1*4724848cSchristos /*
2*4724848cSchristos * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
3*4724848cSchristos *
4*4724848cSchristos * Licensed under the OpenSSL license (the "License"). You may not use
5*4724848cSchristos * this file except in compliance with the License. You can obtain a copy
6*4724848cSchristos * in the file LICENSE in the source distribution or at
7*4724848cSchristos * https://www.openssl.org/source/license.html
8*4724848cSchristos */
9*4724848cSchristos
10*4724848cSchristos #include <string.h>
11*4724848cSchristos
12*4724848cSchristos #include <openssl/e_os2.h>
13*4724848cSchristos #include <openssl/crypto.h>
14*4724848cSchristos
15*4724848cSchristos #include "internal/nelem.h"
16*4724848cSchristos #include "ssl_test_ctx.h"
17*4724848cSchristos #include "testutil.h"
18*4724848cSchristos
19*4724848cSchristos #ifdef OPENSSL_SYS_WINDOWS
20*4724848cSchristos # define strcasecmp _stricmp
21*4724848cSchristos #endif
22*4724848cSchristos
23*4724848cSchristos static const int default_app_data_size = 256;
24*4724848cSchristos /* Default set to be as small as possible to exercise fragmentation. */
25*4724848cSchristos static const int default_max_fragment_size = 512;
26*4724848cSchristos
parse_boolean(const char * value,int * result)27*4724848cSchristos static int parse_boolean(const char *value, int *result)
28*4724848cSchristos {
29*4724848cSchristos if (strcasecmp(value, "Yes") == 0) {
30*4724848cSchristos *result = 1;
31*4724848cSchristos return 1;
32*4724848cSchristos }
33*4724848cSchristos else if (strcasecmp(value, "No") == 0) {
34*4724848cSchristos *result = 0;
35*4724848cSchristos return 1;
36*4724848cSchristos }
37*4724848cSchristos TEST_error("parse_boolean given: '%s'", value);
38*4724848cSchristos return 0;
39*4724848cSchristos }
40*4724848cSchristos
41*4724848cSchristos #define IMPLEMENT_SSL_TEST_BOOL_OPTION(struct_type, name, field) \
42*4724848cSchristos static int parse_##name##_##field(struct_type *ctx, const char *value) \
43*4724848cSchristos { \
44*4724848cSchristos return parse_boolean(value, &ctx->field); \
45*4724848cSchristos }
46*4724848cSchristos
47*4724848cSchristos #define IMPLEMENT_SSL_TEST_STRING_OPTION(struct_type, name, field) \
48*4724848cSchristos static int parse_##name##_##field(struct_type *ctx, const char *value) \
49*4724848cSchristos { \
50*4724848cSchristos OPENSSL_free(ctx->field); \
51*4724848cSchristos ctx->field = OPENSSL_strdup(value); \
52*4724848cSchristos return TEST_ptr(ctx->field); \
53*4724848cSchristos }
54*4724848cSchristos
55*4724848cSchristos #define IMPLEMENT_SSL_TEST_INT_OPTION(struct_type, name, field) \
56*4724848cSchristos static int parse_##name##_##field(struct_type *ctx, const char *value) \
57*4724848cSchristos { \
58*4724848cSchristos ctx->field = atoi(value); \
59*4724848cSchristos return 1; \
60*4724848cSchristos }
61*4724848cSchristos
62*4724848cSchristos /* True enums and other test configuration values that map to an int. */
63*4724848cSchristos typedef struct {
64*4724848cSchristos const char *name;
65*4724848cSchristos int value;
66*4724848cSchristos } test_enum;
67*4724848cSchristos
68*4724848cSchristos
parse_enum(const test_enum * enums,size_t num_enums,int * value,const char * name)69*4724848cSchristos __owur static int parse_enum(const test_enum *enums, size_t num_enums,
70*4724848cSchristos int *value, const char *name)
71*4724848cSchristos {
72*4724848cSchristos size_t i;
73*4724848cSchristos for (i = 0; i < num_enums; i++) {
74*4724848cSchristos if (strcmp(enums[i].name, name) == 0) {
75*4724848cSchristos *value = enums[i].value;
76*4724848cSchristos return 1;
77*4724848cSchristos }
78*4724848cSchristos }
79*4724848cSchristos return 0;
80*4724848cSchristos }
81*4724848cSchristos
enum_name(const test_enum * enums,size_t num_enums,int value)82*4724848cSchristos static const char *enum_name(const test_enum *enums, size_t num_enums,
83*4724848cSchristos int value)
84*4724848cSchristos {
85*4724848cSchristos size_t i;
86*4724848cSchristos for (i = 0; i < num_enums; i++) {
87*4724848cSchristos if (enums[i].value == value) {
88*4724848cSchristos return enums[i].name;
89*4724848cSchristos }
90*4724848cSchristos }
91*4724848cSchristos return "InvalidValue";
92*4724848cSchristos }
93*4724848cSchristos
94*4724848cSchristos
95*4724848cSchristos /* ExpectedResult */
96*4724848cSchristos
97*4724848cSchristos static const test_enum ssl_test_results[] = {
98*4724848cSchristos {"Success", SSL_TEST_SUCCESS},
99*4724848cSchristos {"ServerFail", SSL_TEST_SERVER_FAIL},
100*4724848cSchristos {"ClientFail", SSL_TEST_CLIENT_FAIL},
101*4724848cSchristos {"InternalError", SSL_TEST_INTERNAL_ERROR},
102*4724848cSchristos {"FirstHandshakeFailed", SSL_TEST_FIRST_HANDSHAKE_FAILED},
103*4724848cSchristos };
104*4724848cSchristos
parse_expected_result(SSL_TEST_CTX * test_ctx,const char * value)105*4724848cSchristos __owur static int parse_expected_result(SSL_TEST_CTX *test_ctx, const char *value)
106*4724848cSchristos {
107*4724848cSchristos int ret_value;
108*4724848cSchristos if (!parse_enum(ssl_test_results, OSSL_NELEM(ssl_test_results),
109*4724848cSchristos &ret_value, value)) {
110*4724848cSchristos return 0;
111*4724848cSchristos }
112*4724848cSchristos test_ctx->expected_result = ret_value;
113*4724848cSchristos return 1;
114*4724848cSchristos }
115*4724848cSchristos
ssl_test_result_name(ssl_test_result_t result)116*4724848cSchristos const char *ssl_test_result_name(ssl_test_result_t result)
117*4724848cSchristos {
118*4724848cSchristos return enum_name(ssl_test_results, OSSL_NELEM(ssl_test_results), result);
119*4724848cSchristos }
120*4724848cSchristos
121*4724848cSchristos /* ExpectedClientAlert / ExpectedServerAlert */
122*4724848cSchristos
123*4724848cSchristos static const test_enum ssl_alerts[] = {
124*4724848cSchristos {"UnknownCA", SSL_AD_UNKNOWN_CA},
125*4724848cSchristos {"HandshakeFailure", SSL_AD_HANDSHAKE_FAILURE},
