want_minver != 0) {
730	fprintf(stderr, "FAIL: test %zu - failed to set "
731	"SSL min version\n", i);
732	failed++;
733	}
734	goto next;
735	}
736	if (SSL_set_max_proto_version(ssl, mmvt->maxver) != 1) {
737	if (mmvt->want_maxver != 0) {
738	fprintf(stderr, "FAIL: test %zu - failed to set "
739	"SSL min version\n", i);
740	failed++;
741	}
742	goto next;
743	}
744
745	if (mmvt->want_minver == 0) {
746	fprintf(stderr, "FAIL: test %zu - successfully set SSL "
747	"min version, should have failed\n", i);
748	goto next;
749	}
750	if (mmvt->want_maxver == 0) {
751	fprintf(stderr, "FAIL: test %zu - successfully set SSL "
752	"max version, should have failed\n", i);
753	goto next;
754	}
755
756	if (SSL_get_min_proto_version(ssl) != mmvt->want_minver) {
757	fprintf(stderr, "FAIL: test %zu - got SSL min "
758	"version 0x%x, want 0x%x\n", i,
759	SSL_get_min_proto_version(ssl), mmvt->want_minver);
760	goto next;
761	}
762	if (SSL_get_max_proto_version(ssl) != mmvt->want_maxver) {
763	fprintf(stderr, "FAIL: test %zu - got SSL max "
764	"version 0x%x, want 0x%x\n", i,
765	SSL_get_max_proto_version(ssl), mmvt->want_maxver);
766	goto next;
767	}
768
769	next:
770	SSL_CTX_free(ssl_ctx);
771	SSL_free(ssl);
772
773	ssl_ctx = NULL;
774	ssl = NULL;
775	}
776
777	return (failed);
778	}
779
780	int
781	main(int argc, char **argv)
782	{
783	int failed = 0;
784
785	SSL_library_init();
786
787	/* XXX - Test ssl_supported_version_range() */
788
789	failed \|= test_ssl_enabled_version_range();
790	failed \|= test_ssl_max_shared_version();
791	failed \|= test_ssl_min_max_version();
792
793	if (failed == 0)
794	printf("PASS %s\n", __FILE__);
795
796	return (failed);
797	}