diff options
| -rw-r--r-- | src/regress/lib/libssl/unit/Makefile | 3 | ||||
| -rw-r--r-- | src/regress/lib/libssl/unit/ssl_versions.c | 144 |
2 files changed, 146 insertions, 1 deletions
diff --git a/src/regress/lib/libssl/unit/Makefile b/src/regress/lib/libssl/unit/Makefile index 1873be6923..48ae396327 100644 --- a/src/regress/lib/libssl/unit/Makefile +++ b/src/regress/lib/libssl/unit/Makefile | |||
| @@ -1,6 +1,7 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.6 2016/11/04 17:51:54 guenther Exp $ | 1 | # $OpenBSD: Makefile,v 1.7 2016/12/30 16:58:12 jsing Exp $ |
| 2 | 2 | ||
| 3 | TEST_CASES+= cipher_list | 3 | TEST_CASES+= cipher_list |
| 4 | TEST_CASES+= ssl_versions | ||
| 4 | TEST_CASES+= tls_ext_alpn | 5 | TEST_CASES+= tls_ext_alpn |
| 5 | 6 | ||
| 6 | REGRESS_TARGETS= all_tests | 7 | REGRESS_TARGETS= all_tests |
diff --git a/src/regress/lib/libssl/unit/ssl_versions.c b/src/regress/lib/libssl/unit/ssl_versions.c new file mode 100644 index 0000000000..32f7b3eea2 --- /dev/null +++ b/src/regress/lib/libssl/unit/ssl_versions.c | |||
| @@ -0,0 +1,144 @@ | |||
| 1 | /* $OpenBSD: ssl_versions.c,v 1.1 2016/12/30 16:58:12 jsing Exp $ */ | ||
| 2 | /* | ||
| 3 | * Copyright (c) 2016 Joel Sing <jsing@openbsd.org> | ||
| 4 | * | ||
| 5 | * Permission to use, copy, modify, and distribute this software for any | ||
| 6 | * purpose with or without fee is hereby granted, provided that the above | ||
| 7 | * copyright notice and this permission notice appear in all copies. | ||
| 8 | * | ||
| 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
| 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
| 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
| 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
| 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
| 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
| 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
| 16 | */ | ||
| 17 | |||
| 18 | #include <openssl/ssl.h> | ||
| 19 | |||
| 20 | int ssl_enabled_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver); | ||
| 21 | |||
| 22 | struct version_range_test { | ||
| 23 | const long options; | ||
| 24 | const uint16_t minver; | ||
| 25 | const uint16_t maxver; | ||
| 26 | }; | ||
| 27 | |||
| 28 | static struct version_range_test version_range_tests[] = { | ||
| 29 | { | ||
| 30 | .options = 0, | ||
| 31 | .minver = TLS1_VERSION, | ||
| 32 | .maxver = TLS1_2_VERSION, | ||
| 33 | }, | ||
| 34 | { | ||
| 35 | .options = SSL_OP_NO_TLSv1, | ||
| 36 | .minver = TLS1_1_VERSION, | ||
| 37 | .maxver = TLS1_2_VERSION, | ||
| 38 | }, | ||
| 39 | { | ||
| 40 | .options = SSL_OP_NO_TLSv1_2, | ||
| 41 | .minver = TLS1_VERSION, | ||
| 42 | .maxver = TLS1_1_VERSION, | ||
| 43 | }, | ||
| 44 | { | ||
| 45 | .options = SSL_OP_NO_TLSv1_1, | ||
| 46 | .minver = TLS1_VERSION, | ||
| 47 | .maxver = TLS1_VERSION, | ||
| 48 | }, | ||
| 49 | { | ||
| 50 | .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1, | ||
| 51 | .minver = TLS1_2_VERSION, | ||
