static int execute_test(SSL_TEST_FIXTURE fixture)
{
int ret = 0;
SSL_CTX *server_ctx = NULL, *server2_ctx = NULL, *client_ctx = NULL;
SSL_TEST_CTX *test_ctx = NULL;
HANDSHAKE_RESULT result;
test_ctx = SSL_TEST_CTX_create(conf, fixture.test_app);
if (test_ctx == NULL)
goto err;
#ifndef OPENSSL_NO_DTLS
if (test_ctx->method == SSL_TEST_METHOD_DTLS) {
server_ctx = SSL_CTX_new(DTLS_server_method());
if (test_ctx->servername_callback != SSL_TEST_SERVERNAME_CB_NONE) {
server2_ctx = SSL_CTX_new(DTLS_server_method());
OPENSSL_assert(server2_ctx != NULL);
}
client_ctx = SSL_CTX_new(DTLS_client_method());
}
#endif
if (test_ctx->method == SSL_TEST_METHOD_TLS) {
server_ctx = SSL_CTX_new(TLS_server_method());
if (test_ctx->servername_callback != SSL_TEST_SERVERNAME_CB_NONE) {
server2_ctx = SSL_CTX_new(TLS_server_method());
OPENSSL_assert(server2_ctx != NULL);
}
client_ctx = SSL_CTX_new(TLS_client_method());
}
OPENSSL_assert(server_ctx != NULL && client_ctx != NULL);
OPENSSL_assert(CONF_modules_load(conf, fixture.test_app, 0) > 0);
if (!SSL_CTX_config(server_ctx, "server")
|| !SSL_CTX_config(client_ctx, "client")) {
goto err;
}
if (server2_ctx != NULL && !SSL_CTX_config(server2_ctx, "server2"))
goto err;
result = do_handshake(server_ctx, server2_ctx, client_ctx, test_ctx);
ret = check_test(result, test_ctx);
err:
CONF_modules_unload(0);
SSL_CTX_free(server_ctx);
SSL_CTX_free(server2_ctx);
SSL_CTX_free(client_ctx);
SSL_TEST_CTX_free(test_ctx);
if (ret != 1)
ERR_print_errors_fp(stderr);
return ret;
}
static int test_bad_configuration(int idx)
{
SSL_TEST_CTX *ctx;
if (!TEST_ptr_null(ctx = SSL_TEST_CTX_create(conf,
bad_configurations[idx]))) {
SSL_TEST_CTX_free(ctx);
return 0;
}
return 1;
}
static int test_bad_configuration(int idx)
{
SSL_TEST_CTX *ctx = SSL_TEST_CTX_create(conf, bad_configurations[idx]);
if (ctx != NULL) {
fprintf(stderr, "Parsing bad configuration %s succeeded.\n",
bad_configurations[idx]);
SSL_TEST_CTX_free(ctx);
return 0;
}
return 1;
}
static int execute_failure_test(SSL_TEST_CTX_TEST_FIXTURE fixture)
{
SSL_TEST_CTX *ctx = SSL_TEST_CTX_create(conf, fixture.test_section);
if (ctx != NULL) {
fprintf(stderr, "Parsing bad configuration %s succeeded.\n",
fixture.test_section);
SSL_TEST_CTX_free(ctx);
return 0;
}
return 1;
}
static int execute_test(SSL_TEST_CTX_TEST_FIXTURE fixture)
{
int success = 0;
SSL_TEST_CTX *ctx;
if (!TEST_ptr(ctx = SSL_TEST_CTX_create(conf, fixture.test_section))
|| !testctx_eq(ctx, fixture.expected_ctx))
goto err;
success = 1;
err:
SSL_TEST_CTX_free(ctx);
return success;
}
static int execute_test(SSL_TEST_CTX_TEST_FIXTURE fixture)
{
int success = 0;
SSL_TEST_CTX *ctx = SSL_TEST_CTX_create(conf, fixture.test_section);
if (ctx == NULL) {
fprintf(stderr, "Failed to parse good configuration %s.\n",
fixture.test_section);
goto err;
}
if (!SSL_TEST_CTX_equal(ctx, fixture.expected_ctx))
goto err;
success = 1;
err:
SSL_TEST_CTX_free(ctx);
return success;
}
SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section)
{
STACK_OF(CONF_VALUE) *sk_conf;
SSL_TEST_CTX *ctx;
int i;
size_t j;
sk_conf = NCONF_get_section(conf, test_section);
OPENSSL_assert(sk_conf != NULL);
ctx = SSL_TEST_CTX_new();
OPENSSL_assert(ctx != NULL);
for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) {
int found = 0;
const CONF_VALUE *option = sk_CONF_VALUE_value(sk_conf, i);
for (j = 0; j < OSSL_NELEM(ssl_test_ctx_options); j++) {
if (strcmp(option->name, ssl_test_ctx_options[j].name) == 0) {
if (!ssl_test_ctx_options[j].parse(ctx, option->value)) {
fprintf(stderr, "Bad value %s for option %s\n",
option->value, option->name);
goto err;
}
found = 1;
break;
}
}
if (!found) {
fprintf(stderr, "Unknown test option: %s\n", option->name);
goto err;
}
}
goto done;
err:
SSL_TEST_CTX_free(ctx);
ctx = NULL;
done:
return ctx;
}
static void tear_down(SSL_TEST_CTX_TEST_FIXTURE fixture)
{
SSL_TEST_CTX_free(fixture.expected_ctx);
}
static void tear_down(SSL_TEST_CTX_TEST_FIXTURE fixture)
{
SSL_TEST_CTX_free(fixture.expected_ctx);
ERR_print_errors_fp(stderr);
}
SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section)
{