126*4724848cSchristos {"UnrecognizedName", SSL_AD_UNRECOGNIZED_NAME},
127*4724848cSchristos {"BadCertificate", SSL_AD_BAD_CERTIFICATE},
128*4724848cSchristos {"NoApplicationProtocol", SSL_AD_NO_APPLICATION_PROTOCOL},
129*4724848cSchristos {"CertificateRequired", SSL_AD_CERTIFICATE_REQUIRED},
130*4724848cSchristos };
131*4724848cSchristos
parse_alert(int * alert,const char * value)132*4724848cSchristos __owur static int parse_alert(int *alert, const char *value)
133*4724848cSchristos {
134*4724848cSchristos return parse_enum(ssl_alerts, OSSL_NELEM(ssl_alerts), alert, value);
135*4724848cSchristos }
136*4724848cSchristos
parse_client_alert(SSL_TEST_CTX * test_ctx,const char * value)137*4724848cSchristos __owur static int parse_client_alert(SSL_TEST_CTX *test_ctx, const char *value)
138*4724848cSchristos {
139*4724848cSchristos return parse_alert(&test_ctx->expected_client_alert, value);
140*4724848cSchristos }
141*4724848cSchristos
parse_server_alert(SSL_TEST_CTX * test_ctx,const char * value)142*4724848cSchristos __owur static int parse_server_alert(SSL_TEST_CTX *test_ctx, const char *value)
143*4724848cSchristos {
144*4724848cSchristos return parse_alert(&test_ctx->expected_server_alert, value);
145*4724848cSchristos }
146*4724848cSchristos
ssl_alert_name(int alert)147*4724848cSchristos const char *ssl_alert_name(int alert)
148*4724848cSchristos {
149*4724848cSchristos return enum_name(ssl_alerts, OSSL_NELEM(ssl_alerts), alert);
150*4724848cSchristos }
151*4724848cSchristos
152*4724848cSchristos /* ExpectedProtocol */
153*4724848cSchristos
154*4724848cSchristos static const test_enum ssl_protocols[] = {
155*4724848cSchristos {"TLSv1.3", TLS1_3_VERSION},
156*4724848cSchristos {"TLSv1.2", TLS1_2_VERSION},
157*4724848cSchristos {"TLSv1.1", TLS1_1_VERSION},
158*4724848cSchristos {"TLSv1", TLS1_VERSION},
159*4724848cSchristos {"SSLv3", SSL3_VERSION},
160*4724848cSchristos {"DTLSv1", DTLS1_VERSION},
161*4724848cSchristos {"DTLSv1.2", DTLS1_2_VERSION},
162*4724848cSchristos };
163*4724848cSchristos
parse_protocol(SSL_TEST_CTX * test_ctx,const char * value)164*4724848cSchristos __owur static int parse_protocol(SSL_TEST_CTX *test_ctx, const char *value)
165*4724848cSchristos {
166*4724848cSchristos return parse_enum(ssl_protocols, OSSL_NELEM(ssl_protocols),
167*4724848cSchristos &test_ctx->expected_protocol, value);
168*4724848cSchristos }
169*4724848cSchristos
ssl_protocol_name(int protocol)170*4724848cSchristos const char *ssl_protocol_name(int protocol)
171*4724848cSchristos {
172*4724848cSchristos return enum_name(ssl_protocols, OSSL_NELEM(ssl_protocols), protocol);
173*4724848cSchristos }
174*4724848cSchristos
175*4724848cSchristos /* VerifyCallback */
176*4724848cSchristos
177*4724848cSchristos static const test_enum ssl_verify_callbacks[] = {
178*4724848cSchristos {"None", SSL_TEST_VERIFY_NONE},
179*4724848cSchristos {"AcceptAll", SSL_TEST_VERIFY_ACCEPT_ALL},
180*4724848cSchristos {"RejectAll", SSL_TEST_VERIFY_REJECT_ALL},
181*4724848cSchristos };
182*4724848cSchristos
parse_client_verify_callback(SSL_TEST_CLIENT_CONF * client_conf,const char * value)183*4724848cSchristos __owur static int parse_client_verify_callback(SSL_TEST_CLIENT_CONF *client_conf,
184*4724848cSchristos const char *value)
185*4724848cSchristos {
186*4724848cSchristos int ret_value;
187*4724848cSchristos if (!parse_enum(ssl_verify_callbacks, OSSL_NELEM(ssl_verify_callbacks),
188*4724848cSchristos &ret_value, value)) {
189*4724848cSchristos return 0;
190*4724848cSchristos }
191*4724848cSchristos client_conf->verify_callback = ret_value;
192*4724848cSchristos return 1;
193*4724848cSchristos }
194*4724848cSchristos
ssl_verify_callback_name(ssl_verify_callback_t callback)195*4724848cSchristos const char *ssl_verify_callback_name(ssl_verify_callback_t callback)
196*4724848cSchristos {
197*4724848cSchristos return enum_name(ssl_verify_callbacks, OSSL_NELEM(ssl_verify_callbacks),
198*4724848cSchristos callback);
199*4724848cSchristos }
200*4724848cSchristos
201*4724848cSchristos /* ServerName */
202*4724848cSchristos
203*4724848cSchristos static const test_enum ssl_servername[] = {
204*4724848cSchristos {"None", SSL_TEST_SERVERNAME_NONE},
205*4724848cSchristos {"server1", SSL_TEST_SERVERNAME_SERVER1},
206*4724848cSchristos {"server2", SSL_TEST_SERVERNAME_SERVER2},
207*4724848cSchristos {"invalid", SSL_TEST_SERVERNAME_INVALID},
208*4724848cSchristos };
209*4724848cSchristos
parse_servername(SSL_TEST_CLIENT_CONF * client_conf,const char * value)210*4724848cSchristos __owur static int parse_servername(SSL_TEST_CLIENT_CONF *client_conf,
211*4724848cSchristos const char *value)
212*4724848cSchristos {
213*4724848cSchristos int ret_value;
214*4724848cSchristos if (!parse_enum(ssl_servername, OSSL_NELEM(ssl_servername),
215*4724848cSchristos &ret_value, value)) {
216*4724848cSchristos return 0;
217*4724848cSchristos }
218*4724848cSchristos client_conf->servername = ret_value;
219*4724848cSchristos return 1;
220*4724848cSchristos }
221*4724848cSchristos
parse_expected_servername(SSL_TEST_CTX * test_ctx,const char * value)222*4724848cSchristos __owur static int parse_expected_servername(SSL_TEST_CTX *test_ctx,
223*4724848cSchristos const char *value)
224*4724848cSchristos {
225*4724848cSchristos int ret_value;
226*4724848cSchristos if (!parse_enum(ssl_servername, OSSL_NELEM(ssl_servername),
227*4724848cSchristos &ret_value, value)) {
228*4724848cSchristos return 0;
229*4724848cSchristos }
230*4724848cSchristos test_ctx->expected_servername = ret_value;
231*4724848cSchristos return 1;
232*4724848cSchristos }
233*4724848cSchristos
ssl_servername_name(ssl_servername_t server)234*4724848cSchristos const char *ssl_servername_name(ssl_servername_t server)
235*4724848cSchristos {
236*4724848cSchristos return enum_name(ssl_servername, OSSL_NELEM(ssl_servername),
237*4724848cSchristos server);
238*4724848cSchristos }
