1e1051a39Sopenharmony_ci/* 2e1051a39Sopenharmony_ci * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. 3e1051a39Sopenharmony_ci * 4e1051a39Sopenharmony_ci * Licensed under the Apache License 2.0 (the "License"). You may not use 5e1051a39Sopenharmony_ci * this file except in compliance with the License. You can obtain a copy 6e1051a39Sopenharmony_ci * in the file LICENSE in the source distribution or at 7e1051a39Sopenharmony_ci * https://www.openssl.org/source/license.html 8e1051a39Sopenharmony_ci */ 9e1051a39Sopenharmony_ci 10e1051a39Sopenharmony_ci#include <stdio.h> 11e1051a39Sopenharmony_ci#include <string.h> 12e1051a39Sopenharmony_ci 13e1051a39Sopenharmony_ci#include <openssl/conf.h> 14e1051a39Sopenharmony_ci#include <openssl/err.h> 15e1051a39Sopenharmony_ci#include <openssl/ssl.h> 16e1051a39Sopenharmony_ci#include <openssl/provider.h> 17e1051a39Sopenharmony_ci 18e1051a39Sopenharmony_ci#include "helpers/handshake.h" 19e1051a39Sopenharmony_ci#include "helpers/ssl_test_ctx.h" 20e1051a39Sopenharmony_ci#include "testutil.h" 21e1051a39Sopenharmony_ci 22e1051a39Sopenharmony_cistatic CONF *conf = NULL; 23e1051a39Sopenharmony_cistatic OSSL_PROVIDER *defctxnull = NULL, *thisprov = NULL; 24e1051a39Sopenharmony_cistatic OSSL_LIB_CTX *libctx = NULL; 25e1051a39Sopenharmony_ci 26e1051a39Sopenharmony_ci/* Currently the section names are of the form test-<number>, e.g. test-15. */ 27e1051a39Sopenharmony_ci#define MAX_TESTCASE_NAME_LENGTH 100 28e1051a39Sopenharmony_ci 29e1051a39Sopenharmony_cistatic const char *print_alert(int alert) 30e1051a39Sopenharmony_ci{ 31e1051a39Sopenharmony_ci return alert ? SSL_alert_desc_string_long(alert) : "no alert"; 32e1051a39Sopenharmony_ci} 33e1051a39Sopenharmony_ci 34e1051a39Sopenharmony_cistatic int check_result(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) 35e1051a39Sopenharmony_ci{ 36e1051a39Sopenharmony_ci if (!TEST_int_eq(result->result, test_ctx->expected_result)) { 37e1051a39Sopenharmony_ci TEST_info("ExpectedResult mismatch: expected %s, got %s.", 38e1051a39Sopenharmony_ci ssl_test_result_name(test_ctx->expected_result), 39e1051a39Sopenharmony_ci ssl_test_result_name(result->result)); 40e1051a39Sopenharmony_ci return 0; 41e1051a39Sopenharmony_ci } 42e1051a39Sopenharmony_ci return 1; 43e1051a39Sopenharmony_ci} 44e1051a39Sopenharmony_ci 45e1051a39Sopenharmony_cistatic int check_alerts(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) 46e1051a39Sopenharmony_ci{ 47e1051a39Sopenharmony_ci if (!TEST_int_eq(result->client_alert_sent, 48e1051a39Sopenharmony_ci result->client_alert_received)) { 49e1051a39Sopenharmony_ci TEST_info("Client sent alert %s but server received %s.", 50e1051a39Sopenharmony_ci print_alert(result->client_alert_sent), 51e1051a39Sopenharmony_ci print_alert(result->client_alert_received)); 52e1051a39Sopenharmony_ci /* 53e1051a39Sopenharmony_ci * We can't bail here because the peer doesn't always get far enough 54e1051a39Sopenharmony_ci * to process a received alert. Specifically, in protocol version 55e1051a39Sopenharmony_ci * negotiation tests, we have the following scenario. 56e1051a39Sopenharmony_ci * Client supports TLS v1.2 only; Server supports TLS v1.1. 57e1051a39Sopenharmony_ci * Client proposes TLS v1.2; server responds with 1.1; 58e1051a39Sopenharmony_ci * Client now sends a protocol alert, using TLS v1.2 in the header. 59e1051a39Sopenharmony_ci * The server, however, rejects the alert because of version mismatch 60e1051a39Sopenharmony_ci * in the record layer; therefore, the server appears to never 61e1051a39Sopenharmony_ci * receive the alert. 