Fix a bunch of gcc warnings in packettest.c

[openssl.git] / test / ssl_test.c

diff --git a/test/ssl_test.c b/test/ssl_test.c
index fb6214e9fed14d916bf6e430a6043dd44233d7cd..a21a0f773beee3a8fcb552837506fb2a23f11659 100644 (file)
--- a/test/ssl_test.c
+++ b/test/ssl_test.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -23,18 +23,6 @@ static CONF *conf = NULL;
 /* Currently the section names are of the form test-<number>, e.g. test-15. */
 #define MAX_TESTCASE_NAME_LENGTH 100
 
-typedef struct ssl_test_ctx_test_fixture {
-    const char *test_case_name;
-    char test_app[MAX_TESTCASE_NAME_LENGTH];
-} SSL_TEST_FIXTURE;
-
-static SSL_TEST_FIXTURE set_up(const char *const test_case_name)
-{
-    SSL_TEST_FIXTURE fixture;
-    fixture.test_case_name = test_case_name;
-    return fixture;
-}
-
 static const char *print_alert(int alert)
 {
     return alert ? SSL_alert_desc_string_long(alert) : "no alert";
@@ -42,10 +30,10 @@ static const char *print_alert(int alert)
 
 static int check_result(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
 {
-    if (result->result != test_ctx->expected_result) {
-        fprintf(stderr, "ExpectedResult mismatch: expected %s, got %s.\n",
-                ssl_test_result_name(test_ctx->expected_result),
-                ssl_test_result_name(result->result));
+    if (!TEST_int_eq(result->result, test_ctx->expected_result)) {
+        TEST_info("ExpectedResult mismatch: expected %s, got %s.",
+                  ssl_test_result_name(test_ctx->expected_result),
+                  ssl_test_result_name(result->result));
         return 0;
     }
     return 1;
@@ -53,10 +41,11 @@ static int check_result(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
 
 static int check_alerts(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
 {
-    if (result->client_alert_sent != result->client_alert_received) {
-        fprintf(stderr, "Client sent alert %s but server received %s\n.",
-                print_alert(result->client_alert_sent),
-                print_alert(result->client_alert_received));
+    if (!TEST_int_eq(result->client_alert_sent,
+                     result->client_alert_received)) {
+        TEST_info("Client sent alert %s but server received %s.",
+                  print_alert(result->client_alert_sent),
+                  print_alert(result->client_alert_received));
         /*
          * We can't bail here because the peer doesn't always get far enough
          * to process a received alert. Specifically, in protocol version
@@ -71,10 +60,11 @@ static int check_alerts(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
         /* return 0; */
     }
 
-    if (result->server_alert_sent != result->server_alert_received) {
-        fprintf(stderr, "Server sent alert %s but client received %s\n.",
-                print_alert(result->server_alert_sent),
-                print_alert(result->server_alert_received));
+    if (!TEST_int_eq(result->server_alert_sent,
+                     result->server_alert_received)) {
+        TEST_info("Server sent alert %s but client received %s.",
+                  print_alert(result->server_alert_sent),
+                  print_alert(result->server_alert_received));
         /* return 0; */
     }
 
@@ -86,47 +76,42 @@ static int check_alerts(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
          * where the low byte is the alert code and the high byte is other stuff.
          */
         && (result->client_alert_sent & 0xff) != test_ctx->expected_client_alert) {
-        fprintf(stderr, "ClientAlert mismatch: expected %s, got %s.\n",
-                print_alert(test_ctx->expected_client_alert),
-                print_alert(result->client_alert_sent));
+        TEST_error("ClientAlert mismatch: expected %s, got %s.",
+                   print_alert(test_ctx->expected_client_alert),
+                   print_alert(result->client_alert_sent));
         return 0;
     }
 
     if (test_ctx->expected_server_alert
         && (result->server_alert_sent & 0xff) != test_ctx->expected_server_alert) {
-        fprintf(stderr, "ServerAlert mismatch: expected %s, got %s.\n",
-                print_alert(test_ctx->expected_server_alert),
-                print_alert(result->server_alert_sent));
+        TEST_error("ServerAlert mismatch: expected %s, got %s.",
+                   print_alert(test_ctx->expected_server_alert),
+                   print_alert(result->server_alert_sent));
         return 0;
     }
 
