1 files changed, 90 insertions, 6 deletions
diff --git a/src/regress/lib/libssl/unit/ssl_versions.c b/src/regress/lib/libssl/unit/ssl_versions.c
index d8a3f5ba6f..9551ae4130 100644
--- a/src/regress/lib/libssl/unit/ssl_versions.c
+++ b/src/regress/lib/libssl/unit/ssl_versions.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_versions.c,v 1.12 2021/02/25 17:07:52 jsing Exp $ */
+/* $OpenBSD: ssl_versions.c,v 1.13 2021/03/17 17:23:42 jsing Exp $ */
 /*
 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
 *
@@ -407,21 +407,69 @@ static struct shared_version_test shared_version_tests[] = {
                .want_maxver = TLS1_1_VERSION,
        },
        {
-                .ssl_method = DTLSv1_method,
+                .ssl_method = DTLS_method,
                .options = 0,
-                .minver = TLS1_VERSION,
+                .minver = TLS1_1_VERSION,
                .maxver = TLS1_2_VERSION,
                .peerver = DTLS1_VERSION,
                .want_maxver = DTLS1_VERSION,
        },
        {
+                .ssl_method = DTLS_method,
+                .options = 0,
+                .minver = TLS1_1_VERSION,
+                .maxver = TLS1_2_VERSION,
+                .peerver = DTLS1_2_VERSION,
+                .want_maxver = DTLS1_VERSION,
+        },
+        {
+                .ssl_method = DTLS_method,
+                .options = 0,
+                .minver = TLS1_1_VERSION,
+                .maxver = TLS1_2_VERSION,
+                .peerver = 0xfefc,      /* DTLSv1.3, probably. */
+                .want_maxver = DTLS1_VERSION,
+        },
+        {
                .ssl_method = DTLSv1_method,
                .options = 0,
-                .minver = TLS1_VERSION,
+                .minver = TLS1_1_VERSION,
+                .maxver = TLS1_1_VERSION,
+                .peerver = DTLS1_2_VERSION,
+                .want_maxver = DTLS1_VERSION,
+        },
+        {
+                .ssl_method = DTLSv1_2_method,
+                .options = 0,
+                .minver = TLS1_2_VERSION,
                .maxver = TLS1_2_VERSION,
+                .peerver = DTLS1_2_VERSION,
+                .want_maxver = DTLS1_2_VERSION,
+        },
+        {
+                .ssl_method = DTLSv1_method,
+                .options = 0,
+                .minver = TLS1_1_VERSION,
+                .maxver = TLS1_1_VERSION,
                .peerver = TLS1_2_VERSION,
                .want_maxver = 0,
        },
+        {
+                .ssl_method = DTLS_method,
+                .options = SSL_OP_NO_DTLSv1,
+                .minver = TLS1_1_VERSION,
+                .maxver = TLS1_2_VERSION,
+                .peerver = DTLS1_VERSION,
+                .want_maxver = 0,
+        },
+        {
+                .ssl_method = DTLS_method,
+                .options = SSL_OP_NO_DTLSv1_2,
+                .minver = TLS1_1_VERSION,
+                .maxver = TLS1_2_VERSION,
+                .peerver = DTLS1_2_VERSION,
+                .want_maxver = DTLS1_VERSION,
+        },
 };
 #define N_SHARED_VERSION_TESTS \
@@ -461,10 +509,11 @@ test_ssl_max_shared_version(void)
                ssl->internal->min_tls_version = svt->minver;
                ssl->internal->max_tls_version = svt->maxver;
-                if (ssl_max_shared_version(ssl, svt->peerver, &maxver) != 1) {
+                if (!ssl_max_shared_version(ssl, svt->peerver, &maxver)) {
                        if (svt->want_maxver != 0) {
