X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=test%2Fssl_test_ctx.c;h=0be68c7e3ce39ba7ff6932afa6d14a15c8e9bb18;hb=07016a8a3174db5caf07182930533cf88ad9b0ad;hp=1f3495fa5cec48566e0b977d6ad07ef3af7f8a8f;hpb=cc22cd546bd0b0e1b55c1835403ab564d5f30581;p=oweals%2Fopenssl.git diff --git a/test/ssl_test_ctx.c b/test/ssl_test_ctx.c index 1f3495fa5c..0be68c7e3c 100644 --- a/test/ssl_test_ctx.c +++ b/test/ssl_test_ctx.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,12 +7,13 @@ * https://www.openssl.org/source/license.html */ +#include "../e_os.h" #include #include #include -#include "e_os.h" +#include "internal/nelem.h" #include "ssl_test_ctx.h" #include "testutil.h" @@ -30,6 +31,7 @@ static int parse_boolean(const char *value, int *result) *result = 0; return 1; } + TEST_error("parse_boolean given: '%s'", value); return 0; } @@ -44,8 +46,7 @@ static int parse_boolean(const char *value, int *result) { \ OPENSSL_free(ctx->field); \ ctx->field = OPENSSL_strdup(value); \ - TEST_check(ctx->field != NULL); \ - return 1; \ + return TEST_ptr(ctx->field); \ } #define IMPLEMENT_SSL_TEST_INT_OPTION(struct_type, name, field) \ @@ -237,6 +238,9 @@ static const test_enum ssl_servername_callbacks[] = { {"None", SSL_TEST_SERVERNAME_CB_NONE}, {"IgnoreMismatch", SSL_TEST_SERVERNAME_IGNORE_MISMATCH}, {"RejectMismatch", SSL_TEST_SERVERNAME_REJECT_MISMATCH}, + {"EarlyIgnoreMismatch", SSL_TEST_SERVERNAME_EARLY_IGNORE_MISMATCH}, + {"EarlyRejectMismatch", SSL_TEST_SERVERNAME_EARLY_REJECT_MISMATCH}, + {"EarlyNoV12", SSL_TEST_SERVERNAME_EARLY_NO_V12}, }; __owur static int parse_servername_callback(SSL_TEST_SERVER_CONF *server_conf, @@ -283,6 +287,10 @@ const char *ssl_session_ticket_name(ssl_session_ticket_t server) server); } +/* CompressionExpected */ + +IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, compression_expected) + /* Method */ static const test_enum ssl_test_methods[] = { @@ -315,6 +323,12 @@ IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, alpn_protocols) IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, alpn_protocols) IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_alpn_protocol) +/* SRP options */ +IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, srp_user) +IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, srp_user) +IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, srp_password) +IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, srp_password) + /* Handshake mode */ static const test_enum ssl_handshake_modes[] = { @@ -322,6 +336,8 @@ static const test_enum ssl_handshake_modes[] = { {"Resume", SSL_TEST_HANDSHAKE_RESUME}, {"RenegotiateServer", SSL_TEST_HANDSHAKE_RENEG_SERVER}, {"RenegotiateClient", SSL_TEST_HANDSHAKE_RENEG_CLIENT}, + {"KeyUpdateServer", SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER}, + {"KeyUpdateClient", SSL_TEST_HANDSHAKE_KEY_UPDATE_CLIENT}, }; __owur static int parse_handshake_mode(SSL_TEST_CTX *test_ctx, const char *value) @@ -345,6 +361,24 @@ const char *ssl_handshake_mode_name(ssl_handshake_mode_t mode) IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, reneg_ciphers) +/* KeyUpdateType */ + +static const test_enum ssl_key_update_types[] = { + {"KeyUpdateRequested", SSL_KEY_UPDATE_REQUESTED}, + {"KeyUpdateNotRequested", SSL_KEY_UPDATE_NOT_REQUESTED}, +}; + +__owur static int parse_key_update_type(SSL_TEST_CTX *test_ctx, const char *value) +{ + int ret_value; + if (!parse_enum(ssl_key_update_types, OSSL_NELEM(ssl_key_update_types), + &ret_value, value)) { + return 0; + } + test_ctx->key_update_type = ret_value; + return 1; +} + /* CT Validation */ static const test_enum ssl_ct_validation_modes[] = { @@ -373,6 +407,7 @@ const char *ssl_ct_validation_name(ssl_ct_validation_t mode) IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, resumption_expected) IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_SERVER_CONF, server, broken_session_ticket) +IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, use_sctp) /* CertStatus */ @@ -502,6 +537,27 @@ __owur static int parse_expected_client_sign_hash(SSL_TEST_CTX *test_ctx, value); } +__owur static int parse_expected_ca_names(STACK_OF(X509_NAME) **pnames, + const char *value) +{ + if (value == NULL) + return 0; + if (!strcmp(value, "empty")) + *pnames = sk_X509_NAME_new_null(); + else + *pnames = SSL_load_client_CA_file(value); + return *pnames != NULL; +} +__owur static int parse_expected_server_ca_names(SSL_TEST_CTX *test_ctx, + const char *value) +{ + return parse_expected_ca_names(&test_ctx->expected_server_ca_names, value); +} +__owur static int parse_expected_client_ca_names(SSL_TEST_CTX *test_ctx, + const char *value) +{ + return parse_expected_ca_names(&test_ctx->expected_client_ca_names, value); +} /* Known test options and their corresponding parse methods. */ @@ -518,10 +574,12 @@ static const ssl_test_ctx_option ssl_test_ctx_options[] = { { "ExpectedProtocol", &parse_protocol }, { "ExpectedServerName", &parse_expected_servername }, { "SessionTicketExpected", &parse_session_ticket }, + { "CompressionExpected", &parse_test_compression_expected }, { "Method", &parse_test_method }, { "ExpectedNPNProtocol", &parse_test_expected_npn_protocol }, { "ExpectedALPNProtocol", &parse_test_expected_alpn_protocol }, { "HandshakeMode", &parse_handshake_mode }, + { "KeyUpdateType", &parse_key_update_type }, { "ResumptionExpected", &parse_test_resumption_expected }, { "ApplicationData", &parse_test_app_data_size }, { "MaxFragmentSize", &parse_test_max_fragment_size }, @@ -529,9 +587,12 @@ static const ssl_test_ctx_option ssl_test_ctx_options[] = { { "ExpectedServerCertType", &parse_expected_server_cert_type }, { "ExpectedServerSignHash", &parse_expected_server_sign_hash }, { "ExpectedServerSignType", &parse_expected_server_sign_type }, + { "ExpectedServerCANames", &parse_expected_server_ca_names }, { "ExpectedClientCertType", &parse_expected_client_cert_type }, { "ExpectedClientSignHash", &parse_expected_client_sign_hash }, { "ExpectedClientSignType", &parse_expected_client_sign_type }, + { "ExpectedClientCANames", &parse_expected_client_ca_names }, + { "UseSCTP", &parse_test_use_sctp }, }; /* Nested client options. */ @@ -547,6 +608,8 @@ static const ssl_test_client_option ssl_test_client_options[] = { { "ALPNProtocols", &parse_client_alpn_protocols }, { "CTValidation", &parse_ct_validation }, { "RenegotiateCiphers", &parse_client_reneg_ciphers}, + { "SRPUser", &parse_client_srp_user }, + { "SRPPassword", &parse_client_srp_password }, }; /* Nested server options. */ @@ -561,19 +624,19 @@ static const ssl_test_server_option ssl_test_server_options[] = { { "ALPNProtocols", &parse_server_alpn_protocols }, { "BrokenSessionTicket", &parse_server_broken_session_ticket }, { "CertStatus", &parse_certstatus }, + { "SRPUser", &parse_server_srp_user }, + { "SRPPassword", &parse_server_srp_password }, }; -/* - * Since these methods are used to create tests, we use TEST_check liberally - * for malloc failures and other internal errors. - */ SSL_TEST_CTX *SSL_TEST_CTX_new() { SSL_TEST_CTX *ret; - ret = OPENSSL_zalloc(sizeof(*ret)); - TEST_check(ret != NULL); - ret->app_data_size = default_app_data_size; - ret->max_fragment_size = default_max_fragment_size; + + /* The return code is checked by caller */ + if ((ret = OPENSSL_zalloc(sizeof(*ret))) != NULL) { + ret->app_data_size = default_app_data_size; + ret->max_fragment_size = default_max_fragment_size; + } return ret; } @@ -585,6 +648,13 @@ static void ssl_test_extra_conf_free_data(SSL_TEST_EXTRA_CONF *conf) OPENSSL_free(conf->client.alpn_protocols); OPENSSL_free(conf->server.alpn_protocols); OPENSSL_free(conf->server2.alpn_protocols); + OPENSSL_free(conf->client.reneg_ciphers); + OPENSSL_free(conf->server.srp_user); + OPENSSL_free(conf->server.srp_password); + OPENSSL_free(conf->server2.srp_user); + OPENSSL_free(conf->server2.srp_password); + OPENSSL_free(conf->client.srp_user); + OPENSSL_free(conf->client.srp_password); } static void ssl_test_ctx_free_extra_data(SSL_TEST_CTX *ctx) @@ -598,6 +668,8 @@ void SSL_TEST_CTX_free(SSL_TEST_CTX *ctx) ssl_test_ctx_free_extra_data(ctx); OPENSSL_free(ctx->expected_npn_protocol); OPENSSL_free(ctx->expected_alpn_protocol); + sk_X509_NAME_pop_free(ctx->expected_server_ca_names, X509_NAME_free); + sk_X509_NAME_pop_free(ctx->expected_client_ca_names, X509_NAME_free); OPENSSL_free(ctx); } @@ -608,8 +680,8 @@ static int parse_client_options(SSL_TEST_CLIENT_CONF *client, const CONF *conf, int i; size_t j; - sk_conf = NCONF_get_section(conf, client_section); - TEST_check(sk_conf != NULL); + if (!TEST_ptr(sk_conf = NCONF_get_section(conf, client_section))) + return 0; for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) { int found = 0; @@ -617,8 +689,8 @@ static int parse_client_options(SSL_TEST_CLIENT_CONF *client, const CONF *conf, for (j = 0; j < OSSL_NELEM(ssl_test_client_options); j++) { if (strcmp(option->name, ssl_test_client_options[j].name) == 0) { if (!ssl_test_client_options[j].parse(client, option->value)) { - fprintf(stderr, "Bad value %s for option %s\n", - option->value, option->name); + TEST_info("Bad value %s for option %s", + option->value, option->name); return 0; } found = 1; @@ -626,7 +698,7 @@ static int parse_client_options(SSL_TEST_CLIENT_CONF *client, const CONF *conf, } } if (!found) { - fprintf(stderr, "Unknown test option: %s\n", option->name); + TEST_info("Unknown test option: %s", option->name); return 0; } } @@ -641,8 +713,8 @@ static int parse_server_options(SSL_TEST_SERVER_CONF *server, const CONF *conf, int i; size_t j; - sk_conf = NCONF_get_section(conf, server_section); - TEST_check(sk_conf != NULL); + if (!TEST_ptr(sk_conf = NCONF_get_section(conf, server_section))) + return 0; for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) { int found = 0; @@ -650,8 +722,8 @@ static int parse_server_options(SSL_TEST_SERVER_CONF *server, const CONF *conf, for (j = 0; j < OSSL_NELEM(ssl_test_server_options); j++) { if (strcmp(option->name, ssl_test_server_options[j].name) == 0) { if (!ssl_test_server_options[j].parse(server, option->value)) { - fprintf(stderr, "Bad value %s for option %s\n", - option->value, option->name); + TEST_info("Bad value %s for option %s", + option->value, option->name); return 0; } found = 1; @@ -659,7 +731,7 @@ static int parse_server_options(SSL_TEST_SERVER_CONF *server, const CONF *conf, } } if (!found) { - fprintf(stderr, "Unknown test option: %s\n", option->name); + TEST_info("Unknown test option: %s", option->name); return 0; } } @@ -669,16 +741,14 @@ static int parse_server_options(SSL_TEST_SERVER_CONF *server, const CONF *conf, SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section) { - STACK_OF(CONF_VALUE) *sk_conf; - SSL_TEST_CTX *ctx; + STACK_OF(CONF_VALUE) *sk_conf = NULL; + SSL_TEST_CTX *ctx = NULL; int i; size_t j; - sk_conf = NCONF_get_section(conf, test_section); - TEST_check(sk_conf != NULL); - - ctx = SSL_TEST_CTX_new(); - TEST_check(ctx != NULL); + if (!TEST_ptr(sk_conf = NCONF_get_section(conf, test_section)) + || !TEST_ptr(ctx = SSL_TEST_CTX_new())) + goto err; for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) { int found = 0; @@ -686,16 +756,13 @@ SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section) /* Subsections */ if (strcmp(option->name, "client") == 0) { - if (!parse_client_options(&ctx->extra.client, conf, - option->value)) + if (!parse_client_options(&ctx->extra.client, conf, option->value)) goto err; } else if (strcmp(option->name, "server") == 0) { - if (!parse_server_options(&ctx->extra.server, conf, - option->value)) + if (!parse_server_options(&ctx->extra.server, conf, option->value)) goto err; } else if (strcmp(option->name, "server2") == 0) { - if (!parse_server_options(&ctx->extra.server2, conf, - option->value)) + if (!parse_server_options(&ctx->extra.server2, conf, option->value)) goto err; } else if (strcmp(option->name, "resume-client") == 0) { if (!parse_client_options(&ctx->resume_extra.client, conf, @@ -709,13 +776,12 @@ SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section) if (!parse_server_options(&ctx->resume_extra.server2, conf, option->value)) goto err; - } else { for (j = 0; j < OSSL_NELEM(ssl_test_ctx_options); j++) { if (strcmp(option->name, ssl_test_ctx_options[j].name) == 0) { if (!ssl_test_ctx_options[j].parse(ctx, option->value)) { - fprintf(stderr, "Bad value %s for option %s\n", - option->value, option->name); + TEST_info("Bad value %s for option %s", + option->value, option->name); goto err; } found = 1; @@ -723,7 +789,7 @@ SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section) } } if (!found) { - fprintf(stderr, "Unknown test option: %s\n", option->name); + TEST_info("Unknown test option: %s", option->name); goto err; } }