ssl_test_ctx.c@ 101688

最後變更在這個檔案從101688是 101211,由 vboxsync 提交於 18 月前
openssl-3.1.3: Applied and adjusted our OpenSSL changes to 3.1.2. bugref:10527
檔案大小: 29.3 KB

行
1	/*
2	* Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the Apache License 2.0 (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	#include <string.h>
11
12	#include <openssl/e_os2.h>
13	#include <openssl/crypto.h>
14
15	#include "internal/nelem.h"
16	#include "ssl_test_ctx.h"
17	#include "../testutil.h"
18
19	static const int default_app_data_size = 256;
20	/* Default set to be as small as possible to exercise fragmentation. */
21	static const int default_max_fragment_size = 512;
22
23	static int parse_boolean(const char value, int result)
24	{
25	if (OPENSSL_strcasecmp(value, "Yes") == 0) {
26	*result = 1;
27	return 1;
28	}
29	else if (OPENSSL_strcasecmp(value, "No") == 0) {
30	*result = 0;
31	return 1;
32	}
33	TEST_error("parse_boolean given: '%s'", value);
34	return 0;
35	}
36
37	#define IMPLEMENT_SSL_TEST_BOOL_OPTION(struct_type, name, field) \
38	static int parse_##name##_##field(struct_type ctx, const char value) \
39	{ \
40	return parse_boolean(value, &ctx->field); \
41	}
42
43	#define IMPLEMENT_SSL_TEST_STRING_OPTION(struct_type, name, field) \
44	static int parse_##name##_##field(struct_type ctx, const char value) \
45	{ \
46	OPENSSL_free(ctx->field); \
47	ctx->field = OPENSSL_strdup(value); \
48	return TEST_ptr(ctx->field); \
49	}
50
51	#define IMPLEMENT_SSL_TEST_INT_OPTION(struct_type, name, field) \
52	static int parse_##name##_##field(struct_type ctx, const char value) \
53	{ \
54	ctx->field = atoi(value); \
55	return 1; \
56	}
57
58	/* True enums and other test configuration values that map to an int. */
59	typedef struct {
60	const char *name;
61	int value;
62	} test_enum;
63
64
65	__owur static int parse_enum(const test_enum *enums, size_t num_enums,
66	int value, const char name)
67	{
68	size_t i;
69	for (i = 0; i < num_enums; i++) {
70	if (strcmp(enums[i].name, name) == 0) {
71	*value = enums[i].value;
72	return 1;
73	}
74	}
75	return 0;
76	}
77
78	static const char enum_name(const test_enum enums, size_t num_enums,
79	int value)
80	{
81	size_t i;
82	for (i = 0; i < num_enums; i++) {
83	if (enums[i].value == value) {
84	return enums[i].name;
85	}
86	}
87	return "InvalidValue";
88	}
89
90
91	/* ExpectedResult */
92
93	static const test_enum ssl_test_results[] = {
94	{"Success", SSL_TEST_SUCCESS},
95	{"ServerFail", SSL_TEST_SERVER_FAIL},
96	{"ClientFail", SSL_TEST_CLIENT_FAIL},
97	{"InternalError", SSL_TEST_INTERNAL_ERROR},
98	{"FirstHandshakeFailed", SSL_TEST_FIRST_HANDSHAKE_FAILED},
99	};
100
101	__owur static int parse_expected_result(SSL_TEST_CTX test_ctx, const char value)
102	{
103	int ret_value;
104	if (!parse_enum(ssl_test_results, OSSL_NELEM(ssl_test_results),
105	&ret_value, value)) {
106	return 0;
107	}
108	test_ctx->expected_result = ret_value;
109	return 1;
110	}
111
112	const char *ssl_test_result_name(ssl_test_result_t result)
113	{
114	return enum_name(ssl_test_results, OSSL_NELEM(ssl_test_results), result);
115	}
116
117	/* ExpectedClientAlert / ExpectedServerAlert */
118
119	static const test_enum ssl_alerts[] = {
120	{"UnknownCA", SSL_AD_UNKNOWN_CA},
121	{"HandshakeFailure", SSL_AD_HANDSHAKE_FAILURE},
122	{"UnrecognizedName", SSL_AD_UNRECOGNIZED_NAME},
123	{"NoRenegotiation", SSL_AD_NO_RENEGOTIATION},
124	{"BadCertificate", SSL_AD_BAD_CERTIFICATE},
125	{"NoApplicationProtocol", SSL_AD_NO_APPLICATION_PROTOCOL},
126	{"CertificateRequired", SSL_AD_CERTIFICATE_REQUIRED},
127	};
128