-    if (result->client_num_fatal_alerts_sent > 1) {
-        fprintf(stderr, "Client sent %d fatal alerts.\n",
-                result->client_num_fatal_alerts_sent);
+    if (!TEST_int_le(result->client_num_fatal_alerts_sent, 1))
         return 0;
-    }
-    if (result->server_num_fatal_alerts_sent > 1) {
-        fprintf(stderr, "Server sent %d alerts.\n",
-                result->server_num_fatal_alerts_sent);
+    if (!TEST_int_le(result->server_num_fatal_alerts_sent, 1))
         return 0;
-    }
     return 1;
 }
 
 static int check_protocol(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
 {
-    if (result->client_protocol != result->server_protocol) {
-        fprintf(stderr, "Client has protocol %s but server has %s\n.",
-                ssl_protocol_name(result->client_protocol),
-                ssl_protocol_name(result->server_protocol));
+    if (!TEST_int_eq(result->client_protocol, result->server_protocol)) {
+        TEST_info("Client has protocol %s but server has %s.",
+                  ssl_protocol_name(result->client_protocol),
+                  ssl_protocol_name(result->server_protocol));
         return 0;
     }
 
     if (test_ctx->expected_protocol) {
-        if (result->client_protocol != test_ctx->expected_protocol) {
-            fprintf(stderr, "Protocol mismatch: expected %s, got %s.\n",
-                    ssl_protocol_name(test_ctx->expected_protocol),
-                    ssl_protocol_name(result->client_protocol));
+        if (!TEST_int_eq(result->client_protocol,
+                         test_ctx->expected_protocol)) {
+            TEST_info("Protocol mismatch: expected %s, got %s.\n",
+                      ssl_protocol_name(test_ctx->expected_protocol),
+                      ssl_protocol_name(result->client_protocol));
             return 0;
         }
     }
@@ -135,10 +120,10 @@ static int check_protocol(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
 
 static int check_servername(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
 {
-    if (result->servername != test_ctx->expected_servername) {
-      fprintf(stderr, "Client ServerName mismatch, expected %s, got %s\n.",
-              ssl_servername_name(test_ctx->expected_servername),
-              ssl_servername_name(result->servername));
+    if (!TEST_int_eq(result->servername, test_ctx->expected_servername)) {
+      TEST_info("Client ServerName mismatch, expected %s, got %s.",
+                ssl_servername_name(test_ctx->expected_servername),
+                ssl_servername_name(result->servername));
       return 0;
     }
   return 1;
@@ -148,25 +133,45 @@ static int check_session_ticket(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx
 {
     if (test_ctx->session_ticket_expected == SSL_TEST_SESSION_TICKET_IGNORE)
         return 1;
-    if (result->session_ticket != test_ctx->session_ticket_expected) {
-        fprintf(stderr, "Client SessionTicketExpected mismatch, expected %s, got %s\n.",
-                ssl_session_ticket_name(test_ctx->session_ticket_expected),
-                ssl_session_ticket_name(result->session_ticket));
+    if (!TEST_int_eq(result->session_ticket,
+                     test_ctx->session_ticket_expected)) {
+        TEST_info("Client SessionTicketExpected mismatch, expected %s, got %s.",
+                  ssl_session_ticket_name(test_ctx->session_ticket_expected),
+                  ssl_session_ticket_name(result->session_ticket));
+        return 0;
+    }
+    return 1;
+}
+
+static int check_session_id(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
+{
+    if (test_ctx->session_id_expected == SSL_TEST_SESSION_ID_IGNORE)
+        return 1;
+    if (!TEST_int_eq(result->session_id, test_ctx->session_id_expected)) {
+        TEST_info("Client SessionIdExpected mismatch, expected %s, got %s\n.",
+                ssl_session_id_name(test_ctx->session_id_expected),
+                ssl_session_id_name(result->session_id));
         return 0;
     }
     return 1;
 }
 
