1*b0d17251Schristos /*
2*b0d17251Schristos * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
3*b0d17251Schristos *
4*b0d17251Schristos * Licensed under the Apache License 2.0 (the "License"). You may not use
5*b0d17251Schristos * this file except in compliance with the License. You can obtain a copy
6*b0d17251Schristos * in the file LICENSE in the source distribution or at
7*b0d17251Schristos * https://www.openssl.org/source/license.html
8*b0d17251Schristos */
9*b0d17251Schristos
10*b0d17251Schristos #include <string.h>
11*b0d17251Schristos
12*b0d17251Schristos #include <openssl/e_os2.h>
13*b0d17251Schristos #include <openssl/crypto.h>
14*b0d17251Schristos
15*b0d17251Schristos #include "internal/nelem.h"
16*b0d17251Schristos #include "ssl_test_ctx.h"
17*b0d17251Schristos #include "../testutil.h"
18*b0d17251Schristos
19*b0d17251Schristos static const int default_app_data_size = 256;
20*b0d17251Schristos /* Default set to be as small as possible to exercise fragmentation. */
21*b0d17251Schristos static const int default_max_fragment_size = 512;
22*b0d17251Schristos
parse_boolean(const char * value,int * result)23*b0d17251Schristos static int parse_boolean(const char *value, int *result)
24*b0d17251Schristos {
25*b0d17251Schristos if (OPENSSL_strcasecmp(value, "Yes") == 0) {
26*b0d17251Schristos *result = 1;
27*b0d17251Schristos return 1;
28*b0d17251Schristos }
29*b0d17251Schristos else if (OPENSSL_strcasecmp(value, "No") == 0) {
30*b0d17251Schristos *result = 0;
31*b0d17251Schristos return 1;
32*b0d17251Schristos }
33*b0d17251Schristos TEST_error("parse_boolean given: '%s'", value);
34*b0d17251Schristos return 0;
35*b0d17251Schristos }
36*b0d17251Schristos
37*b0d17251Schristos #define IMPLEMENT_SSL_TEST_BOOL_OPTION(struct_type, name, field) \
38*b0d17251Schristos static int parse_##name##_##field(struct_type *ctx, const char *value) \
39*b0d17251Schristos { \
40*b0d17251Schristos return parse_boolean(value, &ctx->field); \
41*b0d17251Schristos }
42*b0d17251Schristos
43*b0d17251Schristos #define IMPLEMENT_SSL_TEST_STRING_OPTION(struct_type, name, field) \
44*b0d17251Schristos static int parse_##name##_##field(struct_type *ctx, const char *value) \
45*b0d17251Schristos { \
46*b0d17251Schristos OPENSSL_free(ctx->field); \
47*b0d17251Schristos ctx->field = OPENSSL_strdup(value); \
48*b0d17251Schristos return TEST_ptr(ctx->field); \
49*b0d17251Schristos }
50*b0d17251Schristos
51*b0d17251Schristos #define IMPLEMENT_SSL_TEST_INT_OPTION(struct_type, name, field) \
52*b0d17251Schristos static int parse_##name##_##field(struct_type *ctx, const char *value) \
53*b0d17251Schristos { \
54*b0d17251Schristos ctx->field = atoi(value); \
55*b0d17251Schristos return 1; \
56*b0d17251Schristos }
57*b0d17251Schristos
58*b0d17251Schristos /* True enums and other test configuration values that map to an int. */
59*b0d17251Schristos typedef struct {
60*b0d17251Schristos const char *name;
61*b0d17251Schristos int value;
62*b0d17251Schristos } test_enum;
63*b0d17251Schristos
64*b0d17251Schristos
parse_enum(const test_enum * enums,size_t num_enums,int * value,const char * name)65*b0d17251Schristos __owur static int parse_enum(const test_enum *enums, size_t num_enums,
66*b0d17251Schristos int *value, const char *name)
67*b0d17251Schristos {
68*b0d17251Schristos size_t i;
69*b0d17251Schristos for (i = 0; i < num_enums; i++) {
70*b0d17251Schristos if (strcmp(enums[i].name, name) == 0) {
71*b0d17251Schristos *value = enums[i].value;
72*b0d17251Schristos return 1;
73*b0d17251Schristos }
74*b0d17251Schristos }
75*b0d17251Schristos return 0;
76*b0d17251Schristos }
77*b0d17251Schristos
enum_name(const test_enum * enums,size_t num_enums,int value)78*b0d17251Schristos static const char *enum_name(const test_enum *enums, size_t num_enums,
79*b0d17251Schristos int value)
80*b0d17251Schristos {
81*b0d17251Schristos size_t i;
82*b0d17251Schristos for (i = 0; i < num_enums; i++) {
83*b0d17251Schristos if (enums[i].value == value) {
84*b0d17251Schristos return enums[i].name;
85*b0d17251Schristos }
86*b0d17251Schristos }
87*b0d17251Schristos return "InvalidValue";
88*b0d17251Schristos }
89*b0d17251Schristos
90*b0d17251Schristos
91*b0d17251Schristos /* ExpectedResult */
92*b0d17251Schristos
93*b0d17251Schristos static const test_enum ssl_test_results[] = {
94*b0d17251Schristos {"Success", SSL_TEST_SUCCESS},
95*b0d17251Schristos {"ServerFail", SSL_TEST_SERVER_FAIL},
96*b0d17251Schristos {"ClientFail", SSL_TEST_CLIENT_FAIL},
97*b0d17251Schristos {"InternalError", SSL_TEST_INTERNAL_ERROR},
98*b0d17251Schristos {"FirstHandshakeFailed", SSL_TEST_FIRST_HANDSHAKE_FAILED},
99*b0d17251Schristos };
100*b0d17251Schristos
parse_expected_result(SSL_TEST_CTX * test_ctx,const char * value)101*b0d17251Schristos __owur static int parse_expected_result(SSL_TEST_CTX *test_ctx, const char *value)
102*b0d17251Schristos {
103*b0d17251Schristos int ret_value;
104*b0d17251Schristos if (!parse_enum(ssl_test_results, OSSL_NELEM(ssl_test_results),
105*b0d17251Schristos &ret_value, value)) {
106*b0d17251Schristos return 0;
107*b0d17251Schristos }
108*b0d17251Schristos test_ctx->expected_result = ret_value;
109*b0d17251Schristos return 1;
110*b0d17251Schristos }
111*b0d17251Schristos
ssl_test_result_name(ssl_test_result_t result)112*b0d17251Schristos const char *ssl_test_result_name(ssl_test_result_t result)
113*b0d17251Schristos {
114*b0d17251Schristos return enum_name(ssl_test_results, OSSL_NELEM(ssl_test_results), result);
115*b0d17251Schristos }
116*b0d17251Schristos
117*b0d17251Schristos /* ExpectedClientAlert / ExpectedServerAlert */
118*b0d17251Schristos
119*b0d17251Schristos static const test_enum ssl_alerts[] = {
120*b0d17251Schristos {"UnknownCA", SSL_AD_UNKNOWN_CA},
121*b0d17251Schristos {"HandshakeFailure", SSL_AD_HANDSHAKE_FAILURE},
122*b0d17251Schristos {"UnrecognizedName", SSL_AD_UNRECOGNIZED_NAME},
123*b0d17251Schristos {"NoRenegotiation", SSL_AD_NO_RENEGOTIATION},
124*b0d17251Schristos {"BadCertificate", SSL_AD_BAD_CERTIFICATE},