239*4724848cSchristos
240*4724848cSchristos /* ServerNameCallback */
241*4724848cSchristos
242*4724848cSchristos static const test_enum ssl_servername_callbacks[] = {
243*4724848cSchristos {"None", SSL_TEST_SERVERNAME_CB_NONE},
244*4724848cSchristos {"IgnoreMismatch", SSL_TEST_SERVERNAME_IGNORE_MISMATCH},
245*4724848cSchristos {"RejectMismatch", SSL_TEST_SERVERNAME_REJECT_MISMATCH},
246*4724848cSchristos {"ClientHelloIgnoreMismatch",
247*4724848cSchristos SSL_TEST_SERVERNAME_CLIENT_HELLO_IGNORE_MISMATCH},
248*4724848cSchristos {"ClientHelloRejectMismatch",
249*4724848cSchristos SSL_TEST_SERVERNAME_CLIENT_HELLO_REJECT_MISMATCH},
250*4724848cSchristos {"ClientHelloNoV12", SSL_TEST_SERVERNAME_CLIENT_HELLO_NO_V12},
251*4724848cSchristos };
252*4724848cSchristos
parse_servername_callback(SSL_TEST_SERVER_CONF * server_conf,const char * value)253*4724848cSchristos __owur static int parse_servername_callback(SSL_TEST_SERVER_CONF *server_conf,
254*4724848cSchristos const char *value)
255*4724848cSchristos {
256*4724848cSchristos int ret_value;
257*4724848cSchristos if (!parse_enum(ssl_servername_callbacks,
258*4724848cSchristos OSSL_NELEM(ssl_servername_callbacks), &ret_value, value)) {
259*4724848cSchristos return 0;
260*4724848cSchristos }
261*4724848cSchristos server_conf->servername_callback = ret_value;
262*4724848cSchristos return 1;
263*4724848cSchristos }
264*4724848cSchristos
ssl_servername_callback_name(ssl_servername_callback_t callback)265*4724848cSchristos const char *ssl_servername_callback_name(ssl_servername_callback_t callback)
266*4724848cSchristos {
267*4724848cSchristos return enum_name(ssl_servername_callbacks,
268*4724848cSchristos OSSL_NELEM(ssl_servername_callbacks), callback);
269*4724848cSchristos }
270*4724848cSchristos
271*4724848cSchristos /* SessionTicketExpected */
272*4724848cSchristos
273*4724848cSchristos static const test_enum ssl_session_ticket[] = {
274*4724848cSchristos {"Ignore", SSL_TEST_SESSION_TICKET_IGNORE},
275*4724848cSchristos {"Yes", SSL_TEST_SESSION_TICKET_YES},
276*4724848cSchristos {"No", SSL_TEST_SESSION_TICKET_NO},
277*4724848cSchristos };
278*4724848cSchristos
parse_session_ticket(SSL_TEST_CTX * test_ctx,const char * value)279*4724848cSchristos __owur static int parse_session_ticket(SSL_TEST_CTX *test_ctx, const char *value)
280*4724848cSchristos {
281*4724848cSchristos int ret_value;
282*4724848cSchristos if (!parse_enum(ssl_session_ticket, OSSL_NELEM(ssl_session_ticket),
283*4724848cSchristos &ret_value, value)) {
284*4724848cSchristos return 0;
285*4724848cSchristos }
286*4724848cSchristos test_ctx->session_ticket_expected = ret_value;
287*4724848cSchristos return 1;
288*4724848cSchristos }
289*4724848cSchristos
ssl_session_ticket_name(ssl_session_ticket_t server)290*4724848cSchristos const char *ssl_session_ticket_name(ssl_session_ticket_t server)
291*4724848cSchristos {
292*4724848cSchristos return enum_name(ssl_session_ticket,
293*4724848cSchristos OSSL_NELEM(ssl_session_ticket),
294*4724848cSchristos server);
295*4724848cSchristos }
296*4724848cSchristos
297*4724848cSchristos /* CompressionExpected */
298*4724848cSchristos
299*4724848cSchristos IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, compression_expected)
300*4724848cSchristos
301*4724848cSchristos /* SessionIdExpected */
302*4724848cSchristos
303*4724848cSchristos static const test_enum ssl_session_id[] = {
304*4724848cSchristos {"Ignore", SSL_TEST_SESSION_ID_IGNORE},
305*4724848cSchristos {"Yes", SSL_TEST_SESSION_ID_YES},
306*4724848cSchristos {"No", SSL_TEST_SESSION_ID_NO},
307*4724848cSchristos };
308*4724848cSchristos
parse_session_id(SSL_TEST_CTX * test_ctx,const char * value)309*4724848cSchristos __owur static int parse_session_id(SSL_TEST_CTX *test_ctx, const char *value)
310*4724848cSchristos {
311*4724848cSchristos int ret_value;
312*4724848cSchristos if (!parse_enum(ssl_session_id, OSSL_NELEM(ssl_session_id),
313*4724848cSchristos &ret_value, value)) {
314*4724848cSchristos return 0;
315*4724848cSchristos }
316*4724848cSchristos test_ctx->session_id_expected = ret_value;
317*4724848cSchristos return 1;
318*4724848cSchristos }
319*4724848cSchristos
ssl_session_id_name(ssl_session_id_t server)320*4724848cSchristos const char *ssl_session_id_name(ssl_session_id_t server)
321*4724848cSchristos {
322*4724848cSchristos return enum_name(ssl_session_id,
323*4724848cSchristos OSSL_NELEM(ssl_session_id),
324*4724848cSchristos server);
325*4724848cSchristos }
326*4724848cSchristos
327*4724848cSchristos /* Method */
328*4724848cSchristos
329*4724848cSchristos static const test_enum ssl_test_methods[] = {
330*4724848cSchristos {"TLS", SSL_TEST_METHOD_TLS},
331*4724848cSchristos {"DTLS", SSL_TEST_METHOD_DTLS},
332*4724848cSchristos };
333*4724848cSchristos
parse_test_method(SSL_TEST_CTX * test_ctx,const char * value)334*4724848cSchristos __owur static int parse_test_method(SSL_TEST_CTX *test_ctx, const char *value)
335*4724848cSchristos {
336*4724848cSchristos int ret_value;
337*4724848cSchristos if (!parse_enum(ssl_test_methods, OSSL_NELEM(ssl_test_methods),
338*4724848cSchristos &ret_value, value)) {
339*4724848cSchristos return 0;
340*4724848cSchristos }
341*4724848cSchristos test_ctx->method = ret_value;
342*4724848cSchristos return 1;
343*4724848cSchristos }
344*4724848cSchristos
ssl_test_method_name(ssl_test_method_t method)345*4724848cSchristos const char *ssl_test_method_name(ssl_test_method_t method)
346*4724848cSchristos {
347*4724848cSchristos return enum_name(ssl_test_methods, OSSL_NELEM(ssl_test_methods), method);
348*4724848cSchristos }
349*4724848cSchristos
350*4724848cSchristos /* NPN and ALPN options */
351*4724848cSchristos
352*4724848cSchristos IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, npn_protocols)
353*4724848cSchristos IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, npn_protocols)
