Session Ticket app data

[openssl.git] / test / ssl_test.c

diff --git a/test/ssl_test.c b/test/ssl_test.c
index 387f3a65577478af70c650a32ee6a610da90b9e7..778c3303131f38bb5dec9175be46d75fa418ac38 100644 (file)
--- a/test/ssl_test.c
+++ b/test/ssl_test.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -17,7 +17,6 @@
 #include "handshake_helper.h"
 #include "ssl_test_ctx.h"
 #include "testutil.h"
-#include "test_main_custom.h"
 
 static CONF *conf = NULL;
 
@@ -31,10 +30,10 @@ static const char *print_alert(int alert)
 
 static int check_result(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
 {
-    if (result->result != test_ctx->expected_result) {
-        fprintf(stderr, "ExpectedResult mismatch: expected %s, got %s.\n",
-                ssl_test_result_name(test_ctx->expected_result),
-                ssl_test_result_name(result->result));
+    if (!TEST_int_eq(result->result, test_ctx->expected_result)) {
+        TEST_info("ExpectedResult mismatch: expected %s, got %s.",
+                  ssl_test_result_name(test_ctx->expected_result),
+                  ssl_test_result_name(result->result));
         return 0;
     }
     return 1;
@@ -42,10 +41,11 @@ static int check_result(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
 
 static int check_alerts(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
 {
-    if (result->client_alert_sent != result->client_alert_received) {
-        fprintf(stderr, "Client sent alert %s but server received %s\n.",
-                print_alert(result->client_alert_sent),
-                print_alert(result->client_alert_received));
+    if (!TEST_int_eq(result->client_alert_sent,
+                     result->client_alert_received)) {
+        TEST_info("Client sent alert %s but server received %s.",
+                  print_alert(result->client_alert_sent),
+                  print_alert(result->client_alert_received));
         /*
          * We can't bail here because the peer doesn't always get far enough
          * to process a received alert. Specifically, in protocol version
@@ -60,10 +60,11 @@ static int check_alerts(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
         /* return 0; */
     }
 
-    if (result->server_alert_sent != result->server_alert_received) {
-        fprintf(stderr, "Server sent alert %s but client received %s\n.",
-                print_alert(result->server_alert_sent),
-                print_alert(result->server_alert_received));
+    if (!TEST_int_eq(result->server_alert_sent,
+                     result->server_alert_received)) {
+        TEST_info("Server sent alert %s but client received %s.",
+                  print_alert(result->server_alert_sent),
+                  print_alert(result->server_alert_received));
         /* return 0; */
     }
 
@@ -75,47 +76,42 @@ static int check_alerts(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
          * where the low byte is the alert code and the high byte is other stuff.
          */
         && (result->client_alert_sent & 0xff) != test_ctx->expected_client_alert) {
-        fprintf(stderr, "ClientAlert mismatch: expected %s, got %s.\n",
-                print_alert(test_ctx->expected_client_alert),
-                print_alert(result->client_alert_sent));
+        TEST_error("ClientAlert mismatch: expected %s, got %s.",
+                   print_alert(test_ctx->expected_client_alert),
+                   print_alert(result->client_alert_sent));
         return 0;
     }
 
     if (test_ctx->expected_server_alert
         && (result->server_alert_sent & 0xff) != test_ctx->expected_server_alert) {
-        fprintf(stderr, "ServerAlert mismatch: expected %s, got %s.\n",
-                print_alert(test_ctx->expected_server_alert),
-                print_alert(result->server_alert_sent));
+        TEST_error("ServerAlert mismatch: expected %s, got %s.",
+                   print_alert(test_ctx->expected_server_alert),
+                   print_alert(result->server_alert_sent));
         return 0;
     }
 
-    if (result->client_num_fatal_alerts_sent > 1) {
-        fprintf(stderr, "Client sent %d fatal alerts.\n",
-                result->client_num_fatal_alerts_sent);
+    if (!TEST_int_le(result->client_num_fatal_alerts_sent, 1))
         return 0;
-    }
-    if (result->server_num_fatal_alerts_sent > 1) {
-        fprintf(stderr, "Server sent %d alerts.\n",
-                result->server_num_fatal_alerts_sent);
+    if (!TEST_int_le(result->server_num_fatal_alerts_sent, 1))
         return 0;
-    }
     return 1;
 }
 