125*b0d17251Schristos {"NoApplicationProtocol", SSL_AD_NO_APPLICATION_PROTOCOL},
126*b0d17251Schristos {"CertificateRequired", SSL_AD_CERTIFICATE_REQUIRED},
127*b0d17251Schristos };
128*b0d17251Schristos
parse_alert(int * alert,const char * value)129*b0d17251Schristos __owur static int parse_alert(int *alert, const char *value)
130*b0d17251Schristos {
131*b0d17251Schristos return parse_enum(ssl_alerts, OSSL_NELEM(ssl_alerts), alert, value);
132*b0d17251Schristos }
133*b0d17251Schristos
parse_client_alert(SSL_TEST_CTX * test_ctx,const char * value)134*b0d17251Schristos __owur static int parse_client_alert(SSL_TEST_CTX *test_ctx, const char *value)
135*b0d17251Schristos {
136*b0d17251Schristos return parse_alert(&test_ctx->expected_client_alert, value);
137*b0d17251Schristos }
138*b0d17251Schristos
parse_server_alert(SSL_TEST_CTX * test_ctx,const char * value)139*b0d17251Schristos __owur static int parse_server_alert(SSL_TEST_CTX *test_ctx, const char *value)
140*b0d17251Schristos {
141*b0d17251Schristos return parse_alert(&test_ctx->expected_server_alert, value);
142*b0d17251Schristos }
143*b0d17251Schristos
ssl_alert_name(int alert)144*b0d17251Schristos const char *ssl_alert_name(int alert)
145*b0d17251Schristos {
146*b0d17251Schristos return enum_name(ssl_alerts, OSSL_NELEM(ssl_alerts), alert);
147*b0d17251Schristos }
148*b0d17251Schristos
149*b0d17251Schristos /* ExpectedProtocol */
150*b0d17251Schristos
151*b0d17251Schristos static const test_enum ssl_protocols[] = {
152*b0d17251Schristos {"TLSv1.3", TLS1_3_VERSION},
153*b0d17251Schristos {"TLSv1.2", TLS1_2_VERSION},
154*b0d17251Schristos {"TLSv1.1", TLS1_1_VERSION},
155*b0d17251Schristos {"TLSv1", TLS1_VERSION},
156*b0d17251Schristos {"SSLv3", SSL3_VERSION},
157*b0d17251Schristos {"DTLSv1", DTLS1_VERSION},
158*b0d17251Schristos {"DTLSv1.2", DTLS1_2_VERSION},
159*b0d17251Schristos };
160*b0d17251Schristos
parse_protocol(SSL_TEST_CTX * test_ctx,const char * value)161*b0d17251Schristos __owur static int parse_protocol(SSL_TEST_CTX *test_ctx, const char *value)
162*b0d17251Schristos {
163*b0d17251Schristos return parse_enum(ssl_protocols, OSSL_NELEM(ssl_protocols),
164*b0d17251Schristos &test_ctx->expected_protocol, value);
165*b0d17251Schristos }
166*b0d17251Schristos
ssl_protocol_name(int protocol)167*b0d17251Schristos const char *ssl_protocol_name(int protocol)
168*b0d17251Schristos {
169*b0d17251Schristos return enum_name(ssl_protocols, OSSL_NELEM(ssl_protocols), protocol);
170*b0d17251Schristos }
171*b0d17251Schristos
172*b0d17251Schristos /* VerifyCallback */
173*b0d17251Schristos
174*b0d17251Schristos static const test_enum ssl_verify_callbacks[] = {
175*b0d17251Schristos {"None", SSL_TEST_VERIFY_NONE},
176*b0d17251Schristos {"AcceptAll", SSL_TEST_VERIFY_ACCEPT_ALL},
177*b0d17251Schristos {"RetryOnce", SSL_TEST_VERIFY_RETRY_ONCE},
178*b0d17251Schristos {"RejectAll", SSL_TEST_VERIFY_REJECT_ALL},
179*b0d17251Schristos };
180*b0d17251Schristos
parse_client_verify_callback(SSL_TEST_CLIENT_CONF * client_conf,const char * value)181*b0d17251Schristos __owur static int parse_client_verify_callback(SSL_TEST_CLIENT_CONF *client_conf,
182*b0d17251Schristos const char *value)
183*b0d17251Schristos {
184*b0d17251Schristos int ret_value;
185*b0d17251Schristos
186*b0d17251Schristos if (!parse_enum(ssl_verify_callbacks, OSSL_NELEM(ssl_verify_callbacks),
187*b0d17251Schristos &ret_value, value)) {
188*b0d17251Schristos return 0;
189*b0d17251Schristos }
190*b0d17251Schristos client_conf->verify_callback = ret_value;
191*b0d17251Schristos return 1;
192*b0d17251Schristos }
193*b0d17251Schristos
ssl_verify_callback_name(ssl_verify_callback_t callback)194*b0d17251Schristos const char *ssl_verify_callback_name(ssl_verify_callback_t callback)
195*b0d17251Schristos {
196*b0d17251Schristos return enum_name(ssl_verify_callbacks, OSSL_NELEM(ssl_verify_callbacks),
197*b0d17251Schristos callback);
198*b0d17251Schristos }
199*b0d17251Schristos
200*b0d17251Schristos /* ServerName */
201*b0d17251Schristos
202*b0d17251Schristos static const test_enum ssl_servername[] = {
203*b0d17251Schristos {"None", SSL_TEST_SERVERNAME_NONE},
204*b0d17251Schristos {"server1", SSL_TEST_SERVERNAME_SERVER1},
205*b0d17251Schristos {"server2", SSL_TEST_SERVERNAME_SERVER2},
206*b0d17251Schristos {"invalid", SSL_TEST_SERVERNAME_INVALID},
207*b0d17251Schristos };
208*b0d17251Schristos
parse_servername(SSL_TEST_CLIENT_CONF * client_conf,const char * value)209*b0d17251Schristos __owur static int parse_servername(SSL_TEST_CLIENT_CONF *client_conf,
210*b0d17251Schristos const char *value)
211*b0d17251Schristos {
212*b0d17251Schristos int ret_value;
213*b0d17251Schristos if (!parse_enum(ssl_servername, OSSL_NELEM(ssl_servername),
214*b0d17251Schristos &ret_value, value)) {
215*b0d17251Schristos return 0;
216*b0d17251Schristos }
217*b0d17251Schristos client_conf->servername = ret_value;
218*b0d17251Schristos return 1;
219*b0d17251Schristos }
220*b0d17251Schristos
parse_expected_servername(SSL_TEST_CTX * test_ctx,const char * value)221*b0d17251Schristos __owur static int parse_expected_servername(SSL_TEST_CTX *test_ctx,
222*b0d17251Schristos const char *value)
223*b0d17251Schristos {
224*b0d17251Schristos int ret_value;
225*b0d17251Schristos if (!parse_enum(ssl_servername, OSSL_NELEM(ssl_servername),
226*b0d17251Schristos &ret_value, value)) {
227*b0d17251Schristos return 0;
228*b0d17251Schristos }
229*b0d17251Schristos test_ctx->expected_servername = ret_value;
230*b0d17251Schristos return 1;
231*b0d17251Schristos }
232*b0d17251Schristos
ssl_servername_name(ssl_servername_t server)233*b0d17251Schristos const char *ssl_servername_name(ssl_servername_t server)
234*b0d17251Schristos {
235*b0d17251Schristos return enum_name(ssl_servername, OSSL_NELEM(ssl_servername),
236*b0d17251Schristos server);
237*b0d17251Schristos }
238*b0d17251Schristos
239*b0d17251Schristos /* ServerNameCallback */
240*b0d17251Schristos