62e1051a39Sopenharmony_ci */ 63e1051a39Sopenharmony_ci /* return 0; */ 64e1051a39Sopenharmony_ci } 65e1051a39Sopenharmony_ci 66e1051a39Sopenharmony_ci if (!TEST_int_eq(result->server_alert_sent, 67e1051a39Sopenharmony_ci result->server_alert_received)) { 68e1051a39Sopenharmony_ci TEST_info("Server sent alert %s but client received %s.", 69e1051a39Sopenharmony_ci print_alert(result->server_alert_sent), 70e1051a39Sopenharmony_ci print_alert(result->server_alert_received)); 71e1051a39Sopenharmony_ci /* return 0; */ 72e1051a39Sopenharmony_ci } 73e1051a39Sopenharmony_ci 74e1051a39Sopenharmony_ci /* Tolerate an alert if one wasn't explicitly specified in the test. */ 75e1051a39Sopenharmony_ci if (test_ctx->expected_client_alert 76e1051a39Sopenharmony_ci /* 77e1051a39Sopenharmony_ci * The info callback alert value is computed as 78e1051a39Sopenharmony_ci * (s->s3->send_alert[0] << 8) | s->s3->send_alert[1] 79e1051a39Sopenharmony_ci * where the low byte is the alert code and the high byte is other stuff. 80e1051a39Sopenharmony_ci */ 81e1051a39Sopenharmony_ci && (result->client_alert_sent & 0xff) != test_ctx->expected_client_alert) { 82e1051a39Sopenharmony_ci TEST_error("ClientAlert mismatch: expected %s, got %s.", 83e1051a39Sopenharmony_ci print_alert(test_ctx->expected_client_alert), 84e1051a39Sopenharmony_ci print_alert(result->client_alert_sent)); 85e1051a39Sopenharmony_ci return 0; 86e1051a39Sopenharmony_ci } 87e1051a39Sopenharmony_ci 88e1051a39Sopenharmony_ci if (test_ctx->expected_server_alert 89e1051a39Sopenharmony_ci && (result->server_alert_sent & 0xff) != test_ctx->expected_server_alert) { 90e1051a39Sopenharmony_ci TEST_error("ServerAlert mismatch: expected %s, got %s.", 91e1051a39Sopenharmony_ci print_alert(test_ctx->expected_server_alert), 92e1051a39Sopenharmony_ci print_alert(result->server_alert_sent)); 93e1051a39Sopenharmony_ci return 0; 94e1051a39Sopenharmony_ci } 95e1051a39Sopenharmony_ci 96e1051a39Sopenharmony_ci if (!TEST_int_le(result->client_num_fatal_alerts_sent, 1)) 97e1051a39Sopenharmony_ci return 0; 98e1051a39Sopenharmony_ci if (!TEST_int_le(result->server_num_fatal_alerts_sent, 1)) 99e1051a39Sopenharmony_ci return 0; 100e1051a39Sopenharmony_ci return 1; 101e1051a39Sopenharmony_ci} 102e1051a39Sopenharmony_ci 103e1051a39Sopenharmony_cistatic int check_protocol(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) 104e1051a39Sopenharmony_ci{ 105e1051a39Sopenharmony_ci if (!TEST_int_eq(result->client_protocol, result->server_protocol)) { 106e1051a39Sopenharmony_ci TEST_info("Client has protocol %s but server has %s.", 107e1051a39Sopenharmony_ci ssl_protocol_name(result->client_protocol), 108e1051a39Sopenharmony_ci ssl_protocol_name(result->server_protocol)); 109e1051a39Sopenharmony_ci return 0; 110e1051a39Sopenharmony_ci } 111e1051a39Sopenharmony_ci 112e1051a39Sopenharmony_ci if (test_ctx->expected_protocol) { 113e1051a39Sopenharmony_ci if (!TEST_int_eq(result->client_protocol, 114e1051a39Sopenharmony_ci test_ctx->expected_protocol)) { 115e1051a39Sopenharmony_ci TEST_info("Protocol mismatch: expected %s, got %s.\n", 116e1051a39Sopenharmony_ci ssl_protocol_name(test_ctx->expected_protocol), 117e1051a39Sopenharmony_ci ssl_protocol_name(result->client_protocol)); 118e1051a39Sopenharmony_ci return 0; 119e1051a39Sopenharmony_ci } 120e1051a39Sopenharmony_ci } 121e1051a39Sopenharmony_ci return 1; 122e1051a39Sopenharmony_ci} 123e1051a39Sopenharmony_ci 124e1051a39Sopenharmony_cistatic int check_servername(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) 125e1051a39Sopenharmony_ci{ 126e1051a39Sopenharmony_ci if (!TEST_int_eq(result->servername, test_ctx->expected_servername)) { 127e1051a39Sopenharmony_ci TEST_info("Client ServerName mismatch, expected %s, got %s.", 128e1051a39Sopenharmony_ci ssl_servername_name(test_ctx->expected_servername), 129e1051a39Sopenharmony_ci ssl_servername_name(result->servername)); 130e1051a39Sopenharmony_ci return 0; 131e1051a39Sopenharmony_ci } 132e1051a39Sopenharmony_ci return 1; 133e1051a39Sopenharmony_ci} 134e1051a39Sopenharmony_ci 135e1051a39Sopenharmony_cistatic int check_session_ticket(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) 136e1051a39Sopenharmony_ci{ 137e1051a39Sopenharmony_ci if (test_ctx->session_ticket_expected == SSL_TEST_SESSION_TICKET_IGNORE) 138e1051a39Sopenharmony_ci return 1; 139e1051a39Sopenharmony_ci if (!TEST_int_eq(result->session_ticket, 140e1051a39Sopenharmony_ci test_ctx->session_ticket_expected)) { 141e1051a39Sopenharmony_ci TEST_info("Client SessionTicketExpected mismatch, expected %s, got %s.", 142e1051a39Sopenharmony_ci ssl_session_ticket_name(test_ctx->session_ticket_expected), 143e1051a39Sopenharmony_ci ssl_session_ticket_name(result->session_ticket)); 144e1051a39Sopenharmony_ci return 0; 145e1051a39Sopenharmony_ci } 146e1051a39Sopenharmony_ci return 1; 147e1051a39Sopenharmony_ci} 148e1051a39Sopenharmony_ci 149e1051a39Sopenharmony_cistatic int check_session_id(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) 150e1051a39Sopenharmony_ci{ 151e1051a39Sopenharmony_ci if (test_ctx->session_id_expected == SSL_TEST_SESSION_ID_IGNORE) 152e1051a39Sopenharmony_ci return 1; 153e1051a39Sopenharmony_ci if (!TEST_int_eq(result->session_id, test_ctx->session_id_expected)) { 154e1051a39Sopenharmony_ci TEST_info("Client SessionIdExpected mismatch, expected %s, got %s\n.", 155e1051a39Sopenharmony_ci ssl_session_id_name(test_ctx->session_id_expected), 156e1051a39Sopenharmony_ci ssl_session_id_name(result->session_id)); 157e1051a39Sopenharmony_ci return 0; 158e1051a39Sopenharmony_ci } 159e1051a39Sopenharmony_ci return 1; 160e1051a39Sopenharmony_ci} 161e1051a39Sopenharmony_ci 162e1051a39Sopenharmony_cistatic int check_compression(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) 163e1051a39Sopenharmony_ci{ 164e1051a39Sopenharmony_ci if (!TEST_int_eq(result->compression, test_ctx->compression_expected)) 165e1051a39Sopenharmony_ci return 0; 166e1051a39Sopenharmony_ci return 1; 167e1051a39Sopenharmony_ci} 168e1051a39Sopenharmony_ci#ifndef OPENSSL_NO_NEXTPROTONEG 169e1051a39Sopenharmony_cistatic int check_npn(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) 170e1051a39Sopenharmony_ci{ 171e1051a39Sopenharmony_ci int ret = 1; 172e1051a39Sopenharmony_ci if (!TEST_str_eq(result->client_npn_negotiated, 173e1051a39Sopenharmony_ci result->server_npn_negotiated)) 174e1051a39Sopenharmony_ci ret = 0; 175e1051a39Sopenharmony_ci if (!TEST_str_eq(test_ctx->expected_npn_protocol, 176e1051a39Sopenharmony_ci result->client_npn_negotiated)) 177e1051a39Sopenharmony_ci ret = 0; 178e1051a39Sopenharmony_ci return ret; 179e1051a39Sopenharmony_ci} 180e1051a39Sopenharmony_ci#endif 181e1051a39Sopenharmony_ci 182e1051a39Sopenharmony_cistatic int check_alpn(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) 183e1051a39Sopenharmony_ci{ 184e1051a39Sopenharmony_ci int ret = 1; 185e1051a39Sopenharmony_ci if (!TEST_str_eq(result->client_alpn_negotiated, 186e1051a39Sopenharmony_ci result->server_alpn_negotiated)) 187e1051a39Sopenharmony_ci ret = 0; 188e1051a39Sopenharmony_ci if (!TEST_str_eq(test_ctx->expected_alpn_protocol, 189e1051a39Sopenharmony_ci result->client_alpn_negotiated)) 190e1051a39Sopenharmony_ci ret = 0; 191e1051a39Sopenharmony_ci return ret; 192e1051a39Sopenharmony_ci} 193e1051a39Sopenharmony_ci 194e1051a39Sopenharmony_cistatic int check_session_ticket_app_data(HANDSHAKE_RESULT *result, 195e1051a39Sopenharmony_ci SSL_TEST_CTX *test_ctx) 196e1051a39Sopenharmony_ci{ 197e1051a39Sopenharmony_ci size_t result_len = 0; 198e1051a39Sopenharmony_ci size_t expected_len = 0; 199e1051a39Sopenharmony_ci 200e1051a39Sopenharmony_ci /* consider empty and NULL strings to be the same */ 201e1051a39Sopenharmony_ci if (result->result_session_ticket_app_data != NULL) 202e1051a39Sopenharmony_ci result_len = strlen(result->result_session_ticket_app_data); 203e1051a39Sopenharmony_ci if (test_ctx->expected_session_ticket_app_data != NULL) 204e1051a39Sopenharmony_ci expected_len = strlen(test_ctx->expected_session_ticket_app_data); 205e1051a39Sopenharmony_ci if (result_len == 0 && expected_len == 0) 206e1051a39Sopenharmony_ci return 1; 207e1051a39Sopenharmony_ci 208e1051a39Sopenharmony_ci if (!TEST_str_eq(result->result_session_ticket_app_data, 209e1051a39Sopenharmony_ci test_ctx->expected_session_ticket_app_data)) 210e1051a39Sopenharmony_ci return 0; 211e1051a39Sopenharmony_ci 212e1051a39Sopenharmony_ci return 1; 213e1051a39Sopenharmony_ci} 214e1051a39Sopenharmony_ci 215e1051a39Sopenharmony_cistatic int check_resumption(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) 216e1051a39Sopenharmony_ci{ 217e1051a39Sopenharmony_ci if (!TEST_int_eq(result->client_resumed, result->server_resumed)) 218e1051a39Sopenharmony_ci return 0; 219e1051a39Sopenharmony_ci if (!TEST_int_eq(result->client_resumed, test_ctx->resumption_expected)) 220e1051a39Sopenharmony_ci return 0; 221e1051a39Sopenharmony_ci return 1; 222e1051a39Sopenharmony_ci} 223e1051a39Sopenharmony_ci 224e1051a39Sopenharmony_cistatic int check_nid(const char *name, int expected_nid, int nid) 225e1051a39Sopenharmony_ci{ 226e1051a39Sopenharmony_ci if (expected_nid == 0 || expected_nid == nid) 227e1051a39Sopenharmony_ci return 1; 228e1051a39Sopenharmony_ci TEST_error("%s type mismatch, %s vs %s\n", 229e1051a39Sopenharmony_ci name, OBJ_nid2ln(expected_nid), 230e1051a39Sopenharmony_ci nid == NID_undef ? "absent" : OBJ_nid2ln(nid)); 231e1051a39Sopenharmony_ci return 0; 232e1051a39Sopenharmony_ci} 233e1051a39Sopenharmony_ci 234e1051a39Sopenharmony_cistatic void print_ca_names(STACK_OF(X509_NAME) *names) 235e1051a39Sopenharmony_ci{ 236e1051a39Sopenharmony_ci int i; 237e1051a39Sopenharmony_ci 238e1051a39Sopenharmony_ci if (names == NULL || sk_X509_NAME_num(names) == 0) { 239e1051a39Sopenharmony_ci TEST_note(" <empty>"); 240e1051a39Sopenharmony_ci return; 241e1051a39Sopenharmony_ci } 242e1051a39Sopenharmony_ci for (i = 0; i < sk_X509_NAME_num(names); i++) { 243e1051a39Sopenharmony_ci X509_NAME_print_ex(bio_err, sk_X509_NAME_value(names, i), 4, 244e1051a39Sopenharmony_ci XN_FLAG_ONELINE); 245e1051a39Sopenharmony_ci BIO_puts(bio_err, "\n"); 246e1051a39Sopenharmony_ci } 247e1051a39Sopenharmony_ci} 248e1051a39Sopenharmony_ci 249e1051a39Sopenharmony_cistatic int check_ca_names(const char *name, 250e1051a39Sopenharmony_ci STACK_OF(X509_NAME) *expected_names, 251e1051a39Sopenharmony_ci STACK_OF(X509_NAME) *names) 252e1051a39Sopenharmony_ci{ 253e1051a39Sopenharmony_ci int i; 254e1051a39Sopenharmony_ci 255e1051a39Sopenharmony_ci if (expected_names == NULL) 256e1051a39Sopenharmony_ci return 1; 257e1051a39Sopenharmony_ci if (names == NULL || sk_X509_NAME_num(names) == 0) { 258e1051a39Sopenharmony_ci if (TEST_int_eq(sk_X509_NAME_num(expected_names), 0)) 259e1051a39Sopenharmony_ci return 1; 260e1051a39Sopenharmony_ci goto err; 261e1051a39Sopenharmony_ci } 262e1051a39Sopenharmony_ci if (sk_X509_NAME_num(names) != sk_X509_NAME_num(expected_names)) 263e1051a39Sopenharmony_ci goto err; 264e1051a39Sopenharmony_ci for (i = 0; i < sk_X509_NAME_num(names); i++) { 265e1051a39Sopenharmony_ci if (!TEST_int_eq(X509_NAME_cmp(sk_X509_NAME_value(names, i), 266e1051a39Sopenharmony_ci sk_X509_NAME_value(expected_names, i)), 267e1051a39Sopenharmony_ci 0)) { 268e1051a39Sopenharmony_ci goto err; 269e1051a39Sopenharmony_ci } 270e1051a39Sopenharmony_ci } 271e1051a39Sopenharmony_ci return 1; 272e1051a39Sopenharmony_cierr: 273e1051a39Sopenharmony_ci TEST_info("%s: list mismatch", name); 274e1051a39Sopenharmony_ci TEST_note("Expected Names:"); 275e1051a39Sopenharmony_ci print_ca_names(expected_names); 276e1051a39Sopenharmony_ci TEST_note("Received Names:"); 277e1051a39Sopenharmony_ci print_ca_names(names); 278e1051a39Sopenharmony_ci return 0; 279e1051a39Sopenharmony_ci} 280e1051a39Sopenharmony_ci 281e1051a39Sopenharmony_cistatic int check_tmp_key(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) 282e1051a39Sopenharmony_ci{ 283e1051a39Sopenharmony_ci return check_nid("Tmp key", test_ctx->expected_tmp_key_type, 284e1051a39Sopenharmony_ci result->tmp_key_type); 285e1051a39Sopenharmony_ci} 286e1051a39Sopenharmony_ci 287e1051a39Sopenharmony_cistatic