 static int check_protocol(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
 {
-    if (result->client_protocol != result->server_protocol) {
-        fprintf(stderr, "Client has protocol %s but server has %s\n.",
-                ssl_protocol_name(result->client_protocol),
-                ssl_protocol_name(result->server_protocol));
+    if (!TEST_int_eq(result->client_protocol, result->server_protocol)) {
+        TEST_info("Client has protocol %s but server has %s.",
+                  ssl_protocol_name(result->client_protocol),
+                  ssl_protocol_name(result->server_protocol));
         return 0;
     }
 
     if (test_ctx->expected_protocol) {
-        if (result->client_protocol != test_ctx->expected_protocol) {
-            fprintf(stderr, "Protocol mismatch: expected %s, got %s.\n",
-                    ssl_protocol_name(test_ctx->expected_protocol),
-                    ssl_protocol_name(result->client_protocol));
+        if (!TEST_int_eq(result->client_protocol,
+                         test_ctx->expected_protocol)) {
+            TEST_info("Protocol mismatch: expected %s, got %s.\n",
+                      ssl_protocol_name(test_ctx->expected_protocol),
+                      ssl_protocol_name(result->client_protocol));
             return 0;
         }
     }
@@ -124,10 +120,10 @@ static int check_protocol(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
 
 static int check_servername(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
 {
-    if (result->servername != test_ctx->expected_servername) {
-      fprintf(stderr, "Client ServerName mismatch, expected %s, got %s\n.",
-              ssl_servername_name(test_ctx->expected_servername),
-              ssl_servername_name(result->servername));
+    if (!TEST_int_eq(result->servername, test_ctx->expected_servername)) {
+      TEST_info("Client ServerName mismatch, expected %s, got %s.",
+                ssl_servername_name(test_ctx->expected_servername),
+                ssl_servername_name(result->servername));
       return 0;
     }
   return 1;
@@ -137,35 +133,45 @@ static int check_session_ticket(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx
 {
     if (test_ctx->session_ticket_expected == SSL_TEST_SESSION_TICKET_IGNORE)
         return 1;
-    if (result->session_ticket != test_ctx->session_ticket_expected) {
-        fprintf(stderr, "Client SessionTicketExpected mismatch, expected %s, got %s\n.",
-                ssl_session_ticket_name(test_ctx->session_ticket_expected),
-                ssl_session_ticket_name(result->session_ticket));
+    if (!TEST_int_eq(result->session_ticket,
+                     test_ctx->session_ticket_expected)) {
+        TEST_info("Client SessionTicketExpected mismatch, expected %s, got %s.",
+                  ssl_session_ticket_name(test_ctx->session_ticket_expected),
+                  ssl_session_ticket_name(result->session_ticket));
         return 0;
     }
     return 1;
 }
 
-static int check_compression(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
+static int check_session_id(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
 {
-    if (result->compression != test_ctx->compression_expected) {
-        fprintf(stderr, "Client CompressionExpected mismatch, expected %d, got %d\n.",
-                test_ctx->compression_expected,
-                result->compression);
+    if (test_ctx->session_id_expected == SSL_TEST_SESSION_ID_IGNORE)
+        return 1;
+    if (!TEST_int_eq(result->session_id, test_ctx->session_id_expected)) {
+        TEST_info("Client SessionIdExpected mismatch, expected %s, got %s\n.",
+                ssl_session_id_name(test_ctx->session_id_expected),
+                ssl_session_id_name(result->session_id));
         return 0;
     }
     return 1;
 }
+
+static int check_compression(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
+{
+    if (!TEST_int_eq(result->compression, test_ctx->compression_expected))
+        return 0;
+    return 1;
+}
 #ifndef OPENSSL_NO_NEXTPROTONEG
 static int check_npn(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
 {
     int ret = 1;
-    ret &= strings_equal("NPN Negotiated (client vs server)",
-                         result->client_npn_negotiated,
-                         result->server_npn_negotiated);
-    ret &= strings_equal("ExpectedNPNProtocol",
-                         test_ctx->expected_npn_protocol,
-                         result->client_npn_negotiated);
+    if (!TEST_str_eq(result->client_npn_negotiated,
+                     result->server_npn_negotiated))
+        ret = 0;
+    if (!TEST_str_eq(test_ctx->expected_npn_protocol,
+                     result->client_npn_negotiated))
+        ret = 0;
     return ret;
 }
 #endif
@@ -173,27 +179,42 @@ static int check_npn(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
 static int check_alpn(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
 {
     int ret = 1;
-    ret &= strings_equal("ALPN Negotiated (client vs server)",
-                         result->client_alpn_negotiated,
-                         result->server_alpn_negotiated);
-    ret &= strings_equal("ExpectedALPNProtocol",
-                         test_ctx->expected_alpn_protocol,
-                         result->client_alpn_negotiated);
+    if (!TEST_str_eq(result->client_alpn_negotiated,
+                     result->server_alpn_negotiated))
+        ret = 0;
+    if (!TEST_str_eq(test_ctx->expected_alpn_protocol,
+                     result->client_alpn_negotiated))
+        ret = 0;
     return ret;
 }
 