354*4724848cSchristos IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_npn_protocol)
355*4724848cSchristos IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, alpn_protocols)
356*4724848cSchristos IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, alpn_protocols)
357*4724848cSchristos IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_alpn_protocol)
358*4724848cSchristos
359*4724848cSchristos /* SRP options */
360*4724848cSchristos IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, srp_user)
361*4724848cSchristos IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, srp_user)
362*4724848cSchristos IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, srp_password)
363*4724848cSchristos IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, srp_password)
364*4724848cSchristos
365*4724848cSchristos /* Session Ticket App Data options */
366*4724848cSchristos IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_session_ticket_app_data)
367*4724848cSchristos IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, session_ticket_app_data)
368*4724848cSchristos
369*4724848cSchristos /* Handshake mode */
370*4724848cSchristos
371*4724848cSchristos static const test_enum ssl_handshake_modes[] = {
372*4724848cSchristos {"Simple", SSL_TEST_HANDSHAKE_SIMPLE},
373*4724848cSchristos {"Resume", SSL_TEST_HANDSHAKE_RESUME},
374*4724848cSchristos {"RenegotiateServer", SSL_TEST_HANDSHAKE_RENEG_SERVER},
375*4724848cSchristos {"RenegotiateClient", SSL_TEST_HANDSHAKE_RENEG_CLIENT},
376*4724848cSchristos {"KeyUpdateServer", SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER},
377*4724848cSchristos {"KeyUpdateClient", SSL_TEST_HANDSHAKE_KEY_UPDATE_CLIENT},
378*4724848cSchristos {"PostHandshakeAuth", SSL_TEST_HANDSHAKE_POST_HANDSHAKE_AUTH},
379*4724848cSchristos };
380*4724848cSchristos
parse_handshake_mode(SSL_TEST_CTX * test_ctx,const char * value)381*4724848cSchristos __owur static int parse_handshake_mode(SSL_TEST_CTX *test_ctx, const char *value)
382*4724848cSchristos {
383*4724848cSchristos int ret_value;
384*4724848cSchristos if (!parse_enum(ssl_handshake_modes, OSSL_NELEM(ssl_handshake_modes),
385*4724848cSchristos &ret_value, value)) {
386*4724848cSchristos return 0;
387*4724848cSchristos }
388*4724848cSchristos test_ctx->handshake_mode = ret_value;
389*4724848cSchristos return 1;
390*4724848cSchristos }
391*4724848cSchristos
ssl_handshake_mode_name(ssl_handshake_mode_t mode)392*4724848cSchristos const char *ssl_handshake_mode_name(ssl_handshake_mode_t mode)
393*4724848cSchristos {
394*4724848cSchristos return enum_name(ssl_handshake_modes, OSSL_NELEM(ssl_handshake_modes),
395*4724848cSchristos mode);
396*4724848cSchristos }
397*4724848cSchristos
398*4724848cSchristos /* Renegotiation Ciphersuites */
399*4724848cSchristos
400*4724848cSchristos IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, reneg_ciphers)
401*4724848cSchristos
402*4724848cSchristos /* KeyUpdateType */
403*4724848cSchristos
404*4724848cSchristos static const test_enum ssl_key_update_types[] = {
405*4724848cSchristos {"KeyUpdateRequested", SSL_KEY_UPDATE_REQUESTED},
406*4724848cSchristos {"KeyUpdateNotRequested", SSL_KEY_UPDATE_NOT_REQUESTED},
407*4724848cSchristos };
408*4724848cSchristos
parse_key_update_type(SSL_TEST_CTX * test_ctx,const char * value)409*4724848cSchristos __owur static int parse_key_update_type(SSL_TEST_CTX *test_ctx, const char *value)
410*4724848cSchristos {
411*4724848cSchristos int ret_value;
412*4724848cSchristos if (!parse_enum(ssl_key_update_types, OSSL_NELEM(ssl_key_update_types),
413*4724848cSchristos &ret_value, value)) {
414*4724848cSchristos return 0;
415*4724848cSchristos }
416*4724848cSchristos test_ctx->key_update_type = ret_value;
417*4724848cSchristos return 1;
418*4724848cSchristos }
419*4724848cSchristos
420*4724848cSchristos /* CT Validation */
421*4724848cSchristos
422*4724848cSchristos static const test_enum ssl_ct_validation_modes[] = {
423*4724848cSchristos {"None", SSL_TEST_CT_VALIDATION_NONE},
424*4724848cSchristos {"Permissive", SSL_TEST_CT_VALIDATION_PERMISSIVE},
425*4724848cSchristos {"Strict", SSL_TEST_CT_VALIDATION_STRICT},
426*4724848cSchristos };
427*4724848cSchristos
parse_ct_validation(SSL_TEST_CLIENT_CONF * client_conf,const char * value)428*4724848cSchristos __owur static int parse_ct_validation(SSL_TEST_CLIENT_CONF *client_conf,
429*4724848cSchristos const char *value)
430*4724848cSchristos {
431*4724848cSchristos int ret_value;
432*4724848cSchristos if (!parse_enum(ssl_ct_validation_modes, OSSL_NELEM(ssl_ct_validation_modes),
433*4724848cSchristos &ret_value, value)) {
434*4724848cSchristos return 0;
435*4724848cSchristos }
436*4724848cSchristos client_conf->ct_validation = ret_value;
437*4724848cSchristos return 1;
438*4724848cSchristos }
439*4724848cSchristos
ssl_ct_validation_name(ssl_ct_validation_t mode)440*4724848cSchristos const char *ssl_ct_validation_name(ssl_ct_validation_t mode)
441*4724848cSchristos {
442*4724848cSchristos return enum_name(ssl_ct_validation_modes, OSSL_NELEM(ssl_ct_validation_modes),
443*4724848cSchristos mode);
444*4724848cSchristos }
445*4724848cSchristos
446*4724848cSchristos IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, resumption_expected)
447*4724848cSchristos IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_SERVER_CONF, server, broken_session_ticket)
448*4724848cSchristos IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, use_sctp)
449*4724848cSchristos IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, enable_client_sctp_label_bug)
450*4724848cSchristos IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, enable_server_sctp_label_bug)
451*4724848cSchristos
452*4724848cSchristos /* CertStatus */
453*4724848cSchristos
454*4724848cSchristos static const test_enum ssl_certstatus[] = {
455*4724848cSchristos {"None", SSL_TEST_CERT_STATUS_NONE},
456*4724848cSchristos {"GoodResponse", SSL_TEST_CERT_STATUS_GOOD_RESPONSE},