129	__owur static int parse_alert(int alert, const char value)
130	{
131	return parse_enum(ssl_alerts, OSSL_NELEM(ssl_alerts), alert, value);
132	}
133
134	__owur static int parse_client_alert(SSL_TEST_CTX test_ctx, const char value)
135	{
136	return parse_alert(&test_ctx->expected_client_alert, value);
137	}
138
139	__owur static int parse_server_alert(SSL_TEST_CTX test_ctx, const char value)
140	{
141	return parse_alert(&test_ctx->expected_server_alert, value);
142	}
143
144	const char *ssl_alert_name(int alert)
145	{
146	return enum_name(ssl_alerts, OSSL_NELEM(ssl_alerts), alert);
147	}
148
149	/* ExpectedProtocol */
150
151	static const test_enum ssl_protocols[] = {
152	{"TLSv1.3", TLS1_3_VERSION},
153	{"TLSv1.2", TLS1_2_VERSION},
154	{"TLSv1.1", TLS1_1_VERSION},
155	{"TLSv1", TLS1_VERSION},
156	{"SSLv3", SSL3_VERSION},
157	{"DTLSv1", DTLS1_VERSION},
158	{"DTLSv1.2", DTLS1_2_VERSION},
159	};
160
161	__owur static int parse_protocol(SSL_TEST_CTX test_ctx, const char value)
162	{
163	return parse_enum(ssl_protocols, OSSL_NELEM(ssl_protocols),
164	&test_ctx->expected_protocol, value);
165	}
166
167	const char *ssl_protocol_name(int protocol)
168	{
169	return enum_name(ssl_protocols, OSSL_NELEM(ssl_protocols), protocol);
170	}
171
172	/* VerifyCallback */
173
174	static const test_enum ssl_verify_callbacks[] = {
175	{"None", SSL_TEST_VERIFY_NONE},
176	{"AcceptAll", SSL_TEST_VERIFY_ACCEPT_ALL},
177	{"RetryOnce", SSL_TEST_VERIFY_RETRY_ONCE},
178	{"RejectAll", SSL_TEST_VERIFY_REJECT_ALL},
179	};
180
181	__owur static int parse_client_verify_callback(SSL_TEST_CLIENT_CONF *client_conf,
182	const char *value)
183	{
184	int ret_value;
185
186	if (!parse_enum(ssl_verify_callbacks, OSSL_NELEM(ssl_verify_callbacks),
187	&ret_value, value)) {
188	return 0;
189	}
190	client_conf->verify_callback = ret_value;
191	return 1;
192	}
193
194	const char *ssl_verify_callback_name(ssl_verify_callback_t callback)
195	{
196	return enum_name(ssl_verify_callbacks, OSSL_NELEM(ssl_verify_callbacks),
197	callback);
198	}
199
200	/* ServerName */
201
202	static const test_enum ssl_servername[] = {
203	{"None", SSL_TEST_SERVERNAME_NONE},
204	{"server1", SSL_TEST_SERVERNAME_SERVER1},
205	{"server2", SSL_TEST_SERVERNAME_SERVER2},
206	{"invalid", SSL_TEST_SERVERNAME_INVALID},
207	};
208
209	__owur static int parse_servername(SSL_TEST_CLIENT_CONF *client_conf,
210	const char *value)
211	{
212	int ret_value;
213	if (!parse_enum(ssl_servername, OSSL_NELEM(ssl_servername),
214	&ret_value, value)) {
215	return 0;
216	}
217	client_conf->servername = ret_value;
218	return 1;
219	}
220
221	__owur static int parse_expected_servername(SSL_TEST_CTX *test_ctx,
222	const char *value)
223	{
224	int ret_value;
225	if (!parse_enum(ssl_servername, OSSL_NELEM(ssl_servername),
226	&ret_value, value)) {
227	return 0;
228	}
229	test_ctx->expected_servername = ret_value;
230	return 1;
231	}
232
233	const char *ssl_servername_name(ssl_servername_t server)
234	{
235	return enum_name(ssl_servername, OSSL_NELEM(ssl_servername),
236	server);
237	}
238
239	/* ServerNameCallback */
240
241	static const test_enum ssl_servername_callbacks[] = {
242	{"None", SSL_TEST_SERVERNAME_CB_NONE},
243	{"IgnoreMismatch", SSL_TEST_SERVERNAME_IGNORE_MISMATCH},
244	{"RejectMismatch", SSL_TEST_SERVERNAME_REJECT_MISMATCH},
245	{"ClientHelloIgnoreMismatch",
246	SSL_TEST_SERVERNAME_CLIENT_HELLO_IGNORE_MISMATCH},
247	{"ClientHelloRejectMismatch",
248	SSL_TEST_SERVERNAME_CLIENT_HELLO_REJECT_MISMATCH},
249	{"ClientHelloNoV12", SSL_TEST_SERVERNAME_CLIENT_HELLO_NO_V12},
250	};
251
