[thirdparty/openssl.git] / test / ssl_test_ctx.c

/*
 * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <string.h>

#include <openssl/e_os2.h>
#include <openssl/crypto.h>

#include "e_os.h"
#include "ssl_test_ctx.h"
#include "testutil.h"

static const int default_app_data_size = 256;
/* Default set to be as small as possible to exercise fragmentation. */
static const int default_max_fragment_size = 512;

static int parse_boolean(const char *value, int *result)
{
    if (strcasecmp(value, "Yes") == 0) {
        *result = 1;
        return 1;
    }
    else if (strcasecmp(value, "No") == 0) {
        *result = 0;
        return 1;
    }
    return 0;
}

#define IMPLEMENT_SSL_TEST_BOOL_OPTION(struct_type, name, field)        \
    static int parse_##name##_##field(struct_type *ctx, const char *value) \
    {                                                                   \
        return parse_boolean(value, &ctx->field);                       \
    }

#define IMPLEMENT_SSL_TEST_STRING_OPTION(struct_type, name, field)      \
    static int parse_##name##_##field(struct_type *ctx, const char *value) \
    {                                                                   \
        OPENSSL_free(ctx->field);                                       \
        ctx->field = OPENSSL_strdup(value);                             \
        TEST_check(ctx->field != NULL);                                 \
        return 1;                                                       \
    }

#define IMPLEMENT_SSL_TEST_INT_OPTION(struct_type, name, field)        \
    static int parse_##name##_##field(struct_type *ctx, const char *value) \
    {                                                                   \
        ctx->field = atoi(value);                                       \
        return 1;                                                       \
    }

/* True enums and other test configuration values that map to an int. */
typedef struct {
    const char *name;
    int value;
} test_enum;


__owur static int parse_enum(const test_enum *enums, size_t num_enums,
                             int *value, const char *name)
{
    size_t i;
    for (i = 0; i < num_enums; i++) {
        if (strcmp(enums[i].name, name) == 0) {
            *value = enums[i].value;
            return 1;
        }
    }
    return 0;
}

static const char *enum_name(const test_enum *enums, size_t num_enums,
                             int value)
{
    size_t i;
    for (i = 0; i < num_enums; i++) {
        if (enums[i].value == value) {
            return enums[i].name;
        }
    }
    return "InvalidValue";
}


/*******************/
/* ExpectedResult. */
/*******************/

static const test_enum ssl_test_results[] = {
    {"Success", SSL_TEST_SUCCESS},
    {"ServerFail", SSL_TEST_SERVER_FAIL},
    {"ClientFail", SSL_TEST_CLIENT_FAIL},
    {"InternalError", SSL_TEST_INTERNAL_ERROR},
};

__owur static int parse_expected_result(SSL_TEST_CTX *test_ctx, const char *value)
{
    int ret_value;
    if (!parse_enum(ssl_test_results, OSSL_NELEM(ssl_test_results),
                    &ret_value, value)) {
        return 0;
    }
    test_ctx->expected_result = ret_value;
    return 1;
}

const char *ssl_test_result_name(ssl_test_result_t result)
{
    return enum_name(ssl_test_results, OSSL_NELEM(ssl_test_results), result);
}

/**********************************************/
/* ExpectedClientAlert / ExpectedServerAlert. */
/**********************************************/

static const test_enum ssl_alerts[] = {
    {"UnknownCA", SSL_AD_UNKNOWN_CA},
    {"HandshakeFailure", SSL_AD_HANDSHAKE_FAILURE},
    {"UnrecognizedName", SSL_AD_UNRECOGNIZED_NAME},
    {"BadCertificate", SSL_AD_BAD_CERTIFICATE},
    {"NoApplicationProtocol", SSL_AD_NO_APPLICATION_PROTOCOL},
};

__owur static int parse_alert(int *alert, const char *value)
{
    return parse_enum(ssl_alerts, OSSL_NELEM(ssl_alerts), alert, value);
}

__owur static int parse_client_alert(SSL_TEST_CTX *test_ctx, const char *value)
{
    return parse_alert(&test_ctx->expected_client_alert, value);
}