457*4724848cSchristos {"BadResponse", SSL_TEST_CERT_STATUS_BAD_RESPONSE}
458*4724848cSchristos };
459*4724848cSchristos
parse_certstatus(SSL_TEST_SERVER_CONF * server_conf,const char * value)460*4724848cSchristos __owur static int parse_certstatus(SSL_TEST_SERVER_CONF *server_conf,
461*4724848cSchristos const char *value)
462*4724848cSchristos {
463*4724848cSchristos int ret_value;
464*4724848cSchristos if (!parse_enum(ssl_certstatus, OSSL_NELEM(ssl_certstatus), &ret_value,
465*4724848cSchristos value)) {
466*4724848cSchristos return 0;
467*4724848cSchristos }
468*4724848cSchristos server_conf->cert_status = ret_value;
469*4724848cSchristos return 1;
470*4724848cSchristos }
471*4724848cSchristos
ssl_certstatus_name(ssl_cert_status_t cert_status)472*4724848cSchristos const char *ssl_certstatus_name(ssl_cert_status_t cert_status)
473*4724848cSchristos {
474*4724848cSchristos return enum_name(ssl_certstatus,
475*4724848cSchristos OSSL_NELEM(ssl_certstatus), cert_status);
476*4724848cSchristos }
477*4724848cSchristos
478*4724848cSchristos /* ApplicationData */
479*4724848cSchristos
480*4724848cSchristos IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, app_data_size)
481*4724848cSchristos
482*4724848cSchristos
483*4724848cSchristos /* MaxFragmentSize */
484*4724848cSchristos
485*4724848cSchristos IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, max_fragment_size)
486*4724848cSchristos
487*4724848cSchristos /* Maximum-Fragment-Length TLS extension mode */
488*4724848cSchristos static const test_enum ssl_max_fragment_len_mode[] = {
489*4724848cSchristos {"None", TLSEXT_max_fragment_length_DISABLED},
490*4724848cSchristos { "512", TLSEXT_max_fragment_length_512},
491*4724848cSchristos {"1024", TLSEXT_max_fragment_length_1024},
492*4724848cSchristos {"2048", TLSEXT_max_fragment_length_2048},
493*4724848cSchristos {"4096", TLSEXT_max_fragment_length_4096}
494*4724848cSchristos };
495*4724848cSchristos
parse_max_fragment_len_mode(SSL_TEST_CLIENT_CONF * client_conf,const char * value)496*4724848cSchristos __owur static int parse_max_fragment_len_mode(SSL_TEST_CLIENT_CONF *client_conf,
497*4724848cSchristos const char *value)
498*4724848cSchristos {
499*4724848cSchristos int ret_value;
500*4724848cSchristos
501*4724848cSchristos if (!parse_enum(ssl_max_fragment_len_mode,
502*4724848cSchristos OSSL_NELEM(ssl_max_fragment_len_mode), &ret_value, value)) {
503*4724848cSchristos return 0;
504*4724848cSchristos }
505*4724848cSchristos client_conf->max_fragment_len_mode = ret_value;
506*4724848cSchristos return 1;
507*4724848cSchristos }
508*4724848cSchristos
ssl_max_fragment_len_name(int MFL_mode)509*4724848cSchristos const char *ssl_max_fragment_len_name(int MFL_mode)
510*4724848cSchristos {
511*4724848cSchristos return enum_name(ssl_max_fragment_len_mode,
512*4724848cSchristos OSSL_NELEM(ssl_max_fragment_len_mode), MFL_mode);
513*4724848cSchristos }
514*4724848cSchristos
515*4724848cSchristos
516*4724848cSchristos /* Expected key and signature types */
517*4724848cSchristos
parse_expected_key_type(int * ptype,const char * value)518*4724848cSchristos __owur static int parse_expected_key_type(int *ptype, const char *value)
519*4724848cSchristos {
520*4724848cSchristos int nid;
521*4724848cSchristos const EVP_PKEY_ASN1_METHOD *ameth;
522*4724848cSchristos
523*4724848cSchristos if (value == NULL)
524*4724848cSchristos return 0;
525*4724848cSchristos ameth = EVP_PKEY_asn1_find_str(NULL, value, -1);
526*4724848cSchristos if (ameth != NULL)
527*4724848cSchristos EVP_PKEY_asn1_get0_info(&nid, NULL, NULL, NULL, NULL, ameth);
528*4724848cSchristos else
529*4724848cSchristos nid = OBJ_sn2nid(value);
530*4724848cSchristos if (nid == NID_undef)
531*4724848cSchristos nid = OBJ_ln2nid(value);
532*4724848cSchristos #ifndef OPENSSL_NO_EC
533*4724848cSchristos if (nid == NID_undef)
534*4724848cSchristos nid = EC_curve_nist2nid(value);
535*4724848cSchristos #endif
536*4724848cSchristos if (nid == NID_undef)
537*4724848cSchristos return 0;
538*4724848cSchristos *ptype = nid;
539*4724848cSchristos return 1;
540*4724848cSchristos }
541*4724848cSchristos
parse_expected_tmp_key_type(SSL_TEST_CTX * test_ctx,const char * value)542*4724848cSchristos __owur static int parse_expected_tmp_key_type(SSL_TEST_CTX *test_ctx,
543*4724848cSchristos const char *value)
544*4724848cSchristos {
545*4724848cSchristos return parse_expected_key_type(&test_ctx->expected_tmp_key_type, value);
546*4724848cSchristos }
547*4724848cSchristos
parse_expected_server_cert_type(SSL_TEST_CTX * test_ctx,const char * value)548*4724848cSchristos __owur static int parse_expected_server_cert_type(SSL_TEST_CTX *test_ctx,
549*4724848cSchristos const char *value)
550*4724848cSchristos {
551*4724848cSchristos return parse_expected_key_type(&test_ctx->expected_server_cert_type,
552*4724848cSchristos value);
553*4724848cSchristos }
554*4724848cSchristos
parse_expected_server_sign_type(SSL_TEST_CTX * test_ctx,const char * value)555*4724848cSchristos __owur static int parse_expected_server_sign_type(SSL_TEST_CTX *test_ctx,
556*4724848cSchristos const char *value)
557*4724848cSchristos {
558*4724848cSchristos return parse_expected_key_type(&test_ctx->expected_server_sign_type,
559*4724848cSchristos value);
560*4724848cSchristos }
561*4724848cSchristos
parse_expected_client_cert_type(SSL_TEST_CTX * test_ctx,const char * value)562*4724848cSchristos __owur static int parse_expected_client_cert_type(SSL_TEST_CTX *test_ctx,
563*4724848cSchristos const char *value)
564*4724848cSchristos {
565*4724848cSchristos return parse_expected_key_type(&test_ctx->expected_client_cert_type,
566*4724848cSchristos value);
567*4724848cSchristos }
568*4724848cSchristos
parse_expected_client_sign_type(SSL_TEST_CTX * test_ctx,const char * value)569*4724848cSchristos __owur static int parse_expected_client_sign_type(SSL_TEST_CTX *test_ctx,