int check_server_cert_type(HANDSHAKE_RESULT *result, 288e1051a39Sopenharmony_ci SSL_TEST_CTX *test_ctx) 289e1051a39Sopenharmony_ci{ 290e1051a39Sopenharmony_ci return check_nid("Server certificate", test_ctx->expected_server_cert_type, 291e1051a39Sopenharmony_ci result->server_cert_type); 292e1051a39Sopenharmony_ci} 293e1051a39Sopenharmony_ci 294e1051a39Sopenharmony_cistatic int check_server_sign_hash(HANDSHAKE_RESULT *result, 295e1051a39Sopenharmony_ci SSL_TEST_CTX *test_ctx) 296e1051a39Sopenharmony_ci{ 297e1051a39Sopenharmony_ci return check_nid("Server signing hash", test_ctx->expected_server_sign_hash, 298e1051a39Sopenharmony_ci result->server_sign_hash); 299e1051a39Sopenharmony_ci} 300e1051a39Sopenharmony_ci 301e1051a39Sopenharmony_cistatic int check_server_sign_type(HANDSHAKE_RESULT *result, 302e1051a39Sopenharmony_ci SSL_TEST_CTX *test_ctx) 303e1051a39Sopenharmony_ci{ 304e1051a39Sopenharmony_ci return check_nid("Server signing", test_ctx->expected_server_sign_type, 305e1051a39Sopenharmony_ci result->server_sign_type); 306e1051a39Sopenharmony_ci} 307e1051a39Sopenharmony_ci 308e1051a39Sopenharmony_cistatic int check_server_ca_names(HANDSHAKE_RESULT *result, 309e1051a39Sopenharmony_ci SSL_TEST_CTX *test_ctx) 310e1051a39Sopenharmony_ci{ 311e1051a39Sopenharmony_ci return check_ca_names("Server CA names", 312e1051a39Sopenharmony_ci test_ctx->expected_server_ca_names, 313e1051a39Sopenharmony_ci result->server_ca_names); 314e1051a39Sopenharmony_ci} 315e1051a39Sopenharmony_ci 316e1051a39Sopenharmony_cistatic int check_client_cert_type(HANDSHAKE_RESULT *result, 317e1051a39Sopenharmony_ci SSL_TEST_CTX *test_ctx) 318e1051a39Sopenharmony_ci{ 319e1051a39Sopenharmony_ci return check_nid("Client certificate", test_ctx->expected_client_cert_type, 320e1051a39Sopenharmony_ci result->client_cert_type); 321e1051a39Sopenharmony_ci} 322e1051a39Sopenharmony_ci 323e1051a39Sopenharmony_cistatic int check_client_sign_hash(HANDSHAKE_RESULT *result, 324e1051a39Sopenharmony_ci SSL_TEST_CTX *test_ctx) 325e1051a39Sopenharmony_ci{ 326e1051a39Sopenharmony_ci return check_nid("Client signing hash", test_ctx->expected_client_sign_hash, 327e1051a39Sopenharmony_ci result->client_sign_hash); 328e1051a39Sopenharmony_ci} 329e1051a39Sopenharmony_ci 330e1051a39Sopenharmony_cistatic int check_client_sign_type(HANDSHAKE_RESULT *result, 331e1051a39Sopenharmony_ci SSL_TEST_CTX *test_ctx) 332e1051a39Sopenharmony_ci{ 333e1051a39Sopenharmony_ci return check_nid("Client signing", test_ctx->expected_client_sign_type, 334e1051a39Sopenharmony_ci result->client_sign_type); 335e1051a39Sopenharmony_ci} 336e1051a39Sopenharmony_ci 337e1051a39Sopenharmony_cistatic int check_client_ca_names(HANDSHAKE_RESULT *result, 338e1051a39Sopenharmony_ci SSL_TEST_CTX *test_ctx) 339e1051a39Sopenharmony_ci{ 340e1051a39Sopenharmony_ci return check_ca_names("Client CA names", 341e1051a39Sopenharmony_ci test_ctx->expected_client_ca_names, 342e1051a39Sopenharmony_ci result->client_ca_names); 343e1051a39Sopenharmony_ci} 344e1051a39Sopenharmony_ci 345e1051a39Sopenharmony_cistatic int check_cipher(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) 346e1051a39Sopenharmony_ci{ 347e1051a39Sopenharmony_ci if (test_ctx->expected_cipher == NULL) 348e1051a39Sopenharmony_ci return 1; 349e1051a39Sopenharmony_ci if (!TEST_ptr(result->cipher)) 350e1051a39Sopenharmony_ci return 0; 351e1051a39Sopenharmony_ci if (!TEST_str_eq(test_ctx->expected_cipher, 352e1051a39Sopenharmony_ci result->cipher)) 353e1051a39Sopenharmony_ci return 0; 354e1051a39Sopenharmony_ci return 1; 355e1051a39Sopenharmony_ci} 356e1051a39Sopenharmony_ci 357e1051a39Sopenharmony_ci/* 358e1051a39Sopenharmony_ci * This could be further simplified by constructing an expected 359e1051a39Sopenharmony_ci * HANDSHAKE_RESULT, and implementing comparison methods for 360e1051a39Sopenharmony_ci * its fields. 