252	__owur static int parse_servername_callback(SSL_TEST_SERVER_CONF *server_conf,
253	const char *value)
254	{
255	int ret_value;
256	if (!parse_enum(ssl_servername_callbacks,
257	OSSL_NELEM(ssl_servername_callbacks), &ret_value, value)) {
258	return 0;
259	}
260	server_conf->servername_callback = ret_value;
261	return 1;
262	}
263
264	const char *ssl_servername_callback_name(ssl_servername_callback_t callback)
265	{
266	return enum_name(ssl_servername_callbacks,
267	OSSL_NELEM(ssl_servername_callbacks), callback);
268	}
269
270	/* SessionTicketExpected */
271
272	static const test_enum ssl_session_ticket[] = {
273	{"Ignore", SSL_TEST_SESSION_TICKET_IGNORE},
274	{"Yes", SSL_TEST_SESSION_TICKET_YES},
275	{"No", SSL_TEST_SESSION_TICKET_NO},
276	};
277
278	__owur static int parse_session_ticket(SSL_TEST_CTX test_ctx, const char value)
279	{
280	int ret_value;
281	if (!parse_enum(ssl_session_ticket, OSSL_NELEM(ssl_session_ticket),
282	&ret_value, value)) {
283	return 0;
284	}
285	test_ctx->session_ticket_expected = ret_value;
286	return 1;
287	}
288
289	const char *ssl_session_ticket_name(ssl_session_ticket_t server)
290	{
291	return enum_name(ssl_session_ticket,
292	OSSL_NELEM(ssl_session_ticket),
293	server);
294	}
295
296	/* CompressionExpected */
297
298	IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, compression_expected)
299
300	/* SessionIdExpected */
301
302	static const test_enum ssl_session_id[] = {
303	{"Ignore", SSL_TEST_SESSION_ID_IGNORE},
304	{"Yes", SSL_TEST_SESSION_ID_YES},
305	{"No", SSL_TEST_SESSION_ID_NO},
306	};
307
308	__owur static int parse_session_id(SSL_TEST_CTX test_ctx, const char value)
309	{
310	int ret_value;
311	if (!parse_enum(ssl_session_id, OSSL_NELEM(ssl_session_id),
312	&ret_value, value)) {
313	return 0;
314	}
315	test_ctx->session_id_expected = ret_value;
316	return 1;
317	}
318
319	const char *ssl_session_id_name(ssl_session_id_t server)
320	{
321	return enum_name(ssl_session_id,
322	OSSL_NELEM(ssl_session_id),
323	server);
324	}
325
326	/* Method */
327
328	static const test_enum ssl_test_methods[] = {
329	{"TLS", SSL_TEST_METHOD_TLS},
330	{"DTLS", SSL_TEST_METHOD_DTLS},
331	};
332
333	__owur static int parse_test_method(SSL_TEST_CTX test_ctx, const char value)
334	{
335	int ret_value;
336	if (!parse_enum(ssl_test_methods, OSSL_NELEM(ssl_test_methods),
337	&ret_value, value)) {
338	return 0;
339	}
340	test_ctx->method = ret_value;
341	return 1;
342	}
343
344	const char *ssl_test_method_name(ssl_test_method_t method)
345	{
346	return enum_name(ssl_test_methods, OSSL_NELEM(ssl_test_methods), method);
347	}
348
349	/* NPN and ALPN options */
350
351	IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, npn_protocols)
352	IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, npn_protocols)
353	IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_npn_protocol)
354	IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, alpn_protocols)
355	IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, alpn_protocols)
356	IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_alpn_protocol)
357
358	/* SRP options */
359	IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, srp_user)
360	IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, srp_user)
361	IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, srp_password)
362	IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, srp_password)
363
364	/* Session Ticket App Data options */
365	IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_session_ticket_app_data)
366	IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, session_ticket_app_data)