__owur static int parse_server_alert(SSL_TEST_CTX *test_ctx, const char *value)
{
    return parse_alert(&test_ctx->expected_server_alert, value);
}

const char *ssl_alert_name(int alert)
{
    return enum_name(ssl_alerts, OSSL_NELEM(ssl_alerts), alert);
}

/********************/
/* ExpectedProtocol */
/********************/

static const test_enum ssl_protocols[] = {
     {"TLSv1.2", TLS1_2_VERSION},
     {"TLSv1.1", TLS1_1_VERSION},
     {"TLSv1", TLS1_VERSION},
     {"SSLv3", SSL3_VERSION},
     {"DTLSv1", DTLS1_VERSION},
     {"DTLSv1.2", DTLS1_2_VERSION},
};

__owur static int parse_protocol(SSL_TEST_CTX *test_ctx, const char *value)
{
    return parse_enum(ssl_protocols, OSSL_NELEM(ssl_protocols),
                      &test_ctx->expected_protocol, value);
}

const char *ssl_protocol_name(int protocol)
{
    return enum_name(ssl_protocols, OSSL_NELEM(ssl_protocols), protocol);
}

/***********************/
/* VerifyCallback.     */
/***********************/

static const test_enum ssl_verify_callbacks[] = {
    {"None", SSL_TEST_VERIFY_NONE},
    {"AcceptAll", SSL_TEST_VERIFY_ACCEPT_ALL},
    {"RejectAll", SSL_TEST_VERIFY_REJECT_ALL},
};

__owur static int parse_client_verify_callback(SSL_TEST_CLIENT_CONF *client_conf,
                                               const char *value)
{
    int ret_value;
    if (!parse_enum(ssl_verify_callbacks, OSSL_NELEM(ssl_verify_callbacks),
                    &ret_value, value)) {
        return 0;
    }
    client_conf->verify_callback = ret_value;
    return 1;
}

const char *ssl_verify_callback_name(ssl_verify_callback_t callback)
{
    return enum_name(ssl_verify_callbacks, OSSL_NELEM(ssl_verify_callbacks),
                     callback);
}

/**************/
/* ServerName */
/**************/

static const test_enum ssl_servername[] = {
    {"None", SSL_TEST_SERVERNAME_NONE},
    {"server1", SSL_TEST_SERVERNAME_SERVER1},
    {"server2", SSL_TEST_SERVERNAME_SERVER2},
    {"invalid", SSL_TEST_SERVERNAME_INVALID},
};

__owur static int parse_servername(SSL_TEST_CLIENT_CONF *client_conf,
                                   const char *value)
{
    int ret_value;
    if (!parse_enum(ssl_servername, OSSL_NELEM(ssl_servername),
                    &ret_value, value)) {
        return 0;
    }
    client_conf->servername = ret_value;
    return 1;
}

__owur static int parse_expected_servername(SSL_TEST_CTX *test_ctx,
                                            const char *value)
{
    int ret_value;
    if (!parse_enum(ssl_servername, OSSL_NELEM(ssl_servername),
                    &ret_value, value)) {
        return 0;
    }
    test_ctx->expected_servername = ret_value;
    return 1;
}

const char *ssl_servername_name(ssl_servername_t server)
{
    return enum_name(ssl_servername, OSSL_NELEM(ssl_servername),
                     server);
}

/**********************/
/* ServerNameCallback */
/**********************/

static const test_enum ssl_servername_callbacks[] = {
    {"None", SSL_TEST_SERVERNAME_CB_NONE},
    {"IgnoreMismatch", SSL_TEST_SERVERNAME_IGNORE_MISMATCH},
    {"RejectMismatch", SSL_TEST_SERVERNAME_REJECT_MISMATCH},
};

__owur static int parse_servername_callback(SSL_TEST_SERVER_CONF *server_conf,
                                            const char *value)
{
    int ret_value;
    if (!parse_enum(ssl_servername_callbacks,
                    OSSL_NELEM(ssl_servername_callbacks), &ret_value, value)) {
        return 0;
    }
    server_conf->servername_callback = ret_value;
    return 1;
}

const char *ssl_servername_callback_name(ssl_servername_callback_t callback)
{
    return enum_name(ssl_servername_callbacks,
                     OSSL_NELEM(ssl_servername_callbacks), callback);
}

