Add a test to check we get a new session even if s->hit is true in TLSv1.3

[openssl.git] / test / ssl_test_ctx.c
diff --git a/test/ssl_test_ctx.c b/test/ssl_test_ctx.c

index f9e74d11fda0f3701cb964f16508334c13f0214b..b581cdfb944f760fe9624f2461a7607058bf945a 100644 (file)
--- a/test/ssl_test_ctx.c
+++ b/test/ssl_test_ctx.c
@@ -1,5 +1,5 @@
  /*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
   *
   * Licensed under the OpenSSL license (the "License").  You may not use
   * this file except in compliance with the License.  You can obtain a copy
@@ -30,6 +30,7 @@ static int parse_boolean(const char *value, int *result)
          *result = 0;
          return 1;
      }
+    TEST_error("parse_boolean given: '%s'", value);
      return 0;
  }
  
@@ -44,8 +45,7 @@ static int parse_boolean(const char *value, int *result)
      {                                                                   \
          OPENSSL_free(ctx->field);                                       \
          ctx->field = OPENSSL_strdup(value);                             \
-        TEST_check(ctx->field != NULL);                                 \
-        return 1;                                                       \
+        return TEST_ptr(ctx->field);                                    \
      }
  
  #define IMPLEMENT_SSL_TEST_INT_OPTION(struct_type, name, field)        \
@@ -286,6 +286,10 @@ const char *ssl_session_ticket_name(ssl_session_ticket_t server)
                       server);
  }
  
+/* CompressionExpected */
+
+IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, compression_expected)
+
  /* Method */
  
  static const test_enum ssl_test_methods[] = {
@@ -318,6 +322,12 @@ IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, alpn_protocols)
  IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, alpn_protocols)
  IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_alpn_protocol)
  
+/* SRP options */
+IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, srp_user)
+IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, srp_user)
+IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, srp_password)
+IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, srp_password)
+
  /* Handshake mode */
  
  static const test_enum ssl_handshake_modes[] = {
@@ -396,6 +406,7 @@ const char *ssl_ct_validation_name(ssl_ct_validation_t mode)
  
  IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, resumption_expected)
  IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_SERVER_CONF, server, broken_session_ticket)
+IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, use_sctp)
  
  /* CertStatus */
  
@@ -525,6 +536,27 @@ __owur static int parse_expected_client_sign_hash(SSL_TEST_CTX *test_ctx,
                                      value);
  }
  
+__owur static int parse_expected_ca_names(STACK_OF(X509_NAME) **pnames,
+                                          const char *value)
+{
+    if (value == NULL)
+        return 0;
+    if (!strcmp(value, "empty"))
+        *pnames = sk_X509_NAME_new_null();
+    else
+        *pnames = SSL_load_client_CA_file(value);
+    return *pnames != NULL;
+}
+__owur static int parse_expected_server_ca_names(SSL_TEST_CTX *test_ctx,
+                                                 const char *value)
+{
+    return parse_expected_ca_names(&test_ctx->expected_server_ca_names, value);
+}
+__owur static int parse_expected_client_ca_names(SSL_TEST_CTX *test_ctx,
+                                                 const char *value)
+{
+    return parse_expected_ca_names(&test_ctx->expected_client_ca_names, value);
+}
  
  /* Known test options and their corresponding parse methods. */
  
@@ -541,6 +573,7 @@ static const ssl_test_ctx_option ssl_test_ctx_options[] = {
      { "ExpectedProtocol", &parse_protocol },
      { "ExpectedServerName", &parse_expected_servername },
      { "SessionTicketExpected", &parse_session_ticket },
+    { "CompressionExpected", &parse_test_compression_expected },
      { "Method", &parse_test_method },
      { "ExpectedNPNProtocol", &parse_test_expected_npn_protocol },
      { "ExpectedALPNProtocol", &parse_test_expected_alpn_protocol },
@@ -553,9 +586,12 @@ static const ssl_test_ctx_option ssl_test_ctx_options[] = {
      { "ExpectedServerCertType", &parse_expected_server_cert_type },
      { "ExpectedServerSignHash", &parse_expected_server_sign_hash },
      { "ExpectedServerSignType", &parse_expected_server_sign_type },
+    { "ExpectedServerCANames", &parse_expected_server_ca_names },
      { "ExpectedClientCertType", &parse_expected_client_cert_type },
      { "ExpectedClientSignHash", &parse_expected_client_sign_hash },
      { "ExpectedClientSignType", &parse_expected_client_sign_type },
+    { "ExpectedClientCANames", &parse_expected_client_ca_names },
+    { "UseSCTP", &parse_test_use_sctp },
  };
  
