1 /*
2 * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * Because of *asn1_*
12 */
13 #define OPENSSL_SUPPRESS_DEPRECATED
14
15 #include <string.h>
16
17 #include <openssl/e_os2.h>
18 #include <openssl/crypto.h>
19
20 #include "internal/nelem.h"
21 #include "ssl_test_ctx.h"
22 #include "../testutil.h"
23
24 static const int default_app_data_size = 256;
25 /* Default set to be as small as possible to exercise fragmentation. */
26 static const int default_max_fragment_size = 512;
27
parse_boolean(const char * value,int * result)28 static int parse_boolean(const char *value, int *result)
29 {
30 if (OPENSSL_strcasecmp(value, "Yes") == 0) {
31 *result = 1;
32 return 1;
33 }
34 else if (OPENSSL_strcasecmp(value, "No") == 0) {
35 *result = 0;
36 return 1;
37 }
38 TEST_error("parse_boolean given: '%s'", value);
39 return 0;
40 }
41
42 #define IMPLEMENT_SSL_TEST_BOOL_OPTION(struct_type, name, field) \
43 static int parse_##name##_##field(struct_type *ctx, const char *value) \
44 { \
45 return parse_boolean(value, &ctx->field); \
46 }
47
48 #define IMPLEMENT_SSL_TEST_STRING_OPTION(struct_type, name, field) \
49 static int parse_##name##_##field(struct_type *ctx, const char *value) \
50 { \
51 OPENSSL_free(ctx->field); \
52 ctx->field = OPENSSL_strdup(value); \
53 return TEST_ptr(ctx->field); \
54 }
55
56 #define IMPLEMENT_SSL_TEST_INT_OPTION(struct_type, name, field) \
57 static int parse_##name##_##field(struct_type *ctx, const char *value) \
58 { \
59 ctx->field = atoi(value); \
60 return 1; \
61 }
62
63 /* True enums and other test configuration values that map to an int. */
64 typedef struct {
65 const char *name;
66 int value;
67 } test_enum;
68
69
parse_enum(const test_enum * enums,size_t num_enums,int * value,const char * name)70 __owur static int parse_enum(const test_enum *enums, size_t num_enums,
71 int *value, const char *name)
72 {
73 size_t i;
74 for (i = 0; i < num_enums; i++) {
75 if (strcmp(enums[i].name, name) == 0) {
76 *value = enums[i].value;
77 return 1;
78 }
79 }
80 return 0;
81 }
82
enum_name(const test_enum * enums,size_t num_enums,int value)83 static const char *enum_name(const test_enum *enums, size_t num_enums,
84 int value)
85 {
86 size_t i;
87 for (i = 0; i < num_enums; i++) {
88 if (enums[i].value == value) {
89 return enums[i].name;
90 }
91 }
92 return "InvalidValue";
93 }
94
95
96 /* ExpectedResult */
97
98 static const test_enum ssl_test_results[] = {
99 {"Success", SSL_TEST_SUCCESS},
100 {"ServerFail", SSL_TEST_SERVER_FAIL},
101 {"ClientFail", SSL_TEST_CLIENT_FAIL},
102 {"InternalError", SSL_TEST_INTERNAL_ERROR},
103 {"FirstHandshakeFailed", SSL_TEST_FIRST_HANDSHAKE_FAILED},
104 };
105
parse_expected_result(SSL_TEST_CTX * test_ctx,const char * value)106 __owur static int parse_expected_result(SSL_TEST_CTX *test_ctx, const char *value)
107 {
108 int ret_value;
109 if (!parse_enum(ssl_test_results, OSSL_NELEM(ssl_test_results),
110 &ret_value, value)) {
111 return 0;
112 }
113 test_ctx->expected_result = ret_value;
114 return 1;
115 }
116
ssl_test_result_name(ssl_test_result_t result)117 const char *ssl_test_result_name(ssl_test_result_t result)
118 {
119 return enum_name(ssl_test_results, OSSL_NELEM(ssl_test_results), result);
120 }
121
122 /* ExpectedClientAlert / ExpectedServerAlert */
123
124 static const test_enum ssl_alerts[] = {
125 {"UnknownCA", SSL_AD_UNKNOWN_CA},
126 {"HandshakeFailure", SSL_AD_HANDSHAKE_FAILURE},
127 {"UnrecognizedName", SSL_AD_UNRECOGNIZED_NAME},
128 {"NoRenegotiation", SSL_AD_NO_RENEGOTIATION},
129 {"BadCertificate", SSL_AD_BAD_CERTIFICATE},
130 {"NoApplicationProtocol", SSL_AD_NO_APPLICATION_PROTOCOL},
131 {"CertificateRequired", SSL_AD_CERTIFICATE_REQUIRED},
132 };
133
parse_alert(int * alert,const char * value)134 __owur static int parse_alert(int *alert, const char *value)
135 {
136 return parse_enum(ssl_alerts, OSSL_NELEM(ssl_alerts), alert, value);
137 }
138
parse_client_alert(SSL_TEST_CTX * test_ctx,const char * value)139 __owur static int parse_client_alert(SSL_TEST_CTX *test_ctx, const char *value)
140 {
141 return parse_alert(&test_ctx->expected_client_alert, value);