+static int check_compression(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
+{
+    if (!TEST_int_eq(result->compression, test_ctx->compression_expected))
+        return 0;
+    return 1;
+}
 #ifndef OPENSSL_NO_NEXTPROTONEG
 static int check_npn(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
 {
     int ret = 1;
-    ret &= strings_equal("NPN Negotiated (client vs server)",
-                         result->client_npn_negotiated,
-                         result->server_npn_negotiated);
-    ret &= strings_equal("ExpectedNPNProtocol",
-                         test_ctx->expected_npn_protocol,
-                         result->client_npn_negotiated);
+    if (!TEST_str_eq(result->client_npn_negotiated,
+                     result->server_npn_negotiated))
+        ret = 0;
+    if (!TEST_str_eq(test_ctx->expected_npn_protocol,
+                     result->client_npn_negotiated))
+        ret = 0;
     return ret;
 }
 #endif
@@ -174,28 +179,155 @@ static int check_npn(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
 static int check_alpn(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
 {
     int ret = 1;
-    ret &= strings_equal("ALPN Negotiated (client vs server)",
-                         result->client_alpn_negotiated,
-                         result->server_alpn_negotiated);
-    ret &= strings_equal("ExpectedALPNProtocol",
-                         test_ctx->expected_alpn_protocol,
-                         result->client_alpn_negotiated);
+    if (!TEST_str_eq(result->client_alpn_negotiated,
+                     result->server_alpn_negotiated))
+        ret = 0;
+    if (!TEST_str_eq(test_ctx->expected_alpn_protocol,
+                     result->client_alpn_negotiated))
+        ret = 0;
     return ret;
 }
 
 static int check_resumption(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
 {
-    if (result->client_resumed != result->server_resumed) {
-        fprintf(stderr, "Resumption mismatch (client vs server): %d vs %d\n",
-                result->client_resumed, result->server_resumed);
+    if (!TEST_int_eq(result->client_resumed, result->server_resumed))
         return 0;
-    }
-    if (result->client_resumed != test_ctx->resumption_expected) {
-        fprintf(stderr, "ResumptionExpected mismatch: %d vs %d\n",
-                test_ctx->resumption_expected, result->client_resumed);
+    if (!TEST_int_eq(result->client_resumed, test_ctx->resumption_expected))
         return 0;
+    return 1;
+}
+
+static int check_nid(const char *name, int expected_nid, int nid)
+{
+    if (expected_nid == 0 || expected_nid == nid)
+        return 1;
+    TEST_error("%s type mismatch, %s vs %s\n",
+               name, OBJ_nid2ln(expected_nid),
+               nid == NID_undef ? "absent" : OBJ_nid2ln(nid));
+    return 0;
+}
+
+static void print_ca_names(STACK_OF(X509_NAME) *names)
+{
+    int i;
+
+    if (names == NULL || sk_X509_NAME_num(names) == 0) {
+        TEST_note("    <empty>");
+        return;
+    }
+    for (i = 0; i < sk_X509_NAME_num(names); i++) {
+        X509_NAME_print_ex(bio_err, sk_X509_NAME_value(names, i), 4,
+                           XN_FLAG_ONELINE);
+        BIO_puts(bio_err, "\n");
+    }
+}
+
+static int check_ca_names(const char *name,
+                          STACK_OF(X509_NAME) *expected_names,
+                          STACK_OF(X509_NAME) *names)
+{
+    int i;
+
+    if (expected_names == NULL)
+        return 1;
+    if (names == NULL || sk_X509_NAME_num(names) == 0) {
+        if (TEST_int_eq(sk_X509_NAME_num(expected_names), 0))
+            return 1;
+        goto err;
+    }
+    if (sk_X509_NAME_num(names) != sk_X509_NAME_num(expected_names))
+        goto err;
+    for (i = 0; i < sk_X509_NAME_num(names); i++) {
+        if (!TEST_int_eq(X509_NAME_cmp(sk_X509_NAME_value(names, i),
+                                       sk_X509_NAME_value(expected_names, i)),
+                         0)) {
+            goto err;
+        }
     }
     return 1;
+err:
+    TEST_info("%s: list mismatch", name);
+    TEST_note("Expected Names:");
+    print_ca_names(expected_names);
+    TEST_note("Received Names:");
+    print_ca_names(names);
+    return 0;
+}
+
+static int check_tmp_key(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
+{
+    return check_nid("Tmp key", test_ctx->expected_tmp_key_type,
+                     result->tmp_key_type);
+}
+
+static int check_server_cert_type(HANDSHAKE_RESULT *result,
+                                  SSL_TEST_CTX *test_ctx)
+{
+    return check_nid("Server certificate", test_ctx->expected_server_cert_type,
+                     result->server_cert_type);
+}
+
+static int check_server_sign_hash(HANDSHAKE_RESULT *result,
+                                  SSL_TEST_CTX *test_ctx)
+{
+    return check_nid("Server signing hash", test_ctx->expected_server_sign_hash,
+                     result->server_sign_hash);
+}
+
+static int check_server_sign_type(HANDSHAKE_RESULT *result,
+                                  SSL_TEST_CTX *test_ctx)
+{
+    return check_nid("Server signing", test_ctx->expected_server_sign_type,
+                     result->server_sign_type);
+}
+
+static int check_server_ca_names(HANDSHAKE_RESULT *result,
+                                 SSL_TEST_CTX *test_ctx)
+{
+    return check_ca_names("Server CA names",
+                          test_ctx->expected_server_ca_names,
+                          result->server_ca_names);
+}
+
+static int check_client_cert_type(HANDSHAKE_RESULT *result,
+                                  SSL_TEST_CTX *test_ctx)
+{
+    return check_nid("Client certificate", test_ctx->expected_client_cert_type,
+                     result->client_cert_type);
+}
+
+static int check_client_sign_hash(HANDSHAKE_RESULT *result,
+                                  SSL_TEST_CTX *test_ctx)
+{
+    return check_nid("Client signing hash", test_ctx->expected_client_sign_hash,
+                     result->client_sign_hash);
+}
+
+static int check_client_sign_type(HANDSHAKE_RESULT *result,
+                                  SSL_TEST_CTX *test_ctx)
+{
+    return check_nid("Client signing", test_ctx->expected_client_sign_type,
+                     result->client_sign_type);
+}
+
+static int check_client_ca_names(HANDSHAKE_RESULT *result,
+                                 SSL_TEST_CTX *test_ctx)
+{
+    return check_ca_names("Client CA names",
+                          test_ctx->expected_client_ca_names,
+                          result->client_ca_names);
+}
+
+static int check_cipher(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
+{
+    if (test_ctx->expected_cipher == NULL)
+        return 1;
+    if (!TEST_ptr(result->cipher))
+        return 0;
+    if (!TEST_str_eq(test_ctx->expected_cipher,
+                     result->cipher))
+        return 0;
+    return 1;
 }
 