367
368	/* Handshake mode */
369
370	static const test_enum ssl_handshake_modes[] = {
371	{"Simple", SSL_TEST_HANDSHAKE_SIMPLE},
372	{"Resume", SSL_TEST_HANDSHAKE_RESUME},
373	{"RenegotiateServer", SSL_TEST_HANDSHAKE_RENEG_SERVER},
374	{"RenegotiateClient", SSL_TEST_HANDSHAKE_RENEG_CLIENT},
375	{"KeyUpdateServer", SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER},
376	{"KeyUpdateClient", SSL_TEST_HANDSHAKE_KEY_UPDATE_CLIENT},
377	{"PostHandshakeAuth", SSL_TEST_HANDSHAKE_POST_HANDSHAKE_AUTH},
378	};
379
380	__owur static int parse_handshake_mode(SSL_TEST_CTX test_ctx, const char value)
381	{
382	int ret_value;
383	if (!parse_enum(ssl_handshake_modes, OSSL_NELEM(ssl_handshake_modes),
384	&ret_value, value)) {
385	return 0;
386	}
387	test_ctx->handshake_mode = ret_value;
388	return 1;
389	}
390
391	const char *ssl_handshake_mode_name(ssl_handshake_mode_t mode)
392	{
393	return enum_name(ssl_handshake_modes, OSSL_NELEM(ssl_handshake_modes),
394	mode);
395	}
396
397	/* Renegotiation Ciphersuites */
398
399	IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, reneg_ciphers)
400
401	/* KeyUpdateType */
402
403	static const test_enum ssl_key_update_types[] = {
404	{"KeyUpdateRequested", SSL_KEY_UPDATE_REQUESTED},
405	{"KeyUpdateNotRequested", SSL_KEY_UPDATE_NOT_REQUESTED},
406	};
407
408	__owur static int parse_key_update_type(SSL_TEST_CTX test_ctx, const char value)
409	{
410	int ret_value;
411	if (!parse_enum(ssl_key_update_types, OSSL_NELEM(ssl_key_update_types),
412	&ret_value, value)) {
413	return 0;
414	}
415	test_ctx->key_update_type = ret_value;
416	return 1;
417	}
418
419	/* CT Validation */
420
421	static const test_enum ssl_ct_validation_modes[] = {
422	{"None", SSL_TEST_CT_VALIDATION_NONE},
423	{"Permissive", SSL_TEST_CT_VALIDATION_PERMISSIVE},
424	{"Strict", SSL_TEST_CT_VALIDATION_STRICT},
425	};
426
427	__owur static int parse_ct_validation(SSL_TEST_CLIENT_CONF *client_conf,
428	const char *value)
429	{
430	int ret_value;
431	if (!parse_enum(ssl_ct_validation_modes, OSSL_NELEM(ssl_ct_validation_modes),
432	&ret_value, value)) {
433	return 0;
434	}
435	client_conf->ct_validation = ret_value;
436	return 1;
437	}
438
439	const char *ssl_ct_validation_name(ssl_ct_validation_t mode)
440	{
441	return enum_name(ssl_ct_validation_modes, OSSL_NELEM(ssl_ct_validation_modes),
442	mode);
443	}
444
445	IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, resumption_expected)
446	IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_SERVER_CONF, server, broken_session_ticket)
447	IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, use_sctp)
448	IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, enable_client_sctp_label_bug)
449	IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, enable_server_sctp_label_bug)
450
451	/* CertStatus */
452
453	static const test_enum ssl_certstatus[] = {
454	{"None", SSL_TEST_CERT_STATUS_NONE},
455	{"GoodResponse", SSL_TEST_CERT_STATUS_GOOD_RESPONSE},
456	{"BadResponse", SSL_TEST_CERT_STATUS_BAD_RESPONSE}
457	};
458
459	__owur static int parse_certstatus(SSL_TEST_SERVER_CONF *server_conf,
460	const char *value)
461	{
462	int ret_value;
463	if (!parse_enum(ssl_certstatus, OSSL_NELEM(ssl_certstatus), &ret_value,
464	value)) {
465	return 0;
466	}
467	server_conf->cert_status = ret_value;
468	return 1;
469	}
470
471	const char *ssl_certstatus_name(ssl_cert_status_t cert_status)
472	{
473	return enum_name(ssl_certstatus,
474	OSSL_NELEM(ssl_certstatus), cert_status);
475	}
476
477	/* ApplicationData */
478