241*b0d17251Schristos static const test_enum ssl_servername_callbacks[] = {
242*b0d17251Schristos {"None", SSL_TEST_SERVERNAME_CB_NONE},
243*b0d17251Schristos {"IgnoreMismatch", SSL_TEST_SERVERNAME_IGNORE_MISMATCH},
244*b0d17251Schristos {"RejectMismatch", SSL_TEST_SERVERNAME_REJECT_MISMATCH},
245*b0d17251Schristos {"ClientHelloIgnoreMismatch",
246*b0d17251Schristos SSL_TEST_SERVERNAME_CLIENT_HELLO_IGNORE_MISMATCH},
247*b0d17251Schristos {"ClientHelloRejectMismatch",
248*b0d17251Schristos SSL_TEST_SERVERNAME_CLIENT_HELLO_REJECT_MISMATCH},
249*b0d17251Schristos {"ClientHelloNoV12", SSL_TEST_SERVERNAME_CLIENT_HELLO_NO_V12},
250*b0d17251Schristos };
251*b0d17251Schristos
parse_servername_callback(SSL_TEST_SERVER_CONF * server_conf,const char * value)252*b0d17251Schristos __owur static int parse_servername_callback(SSL_TEST_SERVER_CONF *server_conf,
253*b0d17251Schristos const char *value)
254*b0d17251Schristos {
255*b0d17251Schristos int ret_value;
256*b0d17251Schristos if (!parse_enum(ssl_servername_callbacks,
257*b0d17251Schristos OSSL_NELEM(ssl_servername_callbacks), &ret_value, value)) {
258*b0d17251Schristos return 0;
259*b0d17251Schristos }
260*b0d17251Schristos server_conf->servername_callback = ret_value;
261*b0d17251Schristos return 1;
262*b0d17251Schristos }
263*b0d17251Schristos
ssl_servername_callback_name(ssl_servername_callback_t callback)264*b0d17251Schristos const char *ssl_servername_callback_name(ssl_servername_callback_t callback)
265*b0d17251Schristos {
266*b0d17251Schristos return enum_name(ssl_servername_callbacks,
267*b0d17251Schristos OSSL_NELEM(ssl_servername_callbacks), callback);
268*b0d17251Schristos }
269*b0d17251Schristos
270*b0d17251Schristos /* SessionTicketExpected */
271*b0d17251Schristos
272*b0d17251Schristos static const test_enum ssl_session_ticket[] = {
273*b0d17251Schristos {"Ignore", SSL_TEST_SESSION_TICKET_IGNORE},
274*b0d17251Schristos {"Yes", SSL_TEST_SESSION_TICKET_YES},
275*b0d17251Schristos {"No", SSL_TEST_SESSION_TICKET_NO},
276*b0d17251Schristos };
277*b0d17251Schristos
parse_session_ticket(SSL_TEST_CTX * test_ctx,const char * value)278*b0d17251Schristos __owur static int parse_session_ticket(SSL_TEST_CTX *test_ctx, const char *value)
279*b0d17251Schristos {
280*b0d17251Schristos int ret_value;
281*b0d17251Schristos if (!parse_enum(ssl_session_ticket, OSSL_NELEM(ssl_session_ticket),
282*b0d17251Schristos &ret_value, value)) {
283*b0d17251Schristos return 0;
284*b0d17251Schristos }
285*b0d17251Schristos test_ctx->session_ticket_expected = ret_value;
286*b0d17251Schristos return 1;
287*b0d17251Schristos }
288*b0d17251Schristos
ssl_session_ticket_name(ssl_session_ticket_t server)289*b0d17251Schristos const char *ssl_session_ticket_name(ssl_session_ticket_t server)
290*b0d17251Schristos {
291*b0d17251Schristos return enum_name(ssl_session_ticket,
292*b0d17251Schristos OSSL_NELEM(ssl_session_ticket),
293*b0d17251Schristos server);
294*b0d17251Schristos }
295*b0d17251Schristos
296*b0d17251Schristos /* CompressionExpected */
297*b0d17251Schristos
298*b0d17251Schristos IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, compression_expected)
299*b0d17251Schristos
300*b0d17251Schristos /* SessionIdExpected */
301*b0d17251Schristos
302*b0d17251Schristos static const test_enum ssl_session_id[] = {
303*b0d17251Schristos {"Ignore", SSL_TEST_SESSION_ID_IGNORE},
304*b0d17251Schristos {"Yes", SSL_TEST_SESSION_ID_YES},
305*b0d17251Schristos {"No", SSL_TEST_SESSION_ID_NO},
306*b0d17251Schristos };
307*b0d17251Schristos
parse_session_id(SSL_TEST_CTX * test_ctx,const char * value)308*b0d17251Schristos __owur static int parse_session_id(SSL_TEST_CTX *test_ctx, const char *value)
309*b0d17251Schristos {
310*b0d17251Schristos int ret_value;
311*b0d17251Schristos if (!parse_enum(ssl_session_id, OSSL_NELEM(ssl_session_id),
312*b0d17251Schristos &ret_value, value)) {
313*b0d17251Schristos return 0;
314*b0d17251Schristos }
315*b0d17251Schristos test_ctx->session_id_expected = ret_value;
316*b0d17251Schristos return 1;
317*b0d17251Schristos }
318*b0d17251Schristos
ssl_session_id_name(ssl_session_id_t server)319*b0d17251Schristos const char *ssl_session_id_name(ssl_session_id_t server)
320*b0d17251Schristos {
321*b0d17251Schristos return enum_name(ssl_session_id,
322*b0d17251Schristos OSSL_NELEM(ssl_session_id),
323*b0d17251Schristos server);
324*b0d17251Schristos }
325*b0d17251Schristos
326*b0d17251Schristos /* Method */
327*b0d17251Schristos
328*b0d17251Schristos static const test_enum ssl_test_methods[] = {
329*b0d17251Schristos {"TLS", SSL_TEST_METHOD_TLS},
330*b0d17251Schristos {"DTLS", SSL_TEST_METHOD_DTLS},
331*b0d17251Schristos };
332*b0d17251Schristos
parse_test_method(SSL_TEST_CTX * test_ctx,const char * value)333*b0d17251Schristos __owur static int parse_test_method(SSL_TEST_CTX *test_ctx, const char *value)
334*b0d17251Schristos {
335*b0d17251Schristos int ret_value;
336*b0d17251Schristos if (!parse_enum(ssl_test_methods, OSSL_NELEM(ssl_test_methods),
337*b0d17251Schristos &ret_value, value)) {
338*b0d17251Schristos return 0;
339*b0d17251Schristos }
340*b0d17251Schristos test_ctx->method = ret_value;
341*b0d17251Schristos return 1;
342*b0d17251Schristos }
343*b0d17251Schristos
ssl_test_method_name(ssl_test_method_t method)344*b0d17251Schristos const char *ssl_test_method_name(ssl_test_method_t method)
345*b0d17251Schristos {
346*b0d17251Schristos return enum_name(ssl_test_methods, OSSL_NELEM(ssl_test_methods), method);
347*b0d17251Schristos }
348*b0d17251Schristos
349*b0d17251Schristos /* NPN and ALPN options */
350*b0d17251Schristos
351*b0d17251Schristos IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, npn_protocols)
352*b0d17251Schristos IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, npn_protocols)
353*b0d17251Schristos IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_npn_protocol)
354*b0d17251Schristos IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, alpn_protocols)