/*************************/
/* SessionTicketExpected */
/*************************/

static const test_enum ssl_session_ticket[] = {
    {"Ignore", SSL_TEST_SESSION_TICKET_IGNORE},
    {"Yes", SSL_TEST_SESSION_TICKET_YES},
    {"No", SSL_TEST_SESSION_TICKET_NO},
};

__owur static int parse_session_ticket(SSL_TEST_CTX *test_ctx, const char *value)
{
    int ret_value;
    if (!parse_enum(ssl_session_ticket, OSSL_NELEM(ssl_session_ticket),
                    &ret_value, value)) {
        return 0;
    }
    test_ctx->session_ticket_expected = ret_value;
    return 1;
}

const char *ssl_session_ticket_name(ssl_session_ticket_t server)
{
    return enum_name(ssl_session_ticket,
                     OSSL_NELEM(ssl_session_ticket),
                     server);
}

/***********************/
/* Method              */
/***********************/

static const test_enum ssl_test_methods[] = {
    {"TLS", SSL_TEST_METHOD_TLS},
    {"DTLS", SSL_TEST_METHOD_DTLS},
};

__owur static int parse_test_method(SSL_TEST_CTX *test_ctx, const char *value)
{
    int ret_value;
    if (!parse_enum(ssl_test_methods, OSSL_NELEM(ssl_test_methods),
                    &ret_value, value)) {
        return 0;
    }
    test_ctx->method = ret_value;
    return 1;
}

const char *ssl_test_method_name(ssl_test_method_t method)
{
    return enum_name(ssl_test_methods, OSSL_NELEM(ssl_test_methods), method);
}

/************************************/
/* NPN and ALPN options             */
/************************************/

IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, npn_protocols)
IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, npn_protocols)
IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_npn_protocol)
IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, alpn_protocols)
IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, alpn_protocols)
IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_alpn_protocol)

/***********************/
/* Handshake mode      */
/***********************/

static const test_enum ssl_handshake_modes[] = {
    {"Simple", SSL_TEST_HANDSHAKE_SIMPLE},
    {"Resume", SSL_TEST_HANDSHAKE_RESUME},
    {"Renegotiate", SSL_TEST_HANDSHAKE_RENEGOTIATE},
};

__owur static int parse_handshake_mode(SSL_TEST_CTX *test_ctx, const char *value)
{
    int ret_value;
    if (!parse_enum(ssl_handshake_modes, OSSL_NELEM(ssl_handshake_modes),
                    &ret_value, value)) {
        return 0;
    }
    test_ctx->handshake_mode = ret_value;
    return 1;
}

const char *ssl_handshake_mode_name(ssl_handshake_mode_t mode)
{
    return enum_name(ssl_handshake_modes, OSSL_NELEM(ssl_handshake_modes),
                     mode);
}

/***********************/
/* CT Validation       */
/***********************/

static const test_enum ssl_ct_validation_modes[] = {
    {"None", SSL_TEST_CT_VALIDATION_NONE},
    {"Permissive", SSL_TEST_CT_VALIDATION_PERMISSIVE},
    {"Strict", SSL_TEST_CT_VALIDATION_STRICT},
};

__owur static int parse_ct_validation(SSL_TEST_CLIENT_CONF *client_conf,
                                      const char *value)
{
    int ret_value;
    if (!parse_enum(ssl_ct_validation_modes, OSSL_NELEM(ssl_ct_validation_modes),
                    &ret_value, value)) {
        return 0;
    }
    client_conf->ct_validation = ret_value;
    return 1;
}

const char *ssl_ct_validation_name(ssl_ct_validation_t mode)
{
    return enum_name(ssl_ct_validation_modes, OSSL_NELEM(ssl_ct_validation_modes),
                     mode);
}

IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, resumption_expected)
IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_SERVER_CONF, server, broken_session_ticket)

/**************/
/* CertStatus */
/**************/

static const test_enum ssl_certstatus[] = {
    {"None", SSL_TEST_CERT_STATUS_NONE},
    {"GoodResponse", SSL_TEST_CERT_STATUS_GOOD_RESPONSE},
    {"BadResponse", SSL_TEST_CERT_STATUS_BAD_RESPONSE}
};