                                fprintf(stderr, "FAIL: test %zu - failed but "
-                                    "wanted non-zero shared version\n", i);
+                                    "wanted non-zero shared version (peer %x)\n",
+                                    i, svt->peerver);
                                failed++;
                        }
                        continue;
@@ -622,6 +671,34 @@ static struct min_max_version_test min_max_version_tests[] = {
                .want_max_fail = 1,
        },
        {
+                .ssl_method = DTLS_method,
+                .minver = 0,
+                .maxver = 0,
+                .want_minver = 0,
+                .want_maxver = 0,
+        },
+        {
+                .ssl_method = DTLS_method,
+                .minver = 0,
+                .maxver = DTLS1_VERSION,
+                .want_minver = 0,
+                .want_maxver = DTLS1_VERSION,
+        },
+        {
+                .ssl_method = DTLS_method,
+                .minver = DTLS1_VERSION,
+                .maxver = 0,
+                .want_minver = DTLS1_VERSION,
+                .want_maxver = 0,
+        },
+        {
+                .ssl_method = DTLS_method,
+                .minver = DTLS1_VERSION,
+                .maxver = DTLS1_2_VERSION,
+                .want_minver = DTLS1_VERSION,
+                .want_maxver = DTLS1_VERSION,
+        },
+        {
                .ssl_method = DTLSv1_method,
                .minver = 0,
                .maxver = 0,
@@ -644,6 +721,13 @@ static struct min_max_version_test min_max_version_tests[] = {
        },
        {
                .ssl_method = DTLSv1_method,
+                .minver = 0,
+                .maxver = DTLS1_2_VERSION,
+                .want_minver = 0,
+                .want_maxver = DTLS1_VERSION,
+        },
+        {
+                .ssl_method = DTLSv1_method,
                .minver = TLS1_VERSION,
                .maxver = TLS1_2_VERSION,
                .want_minver = 0,

diff --git a/src/regress/lib/libssl/unit/ssl_versions.c b/src/regress/lib/libssl/unit/ssl_versions.c index d8a3f5ba6f..9551ae4130 100644 --- a/src/regress/lib/libssl/unit/ssl_versions.c +++ b/src/regress/lib/libssl/unit/ssl_versions.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_versions.c,v 1.12 2021/02/25 17:07:52 jsing Exp $ */	1	/* $OpenBSD: ssl_versions.c,v 1.13 2021/03/17 17:23:42 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -407,21 +407,69 @@ static struct shared_version_test shared_version_tests[] = {
407	.want_maxver = TLS1_1_VERSION,	407	.want_maxver = TLS1_1_VERSION,
408	},	408	},
409	{	409	{
410	.ssl_method = DTLSv1_method,	410	.ssl_method = DTLS_method,
411	.options = 0,	411	.options = 0,
412	.minver = TLS1_VERSION,	412	.minver = TLS1_1_VERSION,
413	.maxver = TLS1_2_VERSION,	413	.maxver = TLS1_2_VERSION,
414	.peerver = DTLS1_VERSION,	414	.peerver = DTLS1_VERSION,
415	.want_maxver = DTLS1_VERSION,	415	.want_maxver = DTLS1_VERSION,
416	},	416	},
417	{	417	{
		418	.ssl_method = DTLS_method,
		419	.options = 0,
		420	.minver = TLS1_1_VERSION,
		421	.maxver = TLS1_2_VERSION,
		422	.peerver = DTLS1_2_VERSION,
		423	.want_maxver = DTLS1_VERSION,
		424	},
		425	{
		426	.ssl_method = DTLS_method,
		427	.options = 0,
		428	.minver = TLS1_1_VERSION,
		429	.maxver = TLS1_2_VERSION,
		430	.peerver = 0xfefc, /* DTLSv1.3, probably. */
		431	.want_maxver = DTLS1_VERSION,
		432	},
		433	{