355*b0d17251Schristos IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, alpn_protocols)
356*b0d17251Schristos IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_alpn_protocol)
357*b0d17251Schristos
358*b0d17251Schristos /* SRP options */
359*b0d17251Schristos IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, srp_user)
360*b0d17251Schristos IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, srp_user)
361*b0d17251Schristos IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, srp_password)
362*b0d17251Schristos IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, srp_password)
363*b0d17251Schristos
364*b0d17251Schristos /* Session Ticket App Data options */
365*b0d17251Schristos IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_session_ticket_app_data)
366*b0d17251Schristos IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, session_ticket_app_data)
367*b0d17251Schristos
368*b0d17251Schristos /* Handshake mode */
369*b0d17251Schristos
370*b0d17251Schristos static const test_enum ssl_handshake_modes[] = {
371*b0d17251Schristos {"Simple", SSL_TEST_HANDSHAKE_SIMPLE},
372*b0d17251Schristos {"Resume", SSL_TEST_HANDSHAKE_RESUME},
373*b0d17251Schristos {"RenegotiateServer", SSL_TEST_HANDSHAKE_RENEG_SERVER},
374*b0d17251Schristos {"RenegotiateClient", SSL_TEST_HANDSHAKE_RENEG_CLIENT},
375*b0d17251Schristos {"KeyUpdateServer", SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER},
376*b0d17251Schristos {"KeyUpdateClient", SSL_TEST_HANDSHAKE_KEY_UPDATE_CLIENT},
377*b0d17251Schristos {"PostHandshakeAuth", SSL_TEST_HANDSHAKE_POST_HANDSHAKE_AUTH},
378*b0d17251Schristos };
379*b0d17251Schristos
parse_handshake_mode(SSL_TEST_CTX * test_ctx,const char * value)380*b0d17251Schristos __owur static int parse_handshake_mode(SSL_TEST_CTX *test_ctx, const char *value)
381*b0d17251Schristos {
382*b0d17251Schristos int ret_value;
383*b0d17251Schristos if (!parse_enum(ssl_handshake_modes, OSSL_NELEM(ssl_handshake_modes),
384*b0d17251Schristos &ret_value, value)) {
385*b0d17251Schristos return 0;
386*b0d17251Schristos }
387*b0d17251Schristos test_ctx->handshake_mode = ret_value;
388*b0d17251Schristos return 1;
389*b0d17251Schristos }
390*b0d17251Schristos
ssl_handshake_mode_name(ssl_handshake_mode_t mode)391*b0d17251Schristos const char *ssl_handshake_mode_name(ssl_handshake_mode_t mode)
392*b0d17251Schristos {
393*b0d17251Schristos return enum_name(ssl_handshake_modes, OSSL_NELEM(ssl_handshake_modes),
394*b0d17251Schristos mode);
395*b0d17251Schristos }
396*b0d17251Schristos
397*b0d17251Schristos /* Renegotiation Ciphersuites */
398*b0d17251Schristos
399*b0d17251Schristos IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, reneg_ciphers)
400*b0d17251Schristos
401*b0d17251Schristos /* KeyUpdateType */
402*b0d17251Schristos
403*b0d17251Schristos static const test_enum ssl_key_update_types[] = {
404*b0d17251Schristos {"KeyUpdateRequested", SSL_KEY_UPDATE_REQUESTED},
405*b0d17251Schristos {"KeyUpdateNotRequested", SSL_KEY_UPDATE_NOT_REQUESTED},
406*b0d17251Schristos };
407*b0d17251Schristos
parse_key_update_type(SSL_TEST_CTX * test_ctx,const char * value)408*b0d17251Schristos __owur static int parse_key_update_type(SSL_TEST_CTX *test_ctx, const char *value)
409*b0d17251Schristos {
410*b0d17251Schristos int ret_value;
411*b0d17251Schristos if (!parse_enum(ssl_key_update_types, OSSL_NELEM(ssl_key_update_types),
412*b0d17251Schristos &ret_value, value)) {
413*b0d17251Schristos return 0;
414*b0d17251Schristos }
415*b0d17251Schristos test_ctx->key_update_type = ret_value;
416*b0d17251Schristos return 1;
417*b0d17251Schristos }
418*b0d17251Schristos
419*b0d17251Schristos /* CT Validation */
420*b0d17251Schristos
421*b0d17251Schristos static const test_enum ssl_ct_validation_modes[] = {
422*b0d17251Schristos {"None", SSL_TEST_CT_VALIDATION_NONE},
423*b0d17251Schristos {"Permissive", SSL_TEST_CT_VALIDATION_PERMISSIVE},
424*b0d17251Schristos {"Strict", SSL_TEST_CT_VALIDATION_STRICT},
425*b0d17251Schristos };
426*b0d17251Schristos
parse_ct_validation(SSL_TEST_CLIENT_CONF * client_conf,const char * value)427*b0d17251Schristos __owur static int parse_ct_validation(SSL_TEST_CLIENT_CONF *client_conf,
428*b0d17251Schristos const char *value)
429*b0d17251Schristos {
430*b0d17251Schristos int ret_value;
431*b0d17251Schristos if (!parse_enum(ssl_ct_validation_modes, OSSL_NELEM(ssl_ct_validation_modes),
432*b0d17251Schristos &ret_value, value)) {
433*b0d17251Schristos return 0;
434*b0d17251Schristos }
435*b0d17251Schristos client_conf->ct_validation = ret_value;
436*b0d17251Schristos return 1;
437*b0d17251Schristos }
438*b0d17251Schristos
ssl_ct_validation_name(ssl_ct_validation_t mode)439*b0d17251Schristos const char *ssl_ct_validation_name(ssl_ct_validation_t mode)
440*b0d17251Schristos {
441*b0d17251Schristos return enum_name(ssl_ct_validation_modes, OSSL_NELEM(ssl_ct_validation_modes),
442*b0d17251Schristos mode);
443*b0d17251Schristos }
444*b0d17251Schristos
445*b0d17251Schristos IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, resumption_expected)
446*b0d17251Schristos IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_SERVER_CONF, server, broken_session_ticket)
447*b0d17251Schristos IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, use_sctp)
448*b0d17251Schristos IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, enable_client_sctp_label_bug)
449*b0d17251Schristos IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, enable_server_sctp_label_bug)
450*b0d17251Schristos
451*b0d17251Schristos /* CertStatus */
452*b0d17251Schristos
453*b0d17251Schristos static const test_enum ssl_certstatus[] = {
454*b0d17251Schristos {"None", SSL_TEST_CERT_STATUS_NONE},
455*b0d17251Schristos {"GoodResponse", SSL_TEST_CERT_STATUS_GOOD_RESPONSE},
456*b0d17251Schristos {"BadResponse", SSL_TEST_CERT_STATUS_BAD_RESPONSE}
457*b0d17251Schristos };
458*b0d17251Schristos
parse_certstatus(SSL_TEST_SERVER_CONF * server_conf,const char * value)459*b0d17251Schristos __owur static int parse_certstatus(SSL_TEST_SERVER_CONF *server_conf,