361e1051a39Sopenharmony_ci */ 362e1051a39Sopenharmony_cistatic int check_test(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx) 363e1051a39Sopenharmony_ci{ 364e1051a39Sopenharmony_ci int ret = 1; 365e1051a39Sopenharmony_ci ret &= check_result(result, test_ctx); 366e1051a39Sopenharmony_ci ret &= check_alerts(result, test_ctx); 367e1051a39Sopenharmony_ci if (result->result == SSL_TEST_SUCCESS) { 368e1051a39Sopenharmony_ci ret &= check_protocol(result, test_ctx); 369e1051a39Sopenharmony_ci ret &= check_servername(result, test_ctx); 370e1051a39Sopenharmony_ci ret &= check_session_ticket(result, test_ctx); 371e1051a39Sopenharmony_ci ret &= check_compression(result, test_ctx); 372e1051a39Sopenharmony_ci ret &= check_session_id(result, test_ctx); 373e1051a39Sopenharmony_ci ret &= (result->session_ticket_do_not_call == 0); 374e1051a39Sopenharmony_ci#ifndef OPENSSL_NO_NEXTPROTONEG 375e1051a39Sopenharmony_ci ret &= check_npn(result, test_ctx); 376e1051a39Sopenharmony_ci#endif 377e1051a39Sopenharmony_ci ret &= check_cipher(result, test_ctx); 378e1051a39Sopenharmony_ci ret &= check_alpn(result, test_ctx); 379e1051a39Sopenharmony_ci ret &= check_session_ticket_app_data(result, test_ctx); 380e1051a39Sopenharmony_ci ret &= check_resumption(result, test_ctx); 381e1051a39Sopenharmony_ci ret &= check_tmp_key(result, test_ctx); 382e1051a39Sopenharmony_ci ret &= check_server_cert_type(result, test_ctx); 383e1051a39Sopenharmony_ci ret &= check_server_sign_hash(result, test_ctx); 384e1051a39Sopenharmony_ci ret &= check_server_sign_type(result, test_ctx); 385e1051a39Sopenharmony_ci ret &= check_server_ca_names(result, test_ctx); 386e1051a39Sopenharmony_ci ret &= check_client_cert_type(result, test_ctx); 387e1051a39Sopenharmony_ci ret &= check_client_sign_hash(result, test_ctx); 388e1051a39Sopenharmony_ci ret &= check_client_sign_type(result, test_ctx); 389e1051a39Sopenharmony_ci ret &= check_client_ca_names(result, test_ctx); 390e1051a39Sopenharmony_ci } 391e1051a39Sopenharmony_ci return ret; 392e1051a39Sopenharmony_ci} 393e1051a39Sopenharmony_ci 394e1051a39Sopenharmony_cistatic int test_handshake(int idx) 395e1051a39Sopenharmony_ci{ 396e1051a39Sopenharmony_ci int ret = 0; 397e1051a39Sopenharmony_ci SSL_CTX *server_ctx = NULL, *server2_ctx = NULL, *client_ctx = NULL, 398e1051a39Sopenharmony_ci *resume_server_ctx = NULL, *resume_client_ctx = NULL; 399e1051a39Sopenharmony_ci SSL_TEST_CTX *test_ctx = NULL; 400e1051a39Sopenharmony_ci HANDSHAKE_RESULT *result = NULL; 401e1051a39Sopenharmony_ci char test_app[MAX_TESTCASE_NAME_LENGTH]; 402e1051a39Sopenharmony_ci 403e1051a39Sopenharmony_ci BIO_snprintf(test_app, sizeof(test_app), "test-%d", idx); 404e1051a39Sopenharmony_ci 405e1051a39Sopenharmony_ci test_ctx = SSL_TEST_CTX_create(conf, test_app, libctx); 406e1051a39Sopenharmony_ci if (!TEST_ptr(test_ctx)) 407e1051a39Sopenharmony_ci goto err; 408e1051a39Sopenharmony_ci 409e1051a39Sopenharmony_ci#ifndef OPENSSL_NO_DTLS 410e1051a39Sopenharmony_ci if (test_ctx->method == SSL_TEST_METHOD_DTLS) { 411e1051a39Sopenharmony_ci server_ctx = SSL_CTX_new_ex(libctx, NULL, DTLS_server_method()); 412e1051a39Sopenharmony_ci if (!TEST_true(SSL_CTX_set_options(server_ctx, 413e1051a39Sopenharmony_ci SSL_OP_ALLOW_CLIENT_RENEGOTIATION)) 414e1051a39Sopenharmony_ci || !TEST_true(SSL_CTX_set_max_proto_version(server_ctx, 0))) 415e1051a39Sopenharmony_ci goto err; 416e1051a39Sopenharmony_ci if (test_ctx->extra.server.servername_callback != 417e1051a39Sopenharmony_ci SSL_TEST_SERVERNAME_CB_NONE) { 418e1051a39Sopenharmony_ci if (!TEST_ptr(server2_ctx = 419e1051a39Sopenharmony_ci SSL_CTX_new_ex(libctx, NULL, DTLS_server_method())) 420e1051a39Sopenharmony_ci || !TEST_true(SSL_CTX_set_options(server2_ctx, 421e1051a39Sopenharmony_ci SSL_OP_ALLOW_CLIENT_RENEGOTIATION))) 422e1051a39Sopenharmony_ci goto err; 423e1051a39Sopenharmony_ci } 424e1051a39Sopenharmony_ci client_ctx = SSL_CTX_new_ex(libctx, NULL, DTLS_client_method()); 425e1051a39Sopenharmony_ci