X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=test%2Fssl_test_ctx.c;h=28ee5c701b02fcd1f537f5f66201d6c0a807d886;hb=a2dcdb57af656b9b623e68e6c7f6b52cb5d0fa48;hp=d4a7c8ba59d48746f11f6964684323e70edb4024;hpb=9f48bbacd8cac8d08dff146db438ab3e19908a7a;p=oweals%2Fopenssl.git diff --git a/test/ssl_test_ctx.c b/test/ssl_test_ctx.c index d4a7c8ba59..28ee5c701b 100644 --- a/test/ssl_test_ctx.c +++ b/test/ssl_test_ctx.c @@ -14,6 +14,46 @@ #include "e_os.h" #include "ssl_test_ctx.h" +#include "testutil.h" + +static const int default_app_data_size = 256; +/* Default set to be as small as possible to exercise fragmentation. */ +static const int default_max_fragment_size = 512; + +static int parse_boolean(const char *value, int *result) +{ + if (strcasecmp(value, "Yes") == 0) { + *result = 1; + return 1; + } + else if (strcasecmp(value, "No") == 0) { + *result = 0; + return 1; + } + return 0; +} + +#define IMPLEMENT_SSL_TEST_BOOL_OPTION(struct_type, name, field) \ + static int parse_##name##_##field(struct_type *ctx, const char *value) \ + { \ + return parse_boolean(value, &ctx->field); \ + } + +#define IMPLEMENT_SSL_TEST_STRING_OPTION(struct_type, name, field) \ + static int parse_##name##_##field(struct_type *ctx, const char *value) \ + { \ + OPENSSL_free(ctx->field); \ + ctx->field = OPENSSL_strdup(value); \ + TEST_check(ctx->field != NULL); \ + return 1; \ + } + +#define IMPLEMENT_SSL_TEST_INT_OPTION(struct_type, name, field) \ + static int parse_##name##_##field(struct_type *ctx, const char *value) \ + { \ + ctx->field = atoi(value); \ + return 1; \ + } /* True enums and other test configuration values that map to an int. */ typedef struct { @@ -48,9 +88,7 @@ static const char *enum_name(const test_enum *enums, size_t num_enums, } -/*******************/ -/* ExpectedResult. */ -/*******************/ +/* ExpectedResult */ static const test_enum ssl_test_results[] = { {"Success", SSL_TEST_SUCCESS}, @@ -75,9 +113,7 @@ const char *ssl_test_result_name(ssl_test_result_t result) return enum_name(ssl_test_results, OSSL_NELEM(ssl_test_results), result); } -/**********************************************/ -/* ExpectedClientAlert / ExpectedServerAlert. */ -/**********************************************/ +/* ExpectedClientAlert / ExpectedServerAlert */ static const test_enum ssl_alerts[] = { {"UnknownCA", SSL_AD_UNKNOWN_CA}, @@ -107,9 +143,7 @@ const char *ssl_alert_name(int alert) return enum_name(ssl_alerts, OSSL_NELEM(ssl_alerts), alert); } -/********************/ /* ExpectedProtocol */ -/********************/ static const test_enum ssl_protocols[] = { {"TLSv1.2", TLS1_2_VERSION}, @@ -131,9 +165,7 @@ const char *ssl_protocol_name(int protocol) return enum_name(ssl_protocols, OSSL_NELEM(ssl_protocols), protocol); } -/***********************/ -/* VerifyCallback. */ -/***********************/ +/* VerifyCallback */ static const test_enum ssl_verify_callbacks[] = { {"None", SSL_TEST_VERIFY_NONE}, @@ -142,7 +174,7 @@ static const test_enum ssl_verify_callbacks[] = { }; __owur static int parse_client_verify_callback(SSL_TEST_CLIENT_CONF *client_conf, - const char *value) + const char *value) { int ret_value; if (!parse_enum(ssl_verify_callbacks, OSSL_NELEM(ssl_verify_callbacks), @@ -159,9 +191,7 @@ const char *ssl_verify_callback_name(ssl_verify_callback_t callback) callback); } -/**************/ /* ServerName */ -/**************/ static const test_enum ssl_servername[] = { {"None", SSL_TEST_SERVERNAME_NONE}, @@ -200,9 +230,7 @@ const char *ssl_servername_name(ssl_servername_t server) server); } -/**********************/ /* ServerNameCallback */ -/**********************/ static const test_enum ssl_servername_callbacks[] = { {"None", SSL_TEST_SERVERNAME_CB_NONE}, @@ -228,9 +256,7 @@ const char *ssl_servername_callback_name(ssl_servername_callback_t callback) OSSL_NELEM(ssl_servername_callbacks), callback); } -/*************************/ /* SessionTicketExpected */ -/*************************/ static const test_enum ssl_session_ticket[] = { {"Ignore", SSL_TEST_SESSION_TICKET_IGNORE}, @@ -256,9 +282,7 @@ const char *ssl_session_ticket_name(ssl_session_ticket_t server) server); } -/***********************/ -/* Method */ -/***********************/ +/* Method */ static const test_enum ssl_test_methods[] = { {"TLS", SSL_TEST_METHOD_TLS}, @@ -281,18 +305,7 @@ const char *ssl_test_method_name(ssl_test_method_t method) return enum_name(ssl_test_methods, OSSL_NELEM(ssl_test_methods), method); } -#define IMPLEMENT_SSL_TEST_STRING_OPTION(struct_type, name, field) \ - static int parse_##name##_##field(struct_type *ctx, const char *value) \ - { \ - OPENSSL_free(ctx->field); \ - ctx->field = OPENSSL_strdup(value); \ - OPENSSL_assert(ctx->field != NULL); \ - return 1; \ - } - -/************************************/ -/* NPN and ALPN options */ -/************************************/ +/* NPN and ALPN options */ IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, npn_protocols) IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, npn_protocols) @@ -301,14 +314,13 @@ IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, alpn_protocols) IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, alpn_protocols) IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_alpn_protocol) -/***********************/ -/* Handshake mode */ -/***********************/ +/* Handshake mode */ static const test_enum ssl_handshake_modes[] = { {"Simple", SSL_TEST_HANDSHAKE_SIMPLE}, {"Resume", SSL_TEST_HANDSHAKE_RESUME}, - {"Renegotiate", SSL_TEST_HANDSHAKE_RENEGOTIATE}, + {"RenegotiateServer", SSL_TEST_HANDSHAKE_RENEG_SERVER}, + {"RenegotiateClient", SSL_TEST_HANDSHAKE_RENEG_CLIENT}, }; __owur static int parse_handshake_mode(SSL_TEST_CTX *test_ctx, const char *value) @@ -328,31 +340,98 @@ const char *ssl_handshake_mode_name(ssl_handshake_mode_t mode) mode); } -static int parse_boolean(const char *value, int *result) +/* Renegotiation Ciphersuites */ + +IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, reneg_ciphers) + +/* CT Validation */ + +static const test_enum ssl_ct_validation_modes[] = { + {"None", SSL_TEST_CT_VALIDATION_NONE}, + {"Permissive", SSL_TEST_CT_VALIDATION_PERMISSIVE}, + {"Strict", SSL_TEST_CT_VALIDATION_STRICT}, +}; + +__owur static int parse_ct_validation(SSL_TEST_CLIENT_CONF *client_conf, + const char *value) { - if (strcasecmp(value, "Yes") == 0) { - *result = 1; - return 1; - } - else if (strcasecmp(value, "No") == 0) { - *result = 0; - return 1; + int ret_value; + if (!parse_enum(ssl_ct_validation_modes, OSSL_NELEM(ssl_ct_validation_modes), + &ret_value, value)) { + return 0; } - return 0; + client_conf->ct_validation = ret_value; + return 1; } -#define IMPLEMENT_SSL_TEST_BOOL_OPTION(struct_type, name, field) \ - static int parse_##name##_##field(struct_type *ctx, const char *value) \ - { \ - return parse_boolean(value, &ctx->field); \ - } +const char *ssl_ct_validation_name(ssl_ct_validation_t mode) +{ + return enum_name(ssl_ct_validation_modes, OSSL_NELEM(ssl_ct_validation_modes), + mode); +} IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, resumption_expected) IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_SERVER_CONF, server, broken_session_ticket) -/*************************************************************/ +/* CertStatus */ + +static const test_enum ssl_certstatus[] = { + {"None", SSL_TEST_CERT_STATUS_NONE}, + {"GoodResponse", SSL_TEST_CERT_STATUS_GOOD_RESPONSE}, + {"BadResponse", SSL_TEST_CERT_STATUS_BAD_RESPONSE} +}; + +__owur static int parse_certstatus(SSL_TEST_SERVER_CONF *server_conf, + const char *value) +{ + int ret_value; + if (!parse_enum(ssl_certstatus, OSSL_NELEM(ssl_certstatus), &ret_value, + value)) { + return 0; + } + server_conf->cert_status = ret_value; + return 1; +} + +const char *ssl_certstatus_name(ssl_cert_status_t cert_status) +{ + return enum_name(ssl_certstatus, + OSSL_NELEM(ssl_certstatus), cert_status); +} + +/* ApplicationData */ + +IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, app_data_size) + + +/* MaxFragmentSize */ + +IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, max_fragment_size) + + +/* ExpectedTmpKeyType */ + +__owur static int parse_expected_tmp_key_type(SSL_TEST_CTX *test_ctx, + const char *value) +{ + int nid; + + if (value == NULL) + return 0; + nid = OBJ_sn2nid(value); + if (nid == NID_undef) + nid = OBJ_ln2nid(value); +#ifndef OPENSSL_NO_EC + if (nid == NID_undef) + nid = EC_curve_nist2nid(value); +#endif + if (nid == NID_undef) + return 0; + test_ctx->expected_tmp_key_type = nid; + return 1; +} + /* Known test options and their corresponding parse methods. */ -/*************************************************************/ /* Top-level options. */ typedef struct { @@ -372,6 +451,9 @@ static const ssl_test_ctx_option ssl_test_ctx_options[] = { { "ExpectedALPNProtocol", &parse_test_expected_alpn_protocol }, { "HandshakeMode", &parse_handshake_mode }, { "ResumptionExpected", &parse_test_resumption_expected }, + { "ApplicationData", &parse_test_app_data_size }, + { "MaxFragmentSize", &parse_test_max_fragment_size }, + { "ExpectedTmpKeyType", &parse_expected_tmp_key_type }, }; /* Nested client options. */ @@ -385,6 +467,8 @@ static const ssl_test_client_option ssl_test_client_options[] = { { "ServerName", &parse_servername }, { "NPNProtocols", &parse_client_npn_protocols }, { "ALPNProtocols", &parse_client_alpn_protocols }, + { "CTValidation", &parse_ct_validation }, + { "RenegotiateCiphers", &parse_client_reneg_ciphers}, }; /* Nested server options. */ @@ -398,17 +482,20 @@ static const ssl_test_server_option ssl_test_server_options[] = { { "NPNProtocols", &parse_server_npn_protocols }, { "ALPNProtocols", &parse_server_alpn_protocols }, { "BrokenSessionTicket", &parse_server_broken_session_ticket }, + { "CertStatus", &parse_certstatus }, }; /* - * Since these methods are used to create tests, we use OPENSSL_assert liberally + * Since these methods are used to create tests, we use TEST_check liberally * for malloc failures and other internal errors. */ SSL_TEST_CTX *SSL_TEST_CTX_new() { SSL_TEST_CTX *ret; ret = OPENSSL_zalloc(sizeof(*ret)); - OPENSSL_assert(ret != NULL); + TEST_check(ret != NULL); + ret->app_data_size = default_app_data_size; + ret->max_fragment_size = default_max_fragment_size; return ret; } @@ -420,6 +507,7 @@ static void ssl_test_extra_conf_free_data(SSL_TEST_EXTRA_CONF *conf) OPENSSL_free(conf->client.alpn_protocols); OPENSSL_free(conf->server.alpn_protocols); OPENSSL_free(conf->server2.alpn_protocols); + OPENSSL_free(conf->client.reneg_ciphers); } static void ssl_test_ctx_free_extra_data(SSL_TEST_CTX *ctx) @@ -444,7 +532,7 @@ static int parse_client_options(SSL_TEST_CLIENT_CONF *client, const CONF *conf, size_t j; sk_conf = NCONF_get_section(conf, client_section); - OPENSSL_assert(sk_conf != NULL); + TEST_check(sk_conf != NULL); for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) { int found = 0; @@ -477,7 +565,7 @@ static int parse_server_options(SSL_TEST_SERVER_CONF *server, const CONF *conf, size_t j; sk_conf = NCONF_get_section(conf, server_section); - OPENSSL_assert(sk_conf != NULL); + TEST_check(sk_conf != NULL); for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) { int found = 0; @@ -510,10 +598,10 @@ SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section) size_t j; sk_conf = NCONF_get_section(conf, test_section); - OPENSSL_assert(sk_conf != NULL); + TEST_check(sk_conf != NULL); ctx = SSL_TEST_CTX_new(); - OPENSSL_assert(ctx != NULL); + TEST_check(ctx != NULL); for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) { int found = 0;