+static int check_session_ticket_app_data(HANDSHAKE_RESULT *result,
+                                         SSL_TEST_CTX *test_ctx)
+{
+    size_t result_len = 0;
+    size_t expected_len = 0;
+
+    /* consider empty and NULL strings to be the same */
+    if (result->result_session_ticket_app_data != NULL)
+        result_len = strlen(result->result_session_ticket_app_data);
+    if (test_ctx->expected_session_ticket_app_data != NULL)
+        expected_len = strlen(test_ctx->expected_session_ticket_app_data);
+    if (result_len == 0 && expected_len == 0)
+        return 1;
+
+    if (!TEST_str_eq(result->result_session_ticket_app_data,
+                     test_ctx->expected_session_ticket_app_data))
+        return 0;
+
+    return 1;
+}
+
 static int check_resumption(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
 {
-    if (result->client_resumed != result->server_resumed) {
-        fprintf(stderr, "Resumption mismatch (client vs server): %d vs %d\n",
-                result->client_resumed, result->server_resumed);
+    if (!TEST_int_eq(result->client_resumed, result->server_resumed))
         return 0;
-    }
-    if (result->client_resumed != test_ctx->resumption_expected) {
-        fprintf(stderr, "ResumptionExpected mismatch: %d vs %d\n",
-                test_ctx->resumption_expected, result->client_resumed);
+    if (!TEST_int_eq(result->client_resumed, test_ctx->resumption_expected))
         return 0;
-    }
     return 1;
 }
 
@@ -201,9 +222,56 @@ static int check_nid(const char *name, int expected_nid, int nid)
 {
     if (expected_nid == 0 || expected_nid == nid)
         return 1;
-    fprintf(stderr, "%s type mismatch, %s vs %s\n",
-            name, OBJ_nid2ln(expected_nid),
-            nid == NID_undef ? "absent" : OBJ_nid2ln(nid));
+    TEST_error("%s type mismatch, %s vs %s\n",
+               name, OBJ_nid2ln(expected_nid),
+               nid == NID_undef ? "absent" : OBJ_nid2ln(nid));
+    return 0;
+}
+
+static void print_ca_names(STACK_OF(X509_NAME) *names)
+{
+    int i;
+
+    if (names == NULL || sk_X509_NAME_num(names) == 0) {
+        TEST_note("    <empty>");
+        return;
+    }
+    for (i = 0; i < sk_X509_NAME_num(names); i++) {
+        X509_NAME_print_ex(bio_err, sk_X509_NAME_value(names, i), 4,
+                           XN_FLAG_ONELINE);
+        BIO_puts(bio_err, "\n");
+    }
+}
+
+static int check_ca_names(const char *name,
+                          STACK_OF(X509_NAME) *expected_names,
+                          STACK_OF(X509_NAME) *names)
+{
+    int i;
+
+    if (expected_names == NULL)
+        return 1;
+    if (names == NULL || sk_X509_NAME_num(names) == 0) {
+        if (TEST_int_eq(sk_X509_NAME_num(expected_names), 0))
+            return 1;
+        goto err;
+    }
+    if (sk_X509_NAME_num(names) != sk_X509_NAME_num(expected_names))
+        goto err;
+    for (i = 0; i < sk_X509_NAME_num(names); i++) {
+        if (!TEST_int_eq(X509_NAME_cmp(sk_X509_NAME_value(names, i),
+                                       sk_X509_NAME_value(expected_names, i)),
+                         0)) {
+            goto err;
+        }
+    }
+    return 1;
+err:
+    TEST_info("%s: list mismatch", name);
+    TEST_note("Expected Names:");
+    print_ca_names(expected_names);
+    TEST_note("Received Names:");
+    print_ca_names(names);
     return 0;
 }
 