if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx, 0))) 426e1051a39Sopenharmony_ci goto err; 427e1051a39Sopenharmony_ci if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) { 428e1051a39Sopenharmony_ci resume_server_ctx = SSL_CTX_new_ex(libctx, NULL, 429e1051a39Sopenharmony_ci DTLS_server_method()); 430e1051a39Sopenharmony_ci if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx, 0)) 431e1051a39Sopenharmony_ci || !TEST_true(SSL_CTX_set_options(resume_server_ctx, 432e1051a39Sopenharmony_ci SSL_OP_ALLOW_CLIENT_RENEGOTIATION))) 433e1051a39Sopenharmony_ci goto err; 434e1051a39Sopenharmony_ci resume_client_ctx = SSL_CTX_new_ex(libctx, NULL, 435e1051a39Sopenharmony_ci DTLS_client_method()); 436e1051a39Sopenharmony_ci if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx, 0))) 437e1051a39Sopenharmony_ci goto err; 438e1051a39Sopenharmony_ci if (!TEST_ptr(resume_server_ctx) 439e1051a39Sopenharmony_ci || !TEST_ptr(resume_client_ctx)) 440e1051a39Sopenharmony_ci goto err; 441e1051a39Sopenharmony_ci } 442e1051a39Sopenharmony_ci } 443e1051a39Sopenharmony_ci#endif 444e1051a39Sopenharmony_ci if (test_ctx->method == SSL_TEST_METHOD_TLS) { 445e1051a39Sopenharmony_ci#if !defined(OPENSSL_NO_TLS1_3) \ 446e1051a39Sopenharmony_ci && defined(OPENSSL_NO_EC) \ 447e1051a39Sopenharmony_ci && defined(OPENSSL_NO_DH) 448e1051a39Sopenharmony_ci /* Without ec or dh there are no built-in groups for TLSv1.3 */ 449e1051a39Sopenharmony_ci int maxversion = TLS1_2_VERSION; 450e1051a39Sopenharmony_ci#else 451e1051a39Sopenharmony_ci int maxversion = 0; 452e1051a39Sopenharmony_ci#endif 453e1051a39Sopenharmony_ci 454e1051a39Sopenharmony_ci server_ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method()); 455e1051a39Sopenharmony_ci if (!TEST_true(SSL_CTX_set_max_proto_version(server_ctx, maxversion)) 456e1051a39Sopenharmony_ci || !TEST_true(SSL_CTX_set_options(server_ctx, 457e1051a39Sopenharmony_ci SSL_OP_ALLOW_CLIENT_RENEGOTIATION))) 458e1051a39Sopenharmony_ci goto err; 459e1051a39Sopenharmony_ci /* SNI on resumption isn't supported/tested yet. */ 460e1051a39Sopenharmony_ci if (test_ctx->extra.server.servername_callback != 461e1051a39Sopenharmony_ci SSL_TEST_SERVERNAME_CB_NONE) { 462e1051a39Sopenharmony_ci if (!TEST_ptr(server2_ctx = 463e1051a39Sopenharmony_ci SSL_CTX_new_ex(libctx, NULL, TLS_server_method())) 464e1051a39Sopenharmony_ci || !TEST_true(SSL_CTX_set_options(server2_ctx, 465e1051a39Sopenharmony_ci SSL_OP_ALLOW_CLIENT_RENEGOTIATION))) 466e1051a39Sopenharmony_ci goto err; 467e1051a39Sopenharmony_ci if (!TEST_true(SSL_CTX_set_max_proto_version(server2_ctx, 468e1051a39Sopenharmony_ci maxversion))) 469e1051a39Sopenharmony_ci goto err; 470e1051a39Sopenharmony_ci } 471e1051a39Sopenharmony_ci client_ctx = SSL_CTX_new_ex(libctx, NULL, TLS_client_method()); 472e1051a39Sopenharmony_ci if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx, maxversion))) 473e1051a39Sopenharmony_ci goto err; 474e1051a39Sopenharmony_ci 475e1051a39Sopenharmony_ci if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) { 476e1051a39Sopenharmony_ci resume_server_ctx = SSL_CTX_new_ex(libctx, NULL, 477e1051a39Sopenharmony_ci TLS_server_method()); 478e1051a39Sopenharmony_ci if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx, 479e1051a39Sopenharmony_ci maxversion)) 480e1051a39Sopenharmony_ci || !TEST_true(SSL_CTX_set_options(resume_server_ctx, 481e1051a39Sopenharmony_ci SSL_OP_ALLOW_CLIENT_RENEGOTIATION))) 482e1051a39Sopenharmony_ci goto err; 483e1051a39Sopenharmony_ci resume_client_ctx = SSL_CTX_new_ex(libctx, NULL, 484e1051a39Sopenharmony_ci TLS_client_method()); 485e1051a39Sopenharmony_ci if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx, 486e1051a39Sopenharmony_ci maxversion))) 487e1051a39Sopenharmony_ci goto err; 488e1051a39Sopenharmony_ci if (!TEST_ptr(resume_server_ctx) 489e1051a39Sopenharmony_ci || !TEST_ptr(resume_client_ctx)) 490e1051a39Sopenharmony_ci goto err; 491e1051a39Sopenharmony_ci } 