479	IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, app_data_size)
480
481
482	/* MaxFragmentSize */
483
484	IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, max_fragment_size)
485
486	/* Maximum-Fragment-Length TLS extension mode */
487	static const test_enum ssl_max_fragment_len_mode[] = {
488	{"None", TLSEXT_max_fragment_length_DISABLED},
489	{ "512", TLSEXT_max_fragment_length_512},
490	{"1024", TLSEXT_max_fragment_length_1024},
491	{"2048", TLSEXT_max_fragment_length_2048},
492	{"4096", TLSEXT_max_fragment_length_4096}
493	};
494
495	__owur static int parse_max_fragment_len_mode(SSL_TEST_CLIENT_CONF *client_conf,
496	const char *value)
497	{
498	int ret_value;
499
500	if (!parse_enum(ssl_max_fragment_len_mode,
501	OSSL_NELEM(ssl_max_fragment_len_mode), &ret_value, value)) {
502	return 0;
503	}
504	client_conf->max_fragment_len_mode = ret_value;
505	return 1;
506	}
507
508	const char *ssl_max_fragment_len_name(int MFL_mode)
509	{
510	return enum_name(ssl_max_fragment_len_mode,
511	OSSL_NELEM(ssl_max_fragment_len_mode), MFL_mode);
512	}
513
514
515	/* Expected key and signature types */
516
517	__owur static int parse_expected_key_type(int ptype, const char value)
518	{
519	int nid;
520	const EVP_PKEY_ASN1_METHOD *ameth;
521
522	if (value == NULL)
523	return 0;
524	ameth = EVP_PKEY_asn1_find_str(NULL, value, -1);
525	if (ameth != NULL)
526	EVP_PKEY_asn1_get0_info(&nid, NULL, NULL, NULL, NULL, ameth);
527	else
528	nid = OBJ_sn2nid(value);
529	if (nid == NID_undef)
530	nid = OBJ_ln2nid(value);
531	#ifndef OPENSSL_NO_EC
532	if (nid == NID_undef)
533	nid = EC_curve_nist2nid(value);
534	#endif
535	if (nid == NID_undef)
536	return 0;
537	*ptype = nid;
538	return 1;
539	}
540
541	__owur static int parse_expected_tmp_key_type(SSL_TEST_CTX *test_ctx,
542	const char *value)
543	{
544	return parse_expected_key_type(&test_ctx->expected_tmp_key_type, value);
545	}
546
547	__owur static int parse_expected_server_cert_type(SSL_TEST_CTX *test_ctx,
548	const char *value)
549	{
550	return parse_expected_key_type(&test_ctx->expected_server_cert_type,
551	value);
552	}
553
554	__owur static int parse_expected_server_sign_type(SSL_TEST_CTX *test_ctx,
555	const char *value)
556	{
557	return parse_expected_key_type(&test_ctx->expected_server_sign_type,
558	value);
559	}
560
561	__owur static int parse_expected_client_cert_type(SSL_TEST_CTX *test_ctx,
562	const char *value)
563	{
564	return parse_expected_key_type(&test_ctx->expected_client_cert_type,
565	value);
566	}
567
568	__owur static int parse_expected_client_sign_type(SSL_TEST_CTX *test_ctx,
569	const char *value)
570	{
571	return parse_expected_key_type(&test_ctx->expected_client_sign_type,
572	value);
573	}
574
575
576	/* Expected signing hash */
577
578	__owur static int parse_expected_sign_hash(int ptype, const char value)
579	{
580	int nid;
581
582	if (value == NULL)
583	return 0;
584	nid = OBJ_sn2nid(value);
585	if (nid == NID_undef)
586	nid = OBJ_ln2nid(value);
587	if (nid == NID_undef)
588	return 0;
589	*ptype = nid;
590	return 1;
591	}
592
593	__owur static int parse_expected_server_sign_hash(SSL_TEST_CTX *test_ctx,
594	const char *value)
595	{
596	return parse_expected_sign_hash(&test_ctx->expected_server_sign_hash,
597	value);
598	}
599
600	__owur static int parse_expected_client_sign_hash(SSL_TEST_CTX *test_ctx,
601	const char *value)
602	{
603	return parse_expected_sign_hash(&test_ctx->expected_client_sign_hash,
604	value);
605	}
606
607	__owur static int parse_expected_ca_names(STACK_OF(X509_NAME) **pnames,
608	const char *value,