570*4724848cSchristos const char *value)
571*4724848cSchristos {
572*4724848cSchristos return parse_expected_key_type(&test_ctx->expected_client_sign_type,
573*4724848cSchristos value);
574*4724848cSchristos }
575*4724848cSchristos
576*4724848cSchristos
577*4724848cSchristos /* Expected signing hash */
578*4724848cSchristos
parse_expected_sign_hash(int * ptype,const char * value)579*4724848cSchristos __owur static int parse_expected_sign_hash(int *ptype, const char *value)
580*4724848cSchristos {
581*4724848cSchristos int nid;
582*4724848cSchristos
583*4724848cSchristos if (value == NULL)
584*4724848cSchristos return 0;
585*4724848cSchristos nid = OBJ_sn2nid(value);
586*4724848cSchristos if (nid == NID_undef)
587*4724848cSchristos nid = OBJ_ln2nid(value);
588*4724848cSchristos if (nid == NID_undef)
589*4724848cSchristos return 0;
590*4724848cSchristos *ptype = nid;
591*4724848cSchristos return 1;
592*4724848cSchristos }
593*4724848cSchristos
parse_expected_server_sign_hash(SSL_TEST_CTX * test_ctx,const char * value)594*4724848cSchristos __owur static int parse_expected_server_sign_hash(SSL_TEST_CTX *test_ctx,
595*4724848cSchristos const char *value)
596*4724848cSchristos {
597*4724848cSchristos return parse_expected_sign_hash(&test_ctx->expected_server_sign_hash,
598*4724848cSchristos value);
599*4724848cSchristos }
600*4724848cSchristos
parse_expected_client_sign_hash(SSL_TEST_CTX * test_ctx,const char * value)601*4724848cSchristos __owur static int parse_expected_client_sign_hash(SSL_TEST_CTX *test_ctx,
602*4724848cSchristos const char *value)
603*4724848cSchristos {
604*4724848cSchristos return parse_expected_sign_hash(&test_ctx->expected_client_sign_hash,
605*4724848cSchristos value);
606*4724848cSchristos }
607*4724848cSchristos
parse_expected_ca_names(STACK_OF (X509_NAME)** pnames,const char * value)608*4724848cSchristos __owur static int parse_expected_ca_names(STACK_OF(X509_NAME) **pnames,
609*4724848cSchristos const char *value)
610*4724848cSchristos {
611*4724848cSchristos if (value == NULL)
612*4724848cSchristos return 0;
613*4724848cSchristos if (!strcmp(value, "empty"))
614*4724848cSchristos *pnames = sk_X509_NAME_new_null();
615*4724848cSchristos else
616*4724848cSchristos *pnames = SSL_load_client_CA_file(value);
617*4724848cSchristos return *pnames != NULL;
618*4724848cSchristos }
parse_expected_server_ca_names(SSL_TEST_CTX * test_ctx,const char * value)619*4724848cSchristos __owur static int parse_expected_server_ca_names(SSL_TEST_CTX *test_ctx,
620*4724848cSchristos const char *value)
621*4724848cSchristos {
622*4724848cSchristos return parse_expected_ca_names(&test_ctx->expected_server_ca_names, value);
623*4724848cSchristos }
parse_expected_client_ca_names(SSL_TEST_CTX * test_ctx,const char * value)624*4724848cSchristos __owur static int parse_expected_client_ca_names(SSL_TEST_CTX *test_ctx,
625*4724848cSchristos const char *value)
626*4724848cSchristos {
627*4724848cSchristos return parse_expected_ca_names(&test_ctx->expected_client_ca_names, value);
628*4724848cSchristos }
629*4724848cSchristos
630*4724848cSchristos /* ExpectedCipher */
631*4724848cSchristos
632*4724848cSchristos IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_cipher)
633*4724848cSchristos
634*4724848cSchristos /* Client and Server PHA */
635*4724848cSchristos
636*4724848cSchristos IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CLIENT_CONF, client, enable_pha)
637*4724848cSchristos IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_SERVER_CONF, server, force_pha)
638*4724848cSchristos
639*4724848cSchristos /* Known test options and their corresponding parse methods. */
640*4724848cSchristos
641*4724848cSchristos /* Top-level options. */
642*4724848cSchristos typedef struct {
643*4724848cSchristos const char *name;
644*4724848cSchristos int (*parse)(SSL_TEST_CTX *test_ctx, const char *value);
645*4724848cSchristos } ssl_test_ctx_option;
646*4724848cSchristos
647*4724848cSchristos static const ssl_test_ctx_option ssl_test_ctx_options[] = {
648*4724848cSchristos { "ExpectedResult", &parse_expected_result },
649*4724848cSchristos { "ExpectedClientAlert", &parse_client_alert },
650*4724848cSchristos { "ExpectedServerAlert", &parse_server_alert },
651*4724848cSchristos { "ExpectedProtocol", &parse_protocol },
652*4724848cSchristos { "ExpectedServerName", &parse_expected_servername },
653*4724848cSchristos { "SessionTicketExpected", &parse_session_ticket },
654*4724848cSchristos { "CompressionExpected", &parse_test_compression_expected },
655*4724848cSchristos { "SessionIdExpected", &parse_session_id },
656*4724848cSchristos { "Method", &parse_test_method },
657*4724848cSchristos { "ExpectedNPNProtocol", &parse_test_expected_npn_protocol },
658*4724848cSchristos { "ExpectedALPNProtocol", &parse_test_expected_alpn_protocol },
659*4724848cSchristos { "HandshakeMode", &parse_handshake_mode },
660*4724848cSchristos { "KeyUpdateType", &parse_key_update_type },
661*4724848cSchristos { "ResumptionExpected", &parse_test_resumption_expected },
662*4724848cSchristos { "ApplicationData", &parse_test_app_data_size },
663*4724848cSchristos { "MaxFragmentSize", &parse_test_max_fragment_size },
664*4724848cSchristos { "ExpectedTmpKeyType", &parse_expected_tmp_key_type },
665*4724848cSchristos { "ExpectedServerCertType", &parse_expected_server_cert_type },
666*4724848cSchristos { "ExpectedServerSignHash", &parse_expected_server_sign_hash },
667*4724848cSchristos { "ExpectedServerSignType", &parse_expected_server_sign_type },
668*4724848cSchristos { "ExpectedServerCANames", &parse_expected_server_ca_names },
669*4724848cSchristos { "ExpectedClientCertType", &parse_expected_client_cert_type },
670*4724848cSchristos { "ExpectedClientSignHash", &parse_expected_client_sign_hash },
671*4724848cSchristos { "ExpectedClientSignType", &parse_expected_client_sign_type },
672*4724848cSchristos { "ExpectedClientCANames", &parse_expected_client_ca_names },