492e1051a39Sopenharmony_ci } 493e1051a39Sopenharmony_ci 494e1051a39Sopenharmony_ci#ifdef OPENSSL_NO_AUTOLOAD_CONFIG 495e1051a39Sopenharmony_ci if (!TEST_true(OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL))) 496e1051a39Sopenharmony_ci goto err; 497e1051a39Sopenharmony_ci#endif 498e1051a39Sopenharmony_ci 499e1051a39Sopenharmony_ci if (!TEST_ptr(server_ctx) 500e1051a39Sopenharmony_ci || !TEST_ptr(client_ctx) 501e1051a39Sopenharmony_ci || !TEST_int_gt(CONF_modules_load(conf, test_app, 0), 0)) 502e1051a39Sopenharmony_ci goto err; 503e1051a39Sopenharmony_ci 504e1051a39Sopenharmony_ci if (!SSL_CTX_config(server_ctx, "server") 505e1051a39Sopenharmony_ci || !SSL_CTX_config(client_ctx, "client")) { 506e1051a39Sopenharmony_ci goto err; 507e1051a39Sopenharmony_ci } 508e1051a39Sopenharmony_ci 509e1051a39Sopenharmony_ci if (server2_ctx != NULL && !SSL_CTX_config(server2_ctx, "server2")) 510e1051a39Sopenharmony_ci goto err; 511e1051a39Sopenharmony_ci if (resume_server_ctx != NULL 512e1051a39Sopenharmony_ci && !SSL_CTX_config(resume_server_ctx, "resume-server")) 513e1051a39Sopenharmony_ci goto err; 514e1051a39Sopenharmony_ci if (resume_client_ctx != NULL 515e1051a39Sopenharmony_ci && !SSL_CTX_config(resume_client_ctx, "resume-client")) 516e1051a39Sopenharmony_ci goto err; 517e1051a39Sopenharmony_ci 518e1051a39Sopenharmony_ci result = do_handshake(server_ctx, server2_ctx, client_ctx, 519e1051a39Sopenharmony_ci resume_server_ctx, resume_client_ctx, test_ctx); 520e1051a39Sopenharmony_ci 521e1051a39Sopenharmony_ci if (result != NULL) 522e1051a39Sopenharmony_ci ret = check_test(result, test_ctx); 523e1051a39Sopenharmony_ci 524e1051a39Sopenharmony_cierr: 525e1051a39Sopenharmony_ci CONF_modules_unload(0); 526e1051a39Sopenharmony_ci SSL_CTX_free(server_ctx); 527e1051a39Sopenharmony_ci SSL_CTX_free(server2_ctx); 528e1051a39Sopenharmony_ci SSL_CTX_free(client_ctx); 529e1051a39Sopenharmony_ci SSL_CTX_free(resume_server_ctx); 530e1051a39Sopenharmony_ci SSL_CTX_free(resume_client_ctx); 531e1051a39Sopenharmony_ci SSL_TEST_CTX_free(test_ctx); 532e1051a39Sopenharmony_ci HANDSHAKE_RESULT_free(result); 533e1051a39Sopenharmony_ci return ret; 534e1051a39Sopenharmony_ci} 535e1051a39Sopenharmony_ci 536e1051a39Sopenharmony_ci#define USAGE "conf_file module_name [module_conf_file]\n" 537e1051a39Sopenharmony_ciOPT_TEST_DECLARE_USAGE(USAGE) 538e1051a39Sopenharmony_ci 539e1051a39Sopenharmony_ciint setup_tests(void) 540e1051a39Sopenharmony_ci{ 541e1051a39Sopenharmony_ci long num_tests; 542e1051a39Sopenharmony_ci 543e1051a39Sopenharmony_ci if (!test_skip_common_options()) { 544e1051a39Sopenharmony_ci TEST_error("Error parsing test options\n"); 545e1051a39Sopenharmony_ci return 0; 546e1051a39Sopenharmony_ci } 547e1051a39Sopenharmony_ci 548e1051a39Sopenharmony_ci if (!TEST_ptr(conf = NCONF_new(NULL)) 549e1051a39Sopenharmony_ci /* argv[1] should point to the test conf file */ 550e1051a39Sopenharmony_ci || !TEST_int_gt(NCONF_load(conf, test_get_argument(0), NULL), 0) 551e1051a39Sopenharmony_ci || !TEST_int_ne(NCONF_get_number_e(conf, NULL, "num_tests", 552e1051a39Sopenharmony_ci &num_tests), 0)) { 553e1051a39Sopenharmony_ci TEST_error("usage: ssl_test %s", USAGE); 554e1051a39Sopenharmony_ci return 0; 555e1051a39Sopenharmony_ci } 556e1051a39Sopenharmony_ci 557e1051a39Sopenharmony_ci if (!test_arg_libctx(&libctx, &defctxnull, &thisprov, 1, USAGE)) 558e1051a39Sopenharmony_ci return 0; 559e1051a39Sopenharmony_ci 560e1051a39Sopenharmony_ci ADD_ALL_TESTS(test_handshake, (int)num_tests); 561e1051a39Sopenharmony_ci return 1; 562e1051a39Sopenharmony_ci} 563e1051a39Sopenharmony_ci 564e1051a39Sopenharmony_civoid cleanup_tests(void) 565e1051a39Sopenharmony_ci{ 566e1051a39Sopenharmony_ci NCONF_free(conf); 567e1051a39Sopenharmony_ci OSSL_PROVIDER_unload(defctxnull); 568e1051a39Sopenharmony_ci OSSL_PROVIDER_unload(thisprov); 569e1051a39Sopenharmony_ci OSSL_LIB_CTX_free(libctx); 570e1051a39Sopenharmony_ci} 571