__owur static int parse_certstatus(SSL_TEST_SERVER_CONF *server_conf,
                                            const char *value)
{
    int ret_value;
    if (!parse_enum(ssl_certstatus, OSSL_NELEM(ssl_certstatus), &ret_value,
                    value)) {
        return 0;
    }
    server_conf->cert_status = ret_value;
    return 1;
}

const char *ssl_certstatus_name(ssl_cert_status_t cert_status)
{
    return enum_name(ssl_certstatus,
                     OSSL_NELEM(ssl_certstatus), cert_status);
}

/***********************/
/* ApplicationData     */
/***********************/

IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, app_data_size)

/***********************/
/* MaxFragmentSize     */
/***********************/

IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, max_fragment_size)

/*************************************************************/
/* Known test options and their corresponding parse methods. */
/*************************************************************/

/* Top-level options. */
typedef struct {
    const char *name;
    int (*parse)(SSL_TEST_CTX *test_ctx, const char *value);
} ssl_test_ctx_option;

static const ssl_test_ctx_option ssl_test_ctx_options[] = {
    { "ExpectedResult", &parse_expected_result },
    { "ExpectedClientAlert", &parse_client_alert },
    { "ExpectedServerAlert", &parse_server_alert },
    { "ExpectedProtocol", &parse_protocol },
    { "ExpectedServerName", &parse_expected_servername },
    { "SessionTicketExpected", &parse_session_ticket },
    { "Method", &parse_test_method },
    { "ExpectedNPNProtocol", &parse_test_expected_npn_protocol },
    { "ExpectedALPNProtocol", &parse_test_expected_alpn_protocol },
    { "HandshakeMode", &parse_handshake_mode },
    { "ResumptionExpected", &parse_test_resumption_expected },
    { "ApplicationData", &parse_test_app_data_size },
    { "MaxFragmentSize", &parse_test_max_fragment_size },
};

/* Nested client options. */
typedef struct {
    const char *name;
    int (*parse)(SSL_TEST_CLIENT_CONF *conf, const char *value);
} ssl_test_client_option;

static const ssl_test_client_option ssl_test_client_options[] = {
    { "VerifyCallback", &parse_client_verify_callback },
    { "ServerName", &parse_servername },
    { "NPNProtocols", &parse_client_npn_protocols },
    { "ALPNProtocols", &parse_client_alpn_protocols },
    { "CTValidation", &parse_ct_validation },
};

/* Nested server options. */
typedef struct {
    const char *name;
    int (*parse)(SSL_TEST_SERVER_CONF *conf, const char *value);
} ssl_test_server_option;

static const ssl_test_server_option ssl_test_server_options[] = {
    { "ServerNameCallback", &parse_servername_callback },
    { "NPNProtocols", &parse_server_npn_protocols },
    { "ALPNProtocols", &parse_server_alpn_protocols },
    { "BrokenSessionTicket", &parse_server_broken_session_ticket },
    { "CertStatus", &parse_certstatus },
};

/*
 * Since these methods are used to create tests, we use TEST_check liberally
 * for malloc failures and other internal errors.
 */
SSL_TEST_CTX *SSL_TEST_CTX_new()
{
    SSL_TEST_CTX *ret;
    ret = OPENSSL_zalloc(sizeof(*ret));
    TEST_check(ret != NULL);
    ret->app_data_size = default_app_data_size;
    ret->max_fragment_size = default_max_fragment_size;
    return ret;
}

static void ssl_test_extra_conf_free_data(SSL_TEST_EXTRA_CONF *conf)
{
    OPENSSL_free(conf->client.npn_protocols);
    OPENSSL_free(conf->server.npn_protocols);
    OPENSSL_free(conf->server2.npn_protocols);
    OPENSSL_free(conf->client.alpn_protocols);
    OPENSSL_free(conf->server.alpn_protocols);
    OPENSSL_free(conf->server2.alpn_protocols);
}