460*b0d17251Schristos const char *value)
461*b0d17251Schristos {
462*b0d17251Schristos int ret_value;
463*b0d17251Schristos if (!parse_enum(ssl_certstatus, OSSL_NELEM(ssl_certstatus), &ret_value,
464*b0d17251Schristos value)) {
465*b0d17251Schristos return 0;
466*b0d17251Schristos }
467*b0d17251Schristos server_conf->cert_status = ret_value;
468*b0d17251Schristos return 1;
469*b0d17251Schristos }
470*b0d17251Schristos
ssl_certstatus_name(ssl_cert_status_t cert_status)471*b0d17251Schristos const char *ssl_certstatus_name(ssl_cert_status_t cert_status)
472*b0d17251Schristos {
473*b0d17251Schristos return enum_name(ssl_certstatus,
474*b0d17251Schristos OSSL_NELEM(ssl_certstatus), cert_status);
475*b0d17251Schristos }
476*b0d17251Schristos
477*b0d17251Schristos /* ApplicationData */
478*b0d17251Schristos
479*b0d17251Schristos IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, app_data_size)
480*b0d17251Schristos
481*b0d17251Schristos
482*b0d17251Schristos /* MaxFragmentSize */
483*b0d17251Schristos
484*b0d17251Schristos IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, max_fragment_size)
485*b0d17251Schristos
486*b0d17251Schristos /* Maximum-Fragment-Length TLS extension mode */
487*b0d17251Schristos static const test_enum ssl_max_fragment_len_mode[] = {
488*b0d17251Schristos {"None", TLSEXT_max_fragment_length_DISABLED},
489*b0d17251Schristos { "512", TLSEXT_max_fragment_length_512},
490*b0d17251Schristos {"1024", TLSEXT_max_fragment_length_1024},
491*b0d17251Schristos {"2048", TLSEXT_max_fragment_length_2048},
492*b0d17251Schristos {"4096", TLSEXT_max_fragment_length_4096}
493*b0d17251Schristos };
494*b0d17251Schristos
parse_max_fragment_len_mode(SSL_TEST_CLIENT_CONF * client_conf,const char * value)495*b0d17251Schristos __owur static int parse_max_fragment_len_mode(SSL_TEST_CLIENT_CONF *client_conf,
496*b0d17251Schristos const char *value)
497*b0d17251Schristos {
498*b0d17251Schristos int ret_value;
499*b0d17251Schristos
500*b0d17251Schristos if (!parse_enum(ssl_max_fragment_len_mode,
501*b0d17251Schristos OSSL_NELEM(ssl_max_fragment_len_mode), &ret_value, value)) {
502*b0d17251Schristos return 0;
503*b0d17251Schristos }
504*b0d17251Schristos client_conf->max_fragment_len_mode = ret_value;
505*b0d17251Schristos return 1;
506*b0d17251Schristos }
507*b0d17251Schristos
ssl_max_fragment_len_name(int MFL_mode)508*b0d17251Schristos const char *ssl_max_fragment_len_name(int MFL_mode)
509*b0d17251Schristos {
510*b0d17251Schristos return enum_name(ssl_max_fragment_len_mode,
511*b0d17251Schristos OSSL_NELEM(ssl_max_fragment_len_mode), MFL_mode);
512*b0d17251Schristos }
513*b0d17251Schristos
514*b0d17251Schristos
515*b0d17251Schristos /* Expected key and signature types */
516*b0d17251Schristos
parse_expected_key_type(int * ptype,const char * value)517*b0d17251Schristos __owur static int parse_expected_key_type(int *ptype, const char *value)
518*b0d17251Schristos {
519*b0d17251Schristos int nid;
520*b0d17251Schristos const EVP_PKEY_ASN1_METHOD *ameth;
521*b0d17251Schristos
522*b0d17251Schristos if (value == NULL)
523*b0d17251Schristos return 0;
524*b0d17251Schristos ameth = EVP_PKEY_asn1_find_str(NULL, value, -1);
525*b0d17251Schristos if (ameth != NULL)
526*b0d17251Schristos EVP_PKEY_asn1_get0_info(&nid, NULL, NULL, NULL, NULL, ameth);
527*b0d17251Schristos else
528*b0d17251Schristos nid = OBJ_sn2nid(value);
529*b0d17251Schristos if (nid == NID_undef)
530*b0d17251Schristos nid = OBJ_ln2nid(value);
531*b0d17251Schristos #ifndef OPENSSL_NO_EC
532*b0d17251Schristos if (nid == NID_undef)
533*b0d17251Schristos nid = EC_curve_nist2nid(value);
534*b0d17251Schristos #endif
535*b0d17251Schristos if (nid == NID_undef)
536*b0d17251Schristos return 0;
537*b0d17251Schristos *ptype = nid;
538*b0d17251Schristos return 1;
539*b0d17251Schristos }
540*b0d17251Schristos
parse_expected_tmp_key_type(SSL_TEST_CTX * test_ctx,const char * value)541*b0d17251Schristos __owur static int parse_expected_tmp_key_type(SSL_TEST_CTX *test_ctx,
542*b0d17251Schristos const char *value)
543*b0d17251Schristos {
544*b0d17251Schristos return parse_expected_key_type(&test_ctx->expected_tmp_key_type, value);
545*b0d17251Schristos }
546*b0d17251Schristos
parse_expected_server_cert_type(SSL_TEST_CTX * test_ctx,const char * value)547*b0d17251Schristos __owur static int parse_expected_server_cert_type(SSL_TEST_CTX *test_ctx,
548*b0d17251Schristos const char *value)
549*b0d17251Schristos {
550*b0d17251Schristos return parse_expected_key_type(&test_ctx->expected_server_cert_type,
551*b0d17251Schristos value);
552*b0d17251Schristos }
553*b0d17251Schristos
parse_expected_server_sign_type(SSL_TEST_CTX * test_ctx,const char * value)554*b0d17251Schristos __owur static int parse_expected_server_sign_type(SSL_TEST_CTX *test_ctx,
555*b0d17251Schristos const char *value)
556*b0d17251Schristos {
557*b0d17251Schristos return parse_expected_key_type(&test_ctx->expected_server_sign_type,
558*b0d17251Schristos value);
559*b0d17251Schristos }
560*b0d17251Schristos
parse_expected_client_cert_type(SSL_TEST_CTX * test_ctx,const char * value)561*b0d17251Schristos __owur static int parse_expected_client_cert_type(SSL_TEST_CTX *test_ctx,
562*b0d17251Schristos const char *value)
563*b0d17251Schristos {
564*b0d17251Schristos return parse_expected_key_type(&test_ctx->expected_client_cert_type,
565*b0d17251Schristos value);
566*b0d17251Schristos }
567*b0d17251Schristos
parse_expected_client_sign_type(SSL_TEST_CTX * test_ctx,const char * value)568*b0d17251Schristos __owur static int parse_expected_client_sign_type(SSL_TEST_CTX *test_ctx,
569*b0d17251Schristos const char *value)
570*b0d17251Schristos {
571*b0d17251Schristos return parse_expected_key_type(&test_ctx->expected_client_sign_type,
572*b0d17251Schristos value);
573*b0d17251Schristos }
574*b0d17251Schristos
575*b0d17251Schristos
576*b0d17251Schristos /* Expected signing hash */
577*b0d17251Schristos
parse_expected_sign_hash(int * ptype,const char * value)578*b0d17251Schristos __owur static int parse_expected_sign_hash(int *ptype, const char *value)
579*b0d17251Schristos {
580*b0d17251Schristos int nid;
581*b0d17251Schristos
582*b0d17251Schristos if (value == NULL)
583*b0d17251Schristos return 0;
584*b0d17251Schristos nid = OBJ_sn2nid(value);
585*b0d17251Schristos if (nid == NID_undef)
586*b0d17251Schristos nid = OBJ_ln2nid(value);
587*b0d17251Schristos if (nid == NID_undef)
588*b0d17251Schristos return 0;
589*b0d17251Schristos *ptype = nid;
590*b0d17251Schristos return 1;
591*b0d17251Schristos }
592*b0d17251Schristos
parse_expected_server_sign_hash(SSL_TEST_CTX * test_ctx,const char * value)593*b0d17251Schristos __owur static int parse_expected_server_sign_hash(SSL_TEST_CTX *test_ctx,
594*b0d17251Schristos const char *value)
595*b0d17251Schristos {
596*b0d17251Schristos return parse_expected_sign_hash(&test_ctx->expected_server_sign_hash,
597*b0d17251Schristos value);
598*b0d17251Schristos }
599*b0d17251Schristos
parse_expected_client_sign_hash(SSL_TEST_CTX * test_ctx,const char * value)600*b0d17251Schristos __owur static int parse_expected_client_sign_hash(SSL_TEST_CTX *test_ctx,
601*b0d17251Schristos const char *value)
602*b0d17251Schristos {
603*b0d17251Schristos return parse_expected_sign_hash(&test_ctx->expected_client_sign_hash,
604*b0d17251Schristos value);
605*b0d17251Schristos }
606*b0d17251Schristos
parse_expected_ca_names(STACK_OF (X509_NAME)** pnames,const char * value,OSSL_LIB_CTX * libctx)607*b0d17251Schristos __owur static int parse_expected_ca_names(STACK_OF(X509_NAME) **pnames,
608*b0d17251Schristos const char *value,
609*b0d17251Schristos OSSL_LIB_CTX *libctx)
610*b0d17251Schristos {
611*b0d17251Schristos if (value == NULL)
612*b0d17251Schristos return 0;
613*b0d17251Schristos if (!strcmp(value, "empty"))
614*b0d17251Schristos *pnames = sk_X509_NAME_new_null();
615*b0d17251Schristos else
616*b0d17251Schristos *pnames = SSL_load_client_CA_file_ex(value, libctx, NULL);
617*b0d17251Schristos return *pnames != NULL;
618*b0d17251Schristos }
parse_expected_server_ca_names(SSL_TEST_CTX * test_ctx,const char * value)619*b0d17251Schristos __owur static int parse_expected_server_ca_names(SSL_TEST_CTX *test_ctx,
620*b0d17251Schristos const char *value)
621*b0d17251Schristos {
622*b0d17251Schristos return parse_expected_ca_names(&test_ctx->expected_server_ca_names, value,
623*b0d17251Schristos test_ctx->libctx);
624*b0d17251Schristos }
parse_expected_client_ca_names(SSL_TEST_CTX * test_ctx,const char * value)625*b0d17251Schristos __owur static int parse_expected_client_ca_names(SSL_TEST_CTX *test_ctx,
626*b0d17251Schristos const char *value)
627*b0d17251Schristos {
628*b0d17251Schristos return parse_expected_ca_names(&test_ctx->expected_client_ca_names, value,
629*b0d17251Schristos test_ctx->libctx);
630*b0d17251Schristos }
631*b0d17251Schristos
632*b0d17251Schristos /* ExpectedCipher */
633*b0d17251Schristos
634*b0d17251Schristos IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_cipher)
635*b0d17251Schristos
636*b0d17251Schristos /* Client and Server PHA */
637*b0d17251Schristos
638*b0d17251Schristos IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CLIENT_CONF, client, enable_pha)
639*b0d17251Schristos IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_SERVER_CONF, server, force_pha)
640*b0d17251Schristos IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CLIENT_CONF, client, no_extms_on_reneg)
641*b0d17251Schristos
642*b0d17251Schristos /* Known test options and their corresponding parse methods. */
643*b0d17251Schristos
644*b0d17251Schristos /* Top-level options. */
645*b0d17251Schristos typedef struct {
646*b0d17251Schristos const char *name;
647*b0d17251Schristos int (*parse)(SSL_TEST_CTX *test_ctx, const char *value);
648*b0d17251Schristos } ssl_test_ctx_option;
649*b0d17251Schristos
650*b0d17251Schristos static const ssl_test_ctx_option ssl_test_ctx_options[] = {
651*b0d17251Schristos { "ExpectedResult", &parse_expected_result },
652*b0d17251Schristos { "ExpectedClientAlert", &parse_client_alert },
653*b0d17251Schristos { "ExpectedServerAlert", &parse_server_alert },
654*b0d17251Schristos { "ExpectedProtocol", &parse_protocol },
655*b0d17251Schristos { "ExpectedServerName", &parse_expected_servername },
656*b0d17251Schristos { "SessionTicketExpected", &parse_session_ticket },
657*b0d17251Schristos { "CompressionExpected", &parse_test_compression_expected },
658*b0d17251Schristos { "SessionIdExpected", &parse_session_id },
659*b0d17251Schristos { "Method", &parse_test_method },
660*b0d17251Schristos { "ExpectedNPNProtocol", &parse_test_expected_npn_protocol },
661*b0d17251Schristos { "ExpectedALPNProtocol", &parse_test_expected_alpn_protocol },
662*b0d17251Schristos { "HandshakeMode", &parse_handshake_mode },
663*b0d17251Schristos { "KeyUpdateType", &parse_key_update_type },
664*b0d17251Schristos { "ResumptionExpected", &parse_test_resumption_expected },
665*b0d17251Schristos { "ApplicationData", &parse_test_app_data_size },
666*b0d17251Schristos { "MaxFragmentSize", &parse_test_max_fragment_size },
667*b0d17251Schristos { "ExpectedTmpKeyType", &parse_expected_tmp_key_type },
668*b0d17251Schristos { "ExpectedServerCertType", &parse_expected_server_cert_type },
669*b0d17251Schristos { "ExpectedServerSignHash", &parse_expected_server_sign_hash },
670*b0d17251Schristos { "ExpectedServerSignType", &parse_expected_server_sign_type },
671*b0d17251Schristos { "ExpectedServerCANames", &parse_expected_server_ca_names },
672*b0d17251Schristos { "ExpectedClientCertType", &parse_expected_client_cert_type },
673*b0d17251Schristos { "ExpectedClientSignHash", &parse_expected_client_sign_hash },
674*b0d17251Schristos { "ExpectedClientSignType", &parse_expected_client_sign_type },
675*b0d17251Schristos { "ExpectedClientCANames", &parse_expected_client_ca_names },
676*b0d17251Schristos { "UseSCTP", &parse_test_use_sctp },
677*b0d17251Schristos { "EnableClientSCTPLabelBug", &parse_test_enable_client_sctp_label_bug },