142 }
143
parse_server_alert(SSL_TEST_CTX * test_ctx,const char * value)144 __owur static int parse_server_alert(SSL_TEST_CTX *test_ctx, const char *value)
145 {
146 return parse_alert(&test_ctx->expected_server_alert, value);
147 }
148
ssl_alert_name(int alert)149 const char *ssl_alert_name(int alert)
150 {
151 return enum_name(ssl_alerts, OSSL_NELEM(ssl_alerts), alert);
152 }
153
154 /* ExpectedProtocol */
155
156 static const test_enum ssl_protocols[] = {
157 {"TLSv1.3", TLS1_3_VERSION},
158 {"TLSv1.2", TLS1_2_VERSION},
159 {"TLSv1.1", TLS1_1_VERSION},
160 {"TLSv1", TLS1_VERSION},
161 {"SSLv3", SSL3_VERSION},
162 {"DTLSv1", DTLS1_VERSION},
163 {"DTLSv1.2", DTLS1_2_VERSION},
164 };
165
parse_protocol(SSL_TEST_CTX * test_ctx,const char * value)166 __owur static int parse_protocol(SSL_TEST_CTX *test_ctx, const char *value)
167 {
168 return parse_enum(ssl_protocols, OSSL_NELEM(ssl_protocols),
169 &test_ctx->expected_protocol, value);
170 }
171
ssl_protocol_name(int protocol)172 const char *ssl_protocol_name(int protocol)
173 {
174 return enum_name(ssl_protocols, OSSL_NELEM(ssl_protocols), protocol);
175 }
176
177 /* VerifyCallback */
178
179 static const test_enum ssl_verify_callbacks[] = {
180 {"None", SSL_TEST_VERIFY_NONE},
181 {"AcceptAll", SSL_TEST_VERIFY_ACCEPT_ALL},
182 {"RetryOnce", SSL_TEST_VERIFY_RETRY_ONCE},
183 {"RejectAll", SSL_TEST_VERIFY_REJECT_ALL},
184 };
185
parse_client_verify_callback(SSL_TEST_CLIENT_CONF * client_conf,const char * value)186 __owur static int parse_client_verify_callback(SSL_TEST_CLIENT_CONF *client_conf,
187 const char *value)
188 {
189 int ret_value;
190
191 if (!parse_enum(ssl_verify_callbacks, OSSL_NELEM(ssl_verify_callbacks),
192 &ret_value, value)) {
193 return 0;
194 }
195 client_conf->verify_callback = ret_value;
196 return 1;
197 }
198
ssl_verify_callback_name(ssl_verify_callback_t callback)199 const char *ssl_verify_callback_name(ssl_verify_callback_t callback)
200 {
201 return enum_name(ssl_verify_callbacks, OSSL_NELEM(ssl_verify_callbacks),
202 callback);
203 }
204
205 /* ServerName */
206
207 static const test_enum ssl_servername[] = {
208 {"None", SSL_TEST_SERVERNAME_NONE},
209 {"server1", SSL_TEST_SERVERNAME_SERVER1},
210 {"server2", SSL_TEST_SERVERNAME_SERVER2},
211 {"invalid", SSL_TEST_SERVERNAME_INVALID},
212 };
213
parse_servername(SSL_TEST_CLIENT_CONF * client_conf,const char * value)214 __owur static int parse_servername(SSL_TEST_CLIENT_CONF *client_conf,
215 const char *value)
216 {
217 int ret_value;
218 if (!parse_enum(ssl_servername, OSSL_NELEM(ssl_servername),
219 &ret_value, value)) {
220 return 0;
221 }
222 client_conf->servername = ret_value;
223 return 1;
224 }
225
parse_expected_servername(SSL_TEST_CTX * test_ctx,const char * value)226 __owur static int parse_expected_servername(SSL_TEST_CTX *test_ctx,
227 const char *value)
228 {
229 int ret_value;
230 if (!parse_enum(ssl_servername, OSSL_NELEM(ssl_servername),
231 &ret_value, value)) {
232 return 0;
233 }
234 test_ctx->expected_servername = ret_value;
235 return 1;
236 }
237
ssl_servername_name(ssl_servername_t server)238 const char *ssl_servername_name(ssl_servername_t server)
239 {
240 return enum_name(ssl_servername, OSSL_NELEM(ssl_servername),
241 server);
242 }
243
244 /* ServerNameCallback */
245
246 static const test_enum ssl_servername_callbacks[] = {
247 {"None", SSL_TEST_SERVERNAME_CB_NONE},
248 {"IgnoreMismatch", SSL_TEST_SERVERNAME_IGNORE_MISMATCH},
249 {"RejectMismatch", SSL_TEST_SERVERNAME_REJECT_MISMATCH},
250 {"ClientHelloIgnoreMismatch",
251 SSL_TEST_SERVERNAME_CLIENT_HELLO_IGNORE_MISMATCH},
252 {"ClientHelloRejectMismatch",
253 SSL_TEST_SERVERNAME_CLIENT_HELLO_REJECT_MISMATCH},
254 {"ClientHelloNoV12", SSL_TEST_SERVERNAME_CLIENT_HELLO_NO_V12},
255 };
256
parse_servername_callback(SSL_TEST_SERVER_CONF * server_conf,const char * value)257 __owur static int parse_servername_callback(SSL_TEST_SERVER_CONF *server_conf,
258 const char *value)
259 {
260 int ret_value;
261 if (!parse_enum(ssl_servername_callbacks,
262 OSSL_NELEM(ssl_servername_callbacks), &ret_value, value)) {