static void ssl_test_ctx_free_extra_data(SSL_TEST_CTX *ctx)
{
    ssl_test_extra_conf_free_data(&ctx->extra);
    ssl_test_extra_conf_free_data(&ctx->resume_extra);
}

void SSL_TEST_CTX_free(SSL_TEST_CTX *ctx)
{
    ssl_test_ctx_free_extra_data(ctx);
    OPENSSL_free(ctx->expected_npn_protocol);
    OPENSSL_free(ctx->expected_alpn_protocol);
    OPENSSL_free(ctx);
}

static int parse_client_options(SSL_TEST_CLIENT_CONF *client, const CONF *conf,
                                const char *client_section)
{
    STACK_OF(CONF_VALUE) *sk_conf;
    int i;
    size_t j;

    sk_conf = NCONF_get_section(conf, client_section);
    TEST_check(sk_conf != NULL);

    for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) {
        int found = 0;
        const CONF_VALUE *option = sk_CONF_VALUE_value(sk_conf, i);
        for (j = 0; j < OSSL_NELEM(ssl_test_client_options); j++) {
            if (strcmp(option->name, ssl_test_client_options[j].name) == 0) {
                if (!ssl_test_client_options[j].parse(client, option->value)) {
                    fprintf(stderr, "Bad value %s for option %s\n",
                            option->value, option->name);
                    return 0;
                }
                found = 1;
                break;
            }
        }
        if (!found) {
            fprintf(stderr, "Unknown test option: %s\n", option->name);
            return 0;
        }
    }

    return 1;
}

static int parse_server_options(SSL_TEST_SERVER_CONF *server, const CONF *conf,
                                const char *server_section)
{
    STACK_OF(CONF_VALUE) *sk_conf;
    int i;
    size_t j;

    sk_conf = NCONF_get_section(conf, server_section);
    TEST_check(sk_conf != NULL);

    for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) {
        int found = 0;
        const CONF_VALUE *option = sk_CONF_VALUE_value(sk_conf, i);
        for (j = 0; j < OSSL_NELEM(ssl_test_server_options); j++) {
            if (strcmp(option->name, ssl_test_server_options[j].name) == 0) {
                if (!ssl_test_server_options[j].parse(server, option->value)) {
                    fprintf(stderr, "Bad value %s for option %s\n",
                            option->value, option->name);
                    return 0;
                }
                found = 1;
                break;
            }
        }
        if (!found) {
            fprintf(stderr, "Unknown test option: %s\n", option->name);
            return 0;
        }
    }

    return 1;
}

SSL_TEST_CTX *SSL_TEST_CTX_create(const CONF *conf, const char *test_section)
{
    STACK_OF(CONF_VALUE) *sk_conf;
    SSL_TEST_CTX *ctx;
    int i;
    size_t j;

    sk_conf = NCONF_get_section(conf, test_section);
    TEST_check(sk_conf != NULL);

    ctx = SSL_TEST_CTX_new();
    TEST_check(ctx != NULL);

    for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) {
        int found = 0;
        const CONF_VALUE *option = sk_CONF_VALUE_value(sk_conf, i);

        /* Subsections */
        if (strcmp(option->name, "client") == 0) {
            if (!parse_client_options(&ctx->extra.client, conf,
                                      option->value))
                goto err;
        } else if (strcmp(option->name, "server") == 0) {
            if (!parse_server_options(&ctx->extra.server, conf,
                                      option->value))
                goto err;
        } else if (strcmp(option->name, "server2") == 0) {
            if (!parse_server_options(&ctx->extra.server2, conf,
                                      option->value))
                goto err;
        } else if (strcmp(option->name, "resume-client") == 0) {
            if (!parse_client_options(&ctx->resume_extra.client, conf,
                                      option->value))
                goto err;
        } else if (strcmp(option->name, "resume-server") == 0) {
            if (!parse_server_options(&ctx->resume_extra.server, conf,
                                      option->value))
                goto err;
        } else if (strcmp(option->name, "resume-server2") == 0) {
            if (!parse_server_options(&ctx->resume_extra.server2, conf,
                                      option->value))
                goto err;