@@ -234,6 +302,14 @@ static int check_server_sign_type(HANDSHAKE_RESULT *result,
                      result->server_sign_type);
 }
 
+static int check_server_ca_names(HANDSHAKE_RESULT *result,
+                                 SSL_TEST_CTX *test_ctx)
+{
+    return check_ca_names("Server CA names",
+                          test_ctx->expected_server_ca_names,
+                          result->server_ca_names);
+}
+
 static int check_client_cert_type(HANDSHAKE_RESULT *result,
                                   SSL_TEST_CTX *test_ctx)
 {
@@ -255,54 +331,6 @@ static int check_client_sign_type(HANDSHAKE_RESULT *result,
                      result->client_sign_type);
 }
 
-static void print_ca_names(STACK_OF(X509_NAME) *names)
-{
-    BIO *err;
-    int i;
-
-    if (names == NULL || sk_X509_NAME_num(names) == 0) {
-        fprintf(stderr, "    <empty>\n");
-        return;
-    }
-    err = BIO_new_fp(stderr, BIO_NOCLOSE);
-    for (i = 0; i < sk_X509_NAME_num(names); i++) {
-        X509_NAME_print_ex(err, sk_X509_NAME_value(names, i), 4,
-                           XN_FLAG_ONELINE);
-        BIO_puts(err, "\n");
-    }
-    BIO_free(err);
-}
-
-static int check_ca_names(const char *name,
-                          STACK_OF(X509_NAME) *expected_names,
-                          STACK_OF(X509_NAME) *names)
-{
-    int i;
-
-    if (expected_names == NULL)
-        return 1;
-    if (names == NULL || sk_X509_NAME_num(names) == 0) {
-        if (sk_X509_NAME_num(expected_names) == 0)
-            return 1;
-        goto err;
-    }
-    if (sk_X509_NAME_num(names) != sk_X509_NAME_num(expected_names))
-        goto err;
-    for (i = 0; i < sk_X509_NAME_num(names); i++) {
-        if (X509_NAME_cmp(sk_X509_NAME_value(names, i),
-                          sk_X509_NAME_value(expected_names, i)) != 0) {
-            goto err;
-        }
-    }
-    return 1;
-    err:
-    fprintf(stderr, "%s: list mismatch\nExpected Names:\n", name);
-    print_ca_names(expected_names);
-    fprintf(stderr, "Received Names:\n");
-    print_ca_names(names);
-    return 0;
-}
-
 static int check_client_ca_names(HANDSHAKE_RESULT *result,
                                  SSL_TEST_CTX *test_ctx)
 {
@@ -311,6 +339,18 @@ static int check_client_ca_names(HANDSHAKE_RESULT *result,
                           result->client_ca_names);
 }
 
+static int check_cipher(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
+{
+    if (test_ctx->expected_cipher == NULL)
+        return 1;
+    if (!TEST_ptr(result->cipher))
+        return 0;
+    if (!TEST_str_eq(test_ctx->expected_cipher,
+                     result->cipher))
+        return 0;
+    return 1;
+}
+
 /*
  * This could be further simplified by constructing an expected
  * HANDSHAKE_RESULT, and implementing comparison methods for
@@ -326,16 +366,20 @@ static int check_test(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
         ret &= check_servername(result, test_ctx);
         ret &= check_session_ticket(result, test_ctx);
         ret &= check_compression(result, test_ctx);
+        ret &= check_session_id(result, test_ctx);
         ret &= (result->session_ticket_do_not_call == 0);
 #ifndef OPENSSL_NO_NEXTPROTONEG
         ret &= check_npn(result, test_ctx);
 #endif
+        ret &= check_cipher(result, test_ctx);
         ret &= check_alpn(result, test_ctx);
+        ret &= check_session_ticket_app_data(result, test_ctx);
         ret &= check_resumption(result, test_ctx);
         ret &= check_tmp_key(result, test_ctx);
         ret &= check_server_cert_type(result, test_ctx);
         ret &= check_server_sign_hash(result, test_ctx);
         ret &= check_server_sign_type(result, test_ctx);
+        ret &= check_server_ca_names(result, test_ctx);
         ret &= check_client_cert_type(result, test_ctx);
         ret &= check_client_sign_hash(result, test_ctx);
         ret &= check_client_sign_type(result, test_ctx);
@@ -356,7 +400,7 @@ static int test_handshake(int idx)
     BIO_snprintf(test_app, sizeof(test_app), "test-%d", idx);
 
     test_ctx = SSL_TEST_CTX_create(conf, test_app);
-    if (test_ctx == NULL)
+    if (!TEST_ptr(test_ctx))
         goto err;
 
