Commit 74726750 authored by Emilia Kasper's avatar Emilia Kasper
Browse files

Port DTLS version negotiation tests 



Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent 81fc33c9

test/README.ssltest.md

+2 −0
Original line number Diff line number Diff line
@@ -64,6 +64,8 @@ The test section supports the following options: 
  - AcceptAll - accepts all certificates.

  - RejectAll - rejects all certificates.



* Method - the method to test. One of DTLS or TLS.



* ServerName - the server the client should attempt to connect to. One of

  - None - do not use SNI (default)

  - server1 - the initial context

test/recipes/80-test_ssl_new.t

+24 −10
Original line number Diff line number Diff line
@@ -26,28 +26,43 @@ map { s/;.*// } @conf_srcs if $^O eq "VMS"; 
my @conf_files = map { basename($_) } @conf_srcs;

map { s/\.in// } @conf_files;



# 02-protocol-version.conf test results depend on the configuration of enabled

# protocols. We only verify generated sources in the default configuration.

my $is_default = (disabled("ssl3") && !disabled("tls1") &&

# 02-protocol-version.conf test and 05-dtls-protocol-version.conf results

# depend on the configuration of enabled protocols. We only verify generated

# sources in the default configuration.

my $is_default_tls = (disabled("ssl3") && !disabled("tls1") &&

                      !disabled("tls1_1") && !disabled("tls1_2"));



my %conf_dependent_tests = ("02-protocol-version.conf" => 1);

my $is_default_dtls = (!disabled("dtls1") && !disabled("dtls1_2"));



my $no_tls = alldisabled(available_protocols("tls"));

my $no_dtls = alldisabled(available_protocols("dtls"));



my %conf_dependent_tests = (

  "02-protocol-version.conf" => !$is_default_tls,

  "05-dtls-protocol-version.conf" => !$is_default_dtls,

);



# Default is $no_tls but some tests have different skip conditions.

my %skip = (

  "05-dtls-protocol-version.conf" => $no_dtls,

);



foreach my $conf (@conf_files) {

    subtest "Test configuration $conf" => sub {

        test_conf($conf,

                  $conf_dependent_tests{$conf} || $^O eq "VMS" ?  0 : 1);

                  $conf_dependent_tests{$conf} || $^O eq "VMS" ?  0 : 1,

                  $skip{$conf} || $no_tls);

    }

}



# We hard-code the number of tests to double-check that the globbing above

# finds all files as expected.

plan tests => 6;  # = scalar @conf_srcs

plan tests => 7;  # = scalar @conf_srcs



sub test_conf {

    plan tests => 3;



    my ($conf, $check_source) = @_;

    my ($conf, $check_source, $skip) = @_;



    my $conf_file = srctop_file("test", "ssl-tests", $conf);

    my $tmp_file = "${conf}.$$.tmp";
@@ -73,8 +88,7 @@ sub test_conf { 
      }



      # Test 3. Run the test.

      my $no_tls = alldisabled(available_protocols("tls"));

      skip "No TLS tests available; skipping tests", 1 if $no_tls;

      skip "No tests available; skipping tests", 1 if $skip;

      skip "Stale sources; skipping tests", 1 if !$run_test;



      ok(run(test(["ssl_test", $tmp_file])), "running ssl_test $conf");

test/recipes/80-test_ssl_old.t

+2 −49
Original line number Diff line number Diff line
@@ -79,7 +79,7 @@ my $client_sess="client.ss"; 
# new format in ssl_test.c and add recipes to 80-test_ssl_new.t instead.

plan tests =>

    1				# For testss

    + 14			# For the first testssl

    + 13			# For the first testssl

    ;



subtest 'test_ss' => sub {
@@ -683,53 +683,6 @@ sub testssl { 
	}

    };



    subtest 'DTLS Version min/max tests' => sub {

        my @protos;

        push(@protos, "dtls1") unless ($no_dtls1 || $no_dtls);

        push(@protos, "dtls1.2") unless ($no_dtls1_2 || $no_dtls);

        my @minprotos = (undef, @protos);

        my @maxprotos = (@protos, undef);

        my @shdprotos = (@protos, $protos[$#protos]);

        my $n = ((@protos+2) * (@protos+3))/2 - 2;

        my $ntests = $n * $n;

	plan tests => $ntests;

      SKIP: {

        skip "DTLS disabled", 1 if $ntests == 1;



        my $should;

        for (my $smin = 0; $smin < @minprotos; ++$smin) {

        for (my $smax = $smin ? $smin - 1 : 0; $smax < @maxprotos; ++$smax) {

        for (my $cmin = 0; $cmin < @minprotos; ++$cmin) {

        for (my $cmax = $cmin ? $cmin - 1 : 0; $cmax < @maxprotos; ++$cmax) {

            if ($cmax < $smin-1) {

                $should = "fail-server";

            } elsif ($smax < $cmin-1) {

                $should = "fail-client";

            } elsif ($cmax > $smax) {

                $should = $shdprotos[$smax];

            } else {

                $should = $shdprotos[$cmax];

