xref: /netbsd-src/crypto/external/bsd/openssl/dist/test/ssl_test.c (revision b0d1725196a7921d003d2c66a14f186abda4176b) 
1c7da899bSchristos /*
2*b0d17251Schristos  * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
3c7da899bSchristos  *
4*b0d17251Schristos  * Licensed under the Apache License 2.0 (the "License").  You may not use
5c7da899bSchristos  * this file except in compliance with the License.  You can obtain a copy
6c7da899bSchristos  * in the file LICENSE in the source distribution or at
7c7da899bSchristos  * https://www.openssl.org/source/license.html
8c7da899bSchristos  */
9c7da899bSchristos 
10c7da899bSchristos #include <stdio.h>
11c7da899bSchristos #include <string.h>
12c7da899bSchristos 
13c7da899bSchristos #include <openssl/conf.h>
14c7da899bSchristos #include <openssl/err.h>
15c7da899bSchristos #include <openssl/ssl.h>
16*b0d17251Schristos #include <openssl/provider.h>
17c7da899bSchristos 
18*b0d17251Schristos #include "helpers/handshake.h"
19*b0d17251Schristos #include "helpers/ssl_test_ctx.h"
20c7da899bSchristos #include "testutil.h"
21c7da899bSchristos 
22c7da899bSchristos static CONF *conf = NULL;
23*b0d17251Schristos static OSSL_PROVIDER *defctxnull = NULL, *thisprov = NULL;
24*b0d17251Schristos static OSSL_LIB_CTX *libctx = NULL;
25c7da899bSchristos 
26c7da899bSchristos /* Currently the section names are of the form test-<number>, e.g. test-15. */
27c7da899bSchristos #define MAX_TESTCASE_NAME_LENGTH 100
28c7da899bSchristos 
print_alert(int alert)29c7da899bSchristos static const char *print_alert(int alert)
30c7da899bSchristos {
31c7da899bSchristos     return alert ? SSL_alert_desc_string_long(alert) : "no alert";
32c7da899bSchristos }
33c7da899bSchristos 
check_result(HANDSHAKE_RESULT * result,SSL_TEST_CTX * test_ctx)34c7da899bSchristos static int check_result(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
35c7da899bSchristos {
3613d40330Schristos     if (!TEST_int_eq(result->result, test_ctx->expected_result)) {
3713d40330Schristos         TEST_info("ExpectedResult mismatch: expected %s, got %s.",
38c7da899bSchristos                   ssl_test_result_name(test_ctx->expected_result),
39c7da899bSchristos                   ssl_test_result_name(result->result));
40c7da899bSchristos         return 0;
41c7da899bSchristos     }
42c7da899bSchristos     return 1;
43c7da899bSchristos }
44c7da899bSchristos 
check_alerts(HANDSHAKE_RESULT * result,SSL_TEST_CTX * test_ctx)45c7da899bSchristos static int check_alerts(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
46c7da899bSchristos {
4713d40330Schristos     if (!TEST_int_eq(result->client_alert_sent,
4813d40330Schristos                      result->client_alert_received)) {
4913d40330Schristos         TEST_info("Client sent alert %s but server received %s.",
50c7da899bSchristos                   print_alert(result->client_alert_sent),
51c7da899bSchristos                   print_alert(result->client_alert_received));
52c7da899bSchristos         /*
53c7da899bSchristos          * We can't bail here because the peer doesn't always get far enough
54c7da899bSchristos          * to process a received alert. Specifically, in protocol version
55c7da899bSchristos          * negotiation tests, we have the following scenario.
56c7da899bSchristos          * Client supports TLS v1.2 only; Server supports TLS v1.1.
57c7da899bSchristos          * Client proposes TLS v1.2; server responds with 1.1;
58c7da899bSchristos          * Client now sends a protocol alert, using TLS v1.2 in the header.
59c7da899bSchristos          * The server, however, rejects the alert because of version mismatch
60c7da899bSchristos          * in the record layer; therefore, the server appears to never
61c7da899bSchristos          * receive the alert.
62c7da899bSchristos          */
63c7da899bSchristos         /* return 0; */
64c7da899bSchristos     }
65c7da899bSchristos 
6613d40330Schristos     if (!TEST_int_eq(result->server_alert_sent,
6713d40330Schristos                      result->server_alert_received)) {
6813d40330Schristos         TEST_info("Server sent alert %s but client received %s.",
69c7da899bSchristos                   print_alert(result->server_alert_sent),
70c7da899bSchristos                   print_alert(result->server_alert_received));
71c7da899bSchristos         /* return 0; */
72c7da899bSchristos     }
73c7da899bSchristos 
74c7da899bSchristos     /* Tolerate an alert if one wasn't explicitly specified in the test. */
75c7da899bSchristos     if (test_ctx->expected_client_alert
76c7da899bSchristos         /*
77c7da899bSchristos          * The info callback alert value is computed as
78c7da899bSchristos          * (s->s3->send_alert[0] << 8) | s->s3->send_alert[1]
79c7da899bSchristos          * where the low byte is the alert code and the high byte is other stuff.
