1 /* 2 * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* 11 * Ideally, CONF should offer standard parsing methods and cover them 12 * in tests. But since we have no CONF tests, we use a custom test for now. 13 */ 14 15 #include <stdio.h> 16 #include <string.h> 17 18 #include "internal/nelem.h" 19 #include "helpers/ssl_test_ctx.h" 20 #include "testutil.h" 21 #include <openssl/e_os2.h> 22 #include <openssl/err.h> 23 #include <openssl/conf.h> 24 #include <openssl/ssl.h> 25 26 static CONF *conf = NULL; 27 28 typedef struct ssl_test_ctx_test_fixture { 29 const char *test_case_name; 30 const char *test_section; 31 /* Expected parsed configuration. */ 32 SSL_TEST_CTX *expected_ctx; 33 } SSL_TEST_CTX_TEST_FIXTURE; 34 35 static int clientconf_eq(SSL_TEST_CLIENT_CONF *conf1, 36 SSL_TEST_CLIENT_CONF *conf2) 37 { 38 if (!TEST_int_eq(conf1->verify_callback, conf2->verify_callback) 39 || !TEST_int_eq(conf1->servername, conf2->servername) 40 || !TEST_str_eq(conf1->npn_protocols, conf2->npn_protocols) 41 || !TEST_str_eq(conf1->alpn_protocols, conf2->alpn_protocols) 42 || !TEST_int_eq(conf1->ct_validation, conf2->ct_validation) 43 || !TEST_int_eq(conf1->max_fragment_len_mode, 44 conf2->max_fragment_len_mode)) 45 return 0; 46 return 1; 47 } 48 49 static int serverconf_eq(SSL_TEST_SERVER_CONF *serv, 50 SSL_TEST_SERVER_CONF *serv2) 51 { 52 if (!TEST_int_eq(serv->servername_callback, serv2->servername_callback) 53 || !TEST_str_eq(serv->npn_protocols, serv2->npn_protocols) 54 || !TEST_str_eq(serv->alpn_protocols, serv2->alpn_protocols) 55 || !TEST_int_eq(serv->broken_session_ticket, 56 serv2->broken_session_ticket) 57 || !TEST_str_eq(serv->session_ticket_app_data, 58 serv2->session_ticket_app_data) 59 || !TEST_int_eq(serv->cert_status, serv2->cert_status)) 60 return 0; 61 return 1; 62 } 63 64 static int extraconf_eq(SSL_TEST_EXTRA_CONF *extra, 65 SSL_TEST_EXTRA_CONF *extra2) 66 { 67 if (!TEST_true(clientconf_eq(&extra->client, &extra2->client)) 68 || !TEST_true(serverconf_eq(&extra->server, &extra2->server)) 69 || !TEST_true(serverconf_eq(&extra->server2, &extra2->server2))) 70 return 0; 71 return 1; 72 } 73 74 static int testctx_eq(SSL_TEST_CTX *ctx, SSL_TEST_CTX *ctx2) 75 { 76 if (!TEST_int_eq(ctx->method, ctx2->method) 77 || !TEST_int_eq(ctx->handshake_mode, ctx2->handshake_mode) 78 || !TEST_int_eq(ctx->app_data_size, ctx2->app_data_size) 79 || !TEST_int_eq(ctx->max_fragment_size, ctx2->max_fragment_size) 80 || !extraconf_eq(&ctx->extra, &ctx2->extra) 81 || !extraconf_eq(&ctx->resume_extra, &ctx2->resume_extra) 82 || !TEST_int_eq(ctx->expected_result, ctx2->expected_result) 83 || !TEST_int_eq(ctx->expected_client_alert, 84 ctx2->expected_client_alert) 85 || !TEST_int_eq(ctx->expected_server_alert, 86 ctx2->expected_server_alert) 87 || !TEST_int_eq(ctx->expected_protocol, ctx2->expected_protocol) 88 || !TEST_int_eq(ctx->expected_servername, ctx2->expected_servername) 89 || !TEST_int_eq(ctx->session_ticket_expected, 90 ctx2->session_ticket_expected) 91 || !TEST_int_eq(ctx->compression_expected, 92 ctx2->compression_expected) 93 || !TEST_str_eq(ctx->expected_npn_protocol, 94 ctx2->expected_npn_protocol) 95 || !TEST_str_eq(ctx->expected_alpn_protocol, 96 ctx2->expected_alpn_protocol) 97 || !TEST_str_eq(ctx->expected_cipher, 98 ctx2->expected_cipher) 99 || !TEST_str_eq(ctx->expected_session_ticket_app_data, 100 ctx2->expected_session_ticket_app_data) 101 || !TEST_int_eq(ctx->resumption_expected, 102 ctx2->resumption_expected) 103 || !TEST_int_eq(ctx->session_id_expected, 104 ctx2->session_id_expected)) 105 return 0; 106 return 1; 107 } 108 109 static SSL_TEST_CTX_TEST_FIXTURE *set_up(const char *const test_case_name) 110 { 111 SSL_TEST_CTX_TEST_FIXTURE *fixture; 112 113 if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture)))) 114 return NULL; 115 fixture->test_case_name = test_case_name; 116 if (!TEST_ptr(fixture->expected_ctx = SSL_TEST_CTX_new(NULL))) { 117 OPENSSL_free(fixture); 118 return NULL; 119 } 120 return fixture; 121 } 122 123 static int execute_test(SSL_TEST_CTX_TEST_FIXTURE *fixture) 124 { 125 int success = 0; 126 SSL_TEST_CTX *ctx; 127 128 if (!TEST_ptr(ctx = SSL_TEST_CTX_create(conf, fixture->test_section, 129 fixture->expected_ctx->libctx)) 130 || !testctx_eq(ctx, fixture->expected_ctx)) 131 goto err; 132 133 success = 1; 134 err: 135 SSL_TEST_CTX_free(ctx); 136 return success; 137 } 138 139 static void tear_down(SSL_TEST_CTX_TEST_FIXTURE *fixture) 140 { 141 SSL_TEST_CTX_free(fixture->expected_ctx); 142 OPENSSL_free(fixture); 143 } 144 145 #define SETUP_SSL_TEST_CTX_TEST_FIXTURE() \ 146 SETUP_TEST_FIXTURE(SSL_TEST_CTX_TEST_FIXTURE, set_up); 147 #define EXECUTE_SSL_TEST_CTX_TEST() \ 148 EXECUTE_TEST(execute_test, tear_down) 149 150 static int test_empty_configuration(void) 151 { 152 SETUP_SSL_TEST_CTX_TEST_FIXTURE(); 153 fixture->test_section = "ssltest_default"; 154 fixture->expected_ctx->expected_result = SSL_TEST_SUCCESS; 155 EXECUTE_SSL_TEST_CTX_TEST(); 156 return result; 157 } 158 159 static int test_good_configuration(void) 160 { 161 SETUP_SSL_TEST_CTX_TEST_FIXTURE(); 162 fixture->test_section = "ssltest_good"; 163 fixture->expected_ctx->method = SSL_TEST_METHOD_DTLS; 164 fixture->expected_ctx->handshake_mode = SSL_TEST_HANDSHAKE_RESUME; 165 fixture->expected_ctx->app_data_size = 1024; 166 fixture->expected_ctx->max_fragment_size = 2048; 167 168 fixture->expected_ctx->expected_result = SSL_TEST_SERVER_FAIL; 169 fixture->expected_ctx->expected_client_alert = SSL_AD_UNKNOWN_CA; 170 fixture->expected_ctx->expected_server_alert = 0; /* No alert. */ 171 fixture->expected_ctx->expected_protocol = TLS1_1_VERSION; 172 fixture->expected_ctx->expected_servername = SSL_TEST_SERVERNAME_SERVER2; 173 