From 18a8420ea8e51c199239c2ef68a9188965089aad Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Tue, 6 Nov 2018 01:40:57 +0000
Subject: Add TLSv1.3 to version regress tests.

---
 src/regress/lib/libssl/unit/ssl_versions.c | 84 ++++++++++++++++++++++++++++--
 1 file changed, 80 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/src/regress/lib/libssl/unit/ssl_versions.c b/src/regress/lib/libssl/unit/ssl_versions.c
index d84a7106d5..11519c3732 100644
--- a/src/regress/lib/libssl/unit/ssl_versions.c
+++ b/src/regress/lib/libssl/unit/ssl_versions.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_versions.c,v 1.5 2018/03/15 12:27:01 jca Exp $ */
+/* $OpenBSD: ssl_versions.c,v 1.6 2018/11/06 01:40:57 jsing Exp $ */
 /*
  * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
  *
@@ -28,6 +28,13 @@ struct version_range_test {
 };
 
 static struct version_range_test version_range_tests[] = {
+	{
+		.options = 0,
+		.minver = TLS1_VERSION,
+		.maxver = TLS1_3_VERSION,
+		.want_minver = TLS1_VERSION,
+		.want_maxver = TLS1_3_VERSION,
+	},
 	{
 		.options = 0,
 		.minver = TLS1_VERSION,
@@ -42,6 +49,13 @@ static struct version_range_test version_range_tests[] = {
 		.want_minver = TLS1_1_VERSION,
 		.want_maxver = TLS1_2_VERSION,
 	},
+	{
+		.options = SSL_OP_NO_TLSv1_3,
+		.minver = TLS1_VERSION,
+		.maxver = TLS1_3_VERSION,
+		.want_minver = TLS1_VERSION,
+		.want_maxver = TLS1_2_VERSION,
+	},
 	{
 		.options = SSL_OP_NO_TLSv1_2,
 		.minver = TLS1_VERSION,
@@ -78,12 +92,29 @@ static struct version_range_test version_range_tests[] = {
 		.want_maxver = TLS1_1_VERSION,
 	},
 	{
-		.options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
+		.options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
+		    SSL_OP_NO_TLSv1_2,
 		.minver = TLS1_VERSION,
 		.maxver = TLS1_2_VERSION,
 		.want_minver = 0,
 		.want_maxver = 0,
 	},
+	{
+		.options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
+		    SSL_OP_NO_TLSv1_2,
+		.minver = TLS1_VERSION,
+		.maxver = TLS1_3_VERSION,
+		.want_minver = TLS1_3_VERSION,
+		.want_maxver = TLS1_3_VERSION,
+	},
+	{
+		.options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
+		    SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3,
+		.minver = TLS1_VERSION,
+		.maxver = TLS1_3_VERSION,
+		.want_minver = 0,
+		.want_maxver = 0,
+	},
 	{
 		.options = 0,
 		.minver = TLS1_VERSION,
@@ -105,6 +136,34 @@ static struct version_range_test version_range_tests[] = {
 		.want_minver = TLS1_2_VERSION,
 		.want_maxver = TLS1_2_VERSION,
 	},
+	{
+		.options = 0,
+		.minver = TLS1_VERSION,
+		.maxver = TLS1_3_VERSION,
+		.want_minver = TLS1_VERSION,
+		.want_maxver = TLS1_3_VERSION,
+	},
+	{
+		.options = 0,
+		.minver = TLS1_1_VERSION,
+		.maxver = TLS1_3_VERSION,
+		.want_minver = TLS1_1_VERSION,
+		.want_maxver = TLS1_3_VERSION,
+	},
+	{
+		.options = 0,
+		.minver = TLS1_2_VERSION,
+		.maxver = TLS1_3_VERSION,
+		.want_minver = TLS1_2_VERSION,
+		.want_maxver = TLS1_3_VERSION,
+	},
+	{
+		.options = 0,
+		.minver = TLS1_3_VERSION,
+		.maxver = TLS1_3_VERSION,
+		.want_minver = TLS1_3_VERSION,
+		.want_maxver = TLS1_3_VERSION,
+	},
 	{
 		.options = 0,
 		.minver = TLS1_VERSION,
@@ -149,7 +208,7 @@ test_ssl_enabled_version_range(void)
 		vrt = &version_range_tests[i];
 
 		SSL_clear_options(ssl, SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
-		    SSL_OP_NO_TLSv1_2);
+		    SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3);
 		SSL_set_options(ssl, vrt->options);
 
 		minver = maxver = 0xffff;
@@ -233,6 +292,14 @@ static struct shared_version_test shared_version_tests[] = {
 		.peerver = TLS1_2_VERSION,
 		.want_maxver = TLS1_2_VERSION,
 	},
+	{
+		.ssl_method = TLS_method,
+		.options = 0,
+		.minver = TLS1_VERSION,
+		.maxver = TLS1_2_VERSION,
+		.peerver = TLS1_3_VERSION,
+		.want_maxver = TLS1_2_VERSION,
+	},
 	{
 		.ssl_method = TLS_method,
 		.options = 0,
@@ -383,7 +450,7 @@ test_ssl_max_shared_version(void)
 		}
 
 		SSL_clear_options(ssl, SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
-		    SSL_OP_NO_TLSv1_2);
+		    SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3);
 		SSL_set_options(ssl, svt->options);
 
 		maxver = 0;
@@ -442,6 +509,13 @@ static struct min_max_version_test min_max_version_tests[] = {
 		.want_minver = TLS1_VERSION,
 		.want_maxver = TLS1_2_VERSION,
 	},
+	{
+		.ssl_method = TLS_method,
+		.minver = 0,
+		.maxver = TLS1_3_VERSION,
+		.want_minver = TLS1_VERSION,
+		.want_maxver = TLS1_2_VERSION,
+	},
 	{
 		.ssl_method = TLS_method,
 		.minver = TLS1_VERSION,
@@ -710,6 +784,8 @@ main(int argc, char **argv)
 
 	SSL_library_init();
 
+	/* XXX - Test ssl_supported_version_range() */
+
 	failed |= test_ssl_enabled_version_range();
 	failed |= test_ssl_max_shared_version();
 	failed |= test_ssl_min_max_version();
-- 
cgit v1.2.3-55-g6feb