263 return 0;
264 }
265 server_conf->servername_callback = ret_value;
266 return 1;
267 }
268
ssl_servername_callback_name(ssl_servername_callback_t callback)269 const char *ssl_servername_callback_name(ssl_servername_callback_t callback)
270 {
271 return enum_name(ssl_servername_callbacks,
272 OSSL_NELEM(ssl_servername_callbacks), callback);
273 }
274
275 /* SessionTicketExpected */
276
277 static const test_enum ssl_session_ticket[] = {
278 {"Ignore", SSL_TEST_SESSION_TICKET_IGNORE},
279 {"Yes", SSL_TEST_SESSION_TICKET_YES},
280 {"No", SSL_TEST_SESSION_TICKET_NO},
281 };
282
parse_session_ticket(SSL_TEST_CTX * test_ctx,const char * value)283 __owur static int parse_session_ticket(SSL_TEST_CTX *test_ctx, const char *value)
284 {
285 int ret_value;
286 if (!parse_enum(ssl_session_ticket, OSSL_NELEM(ssl_session_ticket),
287 &ret_value, value)) {
288 return 0;
289 }
290 test_ctx->session_ticket_expected = ret_value;
291 return 1;
292 }
293
ssl_session_ticket_name(ssl_session_ticket_t server)294 const char *ssl_session_ticket_name(ssl_session_ticket_t server)
295 {
296 return enum_name(ssl_session_ticket,
297 OSSL_NELEM(ssl_session_ticket),
298 server);
299 }
300
301 /* CompressionExpected */
302
303 IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, compression_expected)
304
305 /* SessionIdExpected */
306
307 static const test_enum ssl_session_id[] = {
308 {"Ignore", SSL_TEST_SESSION_ID_IGNORE},
309 {"Yes", SSL_TEST_SESSION_ID_YES},
310 {"No", SSL_TEST_SESSION_ID_NO},
311 };
312
parse_session_id(SSL_TEST_CTX * test_ctx,const char * value)313 __owur static int parse_session_id(SSL_TEST_CTX *test_ctx, const char *value)
314 {
315 int ret_value;
316 if (!parse_enum(ssl_session_id, OSSL_NELEM(ssl_session_id),
317 &ret_value, value)) {
318 return 0;
319 }
320 test_ctx->session_id_expected = ret_value;
321 return 1;
322 }
323
ssl_session_id_name(ssl_session_id_t server)324 const char *ssl_session_id_name(ssl_session_id_t server)
325 {
326 return enum_name(ssl_session_id,
327 OSSL_NELEM(ssl_session_id),
328 server);
329 }
330
331 /* Method */
332
333 static const test_enum ssl_test_methods[] = {
334 {"TLS", SSL_TEST_METHOD_TLS},
335 {"DTLS", SSL_TEST_METHOD_DTLS},
336 {"QUIC", SSL_TEST_METHOD_QUIC}
337 };
338
parse_test_method(SSL_TEST_CTX * test_ctx,const char * value)339 __owur static int parse_test_method(SSL_TEST_CTX *test_ctx, const char *value)
340 {
341 int ret_value;
342 if (!parse_enum(ssl_test_methods, OSSL_NELEM(ssl_test_methods),
343 &ret_value, value)) {
344 return 0;
345 }
346 test_ctx->method = ret_value;
347 return 1;
348 }
349
ssl_test_method_name(ssl_test_method_t method)350 const char *ssl_test_method_name(ssl_test_method_t method)
351 {
352 return enum_name(ssl_test_methods, OSSL_NELEM(ssl_test_methods), method);
353 }
354
355 /* NPN and ALPN options */
356
357 IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, npn_protocols)
358 IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, npn_protocols)
359 IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_npn_protocol)
360 IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, alpn_protocols)
361 IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, alpn_protocols)
362 IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_alpn_protocol)
363
364 /* SRP options */
365 IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, srp_user)
366 IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, srp_user)
367 IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, srp_password)
368 IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, srp_password)
369
370 /* Session Ticket App Data options */
371 IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_session_ticket_app_data)
372 IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, session_ticket_app_data)
373
374 /* Handshake mode */
375
376 static const test_enum ssl_handshake_modes[] = {
377 {"Simple", SSL_TEST_HANDSHAKE_SIMPLE},
378 {"Resume", SSL_TEST_HANDSHAKE_RESUME},
379 {"RenegotiateServer", SSL_TEST_HANDSHAKE_RENEG_SERVER},
380 {"RenegotiateClient", SSL_TEST_HANDSHAKE_RENEG_CLIENT},