| 52 | .maxver = TLS1_2_VERSION, | ||
| 53 | }, | ||
| 54 | { | ||
| 55 | .options = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2, | ||
| 56 | .minver = TLS1_VERSION, | ||
| 57 | .maxver = TLS1_VERSION, | ||
| 58 | }, | ||
| 59 | { | ||
| 60 | .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_2, | ||
| 61 | .minver = TLS1_1_VERSION, | ||
| 62 | .maxver = TLS1_1_VERSION, | ||
| 63 | }, | ||
| 64 | { | ||
| 65 | .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2, | ||
| 66 | .minver = 0, | ||
| 67 | .maxver = 0, | ||
| 68 | }, | ||
| 69 | }; | ||
| 70 | |||
| 71 | #define N_VERSION_RANGE_TESTS \ | ||
| 72 | (sizeof(version_range_tests) / sizeof(*version_range_tests)) | ||
| 73 | |||
| 74 | static int | ||
| 75 | test_ssl_enabled_version_range(void) | ||
| 76 | { | ||
| 77 | struct version_range_test *vrt; | ||
| 78 | uint16_t minver, maxver; | ||
| 79 | SSL_CTX *ssl_ctx = NULL; | ||
| 80 | SSL *ssl = NULL; | ||
| 81 | int failed = 1; | ||
| 82 | size_t i; | ||
| 83 | |||
| 84 | if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL) { | ||
| 85 | fprintf(stderr, "SSL_CTX_new() returned NULL\n"); | ||
| 86 | goto failure; | ||
| 87 | } | ||
| 88 | if ((ssl = SSL_new(ssl_ctx)) == NULL) { | ||
| 89 | fprintf(stderr, "SSL_new() returned NULL\n"); | ||
| 90 | goto failure; | ||
| 91 | } | ||
| 92 | |||
| 93 | failed = 0; | ||
| 94 | |||
| 95 | for (i = 0; i < N_VERSION_RANGE_TESTS; i++) { | ||
| 96 | vrt = &version_range_tests[i]; | ||
| 97 | |||
| 98 | SSL_clear_options(ssl, SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | | ||
| 99 | SSL_OP_NO_TLSv1_2); | ||
| 100 | SSL_set_options(ssl, vrt->options); | ||
| 101 | |||
| 102 | minver = maxver = 0xffff; | ||
| 103 | |||
| 104 | if (ssl_enabled_version_range(ssl, &minver, &maxver) == -1) { | ||
| 105 | if (vrt->minver != 0 || vrt->maxver != 0) { | ||
| 106 | fprintf(stderr, "FAIL: test %zu - failed but " | ||
| 107 | "wanted non-zero versions\n", i); | ||
| 108 | failed++; | ||
| 109 | } | ||
| 110 | continue; | ||
| 111 | } | ||
| 112 | if (minver != vrt->minver) { | ||
| 113 | fprintf(stderr, "FAIL: test %zu - got minver %x, " | ||
| 114 | "want %x\n", i, minver, vrt->minver); | ||
| 115 | failed++; | ||
| 116 | } | ||
| 117 | if (maxver != vrt->maxver) { | ||
| 118 | fprintf(stderr, "FAIL: test %zu - got maxver %x, " | ||
| 119 | "want %x\n", i, maxver, vrt->maxver); | ||
| 120 | failed++; | ||
| 121 | } | ||
| 122 | } | ||
| 123 | |||
| 124 | failure: | ||
| 125 | SSL_CTX_free(ssl_ctx); | ||
| 126 | SSL_free(ssl); | ||
| 127 | |||
| 128 | return (failed); | ||
| 129 | } | ||
| 130 | |||
| 131 | int | ||
| 132 | main(int argc, char **argv) | ||
| 133 | { | ||
| 134 | int failed = 0; | ||
| 135 | |||
| 136 | SSL_library_init(); | ||
| 137 | |||
| 138 | failed |= test_ssl_enabled_version_range(); | ||
| 139 | |||
| 140 | if (failed == 0) | ||
| 141 | printf("PASS %s\n", __FILE__); | ||
| 142 | |||
| 143 | return (failed); | ||
| 144 | } | ||