Adjust tls regress for protocol parsing fixes

This mostly reverts what was done by beck in Tallinn and adjust tlstest to add new test cases and now failing connection tests.
author: tb <> 2024-08-02 15:02:22 +0000
committer: tb <> 2024-08-02 15:02:22 +0000
commit: 3d1118fa05274d1f3789ca743e76aba59045acf7 (patch)
tree: 0986a54a0b80c08ce3b8c36c055c022024b67639 /src
parent: 69b88701f563e2efc9523720168674a54f6bc069 (diff)
download: openbsd-3d1118fa05274d1f3789ca743e76aba59045acf7.tar.gz
openbsd-3d1118fa05274d1f3789ca743e76aba59045acf7.tar.bz2
openbsd-3d1118fa05274d1f3789ca743e76aba59045acf7.zip
3 files changed, 22 insertions, 16 deletions
diff --git a/src/regress/lib/libtls/config/configtest.c b/src/regress/lib/libtls/config/configtest.c
index 5af5b56ffd..9e0df8a5eb 100644
--- a/src/regress/lib/libtls/config/configtest.c
+++ b/src/regress/lib/libtls/config/configtest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: configtest.c,v 1.3 2023/07/02 06:37:27 beck Exp $ */
+/* $OpenBSD: configtest.c,v 1.4 2024/08/02 15:02:22 tb Exp $ */
 /*
 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
 *
@@ -71,27 +71,30 @@ struct parse_protocols_test parse_protocols_tests[] = {
        {
                .protostr = "tlsv1.0:tlsv1.1:tlsv1.2:tlsv1.3",
                .want_return = 0,
-                .want_protocols = TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3,
+                .want_protocols = TLS_PROTOCOL_TLSv1_0 | TLS_PROTOCOL_TLSv1_1 |
+                    TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3,
        },
        {
                .protostr = "tlsv1.0,tlsv1.1,tlsv1.2,tlsv1.3",
                .want_return = 0,
-                .want_protocols = TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3,
+                .want_protocols = TLS_PROTOCOL_TLSv1_0 | TLS_PROTOCOL_TLSv1_1 |
+                    TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3,
        },
        {
                .protostr = "tlsv1.1,tlsv1.2,tlsv1.0",
                .want_return = 0,
-                .want_protocols = TLS_PROTOCOL_TLSv1_2,
+                .want_protocols = TLS_PROTOCOL_TLSv1_0 | TLS_PROTOCOL_TLSv1_1 |
+                    TLS_PROTOCOL_TLSv1_2,
        },
        {
                .protostr = "tlsv1.1,tlsv1.2,tlsv1.1",
                .want_return = 0,
-                .want_protocols = TLS_PROTOCOL_TLSv1_2,
+                .want_protocols = TLS_PROTOCOL_TLSv1_1 | TLS_PROTOCOL_TLSv1_2,
        },
        {
                .protostr = "tlsv1.1,tlsv1.2,!tlsv1.1",
                .want_return = 0,
-                .want_protocols = 0,
+                .want_protocols = TLS_PROTOCOL_TLSv1_2,
        },
        {
                .protostr = "unknown",
@@ -111,17 +114,19 @@ struct parse_protocols_test parse_protocols_tests[] = {
        {
                .protostr = "all,!tlsv1.0",
                .want_return = 0,
-                .want_protocols = TLS_PROTOCOL_TLSv1_3,
+                .want_protocols = TLS_PROTOCOL_TLSv1_1 | TLS_PROTOCOL_TLSv1_2 | \
+                        TLS_PROTOCOL_TLSv1_3,
        },
        {
                .protostr = "!tlsv1.0",
                .want_return = 0,
-                .want_protocols = TLS_PROTOCOL_TLSv1_3,
+                .want_protocols = TLS_PROTOCOL_TLSv1_1 | TLS_PROTOCOL_TLSv1_2 | \
+                        TLS_PROTOCOL_TLSv1_3,
        },
        {
                .protostr = "!tlsv1.0,!tlsv1.1,!tlsv1.3",
                .want_return = 0,
-                .want_protocols = 0,
+                .want_protocols = TLS_PROTOCOL_TLSv1_2,
        },
        {
                .protostr = "!tlsv1.0,!tlsv1.1,tlsv1.2,!tlsv1.3",
diff --git a/src/regress/lib/libtls/gotls/tls.go b/src/regress/lib/libtls/gotls/tls.go
index 3029d58c35..cf3e84c030 100644
--- a/src/regress/lib/libtls/gotls/tls.go
+++ b/src/regress/lib/libtls/gotls/tls.go
@@ -45,6 +45,8 @@ const (
 )
 var protocolNames = map[ProtocolVersion]string{
+        ProtocolTLSv10: "TLSv1",
+        ProtocolTLSv11: "TLSv1.1",
        ProtocolTLSv12: "TLSv1.2",
        ProtocolTLSv13: "TLSv1.3",
        ProtocolsAll:   "all",
diff --git a/src/regress/lib/libtls/tls/tlstest.c b/src/regress/lib/libtls/tls/tlstest.c
index fb6649e83f..b675c798b4 100644
--- a/src/regress/lib/libtls/tls/tlstest.c
+++ b/src/regress/lib/libtls/tls/tlstest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tlstest.c,v 1.15 2022/07/16 07:46:08 tb Exp $ */
+/* $OpenBSD: tlstest.c,v 1.16 2024/08/02 15:02:22 tb Exp $ */
 /*
 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
 *
@@ -497,16 +497,15 @@ struct test_versions {
 static struct test_versions tls_test_versions[] = {
        {"tlsv1.3", "all"},
        {"tlsv1.2", "all"},
-        {"tlsv1.1", "all"},
-        {"tlsv1.0", "all"},
        {"all", "tlsv1.3"},
        {"all", "tlsv1.2"},
-        {"all", "tlsv1.1"},
+        {"all:!tlsv1.1", "tlsv1.2"},
-        {"all", "tlsv1.0"},
+        {"all:!tlsv1.2", "tlsv1.3"},
+        {"all:!tlsv1.3", "tlsv1.2"},
+        {"all:!tlsv1.2:!tlsv1.1", "tlsv1.3"},
+        {"all:!tlsv1.2:!tlsv1.1:!tlsv1.0", "tlsv1.3"},
        {"tlsv1.3", "tlsv1.3"},
        {"tlsv1.2", "tlsv1.2"},
-        {"tlsv1.1", "tlsv1.1"},
-        {"tlsv1.0", "tlsv1.0"},
 };
 #define N_TLS_VERSION_TESTS \
author	tb <>	2024-08-02 15:02:22 +0000
committer	tb <>	2024-08-02 15:02:22 +0000
commit	3d1118fa05274d1f3789ca743e76aba59045acf7 (patch)
tree	0986a54a0b80c08ce3b8c36c055c022024b67639 /src
parent	69b88701f563e2efc9523720168674a54f6bc069 (diff)
download	openbsd-3d1118fa05274d1f3789ca743e76aba59045acf7.tar.gz openbsd-3d1118fa05274d1f3789ca743e76aba59045acf7.tar.bz2 openbsd-3d1118fa05274d1f3789ca743e76aba59045acf7.zip