2 # Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
4 # Licensed under the Apache License 2.0 (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
10 ## Test version negotiation
17 use List::Util qw/max min/;
20 use OpenSSL::Test::Utils qw/anydisabled alldisabled disabled/;
21 setup("no_test_here");
23 my @tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3");
24 my @tls_protocols_fips = ("TLSv1.2", "TLSv1.3");
25 # undef stands for "no limit".
26 my @min_tls_protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3");
27 my @min_tls_protocols_fips = (undef, "TLSv1.2", "TLSv1.3");
28 my @max_tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3", undef);
29 my @max_tls_protocols_fips = ("TLSv1.2", "TLSv1.3", undef);
31 my @is_tls_disabled = anydisabled("ssl3", "tls1", "tls1_1", "tls1_2", "tls1_3");
32 my @is_tls_disabled_fips = anydisabled("tls1_2", "tls1_3");
34 my $min_tls_enabled; my $max_tls_enabled;
35 my $min_tls_enabled_fips; my $max_tls_enabled_fips;
37 # Protocol configuration works in cascades, i.e.,
38 # $no_tls1_1 disables TLSv1.1 and below.
40 # $min_enabled and $max_enabled will be correct if there is at least one
43 sub min_prot_enabled {
45 my $disabledref = shift;
46 my @protocols = @{$protref};
47 my @is_disabled = @{$disabledref};
50 foreach my $i (0..$#protocols) {
51 if (!$is_disabled[$i]) {
59 sub max_prot_enabled {
61 my $disabledref = shift;
62 my @protocols = @{$protref};
63 my @is_disabled = @{$disabledref};
66 foreach my $i (0..$#protocols) {
68 && ($protocols[$i] ne "TLSv1.3"
70 || !disabled("dh"))) {
77 $min_tls_enabled = min_prot_enabled(\@tls_protocols, \@is_tls_disabled);
78 $max_tls_enabled = max_prot_enabled(\@tls_protocols, \@is_tls_disabled);
79 $min_tls_enabled_fips = min_prot_enabled(\@tls_protocols_fips, \@is_tls_disabled_fips);
80 $max_tls_enabled_fips = max_prot_enabled(\@tls_protocols_fips, \@is_tls_disabled_fips);
83 my @dtls_protocols = ("DTLSv1", "DTLSv1.2");
84 my @dtls_protocols_fips = ("DTLSv1.2");
85 # undef stands for "no limit".
86 my @min_dtls_protocols = (undef, "DTLSv1", "DTLSv1.2");
87 my @min_dtls_protocols_fips = (undef, "DTLSv1.2");
88 my @max_dtls_protocols = ("DTLSv1", "DTLSv1.2", undef);
89 my @max_dtls_protocols_fips = ("DTLSv1.2", undef);
91 my @is_dtls_disabled = anydisabled("dtls1", "dtls1_2");
92 my @is_dtls_disabled_fips = anydisabled("dtls1_2");
94 my $min_dtls_enabled; my $max_dtls_enabled;
95 my $min_dtls_enabled_fips; my $max_dtls_enabled_fips;
97 # $min_enabled and $max_enabled will be correct if there is at least one
99 $min_dtls_enabled = min_prot_enabled(\@dtls_protocols, \@is_dtls_disabled);
100 $max_dtls_enabled = max_prot_enabled(\@dtls_protocols, \@is_dtls_disabled);
101 $min_dtls_enabled_fips = min_prot_enabled(\@dtls_protocols_fips, \@is_dtls_disabled_fips);
102 $max_dtls_enabled_fips = max_prot_enabled(\@dtls_protocols_fips, \@is_dtls_disabled_fips);
106 return $dtls ? alldisabled("dtls1", "dtls1_2") :
107 alldisabled("ssl3", "tls1", "tls1_1", "tls1_2", "tls1_3");
110 sub generate_version_tests {
114 my $dtls = $method eq "DTLS";
115 # Don't write the redundant "Method = TLS" into the configuration.
116 undef $method if !$dtls;
124 @protocols = $dtls ? @dtls_protocols_fips : @tls_protocols_fips;
125 @min_protocols = $dtls ? @min_dtls_protocols_fips : @min_tls_protocols_fips;
126 @max_protocols = $dtls ? @max_dtls_protocols_fips : @max_tls_protocols_fips;
127 $min_enabled = $dtls ? $min_dtls_enabled_fips : $min_tls_enabled_fips;
128 $max_enabled = $dtls ? $max_dtls_enabled_fips : $max_tls_enabled_fips;
130 @protocols = $dtls ? @dtls_protocols : @tls_protocols;
131 @min_protocols = $dtls ? @min_dtls_protocols : @min_tls_protocols;
132 @max_protocols = $dtls ? @max_dtls_protocols : @max_tls_protocols;
133 $min_enabled = $dtls ? $min_dtls_enabled : $min_tls_enabled;
134 $max_enabled = $dtls ? $max_dtls_enabled : $max_tls_enabled;
137 if (no_tests($dtls)) {
143 for (my $sctp = 0; $sctp < ($dtls && !disabled("sctp") ? 2 : 1); $sctp++) {
144 foreach my $c_min (0..$#min_protocols) {
145 my $c_max_min = $c_min == 0 ? 0 : $c_min - 1;
146 foreach my $c_max ($c_max_min..$#max_protocols) {
147 foreach my $s_min (0..$#min_protocols) {
148 my $s_max_min = $s_min == 0 ? 0 : $s_min - 1;
149 foreach my $s_max ($s_max_min..$#max_protocols) {
150 my ($result, $protocol) =
151 expected_result($c_min, $c_max, $s_min, $s_max,
152 $min_enabled, $max_enabled,
155 "name" => "version-negotiation",
157 "CipherString" => "DEFAULT:\@SECLEVEL=0",
158 "MinProtocol" => $min_protocols[$c_min],
159 "MaxProtocol" => $max_protocols[$c_max],
162 "CipherString" => "DEFAULT:\@SECLEVEL=0",
163 "MinProtocol" => $min_protocols[$s_min],
164 "MaxProtocol" => $max_protocols[$s_max],
167 "ExpectedResult" => $result,
168 "ExpectedProtocol" => $protocol,
172 $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp;
179 if disabled("tls1_3")
180 || disabled("tls1_2")
181 || (disabled("ec") && disabled("dh"))
184 #Add some version/ciphersuite sanity check tests
186 "name" => "ciphersuite-sanity-check-client",
188 #Offering only <=TLSv1.2 ciphersuites with TLSv1.3 should fail
189 "CipherString" => "AES128-SHA",
190 "Ciphersuites" => "",
193 "MaxProtocol" => "TLSv1.2"
196 "ExpectedResult" => "ClientFail",
200 "name" => "ciphersuite-sanity-check-server",
202 "CipherString" => "AES128-SHA",
203 "MaxProtocol" => "TLSv1.2"
206 #Allowing only <=TLSv1.2 ciphersuites with TLSv1.3 should fail
207 "CipherString" => "AES128-SHA",
208 "Ciphersuites" => "",
211 "ExpectedResult" => "ServerFail",
218 sub generate_resumption_tests {
222 my $dtls = $method eq "DTLS";
223 # Don't write the redundant "Method = TLS" into the configuration.
224 undef $method if !$dtls;
231 @protocols = $dtls ? @dtls_protocols_fips : @tls_protocols_fips;
232 $min_enabled = $dtls ? $min_dtls_enabled_fips : $min_tls_enabled_fips;
233 $max_enabled = $dtls ? $max_dtls_enabled_fips : $max_tls_enabled_fips;
235 @protocols = $dtls ? @dtls_protocols : @tls_protocols;
236 $min_enabled = $dtls ? $min_dtls_enabled : $min_tls_enabled;
237 $max_enabled = $dtls ? $max_dtls_enabled : $max_tls_enabled;
240 if (no_tests($dtls)) {
244 my @server_tests = ();
245 my @client_tests = ();
247 # Obtain the first session against a fixed-version server/client.
248 foreach my $original_protocol($min_enabled..$max_enabled) {
249 # Upgrade or downgrade the server/client max version support and test
250 # that it upgrades, downgrades or resumes the session as well.
251 foreach my $resume_protocol($min_enabled..$max_enabled) {
252 my $resumption_expected;
253 # We should only resume on exact version match.
254 if ($original_protocol eq $resume_protocol) {
255 $resumption_expected = "Yes";
257 $resumption_expected = "No";
260 for (my $sctp = 0; $sctp < ($dtls && !disabled("sctp") ? 2 : 1);
262 foreach my $ticket ("SessionTicket", "-SessionTicket") {
263 # Client is flexible, server upgrades/downgrades.
264 push @server_tests, {
265 "name" => "resumption",
267 "CipherString" => "DEFAULT:\@SECLEVEL=0",
270 "CipherString" => "DEFAULT:\@SECLEVEL=0",
271 "MinProtocol" => $protocols[$original_protocol],
272 "MaxProtocol" => $protocols[$original_protocol],
273 "Options" => $ticket,
276 "CipherString" => "DEFAULT:\@SECLEVEL=0",
277 "MaxProtocol" => $protocols[$resume_protocol],
278 "Options" => $ticket,
281 "ExpectedProtocol" => $protocols[$resume_protocol],
283 "HandshakeMode" => "Resume",
284 "ResumptionExpected" => $resumption_expected,
287 $server_tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp;
288 # Server is flexible, client upgrades/downgrades.
289 push @client_tests, {
290 "name" => "resumption",
292 "CipherString" => "DEFAULT:\@SECLEVEL=0",
293 "MinProtocol" => $protocols[$original_protocol],
294 "MaxProtocol" => $protocols[$original_protocol],
297 "CipherString" => "DEFAULT:\@SECLEVEL=0",
298 "Options" => $ticket,
301 "CipherString" => "DEFAULT:\@SECLEVEL=0",
302 "MaxProtocol" => $protocols[$resume_protocol],
305 "ExpectedProtocol" => $protocols[$resume_protocol],
307 "HandshakeMode" => "Resume",
308 "ResumptionExpected" => $resumption_expected,
311 $client_tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp;
317 if (!disabled("tls1_3") && (!disabled("ec") || !disabled("dh")) && !$dtls) {
318 push @client_tests, {
319 "name" => "resumption-with-hrr",
323 "Curves" => disabled("ec") ? "ffdhe3072" : "P-256"
328 "ExpectedProtocol" => "TLSv1.3",
330 "HandshakeMode" => "Resume",
331 "ResumptionExpected" => "Yes",
336 return (@server_tests, @client_tests);
339 sub expected_result {
340 my ($c_min, $c_max, $s_min, $s_max, $min_enabled, $max_enabled,
342 my @prots = @$protocols;
344 my $orig_c_max = $c_max;
345 # Adjust for "undef" (no limit).
346 $c_min = $c_min == 0 ? 0 : $c_min - 1;
347 $c_max = $c_max == scalar @$protocols ? $c_max - 1 : $c_max;
348 $s_min = $s_min == 0 ? 0 : $s_min - 1;
349 $s_max = $s_max == scalar @$protocols ? $s_max - 1 : $s_max;
351 # We now have at least one protocol enabled, so $min_enabled and
352 # $max_enabled are well-defined.
353 $c_min = max $c_min, $min_enabled;
354 $s_min = max $s_min, $min_enabled;
355 $c_max = min $c_max, $max_enabled;
356 $s_max = min $s_max, $max_enabled;
359 || ($orig_c_max != scalar @$protocols
360 && $prots[$orig_c_max] eq "TLSv1.3"
361 && $c_max != $orig_c_max
362 && !disabled("tls1_3"))) {
363 # Client should fail to even send a hello.
364 return ("ClientFail", undef);
365 } elsif ($s_min > $s_max) {
366 # Server has no protocols, should always fail.
367 return ("ServerFail", undef);
368 } elsif ($s_min > $c_max) {
369 # Server doesn't support the client range.
370 return ("ServerFail", undef);
371 } elsif ($c_min > $s_max) {
372 if ($prots[$c_max] eq "TLSv1.3") {
373 # Client will have sent supported_versions, so server will know
374 # that there are no overlapping versions.
375 return ("ServerFail", undef);
377 # Server will try with a version that is lower than the lowest
378 # supported client version.
379 return ("ClientFail", undef);
382 # Server and client ranges overlap.
383 my $max_common = $s_max < $c_max ? $s_max : $c_max;
384 return ("Success", $protocols->[$max_common]);