381 {"KeyUpdateServer", SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER},
382 {"KeyUpdateClient", SSL_TEST_HANDSHAKE_KEY_UPDATE_CLIENT},
383 {"PostHandshakeAuth", SSL_TEST_HANDSHAKE_POST_HANDSHAKE_AUTH},
384 };
385
parse_handshake_mode(SSL_TEST_CTX * test_ctx,const char * value)386 __owur static int parse_handshake_mode(SSL_TEST_CTX *test_ctx, const char *value)
387 {
388 int ret_value;
389 if (!parse_enum(ssl_handshake_modes, OSSL_NELEM(ssl_handshake_modes),
390 &ret_value, value)) {
391 return 0;
392 }
393 test_ctx->handshake_mode = ret_value;
394 return 1;
395 }
396
ssl_handshake_mode_name(ssl_handshake_mode_t mode)397 const char *ssl_handshake_mode_name(ssl_handshake_mode_t mode)
398 {
399 return enum_name(ssl_handshake_modes, OSSL_NELEM(ssl_handshake_modes),
400 mode);
401 }
402
403 /* Renegotiation Ciphersuites */
404
405 IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, reneg_ciphers)
406
407 /* KeyUpdateType */
408
409 static const test_enum ssl_key_update_types[] = {
410 {"KeyUpdateRequested", SSL_KEY_UPDATE_REQUESTED},
411 {"KeyUpdateNotRequested", SSL_KEY_UPDATE_NOT_REQUESTED},
412 };
413
parse_key_update_type(SSL_TEST_CTX * test_ctx,const char * value)414 __owur static int parse_key_update_type(SSL_TEST_CTX *test_ctx, const char *value)
415 {
416 int ret_value;
417 if (!parse_enum(ssl_key_update_types, OSSL_NELEM(ssl_key_update_types),
418 &ret_value, value)) {
419 return 0;
420 }
421 test_ctx->key_update_type = ret_value;
422 return 1;
423 }
424
425 /* CT Validation */
426
427 static const test_enum ssl_ct_validation_modes[] = {
428 {"None", SSL_TEST_CT_VALIDATION_NONE},
429 {"Permissive", SSL_TEST_CT_VALIDATION_PERMISSIVE},
430 {"Strict", SSL_TEST_CT_VALIDATION_STRICT},
431 };
432
parse_ct_validation(SSL_TEST_CLIENT_CONF * client_conf,const char * value)433 __owur static int parse_ct_validation(SSL_TEST_CLIENT_CONF *client_conf,
434 const char *value)
435 {
436 int ret_value;
437 if (!parse_enum(ssl_ct_validation_modes, OSSL_NELEM(ssl_ct_validation_modes),
438 &ret_value, value)) {
439 return 0;
440 }
441 client_conf->ct_validation = ret_value;
442 return 1;
443 }
444
ssl_ct_validation_name(ssl_ct_validation_t mode)445 const char *ssl_ct_validation_name(ssl_ct_validation_t mode)
446 {
447 return enum_name(ssl_ct_validation_modes, OSSL_NELEM(ssl_ct_validation_modes),
448 mode);
449 }
450
451 IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, resumption_expected)
452 IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_SERVER_CONF, server, broken_session_ticket)
453 IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, use_sctp)
454 IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, compress_certificates)
455 IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, enable_client_sctp_label_bug)
456 IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, enable_server_sctp_label_bug)
457
458 /* CertStatus */
459
460 static const test_enum ssl_certstatus[] = {
461 {"None", SSL_TEST_CERT_STATUS_NONE},
462 {"GoodResponse", SSL_TEST_CERT_STATUS_GOOD_RESPONSE},
463 {"BadResponse", SSL_TEST_CERT_STATUS_BAD_RESPONSE},
464 {"GoodResponseExt", SSL_TEST_CERT_STATUS_GOOD_RESPONSE_EXT},
465 {"BadResponseExt", SSL_TEST_CERT_STATUS_BAD_RESPONSE_EXT}
466 };
467
parse_certstatus(SSL_TEST_SERVER_CONF * server_conf,const char * value)468 __owur static int parse_certstatus(SSL_TEST_SERVER_CONF *server_conf,
469 const char *value)
470 {
471 int ret_value;
472 if (!parse_enum(ssl_certstatus, OSSL_NELEM(ssl_certstatus), &ret_value,
473 value)) {
474 return 0;
475 }
476 server_conf->cert_status = ret_value;
477 return 1;
478 }
479
ssl_certstatus_name(ssl_cert_status_t cert_status)480 const char *ssl_certstatus_name(ssl_cert_status_t cert_status)
481 {
482 return enum_name(ssl_certstatus,
483 OSSL_NELEM(ssl_certstatus), cert_status);
484 }
485
486 /* ApplicationData */
487
488 IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, app_data_size)
489
490
491 /* MaxFragmentSize */
492
493 IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, max_fragment_size)
494
495 /* Maximum-Fragment-Length TLS extension mode */
