summaryrefslogtreecommitdiff
path: root/src/regress/lib/libssl/unit/ssl_versions.c
diff options
context:
space:
mode:
authorcvs2svn <admin@example.com>2021-08-30 17:27:46 +0000
committercvs2svn <admin@example.com>2021-08-30 17:27:46 +0000
commit4e4f5b4c833ba5285e001bdb6b832bdf91c43da3 (patch)
treeab301f051b9dd067fa28b0fe56806a2893b8161e /src/regress/lib/libssl/unit/ssl_versions.c
parent20a5de624e2e817be526407f2b8de078016ee258 (diff)
downloadopenbsd-tb_20210830.tar.gz
openbsd-tb_20210830.tar.bz2
openbsd-tb_20210830.zip
This commit was manufactured by cvs2git to create tag 'tb_20210830'.tb_20210830
Diffstat (limited to 'src/regress/lib/libssl/unit/ssl_versions.c')
-rw-r--r--src/regress/lib/libssl/unit/ssl_versions.c910
1 files changed, 0 insertions, 910 deletions
diff --git a/src/regress/lib/libssl/unit/ssl_versions.c b/src/regress/lib/libssl/unit/ssl_versions.c
deleted file mode 100644
index 2ca72157ab..0000000000
--- a/src/regress/lib/libssl/unit/ssl_versions.c
+++ /dev/null
@@ -1,910 +0,0 @@
1/* $OpenBSD: ssl_versions.c,v 1.15 2021/06/27 16:54:55 jsing Exp $ */
2/*
3 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <openssl/ssl.h>
19
20#include "ssl_locl.h"
21
22struct version_range_test {
23 const long options;
24 const uint16_t minver;
25 const uint16_t maxver;
26 const uint16_t want_minver;
27 const uint16_t want_maxver;
28};
29
30static struct version_range_test version_range_tests[] = {
31 {
32 .options = 0,
33 .minver = TLS1_VERSION,
34 .maxver = TLS1_3_VERSION,
35 .want_minver = TLS1_VERSION,
36 .want_maxver = TLS1_3_VERSION,
37 },
38 {
39 .options = 0,
40 .minver = TLS1_VERSION,
41 .maxver = TLS1_2_VERSION,
42 .want_minver = TLS1_VERSION,
43 .want_maxver = TLS1_2_VERSION,
44 },
45 {
46 .options = SSL_OP_NO_TLSv1,
47 .minver = TLS1_VERSION,
48 .maxver = TLS1_2_VERSION,
49 .want_minver = TLS1_1_VERSION,
50 .want_maxver = TLS1_2_VERSION,
51 },
52 {
53 .options = SSL_OP_NO_TLSv1_3,
54 .minver = TLS1_VERSION,
55 .maxver = TLS1_3_VERSION,
56 .want_minver = TLS1_VERSION,
57 .want_maxver = TLS1_2_VERSION,
58 },
59 {
60 .options = SSL_OP_NO_TLSv1_2,
61 .minver = TLS1_VERSION,
62 .maxver = TLS1_2_VERSION,
63 .want_minver = TLS1_VERSION,
64 .want_maxver = TLS1_1_VERSION,
65 },
66 {
67 .options = SSL_OP_NO_TLSv1_1,
68 .minver = TLS1_VERSION,
69 .maxver = TLS1_2_VERSION,
70 .want_minver = TLS1_VERSION,
71 .want_maxver = TLS1_VERSION,
72 },
73 {
74 .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1,
75 .minver = TLS1_VERSION,
76 .maxver = TLS1_2_VERSION,
77 .want_minver = TLS1_2_VERSION,
78 .want_maxver = TLS1_2_VERSION,
79 },
80 {
81 .options = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
82 .minver = TLS1_VERSION,
83 .maxver = TLS1_2_VERSION,
84 .want_minver = TLS1_VERSION,
85 .want_maxver = TLS1_VERSION,
86 },
87 {
88 .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_2,