80c7da899bSchristos          */
81c7da899bSchristos         && (result->client_alert_sent & 0xff) != test_ctx->expected_client_alert) {
8213d40330Schristos         TEST_error("ClientAlert mismatch: expected %s, got %s.",
83c7da899bSchristos                    print_alert(test_ctx->expected_client_alert),
84c7da899bSchristos                    print_alert(result->client_alert_sent));
85c7da899bSchristos         return 0;
86c7da899bSchristos     }
87c7da899bSchristos 
88c7da899bSchristos     if (test_ctx->expected_server_alert
89c7da899bSchristos         && (result->server_alert_sent & 0xff) != test_ctx->expected_server_alert) {
9013d40330Schristos         TEST_error("ServerAlert mismatch: expected %s, got %s.",
91c7da899bSchristos                    print_alert(test_ctx->expected_server_alert),
92c7da899bSchristos                    print_alert(result->server_alert_sent));
93c7da899bSchristos         return 0;
94c7da899bSchristos     }
95c7da899bSchristos 
9613d40330Schristos     if (!TEST_int_le(result->client_num_fatal_alerts_sent, 1))
97c7da899bSchristos         return 0;
9813d40330Schristos     if (!TEST_int_le(result->server_num_fatal_alerts_sent, 1))
99c7da899bSchristos         return 0;
100c7da899bSchristos     return 1;
101c7da899bSchristos }
102c7da899bSchristos 
check_protocol(HANDSHAKE_RESULT * result,SSL_TEST_CTX * test_ctx)103c7da899bSchristos static int check_protocol(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
104c7da899bSchristos {
10513d40330Schristos     if (!TEST_int_eq(result->client_protocol, result->server_protocol)) {
10613d40330Schristos         TEST_info("Client has protocol %s but server has %s.",
107c7da899bSchristos                   ssl_protocol_name(result->client_protocol),
108c7da899bSchristos                   ssl_protocol_name(result->server_protocol));
109c7da899bSchristos         return 0;
110c7da899bSchristos     }
111c7da899bSchristos 
112c7da899bSchristos     if (test_ctx->expected_protocol) {
11313d40330Schristos         if (!TEST_int_eq(result->client_protocol,
11413d40330Schristos                          test_ctx->expected_protocol)) {
11513d40330Schristos             TEST_info("Protocol mismatch: expected %s, got %s.\n",
116c7da899bSchristos                       ssl_protocol_name(test_ctx->expected_protocol),
117c7da899bSchristos                       ssl_protocol_name(result->client_protocol));
118c7da899bSchristos             return 0;
119c7da899bSchristos         }
120c7da899bSchristos     }
121c7da899bSchristos     return 1;
122c7da899bSchristos }
123c7da899bSchristos 
check_servername(HANDSHAKE_RESULT * result,SSL_TEST_CTX * test_ctx)124c7da899bSchristos static int check_servername(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
125c7da899bSchristos {
12613d40330Schristos     if (!TEST_int_eq(result->servername, test_ctx->expected_servername)) {
12713d40330Schristos       TEST_info("Client ServerName mismatch, expected %s, got %s.",
128c7da899bSchristos                 ssl_servername_name(test_ctx->expected_servername),
129c7da899bSchristos                 ssl_servername_name(result->servername));
130c7da899bSchristos       return 0;
131c7da899bSchristos     }
132c7da899bSchristos   return 1;
133c7da899bSchristos }
134c7da899bSchristos 
check_session_ticket(HANDSHAKE_RESULT * result,SSL_TEST_CTX * test_ctx)135c7da899bSchristos static int check_session_ticket(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
136c7da899bSchristos {
137c7da899bSchristos     if (test_ctx->session_ticket_expected == SSL_TEST_SESSION_TICKET_IGNORE)
138c7da899bSchristos         return 1;
13913d40330Schristos     if (!TEST_int_eq(result->session_ticket,
14013d40330Schristos                      test_ctx->session_ticket_expected)) {
14113d40330Schristos         TEST_info("Client SessionTicketExpected mismatch, expected %s, got %s.",
142c7da899bSchristos                   ssl_session_ticket_name(test_ctx->session_ticket_expected),
143c7da899bSchristos                   ssl_session_ticket_name(result->session_ticket));
144c7da899bSchristos         return 0;
145c7da899bSchristos     }
146c7da899bSchristos     return 1;
147c7da899bSchristos }
148c7da899bSchristos 
check_session_id(HANDSHAKE_RESULT * result,SSL_TEST_CTX * test_ctx)14913d40330Schristos static int check_session_id(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
15013d40330Schristos {
15113d40330Schristos     if (test_ctx->session_id_expected == SSL_TEST_SESSION_ID_IGNORE)
15213d40330Schristos         return 1;
15313d40330Schristos     if (!TEST_int_eq(result->session_id, test_ctx->session_id_expected)) {
15413d40330Schristos         TEST_info("Client SessionIdExpected mismatch, expected %s, got %s\n.",
15513d40330Schristos                 ssl_session_id_name(test_ctx->session_id_expected),
15613d40330Schristos                 ssl_session_id_name(result->session_id));
15713d40330Schristos         return 0;
15813d40330Schristos     }
15913d40330Schristos     return 1;
16013d40330Schristos }
16113d40330Schristos 
check_compression(HANDSHAKE_RESULT * result,SSL_TEST_CTX * test_ctx)16213d40330Schristos static int check_compression(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
16313d40330Schristos {
16413d40330Schristos     if (!TEST_int_eq(result->compression, test_ctx->compression_expected))
16513d40330Schristos         return 0;
16613d40330Schristos     return 1;
16713d40330Schristos }
168c7da899bSchristos #ifndef OPENSSL_NO_NEXTPROTONEG
check_npn(HANDSHAKE_RESULT * result,SSL_TEST_CTX * test_ctx)169c7da899bSchristos static int check_npn(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
170c7da899bSchristos {
171c7da899bSchristos     int ret = 1;
17213d40330Schristos     if (!TEST_str_eq(result->client_npn_negotiated,
17313d40330Schristos                      result->server_npn_negotiated))
17413d40330Schristos         ret = 0;
17513d40330Schristos     if (!TEST_str_eq(test_ctx->expected_npn_protocol,
17613d40330Schristos                      result->client_npn_negotiated))
17713d40330Schristos         ret = 0;
178c7da899bSchristos     return ret;
179c7da899bSchristos }
180c7da899bSchristos #endif
181c7da899bSchristos 
check_alpn(HANDSHAKE_RESULT * result,SSL_TEST_CTX * test_ctx)182c7da899bSchristos static int check_alpn(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
183c7da899bSchristos {
184c7da899bSchristos     int ret = 1;
18513d40330Schristos     if (!TEST_str_eq(result->client_alpn_negotiated,
18613d40330Schristos                      result->server_alpn_negotiated))
18713d40330Schristos         ret = 0;
18813d40330Schristos     if (!TEST_str_eq(test_ctx->expected_alpn_protocol,
18913d40330Schristos                      result->client_alpn_negotiated))
19013d40330Schristos         ret = 0;
191c7da899bSchristos     return ret;
192c7da899bSchristos }
193c7da899bSchristos 
check_session_ticket_app_data(HANDSHAKE_RESULT * result,SSL_TEST_CTX * test_ctx)19413d40330Schristos static int check_session_ticket_app_data(HANDSHAKE_RESULT *result,
19513d40330Schristos                                          SSL_TEST_CTX *test_ctx)
19613d40330Schristos {
19713d40330Schristos     size_t result_len = 0;
19813d40330Schristos     size_t expected_len = 0;
19913d40330Schristos 
20013d40330Schristos     /* consider empty and NULL strings to be the same */
20113d40330Schristos     if (result->result_session_ticket_app_data != NULL)
20213d40330Schristos         result_len = strlen(result->result_session_ticket_app_data);
20313d40330Schristos     if (test_ctx->expected_session_ticket_app_data != NULL)
20413d40330Schristos         expected_len = strlen(test_ctx->expected_session_ticket_app_data);
20513d40330Schristos     if (result_len == 0 && expected_len == 0)
20613d40330Schristos         return 1;
20713d40330Schristos 
20813d40330Schristos     if (!TEST_str_eq(result->result_session_ticket_app_data,
20913d40330Schristos                      test_ctx->expected_session_ticket_app_data))
21013d40330Schristos         return 0;
21113d40330Schristos 
21213d40330Schristos     return 1;
21313d40330Schristos }
21413d40330Schristos 
check_resumption(HANDSHAKE_RESULT * result,SSL_TEST_CTX * test_ctx)215c7da899bSchristos static int check_resumption(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
216c7da899bSchristos {
21713d40330Schristos     if (!TEST_int_eq(result->client_resumed, result->server_resumed))
21813d40330Schristos         return 0;
21913d40330Schristos     if (!TEST_int_eq(result->client_resumed, test_ctx->resumption_expected))
22013d40330Schristos         return 0;
22113d40330Schristos     return 1;
22213d40330Schristos }
22313d40330Schristos 
check_nid(const char * name,int expected_nid,int nid)22413d40330Schristos static int check_nid(const char *name, int expected_nid, int nid)
22513d40330Schristos {
22613d40330Schristos     if (expected_nid == 0 || expected_nid == nid)
22713d40330Schristos         return 1;
22813d40330Schristos     TEST_error("%s type mismatch, %s vs %s\n",
22913d40330Schristos                name, OBJ_nid2ln(expected_nid),
23013d40330Schristos                nid == NID_undef ? "absent" : OBJ_nid2ln(nid));
231c7da899bSchristos     return 0;
232c7da899bSchristos }
23313d40330Schristos 
print_ca_names(STACK_OF (X509_NAME)* names)23413d40330Schristos static void print_ca_names(STACK_OF(X509_NAME) *names)
23513d40330Schristos {
23613d40330Schristos     int i;
23713d40330Schristos 
23813d40330Schristos     if (names == NULL || sk_X509_NAME_num(names) == 0) {
23913d40330Schristos         TEST_note("    <empty>");
24013d40330Schristos         return;
24113d40330Schristos     }
24213d40330Schristos     for (i = 0; i < sk_X509_NAME_num(names); i++) {
24313d40330Schristos         X509_NAME_print_ex(bio_err, sk_X509_NAME_value(names, i), 4,
24413d40330Schristos                            XN_FLAG_ONELINE);
24513d40330Schristos         BIO_puts(bio_err, "\n");
24613d40330Schristos     }
24713d40330Schristos }
24813d40330Schristos 
check_ca_names(const char * name,STACK_OF (X509_NAME)* expected_names,STACK_OF (X509_NAME)* names)24913d40330Schristos static int check_ca_names(const char *name,
25013d40330Schristos                           STACK_OF(X509_NAME) *expected_names,
25113d40330Schristos                           STACK_OF(X509_NAME) *names)
25213d40330Schristos {
25313d40330Schristos     int i;
25413d40330Schristos 
25513d40330Schristos     if (expected_names == NULL)
25613d40330Schristos         return 1;
25713d40330Schristos     if (names == NULL || sk_X509_NAME_num(names) == 0) {
25813d40330Schristos         if (TEST_int_eq(sk_X509_NAME_num(expected_names), 0))
25913d40330Schristos             return 1;
26013d40330Schristos         goto err;
26113d40330Schristos     }
26213d40330Schristos     if (sk_X509_NAME_num(names) != sk_X509_NAME_num(expected_names))
26313d40330Schristos         goto err;
26413d40330Schristos     for (i = 0; i < sk_X509_NAME_num(names); i++) {
26513d40330Schristos         if (!TEST_int_eq(X509_NAME_cmp(sk_X509_NAME_value(names, i),
26613d40330Schristos                                        sk_X509_NAME_value(expected_names, i)),
26713d40330Schristos                          0)) {
26813d40330Schristos             goto err;
26913d40330Schristos         }
270c7da899bSchristos     }
271c7da899bSchristos     return 1;
27213d40330Schristos err:
27313d40330Schristos     TEST_info("%s: list mismatch", name);
27413d40330Schristos     TEST_note("Expected Names:");
27513d40330Schristos     print_ca_names(expected_names);
27613d40330Schristos     TEST_note("Received Names:");
27713d40330Schristos     print_ca_names(names);
27813d40330Schristos     return 0;
279c7da899bSchristos }
280c7da899bSchristos 
check_tmp_key(HANDSHAKE_RESULT * result,SSL_TEST_CTX * test_ctx)281c7da899bSchristos static int check_tmp_key(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
282c7da899bSchristos {
28313d40330Schristos     return check_nid("Tmp key", test_ctx->expected_tmp_key_type,
28413d40330Schristos                      result->tmp_key_type);
28513d40330Schristos }
28613d40330Schristos 
check_server_cert_type(HANDSHAKE_RESULT * result,SSL_TEST_CTX * test_ctx)28713d40330Schristos static int check_server_cert_type(HANDSHAKE_RESULT *result,
28813d40330Schristos                                   SSL_TEST_CTX *test_ctx)
28913d40330Schristos {
29013d40330Schristos     return check_nid("Server certificate", test_ctx->expected_server_cert_type,
29113d40330Schristos                      result->server_cert_type);
29213d40330Schristos }
29313d40330Schristos 
check_server_sign_hash(HANDSHAKE_RESULT * result,SSL_TEST_CTX * test_ctx)29413d40330Schristos static int check_server_sign_hash(HANDSHAKE_RESULT *result,
29513d40330Schristos                                   SSL_TEST_CTX *test_ctx)
29613d40330Schristos {
29713d40330Schristos     return check_nid("Server signing hash", test_ctx->expected_server_sign_hash,
29813d40330Schristos                      result->server_sign_hash);
29913d40330Schristos }
30013d40330Schristos 
check_server_sign_type(HANDSHAKE_RESULT * result,SSL_TEST_CTX * test_ctx)30113d40330Schristos static int check_server_sign_type(HANDSHAKE_RESULT *result,
30213d40330Schristos                                   SSL_TEST_CTX *test_ctx)
30313d40330Schristos {
30413d40330Schristos     return check_nid("Server signing", test_ctx->expected_server_sign_type,
30513d40330Schristos                      result->server_sign_type);
30613d40330Schristos }
30713d40330Schristos 
check_server_ca_names(HANDSHAKE_RESULT * result,SSL_TEST_CTX * test_ctx)30813d40330Schristos static int check_server_ca_names(HANDSHAKE_RESULT *result,
30913d40330Schristos                                  SSL_TEST_CTX *test_ctx)
31013d40330Schristos {
31113d40330Schristos     return check_ca_names("Server CA names",
31213d40330Schristos                           test_ctx->expected_server_ca_names,
31313d40330Schristos                           result->server_ca_names);
31413d40330Schristos }
31513d40330Schristos 
check_client_cert_type(HANDSHAKE_RESULT * result,SSL_TEST_CTX * test_ctx)31613d40330Schristos static int check_client_cert_type(HANDSHAKE_RESULT *result,
31713d40330Schristos                                   SSL_TEST_CTX *test_ctx)
31813d40330Schristos {
31913d40330Schristos     return check_nid("Client certificate", test_ctx->expected_client_cert_type,
32013d40330Schristos                      result->client_cert_type);
32113d40330Schristos }
32213d40330Schristos 
check_client_sign_hash(HANDSHAKE_RESULT * result,SSL_TEST_CTX * test_ctx)32313d40330Schristos static int check_client_sign_hash(HANDSHAKE_RESULT *result,
32413d40330Schristos                                   SSL_TEST_CTX *test_ctx)
32513d40330Schristos {
32613d40330Schristos     return check_nid("Client signing hash", test_ctx->expected_client_sign_hash,
32713d40330Schristos                      result->client_sign_hash);
32813d40330Schristos }
32913d40330Schristos 
check_client_sign_type(HANDSHAKE_RESULT * result,SSL_TEST_CTX * test_ctx)33013d40330Schristos static int check_client_sign_type(HANDSHAKE_RESULT *result,
33113d40330Schristos                                   SSL_TEST_CTX *test_ctx)
33213d40330Schristos {
33313d40330Schristos     return check_nid("Client signing", test_ctx->expected_client_sign_type,
33413d40330Schristos                      result->client_sign_type);
33513d40330Schristos }
33613d40330Schristos 
check_client_ca_names(HANDSHAKE_RESULT * result,SSL_TEST_CTX * test_ctx)33713d40330Schristos static int check_client_ca_names(HANDSHAKE_RESULT *result,
33813d40330Schristos                                  SSL_TEST_CTX *test_ctx)
33913d40330Schristos {
34013d40330Schristos     return check_ca_names("Client CA names",
34113d40330Schristos                           test_ctx->expected_client_ca_names,
34213d40330Schristos                           result->client_ca_names);
34313d40330Schristos }
34413d40330Schristos 
check_cipher(HANDSHAKE_RESULT * result,SSL_TEST_CTX * test_ctx)34513d40330Schristos static int check_cipher(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
34613d40330Schristos {
34713d40330Schristos     if (test_ctx->expected_cipher == NULL)
348c7da899bSchristos         return 1;
34913d40330Schristos     if (!TEST_ptr(result->cipher))
350c7da899bSchristos         return 0;
35113d40330Schristos     if (!TEST_str_eq(test_ctx->expected_cipher,
35213d40330Schristos                      result->cipher))
35313d40330Schristos         return 0;
35413d40330Schristos     return 1;
355c7da899bSchristos }
356c7da899bSchristos 
357c7da899bSchristos /*
358c7da899bSchristos  * This could be further simplified by constructing an expected
359c7da899bSchristos  * HANDSHAKE_RESULT, and implementing comparison methods for
360c7da899bSchristos  * its fields.
361c7da899bSchristos  */
check_test(HANDSHAKE_RESULT * result,SSL_TEST_CTX * test_ctx)362c7da899bSchristos static int check_test(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
363c7da899bSchristos {
364c7da899bSchristos     int ret = 1;
365c7da899bSchristos     ret &= check_result(result, test_ctx);
366c7da899bSchristos     ret &= check_alerts(result, test_ctx);
367c7da899bSchristos     if (result->result == SSL_TEST_SUCCESS) {
368c7da899bSchristos         ret &= check_protocol(result, test_ctx);
369c7da899bSchristos         ret &= check_servername(result, test_ctx);
370c7da899bSchristos         ret &= check_session_ticket(result, test_ctx);
37113d40330Schristos         ret &= check_compression(result, test_ctx);
37213d40330Schristos         ret &= check_session_id(result, test_ctx);
373c7da899bSchristos         ret &= (result->session_ticket_do_not_call == 0);
374c7da899bSchristos #ifndef OPENSSL_NO_NEXTPROTONEG
375c7da899bSchristos         ret &= check_npn(result, test_ctx);
376c7da899bSchristos #endif
37713d40330Schristos         ret &= check_cipher(result, test_ctx);
378c7da899bSchristos         ret &= check_alpn(result, test_ctx);
37913d40330Schristos         ret &= check_session_ticket_app_data(result, test_ctx);
380c7da899bSchristos         ret &= check_resumption(result, test_ctx);
381c7da899bSchristos         ret &= check_tmp_key(result, test_ctx);
38213d40330Schristos         ret &= check_server_cert_type(result, test_ctx);
38313d40330Schristos         ret &= check_server_sign_hash(result, test_ctx);
38413d40330Schristos         ret &= check_server_sign_type(result, test_ctx);
38513d40330Schristos         ret &= check_server_ca_names(result, test_ctx);
38613d40330Schristos         ret &= check_client_cert_type(result, test_ctx);
38713d40330Schristos         ret &= check_client_sign_hash(result, test_ctx);
38813d40330Schristos         ret &= check_client_sign_type(result, test_ctx);
38913d40330Schristos         ret &= check_client_ca_names(result, test_ctx);
390c7da899bSchristos     }
391c7da899bSchristos     return ret;
392c7da899bSchristos }
393c7da899bSchristos 
test_handshake(int idx)39413d40330Schristos static int test_handshake(int idx)
395c7da899bSchristos {
396c7da899bSchristos     int ret = 0;
397c7da899bSchristos     SSL_CTX *server_ctx = NULL, *server2_ctx = NULL, *client_ctx = NULL,
398c7da899bSchristos         *resume_server_ctx = NULL, *resume_client_ctx = NULL;
399c7da899bSchristos     SSL_TEST_CTX *test_ctx = NULL;
400c7da899bSchristos     HANDSHAKE_RESULT *result = NULL;
40113d40330Schristos     char test_app[MAX_TESTCASE_NAME_LENGTH];
402c7da899bSchristos 
40313d40330Schristos     BIO_snprintf(test_app, sizeof(test_app), "test-%d", idx);
40413d40330Schristos 
405*b0d17251Schristos     test_ctx = SSL_TEST_CTX_create(conf, test_app, libctx);
40613d40330Schristos     if (!TEST_ptr(test_ctx))
407c7da899bSchristos         goto err;
408c7da899bSchristos 
409c7da899bSchristos #ifndef OPENSSL_NO_DTLS
410c7da899bSchristos     if (test_ctx->method == SSL_TEST_METHOD_DTLS) {
411*b0d17251Schristos         server_ctx = SSL_CTX_new_ex(libctx, NULL, DTLS_server_method());
412*b0d17251Schristos         if (!TEST_true(SSL_CTX_set_options(server_ctx,
413*b0d17251Schristos                         SSL_OP_ALLOW_CLIENT_RENEGOTIATION))
414*b0d17251Schristos                 || !TEST_true(SSL_CTX_set_max_proto_version(server_ctx, 0)))
41513d40330Schristos             goto err;
416c7da899bSchristos         if (test_ctx->extra.server.servername_callback !=
417c7da899bSchristos             SSL_TEST_SERVERNAME_CB_NONE) {
418*b0d17251Schristos             if (!TEST_ptr(server2_ctx =
419*b0d17251Schristos                             SSL_CTX_new_ex(libctx, NULL, DTLS_server_method()))
420*b0d17251Schristos                     || !TEST_true(SSL_CTX_set_options(server2_ctx,
421*b0d17251Schristos                             SSL_OP_ALLOW_CLIENT_RENEGOTIATION)))
42213d40330Schristos                 goto err;
423c7da899bSchristos         }
424*b0d17251Schristos         client_ctx = SSL_CTX_new_ex(libctx, NULL, DTLS_client_method());
425*b0d17251Schristos         if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx, 0)))
42613d40330Schristos             goto err;
