1/* 2 * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10/* 11 * Ideally, CONF should offer standard parsing methods and cover them 12 * in tests. But since we have no CONF tests, we use a custom test for now. 13 */ 14 15#include <stdio.h> 16#include <string.h> 17 18#include "internal/nelem.h" 19#include "helpers/ssl_test_ctx.h" 20#include "testutil.h" 21#include <openssl/e_os2.h> 22#include <openssl/err.h> 23#include <openssl/conf.h> 24#include <openssl/ssl.h> 25 26static CONF *conf = NULL; 27 28typedef struct ssl_test_ctx_test_fixture { 29 const char *test_case_name; 30 const char *test_section; 31 /* Expected parsed configuration. */ 32 SSL_TEST_CTX *expected_ctx; 33} SSL_TEST_CTX_TEST_FIXTURE; 34 35 36static int clientconf_eq(SSL_TEST_CLIENT_CONF *conf1, 37 SSL_TEST_CLIENT_CONF *conf2) 38{ 39 if (!TEST_int_eq(conf1->verify_callback, conf2->verify_callback) 40 || !TEST_int_eq(conf1->servername, conf2->servername) 41 || !TEST_str_eq(conf1->npn_protocols, conf2->npn_protocols) 42 || !TEST_str_eq(conf1->alpn_protocols, conf2->alpn_protocols) 43 || !TEST_int_eq(conf1->ct_validation, conf2->ct_validation) 44 || !TEST_int_eq(conf1->max_fragment_len_mode, 45 conf2->max_fragment_len_mode)) 46 return 0; 47 return 1; 48} 49 50static int serverconf_eq(SSL_TEST_SERVER_CONF *serv, 51 SSL_TEST_SERVER_CONF *serv2) 52{ 53 if (!TEST_int_eq(serv->servername_callback, serv2->servername_callback) 54 || !TEST_str_eq(serv->npn_protocols, serv2->npn_protocols) 55 || !TEST_str_eq(serv->alpn_protocols, serv2->alpn_protocols) 56 || !TEST_int_eq(serv->broken_session_ticket, 57 serv2->broken_session_ticket) 58 || !TEST_str_eq(serv->session_ticket_app_data, 59 serv2->session_ticket_app_data) 60 || !TEST_int_eq(serv->cert_status, serv2->cert_status)) 61 return 0; 62 return 1; 63} 64 65static int extraconf_eq(SSL_TEST_EXTRA_CONF *extra, 66 SSL_TEST_EXTRA_CONF *extra2) 67{ 68 if (!TEST_true(clientconf_eq(&extra->client, &extra2->client)) 69 || !TEST_true(serverconf_eq(&extra->server, &extra2->server)) 70 || !TEST_true(serverconf_eq(&extra->server2, &extra2->server2))) 71 return 0; 72 return 1; 73} 74 75static int testctx_eq(SSL_TEST_CTX *ctx, SSL_TEST_CTX *ctx2) 76{ 77 if (!TEST_int_eq(ctx->method, ctx2->method) 78 || !TEST_int_eq(ctx->handshake_mode, ctx2->handshake_mode) 79 || !TEST_int_eq(ctx->app_data_size, ctx2->app_data_size) 80 || !TEST_int_eq(ctx->max_fragment_size, ctx2->max_fragment_size) 81 || !extraconf_eq(&ctx->extra, &ctx2->extra) 82 || !extraconf_eq(&ctx->resume_extra, &ctx2->resume_extra) 83 || !TEST_int_eq(ctx->expected_result, ctx2->expected_result) 84 || !TEST_int_eq(ctx->expected_client_alert, 85 ctx2->expected_client_alert) 86 || !TEST_int_eq(ctx->expected_server_alert, 87 ctx2->expected_server_alert) 88 || !TEST_int_eq(ctx->expected_protocol, ctx2->expected_protocol) 89 || !TEST_int_eq(ctx->expected_servername, ctx2->expected_servername) 90 || !TEST_int_eq(ctx->session_ticket_expected, 91 ctx2->session_ticket_expected) 92 || !TEST_int_eq(ctx->compression_expected, 93 ctx2->compression_expected) 94 || !TEST_str_eq(ctx->expected_npn_protocol, 95 ctx2->expected_npn_protocol) 96 || !TEST_str_eq(ctx->expected_alpn_protocol, 97 ctx2->expected_alpn_protocol) 98 || !TEST_str_eq(ctx->expected_cipher, 99 ctx2->expected_cipher) 100 || !TEST_str_eq(ctx->expected_session_ticket_app_data, 101 ctx2->expected_session_ticket_app_data) 102 || !TEST_int_eq(ctx->resumption_expected, 103 ctx2->resumption_expected) 104 || !TEST_int_eq(ctx->session_id_expected, 105 ctx2->session_id_expected)) 106 return 0; 107 return 1; 108} 109 110static SSL_TEST_CTX_TEST_FIXTURE *set_up(const char *const test_case_name) 111{ 112 SSL_TEST_CTX_TEST_FIXTURE *fixture; 113 114 if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture)))) 115 return NULL; 116 fixture->test_case_name = test_case_name; 117 if (!TEST_ptr(fixture->expected_ctx = SSL_TEST_CTX_new(NULL))) { 118 OPENSSL_free(fixture); 119 return NULL; 120 } 121 return fixture; 122} 123 124static int execute_test(SSL_TEST_CTX_TEST_FIXTURE *fixture) 125{ 126 int success = 0; 127 SSL_TEST_CTX *ctx; 128 129 if (!TEST_ptr(ctx = SSL_TEST_CTX_create(conf, fixture->test_section, 130 fixture->expected_ctx->libctx)) 131 || !testctx_eq(ctx, fixture->expected_ctx)) 