89 .minver = TLS1_VERSION,
90 .maxver = TLS1_2_VERSION,
91 .want_minver = TLS1_1_VERSION,
92 .want_maxver = TLS1_1_VERSION,
93 },
94 {
95 .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
96 SSL_OP_NO_TLSv1_2,
97 .minver = TLS1_VERSION,
98 .maxver = TLS1_2_VERSION,
99 .want_minver = 0,
100 .want_maxver = 0,
101 },
102 {
103 .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
104 SSL_OP_NO_TLSv1_2,
105 .minver = TLS1_VERSION,
106 .maxver = TLS1_3_VERSION,
107 .want_minver = TLS1_3_VERSION,
108 .want_maxver = TLS1_3_VERSION,
109 },
110 {
111 .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
112 SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3,
113 .minver = TLS1_VERSION,
114 .maxver = TLS1_3_VERSION,
115 .want_minver = 0,
116 .want_maxver = 0,
117 },
118 {
119 .options = 0,
120 .minver = TLS1_VERSION,
121 .maxver = TLS1_2_VERSION,
122 .want_minver = TLS1_VERSION,
123 .want_maxver = TLS1_2_VERSION,
124 },
125 {
126 .options = 0,
127 .minver = TLS1_1_VERSION,
128 .maxver = TLS1_2_VERSION,
129 .want_minver = TLS1_1_VERSION,
130 .want_maxver = TLS1_2_VERSION,
131 },
132 {
133 .options = 0,
134 .minver = TLS1_2_VERSION,
135 .maxver = TLS1_2_VERSION,
136 .want_minver = TLS1_2_VERSION,
137 .want_maxver = TLS1_2_VERSION,
138 },
139 {
140 .options = 0,
141 .minver = TLS1_VERSION,
142 .maxver = TLS1_3_VERSION,
143 .want_minver = TLS1_VERSION,
144 .want_maxver = TLS1_3_VERSION,
145 },
146 {
147 .options = 0,
148 .minver = TLS1_1_VERSION,
149 .maxver = TLS1_3_VERSION,
150 .want_minver = TLS1_1_VERSION,
151 .want_maxver = TLS1_3_VERSION,
152 },
153 {
154 .options = 0,
155 .minver = TLS1_2_VERSION,
156 .maxver = TLS1_3_VERSION,
157 .want_minver = TLS1_2_VERSION,
158 .want_maxver = TLS1_3_VERSION,
159 },
160 {
161 .options = 0,
162 .minver = TLS1_3_VERSION,
163 .maxver = TLS1_3_VERSION,
164 .want_minver = TLS1_3_VERSION,
165 .want_maxver = TLS1_3_VERSION,
166 },
167 {
168 .options = 0,
169 .minver = TLS1_VERSION,
170 .maxver = TLS1_1_VERSION,
171 .want_minver = TLS1_VERSION,
172 .want_maxver = TLS1_1_VERSION,
173 },
174 {
175 .options = 0,
176 .minver = TLS1_VERSION,
177 .maxver = TLS1_VERSION,
178 .want_minver = TLS1_VERSION,
179 .want_maxver = TLS1_VERSION,
180 },
181};
182
183#define N_VERSION_RANGE_TESTS \
184 (sizeof(version_range_tests) / sizeof(*version_range_tests))
185
186static int
187test_ssl_enabled_version_range(void)
188{
189 struct version_range_test *vrt;
190 uint16_t minver, maxver;
191 SSL_CTX *ssl_ctx = NULL;
192 SSL *ssl = NULL;
193 int failed = 1;
194 size_t i;
195
196 fprintf(stderr, "INFO: starting enabled version range tests...\n");
197
198 if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL) {
199 fprintf(stderr, "SSL_CTX_new() returned NULL\n");
200 goto failure;
201 }
202 if ((ssl = SSL_new(ssl_ctx)) == NULL) {
203 fprintf(stderr, "SSL_new() returned NULL\n");
204 goto failure;