609	OSSL_LIB_CTX *libctx)
610	{
611	if (value == NULL)
612	return 0;
613	if (!strcmp(value, "empty"))
614	*pnames = sk_X509_NAME_new_null();
615	else
616	*pnames = SSL_load_client_CA_file_ex(value, libctx, NULL);
617	return *pnames != NULL;
618	}
619	__owur static int parse_expected_server_ca_names(SSL_TEST_CTX *test_ctx,
620	const char *value)
621	{
622	return parse_expected_ca_names(&test_ctx->expected_server_ca_names, value,
623	test_ctx->libctx);
624	}
625	__owur static int parse_expected_client_ca_names(SSL_TEST_CTX *test_ctx,
626	const char *value)
627	{
628	return parse_expected_ca_names(&test_ctx->expected_client_ca_names, value,
629	test_ctx->libctx);
630	}
631
632	/* ExpectedCipher */
633
634	IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_cipher)
635
636	/* Client and Server PHA */
637
638	IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CLIENT_CONF, client, enable_pha)
639	IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_SERVER_CONF, server, force_pha)
640	IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CLIENT_CONF, client, no_extms_on_reneg)
641
642	/* FIPS provider version limiting */
643	IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, fips_version)
644
645	/* Known test options and their corresponding parse methods. */
646
647	/* Top-level options. */
648	typedef struct {
649	const char *name;
650	int (parse)(SSL_TEST_CTX test_ctx, const char *value);
651	} ssl_test_ctx_option;
652
653	static const ssl_test_ctx_option ssl_test_ctx_options[] = {
654	{ "ExpectedResult", &parse_expected_result },
655	{ "ExpectedClientAlert", &parse_client_alert },
656	{ "ExpectedServerAlert", &parse_server_alert },
657	{ "ExpectedProtocol", &parse_protocol },
658	{ "ExpectedServerName", &parse_expected_servername },
659	{ "SessionTicketExpected", &parse_session_ticket },
660	{ "CompressionExpected", &parse_test_compression_expected },
661	{ "SessionIdExpected", &parse_session_id },
662	{ "Method", &parse_test_method },
663	{ "ExpectedNPNProtocol", &parse_test_expected_npn_protocol },
664	{ "ExpectedALPNProtocol", &parse_test_expected_alpn_protocol },
665	{ "HandshakeMode", &parse_handshake_mode },
666	{ "KeyUpdateType", &parse_key_update_type },
667	{ "ResumptionExpected", &parse_test_resumption_expected },
668	{ "ApplicationData", &parse_test_app_data_size },
669	{ "MaxFragmentSize", &parse_test_max_fragment_size },
670	{ "ExpectedTmpKeyType", &parse_expected_tmp_key_type },
671	{ "ExpectedServerCertType", &parse_expected_server_cert_type },
672	{ "ExpectedServerSignHash", &parse_expected_server_sign_hash },
673	{ "ExpectedServerSignType", &parse_expected_server_sign_type },
674	{ "ExpectedServerCANames", &parse_expected_server_ca_names },
675	{ "ExpectedClientCertType", &parse_expected_client_cert_type },
676	{ "ExpectedClientSignHash", &parse_expected_client_sign_hash },
677	{ "ExpectedClientSignType", &parse_expected_client_sign_type },
678	{ "ExpectedClientCANames", &parse_expected_client_ca_names },
679	{ "UseSCTP", &parse_test_use_sctp },
680	{ "EnableClientSCTPLabelBug", &parse_test_enable_client_sctp_label_bug },
681	{ "EnableServerSCTPLabelBug", &parse_test_enable_server_sctp_label_bug },
682	{ "ExpectedCipher", &parse_test_expected_cipher },
683	{ "ExpectedSessionTicketAppData", &parse_test_expected_session_ticket_app_data },
684	{ "FIPSversion", &parse_test_fips_version },
685	};
686
687	/* Nested client options. */
688	typedef struct {
689	const char *name;
690	int (parse)(SSL_TEST_CLIENT_CONF conf, const char *value);
691	} ssl_test_client_option;
692