  /* Nested client options. */
@@ -571,6 +607,8 @@ static const ssl_test_client_option ssl_test_client_options[] = {
      { "ALPNProtocols", &parse_client_alpn_protocols },
      { "CTValidation", &parse_ct_validation },
      { "RenegotiateCiphers", &parse_client_reneg_ciphers},
+    { "SRPUser", &parse_client_srp_user },
+    { "SRPPassword", &parse_client_srp_password },
  };
  
  /* Nested server options. */
@@ -585,19 +623,19 @@ static const ssl_test_server_option ssl_test_server_options[] = {
      { "ALPNProtocols", &parse_server_alpn_protocols },
      { "BrokenSessionTicket", &parse_server_broken_session_ticket },
      { "CertStatus", &parse_certstatus },
+    { "SRPUser", &parse_server_srp_user },
+    { "SRPPassword", &parse_server_srp_password },
  };
  
-/*
- * Since these methods are used to create tests, we use TEST_check liberally
- * for malloc failures and other internal errors.
- */
  SSL_TEST_CTX *SSL_TEST_CTX_new()
  {
      SSL_TEST_CTX *ret;
-    ret = OPENSSL_zalloc(sizeof(*ret));
-    TEST_check(ret != NULL);
-    ret->app_data_size = default_app_data_size;
-    ret->max_fragment_size = default_max_fragment_size;
+
+    /* The return code is checked by caller */
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) != NULL) {
+        ret->app_data_size = default_app_data_size;
+        ret->max_fragment_size = default_max_fragment_size;
+    }
      return ret;
  }
  
@@ -610,6 +648,12 @@ static void ssl_test_extra_conf_free_data(SSL_TEST_EXTRA_CONF *conf)
      OPENSSL_free(conf->server.alpn_protocols);
      OPENSSL_free(conf->server2.alpn_protocols);
      OPENSSL_free(conf->client.reneg_ciphers);
+    OPENSSL_free(conf->server.srp_user);
+    OPENSSL_free(conf->server.srp_password);
+    OPENSSL_free(conf->server2.srp_user);
+    OPENSSL_free(conf->server2.srp_password);
+    OPENSSL_free(conf->client.srp_user);
+    OPENSSL_free(conf->client.srp_password);
  }
  
  static void ssl_test_ctx_free_extra_data(SSL_TEST_CTX *ctx)
@@ -623,6 +667,8 @@ void SSL_TEST_CTX_free(SSL_TEST_CTX *ctx)
      ssl_test_ctx_free_extra_data(ctx);
      OPENSSL_free(ctx->expected_npn_protocol);
      OPENSSL_free(ctx->expected_alpn_protocol);
+    sk_X509_NAME_pop_free(ctx->expected_server_ca_names, X509_NAME_free);
+    sk_X509_NAME_pop_free(ctx->expected_client_ca_names, X509_NAME_free);
      OPENSSL_free(ctx);
  }
  
@@ -633,8 +679,8 @@ static int parse_client_options(SSL_TEST_CLIENT_CONF *client, const CONF *conf,
      int i;
      size_t j;
  
-    sk_conf = NCONF_get_section(conf, client_section);
-    TEST_check(sk_conf != NULL);
+    if (!TEST_ptr(sk_conf = NCONF_get_section(conf, client_section)))
+        return 0;
  
      for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) {
          int found = 0;
@@ -642,8 +688,8 @@ static int parse_client_options(SSL_TEST_CLIENT_CONF *client, const CONF *conf,
          for (j = 0; j < OSSL_NELEM(ssl_test_client_options); j++) {
              if (strcmp(option->name, ssl_test_client_options[j].name) == 0) {
                  if (!ssl_test_client_options[j].parse(client, option->value)) {
-                    fprintf(stderr, "Bad value %s for option %s\n",
-                            option->value, option->name);
+                    TEST_info("Bad value %s for option %s",
+                              option->value, option->name);
                      return 0;
                  }
                  found = 1;
@@ -651,7 +697,7 @@ static int parse_client_options(SSL_TEST_CLIENT_CONF *client, const CONF *conf,
              }
          }
          if (!found) {
-            fprintf(stderr, "Unknown test option: %s\n", option->name);
+            TEST_info("Unknown test option: %s", option->name);
              return 0;
          }
      }
@@ -666,8 +712,8 @@ static int parse_server_options(SSL_TEST_SERVER_CONF *server, const CONF *conf,
      int i;
      size_t j;
  