205 }
206
207 failed = 0;
208
209 for (i = 0; i < N_VERSION_RANGE_TESTS; i++) {
210 vrt = &version_range_tests[i];
211
212 SSL_clear_options(ssl, SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
213 SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3);
214 SSL_set_options(ssl, vrt->options);
215
216 minver = maxver = 0xffff;
217 ssl->internal->min_tls_version = vrt->minver;
218 ssl->internal->max_tls_version = vrt->maxver;
219
220 if (ssl_enabled_tls_version_range(ssl, &minver, &maxver) != 1) {
221 if (vrt->want_minver != 0 || vrt->want_maxver != 0) {
222 fprintf(stderr, "FAIL: test %zu - failed but "
223 "wanted non-zero versions\n", i);
224 failed++;
225 }
226 continue;
227 }
228 if (minver != vrt->want_minver) {
229 fprintf(stderr, "FAIL: test %zu - got minver %x, "
230 "want %x\n", i, minver, vrt->want_minver);
231 failed++;
232 }
233 if (maxver != vrt->want_maxver) {
234 fprintf(stderr, "FAIL: test %zu - got maxver %x, "
235 "want %x\n", i, maxver, vrt->want_maxver);
236 failed++;
237 }
238 }
239
240 failure:
241 SSL_CTX_free(ssl_ctx);
242 SSL_free(ssl);
243
244 return (failed);
245}
246
247struct shared_version_test {
248 const SSL_METHOD *(*ssl_method)(void);
249 const long options;
250 const uint16_t minver;
251 const uint16_t maxver;
252 const uint16_t peerver;
253 const uint16_t want_maxver;
254};
255
256static struct shared_version_test shared_version_tests[] = {
257 {
258 .ssl_method = TLS_method,
259 .options = 0,
260 .minver = TLS1_VERSION,
261 .maxver = TLS1_2_VERSION,
262 .peerver = SSL2_VERSION,
263 .want_maxver = 0,
264 },
265 {
266 .ssl_method = TLS_method,
267 .options = 0,
268 .minver = TLS1_VERSION,
269 .maxver = TLS1_2_VERSION,
270 .peerver = SSL3_VERSION,
271 .want_maxver = 0,
272 },
273 {
274 .ssl_method = TLS_method,
275 .options = 0,
276 .minver = TLS1_VERSION,
277 .maxver = TLS1_2_VERSION,
278 .peerver = TLS1_VERSION,
279 .want_maxver = TLS1_VERSION,
280 },
281 {
282 .ssl_method = TLS_method,
283 .options = 0,
284 .minver = TLS1_VERSION,
285 .maxver = TLS1_2_VERSION,
286 .peerver = TLS1_1_VERSION,
287 .want_maxver = TLS1_1_VERSION,
288 },
289 {
290 .ssl_method = TLS_method,
291 .options = 0,
292 .minver = TLS1_VERSION,
293 .maxver = TLS1_2_VERSION,
294 .peerver = TLS1_2_VERSION,
295 .want_maxver = TLS1_2_VERSION,
296 },
297 {
298 .ssl_method = TLS_method,
299 .options = 0,
300 .minver = TLS1_VERSION,
301 .maxver = TLS1_2_VERSION,
302 .peerver = TLS1_3_VERSION,
303 .want_maxver = TLS1_2_VERSION,
304 },
305 {
306 .ssl_method = TLS_method,
307 .options = 0,
308 .minver = TLS1_VERSION,
309 .maxver = TLS1_2_VERSION,
310 .peerver = 0x7f12,
311 .want_maxver = TLS1_2_VERSION,
312 },
313 {
314 .ssl_method = TLS_method,
315 .options = SSL_OP_NO_TLSv1_2,
316 .minver = TLS1_VERSION,
317 .maxver = TLS1_2_VERSION,
318 .peerver = TLS1_2_VERSION,
319 .want_maxver = TLS1_1_VERSION,