418	.ssl_method = DTLSv1_method,	434	.ssl_method = DTLSv1_method,
419	.options = 0,	435	.options = 0,
420	.minver = TLS1_VERSION,	436	.minver = TLS1_1_VERSION,
		437	.maxver = TLS1_1_VERSION,
		438	.peerver = DTLS1_2_VERSION,
		439	.want_maxver = DTLS1_VERSION,
		440	},
		441	{
		442	.ssl_method = DTLSv1_2_method,
		443	.options = 0,
		444	.minver = TLS1_2_VERSION,
421	.maxver = TLS1_2_VERSION,	445	.maxver = TLS1_2_VERSION,
		446	.peerver = DTLS1_2_VERSION,
		447	.want_maxver = DTLS1_2_VERSION,
		448	},
		449	{
		450	.ssl_method = DTLSv1_method,
		451	.options = 0,
		452	.minver = TLS1_1_VERSION,
		453	.maxver = TLS1_1_VERSION,
422	.peerver = TLS1_2_VERSION,	454	.peerver = TLS1_2_VERSION,
423	.want_maxver = 0,	455	.want_maxver = 0,
424	},	456	},
		457	{
		458	.ssl_method = DTLS_method,
		459	.options = SSL_OP_NO_DTLSv1,
		460	.minver = TLS1_1_VERSION,
		461	.maxver = TLS1_2_VERSION,
		462	.peerver = DTLS1_VERSION,
		463	.want_maxver = 0,
		464	},
		465	{
		466	.ssl_method = DTLS_method,
		467	.options = SSL_OP_NO_DTLSv1_2,
		468	.minver = TLS1_1_VERSION,
		469	.maxver = TLS1_2_VERSION,
		470	.peerver = DTLS1_2_VERSION,
		471	.want_maxver = DTLS1_VERSION,
		472	},
425	};	473	};
426		474
427	#define N_SHARED_VERSION_TESTS \	475	#define N_SHARED_VERSION_TESTS \
@@ -461,10 +509,11 @@ test_ssl_max_shared_version(void)
461	ssl->internal->min_tls_version = svt->minver;	509	ssl->internal->min_tls_version = svt->minver;
462	ssl->internal->max_tls_version = svt->maxver;	510	ssl->internal->max_tls_version = svt->maxver;
463		511
464	if (ssl_max_shared_version(ssl, svt->peerver, &maxver) != 1) {	512	if (!ssl_max_shared_version(ssl, svt->peerver, &maxver)) {
465	if (svt->want_maxver != 0) {	513	if (svt->want_maxver != 0) {
466	fprintf(stderr, "FAIL: test %zu - failed but "	514	fprintf(stderr, "FAIL: test %zu - failed but "
467	"wanted non-zero shared version\n", i);	515	"wanted non-zero shared version (peer %x)\n",
		516	i, svt->peerver);
468	failed++;	517	failed++;
469	}	518	}
470	continue;	519	continue;
@@ -622,6 +671,34 @@ static struct min_max_version_test min_max_version_tests[] = {
622	.want_max_fail = 1,	671	.want_max_fail = 1,
623	},	672	},
624	{	673	{
		674	.ssl_method = DTLS_method,
		675	.minver = 0,
		676	.maxver = 0,
		677	.want_minver = 0,
		678	.want_maxver = 0,
		679	},
		680	{
		681	.ssl_method = DTLS_method,
		682	.minver = 0,
		683	.maxver = DTLS1_VERSION,
		684	.want_minver = 0,
		685	.want_maxver = DTLS1_VERSION,
		686	},
		687	{
		688	.ssl_method = DTLS_method,
		689	.minver = DTLS1_VERSION,
		690	.maxver = 0,
		691	.want_minver = DTLS1_VERSION,
		692	.want_maxver = 0,
		693	},
		694	{
		695	.ssl_method = DTLS_method,
		696	.minver = DTLS1_VERSION,
		697	.maxver = DTLS1_2_VERSION,
		698	.want_minver = DTLS1_VERSION,
		699	.want_maxver = DTLS1_VERSION,
		700	},
		701	{
625	.ssl_method = DTLSv1_method,	702	.ssl_method = DTLSv1_method,
626	.minver = 0,	703	.minver = 0,
627	.maxver = 0,	704	.maxver = 0,
@@ -644,6 +721,13 @@ static struct min_max_version_test min_max_version_tests[] = {
644	},	721	},
645	{	722	{
646	.ssl_method = DTLSv1_method,	723	.ssl_method = DTLSv1_method,
		724	.minver = 0,
		725	.maxver = DTLS1_2_VERSION,
		726	.want_minver = 0,
		727	.want_maxver = DTLS1_VERSION,
		728	},
		729	{
		730	.ssl_method = DTLSv1_method,
647	.minver = TLS1_VERSION,	731	.minver = TLS1_VERSION,
648	.maxver = TLS1_2_VERSION,	732	.maxver = TLS1_2_VERSION,
649	.want_minver = 0,	733	.want_minver = 0,