427c7da899bSchristos         if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {
428*b0d17251Schristos             resume_server_ctx = SSL_CTX_new_ex(libctx, NULL,
429*b0d17251Schristos                                                DTLS_server_method());
430*b0d17251Schristos             if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx, 0))
431*b0d17251Schristos                     || !TEST_true(SSL_CTX_set_options(resume_server_ctx,
432*b0d17251Schristos                             SSL_OP_ALLOW_CLIENT_RENEGOTIATION)))
43313d40330Schristos                 goto err;
434*b0d17251Schristos             resume_client_ctx = SSL_CTX_new_ex(libctx, NULL,
435*b0d17251Schristos                                                DTLS_client_method());
436*b0d17251Schristos             if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx, 0)))
43713d40330Schristos                 goto err;
43813d40330Schristos             if (!TEST_ptr(resume_server_ctx)
43913d40330Schristos                     || !TEST_ptr(resume_client_ctx))
44013d40330Schristos                 goto err;
441c7da899bSchristos         }
442c7da899bSchristos     }
443c7da899bSchristos #endif
444c7da899bSchristos     if (test_ctx->method == SSL_TEST_METHOD_TLS) {
445*b0d17251Schristos #if !defined(OPENSSL_NO_TLS1_3) \
446*b0d17251Schristos     && defined(OPENSSL_NO_EC) \
447*b0d17251Schristos     && defined(OPENSSL_NO_DH)
448*b0d17251Schristos         /* Without ec or dh there are no built-in groups for TLSv1.3 */
449*b0d17251Schristos         int maxversion = TLS1_2_VERSION;
450*b0d17251Schristos #else
451*b0d17251Schristos         int maxversion = 0;
452*b0d17251Schristos #endif
453*b0d17251Schristos 
454*b0d17251Schristos         server_ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method());
455*b0d17251Schristos         if (!TEST_true(SSL_CTX_set_max_proto_version(server_ctx, maxversion))
456*b0d17251Schristos                 || !TEST_true(SSL_CTX_set_options(server_ctx,
457*b0d17251Schristos                             SSL_OP_ALLOW_CLIENT_RENEGOTIATION)))
45813d40330Schristos             goto err;
459c7da899bSchristos         /* SNI on resumption isn't supported/tested yet. */
460c7da899bSchristos         if (test_ctx->extra.server.servername_callback !=
461c7da899bSchristos             SSL_TEST_SERVERNAME_CB_NONE) {
462*b0d17251Schristos             if (!TEST_ptr(server2_ctx =
463*b0d17251Schristos                             SSL_CTX_new_ex(libctx, NULL, TLS_server_method()))
464*b0d17251Schristos                     || !TEST_true(SSL_CTX_set_options(server2_ctx,
465*b0d17251Schristos                             SSL_OP_ALLOW_CLIENT_RENEGOTIATION)))
46613d40330Schristos                 goto err;
46713d40330Schristos             if (!TEST_true(SSL_CTX_set_max_proto_version(server2_ctx,
468*b0d17251Schristos                                                          maxversion)))
46913d40330Schristos                 goto err;
470c7da899bSchristos         }
471*b0d17251Schristos         client_ctx = SSL_CTX_new_ex(libctx, NULL, TLS_client_method());
472*b0d17251Schristos         if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx, maxversion)))
47313d40330Schristos             goto err;
474c7da899bSchristos 
475c7da899bSchristos         if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {
476*b0d17251Schristos             resume_server_ctx = SSL_CTX_new_ex(libctx, NULL,
477*b0d17251Schristos                                                TLS_server_method());
47813d40330Schristos             if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx,
479*b0d17251Schristos                                                          maxversion))
480*b0d17251Schristos                     || !TEST_true(SSL_CTX_set_options(resume_server_ctx,
481*b0d17251Schristos                             SSL_OP_ALLOW_CLIENT_RENEGOTIATION)))
48213d40330Schristos                 goto err;
483*b0d17251Schristos             resume_client_ctx = SSL_CTX_new_ex(libctx, NULL,
484*b0d17251Schristos                                                TLS_client_method());
48513d40330Schristos             if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx,