132 goto err; 133 134 success = 1; 135 err: 136 SSL_TEST_CTX_free(ctx); 137 return success; 138} 139 140static void tear_down(SSL_TEST_CTX_TEST_FIXTURE *fixture) 141{ 142 SSL_TEST_CTX_free(fixture->expected_ctx); 143 OPENSSL_free(fixture); 144} 145 146#define SETUP_SSL_TEST_CTX_TEST_FIXTURE() \ 147 SETUP_TEST_FIXTURE(SSL_TEST_CTX_TEST_FIXTURE, set_up); 148#define EXECUTE_SSL_TEST_CTX_TEST() \ 149 EXECUTE_TEST(execute_test, tear_down) 150 151static int test_empty_configuration(void) 152{ 153 SETUP_SSL_TEST_CTX_TEST_FIXTURE(); 154 fixture->test_section = "ssltest_default"; 155 fixture->expected_ctx->expected_result = SSL_TEST_SUCCESS; 156 EXECUTE_SSL_TEST_CTX_TEST(); 157 return result; 158} 159 160static int test_good_configuration(void) 161{ 162 SETUP_SSL_TEST_CTX_TEST_FIXTURE(); 163 fixture->test_section = "ssltest_good"; 164 fixture->expected_ctx->method = SSL_TEST_METHOD_DTLS; 165 fixture->expected_ctx->handshake_mode = SSL_TEST_HANDSHAKE_RESUME; 166 fixture->expected_ctx->app_data_size = 1024; 167 fixture->expected_ctx->max_fragment_size = 2048; 168 169 fixture->expected_ctx->expected_result = SSL_TEST_SERVER_FAIL; 170 fixture->expected_ctx->expected_client_alert = SSL_AD_UNKNOWN_CA; 171 fixture->expected_ctx->expected_server_alert = 0; /* No alert. */ 172 fixture->expected_ctx->expected_protocol = TLS1_1_VERSION; 173 fixture->expected_ctx->expected_servername = SSL_TEST_SERVERNAME_SERVER2; 174 fixture->expected_ctx->session_ticket_expected = SSL_TEST_SESSION_TICKET_YES; 175 fixture->expected_ctx->compression_expected = SSL_TEST_COMPRESSION_NO; 176 fixture->expected_ctx->session_id_expected = SSL_TEST_SESSION_ID_IGNORE; 177 fixture->expected_ctx->resumption_expected = 1; 178 179 fixture->expected_ctx->extra.client.verify_callback = 180 SSL_TEST_VERIFY_REJECT_ALL; 181 fixture->expected_ctx->extra.client.servername = SSL_TEST_SERVERNAME_SERVER2; 182 fixture->expected_ctx->extra.client.npn_protocols = 183 OPENSSL_strdup("foo,bar"); 184 if (!TEST_ptr(fixture->expected_ctx->extra.client.npn_protocols)) 185 goto err; 186 fixture->expected_ctx->extra.client.max_fragment_len_mode = 0; 187 188 fixture->expected_ctx->extra.server.servername_callback = 189 SSL_TEST_SERVERNAME_IGNORE_MISMATCH; 190 fixture->expected_ctx->extra.server.broken_session_ticket = 1; 191 192 fixture->expected_ctx->resume_extra.server2.alpn_protocols = 193 OPENSSL_strdup("baz"); 194 if (!TEST_ptr(fixture->expected_ctx->resume_extra.server2.alpn_protocols)) 195 goto err; 196 197 fixture->expected_ctx->resume_extra.client.ct_validation = 198 SSL_TEST_CT_VALIDATION_STRICT; 199 200 EXECUTE_SSL_TEST_CTX_TEST(); 201 return result; 202 203err: 204 tear_down(fixture); 205 return 0; 206} 207 208static const char *bad_configurations[] = { 209 "ssltest_unknown_option", 210 "ssltest_wrong_section", 211 "ssltest_unknown_expected_result", 212 "ssltest_unknown_alert", 213 "ssltest_unknown_protocol", 214 "ssltest_unknown_verify_callback", 215 "ssltest_unknown_servername", 216 "ssltest_unknown_servername_callback", 217 "ssltest_unknown_session_ticket_expected", 218 "ssltest_unknown_compression_expected", 219 "ssltest_unknown_session_id_expected", 220 "ssltest_unknown_method", 221 "ssltest_unknown_handshake_mode", 222 "ssltest_unknown_resumption_expected", 223 "ssltest_unknown_ct_validation", 224 "ssltest_invalid_max_fragment_len", 225}; 226 227static int test_bad_configuration(int idx) 228{ 229 SSL_TEST_CTX *ctx; 230 231 if (!TEST_ptr_null(ctx = SSL_TEST_CTX_create(conf, 232 bad_configurations[idx], NULL))) { 233 SSL_TEST_CTX_free(ctx); 234 return 0; 235 } 236 237 return 1; 238} 239 240OPT_TEST_DECLARE_USAGE("conf_file\n") 241 242int setup_tests(void) 243{ 244 if (!test_skip_common_options()) { 245 TEST_error("Error parsing test options\n"); 246 return 0; 247 } 248 249 if (!TEST_ptr(conf = NCONF_new(NULL))) 250 return 0; 251 /* argument should point to test/ssl_test_ctx_test.cnf */ 252 if (!TEST_int_gt(NCONF_load(conf, test_get_argument(0), NULL), 0)) 253 return 0; 254 255 ADD_TEST(test_empty_configuration); 256 ADD_TEST(test_good_configuration); 257 ADD_ALL_TESTS(test_bad_configuration, OSSL_NELEM(bad_configurations)); 258 return 1; 259} 260 261void cleanup_tests(void) 262{ 263 NCONF_free(conf); 264} 265