-    sk_conf = NCONF_get_section(conf, server_section);
-    TEST_check(sk_conf != NULL);
+    if (!TEST_ptr(sk_conf = NCONF_get_section(conf, server_section)))
+        return 0;
  
      for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) {
          int found = 0;
@@ -675,8 +721,8 @@ static int parse_server_options(SSL_TEST_SERVER_CONF *server, const CONF *conf,
          for (j = 0; j < OSSL_NELEM(ssl_test_server_options); j++) {
              if (strcmp(option->name, ssl_test_server_options[j].name) == 0) {
                  if (!ssl_test_server_options[j].parse(server, option->value)) {
-                    fprintf(stderr, "Bad value %s for option %s\n",
-                            option->value, option->name);
+                    TEST_info("Bad value %s for option %s",
+                               option->value, option->name);
                      return 0;
                  }
                  found = 1;
@@ -684,7 +730,7 @@ static int parse_server_options(SSL_TEST_SERVER_CONF *server, const CONF *conf,
              }
          }
          if (!found) {
-            fprintf(stderr, "Unknown test option: %s\n", option->name);
+            TEST_info("Unknown test option: %s", option->name);
              return 0;
          }
      }
@@ -694,16 +740,14 @@ static int parse_server_options(SSL_TEST_SERVER_CONF *server, const CONF *conf,
  
  SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section)
  {
-    STACK_OF(CONF_VALUE) *sk_conf;
-    SSL_TEST_CTX *ctx;
+    STACK_OF(CONF_VALUE) *sk_conf = NULL;
+    SSL_TEST_CTX *ctx = NULL;
      int i;
      size_t j;
  
-    sk_conf = NCONF_get_section(conf, test_section);
-    TEST_check(sk_conf != NULL);
-
-    ctx = SSL_TEST_CTX_new();
-    TEST_check(ctx != NULL);
+    if (!TEST_ptr(sk_conf = NCONF_get_section(conf, test_section))
+            || !TEST_ptr(ctx = SSL_TEST_CTX_new()))
+        goto err;
  
      for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) {
          int found = 0;
@@ -715,20 +759,20 @@ SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section)
                                        option->value))
                  goto err;
          } else if (strcmp(option->name, "server") == 0) {
-            if (!parse_server_options(&ctx->extra.server, conf,
-                                      option->value))
+            if (!TEST_true(parse_server_options(&ctx->extra.server, conf,
+                                                option->value)))
                  goto err;
          } else if (strcmp(option->name, "server2") == 0) {
-            if (!parse_server_options(&ctx->extra.server2, conf,
-                                      option->value))
+            if (!TEST_true(parse_server_options(&ctx->extra.server2, conf,
+                                                option->value)))
                  goto err;
          } else if (strcmp(option->name, "resume-client") == 0) {
-            if (!parse_client_options(&ctx->resume_extra.client, conf,
-                                      option->value))
+            if (!TEST_true(parse_client_options(&ctx->resume_extra.client, conf,
+                                                option->value)))
                  goto err;
          } else if (strcmp(option->name, "resume-server") == 0) {
-            if (!parse_server_options(&ctx->resume_extra.server, conf,
-                                      option->value))
+            if (!TEST_true(parse_server_options(&ctx->resume_extra.server, conf,
+                                                option->value)))
                  goto err;
          } else if (strcmp(option->name, "resume-server2") == 0) {
              if (!parse_server_options(&ctx->resume_extra.server2, conf,
@@ -739,8 +783,8 @@ SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section)
              for (j = 0; j < OSSL_NELEM(ssl_test_ctx_options); j++) {
                  if (strcmp(option->name, ssl_test_ctx_options[j].name) == 0) {
                      if (!ssl_test_ctx_options[j].parse(ctx, option->value)) {
-                        fprintf(stderr, "Bad value %s for option %s\n",
-                                option->value, option->name);
+                        TEST_info("Bad value %s for option %s",
+                                   option->value, option->name);
                          goto err;
                      }
                      found = 1;
@@ -748,7 +792,7 @@ SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section)
                  }
              }
              if (!found) {
-                fprintf(stderr, "Unknown test option: %s\n", option->name);
+                TEST_info("Unknown test option: %s", option->name);
                  goto err;
              }
          }