693	static const ssl_test_client_option ssl_test_client_options[] = {
694	{ "VerifyCallback", &parse_client_verify_callback },
695	{ "ServerName", &parse_servername },
696	{ "NPNProtocols", &parse_client_npn_protocols },
697	{ "ALPNProtocols", &parse_client_alpn_protocols },
698	{ "CTValidation", &parse_ct_validation },
699	{ "RenegotiateCiphers", &parse_client_reneg_ciphers},
700	{ "SRPUser", &parse_client_srp_user },
701	{ "SRPPassword", &parse_client_srp_password },
702	{ "MaxFragmentLenExt", &parse_max_fragment_len_mode },
703	{ "EnablePHA", &parse_client_enable_pha },
704	{ "RenegotiateNoExtms", &parse_client_no_extms_on_reneg },
705	};
706
707	/* Nested server options. */
708	typedef struct {
709	const char *name;
710	int (parse)(SSL_TEST_SERVER_CONF conf, const char *value);
711	} ssl_test_server_option;
712
713	static const ssl_test_server_option ssl_test_server_options[] = {
714	{ "ServerNameCallback", &parse_servername_callback },
715	{ "NPNProtocols", &parse_server_npn_protocols },
716	{ "ALPNProtocols", &parse_server_alpn_protocols },
717	{ "BrokenSessionTicket", &parse_server_broken_session_ticket },
718	{ "CertStatus", &parse_certstatus },
719	{ "SRPUser", &parse_server_srp_user },
720	{ "SRPPassword", &parse_server_srp_password },
721	{ "ForcePHA", &parse_server_force_pha },
722	{ "SessionTicketAppData", &parse_server_session_ticket_app_data },
723	};
724
725	SSL_TEST_CTX SSL_TEST_CTX_new(OSSL_LIB_CTX libctx)
726	{
727	SSL_TEST_CTX *ret;
728
729	/* The return code is checked by caller */
730	if ((ret = OPENSSL_zalloc(sizeof(*ret))) != NULL) {
731	ret->libctx = libctx;
732	ret->app_data_size = default_app_data_size;
733	ret->max_fragment_size = default_max_fragment_size;
734	}
735	return ret;
736	}
737
738	static void ssl_test_extra_conf_free_data(SSL_TEST_EXTRA_CONF *conf)
739	{
740	OPENSSL_free(conf->client.npn_protocols);
741	OPENSSL_free(conf->server.npn_protocols);
742	OPENSSL_free(conf->server2.npn_protocols);
743	OPENSSL_free(conf->client.alpn_protocols);
744	OPENSSL_free(conf->server.alpn_protocols);
745	OPENSSL_free(conf->server2.alpn_protocols);
746	OPENSSL_free(conf->client.reneg_ciphers);
747	OPENSSL_free(conf->server.srp_user);
748	OPENSSL_free(conf->server.srp_password);
749	OPENSSL_free(conf->server2.srp_user);
750	OPENSSL_free(conf->server2.srp_password);
751	OPENSSL_free(conf->client.srp_user);
752	OPENSSL_free(conf->client.srp_password);
753	OPENSSL_free(conf->server.session_ticket_app_data);
754	OPENSSL_free(conf->server2.session_ticket_app_data);
755	}
756
757	static void ssl_test_ctx_free_extra_data(SSL_TEST_CTX *ctx)
758	{
759	ssl_test_extra_conf_free_data(&ctx->extra);
760	ssl_test_extra_conf_free_data(&ctx->resume_extra);
761	}
762
763	void SSL_TEST_CTX_free(SSL_TEST_CTX *ctx)
764	{
765	if (ctx == NULL)
766	return;
767	ssl_test_ctx_free_extra_data(ctx);
768	OPENSSL_free(ctx->expected_npn_protocol);
769	OPENSSL_free(ctx->expected_alpn_protocol);
770	OPENSSL_free(ctx->expected_session_ticket_app_data);
771	sk_X509_NAME_pop_free(ctx->expected_server_ca_names, X509_NAME_free);
772	sk_X509_NAME_pop_free(ctx->expected_client_ca_names, X509_NAME_free);
773	OPENSSL_free(ctx->expected_cipher);
774	OPENSSL_free(ctx->fips_version);
775	OPENSSL_free(ctx);
776	}
777
778	static int parse_client_options(SSL_TEST_CLIENT_CONF client, const CONF conf,
779	const char *client_section)
780	{
781	STACK_OF(CONF_VALUE) *sk_conf;
782	int i;
783	size_t j;
784
785	if (!TEST_ptr(sk_conf = NCONF_get_section(conf, client_section)))
786	return 0;
787
788	for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) {