STACK_OF(CONF_VALUE) *sk_conf;
SSL_TEST_CTX *ctx;
int i;
size_t j;
sk_conf = NCONF_get_section(conf, test_section);
TEST_check(sk_conf != NULL);
ctx = SSL_TEST_CTX_new();
TEST_check(ctx != NULL);
for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) {
int found = 0;
const CONF_VALUE *option = sk_CONF_VALUE_value(sk_conf, i);
/* Subsections */
if (strcmp(option->name, "client") == 0) {
if (!parse_client_options(&ctx->extra.client, conf,
option->value))
goto err;
} else if (strcmp(option->name, "server") == 0) {
if (!parse_server_options(&ctx->extra.server, conf,
option->value))
goto err;
} else if (strcmp(option->name, "server2") == 0) {
if (!parse_server_options(&ctx->extra.server2, conf,
option->value))
goto err;
} else if (strcmp(option->name, "resume-client") == 0) {
if (!parse_client_options(&ctx->resume_extra.client, conf,
option->value))
goto err;
} else if (strcmp(option->name, "resume-server") == 0) {
if (!parse_server_options(&ctx->resume_extra.server, conf,
option->value))
goto err;
} else if (strcmp(option->name, "resume-server2") == 0) {
if (!parse_server_options(&ctx->resume_extra.server2, conf,
option->value))
goto err;
} else {
for (j = 0; j < OSSL_NELEM(ssl_test_ctx_options); j++) {
if (strcmp(option->name, ssl_test_ctx_options[j].name) == 0) {
if (!ssl_test_ctx_options[j].parse(ctx, option->value)) {
fprintf(stderr, "Bad value %s for option %s\n",
option->value, option->name);
goto err;
}
found = 1;
break;
}
}
if (!found) {
fprintf(stderr, "Unknown test option: %s\n", option->name);
goto err;
}
}
}
goto done;
err:
SSL_TEST_CTX_free(ctx);
ctx = NULL;
done:
return ctx;
}
static int test_handshake(int idx)
{
int ret = 0;
SSL_CTX *server_ctx = NULL, *server2_ctx = NULL, *client_ctx = NULL,
*resume_server_ctx = NULL, *resume_client_ctx = NULL;
SSL_TEST_CTX *test_ctx = NULL;
HANDSHAKE_RESULT *result = NULL;
char test_app[MAX_TESTCASE_NAME_LENGTH];
BIO_snprintf(test_app, sizeof(test_app), "test-%d", idx);
test_ctx = SSL_TEST_CTX_create(conf, test_app);
if (test_ctx == NULL)
goto err;
#ifndef OPENSSL_NO_DTLS
if (test_ctx->method == SSL_TEST_METHOD_DTLS) {
server_ctx = SSL_CTX_new(DTLS_server_method());
if (test_ctx->extra.server.servername_callback !=
SSL_TEST_SERVERNAME_CB_NONE) {
server2_ctx = SSL_CTX_new(DTLS_server_method());
TEST_check(server2_ctx != NULL);
}
client_ctx = SSL_CTX_new(DTLS_client_method());
if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {
resume_server_ctx = SSL_CTX_new(DTLS_server_method());
resume_client_ctx = SSL_CTX_new(DTLS_client_method());
TEST_check(resume_server_ctx != NULL);
TEST_check(resume_client_ctx != NULL);
}
}
#endif
if (test_ctx->method == SSL_TEST_METHOD_TLS) {
server_ctx = SSL_CTX_new(TLS_server_method());
/* SNI on resumption isn't supported/tested yet. */
if (test_ctx->extra.server.servername_callback !=
SSL_TEST_SERVERNAME_CB_NONE) {
server2_ctx = SSL_CTX_new(TLS_server_method());
TEST_check(server2_ctx != NULL);
}
client_ctx = SSL_CTX_new(TLS_client_method());
if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {
resume_server_ctx = SSL_CTX_new(TLS_server_method());
resume_client_ctx = SSL_CTX_new(TLS_client_method());
TEST_check(resume_server_ctx != NULL);
TEST_check(resume_client_ctx != NULL);
}
}
TEST_check(server_ctx != NULL);
TEST_check(client_ctx != NULL);
TEST_check(CONF_modules_load(conf, test_app, 0) > 0);
if (!SSL_CTX_config(server_ctx, "server")
|| !SSL_CTX_config(client_ctx, "client")) {
goto err;
}
if (server2_ctx != NULL && !SSL_CTX_config(server2_ctx, "server2"))
goto err;
if (resume_server_ctx != NULL
&& !SSL_CTX_config(resume_server_ctx, "resume-server"))
goto err;
if (resume_client_ctx != NULL
&& !SSL_CTX_config(resume_client_ctx, "resume-client"))
goto err;
result = do_handshake(server_ctx, server2_ctx, client_ctx,
resume_server_ctx, resume_client_ctx, test_ctx);
ret = check_test(result, test_ctx);
err:
CONF_modules_unload(0);
SSL_CTX_free(server_ctx);
SSL_CTX_free(server2_ctx);
SSL_CTX_free(client_ctx);
SSL_CTX_free(resume_server_ctx);
SSL_CTX_free(resume_client_ctx);
SSL_TEST_CTX_free(test_ctx);
HANDSHAKE_RESULT_free(result);
return ret;
}