673*4724848cSchristos { "UseSCTP", &parse_test_use_sctp },
674*4724848cSchristos { "EnableClientSCTPLabelBug", &parse_test_enable_client_sctp_label_bug },
675*4724848cSchristos { "EnableServerSCTPLabelBug", &parse_test_enable_server_sctp_label_bug },
676*4724848cSchristos { "ExpectedCipher", &parse_test_expected_cipher },
677*4724848cSchristos { "ExpectedSessionTicketAppData", &parse_test_expected_session_ticket_app_data },
678*4724848cSchristos };
679*4724848cSchristos
680*4724848cSchristos /* Nested client options. */
681*4724848cSchristos typedef struct {
682*4724848cSchristos const char *name;
683*4724848cSchristos int (*parse)(SSL_TEST_CLIENT_CONF *conf, const char *value);
684*4724848cSchristos } ssl_test_client_option;
685*4724848cSchristos
686*4724848cSchristos static const ssl_test_client_option ssl_test_client_options[] = {
687*4724848cSchristos { "VerifyCallback", &parse_client_verify_callback },
688*4724848cSchristos { "ServerName", &parse_servername },
689*4724848cSchristos { "NPNProtocols", &parse_client_npn_protocols },
690*4724848cSchristos { "ALPNProtocols", &parse_client_alpn_protocols },
691*4724848cSchristos { "CTValidation", &parse_ct_validation },
692*4724848cSchristos { "RenegotiateCiphers", &parse_client_reneg_ciphers},
693*4724848cSchristos { "SRPUser", &parse_client_srp_user },
694*4724848cSchristos { "SRPPassword", &parse_client_srp_password },
695*4724848cSchristos { "MaxFragmentLenExt", &parse_max_fragment_len_mode },
696*4724848cSchristos { "EnablePHA", &parse_client_enable_pha },
697*4724848cSchristos };
698*4724848cSchristos
699*4724848cSchristos /* Nested server options. */
700*4724848cSchristos typedef struct {
701*4724848cSchristos const char *name;
702*4724848cSchristos int (*parse)(SSL_TEST_SERVER_CONF *conf, const char *value);
703*4724848cSchristos } ssl_test_server_option;
704*4724848cSchristos
705*4724848cSchristos static const ssl_test_server_option ssl_test_server_options[] = {
706*4724848cSchristos { "ServerNameCallback", &parse_servername_callback },
707*4724848cSchristos { "NPNProtocols", &parse_server_npn_protocols },
708*4724848cSchristos { "ALPNProtocols", &parse_server_alpn_protocols },
709*4724848cSchristos { "BrokenSessionTicket", &parse_server_broken_session_ticket },
710*4724848cSchristos { "CertStatus", &parse_certstatus },
711*4724848cSchristos { "SRPUser", &parse_server_srp_user },
712*4724848cSchristos { "SRPPassword", &parse_server_srp_password },
713*4724848cSchristos { "ForcePHA", &parse_server_force_pha },
714*4724848cSchristos { "SessionTicketAppData", &parse_server_session_ticket_app_data },
715*4724848cSchristos };
716*4724848cSchristos
SSL_TEST_CTX_new(void)717*4724848cSchristos SSL_TEST_CTX *SSL_TEST_CTX_new(void)
718*4724848cSchristos {
719*4724848cSchristos SSL_TEST_CTX *ret;
720*4724848cSchristos
721*4724848cSchristos /* The return code is checked by caller */
722*4724848cSchristos if ((ret = OPENSSL_zalloc(sizeof(*ret))) != NULL) {
723*4724848cSchristos ret->app_data_size = default_app_data_size;
724*4724848cSchristos ret->max_fragment_size = default_max_fragment_size;
725*4724848cSchristos }
726*4724848cSchristos return ret;
727*4724848cSchristos }
728*4724848cSchristos
ssl_test_extra_conf_free_data(SSL_TEST_EXTRA_CONF * conf)729*4724848cSchristos static void ssl_test_extra_conf_free_data(SSL_TEST_EXTRA_CONF *conf)
730*4724848cSchristos {
731*4724848cSchristos OPENSSL_free(conf->client.npn_protocols);
732*4724848cSchristos OPENSSL_free(conf->server.npn_protocols);
733*4724848cSchristos OPENSSL_free(conf->server2.npn_protocols);
734*4724848cSchristos OPENSSL_free(conf->client.alpn_protocols);
735*4724848cSchristos OPENSSL_free(conf->server.alpn_protocols);
736*4724848cSchristos OPENSSL_free(conf->server2.alpn_protocols);
737*4724848cSchristos OPENSSL_free(conf->client.reneg_ciphers);
738*4724848cSchristos OPENSSL_free(conf->server.srp_user);
739*4724848cSchristos OPENSSL_free(conf->server.srp_password);
740*4724848cSchristos OPENSSL_free(conf->server2.srp_user);
741*4724848cSchristos OPENSSL_free(conf->server2.srp_password);
742*4724848cSchristos OPENSSL_free(conf->client.srp_user);
743*4724848cSchristos OPENSSL_free(conf->client.srp_password);
744*4724848cSchristos OPENSSL_free(conf->server.session_ticket_app_data);
745*4724848cSchristos OPENSSL_free(conf->server2.session_ticket_app_data);
746*4724848cSchristos }
747*4724848cSchristos
ssl_test_ctx_free_extra_data(SSL_TEST_CTX * ctx)748*4724848cSchristos static void ssl_test_ctx_free_extra_data(SSL_TEST_CTX *ctx)
749*4724848cSchristos {
750*4724848cSchristos ssl_test_extra_conf_free_data(&ctx->extra);
751*4724848cSchristos ssl_test_extra_conf_free_data(&ctx->resume_extra);
752*4724848cSchristos }
753*4724848cSchristos
SSL_TEST_CTX_free(SSL_TEST_CTX * ctx)754*4724848cSchristos void SSL_TEST_CTX_free(SSL_TEST_CTX *ctx)
755*4724848cSchristos {
756*4724848cSchristos ssl_test_ctx_free_extra_data(ctx);
757*4724848cSchristos OPENSSL_free(ctx->expected_npn_protocol);
758*4724848cSchristos OPENSSL_free(ctx->expected_alpn_protocol);
759*4724848cSchristos OPENSSL_free(ctx->expected_session_ticket_app_data);
760*4724848cSchristos sk_X509_NAME_pop_free(ctx->expected_server_ca_names, X509_NAME_free);
761*4724848cSchristos sk_X509_NAME_pop_free(ctx->expected_client_ca_names, X509_NAME_free);
762*4724848cSchristos OPENSSL_free(ctx->expected_cipher);
763*4724848cSchristos OPENSSL_free(ctx);
764*4724848cSchristos }
765*4724848cSchristos
parse_client_options(SSL_TEST_CLIENT_CONF * client,const CONF * conf,const char * client_section)766*4724848cSchristos static int parse_client_options(SSL_TEST_CLIENT_CONF *client, const CONF *conf,
767*4724848cSchristos const char *client_section)
768*4724848cSchristos {
769*4724848cSchristos STACK_OF(CONF_VALUE) *sk_conf;
770*4724848cSchristos int i;
771*4724848cSchristos size_t j;
772*4724848cSchristos
