1*e0c4386eSCy Schubert /*
2*e0c4386eSCy Schubert * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
3*e0c4386eSCy Schubert *
4*e0c4386eSCy Schubert * Licensed under the Apache License 2.0 (the "License"). You may not use
5*e0c4386eSCy Schubert * this file except in compliance with the License. You can obtain a copy
6*e0c4386eSCy Schubert * in the file LICENSE in the source distribution or at
7*e0c4386eSCy Schubert * https://www.openssl.org/source/license.html
8*e0c4386eSCy Schubert */
9*e0c4386eSCy Schubert
10*e0c4386eSCy Schubert #include <string.h>
11*e0c4386eSCy Schubert
12*e0c4386eSCy Schubert #include <openssl/e_os2.h>
13*e0c4386eSCy Schubert #include <openssl/crypto.h>
14*e0c4386eSCy Schubert
15*e0c4386eSCy Schubert #include "internal/nelem.h"
16*e0c4386eSCy Schubert #include "ssl_test_ctx.h"
17*e0c4386eSCy Schubert #include "../testutil.h"
18*e0c4386eSCy Schubert
19*e0c4386eSCy Schubert static const int default_app_data_size = 256;
20*e0c4386eSCy Schubert /* Default set to be as small as possible to exercise fragmentation. */
21*e0c4386eSCy Schubert static const int default_max_fragment_size = 512;
22*e0c4386eSCy Schubert
parse_boolean(const char * value,int * result)23*e0c4386eSCy Schubert static int parse_boolean(const char *value, int *result)
24*e0c4386eSCy Schubert {
25*e0c4386eSCy Schubert if (OPENSSL_strcasecmp(value, "Yes") == 0) {
26*e0c4386eSCy Schubert *result = 1;
27*e0c4386eSCy Schubert return 1;
28*e0c4386eSCy Schubert }
29*e0c4386eSCy Schubert else if (OPENSSL_strcasecmp(value, "No") == 0) {
30*e0c4386eSCy Schubert *result = 0;
31*e0c4386eSCy Schubert return 1;
32*e0c4386eSCy Schubert }
33*e0c4386eSCy Schubert TEST_error("parse_boolean given: '%s'", value);
34*e0c4386eSCy Schubert return 0;
35*e0c4386eSCy Schubert }
36*e0c4386eSCy Schubert
37*e0c4386eSCy Schubert #define IMPLEMENT_SSL_TEST_BOOL_OPTION(struct_type, name, field) \
38*e0c4386eSCy Schubert static int parse_##name##_##field(struct_type *ctx, const char *value) \
39*e0c4386eSCy Schubert { \
40*e0c4386eSCy Schubert return parse_boolean(value, &ctx->field); \
41*e0c4386eSCy Schubert }
42*e0c4386eSCy Schubert
43*e0c4386eSCy Schubert #define IMPLEMENT_SSL_TEST_STRING_OPTION(struct_type, name, field) \
44*e0c4386eSCy Schubert static int parse_##name##_##field(struct_type *ctx, const char *value) \
45*e0c4386eSCy Schubert { \
46*e0c4386eSCy Schubert OPENSSL_free(ctx->field); \
47*e0c4386eSCy Schubert ctx->field = OPENSSL_strdup(value); \
48*e0c4386eSCy Schubert return TEST_ptr(ctx->field); \
49*e0c4386eSCy Schubert }
50*e0c4386eSCy Schubert
51*e0c4386eSCy Schubert #define IMPLEMENT_SSL_TEST_INT_OPTION(struct_type, name, field) \
52*e0c4386eSCy Schubert static int parse_##name##_##field(struct_type *ctx, const char *value) \
53*e0c4386eSCy Schubert { \
54*e0c4386eSCy Schubert ctx->field = atoi(value); \
55*e0c4386eSCy Schubert return 1; \
56*e0c4386eSCy Schubert }
57*e0c4386eSCy Schubert
58*e0c4386eSCy Schubert /* True enums and other test configuration values that map to an int. */
59*e0c4386eSCy Schubert typedef struct {
60*e0c4386eSCy Schubert const char *name;
61*e0c4386eSCy Schubert int value;
62*e0c4386eSCy Schubert } test_enum;
63*e0c4386eSCy Schubert
64*e0c4386eSCy Schubert
parse_enum(const test_enum * enums,size_t num_enums,int * value,const char * name)65*e0c4386eSCy Schubert __owur static int parse_enum(const test_enum *enums, size_t num_enums,
66*e0c4386eSCy Schubert int *value, const char *name)
67*e0c4386eSCy Schubert {
68*e0c4386eSCy Schubert size_t i;
69*e0c4386eSCy Schubert for (i = 0; i < num_enums; i++) {
70*e0c4386eSCy Schubert if (strcmp(enums[i].name, name) == 0) {
71*e0c4386eSCy Schubert *value = enums[i].value;
72*e0c4386eSCy Schubert return 1;
73*e0c4386eSCy Schubert }
74*e0c4386eSCy Schubert }
75*e0c4386eSCy Schubert return 0;
76*e0c4386eSCy Schubert }
77*e0c4386eSCy Schubert
enum_name(const test_enum * enums,size_t num_enums,int value)78*e0c4386eSCy Schubert static const char *enum_name(const test_enum *enums, size_t num_enums,
79*e0c4386eSCy Schubert int value)
80*e0c4386eSCy Schubert {
81*e0c4386eSCy Schubert size_t i;
82*e0c4386eSCy Schubert for (i = 0; i < num_enums; i++) {
83*e0c4386eSCy Schubert if (enums[i].value == value) {
84*e0c4386eSCy Schubert return enums[i].name;
85*e0c4386eSCy Schubert }
86*e0c4386eSCy Schubert }
87*e0c4386eSCy Schubert return "InvalidValue";
88*e0c4386eSCy Schubert }
89*e0c4386eSCy Schubert
90*e0c4386eSCy Schubert
91*e0c4386eSCy Schubert /* ExpectedResult */
92*e0c4386eSCy Schubert
93*e0c4386eSCy Schubert static const test_enum ssl_test_results[] = {
94*e0c4386eSCy Schubert {"Success", SSL_TEST_SUCCESS},
95*e0c4386eSCy Schubert {"ServerFail", SSL_TEST_SERVER_FAIL},
96*e0c4386eSCy Schubert {"ClientFail", SSL_TEST_CLIENT_FAIL},
97*e0c4386eSCy Schubert {"InternalError", SSL_TEST_INTERNAL_ERROR},
98*e0c4386eSCy Schubert {"FirstHandshakeFailed", SSL_TEST_FIRST_HANDSHAKE_FAILED},
99*e0c4386eSCy Schubert };
100*e0c4386eSCy Schubert
parse_expected_result(SSL_TEST_CTX * test_ctx,const char * value)101*e0c4386eSCy Schubert __owur static int parse_expected_result(SSL_TEST_CTX *test_ctx, const char *value)
102*e0c4386eSCy Schubert {
103*e0c4386eSCy Schubert int ret_value;
104*e0c4386eSCy Schubert if (!parse_enum(ssl_test_results, OSSL_NELEM(ssl_test_results),
105*e0c4386eSCy Schubert &ret_value, value)) {
106*e0c4386eSCy Schubert return 0;
107*e0c4386eSCy Schubert }
108*e0c4386eSCy Schubert test_ctx->expected_result = ret_value;
109*e0c4386eSCy Schubert return 1;
110*e0c4386eSCy Schubert }
111*e0c4386eSCy Schubert
ssl_test_result_name(ssl_test_result_t result)112*e0c4386eSCy Schubert const char *ssl_test_result_name(ssl_test_result_t result)
113*e0c4386eSCy Schubert {
114*e0c4386eSCy Schubert return enum_name(ssl_test_results, OSSL_NELEM(ssl_test_results), result);
115*e0c4386eSCy Schubert }
116*e0c4386eSCy Schubert
117*e0c4386eSCy Schubert /* ExpectedClientAlert / ExpectedServerAlert */
118*e0c4386eSCy Schubert
119*e0c4386eSCy Schubert static const test_enum ssl_alerts[] = {
120*e0c4386eSCy Schubert {"UnknownCA", SSL_AD_UNKNOWN_CA},
121*e0c4386eSCy Schubert {"HandshakeFailure", SSL_AD_HANDSHAKE_FAILURE},
122*e0c4386eSCy Schubert {"UnrecognizedName", SSL_AD_UNRECOGNIZED_NAME},
123*e0c4386eSCy Schubert {"NoRenegotiation", SSL_AD_NO_RENEGOTIATION},
124*e0c4386eSCy Schubert {"BadCertificate", SSL_AD_BAD_CERTIFICATE},
125*e0c4386eSCy Schubert {"NoApplicationProtocol", SSL_AD_NO_APPLICATION_PROTOCOL},
126*e0c4386eSCy Schubert {"CertificateRequired", SSL_AD_CERTIFICATE_REQUIRED},
127*e0c4386eSCy Schubert };
128*e0c4386eSCy Schubert
parse_alert(int * alert,const char * value)129*e0c4386eSCy Schubert __owur static int parse_alert(int *alert, const char *value)
130*e0c4386eSCy Schubert {
131*e0c4386eSCy Schubert return parse_enum(ssl_alerts, OSSL_NELEM(ssl_alerts), alert, value);
132*e0c4386eSCy Schubert }
133*e0c4386eSCy Schubert
parse_client_alert(SSL_TEST_CTX * test_ctx,const char * value)134*e0c4386eSCy Schubert __owur static int parse_client_alert(SSL_TEST_CTX *test_ctx, const char *value)
135*e0c4386eSCy Schubert {
136*e0c4386eSCy Schubert return parse_alert(&test_ctx->expected_client_alert, value);
137*e0c4386eSCy Schubert }
138*e0c4386eSCy Schubert
parse_server_alert(SSL_TEST_CTX * test_ctx,const char * value)139*e0c4386eSCy Schubert __owur static int parse_server_alert(SSL_TEST_CTX *test_ctx, const char *value)
140*e0c4386eSCy Schubert {
141*e0c4386eSCy Schubert return parse_alert(&test_ctx->expected_server_alert, value);
142*e0c4386eSCy Schubert }
143*e0c4386eSCy Schubert
ssl_alert_name(int alert)144*e0c4386eSCy Schubert const char *ssl_alert_name(int alert)
145*e0c4386eSCy Schubert {
146*e0c4386eSCy Schubert return enum_name(ssl_alerts, OSSL_NELEM(ssl_alerts), alert);
147*e0c4386eSCy Schubert }
148*e0c4386eSCy Schubert
149*e0c4386eSCy Schubert /* ExpectedProtocol */
150*e0c4386eSCy Schubert
151*e0c4386eSCy Schubert static const test_enum ssl_protocols[] = {
152*e0c4386eSCy Schubert {"TLSv1.3", TLS1_3_VERSION},
153*e0c4386eSCy Schubert {"TLSv1.2", TLS1_2_VERSION},
154*e0c4386eSCy Schubert {"TLSv1.1", TLS1_1_VERSION},
155*e0c4386eSCy Schubert {"TLSv1", TLS1_VERSION},
156*e0c4386eSCy Schubert {"SSLv3", SSL3_VERSION},
157*e0c4386eSCy Schubert {"DTLSv1", DTLS1_VERSION},
158*e0c4386eSCy Schubert {"DTLSv1.2", DTLS1_2_VERSION},
159*e0c4386eSCy Schubert };
160*e0c4386eSCy Schubert
parse_protocol(SSL_TEST_CTX * test_ctx,const char * value)161*e0c4386eSCy Schubert __owur static int parse_protocol(SSL_TEST_CTX *test_ctx, const char *value)
162*e0c4386eSCy Schubert {
163*e0c4386eSCy Schubert return parse_enum(ssl_protocols, OSSL_NELEM(ssl_protocols),
164*e0c4386eSCy Schubert &test_ctx->expected_protocol, value);
165*e0c4386eSCy Schubert }
166*e0c4386eSCy Schubert
ssl_protocol_name(int protocol)167*e0c4386eSCy Schubert const char *ssl_protocol_name(int protocol)
168*e0c4386eSCy Schubert {
169*e0c4386eSCy Schubert return enum_name(ssl_protocols, OSSL_NELEM(ssl_protocols), protocol);
170*e0c4386eSCy Schubert }
171*e0c4386eSCy Schubert
172*e0c4386eSCy Schubert /* VerifyCallback */
173*e0c4386eSCy Schubert
174*e0c4386eSCy Schubert static const test_enum ssl_verify_callbacks[] = {
175*e0c4386eSCy Schubert {"None", SSL_TEST_VERIFY_NONE},
176*e0c4386eSCy Schubert {"AcceptAll", SSL_TEST_VERIFY_ACCEPT_ALL},
177*e0c4386eSCy Schubert {"RetryOnce", SSL_TEST_VERIFY_RETRY_ONCE},
178*e0c4386eSCy Schubert {"RejectAll", SSL_TEST_VERIFY_REJECT_ALL},
179*e0c4386eSCy Schubert };
180*e0c4386eSCy Schubert
parse_client_verify_callback(SSL_TEST_CLIENT_CONF * client_conf,const char * value)181*e0c4386eSCy Schubert __owur static int parse_client_verify_callback(SSL_TEST_CLIENT_CONF *client_conf,
182*e0c4386eSCy Schubert const char *value)
183*e0c4386eSCy Schubert {
184*e0c4386eSCy Schubert int ret_value;
185*e0c4386eSCy Schubert
186*e0c4386eSCy Schubert if (!parse_enum(ssl_verify_callbacks, OSSL_NELEM(ssl_verify_callbacks),
187*e0c4386eSCy Schubert &ret_value, value)) {
188*e0c4386eSCy Schubert return 0;
189*e0c4386eSCy Schubert }
190*e0c4386eSCy Schubert client_conf->verify_callback = ret_value;
191*e0c4386eSCy Schubert return 1;
192*e0c4386eSCy Schubert }
193*e0c4386eSCy Schubert
ssl_verify_callback_name(ssl_verify_callback_t callback)194*e0c4386eSCy Schubert const char *ssl_verify_callback_name(ssl_verify_callback_t callback)
195*e0c4386eSCy Schubert {
196*e0c4386eSCy Schubert return enum_name(ssl_verify_callbacks, OSSL_NELEM(ssl_verify_callbacks),
197*e0c4386eSCy Schubert callback);
198*e0c4386eSCy Schubert }
199*e0c4386eSCy Schubert
200*e0c4386eSCy Schubert /* ServerName */
201*e0c4386eSCy Schubert
202*e0c4386eSCy Schubert static const test_enum ssl_servername[] = {
203*e0c4386eSCy Schubert {"None", SSL_TEST_SERVERNAME_NONE},
204*e0c4386eSCy Schubert {"server1", SSL_TEST_SERVERNAME_SERVER1},
205*e0c4386eSCy Schubert {"server2", SSL_TEST_SERVERNAME_SERVER2},
206*e0c4386eSCy Schubert {"invalid", SSL_TEST_SERVERNAME_INVALID},
207*e0c4386eSCy Schubert };
208*e0c4386eSCy Schubert
parse_servername(SSL_TEST_CLIENT_CONF * client_conf,const char * value)209*e0c4386eSCy Schubert __owur static int parse_servername(SSL_TEST_CLIENT_CONF *client_conf,
210*e0c4386eSCy Schubert const char *value)
211*e0c4386eSCy Schubert {
212*e0c4386eSCy Schubert int ret_value;
213*e0c4386eSCy Schubert if (!parse_enum(ssl_servername, OSSL_NELEM(ssl_servername),
214*e0c4386eSCy Schubert &ret_value, value)) {
215*e0c4386eSCy Schubert return 0;
216*e0c4386eSCy Schubert }
217*e0c4386eSCy Schubert client_conf->servername = ret_value;
218*e0c4386eSCy Schubert return 1;
219*e0c4386eSCy Schubert }
220*e0c4386eSCy Schubert
parse_expected_servername(SSL_TEST_CTX * test_ctx,const char * value)221*e0c4386eSCy Schubert __owur static int parse_expected_servername(SSL_TEST_CTX *test_ctx,
222*e0c4386eSCy Schubert const char *value)
223*e0c4386eSCy Schubert {
224*e0c4386eSCy Schubert int ret_value;
225*e0c4386eSCy Schubert if (!parse_enum(ssl_servername, OSSL_NELEM(ssl_servername),
226*e0c4386eSCy Schubert &ret_value, value)) {
227*e0c4386eSCy Schubert return 0;
228*e0c4386eSCy Schubert }
229*e0c4386eSCy Schubert test_ctx->expected_servername = ret_value;
230*e0c4386eSCy Schubert return 1;
231*e0c4386eSCy Schubert }
232*e0c4386eSCy Schubert
ssl_servername_name(ssl_servername_t server)233*e0c4386eSCy Schubert const char *ssl_servername_name(ssl_servername_t server)
234*e0c4386eSCy Schubert {
235*e0c4386eSCy Schubert return enum_name(ssl_servername, OSSL_NELEM(ssl_servername),
236*e0c4386eSCy Schubert server);
237*e0c4386eSCy Schubert }
238*e0c4386eSCy Schubert
239*e0c4386eSCy Schubert /* ServerNameCallback */
240*e0c4386eSCy Schubert
241*e0c4386eSCy Schubert static const test_enum ssl_servername_callbacks[] = {
242*e0c4386eSCy Schubert {"None", SSL_TEST_SERVERNAME_CB_NONE},
243*e0c4386eSCy Schubert {"IgnoreMismatch", SSL_TEST_SERVERNAME_IGNORE_MISMATCH},
244*e0c4386eSCy Schubert {"RejectMismatch", SSL_TEST_SERVERNAME_REJECT_MISMATCH},
245*e0c4386eSCy Schubert {"ClientHelloIgnoreMismatch",
246*e0c4386eSCy Schubert SSL_TEST_SERVERNAME_CLIENT_HELLO_IGNORE_MISMATCH},
247*e0c4386eSCy Schubert {"ClientHelloRejectMismatch",
248*e0c4386eSCy Schubert SSL_TEST_SERVERNAME_CLIENT_HELLO_REJECT_MISMATCH},
249*e0c4386eSCy Schubert {"ClientHelloNoV12", SSL_TEST_SERVERNAME_CLIENT_HELLO_NO_V12},
250*e0c4386eSCy Schubert };
251*e0c4386eSCy Schubert
parse_servername_callback(SSL_TEST_SERVER_CONF * server_conf,const char * value)252*e0c4386eSCy Schubert __owur static int parse_servername_callback(SSL_TEST_SERVER_CONF *server_conf,
253*e0c4386eSCy Schubert const char *value)
254*e0c4386eSCy Schubert {
255*e0c4386eSCy Schubert int ret_value;
256*e0c4386eSCy Schubert if (!parse_enum(ssl_servername_callbacks,
257*e0c4386eSCy Schubert OSSL_NELEM(ssl_servername_callbacks), &ret_value, value)) {
258*e0c4386eSCy Schubert return 0;
259*e0c4386eSCy Schubert }
260*e0c4386eSCy Schubert server_conf->servername_callback = ret_value;
261*e0c4386eSCy Schubert return 1;
262*e0c4386eSCy Schubert }
263*e0c4386eSCy Schubert
ssl_servername_callback_name(ssl_servername_callback_t callback)264*e0c4386eSCy Schubert const char *ssl_servername_callback_name(ssl_servername_callback_t callback)
265*e0c4386eSCy Schubert {
266*e0c4386eSCy Schubert return enum_name(ssl_servername_callbacks,
267*e0c4386eSCy Schubert OSSL_NELEM(ssl_servername_callbacks), callback);
268*e0c4386eSCy Schubert }
269*e0c4386eSCy Schubert
270*e0c4386eSCy Schubert /* SessionTicketExpected */
271*e0c4386eSCy Schubert
272*e0c4386eSCy Schubert static const test_enum ssl_session_ticket[] = {
273*e0c4386eSCy Schubert {"Ignore", SSL_TEST_SESSION_TICKET_IGNORE},
274*e0c4386eSCy Schubert {"Yes", SSL_TEST_SESSION_TICKET_YES},
275*e0c4386eSCy Schubert {"No", SSL_TEST_SESSION_TICKET_NO},
276*e0c4386eSCy Schubert };
277*e0c4386eSCy Schubert
parse_session_ticket(SSL_TEST_CTX * test_ctx,const char * value)278*e0c4386eSCy Schubert __owur static int parse_session_ticket(SSL_TEST_CTX *test_ctx, const char *value)
279*e0c4386eSCy Schubert {
280*e0c4386eSCy Schubert int ret_value;
281*e0c4386eSCy Schubert if (!parse_enum(ssl_session_ticket, OSSL_NELEM(ssl_session_ticket),
282*e0c4386eSCy Schubert &ret_value, value)) {
283*e0c4386eSCy Schubert return 0;
284*e0c4386eSCy Schubert }
285*e0c4386eSCy Schubert test_ctx->session_ticket_expected = ret_value;
286*e0c4386eSCy Schubert return 1;
287*e0c4386eSCy Schubert }
288*e0c4386eSCy Schubert
ssl_session_ticket_name(ssl_session_ticket_t server)289*e0c4386eSCy Schubert const char *ssl_session_ticket_name(ssl_session_ticket_t server)
290*e0c4386eSCy Schubert {
291*e0c4386eSCy Schubert return enum_name(ssl_session_ticket,
292*e0c4386eSCy Schubert OSSL_NELEM(ssl_session_ticket),
293*e0c4386eSCy Schubert server);
294*e0c4386eSCy Schubert }
295*e0c4386eSCy Schubert
296*e0c4386eSCy Schubert /* CompressionExpected */
297*e0c4386eSCy Schubert
298*e0c4386eSCy Schubert IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, compression_expected)
299*e0c4386eSCy Schubert
300*e0c4386eSCy Schubert /* SessionIdExpected */
301*e0c4386eSCy Schubert
302*e0c4386eSCy Schubert static const test_enum ssl_session_id[] = {
303*e0c4386eSCy Schubert {"Ignore", SSL_TEST_SESSION_ID_IGNORE},
304*e0c4386eSCy Schubert {"Yes", SSL_TEST_SESSION_ID_YES},
305*e0c4386eSCy Schubert {"No", SSL_TEST_SESSION_ID_NO},
306*e0c4386eSCy Schubert };
307*e0c4386eSCy Schubert
parse_session_id(SSL_TEST_CTX * test_ctx,const char * value)308*e0c4386eSCy Schubert __owur static int parse_session_id(SSL_TEST_CTX *test_ctx, const char *value)
309*e0c4386eSCy Schubert {
310*e0c4386eSCy Schubert int ret_value;
311*e0c4386eSCy Schubert if (!parse_enum(ssl_session_id, OSSL_NELEM(ssl_session_id),
312*e0c4386eSCy Schubert &ret_value, value)) {
313*e0c4386eSCy Schubert return 0;
314*e0c4386eSCy Schubert }
315*e0c4386eSCy Schubert test_ctx->session_id_expected = ret_value;
316*e0c4386eSCy Schubert return 1;
317*e0c4386eSCy Schubert }
318*e0c4386eSCy Schubert
ssl_session_id_name(ssl_session_id_t server)319*e0c4386eSCy Schubert const char *ssl_session_id_name(ssl_session_id_t server)
320*e0c4386eSCy Schubert {
321*e0c4386eSCy Schubert return enum_name(ssl_session_id,
322*e0c4386eSCy Schubert OSSL_NELEM(ssl_session_id),
323*e0c4386eSCy Schubert server);
324*e0c4386eSCy Schubert }
325*e0c4386eSCy Schubert
326*e0c4386eSCy Schubert /* Method */
327*e0c4386eSCy Schubert
328*e0c4386eSCy Schubert static const test_enum ssl_test_methods[] = {
329*e0c4386eSCy Schubert {"TLS", SSL_TEST_METHOD_TLS},
330*e0c4386eSCy Schubert {"DTLS", SSL_TEST_METHOD_DTLS},
331*e0c4386eSCy Schubert };
332*e0c4386eSCy Schubert
parse_test_method(SSL_TEST_CTX * test_ctx,const char * value)333*e0c4386eSCy Schubert __owur static int parse_test_method(SSL_TEST_CTX *test_ctx, const char *value)
334*e0c4386eSCy Schubert {
335*e0c4386eSCy Schubert int ret_value;
336*e0c4386eSCy Schubert if (!parse_enum(ssl_test_methods, OSSL_NELEM(ssl_test_methods),
337*e0c4386eSCy Schubert &ret_value, value)) {
338*e0c4386eSCy Schubert return 0;
339*e0c4386eSCy Schubert }
340*e0c4386eSCy Schubert test_ctx->method = ret_value;
341*e0c4386eSCy Schubert return 1;
342*e0c4386eSCy Schubert }
343*e0c4386eSCy Schubert
ssl_test_method_name(ssl_test_method_t method)344*e0c4386eSCy Schubert const char *ssl_test_method_name(ssl_test_method_t method)
345*e0c4386eSCy Schubert {
346*e0c4386eSCy Schubert return enum_name(ssl_test_methods, OSSL_NELEM(ssl_test_methods), method);
347*e0c4386eSCy Schubert }
348*e0c4386eSCy Schubert
349*e0c4386eSCy Schubert /* NPN and ALPN options */
350*e0c4386eSCy Schubert
351*e0c4386eSCy Schubert IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, npn_protocols)
352*e0c4386eSCy Schubert IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, npn_protocols)
353*e0c4386eSCy Schubert IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_npn_protocol)
354*e0c4386eSCy Schubert IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, alpn_protocols)
355*e0c4386eSCy Schubert IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, alpn_protocols)
356*e0c4386eSCy Schubert IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_alpn_protocol)
357*e0c4386eSCy Schubert
358*e0c4386eSCy Schubert /* SRP options */
359*e0c4386eSCy Schubert IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, srp_user)
360*e0c4386eSCy Schubert IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, srp_user)
361*e0c4386eSCy Schubert IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, srp_password)
362*e0c4386eSCy Schubert IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, srp_password)
363*e0c4386eSCy Schubert
364*e0c4386eSCy Schubert /* Session Ticket App Data options */
365*e0c4386eSCy Schubert IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_session_ticket_app_data)
366*e0c4386eSCy Schubert IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, session_ticket_app_data)
367*e0c4386eSCy Schubert
368*e0c4386eSCy Schubert /* Handshake mode */
369*e0c4386eSCy Schubert
370*e0c4386eSCy Schubert static const test_enum ssl_handshake_modes[] = {
371*e0c4386eSCy Schubert {"Simple", SSL_TEST_HANDSHAKE_SIMPLE},
372*e0c4386eSCy Schubert {"Resume", SSL_TEST_HANDSHAKE_RESUME},
373*e0c4386eSCy Schubert {"RenegotiateServer", SSL_TEST_HANDSHAKE_RENEG_SERVER},
374*e0c4386eSCy Schubert {"RenegotiateClient", SSL_TEST_HANDSHAKE_RENEG_CLIENT},
375*e0c4386eSCy Schubert {"KeyUpdateServer", SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER},
376*e0c4386eSCy Schubert {"KeyUpdateClient", SSL_TEST_HANDSHAKE_KEY_UPDATE_CLIENT},
377*e0c4386eSCy Schubert {"PostHandshakeAuth", SSL_TEST_HANDSHAKE_POST_HANDSHAKE_AUTH},
378*e0c4386eSCy Schubert };
379*e0c4386eSCy Schubert
parse_handshake_mode(SSL_TEST_CTX * test_ctx,const char * value)380*e0c4386eSCy Schubert __owur static int parse_handshake_mode(SSL_TEST_CTX *test_ctx, const char *value)
381*e0c4386eSCy Schubert {
382*e0c4386eSCy Schubert int ret_value;
383*e0c4386eSCy Schubert if (!parse_enum(ssl_handshake_modes, OSSL_NELEM(ssl_handshake_modes),
384*e0c4386eSCy Schubert &ret_value, value)) {
385*e0c4386eSCy Schubert return 0;
386*e0c4386eSCy Schubert }
387*e0c4386eSCy Schubert test_ctx->handshake_mode = ret_value;
388*e0c4386eSCy Schubert return 1;
389*e0c4386eSCy Schubert }
390*e0c4386eSCy Schubert
ssl_handshake_mode_name(ssl_handshake_mode_t mode)391*e0c4386eSCy Schubert const char *ssl_handshake_mode_name(ssl_handshake_mode_t mode)
392*e0c4386eSCy Schubert {
393*e0c4386eSCy Schubert return enum_name(ssl_handshake_modes, OSSL_NELEM(ssl_handshake_modes),
394*e0c4386eSCy Schubert mode);
395*e0c4386eSCy Schubert }
396*e0c4386eSCy Schubert
397*e0c4386eSCy Schubert /* Renegotiation Ciphersuites */
398*e0c4386eSCy Schubert
399*e0c4386eSCy Schubert IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, reneg_ciphers)
400*e0c4386eSCy Schubert
401*e0c4386eSCy Schubert /* KeyUpdateType */
402*e0c4386eSCy Schubert
403*e0c4386eSCy Schubert static const test_enum ssl_key_update_types[] = {
404*e0c4386eSCy Schubert {"KeyUpdateRequested", SSL_KEY_UPDATE_REQUESTED},
405*e0c4386eSCy Schubert {"KeyUpdateNotRequested", SSL_KEY_UPDATE_NOT_REQUESTED},
406*e0c4386eSCy Schubert };
407*e0c4386eSCy Schubert
parse_key_update_type(SSL_TEST_CTX * test_ctx,const char * value)408*e0c4386eSCy Schubert __owur static int parse_key_update_type(SSL_TEST_CTX *test_ctx, const char *value)
409*e0c4386eSCy Schubert {
410*e0c4386eSCy Schubert int ret_value;
411*e0c4386eSCy Schubert if (!parse_enum(ssl_key_update_types, OSSL_NELEM(ssl_key_update_types),
412*e0c4386eSCy Schubert &ret_value, value)) {
413*e0c4386eSCy Schubert return 0;
414*e0c4386eSCy Schubert }
415*e0c4386eSCy Schubert test_ctx->key_update_type = ret_value;
416*e0c4386eSCy Schubert return 1;
417*e0c4386eSCy Schubert }
418*e0c4386eSCy Schubert
419*e0c4386eSCy Schubert /* CT Validation */
420*e0c4386eSCy Schubert
421*e0c4386eSCy Schubert static const test_enum ssl_ct_validation_modes[] = {
422*e0c4386eSCy Schubert {"None", SSL_TEST_CT_VALIDATION_NONE},
423*e0c4386eSCy Schubert {"Permissive", SSL_TEST_CT_VALIDATION_PERMISSIVE},
424*e0c4386eSCy Schubert {"Strict", SSL_TEST_CT_VALIDATION_STRICT},
425*e0c4386eSCy Schubert };
426*e0c4386eSCy Schubert
parse_ct_validation(SSL_TEST_CLIENT_CONF * client_conf,const char * value)427*e0c4386eSCy Schubert __owur static int parse_ct_validation(SSL_TEST_CLIENT_CONF *client_conf,
428*e0c4386eSCy Schubert const char *value)
429*e0c4386eSCy Schubert {
430*e0c4386eSCy Schubert int ret_value;
431*e0c4386eSCy Schubert if (!parse_enum(ssl_ct_validation_modes, OSSL_NELEM(ssl_ct_validation_modes),
432*e0c4386eSCy Schubert &ret_value, value)) {
433*e0c4386eSCy Schubert return 0;
434*e0c4386eSCy Schubert }
435*e0c4386eSCy Schubert client_conf->ct_validation = ret_value;
436*e0c4386eSCy Schubert return 1;
437*e0c4386eSCy Schubert }
438*e0c4386eSCy Schubert
ssl_ct_validation_name(ssl_ct_validation_t mode)439*e0c4386eSCy Schubert const char *ssl_ct_validation_name(ssl_ct_validation_t mode)
440*e0c4386eSCy Schubert {
441*e0c4386eSCy Schubert return enum_name(ssl_ct_validation_modes, OSSL_NELEM(ssl_ct_validation_modes),
442*e0c4386eSCy Schubert mode);
443*e0c4386eSCy Schubert }
444*e0c4386eSCy Schubert
445*e0c4386eSCy Schubert IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, resumption_expected)
446*e0c4386eSCy Schubert IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_SERVER_CONF, server, broken_session_ticket)
447*e0c4386eSCy Schubert IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, use_sctp)
448*e0c4386eSCy Schubert IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, enable_client_sctp_label_bug)
449*e0c4386eSCy Schubert IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, enable_server_sctp_label_bug)
450*e0c4386eSCy Schubert
451*e0c4386eSCy Schubert /* CertStatus */
452*e0c4386eSCy Schubert
453*e0c4386eSCy Schubert static const test_enum ssl_certstatus[] = {
454*e0c4386eSCy Schubert {"None", SSL_TEST_CERT_STATUS_NONE},
455*e0c4386eSCy Schubert {"GoodResponse", SSL_TEST_CERT_STATUS_GOOD_RESPONSE},
456*e0c4386eSCy Schubert {"BadResponse", SSL_TEST_CERT_STATUS_BAD_RESPONSE}
457*e0c4386eSCy Schubert };
458*e0c4386eSCy Schubert
parse_certstatus(SSL_TEST_SERVER_CONF * server_conf,const char * value)459*e0c4386eSCy Schubert __owur static int parse_certstatus(SSL_TEST_SERVER_CONF *server_conf,
460*e0c4386eSCy Schubert const char *value)
461*e0c4386eSCy Schubert {
462*e0c4386eSCy Schubert int ret_value;
463*e0c4386eSCy Schubert if (!parse_enum(ssl_certstatus, OSSL_NELEM(ssl_certstatus), &ret_value,
464*e0c4386eSCy Schubert value)) {
465*e0c4386eSCy Schubert return 0;
466*e0c4386eSCy Schubert }
467*e0c4386eSCy Schubert server_conf->cert_status = ret_value;
468*e0c4386eSCy Schubert return 1;
469*e0c4386eSCy Schubert }
470*e0c4386eSCy Schubert
ssl_certstatus_name(ssl_cert_status_t cert_status)471*e0c4386eSCy Schubert const char *ssl_certstatus_name(ssl_cert_status_t cert_status)
472*e0c4386eSCy Schubert {
473*e0c4386eSCy Schubert return enum_name(ssl_certstatus,
474*e0c4386eSCy Schubert OSSL_NELEM(ssl_certstatus), cert_status);
475*e0c4386eSCy Schubert }
476*e0c4386eSCy Schubert
477*e0c4386eSCy Schubert /* ApplicationData */
478*e0c4386eSCy Schubert
479*e0c4386eSCy Schubert IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, app_data_size)
480*e0c4386eSCy Schubert
481*e0c4386eSCy Schubert
482*e0c4386eSCy Schubert /* MaxFragmentSize */
483*e0c4386eSCy Schubert
484*e0c4386eSCy Schubert IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, max_fragment_size)
485*e0c4386eSCy Schubert
486*e0c4386eSCy Schubert /* Maximum-Fragment-Length TLS extension mode */
487*e0c4386eSCy Schubert static const test_enum ssl_max_fragment_len_mode[] = {
488*e0c4386eSCy Schubert {"None", TLSEXT_max_fragment_length_DISABLED},
489*e0c4386eSCy Schubert { "512", TLSEXT_max_fragment_length_512},
490*e0c4386eSCy Schubert {"1024", TLSEXT_max_fragment_length_1024},
491*e0c4386eSCy Schubert {"2048", TLSEXT_max_fragment_length_2048},
492*e0c4386eSCy Schubert {"4096", TLSEXT_max_fragment_length_4096}
493*e0c4386eSCy Schubert };
494*e0c4386eSCy Schubert
parse_max_fragment_len_mode(SSL_TEST_CLIENT_CONF * client_conf,const char * value)495*e0c4386eSCy Schubert __owur static int parse_max_fragment_len_mode(SSL_TEST_CLIENT_CONF *client_conf,
496*e0c4386eSCy Schubert const char *value)
497*e0c4386eSCy Schubert {
498*e0c4386eSCy Schubert int ret_value;
499*e0c4386eSCy Schubert
500*e0c4386eSCy Schubert if (!parse_enum(ssl_max_fragment_len_mode,
501*e0c4386eSCy Schubert OSSL_NELEM(ssl_max_fragment_len_mode), &ret_value, value)) {
502*e0c4386eSCy Schubert return 0;
503*e0c4386eSCy Schubert }
504*e0c4386eSCy Schubert client_conf->max_fragment_len_mode = ret_value;
505*e0c4386eSCy Schubert return 1;
506*e0c4386eSCy Schubert }
507*e0c4386eSCy Schubert
ssl_max_fragment_len_name(int MFL_mode)508*e0c4386eSCy Schubert const char *ssl_max_fragment_len_name(int MFL_mode)
509*e0c4386eSCy Schubert {
510*e0c4386eSCy Schubert return enum_name(ssl_max_fragment_len_mode,
511*e0c4386eSCy Schubert OSSL_NELEM(ssl_max_fragment_len_mode), MFL_mode);
512*e0c4386eSCy Schubert }
513*e0c4386eSCy Schubert
514*e0c4386eSCy Schubert
515*e0c4386eSCy Schubert /* Expected key and signature types */
516*e0c4386eSCy Schubert
parse_expected_key_type(int * ptype,const char * value)517*e0c4386eSCy Schubert __owur static int parse_expected_key_type(int *ptype, const char *value)
518*e0c4386eSCy Schubert {
519*e0c4386eSCy Schubert int nid;
520*e0c4386eSCy Schubert const EVP_PKEY_ASN1_METHOD *ameth;
521*e0c4386eSCy Schubert
522*e0c4386eSCy Schubert if (value == NULL)
523*e0c4386eSCy Schubert return 0;
524*e0c4386eSCy Schubert ameth = EVP_PKEY_asn1_find_str(NULL, value, -1);
525*e0c4386eSCy Schubert if (ameth != NULL)
526*e0c4386eSCy Schubert EVP_PKEY_asn1_get0_info(&nid, NULL, NULL, NULL, NULL, ameth);
527*e0c4386eSCy Schubert else
528*e0c4386eSCy Schubert nid = OBJ_sn2nid(value);
529*e0c4386eSCy Schubert if (nid == NID_undef)
530*e0c4386eSCy Schubert nid = OBJ_ln2nid(value);
531*e0c4386eSCy Schubert #ifndef OPENSSL_NO_EC
532*e0c4386eSCy Schubert if (nid == NID_undef)
533*e0c4386eSCy Schubert nid = EC_curve_nist2nid(value);
534*e0c4386eSCy Schubert #endif
535*e0c4386eSCy Schubert if (nid == NID_undef)
536*e0c4386eSCy Schubert return 0;
537*e0c4386eSCy Schubert *ptype = nid;
538*e0c4386eSCy Schubert return 1;
539*e0c4386eSCy Schubert }
540*e0c4386eSCy Schubert
parse_expected_tmp_key_type(SSL_TEST_CTX * test_ctx,const char * value)541*e0c4386eSCy Schubert __owur static int parse_expected_tmp_key_type(SSL_TEST_CTX *test_ctx,
542*e0c4386eSCy Schubert const char *value)
543*e0c4386eSCy Schubert {
544*e0c4386eSCy Schubert return parse_expected_key_type(&test_ctx->expected_tmp_key_type, value);
545*e0c4386eSCy Schubert }
546*e0c4386eSCy Schubert
parse_expected_server_cert_type(SSL_TEST_CTX * test_ctx,const char * value)547*e0c4386eSCy Schubert __owur static int parse_expected_server_cert_type(SSL_TEST_CTX *test_ctx,
548*e0c4386eSCy Schubert const char *value)
549*e0c4386eSCy Schubert {
550*e0c4386eSCy Schubert return parse_expected_key_type(&test_ctx->expected_server_cert_type,
551*e0c4386eSCy Schubert value);
552*e0c4386eSCy Schubert }
553*e0c4386eSCy Schubert
parse_expected_server_sign_type(SSL_TEST_CTX * test_ctx,const char * value)554*e0c4386eSCy Schubert __owur static int parse_expected_server_sign_type(SSL_TEST_CTX *test_ctx,
555*e0c4386eSCy Schubert const char *value)
556*e0c4386eSCy Schubert {
557*e0c4386eSCy Schubert return parse_expected_key_type(&test_ctx->expected_server_sign_type,
558*e0c4386eSCy Schubert value);
559*e0c4386eSCy Schubert }
560*e0c4386eSCy Schubert
parse_expected_client_cert_type(SSL_TEST_CTX * test_ctx,const char * value)561*e0c4386eSCy Schubert __owur static int parse_expected_client_cert_type(SSL_TEST_CTX *test_ctx,
562*e0c4386eSCy Schubert const char *value)
563*e0c4386eSCy Schubert {
564*e0c4386eSCy Schubert return parse_expected_key_type(&test_ctx->expected_client_cert_type,
565*e0c4386eSCy Schubert value);
566*e0c4386eSCy Schubert }
567*e0c4386eSCy Schubert
parse_expected_client_sign_type(SSL_TEST_CTX * test_ctx,const char * value)568*e0c4386eSCy Schubert __owur static int parse_expected_client_sign_type(SSL_TEST_CTX *test_ctx,
569*e0c4386eSCy Schubert const char *value)
570*e0c4386eSCy Schubert {
571*e0c4386eSCy Schubert return parse_expected_key_type(&test_ctx->expected_client_sign_type,
572*e0c4386eSCy Schubert value);
573*e0c4386eSCy Schubert }
574*e0c4386eSCy Schubert
575*e0c4386eSCy Schubert
576*e0c4386eSCy Schubert /* Expected signing hash */
577*e0c4386eSCy Schubert
parse_expected_sign_hash(int * ptype,const char * value)578*e0c4386eSCy Schubert __owur static int parse_expected_sign_hash(int *ptype, const char *value)
579*e0c4386eSCy Schubert {
580*e0c4386eSCy Schubert int nid;
581*e0c4386eSCy Schubert
582*e0c4386eSCy Schubert if (value == NULL)
583*e0c4386eSCy Schubert return 0;
584*e0c4386eSCy Schubert nid = OBJ_sn2nid(value);
585*e0c4386eSCy Schubert if (nid == NID_undef)
586*e0c4386eSCy Schubert nid = OBJ_ln2nid(value);
587*e0c4386eSCy Schubert if (nid == NID_undef)
588*e0c4386eSCy Schubert return 0;
589*e0c4386eSCy Schubert *ptype = nid;
590*e0c4386eSCy Schubert return 1;
591*e0c4386eSCy Schubert }
592*e0c4386eSCy Schubert
parse_expected_server_sign_hash(SSL_TEST_CTX * test_ctx,const char * value)593*e0c4386eSCy Schubert __owur static int parse_expected_server_sign_hash(SSL_TEST_CTX *test_ctx,
594*e0c4386eSCy Schubert const char *value)
595*e0c4386eSCy Schubert {
596*e0c4386eSCy Schubert return parse_expected_sign_hash(&test_ctx->expected_server_sign_hash,
597*e0c4386eSCy Schubert value);
598*e0c4386eSCy Schubert }
599*e0c4386eSCy Schubert
parse_expected_client_sign_hash(SSL_TEST_CTX * test_ctx,const char * value)600*e0c4386eSCy Schubert __owur static int parse_expected_client_sign_hash(SSL_TEST_CTX *test_ctx,
601*e0c4386eSCy Schubert const char *value)
602*e0c4386eSCy Schubert {
603*e0c4386eSCy Schubert return parse_expected_sign_hash(&test_ctx->expected_client_sign_hash,
604*e0c4386eSCy Schubert value);
605*e0c4386eSCy Schubert }
606*e0c4386eSCy Schubert
parse_expected_ca_names(STACK_OF (X509_NAME)** pnames,const char * value,OSSL_LIB_CTX * libctx)607*e0c4386eSCy Schubert __owur static int parse_expected_ca_names(STACK_OF(X509_NAME) **pnames,
608*e0c4386eSCy Schubert const char *value,
609*e0c4386eSCy Schubert OSSL_LIB_CTX *libctx)
610*e0c4386eSCy Schubert {
611*e0c4386eSCy Schubert if (value == NULL)
612*e0c4386eSCy Schubert return 0;
613*e0c4386eSCy Schubert if (!strcmp(value, "empty"))
614*e0c4386eSCy Schubert *pnames = sk_X509_NAME_new_null();
615*e0c4386eSCy Schubert else
616*e0c4386eSCy Schubert *pnames = SSL_load_client_CA_file_ex(value, libctx, NULL);
617*e0c4386eSCy Schubert return *pnames != NULL;
618*e0c4386eSCy Schubert }
parse_expected_server_ca_names(SSL_TEST_CTX * test_ctx,const char * value)619*e0c4386eSCy Schubert __owur static int parse_expected_server_ca_names(SSL_TEST_CTX *test_ctx,
620*e0c4386eSCy Schubert const char *value)
621*e0c4386eSCy Schubert {
622*e0c4386eSCy Schubert return parse_expected_ca_names(&test_ctx->expected_server_ca_names, value,
623*e0c4386eSCy Schubert test_ctx->libctx);
624*e0c4386eSCy Schubert }
parse_expected_client_ca_names(SSL_TEST_CTX * test_ctx,const char * value)625*e0c4386eSCy Schubert __owur static int parse_expected_client_ca_names(SSL_TEST_CTX *test_ctx,
626*e0c4386eSCy Schubert const char *value)
627*e0c4386eSCy Schubert {
628*e0c4386eSCy Schubert return parse_expected_ca_names(&test_ctx->expected_client_ca_names, value,
629*e0c4386eSCy Schubert test_ctx->libctx);
630*e0c4386eSCy Schubert }
631*e0c4386eSCy Schubert
632*e0c4386eSCy Schubert /* ExpectedCipher */
633*e0c4386eSCy Schubert
634*e0c4386eSCy Schubert IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_cipher)
635*e0c4386eSCy Schubert
636*e0c4386eSCy Schubert /* Client and Server PHA */
637*e0c4386eSCy Schubert
638*e0c4386eSCy Schubert IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CLIENT_CONF, client, enable_pha)
639*e0c4386eSCy Schubert IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_SERVER_CONF, server, force_pha)
640*e0c4386eSCy Schubert IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CLIENT_CONF, client, no_extms_on_reneg)
641*e0c4386eSCy Schubert
642*e0c4386eSCy Schubert /* Known test options and their corresponding parse methods. */
643*e0c4386eSCy Schubert
644*e0c4386eSCy Schubert /* Top-level options. */
645*e0c4386eSCy Schubert typedef struct {
646*e0c4386eSCy Schubert const char *name;
647*e0c4386eSCy Schubert int (*parse)(SSL_TEST_CTX *test_ctx, const char *value);
648*e0c4386eSCy Schubert } ssl_test_ctx_option;
649*e0c4386eSCy Schubert
650*e0c4386eSCy Schubert static const ssl_test_ctx_option ssl_test_ctx_options[] = {
651*e0c4386eSCy Schubert { "ExpectedResult", &parse_expected_result },
652*e0c4386eSCy Schubert { "ExpectedClientAlert", &parse_client_alert },
653*e0c4386eSCy Schubert { "ExpectedServerAlert", &parse_server_alert },
654*e0c4386eSCy Schubert { "ExpectedProtocol", &parse_protocol },
655*e0c4386eSCy Schubert { "ExpectedServerName", &parse_expected_servername },
656*e0c4386eSCy Schubert { "SessionTicketExpected", &parse_session_ticket },
657*e0c4386eSCy Schubert { "CompressionExpected", &parse_test_compression_expected },
658*e0c4386eSCy Schubert { "SessionIdExpected", &parse_session_id },
659*e0c4386eSCy Schubert { "Method", &parse_test_method },
660*e0c4386eSCy Schubert { "ExpectedNPNProtocol", &parse_test_expected_npn_protocol },
661*e0c4386eSCy Schubert { "ExpectedALPNProtocol", &parse_test_expected_alpn_protocol },
662*e0c4386eSCy Schubert { "HandshakeMode", &parse_handshake_mode },
663*e0c4386eSCy Schubert { "KeyUpdateType", &parse_key_update_type },
664*e0c4386eSCy Schubert { "ResumptionExpected", &parse_test_resumption_expected },
665*e0c4386eSCy Schubert { "ApplicationData", &parse_test_app_data_size },
666*e0c4386eSCy Schubert { "MaxFragmentSize", &parse_test_max_fragment_size },
667*e0c4386eSCy Schubert { "ExpectedTmpKeyType", &parse_expected_tmp_key_type },
668*e0c4386eSCy Schubert { "ExpectedServerCertType", &parse_expected_server_cert_type },
669*e0c4386eSCy Schubert { "ExpectedServerSignHash", &parse_expected_server_sign_hash },
670*e0c4386eSCy Schubert { "ExpectedServerSignType", &parse_expected_server_sign_type },
671*e0c4386eSCy Schubert { "ExpectedServerCANames", &parse_expected_server_ca_names },
672*e0c4386eSCy Schubert { "ExpectedClientCertType", &parse_expected_client_cert_type },
673*e0c4386eSCy Schubert { "ExpectedClientSignHash", &parse_expected_client_sign_hash },
674*e0c4386eSCy Schubert { "ExpectedClientSignType", &parse_expected_client_sign_type },
675*e0c4386eSCy Schubert { "ExpectedClientCANames", &parse_expected_client_ca_names },
676*e0c4386eSCy Schubert { "UseSCTP", &parse_test_use_sctp },
677*e0c4386eSCy Schubert { "EnableClientSCTPLabelBug", &parse_test_enable_client_sctp_label_bug },
678*e0c4386eSCy Schubert { "EnableServerSCTPLabelBug", &parse_test_enable_server_sctp_label_bug },
679*e0c4386eSCy Schubert { "ExpectedCipher", &parse_test_expected_cipher },
680*e0c4386eSCy Schubert { "ExpectedSessionTicketAppData", &parse_test_expected_session_ticket_app_data },
681*e0c4386eSCy Schubert };
682*e0c4386eSCy Schubert
683*e0c4386eSCy Schubert /* Nested client options. */
684*e0c4386eSCy Schubert typedef struct {
685*e0c4386eSCy Schubert const char *name;
686*e0c4386eSCy Schubert int (*parse)(SSL_TEST_CLIENT_CONF *conf, const char *value);
687*e0c4386eSCy Schubert } ssl_test_client_option;
688*e0c4386eSCy Schubert
689*e0c4386eSCy Schubert static const ssl_test_client_option ssl_test_client_options[] = {
690*e0c4386eSCy Schubert { "VerifyCallback", &parse_client_verify_callback },
691*e0c4386eSCy Schubert { "ServerName", &parse_servername },
692*e0c4386eSCy Schubert { "NPNProtocols", &parse_client_npn_protocols },
693*e0c4386eSCy Schubert { "ALPNProtocols", &parse_client_alpn_protocols },
694*e0c4386eSCy Schubert { "CTValidation", &parse_ct_validation },
695*e0c4386eSCy Schubert { "RenegotiateCiphers", &parse_client_reneg_ciphers},
696*e0c4386eSCy Schubert { "SRPUser", &parse_client_srp_user },
697*e0c4386eSCy Schubert { "SRPPassword", &parse_client_srp_password },
698*e0c4386eSCy Schubert { "MaxFragmentLenExt", &parse_max_fragment_len_mode },
699*e0c4386eSCy Schubert { "EnablePHA", &parse_client_enable_pha },
700*e0c4386eSCy Schubert { "RenegotiateNoExtms", &parse_client_no_extms_on_reneg },
701*e0c4386eSCy Schubert };
702*e0c4386eSCy Schubert
703*e0c4386eSCy Schubert /* Nested server options. */
704*e0c4386eSCy Schubert typedef struct {
705*e0c4386eSCy Schubert const char *name;
706*e0c4386eSCy Schubert int (*parse)(SSL_TEST_SERVER_CONF *conf, const char *value);
707*e0c4386eSCy Schubert } ssl_test_server_option;
708*e0c4386eSCy Schubert
709*e0c4386eSCy Schubert static const ssl_test_server_option ssl_test_server_options[] = {
710*e0c4386eSCy Schubert { "ServerNameCallback", &parse_servername_callback },
711*e0c4386eSCy Schubert { "NPNProtocols", &parse_server_npn_protocols },
712*e0c4386eSCy Schubert { "ALPNProtocols", &parse_server_alpn_protocols },
713*e0c4386eSCy Schubert { "BrokenSessionTicket", &parse_server_broken_session_ticket },
714*e0c4386eSCy Schubert { "CertStatus", &parse_certstatus },
715*e0c4386eSCy Schubert { "SRPUser", &parse_server_srp_user },
716*e0c4386eSCy Schubert { "SRPPassword", &parse_server_srp_password },
717*e0c4386eSCy Schubert { "ForcePHA", &parse_server_force_pha },
718*e0c4386eSCy Schubert { "SessionTicketAppData", &parse_server_session_ticket_app_data },
719*e0c4386eSCy Schubert };
720*e0c4386eSCy Schubert
SSL_TEST_CTX_new(OSSL_LIB_CTX * libctx)721*e0c4386eSCy Schubert SSL_TEST_CTX *SSL_TEST_CTX_new(OSSL_LIB_CTX *libctx)
722*e0c4386eSCy Schubert {
723*e0c4386eSCy Schubert SSL_TEST_CTX *ret;
724*e0c4386eSCy Schubert
725*e0c4386eSCy Schubert /* The return code is checked by caller */
726*e0c4386eSCy Schubert if ((ret = OPENSSL_zalloc(sizeof(*ret))) != NULL) {
727*e0c4386eSCy Schubert ret->libctx = libctx;
728*e0c4386eSCy Schubert ret->app_data_size = default_app_data_size;
729*e0c4386eSCy Schubert ret->max_fragment_size = default_max_fragment_size;
730*e0c4386eSCy Schubert }
731*e0c4386eSCy Schubert return ret;
732*e0c4386eSCy Schubert }
733*e0c4386eSCy Schubert
ssl_test_extra_conf_free_data(SSL_TEST_EXTRA_CONF * conf)734*e0c4386eSCy Schubert static void ssl_test_extra_conf_free_data(SSL_TEST_EXTRA_CONF *conf)
735*e0c4386eSCy Schubert {
736*e0c4386eSCy Schubert OPENSSL_free(conf->client.npn_protocols);
737*e0c4386eSCy Schubert OPENSSL_free(conf->server.npn_protocols);
738*e0c4386eSCy Schubert OPENSSL_free(conf->server2.npn_protocols);
739*e0c4386eSCy Schubert OPENSSL_free(conf->client.alpn_protocols);
740*e0c4386eSCy Schubert OPENSSL_free(conf->server.alpn_protocols);
741*e0c4386eSCy Schubert OPENSSL_free(conf->server2.alpn_protocols);
742*e0c4386eSCy Schubert OPENSSL_free(conf->client.reneg_ciphers);
743*e0c4386eSCy Schubert OPENSSL_free(conf->server.srp_user);
744*e0c4386eSCy Schubert OPENSSL_free(conf->server.srp_password);
745*e0c4386eSCy Schubert OPENSSL_free(conf->server2.srp_user);
746*e0c4386eSCy Schubert OPENSSL_free(conf->server2.srp_password);
747*e0c4386eSCy Schubert OPENSSL_free(conf->client.srp_user);
748*e0c4386eSCy Schubert OPENSSL_free(conf->client.srp_password);
749*e0c4386eSCy Schubert OPENSSL_free(conf->server.session_ticket_app_data);
750*e0c4386eSCy Schubert OPENSSL_free(conf->server2.session_ticket_app_data);
751*e0c4386eSCy Schubert }
752*e0c4386eSCy Schubert
ssl_test_ctx_free_extra_data(SSL_TEST_CTX * ctx)753*e0c4386eSCy Schubert static void ssl_test_ctx_free_extra_data(SSL_TEST_CTX *ctx)
754*e0c4386eSCy Schubert {
755*e0c4386eSCy Schubert ssl_test_extra_conf_free_data(&ctx->extra);
756*e0c4386eSCy Schubert ssl_test_extra_conf_free_data(&ctx->resume_extra);
757*e0c4386eSCy Schubert }
758*e0c4386eSCy Schubert
SSL_TEST_CTX_free(SSL_TEST_CTX * ctx)759*e0c4386eSCy Schubert void SSL_TEST_CTX_free(SSL_TEST_CTX *ctx)
760*e0c4386eSCy Schubert {
761*e0c4386eSCy Schubert if (ctx == NULL)
762*e0c4386eSCy Schubert return;
763*e0c4386eSCy Schubert ssl_test_ctx_free_extra_data(ctx);
764*e0c4386eSCy Schubert OPENSSL_free(ctx->expected_npn_protocol);
765*e0c4386eSCy Schubert OPENSSL_free(ctx->expected_alpn_protocol);
766*e0c4386eSCy Schubert OPENSSL_free(ctx->expected_session_ticket_app_data);
767*e0c4386eSCy Schubert sk_X509_NAME_pop_free(ctx->expected_server_ca_names, X509_NAME_free);
768*e0c4386eSCy Schubert sk_X509_NAME_pop_free(ctx->expected_client_ca_names, X509_NAME_free);
769*e0c4386eSCy Schubert OPENSSL_free(ctx->expected_cipher);
770*e0c4386eSCy Schubert OPENSSL_free(ctx);
771*e0c4386eSCy Schubert }
772*e0c4386eSCy Schubert
parse_client_options(SSL_TEST_CLIENT_CONF * client,const CONF * conf,const char * client_section)773*e0c4386eSCy Schubert static int parse_client_options(SSL_TEST_CLIENT_CONF *client, const CONF *conf,
774*e0c4386eSCy Schubert const char *client_section)
775*e0c4386eSCy Schubert {
776*e0c4386eSCy Schubert STACK_OF(CONF_VALUE) *sk_conf;
777*e0c4386eSCy Schubert int i;
778*e0c4386eSCy Schubert size_t j;
779*e0c4386eSCy Schubert