678*b0d17251Schristos { "EnableServerSCTPLabelBug", &parse_test_enable_server_sctp_label_bug },
679*b0d17251Schristos { "ExpectedCipher", &parse_test_expected_cipher },
680*b0d17251Schristos { "ExpectedSessionTicketAppData", &parse_test_expected_session_ticket_app_data },
681*b0d17251Schristos };
682*b0d17251Schristos
683*b0d17251Schristos /* Nested client options. */
684*b0d17251Schristos typedef struct {
685*b0d17251Schristos const char *name;
686*b0d17251Schristos int (*parse)(SSL_TEST_CLIENT_CONF *conf, const char *value);
687*b0d17251Schristos } ssl_test_client_option;
688*b0d17251Schristos
689*b0d17251Schristos static const ssl_test_client_option ssl_test_client_options[] = {
690*b0d17251Schristos { "VerifyCallback", &parse_client_verify_callback },
691*b0d17251Schristos { "ServerName", &parse_servername },
692*b0d17251Schristos { "NPNProtocols", &parse_client_npn_protocols },
693*b0d17251Schristos { "ALPNProtocols", &parse_client_alpn_protocols },
694*b0d17251Schristos { "CTValidation", &parse_ct_validation },
695*b0d17251Schristos { "RenegotiateCiphers", &parse_client_reneg_ciphers},
696*b0d17251Schristos { "SRPUser", &parse_client_srp_user },
697*b0d17251Schristos { "SRPPassword", &parse_client_srp_password },
698*b0d17251Schristos { "MaxFragmentLenExt", &parse_max_fragment_len_mode },
699*b0d17251Schristos { "EnablePHA", &parse_client_enable_pha },
700*b0d17251Schristos { "RenegotiateNoExtms", &parse_client_no_extms_on_reneg },
701*b0d17251Schristos };
702*b0d17251Schristos
703*b0d17251Schristos /* Nested server options. */
704*b0d17251Schristos typedef struct {
705*b0d17251Schristos const char *name;
706*b0d17251Schristos int (*parse)(SSL_TEST_SERVER_CONF *conf, const char *value);
707*b0d17251Schristos } ssl_test_server_option;
708*b0d17251Schristos
709*b0d17251Schristos static const ssl_test_server_option ssl_test_server_options[] = {
710*b0d17251Schristos { "ServerNameCallback", &parse_servername_callback },
711*b0d17251Schristos { "NPNProtocols", &parse_server_npn_protocols },
712*b0d17251Schristos { "ALPNProtocols", &parse_server_alpn_protocols },
713*b0d17251Schristos { "BrokenSessionTicket", &parse_server_broken_session_ticket },
714*b0d17251Schristos { "CertStatus", &parse_certstatus },
715*b0d17251Schristos { "SRPUser", &parse_server_srp_user },
716*b0d17251Schristos { "SRPPassword", &parse_server_srp_password },
717*b0d17251Schristos { "ForcePHA", &parse_server_force_pha },
718*b0d17251Schristos { "SessionTicketAppData", &parse_server_session_ticket_app_data },
719*b0d17251Schristos };
720*b0d17251Schristos
SSL_TEST_CTX_new(OSSL_LIB_CTX * libctx)721*b0d17251Schristos SSL_TEST_CTX *SSL_TEST_CTX_new(OSSL_LIB_CTX *libctx)
722*b0d17251Schristos {
723*b0d17251Schristos SSL_TEST_CTX *ret;
724*b0d17251Schristos
725*b0d17251Schristos /* The return code is checked by caller */
726*b0d17251Schristos if ((ret = OPENSSL_zalloc(sizeof(*ret))) != NULL) {
727*b0d17251Schristos ret->libctx = libctx;
728*b0d17251Schristos ret->app_data_size = default_app_data_size;
729*b0d17251Schristos ret->max_fragment_size = default_max_fragment_size;
730*b0d17251Schristos }
731*b0d17251Schristos return ret;
732*b0d17251Schristos }
733*b0d17251Schristos
ssl_test_extra_conf_free_data(SSL_TEST_EXTRA_CONF * conf)734*b0d17251Schristos static void ssl_test_extra_conf_free_data(SSL_TEST_EXTRA_CONF *conf)
735*b0d17251Schristos {
736*b0d17251Schristos OPENSSL_free(conf->client.npn_protocols);
737*b0d17251Schristos OPENSSL_free(conf->server.npn_protocols);
738*b0d17251Schristos OPENSSL_free(conf->server2.npn_protocols);
739*b0d17251Schristos OPENSSL_free(conf->client.alpn_protocols);
740*b0d17251Schristos OPENSSL_free(conf->server.alpn_protocols);
741*b0d17251Schristos OPENSSL_free(conf->server2.alpn_protocols);
742*b0d17251Schristos OPENSSL_free(conf->client.reneg_ciphers);
743*b0d17251Schristos OPENSSL_free(conf->server.srp_user);
744*b0d17251Schristos OPENSSL_free(conf->server.srp_password);
745*b0d17251Schristos OPENSSL_free(conf->server2.srp_user);
746*b0d17251Schristos OPENSSL_free(conf->server2.srp_password);
747*b0d17251Schristos OPENSSL_free(conf->client.srp_user);
748*b0d17251Schristos OPENSSL_free(conf->client.srp_password);
749*b0d17251Schristos OPENSSL_free(conf->server.session_ticket_app_data);
750*b0d17251Schristos OPENSSL_free(conf->server2.session_ticket_app_data);
751*b0d17251Schristos }
752*b0d17251Schristos
ssl_test_ctx_free_extra_data(SSL_TEST_CTX * ctx)753*b0d17251Schristos static void ssl_test_ctx_free_extra_data(SSL_TEST_CTX *ctx)
754*b0d17251Schristos {
755*b0d17251Schristos ssl_test_extra_conf_free_data(&ctx->extra);
756*b0d17251Schristos ssl_test_extra_conf_free_data(&ctx->resume_extra);
757*b0d17251Schristos }
758*b0d17251Schristos
SSL_TEST_CTX_free(SSL_TEST_CTX * ctx)759*b0d17251Schristos void SSL_TEST_CTX_free(SSL_TEST_CTX *ctx)
760*b0d17251Schristos {
761*b0d17251Schristos if (ctx == NULL)
762*b0d17251Schristos return;
763*b0d17251Schristos ssl_test_ctx_free_extra_data(ctx);
764*b0d17251Schristos OPENSSL_free(ctx->expected_npn_protocol);
765*b0d17251Schristos OPENSSL_free(ctx->expected_alpn_protocol);
766*b0d17251Schristos OPENSSL_free(ctx->expected_session_ticket_app_data);
767*b0d17251Schristos sk_X509_NAME_pop_free(ctx->expected_server_ca_names, X509_NAME_free);
768*b0d17251Schristos sk_X509_NAME_pop_free(ctx->expected_client_ca_names, X509_NAME_free);
769*b0d17251Schristos OPENSSL_free(ctx->expected_cipher);
770*b0d17251Schristos OPENSSL_free(ctx);
771*b0d17251Schristos }
772*b0d17251Schristos
parse_client_options(SSL_TEST_CLIENT_CONF * client,const CONF * conf,const char * client_section)773*b0d17251Schristos static int parse_client_options(SSL_TEST_CLIENT_CONF *client, const CONF *conf,
774*b0d17251Schristos const char *client_section)
775*b0d17251Schristos {
776*b0d17251Schristos STACK_OF(CONF_VALUE) *sk_conf;
777*b0d17251Schristos int i;
778*b0d17251Schristos size_t j;
779*b0d17251Schristos