496 static const test_enum ssl_max_fragment_len_mode[] = {
497 {"None", TLSEXT_max_fragment_length_DISABLED},
498 { "512", TLSEXT_max_fragment_length_512},
499 {"1024", TLSEXT_max_fragment_length_1024},
500 {"2048", TLSEXT_max_fragment_length_2048},
501 {"4096", TLSEXT_max_fragment_length_4096}
502 };
503
parse_max_fragment_len_mode(SSL_TEST_CLIENT_CONF * client_conf,const char * value)504 __owur static int parse_max_fragment_len_mode(SSL_TEST_CLIENT_CONF *client_conf,
505 const char *value)
506 {
507 int ret_value;
508
509 if (!parse_enum(ssl_max_fragment_len_mode,
510 OSSL_NELEM(ssl_max_fragment_len_mode), &ret_value, value)) {
511 return 0;
512 }
513 client_conf->max_fragment_len_mode = ret_value;
514 return 1;
515 }
516
ssl_max_fragment_len_name(int MFL_mode)517 const char *ssl_max_fragment_len_name(int MFL_mode)
518 {
519 return enum_name(ssl_max_fragment_len_mode,
520 OSSL_NELEM(ssl_max_fragment_len_mode), MFL_mode);
521 }
522
523
524 /* Expected key and signature types */
525
parse_expected_key_type(int * ptype,const char * value)526 __owur static int parse_expected_key_type(int *ptype, const char *value)
527 {
528 int nid;
529 #ifndef OPENSSL_NO_DEPRECATED_3_6
530 const EVP_PKEY_ASN1_METHOD *ameth;
531 #endif
532
533 if (value == NULL)
534 return 0;
535 #ifndef OPENSSL_NO_DEPRECATED_3_6
536 ameth = EVP_PKEY_asn1_find_str(NULL, value, -1);
537 if (ameth != NULL)
538 EVP_PKEY_asn1_get0_info(&nid, NULL, NULL, NULL, NULL, ameth);
539 else
540 nid = OBJ_sn2nid(value);
541 #else
542 /*
543 * These functions map the values differently than
544 * EVP_PKEY_asn1_find_str (which was used before) so use this hack
545 * to make it work
546 */
547 if (strcmp("RSA", value) == 0) {
548 nid = OBJ_ln2nid("rsaEncryption");
549 } else if (strcmp("RSA-PSS", value) == 0) {
550 nid = OBJ_ln2nid("rsassaPss");
551 } else if (strcmp("Ed448", value) == 0) {
552 nid = OBJ_sn2nid("ED448");
553 } else if (strcmp("Ed25519", value) == 0) {
554 nid = OBJ_sn2nid("ED25519");
555 } else if (strcmp("EC", value) == 0) {
556 nid = OBJ_sn2nid("id-ecPublicKey");
557 } else {
558 nid = OBJ_ln2nid(value);
559 }
560 #endif
561 if (nid == NID_undef)
562 nid = OBJ_sn2nid(value);
563 #ifndef OPENSSL_NO_EC
564 if (nid == NID_undef)
565 nid = EC_curve_nist2nid(value);
566 #endif
567 switch (nid) {
568 case NID_brainpoolP256r1tls13:
569 nid = NID_brainpoolP256r1;
570 break;
571 case NID_brainpoolP384r1tls13:
572 nid = NID_brainpoolP384r1;
573 break;
574 case NID_brainpoolP512r1tls13:
575 nid = NID_brainpoolP512r1;
576 break;
577 }
578 if (nid == NID_undef)
579 return 0;
580 *ptype = nid;
581 return 1;
582 }
583
parse_expected_tmp_key_type(SSL_TEST_CTX * test_ctx,const char * value)584 __owur static int parse_expected_tmp_key_type(SSL_TEST_CTX *test_ctx,
585 const char *value)
586 {
587 return parse_expected_key_type(&test_ctx->expected_tmp_key_type, value);
588 }
589
parse_expected_server_cert_type(SSL_TEST_CTX * test_ctx,const char * value)590 __owur static int parse_expected_server_cert_type(SSL_TEST_CTX *test_ctx,
591 const char *value)
592 {
593 return parse_expected_key_type(&test_ctx->expected_server_cert_type,
594 value);
595 }
596
parse_expected_server_sign_type(SSL_TEST_CTX * test_ctx,const char * value)597 __owur static int parse_expected_server_sign_type(SSL_TEST_CTX *test_ctx,
598 const char *value)
599 {
600 return parse_expected_key_type(&test_ctx->expected_server_sign_type,
601 value);
602 }
603
parse_expected_client_cert_type(SSL_TEST_CTX * test_ctx,const char * value)604 __owur static int parse_expected_client_cert_type(SSL_TEST_CTX *test_ctx,
605 const char *value)
606 {
607 return parse_expected_key_type(&test_ctx->expected_client_cert_type,
608 value);
609 }
610
parse_expected_client_sign_type(SSL_TEST_CTX * test_ctx,const char * value)611 __owur static int parse_expected_client_sign_type(SSL_TEST_CTX *test_ctx,
612 const char *value)
613 {
614 return parse_expected_key_type(&test_ctx->expected_client_sign_type,
615 value);
616 }
617
618
619 /* Expected signing hash */
620
