diff options
author | Matt Caswell <matt@openssl.org> | 2023-03-31 12:02:33 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2023-05-05 15:25:37 +0100 |
commit | f612673049b93387eb7f93c207aca821496da861 (patch) | |
tree | 987174ba6a46aa894bc2c7ffc8d0d99182ca0bed /test | |
parent | 861cd8964bfeb955408e93048d118e1826e12d0c (diff) | |
download | openssl-new-f612673049b93387eb7f93c207aca821496da861.tar.gz |
Extend the min/max protocol testing
Add more test cases and ensure we test DTLS and QUIC too
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20830)
Diffstat (limited to 'test')
-rw-r--r-- | test/ssl_ctx_test.c | 78 |
1 files changed, 71 insertions, 7 deletions
diff --git a/test/ssl_ctx_test.c b/test/ssl_ctx_test.c index e461d72595..ea7aadc2f6 100644 --- a/test/ssl_ctx_test.c +++ b/test/ssl_ctx_test.c @@ -11,6 +11,7 @@ #include <openssl/ssl.h> typedef struct { + int proto; int min_version; int max_version; int min_ok; @@ -19,13 +20,54 @@ typedef struct { int expected_max; } version_test; +#define PROTO_TLS 0 +#define PROTO_DTLS 1 +#define PROTO_QUIC 2 + +/* + * If a version is valid for *any* protocol then setting the min/max protocol is + * expected to return success, even if that version is not valid for *this* + * protocol. However it only has an effect if it is valid for *this* protocol - + * otherwise it is ignored. + */ static const version_test version_testdata[] = { - /* min max ok expected min expected max */ - {0, 0, 1, 1, 0, 0}, - {TLS1_VERSION, TLS1_2_VERSION, 1, 1, TLS1_VERSION, TLS1_2_VERSION}, - {TLS1_2_VERSION, TLS1_2_VERSION, 1, 1, TLS1_2_VERSION, TLS1_2_VERSION}, - {TLS1_2_VERSION, TLS1_1_VERSION, 1, 1, TLS1_2_VERSION, TLS1_1_VERSION}, - {7, 42, 0, 0, 0, 0}, + /* proto min max ok expected min expected max */ + {PROTO_TLS, 0, 0, 1, 1, 0, 0}, + {PROTO_TLS, SSL3_VERSION, TLS1_3_VERSION, 1, 1, SSL3_VERSION, TLS1_3_VERSION}, + {PROTO_TLS, TLS1_VERSION, TLS1_3_VERSION, 1, 1, TLS1_VERSION, TLS1_3_VERSION}, + {PROTO_TLS, TLS1_VERSION, TLS1_2_VERSION, 1, 1, TLS1_VERSION, TLS1_2_VERSION}, + {PROTO_TLS, TLS1_2_VERSION, TLS1_2_VERSION, 1, 1, TLS1_2_VERSION, TLS1_2_VERSION}, + {PROTO_TLS, TLS1_2_VERSION, TLS1_1_VERSION, 1, 1, TLS1_2_VERSION, TLS1_1_VERSION}, + {PROTO_TLS, SSL3_VERSION - 1, TLS1_3_VERSION, 0, 1, 0, TLS1_3_VERSION}, + {PROTO_TLS, SSL3_VERSION, TLS1_3_VERSION + 1, 1, 0, SSL3_VERSION, 0}, +#ifndef OPENSSL_NO_DTLS + {PROTO_TLS, DTLS1_VERSION, DTLS1_2_VERSION, 1, 1, 0, 0}, +#endif + {PROTO_TLS, OSSL_QUIC1_VERSION, OSSL_QUIC1_VERSION, 0, 0, 0, 0}, + {PROTO_TLS, 7, 42, 0, 0, 0, 0}, + {PROTO_DTLS, 0, 0, 1, 1, 0, 0}, + {PROTO_DTLS, DTLS1_VERSION, DTLS1_2_VERSION, 1, 1, DTLS1_VERSION, DTLS1_2_VERSION}, +#ifndef OPENSSL_NO_DTLS1_2 + {PROTO_DTLS, DTLS1_2_VERSION, DTLS1_2_VERSION, 1, 1, DTLS1_2_VERSION, DTLS1_2_VERSION}, +#endif +#ifndef OPENSSL_NO_DTLS1 + {PROTO_DTLS, DTLS1_VERSION, DTLS1_VERSION, 1, 1, DTLS1_VERSION, DTLS1_VERSION}, +#endif +#if !defined(OPENSSL_NO_DTLS1) && !defined(OPENSSL_NO_DTLS1_2) + {PROTO_DTLS, DTLS1_2_VERSION, DTLS1_VERSION, 1, 1, DTLS1_2_VERSION, DTLS1_VERSION}, +#endif + {PROTO_DTLS, DTLS1_VERSION + 1, DTLS1_2_VERSION, 0, 1, 0, DTLS1_2_VERSION}, + {PROTO_DTLS, DTLS1_VERSION, DTLS1_2_VERSION - 1, 1, 0, DTLS1_VERSION, 0}, + {PROTO_DTLS, TLS1_VERSION, TLS1_3_VERSION, 1, 1, 0, 0}, + {PROTO_DTLS, OSSL_QUIC1_VERSION, OSSL_QUIC1_VERSION, 0, 0, 0, 0}, + /* These functions never have an effect when called on a QUIC object */ + {PROTO_QUIC, 0, 0, 1, 1, 0, 0}, + {PROTO_QUIC, OSSL_QUIC1_VERSION, OSSL_QUIC1_VERSION, 0, 0, 0, 0}, + {PROTO_QUIC, OSSL_QUIC1_VERSION, OSSL_QUIC1_VERSION + 1, 0, 0, 0, 0}, + {PROTO_QUIC, TLS1_VERSION, TLS1_3_VERSION, 1, 1, 0, 0}, +#ifndef OPENSSL_NO_DTLS + {PROTO_QUIC, DTLS1_VERSION, DTLS1_2_VERSION, 1, 1, 0, 0}, +#endif }; static int test_set_min_max_version(int idx_tst) @@ -34,8 +76,30 @@ static int test_set_min_max_version(int idx_tst) SSL *ssl = NULL; int testresult = 0; version_test t = version_testdata[idx_tst]; + const SSL_METHOD *meth = NULL; + + switch (t.proto) { + case PROTO_TLS: + meth = TLS_client_method(); + break; + +#ifndef OPENSSL_NO_DTLS + case PROTO_DTLS: + meth = DTLS_client_method(); + break; +#endif + +#ifndef OPENSSL_NO_QUIC + case PROTO_QUIC: + meth = OSSL_QUIC_client_method(); + break; +#endif + } + + if (meth == NULL) + return TEST_skip("Protocol not supported"); - ctx = SSL_CTX_new(TLS_server_method()); + ctx = SSL_CTX_new(meth); if (ctx == NULL) goto end; |