320 },
321 {
322 .ssl_method = TLS_method,
323 .options = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
324 .minver = TLS1_VERSION,
325 .maxver = TLS1_2_VERSION,
326 .peerver = TLS1_2_VERSION,
327 .want_maxver = TLS1_VERSION,
328 },
329 {
330 .ssl_method = TLS_method,
331 .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
332 .minver = TLS1_VERSION,
333 .maxver = TLS1_2_VERSION,
334 .peerver = TLS1_2_VERSION,
335 .want_maxver = 0,
336 },
337 {
338 .ssl_method = TLS_method,
339 .options = SSL_OP_NO_TLSv1,
340 .minver = TLS1_VERSION,
341 .maxver = TLS1_2_VERSION,
342 .peerver = TLS1_1_VERSION,
343 .want_maxver = TLS1_1_VERSION,
344 },
345 {
346 .ssl_method = TLS_method,
347 .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1,
348 .minver = TLS1_VERSION,
349 .maxver = TLS1_2_VERSION,
350 .peerver = TLS1_1_VERSION,
351 .want_maxver = 0,
352 },
353 {
354 .ssl_method = TLS_method,
355 .options = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
356 .minver = TLS1_VERSION,
357 .maxver = TLS1_2_VERSION,
358 .peerver = TLS1_1_VERSION,
359 .want_maxver = TLS1_VERSION,
360 },
361 {
362 .ssl_method = TLS_method,
363 .options = SSL_OP_NO_TLSv1,
364 .minver = TLS1_VERSION,
365 .maxver = TLS1_2_VERSION,
366 .peerver = TLS1_VERSION,
367 .want_maxver = 0,
368 },
369 {
370 .ssl_method = TLS_method,
371 .options = 0,
372 .minver = TLS1_VERSION,
373 .maxver = TLS1_1_VERSION,
374 .peerver = TLS1_2_VERSION,
375 .want_maxver = TLS1_1_VERSION,
376 },
377 {
378 .ssl_method = TLS_method,
379 .options = 0,
380 .minver = TLS1_VERSION,
381 .maxver = TLS1_VERSION,
382 .peerver = TLS1_2_VERSION,
383 .want_maxver = TLS1_VERSION,
384 },
385 {
386 .ssl_method = TLSv1_method,
387 .options = 0,
388 .minver = TLS1_VERSION,
389 .maxver = TLS1_2_VERSION,
390 .peerver = TLS1_VERSION,
391 .want_maxver = TLS1_VERSION,
392 },
393 {
394 .ssl_method = TLSv1_method,
395 .options = 0,
396 .minver = TLS1_1_VERSION,
397 .maxver = TLS1_2_VERSION,
398 .peerver = TLS1_VERSION,
399 .want_maxver = 0,
400 },
401 {
402 .ssl_method = TLSv1_1_method,
403 .options = 0,
404 .minver = TLS1_VERSION,
405 .maxver = TLS1_2_VERSION,
406 .peerver = TLS1_1_VERSION,
407 .want_maxver = TLS1_1_VERSION,
408 },
409 {
410 .ssl_method = DTLS_method,
411 .options = 0,
412 .minver = TLS1_1_VERSION,
413 .maxver = TLS1_2_VERSION,
414 .peerver = DTLS1_VERSION,
415 .want_maxver = DTLS1_VERSION,
416 },
417 {
418 .ssl_method = DTLS_method,
419 .options = 0,
420 .minver = TLS1_1_VERSION,
421 .maxver = TLS1_2_VERSION,
422 .peerver = DTLS1_2_VERSION,
423 .want_maxver = DTLS1_2_VERSION,
424 },
425 {
426 .ssl_method = DTLS_method,
427 .options = 0,
428 .minver = TLS1_1_VERSION,
429 .maxver = TLS1_2_VERSION,
430 .peerver = 0xfefc, /* DTLSv1.3, probably. */
431 .want_maxver = DTLS1_2_VERSION,
432 },
433 {
434 .ssl_method = DTLSv1_method,
435 .options = 0,