        } else {
            for (j = 0; j < OSSL_NELEM(ssl_test_ctx_options); j++) {
                if (strcmp(option->name, ssl_test_ctx_options[j].name) == 0) {
                    if (!ssl_test_ctx_options[j].parse(ctx, option->value)) {
                        fprintf(stderr, "Bad value %s for option %s\n",
                                option->value, option->name);
                        goto err;
                    }
                    found = 1;
                    break;
                }
            }
            if (!found) {
                fprintf(stderr, "Unknown test option: %s\n", option->name);
                goto err;
            }
        }
    }

    goto done;

 err:
    SSL_TEST_CTX_free(ctx);
    ctx = NULL;
 done:
    return ctx;
}
Commit	Line	Data
453dfd8d EK	1	/*
	2	* Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
	3	*
440e5d80 RS	4	* Licensed under the OpenSSL license (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
453dfd8d	7	* https://www.openssl.org/source/license.html
453dfd8d EK	8	*/
	9
	10	#include <string.h>
	11
	12	#include <openssl/e_os2.h>
	13	#include <openssl/crypto.h>
	14
	15	#include "e_os.h"
	16	#include "ssl_test_ctx.h"
d61f0078	17	#include "testutil.h"
453dfd8d	18
e0421bd8	19	static const int default_app_data_size = 256;
6dc99745 EK	20	/* Default set to be as small as possible to exercise fragmentation. */
6dc99745 EK	21	static const int default_max_fragment_size = 512;
e0421bd8 EK	22
	23	static int parse_boolean(const char value, int result)
	24	{
	25	if (strcasecmp(value, "Yes") == 0) {
	26	*result = 1;
	27	return 1;
	28	}
	29	else if (strcasecmp(value, "No") == 0) {
	30	*result = 0;
	31	return 1;
	32	}
	33	return 0;
	34	}
	35
	36	#define IMPLEMENT_SSL_TEST_BOOL_OPTION(struct_type, name, field) \
	37	static int parse_##name##_##field(struct_type ctx, const char value) \
	38	{ \
	39	return parse_boolean(value, &ctx->field); \
	40	}
	41
	42	#define IMPLEMENT_SSL_TEST_STRING_OPTION(struct_type, name, field) \
	43	static int parse_##name##_##field(struct_type ctx, const char value) \
	44	{ \
	45	OPENSSL_free(ctx->field); \
	46	ctx->field = OPENSSL_strdup(value); \
	47	TEST_check(ctx->field != NULL); \
	48	return 1; \
	49	}
	50
	51	#define IMPLEMENT_SSL_TEST_INT_OPTION(struct_type, name, field) \
	52	static int parse_##name##_##field(struct_type ctx, const char value) \
	53	{ \
	54	ctx->field = atoi(value); \
	55	return 1; \
	56	}
	57
453dfd8d EK	58	/* True enums and other test configuration values that map to an int. */
	59	typedef struct {
	60	const char *name;
	61	int value;
	62	} test_enum;
	63
	64
	65	__owur static int parse_enum(const test_enum *enums, size_t num_enums,
	66	int value, const char name)
	67	{
	68	size_t i;
	69	for (i = 0; i < num_enums; i++) {
	70	if (strcmp(enums[i].name, name) == 0) {
	71	*value = enums[i].value;
	72	return 1;
	73	}
	74	}
	75	return 0;
	76	}
	77
	78	static const char enum_name(const test_enum enums, size_t num_enums,
	79	int value)
	80	{
	81	size_t i;
	82	for (i = 0; i < num_enums; i++) {
	83	if (enums[i].value == value) {
	84	return enums[i].name;
	85	}
	86	}
	87	return "InvalidValue";
	88	}
	89
	90
	91	/*******************/
