1 /* 2 * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* 11 * Ideally, CONF should offer standard parsing methods and cover them 12 * in tests. But since we have no CONF tests, we use a custom test for now. 13 */ 14 15 #include <stdio.h> 16 #include <string.h> 17 18 #include "internal/nelem.h" 19 #include "helpers/ssl_test_ctx.h" 20 #include "testutil.h" 21 #include <openssl/e_os2.h> 22 #include <openssl/err.h> 23 #include <openssl/conf.h> 24 #include <openssl/ssl.h> 25 26 static CONF *conf = NULL; 27 28 typedef struct ssl_test_ctx_test_fixture { 29 const char *test_case_name; 30 const char *test_section; 31 /* Expected parsed configuration. */ 32 SSL_TEST_CTX *expected_ctx; 33 } SSL_TEST_CTX_TEST_FIXTURE; 34 35 36 static int clientconf_eq(SSL_TEST_CLIENT_CONF *conf1, 37 SSL_TEST_CLIENT_CONF *conf2) 38 { 39 if (!TEST_int_eq(conf1->verify_callback, conf2->verify_callback) 40 || !TEST_int_eq(conf1->servername, conf2->servername) 41 || !TEST_str_eq(conf1->npn_protocols, conf2->npn_protocols) 42 || !TEST_str_eq(conf1->alpn_protocols, conf2->alpn_protocols) 43 || !TEST_int_eq(conf1->ct_validation, conf2->ct_validation) 44 || !TEST_int_eq(conf1->max_fragment_len_mode, 45 conf2->max_fragment_len_mode)) 46 return 0; 47 return 1; 48 } 49 50 static int serverconf_eq(SSL_TEST_SERVER_CONF *serv, 51 SSL_TEST_SERVER_CONF *serv2) 52 { 53 if (!TEST_int_eq(serv->servername_callback, serv2->servername_callback) 54 || !TEST_str_eq(serv->npn_protocols, serv2->npn_protocols) 55 || !TEST_str_eq(serv->alpn_protocols, serv2->alpn_protocols) 56 || !TEST_int_eq(serv->broken_session_ticket, 57 serv2->broken_session_ticket) 58 || !TEST_str_eq(serv->session_ticket_app_data, 59 serv2->session_ticket_app_data) 60 || !TEST_int_eq(serv->cert_status, serv2->cert_status)) 61 return 0; 62 return 1; 63 } 64 65 static int extraconf_eq(SSL_TEST_EXTRA_CONF *extra, 66 SSL_TEST_EXTRA_CONF *extra2) 67 { 68 if (!TEST_true(clientconf_eq(&extra->client, &extra2->client)) 69 || !TEST_true(serverconf_eq(&extra->server, &extra2->server)) 70 || !TEST_true(serverconf_eq(&extra->server2, &extra2->server2))) 71 return 0; 72 return 1; 73 } 74 75 static int testctx_eq(SSL_TEST_CTX *ctx, SSL_TEST_CTX *ctx2) 76 { 77 if (!TEST_int_eq(ctx->method, ctx2->method) 78 || !TEST_int_eq(ctx->handshake_mode, ctx2->handshake_mode) 79 || !TEST_int_eq(ctx->app_data_size, ctx2->app_data_size) 80 || !TEST_int_eq(ctx->max_fragment_size, ctx2->max_fragment_size) 81 || !extraconf_eq(&ctx->extra, &ctx2->extra) 82 || !extraconf_eq(&ctx->resume_extra, &ctx2->resume_extra) 83 || !TEST_int_eq(ctx->expected_result, ctx2->expected_result) 84 || !TEST_int_eq(ctx->expected_client_alert, 85 ctx2->expected_client_alert) 86 || !TEST_int_eq(ctx->expected_server_alert, 87 ctx2->expected_server_alert) 88 || !TEST_int_eq(ctx->expected_protocol, ctx2->expected_protocol) 89 || !TEST_int_eq(ctx->expected_servername, ctx2->expected_servername) 90 || !TEST_int_eq(ctx->session_ticket_expected, 91 ctx2->session_ticket_expected) 92 || !TEST_int_eq(ctx->compression_expected, 93 ctx2->compression_expected) 94 || !TEST_str_eq(ctx->expected_npn_protocol, 95 ctx2->expected_npn_protocol) 96 || !TEST_str_eq(ctx->expected_alpn_protocol, 97 ctx2->expected_alpn_protocol) 98 || !TEST_str_eq(ctx->expected_cipher, 99 ctx2->expected_cipher) 100 || !TEST_str_eq(ctx->expected_session_ticket_app_data, 101 ctx2->expected_session_ticket_app_data) 102 || !TEST_int_eq(ctx->resumption_expected, 103 ctx2->resumption_expected) 104 || !TEST_int_eq(ctx->session_id_expected, 105 ctx2->session_id_expected)) 106 return 0; 107 return 1; 108 } 109 110 static SSL_TEST_CTX_TEST_FIXTURE *set_up(const char *const test_case_name) 111 { 112 SSL_TEST_CTX_TEST_FIXTURE *fixture; 113 114 if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture)))) 115 return NULL; 116 fixture->test_case_name = test_case_name; 117 if (!TEST_ptr(fixture->expected_ctx = SSL_TEST_CTX_new(NULL))) { 118 OPENSSL_free(fixture); 119 return NULL; 120 } 121 return fixture; 122 } 123 124 static int execute_test(SSL_TEST_CTX_TEST_FIXTURE *fixture) 125 { 126 int success = 0; 127 SSL_TEST_CTX *ctx; 128 129 if (!TEST_ptr(ctx = SSL_TEST_CTX_create(conf, fixture->test_section, 130 fixture->expected_ctx->libctx)) 131 || !testctx_eq(ctx, fixture->expected_ctx)) 132 goto err; 133 134 success = 1; 135 err: 136 SSL_TEST_CTX_free(ctx); 137 return success; 138 } 139 140 static void tear_down(SSL_TEST_CTX_TEST_FIXTURE *fixture) 141 { 142 SSL_TEST_CTX_free(fixture->expected_ctx); 143 OPENSSL_free(fixture); 144 } 145 146 #define SETUP_SSL_TEST_CTX_TEST_FIXTURE() \ 147 SETUP_TEST_FIXTURE(SSL_TEST_CTX_TEST_FIXTURE, set_up); 148 #define EXECUTE_SSL_TEST_CTX_TEST() \ 149 EXECUTE_TEST(execute_test, tear_down) 150 151 static int test_empty_configuration(void) 152 { 153 SETUP_SSL_TEST_CTX_TEST_FIXTURE(); 154 fixture->test_section = "ssltest_default"; 155 fixture->expected_ctx->expected_result = SSL_TEST_SUCCESS; 156 EXECUTE_SSL_TEST_CTX_TEST(); 157 return result; 158 } 159 160 static int test_good_configuration(void) 161 { 162 SETUP_SSL_TEST_CTX_TEST_FIXTURE(); 163 fixture->test_section = "ssltest_good"; 164 fixture->expected_ctx->method = SSL_TEST_METHOD_DTLS; 165 fixture->expected_ctx->handshake_mode = SSL_TEST_HANDSHAKE_RESUME; 166 fixture->expected_ctx->app_data_size = 1024; 167 fixture->expected_ctx->max_fragment_size = 2048; 168 169 fixture->expected_ctx->expected_result = SSL_TEST_SERVER_FAIL; 170 fixture->expected_ctx->expected_client_alert = SSL_AD_UNKNOWN_CA; 171 fixture->expected_ctx->expected_server_alert = 0; /* No alert. */ 172 fixture->expected_ctx->expected_protocol = TLS1_1_VERSION; 173 fixture->expected_ctx->expected_servername = SSL_TEST_SERVERNAME_SERVER2; 