436 .minver = TLS1_1_VERSION,
437 .maxver = TLS1_1_VERSION,
438 .peerver = DTLS1_2_VERSION,
439 .want_maxver = DTLS1_VERSION,
440 },
441 {
442 .ssl_method = DTLSv1_2_method,
443 .options = 0,
444 .minver = TLS1_2_VERSION,
445 .maxver = TLS1_2_VERSION,
446 .peerver = DTLS1_2_VERSION,
447 .want_maxver = DTLS1_2_VERSION,
448 },
449 {
450 .ssl_method = DTLSv1_method,
451 .options = 0,
452 .minver = TLS1_1_VERSION,
453 .maxver = TLS1_1_VERSION,
454 .peerver = TLS1_2_VERSION,
455 .want_maxver = 0,
456 },
457 {
458 .ssl_method = DTLS_method,
459 .options = SSL_OP_NO_DTLSv1,
460 .minver = TLS1_1_VERSION,
461 .maxver = TLS1_2_VERSION,
462 .peerver = DTLS1_VERSION,
463 .want_maxver = 0,
464 },
465 {
466 .ssl_method = DTLS_method,
467 .options = SSL_OP_NO_DTLSv1,
468 .minver = TLS1_1_VERSION,
469 .maxver = TLS1_2_VERSION,
470 .peerver = DTLS1_2_VERSION,
471 .want_maxver = DTLS1_2_VERSION,
472 },
473 {
474 .ssl_method = DTLS_method,
475 .options = SSL_OP_NO_DTLSv1_2,
476 .minver = TLS1_1_VERSION,
477 .maxver = TLS1_2_VERSION,
478 .peerver = DTLS1_2_VERSION,
479 .want_maxver = DTLS1_VERSION,
480 },
481};
482
483#define N_SHARED_VERSION_TESTS \
484 (sizeof(shared_version_tests) / sizeof(*shared_version_tests))
485
486static int
487test_ssl_max_shared_version(void)
488{
489 struct shared_version_test *svt;
490 SSL_CTX *ssl_ctx = NULL;
491 SSL *ssl = NULL;
492 uint16_t maxver;
493 int failed = 0;
494 size_t i;
495
496 failed = 0;
497
498 fprintf(stderr, "INFO: starting max shared version tests...\n");
499
500 for (i = 0; i < N_SHARED_VERSION_TESTS; i++) {
501 svt = &shared_version_tests[i];
502
503 if ((ssl_ctx = SSL_CTX_new(svt->ssl_method())) == NULL) {
504 fprintf(stderr, "SSL_CTX_new() returned NULL\n");
505 return 1;
506 }
507 if ((ssl = SSL_new(ssl_ctx)) == NULL) {
508 fprintf(stderr, "SSL_new() returned NULL\n");
509 return 1;
510 }
511
512 SSL_clear_options(ssl, SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
513 SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3);
514 SSL_set_options(ssl, svt->options);
515
516 maxver = 0;
517 ssl->internal->min_tls_version = svt->minver;
518 ssl->internal->max_tls_version = svt->maxver;
519
520 if (!ssl_max_shared_version(ssl, svt->peerver, &maxver)) {
521 if (svt->want_maxver != 0) {
522 fprintf(stderr, "FAIL: test %zu - failed but "
523 "wanted non-zero shared version (peer %x)\n",
524 i, svt->peerver);
525 failed++;
526 }
527 continue;
528 }
529 if (maxver != svt->want_maxver) {
530 fprintf(stderr, "FAIL: test %zu - got shared "
531 "version %x, want %x\n", i, maxver,
532 svt->want_maxver);
533 failed++;
534 }
535
536 SSL_CTX_free(ssl_ctx);
537 SSL_free(ssl);
538 }
539
540 return (failed);
541}
542
543struct min_max_version_test {
544 const SSL_METHOD *(*ssl_method)(void);
545 const uint16_t minver;
546 const uint16_t maxver;
547 const uint16_t want_minver;