	92	/* ExpectedResult. */
	93	/*******************/
	94
	95	static const test_enum ssl_test_results[] = {
	96	{"Success", SSL_TEST_SUCCESS},
	97	{"ServerFail", SSL_TEST_SERVER_FAIL},
	98	{"ClientFail", SSL_TEST_CLIENT_FAIL},
	99	{"InternalError", SSL_TEST_INTERNAL_ERROR},
	100	};
	101
	102	__owur static int parse_expected_result(SSL_TEST_CTX test_ctx, const char value)
	103	{
	104	int ret_value;
	105	if (!parse_enum(ssl_test_results, OSSL_NELEM(ssl_test_results),
	106	&ret_value, value)) {
	107	return 0;
	108	}
	109	test_ctx->expected_result = ret_value;
	110	return 1;
	111	}
	112
a263f320	113	const char *ssl_test_result_name(ssl_test_result_t result)
453dfd8d EK	114	{
	115	return enum_name(ssl_test_results, OSSL_NELEM(ssl_test_results), result);
	116	}
	117
9f48bbac EK	118	/**********************************************/
	119	/* ExpectedClientAlert / ExpectedServerAlert. */
	120	/**********************************************/
453dfd8d EK	121
	122	static const test_enum ssl_alerts[] = {
	123	{"UnknownCA", SSL_AD_UNKNOWN_CA},
a263f320	124	{"HandshakeFailure", SSL_AD_HANDSHAKE_FAILURE},
d2b23cd2	125	{"UnrecognizedName", SSL_AD_UNRECOGNIZED_NAME},
ce2cdac2 EK	126	{"BadCertificate", SSL_AD_BAD_CERTIFICATE},
ce2cdac2 EK	127	{"NoApplicationProtocol", SSL_AD_NO_APPLICATION_PROTOCOL},
453dfd8d EK	128	};
	129
	130	__owur static int parse_alert(int alert, const char value)
	131	{
	132	return parse_enum(ssl_alerts, OSSL_NELEM(ssl_alerts), alert, value);
	133	}
	134
	135	__owur static int parse_client_alert(SSL_TEST_CTX test_ctx, const char value)
	136	{
9f48bbac	137	return parse_alert(&test_ctx->expected_client_alert, value);
453dfd8d EK	138	}
	139
	140	__owur static int parse_server_alert(SSL_TEST_CTX test_ctx, const char value)
	141	{
9f48bbac	142	return parse_alert(&test_ctx->expected_server_alert, value);
453dfd8d EK	143	}
	144
	145	const char *ssl_alert_name(int alert)
	146	{
	147	return enum_name(ssl_alerts, OSSL_NELEM(ssl_alerts), alert);
	148	}
	149
9f48bbac EK	150	/********************/
	151	/* ExpectedProtocol */
	152	/********************/
453dfd8d EK	153
	154	static const test_enum ssl_protocols[] = {
	155	{"TLSv1.2", TLS1_2_VERSION},
	156	{"TLSv1.1", TLS1_1_VERSION},
	157	{"TLSv1", TLS1_VERSION},
	158	{"SSLv3", SSL3_VERSION},
74726750 EK	159	{"DTLSv1", DTLS1_VERSION},
74726750 EK	160	{"DTLSv1.2", DTLS1_2_VERSION},
453dfd8d EK	161	};
	162
	163	__owur static int parse_protocol(SSL_TEST_CTX test_ctx, const char value)
	164	{
	165	return parse_enum(ssl_protocols, OSSL_NELEM(ssl_protocols),
9f48bbac	166	&test_ctx->expected_protocol, value);
453dfd8d EK	167	}
	168
	169	const char *ssl_protocol_name(int protocol)
	170	{
	171	return enum_name(ssl_protocols, OSSL_NELEM(ssl_protocols), protocol);
	172	}
	173
a263f320	174	/***********************/
e0421bd8	175	/* VerifyCallback. */
a263f320 EK	176	/***********************/
	177
	178	static const test_enum ssl_verify_callbacks[] = {
	179	{"None", SSL_TEST_VERIFY_NONE},
	180	{"AcceptAll", SSL_TEST_VERIFY_ACCEPT_ALL},
	181	{"RejectAll", SSL_TEST_VERIFY_REJECT_ALL},
	182	};
	183
9f48bbac	184	__owur static int parse_client_verify_callback(SSL_TEST_CLIENT_CONF *client_conf,
da085d27	185	const char *value)