 /*
@@ -212,26 +344,41 @@ static int check_test(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
         ret &= check_protocol(result, test_ctx);
         ret &= check_servername(result, test_ctx);
         ret &= check_session_ticket(result, test_ctx);
+        ret &= check_compression(result, test_ctx);
+        ret &= check_session_id(result, test_ctx);
         ret &= (result->session_ticket_do_not_call == 0);
 #ifndef OPENSSL_NO_NEXTPROTONEG
         ret &= check_npn(result, test_ctx);
 #endif
+        ret &= check_cipher(result, test_ctx);
         ret &= check_alpn(result, test_ctx);
         ret &= check_resumption(result, test_ctx);
+        ret &= check_tmp_key(result, test_ctx);
+        ret &= check_server_cert_type(result, test_ctx);
+        ret &= check_server_sign_hash(result, test_ctx);
+        ret &= check_server_sign_type(result, test_ctx);
+        ret &= check_server_ca_names(result, test_ctx);
+        ret &= check_client_cert_type(result, test_ctx);
+        ret &= check_client_sign_hash(result, test_ctx);
+        ret &= check_client_sign_type(result, test_ctx);
+        ret &= check_client_ca_names(result, test_ctx);
     }
     return ret;
 }
 
-static int execute_test(SSL_TEST_FIXTURE fixture)
+static int test_handshake(int idx)
 {
     int ret = 0;
     SSL_CTX *server_ctx = NULL, *server2_ctx = NULL, *client_ctx = NULL,
         *resume_server_ctx = NULL, *resume_client_ctx = NULL;
     SSL_TEST_CTX *test_ctx = NULL;
     HANDSHAKE_RESULT *result = NULL;
+    char test_app[MAX_TESTCASE_NAME_LENGTH];
 
-    test_ctx = SSL_TEST_CTX_create(conf, fixture.test_app);
-    if (test_ctx == NULL)
+    BIO_snprintf(test_app, sizeof(test_app), "test-%d", idx);
+
+    test_ctx = SSL_TEST_CTX_create(conf, test_app);
+    if (!TEST_ptr(test_ctx))
         goto err;
 