548 const uint16_t want_maxver;
549 const int want_min_fail;
550 const int want_max_fail;
551};
552
553static struct min_max_version_test min_max_version_tests[] = {
554 {
555 .ssl_method = TLS_method,
556 .minver = 0,
557 .maxver = 0,
558 .want_minver = 0,
559 .want_maxver = 0,
560 },
561 {
562 .ssl_method = TLS_method,
563 .minver = TLS1_VERSION,
564 .maxver = 0,
565 .want_minver = TLS1_VERSION,
566 .want_maxver = 0,
567 },
568 {
569 .ssl_method = TLS_method,
570 .minver = 0,
571 .maxver = TLS1_2_VERSION,
572 .want_minver = 0,
573 .want_maxver = TLS1_2_VERSION,
574 },
575 {
576 .ssl_method = TLS_method,
577 .minver = 0,
578 .maxver = TLS1_3_VERSION,
579 .want_minver = 0,
580 .want_maxver = TLS1_3_VERSION,
581 },
582 {
583 .ssl_method = TLS_method,
584 .minver = TLS1_VERSION,
585 .maxver = TLS1_2_VERSION,
586 .want_minver = TLS1_VERSION,
587 .want_maxver = TLS1_2_VERSION,
588 },
589 {
590 .ssl_method = TLS_method,
591 .minver = TLS1_1_VERSION,
592 .maxver = 0,
593 .want_minver = TLS1_1_VERSION,
594 .want_maxver = 0,
595 },
596 {
597 .ssl_method = TLS_method,
598 .minver = TLS1_2_VERSION,
599 .maxver = 0,
600 .want_minver = TLS1_2_VERSION,
601 .want_maxver = 0,
602 },
603 {
604 .ssl_method = TLS_method,
605 .minver = 0x0300,
606 .maxver = 0,
607 .want_minver = TLS1_VERSION,
608 .want_maxver = 0,
609 },
610 {
611 .ssl_method = TLS_method,
612 .minver = 0x0305,
613 .maxver = 0,
614 .want_min_fail = 1,
615 },
616 {
617 .ssl_method = TLS_method,
618 .minver = 0,
619 .maxver = 0x0305,
620 .want_minver = 0,
621 .want_maxver = TLS1_3_VERSION,
622 },
623 {
624 .ssl_method = TLS_method,
625 .minver = 0,
626 .maxver = TLS1_1_VERSION,
627 .want_minver = 0,
628 .want_maxver = TLS1_1_VERSION,
629 },
630 {
631 .ssl_method = TLS_method,
632 .minver = 0,
633 .maxver = TLS1_VERSION,
634 .want_minver = 0,
635 .want_maxver = TLS1_VERSION,
636 },
637 {
638 .ssl_method = TLS_method,
639 .minver = 0,
640 .maxver = 0x0300,
641 .want_max_fail = 1,
642 },
643 {
644 .ssl_method = TLS_method,
645 .minver = TLS1_2_VERSION,
646 .maxver = TLS1_1_VERSION,
647 .want_minver = TLS1_2_VERSION,
648 .want_maxver = 0,
649 .want_max_fail = 1,
650 },
651 {
652 .ssl_method = TLSv1_1_method,
653 .minver = 0,
654 .maxver = 0,
655 .want_minver = 0,
656 .want_maxver = 0,
657 },
658 {
659 .ssl_method = TLSv1_1_method,
660 .minver = TLS1_VERSION,
661 .maxver = TLS1_2_VERSION,
662 .want_minver = TLS1_1_VERSION,
663 .want_maxver = TLS1_1_VERSION,
664 },
665 {
666 .ssl_method = TLSv1_1_method,
667 .minver = TLS1_2_VERSION,
668 .maxver = 0,
669 .want_minver = 0,
670 .want_maxver = 0,
671 .want_min_fail = 1,
672 },
673 {
674 .ssl_method = TLSv1_1_method,
675 .minver = 0,
676 .maxver = TLS1_VERSION,
677 .want_minver = 0,
678 .want_maxver = 0,
679 .want_max_fail = 1,
680 },
681 {
682 .ssl_method = DTLS_method,
683 .minver = 0,
684 .maxver = 0,
685 .want_minver = 0,
