X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=test%2Fssl_test_ctx.c;h=28ee5c701b02fcd1f537f5f66201d6c0a807d886;hb=a2dcdb57af656b9b623e68e6c7f6b52cb5d0fa48;hp=3913e9f92360445a5ca2153a6d9613825458e489;hpb=d61f00780a232659161ac08847cd787af8672845;p=oweals%2Fopenssl.git diff --git a/test/ssl_test_ctx.c b/test/ssl_test_ctx.c index 3913e9f923..28ee5c701b 100644 --- a/test/ssl_test_ctx.c +++ b/test/ssl_test_ctx.c @@ -16,6 +16,45 @@ #include "ssl_test_ctx.h" #include "testutil.h" +static const int default_app_data_size = 256; +/* Default set to be as small as possible to exercise fragmentation. */ +static const int default_max_fragment_size = 512; + +static int parse_boolean(const char *value, int *result) +{ + if (strcasecmp(value, "Yes") == 0) { + *result = 1; + return 1; + } + else if (strcasecmp(value, "No") == 0) { + *result = 0; + return 1; + } + return 0; +} + +#define IMPLEMENT_SSL_TEST_BOOL_OPTION(struct_type, name, field) \ + static int parse_##name##_##field(struct_type *ctx, const char *value) \ + { \ + return parse_boolean(value, &ctx->field); \ + } + +#define IMPLEMENT_SSL_TEST_STRING_OPTION(struct_type, name, field) \ + static int parse_##name##_##field(struct_type *ctx, const char *value) \ + { \ + OPENSSL_free(ctx->field); \ + ctx->field = OPENSSL_strdup(value); \ + TEST_check(ctx->field != NULL); \ + return 1; \ + } + +#define IMPLEMENT_SSL_TEST_INT_OPTION(struct_type, name, field) \ + static int parse_##name##_##field(struct_type *ctx, const char *value) \ + { \ + ctx->field = atoi(value); \ + return 1; \ + } + /* True enums and other test configuration values that map to an int. */ typedef struct { const char *name; @@ -49,9 +88,7 @@ static const char *enum_name(const test_enum *enums, size_t num_enums, } -/*******************/ -/* ExpectedResult. */ -/*******************/ +/* ExpectedResult */ static const test_enum ssl_test_results[] = { {"Success", SSL_TEST_SUCCESS}, @@ -76,9 +113,7 @@ const char *ssl_test_result_name(ssl_test_result_t result) return enum_name(ssl_test_results, OSSL_NELEM(ssl_test_results), result); } -/**********************************************/ -/* ExpectedClientAlert / ExpectedServerAlert. */ -/**********************************************/ +/* ExpectedClientAlert / ExpectedServerAlert */ static const test_enum ssl_alerts[] = { {"UnknownCA", SSL_AD_UNKNOWN_CA}, @@ -108,9 +143,7 @@ const char *ssl_alert_name(int alert) return enum_name(ssl_alerts, OSSL_NELEM(ssl_alerts), alert); } -/********************/ /* ExpectedProtocol */ -/********************/ static const test_enum ssl_protocols[] = { {"TLSv1.2", TLS1_2_VERSION}, @@ -132,9 +165,7 @@ const char *ssl_protocol_name(int protocol) return enum_name(ssl_protocols, OSSL_NELEM(ssl_protocols), protocol); } -/***********************/ -/* VerifyCallback. */ -/***********************/ +/* VerifyCallback */ static const test_enum ssl_verify_callbacks[] = { {"None", SSL_TEST_VERIFY_NONE}, @@ -160,9 +191,7 @@ const char *ssl_verify_callback_name(ssl_verify_callback_t callback) callback); } -/**************/ /* ServerName */ -/**************/ static const test_enum ssl_servername[] = { {"None", SSL_TEST_SERVERNAME_NONE}, @@ -201,9 +230,7 @@ const char *ssl_servername_name(ssl_servername_t server) server); } -/**********************/ /* ServerNameCallback */ -/**********************/ static const test_enum ssl_servername_callbacks[] = { {"None", SSL_TEST_SERVERNAME_CB_NONE}, @@ -229,9 +256,7 @@ const char *ssl_servername_callback_name(ssl_servername_callback_t callback) OSSL_NELEM(ssl_servername_callbacks), callback); } -/*************************/ /* SessionTicketExpected */ -/*************************/ static const test_enum ssl_session_ticket[] = { {"Ignore", SSL_TEST_SESSION_TICKET_IGNORE}, @@ -257,9 +282,7 @@ const char *ssl_session_ticket_name(ssl_session_ticket_t server) server); } -/***********************/ -/* Method */ -/***********************/ +/* Method */ static const test_enum ssl_test_methods[] = { {"TLS", SSL_TEST_METHOD_TLS}, @@ -282,18 +305,7 @@ const char *ssl_test_method_name(ssl_test_method_t method) return enum_name(ssl_test_methods, OSSL_NELEM(ssl_test_methods), method); } -#define IMPLEMENT_SSL_TEST_STRING_OPTION(struct_type, name, field) \ - static int parse_##name##_##field(struct_type *ctx, const char *value) \ - { \ - OPENSSL_free(ctx->field); \ - ctx->field = OPENSSL_strdup(value); \ - TEST_check(ctx->field != NULL); \ - return 1; \ - } - -/************************************/ -/* NPN and ALPN options */ -/************************************/ +/* NPN and ALPN options */ IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, npn_protocols) IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, npn_protocols) @@ -302,14 +314,13 @@ IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, alpn_protocols) IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, alpn_protocols) IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_alpn_protocol) -/***********************/ -/* Handshake mode */ -/***********************/ +/* Handshake mode */ static const test_enum ssl_handshake_modes[] = { {"Simple", SSL_TEST_HANDSHAKE_SIMPLE}, {"Resume", SSL_TEST_HANDSHAKE_RESUME}, - {"Renegotiate", SSL_TEST_HANDSHAKE_RENEGOTIATE}, + {"RenegotiateServer", SSL_TEST_HANDSHAKE_RENEG_SERVER}, + {"RenegotiateClient", SSL_TEST_HANDSHAKE_RENEG_CLIENT}, }; __owur static int parse_handshake_mode(SSL_TEST_CTX *test_ctx, const char *value) @@ -329,9 +340,11 @@ const char *ssl_handshake_mode_name(ssl_handshake_mode_t mode) mode); } -/***********************/ -/* CT Validation */ -/***********************/ +/* Renegotiation Ciphersuites */ + +IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, reneg_ciphers) + +/* CT Validation */ static const test_enum ssl_ct_validation_modes[] = { {"None", SSL_TEST_CT_VALIDATION_NONE}, @@ -357,31 +370,68 @@ const char *ssl_ct_validation_name(ssl_ct_validation_t mode) mode); } -static int parse_boolean(const char *value, int *result) +IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, resumption_expected) +IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_SERVER_CONF, server, broken_session_ticket) + +/* CertStatus */ + +static const test_enum ssl_certstatus[] = { + {"None", SSL_TEST_CERT_STATUS_NONE}, + {"GoodResponse", SSL_TEST_CERT_STATUS_GOOD_RESPONSE}, + {"BadResponse", SSL_TEST_CERT_STATUS_BAD_RESPONSE} +}; + +__owur static int parse_certstatus(SSL_TEST_SERVER_CONF *server_conf, + const char *value) { - if (strcasecmp(value, "Yes") == 0) { - *result = 1; - return 1; - } - else if (strcasecmp(value, "No") == 0) { - *result = 0; - return 1; + int ret_value; + if (!parse_enum(ssl_certstatus, OSSL_NELEM(ssl_certstatus), &ret_value, + value)) { + return 0; } - return 0; + server_conf->cert_status = ret_value; + return 1; } -#define IMPLEMENT_SSL_TEST_BOOL_OPTION(struct_type, name, field) \ - static int parse_##name##_##field(struct_type *ctx, const char *value) \ - { \ - return parse_boolean(value, &ctx->field); \ - } +const char *ssl_certstatus_name(ssl_cert_status_t cert_status) +{ + return enum_name(ssl_certstatus, + OSSL_NELEM(ssl_certstatus), cert_status); +} -IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, resumption_expected) -IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_SERVER_CONF, server, broken_session_ticket) +/* ApplicationData */ + +IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, app_data_size) + + +/* MaxFragmentSize */ + +IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, max_fragment_size) + + +/* ExpectedTmpKeyType */ + +__owur static int parse_expected_tmp_key_type(SSL_TEST_CTX *test_ctx, + const char *value) +{ + int nid; + + if (value == NULL) + return 0; + nid = OBJ_sn2nid(value); + if (nid == NID_undef) + nid = OBJ_ln2nid(value); +#ifndef OPENSSL_NO_EC + if (nid == NID_undef) + nid = EC_curve_nist2nid(value); +#endif + if (nid == NID_undef) + return 0; + test_ctx->expected_tmp_key_type = nid; + return 1; +} -/*************************************************************/ /* Known test options and their corresponding parse methods. */ -/*************************************************************/ /* Top-level options. */ typedef struct { @@ -401,6 +451,9 @@ static const ssl_test_ctx_option ssl_test_ctx_options[] = { { "ExpectedALPNProtocol", &parse_test_expected_alpn_protocol }, { "HandshakeMode", &parse_handshake_mode }, { "ResumptionExpected", &parse_test_resumption_expected }, + { "ApplicationData", &parse_test_app_data_size }, + { "MaxFragmentSize", &parse_test_max_fragment_size }, + { "ExpectedTmpKeyType", &parse_expected_tmp_key_type }, }; /* Nested client options. */ @@ -415,6 +468,7 @@ static const ssl_test_client_option ssl_test_client_options[] = { { "NPNProtocols", &parse_client_npn_protocols }, { "ALPNProtocols", &parse_client_alpn_protocols }, { "CTValidation", &parse_ct_validation }, + { "RenegotiateCiphers", &parse_client_reneg_ciphers}, }; /* Nested server options. */ @@ -428,6 +482,7 @@ static const ssl_test_server_option ssl_test_server_options[] = { { "NPNProtocols", &parse_server_npn_protocols }, { "ALPNProtocols", &parse_server_alpn_protocols }, { "BrokenSessionTicket", &parse_server_broken_session_ticket }, + { "CertStatus", &parse_certstatus }, }; /* @@ -439,6 +494,8 @@ SSL_TEST_CTX *SSL_TEST_CTX_new() SSL_TEST_CTX *ret; ret = OPENSSL_zalloc(sizeof(*ret)); TEST_check(ret != NULL); + ret->app_data_size = default_app_data_size; + ret->max_fragment_size = default_max_fragment_size; return ret; } @@ -450,6 +507,7 @@ static void ssl_test_extra_conf_free_data(SSL_TEST_EXTRA_CONF *conf) OPENSSL_free(conf->client.alpn_protocols); OPENSSL_free(conf->server.alpn_protocols); OPENSSL_free(conf->server2.alpn_protocols); + OPENSSL_free(conf->client.reneg_ciphers); } static void ssl_test_ctx_free_extra_data(SSL_TEST_CTX *ctx)