            }



            my @args = (@ssltest, "-dtls");

            push(@args, "-should_negotiate", $should);

            push(@args, "-server_min_proto", $minprotos[$smin])

                if (defined($minprotos[$smin]));

            push(@args, "-server_max_proto", $maxprotos[$smax])

                if (defined($maxprotos[$smax]));

            push(@args, "-client_min_proto", $minprotos[$cmin])

                if (defined($minprotos[$cmin]));

            push(@args, "-client_max_proto", $maxprotos[$cmax])

                if (defined($maxprotos[$cmax]));

            my $ok = run(test[@args]);

            if (! $ok) {

                print STDERR "\nsmin=$smin, smax=$smax, cmin=$cmin, cmax=$cmax\n";

                print STDERR "\nFailed: @args\n";

            }

            ok($ok);

        }}}}}

    };



    subtest 'TLS session reuse' => sub {

        plan tests => 12;

test/ssl-tests/02-protocol-version.conf.in

+5 −108
Original line number Diff line number Diff line
@@ -7,116 +7,13 @@ 
# https://www.openssl.org/source/license.html





## Test version negotiation

## Test TLS version negotiation



package ssltests;



use List::Util qw/max min/;

use strict;

use warnings;



use OpenSSL::Test;

use OpenSSL::Test::Utils qw/anydisabled alldisabled/;

setup("no_test_here");

use protocol_version;



my @protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");

# undef stands for "no limit".

my @min_protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");

my @max_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", undef);



my @is_disabled = anydisabled("ssl3", "tls1", "tls1_1", "tls1_2");



my $min_enabled; my $max_enabled;



# Protocol configuration works in cascades, i.e.,

# $no_tls1_1 disables TLSv1.1 and below.

#

# $min_enabled and $max_enabled will be correct if there is at least one

# protocol enabled.

foreach my $i (0..$#protocols) {

    if (!$is_disabled[$i]) {

        $min_enabled = $i;

        last;

    }

}



foreach my $i (0..$#protocols) {

    if (!$is_disabled[$i]) {

        $max_enabled = $i;

    }

}



our @tests = ();



sub generate_tests() {

    foreach my $c_min (0..$#min_protocols) {

        my $c_max_min = $c_min == 0 ? 0 : $c_min - 1;

        foreach my $c_max ($c_max_min..$#max_protocols) {

            foreach my $s_min (0..$#min_protocols) {

                my $s_max_min = $s_min == 0 ? 0 : $s_min - 1;

                foreach my $s_max ($s_max_min..$#max_protocols) {

                    my ($result, $protocol) =

                        expected_result($c_min, $c_max, $s_min, $s_max);

                    push @tests, {

                        "name" => "version-negotiation",

                        "client" => {

                            "MinProtocol" => $min_protocols[$c_min],

                            "MaxProtocol" => $max_protocols[$c_max],

                        },

                        "server" => {

                            "MinProtocol" => $min_protocols[$s_min],

                            "MaxProtocol" => $max_protocols[$s_max],

                        },

                        "test" => {

                            "ExpectedResult" => $result,

                            "Protocol" => $protocol

                        }

                    };

                }

            }

        }

    }

}



sub expected_result {

    my $no_tls = alldisabled("ssl3", "tls1", "tls1_1", "tls1_2");

    if ($no_tls) {

        return ("InternalError", undef);

    }



    my ($c_min, $c_max, $s_min, $s_max) = @_;



    # Adjust for "undef" (no limit).

    $c_min = $c_min == 0 ? 0 : $c_min - 1;

    $c_max = $c_max == scalar(@max_protocols) - 1 ? $c_max - 1 : $c_max;

    $s_min = $s_min == 0 ? 0 : $s_min - 1;

    $s_max = $s_max == scalar(@max_protocols) - 1 ? $s_max - 1 : $s_max;



    # We now have at least one protocol enabled, so $min_enabled and

    # $max_enabled are well-defined.

    $c_min = max $c_min, $min_enabled;

    $s_min = max $s_min, $min_enabled;

    $c_max = min $c_max, $max_enabled;

    $s_max = min $s_max, $max_enabled;



    if ($c_min > $c_max) {

        # Client should fail to even send a hello.

        # This results in an internal error since the server will be

        # waiting for input that never arrives.

        return ("InternalError", undef);

    } elsif ($s_min > $s_max) {

        # Server has no protocols, should always fail.

        return ("ServerFail", undef);

    } elsif ($s_min > $c_max) {

        # Server doesn't support the client range.

        return ("ServerFail", undef);

    } elsif ($c_min > $s_max) {

        # Server will try with a version that is lower than the lowest

        # supported client version.

        return ("ClientFail", undef);

    } else {

        # Server and client ranges overlap.

        my $max_common = $s_max < $c_max ? $s_max : $c_max;

        return ("Success", $protocols[$max_common]);

    }

}



generate_tests();
 
our @tests = generate_tests("TLS");

test/ssl-tests/07-dtls-protocol-version.conf

0 → 100644
+2476 −0

File added.

Preview size limit exceeded, changes collapsed.