686 .want_maxver = 0,
687 },
688 {
689 .ssl_method = DTLS_method,
690 .minver = 0,
691 .maxver = DTLS1_VERSION,
692 .want_minver = 0,
693 .want_maxver = DTLS1_VERSION,
694 },
695 {
696 .ssl_method = DTLS_method,
697 .minver = DTLS1_VERSION,
698 .maxver = 0,
699 .want_minver = DTLS1_VERSION,
700 .want_maxver = 0,
701 },
702 {
703 .ssl_method = DTLS_method,
704 .minver = DTLS1_VERSION,
705 .maxver = DTLS1_2_VERSION,
706 .want_minver = DTLS1_VERSION,
707 .want_maxver = DTLS1_2_VERSION,
708 },
709 {
710 .ssl_method = DTLSv1_method,
711 .minver = 0,
712 .maxver = 0,
713 .want_minver = 0,
714 .want_maxver = 0,
715 },
716 {
717 .ssl_method = DTLSv1_method,
718 .minver = DTLS1_VERSION,
719 .maxver = 0,
720 .want_minver = DTLS1_VERSION,
721 .want_maxver = 0,
722 },
723 {
724 .ssl_method = DTLSv1_method,
725 .minver = 0,
726 .maxver = DTLS1_VERSION,
727 .want_minver = 0,
728 .want_maxver = DTLS1_VERSION,
729 },
730 {
731 .ssl_method = DTLSv1_method,
732 .minver = 0,
733 .maxver = DTLS1_2_VERSION,
734 .want_minver = 0,
735 .want_maxver = DTLS1_VERSION,
736 },
737 {
738 .ssl_method = DTLSv1_method,
739 .minver = TLS1_VERSION,
740 .maxver = TLS1_2_VERSION,
741 .want_minver = 0,
742 .want_maxver = 0,
743 .want_min_fail = 1,
744 .want_max_fail = 1,
745 },
746};
747
748#define N_MIN_MAX_VERSION_TESTS \
749 (sizeof(min_max_version_tests) / sizeof(*min_max_version_tests))
750
751static int
752test_ssl_min_max_version(void)
753{
754 struct min_max_version_test *mmvt;
755 SSL_CTX *ssl_ctx = NULL;
756 SSL *ssl = NULL;
757 int failed = 0;
758 size_t i;
759
760 failed = 0;
761
762 fprintf(stderr, "INFO: starting min max version tests...\n");
763
764 for (i = 0; i < N_MIN_MAX_VERSION_TESTS; i++) {
765 mmvt = &min_max_version_tests[i];
766
767 if ((ssl_ctx = SSL_CTX_new(mmvt->ssl_method())) == NULL) {
768 fprintf(stderr, "SSL_CTX_new() returned NULL\n");
769 return 1;
770 }
771
772 if (!SSL_CTX_set_min_proto_version(ssl_ctx, mmvt->minver)) {
773 if (!mmvt->want_min_fail) {
774 fprintf(stderr, "FAIL: test %zu - failed to set "
775 "SSL_CTX min version\n", i);
776 failed++;
777 }
778 goto next;
779 }
780 if (!SSL_CTX_set_max_proto_version(ssl_ctx, mmvt->maxver)) {
781 if (!mmvt->want_max_fail) {
782 fprintf(stderr, "FAIL: test %zu - failed to set "
783 "SSL_CTX min version\n", i);
784 failed++;
785 }
786 goto next;
787 }
788
789 if (mmvt->want_min_fail) {
790 fprintf(stderr, "FAIL: test %zu - successfully set "
791 "SSL_CTX min version, should have failed\n", i);
792 failed++;
793 goto next;
794 }
795 if (mmvt->want_max_fail) {
796 fprintf(stderr, "FAIL: test %zu - successfully set "
797 "SSL_CTX max version, should have failed\n", i);
798 failed++;
799 goto next;
800 }
801
802 if (SSL_CTX_get_min_proto_version(ssl_ctx) != mmvt->want_minver) {
803 fprintf(stderr, "FAIL: test %zu - got SSL_CTX min "
