From d6cbd19b9ecee359200deb7e46df5222ffb565b5 Mon Sep 17 00:00:00 2001 From: jsing Date: Wed, 17 Mar 2021 17:23:42 +0000 Subject: [PATCH] Update for DTLSv1.2 version handling. --- regress/lib/libssl/unit/ssl_versions.c | 96 ++++++++++++++++++++++++-- 1 file changed, 90 insertions(+), 6 deletions(-) diff --git a/regress/lib/libssl/unit/ssl_versions.c b/regress/lib/libssl/unit/ssl_versions.c index d8a3f5ba6f7..9551ae41306 100644 --- a/regress/lib/libssl/unit/ssl_versions.c +++ b/regress/lib/libssl/unit/ssl_versions.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_versions.c,v 1.12 2021/02/25 17:07:52 jsing Exp $ */ +/* $OpenBSD: ssl_versions.c,v 1.13 2021/03/17 17:23:42 jsing Exp $ */ /* * Copyright (c) 2016, 2017 Joel Sing * @@ -407,21 +407,69 @@ static struct shared_version_test shared_version_tests[] = { .want_maxver = TLS1_1_VERSION, }, { - .ssl_method = DTLSv1_method, + .ssl_method = DTLS_method, .options = 0, - .minver = TLS1_VERSION, + .minver = TLS1_1_VERSION, .maxver = TLS1_2_VERSION, .peerver = DTLS1_VERSION, .want_maxver = DTLS1_VERSION, }, + { + .ssl_method = DTLS_method, + .options = 0, + .minver = TLS1_1_VERSION, + .maxver = TLS1_2_VERSION, + .peerver = DTLS1_2_VERSION, + .want_maxver = DTLS1_VERSION, + }, + { + .ssl_method = DTLS_method, + .options = 0, + .minver = TLS1_1_VERSION, + .maxver = TLS1_2_VERSION, + .peerver = 0xfefc, /* DTLSv1.3, probably. */ + .want_maxver = DTLS1_VERSION, + }, { .ssl_method = DTLSv1_method, .options = 0, - .minver = TLS1_VERSION, + .minver = TLS1_1_VERSION, + .maxver = TLS1_1_VERSION, + .peerver = DTLS1_2_VERSION, + .want_maxver = DTLS1_VERSION, + }, + { + .ssl_method = DTLSv1_2_method, + .options = 0, + .minver = TLS1_2_VERSION, .maxver = TLS1_2_VERSION, + .peerver = DTLS1_2_VERSION, + .want_maxver = DTLS1_2_VERSION, + }, + { + .ssl_method = DTLSv1_method, + .options = 0, + .minver = TLS1_1_VERSION, + .maxver = TLS1_1_VERSION, .peerver = TLS1_2_VERSION, .want_maxver = 0, }, + { + .ssl_method = DTLS_method, + .options = SSL_OP_NO_DTLSv1, + .minver = TLS1_1_VERSION, + .maxver = TLS1_2_VERSION, + .peerver = DTLS1_VERSION, + .want_maxver = 0, + }, + { + .ssl_method = DTLS_method, + .options = SSL_OP_NO_DTLSv1_2, + .minver = TLS1_1_VERSION, + .maxver = TLS1_2_VERSION, + .peerver = DTLS1_2_VERSION, + .want_maxver = DTLS1_VERSION, + }, }; #define N_SHARED_VERSION_TESTS \ @@ -461,10 +509,11 @@ test_ssl_max_shared_version(void) ssl->internal->min_tls_version = svt->minver; ssl->internal->max_tls_version = svt->maxver; - if (ssl_max_shared_version(ssl, svt->peerver, &maxver) != 1) { + if (!ssl_max_shared_version(ssl, svt->peerver, &maxver)) { if (svt->want_maxver != 0) { fprintf(stderr, "FAIL: test %zu - failed but " - "wanted non-zero shared version\n", i); + "wanted non-zero shared version (peer %x)\n", + i, svt->peerver); failed++; } continue; @@ -621,6 +670,34 @@ static struct min_max_version_test min_max_version_tests[] = { .want_maxver = 0, .want_max_fail = 1, }, + { + .ssl_method = DTLS_method, + .minver = 0, + .maxver = 0, + .want_minver = 0, + .want_maxver = 0, + }, + { + .ssl_method = DTLS_method, + .minver = 0, + .maxver = DTLS1_VERSION, + .want_minver = 0, + .want_maxver = DTLS1_VERSION, + }, + { + .ssl_method = DTLS_method, + .minver = DTLS1_VERSION, + .maxver = 0, + .want_minver = DTLS1_VERSION, + .want_maxver = 0, + }, + { + .ssl_method = DTLS_method, + .minver = DTLS1_VERSION, + .maxver = DTLS1_2_VERSION, + .want_minver = DTLS1_VERSION, + .want_maxver = DTLS1_VERSION, + }, { .ssl_method = DTLSv1_method, .minver = 0, @@ -642,6 +719,13 @@ static struct min_max_version_test min_max_version_tests[] = { .want_minver = 0, .want_maxver = DTLS1_VERSION, }, + { + .ssl_method = DTLSv1_method, + .minver = 0, + .maxver = DTLS1_2_VERSION, + .want_minver = 0, + .want_maxver = DTLS1_VERSION, + }, { .ssl_method = DTLSv1_method, .minver = TLS1_VERSION, -- 2.20.1