773*4724848cSchristos if (!TEST_ptr(sk_conf = NCONF_get_section(conf, client_section)))
774*4724848cSchristos return 0;
775*4724848cSchristos
776*4724848cSchristos for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) {
777*4724848cSchristos int found = 0;
778*4724848cSchristos const CONF_VALUE *option = sk_CONF_VALUE_value(sk_conf, i);
779*4724848cSchristos for (j = 0; j < OSSL_NELEM(ssl_test_client_options); j++) {
780*4724848cSchristos if (strcmp(option->name, ssl_test_client_options[j].name) == 0) {
781*4724848cSchristos if (!ssl_test_client_options[j].parse(client, option->value)) {
782*4724848cSchristos TEST_info("Bad value %s for option %s",
783*4724848cSchristos option->value, option->name);
784*4724848cSchristos return 0;
785*4724848cSchristos }
786*4724848cSchristos found = 1;
787*4724848cSchristos break;
788*4724848cSchristos }
789*4724848cSchristos }
790*4724848cSchristos if (!found) {
791*4724848cSchristos TEST_info("Unknown test option: %s", option->name);
792*4724848cSchristos return 0;
793*4724848cSchristos }
794*4724848cSchristos }
795*4724848cSchristos
796*4724848cSchristos return 1;
797*4724848cSchristos }
798*4724848cSchristos
parse_server_options(SSL_TEST_SERVER_CONF * server,const CONF * conf,const char * server_section)799*4724848cSchristos static int parse_server_options(SSL_TEST_SERVER_CONF *server, const CONF *conf,
800*4724848cSchristos const char *server_section)
801*4724848cSchristos {
802*4724848cSchristos STACK_OF(CONF_VALUE) *sk_conf;
803*4724848cSchristos int i;
804*4724848cSchristos size_t j;
805*4724848cSchristos
806*4724848cSchristos if (!TEST_ptr(sk_conf = NCONF_get_section(conf, server_section)))
807*4724848cSchristos return 0;
808*4724848cSchristos
809*4724848cSchristos for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) {
810*4724848cSchristos int found = 0;
811*4724848cSchristos const CONF_VALUE *option = sk_CONF_VALUE_value(sk_conf, i);
812*4724848cSchristos for (j = 0; j < OSSL_NELEM(ssl_test_server_options); j++) {
813*4724848cSchristos if (strcmp(option->name, ssl_test_server_options[j].name) == 0) {
814*4724848cSchristos if (!ssl_test_server_options[j].parse(server, option->value)) {
815*4724848cSchristos TEST_info("Bad value %s for option %s",
816*4724848cSchristos option->value, option->name);
817*4724848cSchristos return 0;
818*4724848cSchristos }
819*4724848cSchristos found = 1;
820*4724848cSchristos break;
821*4724848cSchristos }
822*4724848cSchristos }
823*4724848cSchristos if (!found) {
824*4724848cSchristos TEST_info("Unknown test option: %s", option->name);
825*4724848cSchristos return 0;
826*4724848cSchristos }
827*4724848cSchristos }
828*4724848cSchristos
829*4724848cSchristos return 1;
830*4724848cSchristos }
831*4724848cSchristos
SSL_TEST_CTX_create(const CONF * conf,const char * test_section)832*4724848cSchristos SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section)
833*4724848cSchristos {
834*4724848cSchristos STACK_OF(CONF_VALUE) *sk_conf = NULL;
835*4724848cSchristos SSL_TEST_CTX *ctx = NULL;
836*4724848cSchristos int i;
837*4724848cSchristos size_t j;
838*4724848cSchristos
839*4724848cSchristos if (!TEST_ptr(sk_conf = NCONF_get_section(conf, test_section))
840*4724848cSchristos || !TEST_ptr(ctx = SSL_TEST_CTX_new()))
841*4724848cSchristos goto err;
842*4724848cSchristos
843*4724848cSchristos for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) {
844*4724848cSchristos int found = 0;
845*4724848cSchristos const CONF_VALUE *option = sk_CONF_VALUE_value(sk_conf, i);
846*4724848cSchristos
847*4724848cSchristos /* Subsections */
848*4724848cSchristos if (strcmp(option->name, "client") == 0) {
849*4724848cSchristos if (!parse_client_options(&ctx->extra.client, conf, option->value))
850*4724848cSchristos goto err;
851*4724848cSchristos } else if (strcmp(option->name, "server") == 0) {
852*4724848cSchristos if (!parse_server_options(&ctx->extra.server, conf, option->value))
853*4724848cSchristos goto err;
854*4724848cSchristos } else if (strcmp(option->name, "server2") == 0) {
855*4724848cSchristos if (!parse_server_options(&ctx->extra.server2, conf, option->value))
856*4724848cSchristos goto err;
857*4724848cSchristos } else if (strcmp(option->name, "resume-client") == 0) {
858*4724848cSchristos if (!parse_client_options(&ctx->resume_extra.client, conf,
859*4724848cSchristos option->value))
860*4724848cSchristos goto err;
861*4724848cSchristos } else if (strcmp(option->name, "resume-server") == 0) {
862*4724848cSchristos if (!parse_server_options(&ctx->resume_extra.server, conf,
863*4724848cSchristos option->value))
864*4724848cSchristos goto err;
865*4724848cSchristos } else if (strcmp(option->name, "resume-server2") == 0) {
866*4724848cSchristos if (!parse_server_options(&ctx->resume_extra.server2, conf,
867*4724848cSchristos option->value))
868*4724848cSchristos goto err;
869*4724848cSchristos } else {
870*4724848cSchristos for (j = 0; j < OSSL_NELEM(ssl_test_ctx_options); j++) {
871*4724848cSchristos if (strcmp(option->name, ssl_test_ctx_options[j].name) == 0) {
872*4724848cSchristos if (!ssl_test_ctx_options[j].parse(ctx, option->value)) {
873*4724848cSchristos TEST_info("Bad value %s for option %s",
874*4724848cSchristos option->value, option->name);
875*4724848cSchristos goto err;
876*4724848cSchristos }
877*4724848cSchristos found = 1;
878*4724848cSchristos break;
879*4724848cSchristos }
880*4724848cSchristos }
881*4724848cSchristos if (!found) {
882*4724848cSchristos TEST_info("Unknown test option: %s", option->name);
883*4724848cSchristos goto err;
884*4724848cSchristos }
885*4724848cSchristos }
886*4724848cSchristos }
887*4724848cSchristos
888*4724848cSchristos goto done;
889*4724848cSchristos
890*4724848cSchristos err:
891*4724848cSchristos SSL_TEST_CTX_free(ctx);
892*4724848cSchristos ctx = NULL;
893*4724848cSchristos done:
894*4724848cSchristos return ctx;
895*4724848cSchristos }
896