 #ifndef OPENSSL_NO_DTLS
@@ -239,15 +386,16 @@ static int execute_test(SSL_TEST_FIXTURE fixture)
         server_ctx = SSL_CTX_new(DTLS_server_method());
         if (test_ctx->extra.server.servername_callback !=
             SSL_TEST_SERVERNAME_CB_NONE) {
-            server2_ctx = SSL_CTX_new(DTLS_server_method());
-            TEST_check(server2_ctx != NULL);
+            if (!TEST_ptr(server2_ctx = SSL_CTX_new(DTLS_server_method())))
+                goto err;
         }
         client_ctx = SSL_CTX_new(DTLS_client_method());
         if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {
             resume_server_ctx = SSL_CTX_new(DTLS_server_method());
             resume_client_ctx = SSL_CTX_new(DTLS_client_method());
-            TEST_check(resume_server_ctx != NULL);
-            TEST_check(resume_client_ctx != NULL);
+            if (!TEST_ptr(resume_server_ctx)
+                    || !TEST_ptr(resume_client_ctx))
+                goto err;
         }
     }
 #endif
@@ -256,23 +404,24 @@ static int execute_test(SSL_TEST_FIXTURE fixture)
         /* SNI on resumption isn't supported/tested yet. */
         if (test_ctx->extra.server.servername_callback !=
             SSL_TEST_SERVERNAME_CB_NONE) {
-            server2_ctx = SSL_CTX_new(TLS_server_method());
-            TEST_check(server2_ctx != NULL);
+            if (!TEST_ptr(server2_ctx = SSL_CTX_new(TLS_server_method())))
+                goto err;
         }
         client_ctx = SSL_CTX_new(TLS_client_method());
 
         if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {
             resume_server_ctx = SSL_CTX_new(TLS_server_method());
             resume_client_ctx = SSL_CTX_new(TLS_client_method());
-            TEST_check(resume_server_ctx != NULL);
-            TEST_check(resume_client_ctx != NULL);
+            if (!TEST_ptr(resume_server_ctx)
+                    || !TEST_ptr(resume_client_ctx))
+                goto err;
         }
     }
 
-    TEST_check(server_ctx != NULL);
-    TEST_check(client_ctx != NULL);
-
-    TEST_check(CONF_modules_load(conf, fixture.test_app, 0) > 0);
+    if (!TEST_ptr(server_ctx)
+            || !TEST_ptr(client_ctx)
+            || !TEST_int_gt(CONF_modules_load(conf, test_app, 0),  0))
+        goto err;
 
     if (!SSL_CTX_config(server_ctx, "server")
         || !SSL_CTX_config(client_ctx, "client")) {
@@ -291,7 +440,8 @@ static int execute_test(SSL_TEST_FIXTURE fixture)
     result = do_handshake(server_ctx, server2_ctx, client_ctx,
                           resume_server_ctx, resume_client_ctx, test_ctx);
 
-    ret = check_test(result, test_ctx);
+    if (result != NULL)
+        ret = check_test(result, test_ctx);
 
 err:
     CONF_modules_unload(0);
@@ -305,41 +455,22 @@ err:
     return ret;
 }
 
-static void tear_down(SSL_TEST_FIXTURE fixture)
+int setup_tests(void)
 {
-}
+    long num_tests;
 
-#define SETUP_SSL_TEST_FIXTURE()                        \
-    SETUP_TEST_FIXTURE(SSL_TEST_FIXTURE, set_up)
-#define EXECUTE_SSL_TEST()             \
-    EXECUTE_TEST(execute_test, tear_down)
+    if (!TEST_ptr(conf = NCONF_new(NULL))
+            /* argv[1] should point to the test conf file */
+            || !TEST_int_gt(NCONF_load(conf, test_get_argument(0), NULL), 0)
+            || !TEST_int_ne(NCONF_get_number_e(conf, NULL, "num_tests",
+                                               &num_tests), 0))
+        return 0;
 
-static int test_handshake(int idx)
-{
-    SETUP_SSL_TEST_FIXTURE();
-    BIO_snprintf(fixture.test_app, sizeof(fixture.test_app),
-                 "test-%d", idx);
-    EXECUTE_SSL_TEST();
+    ADD_ALL_TESTS(test_handshake, (int)num_tests);
+    return 1;
 }
 
-int main(int argc, char **argv)
+void cleanup_tests(void)
 {
-    int result = 0;
-    long num_tests;
-
-    if (argc != 2)
-        return 1;
-
-    conf = NCONF_new(NULL);
-    TEST_check(conf != NULL);
-
-    /* argv[1] should point to the test conf file */
-    TEST_check(NCONF_load(conf, argv[1], NULL) > 0);
-
-    TEST_check(NCONF_get_number_e(conf, NULL, "num_tests", &num_tests));
-
-    ADD_ALL_TESTS(test_handshake, (int)(num_tests));
-    result = run_tests(argv[0]);
-
-    return result;
+    NCONF_free(conf);
 }