780*b0d17251Schristos if (!TEST_ptr(sk_conf = NCONF_get_section(conf, client_section)))
781*b0d17251Schristos return 0;
782*b0d17251Schristos
783*b0d17251Schristos for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) {
784*b0d17251Schristos int found = 0;
785*b0d17251Schristos const CONF_VALUE *option = sk_CONF_VALUE_value(sk_conf, i);
786*b0d17251Schristos for (j = 0; j < OSSL_NELEM(ssl_test_client_options); j++) {
787*b0d17251Schristos if (strcmp(option->name, ssl_test_client_options[j].name) == 0) {
788*b0d17251Schristos if (!ssl_test_client_options[j].parse(client, option->value)) {
789*b0d17251Schristos TEST_info("Bad value %s for option %s",
790*b0d17251Schristos option->value, option->name);
791*b0d17251Schristos return 0;
792*b0d17251Schristos }
793*b0d17251Schristos found = 1;
794*b0d17251Schristos break;
795*b0d17251Schristos }
796*b0d17251Schristos }
797*b0d17251Schristos if (!found) {
798*b0d17251Schristos TEST_info("Unknown test option: %s", option->name);
799*b0d17251Schristos return 0;
800*b0d17251Schristos }
801*b0d17251Schristos }
802*b0d17251Schristos
803*b0d17251Schristos return 1;
804*b0d17251Schristos }
805*b0d17251Schristos
parse_server_options(SSL_TEST_SERVER_CONF * server,const CONF * conf,const char * server_section)806*b0d17251Schristos static int parse_server_options(SSL_TEST_SERVER_CONF *server, const CONF *conf,
807*b0d17251Schristos const char *server_section)
808*b0d17251Schristos {
809*b0d17251Schristos STACK_OF(CONF_VALUE) *sk_conf;
810*b0d17251Schristos int i;
811*b0d17251Schristos size_t j;
812*b0d17251Schristos
813*b0d17251Schristos if (!TEST_ptr(sk_conf = NCONF_get_section(conf, server_section)))
814*b0d17251Schristos return 0;
815*b0d17251Schristos
816*b0d17251Schristos for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) {
817*b0d17251Schristos int found = 0;
818*b0d17251Schristos const CONF_VALUE *option = sk_CONF_VALUE_value(sk_conf, i);
819*b0d17251Schristos for (j = 0; j < OSSL_NELEM(ssl_test_server_options); j++) {
820*b0d17251Schristos if (strcmp(option->name, ssl_test_server_options[j].name) == 0) {
821*b0d17251Schristos if (!ssl_test_server_options[j].parse(server, option->value)) {
822*b0d17251Schristos TEST_info("Bad value %s for option %s",
823*b0d17251Schristos option->value, option->name);
824*b0d17251Schristos return 0;
825*b0d17251Schristos }
826*b0d17251Schristos found = 1;
827*b0d17251Schristos break;
828*b0d17251Schristos }
829*b0d17251Schristos }
830*b0d17251Schristos if (!found) {
831*b0d17251Schristos TEST_info("Unknown test option: %s", option->name);
832*b0d17251Schristos return 0;
833*b0d17251Schristos }
834*b0d17251Schristos }
835*b0d17251Schristos
836*b0d17251Schristos return 1;
837*b0d17251Schristos }
838*b0d17251Schristos
SSL_TEST_CTX_create(const CONF * conf,const char * test_section,OSSL_LIB_CTX * libctx)839*b0d17251Schristos SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section,
840*b0d17251Schristos OSSL_LIB_CTX *libctx)
841*b0d17251Schristos {
842*b0d17251Schristos STACK_OF(CONF_VALUE) *sk_conf = NULL;
843*b0d17251Schristos SSL_TEST_CTX *ctx = NULL;
844*b0d17251Schristos int i;
845*b0d17251Schristos size_t j;
846*b0d17251Schristos
847*b0d17251Schristos if (!TEST_ptr(sk_conf = NCONF_get_section(conf, test_section))
848*b0d17251Schristos || !TEST_ptr(ctx = SSL_TEST_CTX_new(libctx)))
849*b0d17251Schristos goto err;
850*b0d17251Schristos
851*b0d17251Schristos for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) {
852*b0d17251Schristos int found = 0;
853*b0d17251Schristos const CONF_VALUE *option = sk_CONF_VALUE_value(sk_conf, i);
854*b0d17251Schristos
855*b0d17251Schristos /* Subsections */
856*b0d17251Schristos if (strcmp(option->name, "client") == 0) {
857*b0d17251Schristos if (!parse_client_options(&ctx->extra.client, conf, option->value))
858*b0d17251Schristos goto err;
859*b0d17251Schristos } else if (strcmp(option->name, "server") == 0) {
860*b0d17251Schristos if (!parse_server_options(&ctx->extra.server, conf, option->value))
861*b0d17251Schristos goto err;
862*b0d17251Schristos } else if (strcmp(option->name, "server2") == 0) {
863*b0d17251Schristos if (!parse_server_options(&ctx->extra.server2, conf, option->value))
864*b0d17251Schristos goto err;
865*b0d17251Schristos } else if (strcmp(option->name, "resume-client") == 0) {
866*b0d17251Schristos if (!parse_client_options(&ctx->resume_extra.client, conf,
867*b0d17251Schristos option->value))
868*b0d17251Schristos goto err;
869*b0d17251Schristos } else if (strcmp(option->name, "resume-server") == 0) {
870*b0d17251Schristos if (!parse_server_options(&ctx->resume_extra.server, conf,
871*b0d17251Schristos option->value))
872*b0d17251Schristos goto err;
873*b0d17251Schristos } else if (strcmp(option->name, "resume-server2") == 0) {
874*b0d17251Schristos if (!parse_server_options(&ctx->resume_extra.server2, conf,
875*b0d17251Schristos option->value))
876*b0d17251Schristos goto err;
877*b0d17251Schristos } else {
878*b0d17251Schristos for (j = 0; j < OSSL_NELEM(ssl_test_ctx_options); j++) {
879*b0d17251Schristos if (strcmp(option->name, ssl_test_ctx_options[j].name) == 0) {
880*b0d17251Schristos if (!ssl_test_ctx_options[j].parse(ctx, option->value)) {
881*b0d17251Schristos TEST_info("Bad value %s for option %s",
882*b0d17251Schristos option->value, option->name);
883*b0d17251Schristos goto err;
884*b0d17251Schristos }
885*b0d17251Schristos found = 1;
886*b0d17251Schristos break;
887*b0d17251Schristos }
888*b0d17251Schristos }
889*b0d17251Schristos if (!found) {
890*b0d17251Schristos TEST_info("Unknown test option: %s", option->name);
891*b0d17251Schristos goto err;
892*b0d17251Schristos }
893*b0d17251Schristos }
894*b0d17251Schristos }
895*b0d17251Schristos
896*b0d17251Schristos goto done;
897*b0d17251Schristos
898*b0d17251Schristos err:
899*b0d17251Schristos SSL_TEST_CTX_free(ctx);
900*b0d17251Schristos ctx = NULL;
901*b0d17251Schristos done:
902*b0d17251Schristos return ctx;
903*b0d17251Schristos }
904