804 "version 0x%x, want 0x%x\n", i,
805 SSL_CTX_get_min_proto_version(ssl_ctx), mmvt->want_minver);
806 failed++;
807 goto next;
808 }
809 if (SSL_CTX_get_max_proto_version(ssl_ctx) != mmvt->want_maxver) {
810 fprintf(stderr, "FAIL: test %zu - got SSL_CTX max "
811 "version 0x%x, want 0x%x\n", i,
812 SSL_CTX_get_max_proto_version(ssl_ctx), mmvt->want_maxver);
813 failed++;
814 goto next;
815 }
816
817 if ((ssl = SSL_new(ssl_ctx)) == NULL) {
818 fprintf(stderr, "SSL_new() returned NULL\n");
819 return 1;
820 }
821
822 if (SSL_get_min_proto_version(ssl) != mmvt->want_minver) {
823 fprintf(stderr, "FAIL: test %zu - initial SSL min "
824 "version 0x%x, want 0x%x\n", i,
825 SSL_get_min_proto_version(ssl), mmvt->want_minver);
826 failed++;
827 goto next;
828 }
829 if (SSL_get_max_proto_version(ssl) != mmvt->want_maxver) {
830 fprintf(stderr, "FAIL: test %zu - initial SSL max "
831 "version 0x%x, want 0x%x\n", i,
832 SSL_get_max_proto_version(ssl), mmvt->want_maxver);
833 failed++;
834 goto next;
835 }
836
837 if (!SSL_set_min_proto_version(ssl, mmvt->minver)) {
838 if (mmvt->want_min_fail) {
839 fprintf(stderr, "FAIL: test %zu - failed to set "
840 "SSL min version\n", i);
841 failed++;
842 }
843 goto next;
844 }
845 if (!SSL_set_max_proto_version(ssl, mmvt->maxver)) {
846 if (mmvt->want_max_fail) {
847 fprintf(stderr, "FAIL: test %zu - failed to set "
848 "SSL min version\n", i);
849 failed++;
850 }
851 goto next;
852 }
853
854 if (mmvt->want_min_fail) {
855 fprintf(stderr, "FAIL: test %zu - successfully set SSL "
856 "min version, should have failed\n", i);
857 failed++;
858 goto next;
859 }
860 if (mmvt->want_max_fail) {
861 fprintf(stderr, "FAIL: test %zu - successfully set SSL "
862 "max version, should have failed\n", i);
863 failed++;
864 goto next;
865 }
866
867 if (SSL_get_min_proto_version(ssl) != mmvt->want_minver) {
868 fprintf(stderr, "FAIL: test %zu - got SSL min "
869 "version 0x%x, want 0x%x\n", i,
870 SSL_get_min_proto_version(ssl), mmvt->want_minver);
871 failed++;
872 goto next;
873 }
874 if (SSL_get_max_proto_version(ssl) != mmvt->want_maxver) {
875 fprintf(stderr, "FAIL: test %zu - got SSL max "
876 "version 0x%x, want 0x%x\n", i,
877 SSL_get_max_proto_version(ssl), mmvt->want_maxver);
878 failed++;
879 goto next;
880 }
881
882 next:
883 SSL_CTX_free(ssl_ctx);
884 SSL_free(ssl);
885
886 ssl_ctx = NULL;
887 ssl = NULL;
888 }
889
890 return (failed);
891}
892
893int
894main(int argc, char **argv)
895{
896 int failed = 0;
897
898 SSL_library_init();
899
900 /* XXX - Test ssl_supported_version_range() */
901
902 failed |= test_ssl_enabled_version_range();
903 failed |= test_ssl_max_shared_version();
904 failed |= test_ssl_min_max_version();
905
906 if (failed == 0)
907 printf("PASS %s\n", __FILE__);
908
909 return (failed);
910}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2026-02-09 22:47:21 +0000