fixture->expected_ctx->session_ticket_expected = SSL_TEST_SESSION_TICKET_YES; 174 fixture->expected_ctx->compression_expected = SSL_TEST_COMPRESSION_NO; 175 fixture->expected_ctx->session_id_expected = SSL_TEST_SESSION_ID_IGNORE; 176 fixture->expected_ctx->resumption_expected = 1; 177 178 fixture->expected_ctx->extra.client.verify_callback = SSL_TEST_VERIFY_REJECT_ALL; 179 fixture->expected_ctx->extra.client.servername = SSL_TEST_SERVERNAME_SERVER2; 180 fixture->expected_ctx->extra.client.npn_protocols = OPENSSL_strdup("foo,bar"); 181 if (!TEST_ptr(fixture->expected_ctx->extra.client.npn_protocols)) 182 goto err; 183 fixture->expected_ctx->extra.client.max_fragment_len_mode = 0; 184 185 fixture->expected_ctx->extra.server.servername_callback = SSL_TEST_SERVERNAME_IGNORE_MISMATCH; 186 fixture->expected_ctx->extra.server.broken_session_ticket = 1; 187 188 fixture->expected_ctx->resume_extra.server2.alpn_protocols = OPENSSL_strdup("baz"); 189 if (!TEST_ptr(fixture->expected_ctx->resume_extra.server2.alpn_protocols)) 190 goto err; 191 192 fixture->expected_ctx->resume_extra.client.ct_validation = SSL_TEST_CT_VALIDATION_STRICT; 193 194 EXECUTE_SSL_TEST_CTX_TEST(); 195 return result; 196 197 err: 198 tear_down(fixture); 199 return 0; 200 } 201 202 static const char *bad_configurations[] = { 203 "ssltest_unknown_option", 204 "ssltest_wrong_section", 205 "ssltest_unknown_expected_result", 206 "ssltest_unknown_alert", 207 "ssltest_unknown_protocol", 208 "ssltest_unknown_verify_callback", 209 "ssltest_unknown_servername", 210 "ssltest_unknown_servername_callback", 211 "ssltest_unknown_session_ticket_expected", 212 "ssltest_unknown_compression_expected", 213 "ssltest_unknown_session_id_expected", 214 "ssltest_unknown_method", 215 "ssltest_unknown_handshake_mode", 216 "ssltest_unknown_resumption_expected", 217 "ssltest_unknown_ct_validation", 218 "ssltest_invalid_max_fragment_len", 219 }; 220 221 static int test_bad_configuration(int idx) 222 { 223 SSL_TEST_CTX *ctx; 224 225 if (!TEST_ptr_null(ctx = SSL_TEST_CTX_create(conf, 226 bad_configurations[idx], NULL))) { 227 SSL_TEST_CTX_free(ctx); 228 return 0; 229 } 230 231 return 1; 232 } 233 234 OPT_TEST_DECLARE_USAGE("conf_file\n") 235 236 int setup_tests(void) 237 { 238 if (!test_skip_common_options()) { 239 TEST_error("Error parsing test options\n"); 240 return 0; 241 } 242 243 if (!TEST_ptr(conf = NCONF_new(NULL))) 244 return 0; 245 /* argument should point to test/ssl_test_ctx_test.cnf */ 246 if (!TEST_int_gt(NCONF_load(conf, test_get_argument(0), NULL), 0)) 247 return 0; 248 249 ADD_TEST(test_empty_configuration); 250 ADD_TEST(test_good_configuration); 251 ADD_ALL_TESTS(test_bad_configuration, OSSL_NELEM(bad_configurations)); 252 return 1; 253 } 254 255 void cleanup_tests(void) 256 { 257 NCONF_free(conf); 258 } 259
Indexes created Mon Mar 02 05:31:46 UTC 2026