Skip to content

Commit

Permalink
Add a test for SSL_version(), SSL_get_version() etc
Browse files Browse the repository at this point in the history 
We also test SSL_is_dtls(), SSL_is_tls() and SSL_is_quic().

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from #20650)
  • Loading branch information
@mattcaswell @paulidale
mattcaswell authored and paulidale committed Apr 3, 2023
1 parent 50769b1 commit 843f6e2
Show file tree
Hide file tree
Showing 2 changed files with 190 additions and 0 deletions.
40 changes: 40 additions & 0 deletions test/quicapitest.c
View file
Expand Up @@ -162,6 +162,45 @@ static int test_ciphersuites(void)
return testresult;
}

/*
* Test that SSL_version, SSL_get_version, SSL_is_quic, SSL_is_tls and
* SSL_is_dtls return the expected results for a QUIC connection. Compare with
* test_version() in sslapitest.c which does the same thing for TLS/DTLS
* connections.
*/
static int test_version(void)
{
SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
SSL *clientquic = NULL;
QUIC_TSERVER *qtserv = NULL;
int testresult = 0;

if (!TEST_ptr(cctx)
|| !TEST_true(qtest_create_quic_objects(libctx, cctx, cert, privkey,
0, &qtserv, &clientquic,
NULL))
|| !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
goto err;

if (!TEST_int_eq(SSL_version(clientquic), OSSL_QUIC1_VERSION)
|| !TEST_str_eq(SSL_get_version(clientquic), "QUICv1"))
goto err;

if (!TEST_true(SSL_is_quic(clientquic))
|| !TEST_false(SSL_is_tls(clientquic))
|| !TEST_false(SSL_is_dtls(clientquic)))
goto err;


testresult = 1;
err:
ossl_quic_tserver_free(qtserv);
SSL_free(clientquic);
SSL_CTX_free(cctx);

return testresult;
}

OPT_TEST_DECLARE_USAGE("provider config\n")

int setup_tests(void)
Expand Down Expand Up @@ -218,6 +257,7 @@ int setup_tests(void)

ADD_ALL_TESTS(test_quic_write_read, 2);
ADD_TEST(test_ciphersuites);
ADD_TEST(test_version);

return 1;
err:
Expand Down
150 changes: 150 additions & 0 deletions test/sslapitest.c
View file
Expand Up @@ -10825,6 +10825,155 @@ static int test_pipelining(int idx)
}
#endif /* !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DYNAMIC_ENGINE) */

static int check_version_string(SSL *s, int version)
{
const char *verstr = NULL;

switch (version) {
case SSL3_VERSION:
verstr = "SSLv3";
break;
case TLS1_VERSION:
verstr = "TLSv1";
break;
case TLS1_1_VERSION:
verstr = "TLSv1.1";
break;
case TLS1_2_VERSION:
verstr = "TLSv1.2";
break;
case TLS1_3_VERSION:
verstr = "TLSv1.3";
break;
case DTLS1_VERSION:
verstr = "DTLSv1";
break;
case DTLS1_2_VERSION:
verstr = "DTLSv1.2";
}

return TEST_str_eq(verstr, SSL_get_version(s));
}

/*
* Test that SSL_version, SSL_get_version, SSL_is_quic, SSL_is_tls and
* SSL_is_dtls return the expected results for a (D)TLS connection. Compare with
* test_version() in quicapitest.c which does the same thing for QUIC
* connections.
*/
static int test_version(int idx)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0, version;
const SSL_METHOD *servmeth = TLS_server_method();
const SSL_METHOD *clientmeth = TLS_client_method();

switch (idx) {
#if !defined(OPENSSL_NO_SSL3)
case 0:
version = SSL3_VERSION;
break;
#endif
#if !defined(OPENSSL_NO_TLS1)
case 1:
version = TLS1_VERSION;
break;
#endif
#if !defined(OPENSSL_NO_TLS1_2)
case 2:
version = TLS1_2_VERSION;
break;
#endif
#if !defined(OSSL_NO_USABLE_TLS1_3)
case 3:
version = TLS1_3_VERSION;
break;
#endif
#if !defined(OPENSSL_NO_DTLS1)
case 4:
version = DTLS1_VERSION;
break;
#endif
#if !defined(OPENSSL_NO_DTLS1_2)
case 5:
version = DTLS1_2_VERSION;
break;
#endif
/*
* NB we do not support QUIC in this test. That is covered by quicapitest.c
* We also don't support DTLS1_BAD_VER since we have no server support for
* that.
*/
default:
TEST_skip("Unsupported protocol version");
return 1;
}

if (is_fips
&& (version == SSL3_VERSION
|| version == TLS1_VERSION
|| version == DTLS1_VERSION)) {
TEST_skip("Protocol version not supported with FIPS");
return 1;
}

#if !defined(OPENSSL_NO_DTLS)
if (version == DTLS1_VERSION || version == DTLS1_2_VERSION) {
servmeth = DTLS_server_method();
clientmeth = DTLS_client_method();
}
#endif

if (!TEST_true(create_ssl_ctx_pair(libctx, servmeth, clientmeth, version,
version, &sctx, &cctx, cert, privkey)))
goto end;

if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0"))
|| !TEST_true(SSL_CTX_set_cipher_list(cctx,
"DEFAULT:@SECLEVEL=0")))
goto end;

if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
&clientssl, NULL, NULL)))
goto end;

if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
goto end;

if (!TEST_int_eq(SSL_version(serverssl), version)
|| !TEST_int_eq(SSL_version(clientssl), version)
|| !TEST_true(check_version_string(serverssl, version))
|| !TEST_true(check_version_string(clientssl, version)))
goto end;

if (version == DTLS1_VERSION || version == DTLS1_2_VERSION) {
if (!TEST_true(SSL_is_dtls(serverssl))
|| !TEST_true(SSL_is_dtls(clientssl))
|| !TEST_false(SSL_is_tls(serverssl))
|| !TEST_false(SSL_is_tls(clientssl))
|| !TEST_false(SSL_is_quic(serverssl))
|| !TEST_false(SSL_is_quic(clientssl)))
goto end;
} else {
if (!TEST_true(SSL_is_tls(serverssl))
|| !TEST_true(SSL_is_tls(clientssl))
|| !TEST_false(SSL_is_dtls(serverssl))
|| !TEST_false(SSL_is_dtls(clientssl))
|| !TEST_false(SSL_is_quic(serverssl))
|| !TEST_false(SSL_is_quic(clientssl)))
goto end;
}

testresult = 1;
end:
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}

OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile provider config dhfile\n")

int setup_tests(void)
Expand Down Expand Up @@ -11128,6 +11277,7 @@ int setup_tests(void)
#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DYNAMIC_ENGINE)
ADD_ALL_TESTS(test_pipelining, 6);
#endif
ADD_ALL_TESTS(test_version, 6);
return 1;

err:
Expand Down

0 comments on commit 843f6e2

Please sign in to comment.