 #ifndef OPENSSL_NO_DTLS
@@ -364,15 +408,16 @@ static int test_handshake(int idx)
         server_ctx = SSL_CTX_new(DTLS_server_method());
         if (test_ctx->extra.server.servername_callback !=
             SSL_TEST_SERVERNAME_CB_NONE) {
-            server2_ctx = SSL_CTX_new(DTLS_server_method());
-            TEST_check(server2_ctx != NULL);
+            if (!TEST_ptr(server2_ctx = SSL_CTX_new(DTLS_server_method())))
+                goto err;
         }
         client_ctx = SSL_CTX_new(DTLS_client_method());
         if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {
             resume_server_ctx = SSL_CTX_new(DTLS_server_method());
             resume_client_ctx = SSL_CTX_new(DTLS_client_method());
-            TEST_check(resume_server_ctx != NULL);
-            TEST_check(resume_client_ctx != NULL);
+            if (!TEST_ptr(resume_server_ctx)
+                    || !TEST_ptr(resume_client_ctx))
+                goto err;
         }
     }
 #endif
@@ -381,23 +426,24 @@ static int test_handshake(int idx)
         /* SNI on resumption isn't supported/tested yet. */
         if (test_ctx->extra.server.servername_callback !=
             SSL_TEST_SERVERNAME_CB_NONE) {
-            server2_ctx = SSL_CTX_new(TLS_server_method());
-            TEST_check(server2_ctx != NULL);
+            if (!TEST_ptr(server2_ctx = SSL_CTX_new(TLS_server_method())))
+                goto err;
         }
         client_ctx = SSL_CTX_new(TLS_client_method());
 
         if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {
             resume_server_ctx = SSL_CTX_new(TLS_server_method());
             resume_client_ctx = SSL_CTX_new(TLS_client_method());
-            TEST_check(resume_server_ctx != NULL);
-            TEST_check(resume_client_ctx != NULL);
+            if (!TEST_ptr(resume_server_ctx)
+                    || !TEST_ptr(resume_client_ctx))
+                goto err;
         }
     }
 
-    TEST_check(server_ctx != NULL);
-    TEST_check(client_ctx != NULL);
-
-    TEST_check(CONF_modules_load(conf, test_app, 0) > 0);
+    if (!TEST_ptr(server_ctx)
+            || !TEST_ptr(client_ctx)
+            || !TEST_int_gt(CONF_modules_load(conf, test_app, 0),  0))
+        goto err;
 
     if (!SSL_CTX_config(server_ctx, "server")
         || !SSL_CTX_config(client_ctx, "client")) {
@@ -416,7 +462,8 @@ static int test_handshake(int idx)
     result = do_handshake(server_ctx, server2_ctx, client_ctx,
                           resume_server_ctx, resume_client_ctx, test_ctx);
 
-    ret = check_test(result, test_ctx);
+    if (result != NULL)
+        ret = check_test(result, test_ctx);
 
 err:
     CONF_modules_unload(0);
@@ -430,25 +477,22 @@ err:
     return ret;
 }
 
-int test_main(int argc, char **argv)
+int setup_tests(void)
 {
-    int result = 0;
     long num_tests;
 
-    if (argc != 2)
-        return 1;
-
-    conf = NCONF_new(NULL);
-    TEST_check(conf != NULL);
-
-    /* argv[1] should point to the test conf file */
-    TEST_check(NCONF_load(conf, argv[1], NULL) > 0);
-
-    TEST_check(NCONF_get_number_e(conf, NULL, "num_tests", &num_tests));
+    if (!TEST_ptr(conf = NCONF_new(NULL))
+            /* argv[1] should point to the test conf file */
+            || !TEST_int_gt(NCONF_load(conf, test_get_argument(0), NULL), 0)
+            || !TEST_int_ne(NCONF_get_number_e(conf, NULL, "num_tests",
+                                               &num_tests), 0))
+        return 0;
 
-    ADD_ALL_TESTS(test_handshake, (int)(num_tests));
-    result = run_tests(argv[0]);
+    ADD_ALL_TESTS(test_handshake, (int)num_tests);
+    return 1;
+}
 
+void cleanup_tests(void)
+{
     NCONF_free(conf);
-    return result;
 }