parse_expected_sign_hash(int * ptype,const char * value)621 __owur static int parse_expected_sign_hash(int *ptype, const char *value)
622 {
623 int nid;
624
625 if (value == NULL)
626 return 0;
627 nid = OBJ_sn2nid(value);
628 if (nid == NID_undef)
629 nid = OBJ_ln2nid(value);
630 if (nid == NID_undef)
631 return 0;
632 *ptype = nid;
633 return 1;
634 }
635
parse_expected_server_sign_hash(SSL_TEST_CTX * test_ctx,const char * value)636 __owur static int parse_expected_server_sign_hash(SSL_TEST_CTX *test_ctx,
637 const char *value)
638 {
639 return parse_expected_sign_hash(&test_ctx->expected_server_sign_hash,
640 value);
641 }
642
parse_expected_client_sign_hash(SSL_TEST_CTX * test_ctx,const char * value)643 __owur static int parse_expected_client_sign_hash(SSL_TEST_CTX *test_ctx,
644 const char *value)
645 {
646 return parse_expected_sign_hash(&test_ctx->expected_client_sign_hash,
647 value);
648 }
649
parse_expected_ca_names(STACK_OF (X509_NAME)** pnames,const char * value,OSSL_LIB_CTX * libctx)650 __owur static int parse_expected_ca_names(STACK_OF(X509_NAME) **pnames,
651 const char *value,
652 OSSL_LIB_CTX *libctx)
653 {
654 if (value == NULL)
655 return 0;
656 if (!strcmp(value, "empty"))
657 *pnames = sk_X509_NAME_new_null();
658 else
659 *pnames = SSL_load_client_CA_file_ex(value, libctx, NULL);
660 return *pnames != NULL;
661 }
parse_expected_server_ca_names(SSL_TEST_CTX * test_ctx,const char * value)662 __owur static int parse_expected_server_ca_names(SSL_TEST_CTX *test_ctx,
663 const char *value)
664 {
665 return parse_expected_ca_names(&test_ctx->expected_server_ca_names, value,
666 test_ctx->libctx);
667 }
parse_expected_client_ca_names(SSL_TEST_CTX * test_ctx,const char * value)668 __owur static int parse_expected_client_ca_names(SSL_TEST_CTX *test_ctx,
669 const char *value)
670 {
671 return parse_expected_ca_names(&test_ctx->expected_client_ca_names, value,
672 test_ctx->libctx);
673 }
674
675 /* ExpectedCipher */
676
677 IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_cipher)
678
679 /* Client and Server PHA */
680
681 IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CLIENT_CONF, client, enable_pha)
682 IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_SERVER_CONF, server, force_pha)
683 IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CLIENT_CONF, client, no_extms_on_reneg)
684
685 /* FIPS provider version limiting */
686 IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, fips_version)
687
688 /* Known test options and their corresponding parse methods. */
689
690 /* Top-level options. */
691 typedef struct {
692 const char *name;
693 int (*parse)(SSL_TEST_CTX *test_ctx, const char *value);
694 } ssl_test_ctx_option;
695
696 static const ssl_test_ctx_option ssl_test_ctx_options[] = {
697 { "ExpectedResult", &parse_expected_result },
698 { "ExpectedClientAlert", &parse_client_alert },
699 { "ExpectedServerAlert", &parse_server_alert },
700 { "ExpectedProtocol", &parse_protocol },
701 { "ExpectedServerName", &parse_expected_servername },
702 { "SessionTicketExpected", &parse_session_ticket },
703 { "CompressionExpected", &parse_test_compression_expected },
704 { "SessionIdExpected", &parse_session_id },
705 { "Method", &parse_test_method },
706 { "ExpectedNPNProtocol", &parse_test_expected_npn_protocol },
707 { "ExpectedALPNProtocol", &parse_test_expected_alpn_protocol },
708 { "HandshakeMode", &parse_handshake_mode },
709 { "KeyUpdateType", &parse_key_update_type },
710 { "ResumptionExpected", &parse_test_resumption_expected },
711 { "ApplicationData", &parse_test_app_data_size },
712 { "MaxFragmentSize", &parse_test_max_fragment_size },
713 { "ExpectedTmpKeyType", &parse_expected_tmp_key_type },
714 { "ExpectedServerCertType", &parse_expected_server_cert_type },
715 { "ExpectedServerSignHash", &parse_expected_server_sign_hash },
716 { "ExpectedServerSignType", &parse_expected_server_sign_type },
717 { "ExpectedServerCANames", &parse_expected_server_ca_names },
718 { "ExpectedClientCertType", &parse_expected_client_cert_type },
719 { "ExpectedClientSignHash", &parse_expected_client_sign_hash },