789	int found = 0;
790	const CONF_VALUE *option = sk_CONF_VALUE_value(sk_conf, i);
791	for (j = 0; j < OSSL_NELEM(ssl_test_client_options); j++) {
792	if (strcmp(option->name, ssl_test_client_options[j].name) == 0) {
793	if (!ssl_test_client_options[j].parse(client, option->value)) {
794	TEST_info("Bad value %s for option %s",
795	option->value, option->name);
796	return 0;
797	}
798	found = 1;
799	break;
800	}
801	}
802	if (!found) {
803	TEST_info("Unknown test option: %s", option->name);
804	return 0;
805	}
806	}
807
808	return 1;
809	}
810
811	static int parse_server_options(SSL_TEST_SERVER_CONF server, const CONF conf,
812	const char *server_section)
813	{
814	STACK_OF(CONF_VALUE) *sk_conf;
815	int i;
816	size_t j;
817
818	if (!TEST_ptr(sk_conf = NCONF_get_section(conf, server_section)))
819	return 0;
820
821	for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) {
822	int found = 0;
823	const CONF_VALUE *option = sk_CONF_VALUE_value(sk_conf, i);
824	for (j = 0; j < OSSL_NELEM(ssl_test_server_options); j++) {
825	if (strcmp(option->name, ssl_test_server_options[j].name) == 0) {
826	if (!ssl_test_server_options[j].parse(server, option->value)) {
827	TEST_info("Bad value %s for option %s",
828	option->value, option->name);
829	return 0;
830	}
831	found = 1;
832	break;
833	}
834	}
835	if (!found) {
836	TEST_info("Unknown test option: %s", option->name);
837	return 0;
838	}
839	}
840
841	return 1;
842	}
843
844	SSL_TEST_CTX SSL_TEST_CTX_create(const CONF conf, const char *test_section,
845	OSSL_LIB_CTX *libctx)
846	{
847	STACK_OF(CONF_VALUE) *sk_conf = NULL;
848	SSL_TEST_CTX *ctx = NULL;
849	int i;
850	size_t j;
851
852	if (!TEST_ptr(sk_conf = NCONF_get_section(conf, test_section))
853	\|\| !TEST_ptr(ctx = SSL_TEST_CTX_new(libctx)))
854	goto err;
855
856	for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) {
857	int found = 0;
858	const CONF_VALUE *option = sk_CONF_VALUE_value(sk_conf, i);
859
860	/* Subsections */
861	if (strcmp(option->name, "client") == 0) {
862	if (!parse_client_options(&ctx->extra.client, conf, option->value))
863	goto err;
864	} else if (strcmp(option->name, "server") == 0) {
865	if (!parse_server_options(&ctx->extra.server, conf, option->value))
866	goto err;
867	} else if (strcmp(option->name, "server2") == 0) {
868	if (!parse_server_options(&ctx->extra.server2, conf, option->value))
869	goto err;
870	} else if (strcmp(option->name, "resume-client") == 0) {
871	if (!parse_client_options(&ctx->resume_extra.client, conf,
872	option->value))
873	goto err;
874	} else if (strcmp(option->name, "resume-server") == 0) {
875	if (!parse_server_options(&ctx->resume_extra.server, conf,
876	option->value))
877	goto err;
878	} else if (strcmp(option->name, "resume-server2") == 0) {
879	if (!parse_server_options(&ctx->resume_extra.server2, conf,
880	option->value))
881	goto err;
882	} else {
883	for (j = 0; j < OSSL_NELEM(ssl_test_ctx_options); j++) {
884	if (strcmp(option->name, ssl_test_ctx_options[j].name) == 0) {
885	if (!ssl_test_ctx_options[j].parse(ctx, option->value)) {
886	TEST_info("Bad value %s for option %s",
887	option->value, option->name);
888	goto err;
889	}
890	found = 1;
891	break;
892	}
893	}
894	if (!found) {
895	TEST_info("Unknown test option: %s", option->name);
896	goto err;
897	}
898	}
899	}
900
901	goto done;
902
903	err:
904	SSL_TEST_CTX_free(ctx);
905	ctx = NULL;
906	done:
907	return ctx;
908	}

注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

source: vbox/trunk/src/libs/openssl-3.1.3/test/helpers/ssl_test_ctx.c@ 101688

以其他格式下載: