diff options
author | Sam Roberts <vieuxtech@gmail.com> | 2018-11-22 10:39:20 -0800 |
---|---|---|
committer | Sam Roberts <vieuxtech@gmail.com> | 2019-01-22 13:32:34 -0800 |
commit | 4231ad04f0b2aee5bda6be94715d4b70badaac8b (patch) | |
tree | 19f189fae6828708ebd37e466ce4a7716494b96a /deps/openssl/openssl/test/ssl-tests/protocol_version.pm | |
parent | 5d80f9ea6091847176fa47fb1395fdffc4af9164 (diff) | |
download | android-node-v8-4231ad04f0b2aee5bda6be94715d4b70badaac8b.tar.gz android-node-v8-4231ad04f0b2aee5bda6be94715d4b70badaac8b.tar.bz2 android-node-v8-4231ad04f0b2aee5bda6be94715d4b70badaac8b.zip |
deps: upgrade openssl sources to 1.1.1a
This updates all sources in deps/openssl/openssl with openssl-1.1.1a.
PR-URL: https://github.com/nodejs/node/pull/25381
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Diffstat (limited to 'deps/openssl/openssl/test/ssl-tests/protocol_version.pm')
-rw-r--r-- | deps/openssl/openssl/test/ssl-tests/protocol_version.pm | 228 |
1 files changed, 148 insertions, 80 deletions
diff --git a/deps/openssl/openssl/test/ssl-tests/protocol_version.pm b/deps/openssl/openssl/test/ssl-tests/protocol_version.pm index c711362949..943719e84a 100644 --- a/deps/openssl/openssl/test/ssl-tests/protocol_version.pm +++ b/deps/openssl/openssl/test/ssl-tests/protocol_version.pm @@ -1,5 +1,5 @@ # -*- mode: perl; -*- -# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -17,15 +17,15 @@ use warnings; use List::Util qw/max min/; use OpenSSL::Test; -use OpenSSL::Test::Utils qw/anydisabled alldisabled/; +use OpenSSL::Test::Utils qw/anydisabled alldisabled disabled/; setup("no_test_here"); -my @tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"); +my @tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"); # undef stands for "no limit". -my @min_tls_protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"); -my @max_tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", undef); +my @min_tls_protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"); +my @max_tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3", undef); -my @is_tls_disabled = anydisabled("ssl3", "tls1", "tls1_1", "tls1_2"); +my @is_tls_disabled = anydisabled("ssl3", "tls1", "tls1_1", "tls1_2", "tls1_3"); my $min_tls_enabled; my $max_tls_enabled; @@ -74,7 +74,7 @@ foreach my $i (0..$#dtls_protocols) { sub no_tests { my ($dtls) = @_; return $dtls ? alldisabled("dtls1", "dtls1_2") : - alldisabled("ssl3", "tls1", "tls1_1", "tls1_2"); + alldisabled("ssl3", "tls1", "tls1_1", "tls1_2", "tls1_3"); } sub generate_version_tests { @@ -96,35 +96,72 @@ sub generate_version_tests { my @tests = (); - foreach my $c_min (0..$#min_protocols) { - my $c_max_min = $c_min == 0 ? 0 : $c_min - 1; - foreach my $c_max ($c_max_min..$#max_protocols) { - foreach my $s_min (0..$#min_protocols) { - my $s_max_min = $s_min == 0 ? 0 : $s_min - 1; - foreach my $s_max ($s_max_min..$#max_protocols) { - my ($result, $protocol) = - expected_result($c_min, $c_max, $s_min, $s_max, - $min_enabled, $max_enabled, \@protocols); - push @tests, { - "name" => "version-negotiation", - "client" => { - "MinProtocol" => $min_protocols[$c_min], - "MaxProtocol" => $max_protocols[$c_max], - }, - "server" => { - "MinProtocol" => $min_protocols[$s_min], - "MaxProtocol" => $max_protocols[$s_max], - }, - "test" => { - "ExpectedResult" => $result, - "ExpectedProtocol" => $protocol, - "Method" => $method, - } - }; + for (my $sctp = 0; $sctp < ($dtls && !disabled("sctp") ? 2 : 1); $sctp++) { + foreach my $c_min (0..$#min_protocols) { + my $c_max_min = $c_min == 0 ? 0 : $c_min - 1; + foreach my $c_max ($c_max_min..$#max_protocols) { + foreach my $s_min (0..$#min_protocols) { + my $s_max_min = $s_min == 0 ? 0 : $s_min - 1; + foreach my $s_max ($s_max_min..$#max_protocols) { + my ($result, $protocol) = + expected_result($c_min, $c_max, $s_min, $s_max, + $min_enabled, $max_enabled, + \@protocols); + push @tests, { + "name" => "version-negotiation", + "client" => { + "MinProtocol" => $min_protocols[$c_min], + "MaxProtocol" => $max_protocols[$c_max], + }, + "server" => { + "MinProtocol" => $min_protocols[$s_min], + "MaxProtocol" => $max_protocols[$s_max], + }, + "test" => { + "ExpectedResult" => $result, + "ExpectedProtocol" => $protocol, + "Method" => $method, + } + }; + $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp; + } } } } } + return @tests if disabled("tls1_3") || disabled("tls1_2") || $dtls; + + #Add some version/ciphersuite sanity check tests + push @tests, { + "name" => "ciphersuite-sanity-check-client", + "client" => { + #Offering only <=TLSv1.2 ciphersuites with TLSv1.3 should fail + "CipherString" => "AES128-SHA", + "Ciphersuites" => "", + }, + "server" => { + "MaxProtocol" => "TLSv1.2" + }, + "test" => { + "ExpectedResult" => "ClientFail", + } + }; + push @tests, { + "name" => "ciphersuite-sanity-check-server", + "client" => { + "CipherString" => "AES128-SHA", + "MaxProtocol" => "TLSv1.2" + }, + "server" => { + #Allowing only <=TLSv1.2 ciphersuites with TLSv1.3 should fail + "CipherString" => "AES128-SHA", + "Ciphersuites" => "", + }, + "test" => { + "ExpectedResult" => "ServerFail", + } + }; + return @tests; } @@ -137,6 +174,7 @@ sub generate_resumption_tests { my @protocols = $dtls ? @dtls_protocols : @tls_protocols; my $min_enabled = $dtls ? $min_dtls_enabled : $min_tls_enabled; + my $max_enabled = $dtls ? $max_dtls_enabled : $max_tls_enabled; if (no_tests($dtls)) { return; @@ -146,10 +184,10 @@ sub generate_resumption_tests { my @client_tests = (); # Obtain the first session against a fixed-version server/client. - foreach my $original_protocol($min_enabled..$#protocols) { + foreach my $original_protocol($min_enabled..$max_enabled) { # Upgrade or downgrade the server/client max version support and test # that it upgrades, downgrades or resumes the session as well. - foreach my $resume_protocol($min_enabled..$#protocols) { + foreach my $resume_protocol($min_enabled..$max_enabled) { my $resumption_expected; # We should only resume on exact version match. if ($original_protocol eq $resume_protocol) { @@ -158,50 +196,75 @@ sub generate_resumption_tests { $resumption_expected = "No"; } - foreach my $ticket ("SessionTicket", "-SessionTicket") { - # Client is flexible, server upgrades/downgrades. - push @server_tests, { - "name" => "resumption", - "client" => { }, - "server" => { - "MinProtocol" => $protocols[$original_protocol], - "MaxProtocol" => $protocols[$original_protocol], - "Options" => $ticket, - }, - "resume_server" => { - "MaxProtocol" => $protocols[$resume_protocol], - }, - "test" => { - "ExpectedProtocol" => $protocols[$resume_protocol], - "Method" => $method, - "HandshakeMode" => "Resume", - "ResumptionExpected" => $resumption_expected, - } - }; - # Server is flexible, client upgrades/downgrades. - push @client_tests, { - "name" => "resumption", - "client" => { - "MinProtocol" => $protocols[$original_protocol], - "MaxProtocol" => $protocols[$original_protocol], - }, - "server" => { - "Options" => $ticket, - }, - "resume_client" => { - "MaxProtocol" => $protocols[$resume_protocol], - }, - "test" => { - "ExpectedProtocol" => $protocols[$resume_protocol], - "Method" => $method, - "HandshakeMode" => "Resume", - "ResumptionExpected" => $resumption_expected, - } - }; + for (my $sctp = 0; $sctp < ($dtls && !disabled("sctp") ? 2 : 1); + $sctp++) { + foreach my $ticket ("SessionTicket", "-SessionTicket") { + # Client is flexible, server upgrades/downgrades. + push @server_tests, { + "name" => "resumption", + "client" => { }, + "server" => { + "MinProtocol" => $protocols[$original_protocol], + "MaxProtocol" => $protocols[$original_protocol], + "Options" => $ticket, + }, + "resume_server" => { + "MaxProtocol" => $protocols[$resume_protocol], + "Options" => $ticket, + }, + "test" => { + "ExpectedProtocol" => $protocols[$resume_protocol], + "Method" => $method, + "HandshakeMode" => "Resume", + "ResumptionExpected" => $resumption_expected, + } + }; + $server_tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp; + # Server is flexible, client upgrades/downgrades. + push @client_tests, { + "name" => "resumption", + "client" => { + "MinProtocol" => $protocols[$original_protocol], + "MaxProtocol" => $protocols[$original_protocol], + }, + "server" => { + "Options" => $ticket, + }, + "resume_client" => { + "MaxProtocol" => $protocols[$resume_protocol], + }, + "test" => { + "ExpectedProtocol" => $protocols[$resume_protocol], + "Method" => $method, + "HandshakeMode" => "Resume", + "ResumptionExpected" => $resumption_expected, + } + }; + $client_tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp; + } } } } + if (!disabled("tls1_3") && !$dtls) { + push @client_tests, { + "name" => "resumption-with-hrr", + "client" => { + }, + "server" => { + "Curves" => "P-256" + }, + "resume_client" => { + }, + "test" => { + "ExpectedProtocol" => "TLSv1.3", + "Method" => "TLS", + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + } + }; + } + return (@server_tests, @client_tests); } @@ -224,9 +287,7 @@ sub expected_result { if ($c_min > $c_max) { # Client should fail to even send a hello. - # This results in an internal error since the server will be - # waiting for input that never arrives. - return ("InternalError", undef); + return ("ClientFail", undef); } elsif ($s_min > $s_max) { # Server has no protocols, should always fail. return ("ServerFail", undef); @@ -234,9 +295,16 @@ sub expected_result { # Server doesn't support the client range. return ("ServerFail", undef); } elsif ($c_min > $s_max) { - # Server will try with a version that is lower than the lowest - # supported client version. - return ("ClientFail", undef); + my @prots = @$protocols; + if ($prots[$c_max] eq "TLSv1.3") { + # Client will have sent supported_versions, so server will know + # that there are no overlapping versions. + return ("ServerFail", undef); + } else { + # Server will try with a version that is lower than the lowest + # supported client version. + return ("ClientFail", undef); + } } else { # Server and client ranges overlap. my $max_common = $s_max < $c_max ? $s_max : $c_max; |