720 { "ExpectedClientSignType", &parse_expected_client_sign_type },
721 { "ExpectedClientCANames", &parse_expected_client_ca_names },
722 { "UseSCTP", &parse_test_use_sctp },
723 { "CompressCertificates", &parse_test_compress_certificates },
724 { "EnableClientSCTPLabelBug", &parse_test_enable_client_sctp_label_bug },
725 { "EnableServerSCTPLabelBug", &parse_test_enable_server_sctp_label_bug },
726 { "ExpectedCipher", &parse_test_expected_cipher },
727 { "ExpectedSessionTicketAppData", &parse_test_expected_session_ticket_app_data },
728 { "FIPSversion", &parse_test_fips_version },
729 };
730
731 /* Nested client options. */
732 typedef struct {
733 const char *name;
734 int (*parse)(SSL_TEST_CLIENT_CONF *conf, const char *value);
735 } ssl_test_client_option;
736
737 static const ssl_test_client_option ssl_test_client_options[] = {
738 { "VerifyCallback", &parse_client_verify_callback },
739 { "ServerName", &parse_servername },
740 { "NPNProtocols", &parse_client_npn_protocols },
741 { "ALPNProtocols", &parse_client_alpn_protocols },
742 { "CTValidation", &parse_ct_validation },
743 { "RenegotiateCiphers", &parse_client_reneg_ciphers},
744 { "SRPUser", &parse_client_srp_user },
745 { "SRPPassword", &parse_client_srp_password },
746 { "MaxFragmentLenExt", &parse_max_fragment_len_mode },
747 { "EnablePHA", &parse_client_enable_pha },
748 { "RenegotiateNoExtms", &parse_client_no_extms_on_reneg },
749 };
750
751 /* Nested server options. */
752 typedef struct {
753 const char *name;
754 int (*parse)(SSL_TEST_SERVER_CONF *conf, const char *value);
755 } ssl_test_server_option;
756
757 static const ssl_test_server_option ssl_test_server_options[] = {
758 { "ServerNameCallback", &parse_servername_callback },
759 { "NPNProtocols", &parse_server_npn_protocols },
760 { "ALPNProtocols", &parse_server_alpn_protocols },
761 { "BrokenSessionTicket", &parse_server_broken_session_ticket },
762 { "CertStatus", &parse_certstatus },
763 { "SRPUser", &parse_server_srp_user },
764 { "SRPPassword", &parse_server_srp_password },
765 { "ForcePHA", &parse_server_force_pha },
766 { "SessionTicketAppData", &parse_server_session_ticket_app_data },
767 };
768
SSL_TEST_CTX_new(OSSL_LIB_CTX * libctx)769 SSL_TEST_CTX *SSL_TEST_CTX_new(OSSL_LIB_CTX *libctx)
770 {
771 SSL_TEST_CTX *ret;
772
773 /* The return code is checked by caller */
774 if ((ret = OPENSSL_zalloc(sizeof(*ret))) != NULL) {
775 ret->libctx = libctx;
776 ret->app_data_size = default_app_data_size;
777 ret->max_fragment_size = default_max_fragment_size;
778 }
779 return ret;
780 }
781
ssl_test_extra_conf_free_data(SSL_TEST_EXTRA_CONF * conf)782 static void ssl_test_extra_conf_free_data(SSL_TEST_EXTRA_CONF *conf)
783 {
784 OPENSSL_free(conf->client.npn_protocols);
785 OPENSSL_free(conf->server.npn_protocols);
786 OPENSSL_free(conf->server2.npn_protocols);
787 OPENSSL_free(conf->client.alpn_protocols);
788 OPENSSL_free(conf->server.alpn_protocols);
789 OPENSSL_free(conf->server2.alpn_protocols);
790 OPENSSL_free(conf->client.reneg_ciphers);
791 OPENSSL_free(conf->server.srp_user);
792 OPENSSL_free(conf->server.srp_password);
793 OPENSSL_free(conf->server2.srp_user);
794 OPENSSL_free(conf->server2.srp_password);
795 OPENSSL_free(conf->client.srp_user);
796 OPENSSL_free(conf->client.srp_password);
797 OPENSSL_free(conf->server.session_ticket_app_data);
798 OPENSSL_free(conf->server2.session_ticket_app_data);
799 }
800
ssl_test_ctx_free_extra_data(SSL_TEST_CTX * ctx)801 static void ssl_test_ctx_free_extra_data(SSL_TEST_CTX *ctx)
802 {
803 ssl_test_extra_conf_free_data(&ctx->extra);
804 ssl_test_extra_conf_free_data(&ctx->resume_extra);
805 }
806
SSL_TEST_CTX_free(SSL_TEST_CTX * ctx)807 void SSL_TEST_CTX_free(SSL_TEST_CTX *ctx)
808 {
809 if (ctx == NULL)
810 return;
811 ssl_test_ctx_free_extra_data(ctx);
812 OPENSSL_free(ctx->expected_npn_protocol);
813 OPENSSL_free(ctx->expected_alpn_protocol);
814 OPENSSL_free(ctx->expected_session_ticket_app_data);
815 sk_X509_NAME_pop_free(ctx->expected_server_ca_names, X509_NAME_free);
816 sk_X509_NAME_pop_free(ctx->expected_client_ca_names, X509_NAME_free);
817 OPENSSL_free(ctx->expected_cipher);