174 fixture->expected_ctx->session_ticket_expected = SSL_TEST_SESSION_TICKET_YES; 175 fixture->expected_ctx->compression_expected = SSL_TEST_COMPRESSION_NO; 176 fixture->expected_ctx->session_id_expected = SSL_TEST_SESSION_ID_IGNORE; 177 fixture->expected_ctx->resumption_expected = 1; 178 179 fixture->expected_ctx->extra.client.verify_callback = 180 SSL_TEST_VERIFY_REJECT_ALL; 181 fixture->expected_ctx->extra.client.servername = SSL_TEST_SERVERNAME_SERVER2; 182 fixture->expected_ctx->extra.client.npn_protocols = 183 OPENSSL_strdup("foo,bar"); 184 if (!TEST_ptr(fixture->expected_ctx->extra.client.npn_protocols)) 185 goto err; 186 fixture->expected_ctx->extra.client.max_fragment_len_mode = 0; 187 188 fixture->expected_ctx->extra.server.servername_callback = 189 SSL_TEST_SERVERNAME_IGNORE_MISMATCH; 190 fixture->expected_ctx->extra.server.broken_session_ticket = 1; 191 192 fixture->expected_ctx->resume_extra.server2.alpn_protocols = 193 OPENSSL_strdup("baz"); 194 if (!TEST_ptr(fixture->expected_ctx->resume_extra.server2.alpn_protocols)) 195 goto err; 196 197 fixture->expected_ctx->resume_extra.client.ct_validation = 198 SSL_TEST_CT_VALIDATION_STRICT; 199 200 EXECUTE_SSL_TEST_CTX_TEST(); 201 return result; 202 203 err: 204 tear_down(fixture); 205 return 0; 206 } 207 208 static const char *bad_configurations[] = { 209 "ssltest_unknown_option", 210 "ssltest_wrong_section", 211 "ssltest_unknown_expected_result", 212 "ssltest_unknown_alert", 213 "ssltest_unknown_protocol", 214 "ssltest_unknown_verify_callback", 215 "ssltest_unknown_servername", 216 "ssltest_unknown_servername_callback", 217 "ssltest_unknown_session_ticket_expected", 218 "ssltest_unknown_compression_expected", 219 "ssltest_unknown_session_id_expected", 220 "ssltest_unknown_method", 221 "ssltest_unknown_handshake_mode", 222 "ssltest_unknown_resumption_expected", 223 "ssltest_unknown_ct_validation", 224 "ssltest_invalid_max_fragment_len", 225 }; 226 227 static int test_bad_configuration(int idx) 228 { 229 SSL_TEST_CTX *ctx; 230 231 if (!TEST_ptr_null(ctx = SSL_TEST_CTX_create(conf, 232 bad_configurations[idx], NULL))) { 233 SSL_TEST_CTX_free(ctx); 234 return 0; 235 } 236 237 return 1; 238 } 239 240 OPT_TEST_DECLARE_USAGE("conf_file\n") 241 242 int setup_tests(void) 243 { 244 if (!test_skip_common_options()) { 245 TEST_error("Error parsing test options\n"); 246 return 0; 247 } 248 249 if (!TEST_ptr(conf = NCONF_new(NULL))) 250 return 0; 251 /* argument should point to test/ssl_test_ctx_test.cnf */ 252 if (!TEST_int_gt(NCONF_load(conf, test_get_argument(0), NULL), 0)) 253 return 0; 254 255 ADD_TEST(test_empty_configuration); 256 ADD_TEST(test_good_configuration); 257 ADD_ALL_TESTS(test_bad_configuration, OSSL_NELEM(bad_configurations)); 258 return 1; 259 } 260 261 void cleanup_tests(void) 262 { 263 NCONF_free(conf); 264 } 265