486*b0d17251Schristos                                                          maxversion)))
48713d40330Schristos                 goto err;
48813d40330Schristos             if (!TEST_ptr(resume_server_ctx)
48913d40330Schristos                     || !TEST_ptr(resume_client_ctx))
49013d40330Schristos                 goto err;
491c7da899bSchristos         }
492c7da899bSchristos     }
493c7da899bSchristos 
49413d40330Schristos #ifdef OPENSSL_NO_AUTOLOAD_CONFIG
49513d40330Schristos     if (!TEST_true(OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL)))
49613d40330Schristos         goto err;
49713d40330Schristos #endif
498c7da899bSchristos 
49913d40330Schristos     if (!TEST_ptr(server_ctx)
50013d40330Schristos             || !TEST_ptr(client_ctx)
50113d40330Schristos             || !TEST_int_gt(CONF_modules_load(conf, test_app, 0),  0))
50213d40330Schristos         goto err;
503c7da899bSchristos 
504c7da899bSchristos     if (!SSL_CTX_config(server_ctx, "server")
505c7da899bSchristos         || !SSL_CTX_config(client_ctx, "client")) {
506c7da899bSchristos         goto err;
507c7da899bSchristos     }
508c7da899bSchristos 
509c7da899bSchristos     if (server2_ctx != NULL && !SSL_CTX_config(server2_ctx, "server2"))
510c7da899bSchristos         goto err;
511c7da899bSchristos     if (resume_server_ctx != NULL
512c7da899bSchristos         && !SSL_CTX_config(resume_server_ctx, "resume-server"))
513c7da899bSchristos         goto err;
514c7da899bSchristos     if (resume_client_ctx != NULL
515c7da899bSchristos         && !SSL_CTX_config(resume_client_ctx, "resume-client"))
516c7da899bSchristos         goto err;
517c7da899bSchristos 
518c7da899bSchristos     result = do_handshake(server_ctx, server2_ctx, client_ctx,
519c7da899bSchristos                           resume_server_ctx, resume_client_ctx, test_ctx);
520c7da899bSchristos 
52113d40330Schristos     if (result != NULL)
522c7da899bSchristos         ret = check_test(result, test_ctx);
523c7da899bSchristos 
524c7da899bSchristos err:
525c7da899bSchristos     CONF_modules_unload(0);
526c7da899bSchristos     SSL_CTX_free(server_ctx);
527c7da899bSchristos     SSL_CTX_free(server2_ctx);
528c7da899bSchristos     SSL_CTX_free(client_ctx);
529c7da899bSchristos     SSL_CTX_free(resume_server_ctx);
530c7da899bSchristos     SSL_CTX_free(resume_client_ctx);
531c7da899bSchristos     SSL_TEST_CTX_free(test_ctx);
532c7da899bSchristos     HANDSHAKE_RESULT_free(result);
533c7da899bSchristos     return ret;
534c7da899bSchristos }
535c7da899bSchristos 
536*b0d17251Schristos #define USAGE "conf_file module_name [module_conf_file]\n"
OPT_TEST_DECLARE_USAGE(USAGE)537*b0d17251Schristos OPT_TEST_DECLARE_USAGE(USAGE)
538*b0d17251Schristos 
53913d40330Schristos int setup_tests(void)
540c7da899bSchristos {
541c7da899bSchristos     long num_tests;
542c7da899bSchristos 
543*b0d17251Schristos     if (!test_skip_common_options()) {
544*b0d17251Schristos         TEST_error("Error parsing test options\n");
545*b0d17251Schristos         return 0;
546*b0d17251Schristos     }
547*b0d17251Schristos 
54813d40330Schristos     if (!TEST_ptr(conf = NCONF_new(NULL))
549c7da899bSchristos             /* argv[1] should point to the test conf file */
55013d40330Schristos             || !TEST_int_gt(NCONF_load(conf, test_get_argument(0), NULL), 0)
55113d40330Schristos             || !TEST_int_ne(NCONF_get_number_e(conf, NULL, "num_tests",
552*b0d17251Schristos                                                &num_tests), 0)) {
553*b0d17251Schristos         TEST_error("usage: ssl_test %s", USAGE);
554*b0d17251Schristos         return 0;
555*b0d17251Schristos     }
556*b0d17251Schristos 
557*b0d17251Schristos     if (!test_arg_libctx(&libctx, &defctxnull, &thisprov, 1, USAGE))
55813d40330Schristos         return 0;
559c7da899bSchristos 
56013d40330Schristos     ADD_ALL_TESTS(test_handshake, (int)num_tests);
56113d40330Schristos     return 1;
56213d40330Schristos }
563c7da899bSchristos 
cleanup_tests(void)56413d40330Schristos void cleanup_tests(void)
56513d40330Schristos {
56613d40330Schristos     NCONF_free(conf);
567*b0d17251Schristos     OSSL_PROVIDER_unload(defctxnull);
568*b0d17251Schristos     OSSL_PROVIDER_unload(thisprov);
569*b0d17251Schristos     OSSL_LIB_CTX_free(libctx);
570c7da899bSchristos }
571