818 OPENSSL_free(ctx->fips_version);
819 OPENSSL_free(ctx);
820 }
821
parse_client_options(SSL_TEST_CLIENT_CONF * client,const CONF * conf,const char * client_section)822 static int parse_client_options(SSL_TEST_CLIENT_CONF *client, const CONF *conf,
823 const char *client_section)
824 {
825 STACK_OF(CONF_VALUE) *sk_conf;
826 int i;
827 size_t j;
828
829 if (!TEST_ptr(sk_conf = NCONF_get_section(conf, client_section)))
830 return 0;
831
832 for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) {
833 int found = 0;
834 const CONF_VALUE *option = sk_CONF_VALUE_value(sk_conf, i);
835 for (j = 0; j < OSSL_NELEM(ssl_test_client_options); j++) {
836 if (strcmp(option->name, ssl_test_client_options[j].name) == 0) {
837 if (!ssl_test_client_options[j].parse(client, option->value)) {
838 TEST_info("Bad value %s for option %s",
839 option->value, option->name);
840 return 0;
841 }
842 found = 1;
843 break;
844 }
845 }
846 if (!found) {
847 TEST_info("Unknown test option: %s", option->name);
848 return 0;
849 }
850 }
851
852 return 1;
853 }
854
parse_server_options(SSL_TEST_SERVER_CONF * server,const CONF * conf,const char * server_section)855 static int parse_server_options(SSL_TEST_SERVER_CONF *server, const CONF *conf,
856 const char *server_section)
857 {
858 STACK_OF(CONF_VALUE) *sk_conf;
859 int i;
860 size_t j;
861
862 if (!TEST_ptr(sk_conf = NCONF_get_section(conf, server_section)))
863 return 0;
864
865 for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) {
866 int found = 0;
867 const CONF_VALUE *option = sk_CONF_VALUE_value(sk_conf, i);
868 for (j = 0; j < OSSL_NELEM(ssl_test_server_options); j++) {
869 if (strcmp(option->name, ssl_test_server_options[j].name) == 0) {
870 if (!ssl_test_server_options[j].parse(server, option->value)) {
871 TEST_info("Bad value %s for option %s",
872 option->value, option->name);
873 return 0;
874 }
875 found = 1;
876 break;
877 }
878 }
879 if (!found) {
880 TEST_info("Unknown test option: %s", option->name);
881 return 0;
882 }
883 }
884
885 return 1;
886 }
887
SSL_TEST_CTX_create(const CONF * conf,const char * test_section,OSSL_LIB_CTX * libctx)888 SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section,
889 OSSL_LIB_CTX *libctx)
890 {
891 STACK_OF(CONF_VALUE) *sk_conf = NULL;
892 SSL_TEST_CTX *ctx = NULL;
893 int i;
894 size_t j;
895
896 if (!TEST_ptr(sk_conf = NCONF_get_section(conf, test_section))
897 || !TEST_ptr(ctx = SSL_TEST_CTX_new(libctx)))
898 goto err;
899
900 for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) {
901 int found = 0;
902 const CONF_VALUE *option = sk_CONF_VALUE_value(sk_conf, i);
903
904 /* Subsections */
905 if (strcmp(option->name, "client") == 0) {
906 if (!parse_client_options(&ctx->extra.client, conf, option->value))
907 goto err;
908 } else if (strcmp(option->name, "server") == 0) {
909 if (!parse_server_options(&ctx->extra.server, conf, option->value))
910 goto err;
911 } else if (strcmp(option->name, "server2") == 0) {
912 if (!parse_server_options(&ctx->extra.server2, conf, option->value))
913 goto err;
914 } else if (strcmp(option->name, "resume-client") == 0) {
915 if (!parse_client_options(&ctx->resume_extra.client, conf,
916 option->value))
917 goto err;
918 } else if (strcmp(option->name, "resume-server") == 0) {
919 if (!parse_server_options(&ctx->resume_extra.server, conf,
920 option->value))
921 goto err;
922 } else if (strcmp(option->name, "resume-server2") == 0) {
923 if (!parse_server_options(&ctx->resume_extra.server2, conf,
924 option->value))
925 goto err;
926 } else {
927 for (j = 0; j < OSSL_NELEM(ssl_test_ctx_options); j++) {
928 if (strcmp(option->name, ssl_test_ctx_options[j].name) == 0) {
929 if (!ssl_test_ctx_options[j].parse(ctx, option->value)) {
930 TEST_info("Bad value %s for option %s",
931 option->value, option->name);
932 goto err;
933 }
934 found = 1;
935 break;
936 }
937 }
938 if (!found) {
939 TEST_info("Unknown test option: %s", option->name);
940 goto err;
941 }
942 }
943 }
944
945 goto done;
946
947 err:
948 SSL_TEST_CTX_free(ctx);
949 ctx = NULL;
950 done:
951 return ctx;
952 }
953