780*e0c4386eSCy Schubert if (!TEST_ptr(sk_conf = NCONF_get_section(conf, client_section)))
781*e0c4386eSCy Schubert return 0;
782*e0c4386eSCy Schubert
783*e0c4386eSCy Schubert for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) {
784*e0c4386eSCy Schubert int found = 0;
785*e0c4386eSCy Schubert const CONF_VALUE *option = sk_CONF_VALUE_value(sk_conf, i);
786*e0c4386eSCy Schubert for (j = 0; j < OSSL_NELEM(ssl_test_client_options); j++) {
787*e0c4386eSCy Schubert if (strcmp(option->name, ssl_test_client_options[j].name) == 0) {
788*e0c4386eSCy Schubert if (!ssl_test_client_options[j].parse(client, option->value)) {
789*e0c4386eSCy Schubert TEST_info("Bad value %s for option %s",
790*e0c4386eSCy Schubert option->value, option->name);
791*e0c4386eSCy Schubert return 0;
792*e0c4386eSCy Schubert }
793*e0c4386eSCy Schubert found = 1;
794*e0c4386eSCy Schubert break;
795*e0c4386eSCy Schubert }
796*e0c4386eSCy Schubert }
797*e0c4386eSCy Schubert if (!found) {
798*e0c4386eSCy Schubert TEST_info("Unknown test option: %s", option->name);
799*e0c4386eSCy Schubert return 0;
800*e0c4386eSCy Schubert }
801*e0c4386eSCy Schubert }
802*e0c4386eSCy Schubert
803*e0c4386eSCy Schubert return 1;
804*e0c4386eSCy Schubert }
805*e0c4386eSCy Schubert
parse_server_options(SSL_TEST_SERVER_CONF * server,const CONF * conf,const char * server_section)806*e0c4386eSCy Schubert static int parse_server_options(SSL_TEST_SERVER_CONF *server, const CONF *conf,
807*e0c4386eSCy Schubert const char *server_section)
808*e0c4386eSCy Schubert {
809*e0c4386eSCy Schubert STACK_OF(CONF_VALUE) *sk_conf;
810*e0c4386eSCy Schubert int i;
811*e0c4386eSCy Schubert size_t j;
812*e0c4386eSCy Schubert
813*e0c4386eSCy Schubert if (!TEST_ptr(sk_conf = NCONF_get_section(conf, server_section)))
814*e0c4386eSCy Schubert return 0;
815*e0c4386eSCy Schubert
816*e0c4386eSCy Schubert for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) {
817*e0c4386eSCy Schubert int found = 0;
818*e0c4386eSCy Schubert const CONF_VALUE *option = sk_CONF_VALUE_value(sk_conf, i);
819*e0c4386eSCy Schubert for (j = 0; j < OSSL_NELEM(ssl_test_server_options); j++) {
820*e0c4386eSCy Schubert if (strcmp(option->name, ssl_test_server_options[j].name) == 0) {
821*e0c4386eSCy Schubert if (!ssl_test_server_options[j].parse(server, option->value)) {
822*e0c4386eSCy Schubert TEST_info("Bad value %s for option %s",
823*e0c4386eSCy Schubert option->value, option->name);
824*e0c4386eSCy Schubert return 0;
825*e0c4386eSCy Schubert }
826*e0c4386eSCy Schubert found = 1;
827*e0c4386eSCy Schubert break;
828*e0c4386eSCy Schubert }
829*e0c4386eSCy Schubert }
830*e0c4386eSCy Schubert if (!found) {
831*e0c4386eSCy Schubert TEST_info("Unknown test option: %s", option->name);
832*e0c4386eSCy Schubert return 0;
833*e0c4386eSCy Schubert }
834*e0c4386eSCy Schubert }
835*e0c4386eSCy Schubert
836*e0c4386eSCy Schubert return 1;
837*e0c4386eSCy Schubert }
838*e0c4386eSCy Schubert
SSL_TEST_CTX_create(const CONF * conf,const char * test_section,OSSL_LIB_CTX * libctx)839*e0c4386eSCy Schubert SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section,
840*e0c4386eSCy Schubert OSSL_LIB_CTX *libctx)
841*e0c4386eSCy Schubert {
842*e0c4386eSCy Schubert STACK_OF(CONF_VALUE) *sk_conf = NULL;
843*e0c4386eSCy Schubert SSL_TEST_CTX *ctx = NULL;
844*e0c4386eSCy Schubert int i;
845*e0c4386eSCy Schubert size_t j;
846*e0c4386eSCy Schubert
847*e0c4386eSCy Schubert if (!TEST_ptr(sk_conf = NCONF_get_section(conf, test_section))
848*e0c4386eSCy Schubert || !TEST_ptr(ctx = SSL_TEST_CTX_new(libctx)))
849*e0c4386eSCy Schubert goto err;
850*e0c4386eSCy Schubert
851*e0c4386eSCy Schubert for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) {
852*e0c4386eSCy Schubert int found = 0;
853*e0c4386eSCy Schubert const CONF_VALUE *option = sk_CONF_VALUE_value(sk_conf, i);
854*e0c4386eSCy Schubert
855*e0c4386eSCy Schubert /* Subsections */
856*e0c4386eSCy Schubert if (strcmp(option->name, "client") == 0) {
857*e0c4386eSCy Schubert if (!parse_client_options(&ctx->extra.client, conf, option->value))
858*e0c4386eSCy Schubert goto err;
859*e0c4386eSCy Schubert } else if (strcmp(option->name, "server") == 0) {
860*e0c4386eSCy Schubert if (!parse_server_options(&ctx->extra.server, conf, option->value))
861*e0c4386eSCy Schubert goto err;
862*e0c4386eSCy Schubert } else if (strcmp(option->name, "server2") == 0) {
863*e0c4386eSCy Schubert if (!parse_server_options(&ctx->extra.server2, conf, option->value))
864*e0c4386eSCy Schubert goto err;
865*e0c4386eSCy Schubert } else if (strcmp(option->name, "resume-client") == 0) {
866*e0c4386eSCy Schubert if (!parse_client_options(&ctx->resume_extra.client, conf,
867*e0c4386eSCy Schubert option->value))
868*e0c4386eSCy Schubert goto err;
869*e0c4386eSCy Schubert } else if (strcmp(option->name, "resume-server") == 0) {
870*e0c4386eSCy Schubert if (!parse_server_options(&ctx->resume_extra.server, conf,
871*e0c4386eSCy Schubert option->value))
872*e0c4386eSCy Schubert goto err;
873*e0c4386eSCy Schubert } else if (strcmp(option->name, "resume-server2") == 0) {
874*e0c4386eSCy Schubert if (!parse_server_options(&ctx->resume_extra.server2, conf,
875*e0c4386eSCy Schubert option->value))
876*e0c4386eSCy Schubert goto err;
877*e0c4386eSCy Schubert } else {
878*e0c4386eSCy Schubert for (j = 0; j < OSSL_NELEM(ssl_test_ctx_options); j++) {
879*e0c4386eSCy Schubert if (strcmp(option->name, ssl_test_ctx_options[j].name) == 0) {
880*e0c4386eSCy Schubert if (!ssl_test_ctx_options[j].parse(ctx, option->value)) {
881*e0c4386eSCy Schubert TEST_info("Bad value %s for option %s",
882*e0c4386eSCy Schubert option->value, option->name);
883*e0c4386eSCy Schubert goto err;
884*e0c4386eSCy Schubert }
885*e0c4386eSCy Schubert found = 1;
886*e0c4386eSCy Schubert break;
887*e0c4386eSCy Schubert }
888*e0c4386eSCy Schubert }
889*e0c4386eSCy Schubert if (!found) {
890*e0c4386eSCy Schubert TEST_info("Unknown test option: %s", option->name);
891*e0c4386eSCy Schubert goto err;
892*e0c4386eSCy Schubert }
893*e0c4386eSCy Schubert }
894*e0c4386eSCy Schubert }
895*e0c4386eSCy Schubert
896*e0c4386eSCy Schubert goto done;
897*e0c4386eSCy Schubert
898*e0c4386eSCy Schubert err:
899*e0c4386eSCy Schubert SSL_TEST_CTX_free(ctx);
900*e0c4386eSCy Schubert ctx = NULL;
901*e0c4386eSCy Schubert done:
902*e0c4386eSCy Schubert return ctx;
903*e0c4386eSCy Schubert }
904