a263f320 EK	186	{
	187	int ret_value;
	188	if (!parse_enum(ssl_verify_callbacks, OSSL_NELEM(ssl_verify_callbacks),
	189	&ret_value, value)) {
	190	return 0;
	191	}
9f48bbac	192	client_conf->verify_callback = ret_value;
a263f320 EK	193	return 1;
	194	}
	195
	196	const char *ssl_verify_callback_name(ssl_verify_callback_t callback)
	197	{
	198	return enum_name(ssl_verify_callbacks, OSSL_NELEM(ssl_verify_callbacks),
	199	callback);
	200	}
	201
5c753de6 TS	202	/**************/
	203	/* ServerName */
	204	/**************/
	205
	206	static const test_enum ssl_servername[] = {
81fc33c9	207	{"None", SSL_TEST_SERVERNAME_NONE},
5c753de6 TS	208	{"server1", SSL_TEST_SERVERNAME_SERVER1},
5c753de6 TS	209	{"server2", SSL_TEST_SERVERNAME_SERVER2},
d2b23cd2	210	{"invalid", SSL_TEST_SERVERNAME_INVALID},
5c753de6 TS	211	};
5c753de6 TS	212
9f48bbac	213	__owur static int parse_servername(SSL_TEST_CLIENT_CONF *client_conf,
5c753de6 TS	214	const char *value)
	215	{
	216	int ret_value;
	217	if (!parse_enum(ssl_servername, OSSL_NELEM(ssl_servername),
	218	&ret_value, value)) {
	219	return 0;
	220	}
9f48bbac	221	client_conf->servername = ret_value;
5c753de6 TS	222	return 1;
	223	}
	224
d2b23cd2 EK	225	__owur static int parse_expected_servername(SSL_TEST_CTX *test_ctx,
	226	const char *value)
	227	{
	228	int ret_value;
	229	if (!parse_enum(ssl_servername, OSSL_NELEM(ssl_servername),
	230	&ret_value, value)) {
	231	return 0;
	232	}
	233	test_ctx->expected_servername = ret_value;
	234	return 1;
	235	}
	236
5c753de6 TS	237	const char *ssl_servername_name(ssl_servername_t server)
	238	{
	239	return enum_name(ssl_servername, OSSL_NELEM(ssl_servername),
	240	server);
	241	}
	242
9f48bbac EK	243	/**********************/
	244	/* ServerNameCallback */
	245	/**********************/
d2b23cd2 EK	246
	247	static const test_enum ssl_servername_callbacks[] = {
	248	{"None", SSL_TEST_SERVERNAME_CB_NONE},
	249	{"IgnoreMismatch", SSL_TEST_SERVERNAME_IGNORE_MISMATCH},
	250	{"RejectMismatch", SSL_TEST_SERVERNAME_REJECT_MISMATCH},
	251	};
	252
9f48bbac EK	253	__owur static int parse_servername_callback(SSL_TEST_SERVER_CONF *server_conf,
9f48bbac EK	254	const char *value)
d2b23cd2 EK	255	{
	256	int ret_value;
	257	if (!parse_enum(ssl_servername_callbacks,
	258	OSSL_NELEM(ssl_servername_callbacks), &ret_value, value)) {
	259	return 0;
	260	}
9f48bbac	261	server_conf->servername_callback = ret_value;
d2b23cd2 EK	262	return 1;
	263	}
	264
	265	const char *ssl_servername_callback_name(ssl_servername_callback_t callback)
	266	{
	267	return enum_name(ssl_servername_callbacks,
	268	OSSL_NELEM(ssl_servername_callbacks), callback);
	269	}
	270
5c753de6 TS	271	/*************************/
	272	/* SessionTicketExpected */
	273	/*************************/
	274
81fc33c9	275	static const test_enum ssl_session_ticket[] = {
5c753de6 TS	276	{"Ignore", SSL_TEST_SESSION_TICKET_IGNORE},
	277	{"Yes", SSL_TEST_SESSION_TICKET_YES},
	278	{"No", SSL_TEST_SESSION_TICKET_NO},
5c753de6 TS	279	};
5c753de6 TS	280
81fc33c9	281	__owur static int parse_session_ticket(SSL_TEST_CTX test_ctx, const char value)
5c753de6 TS	282	{
5c753de6 TS	283	int ret_value;
81fc33c9	284	if (!parse_enum(ssl_session_ticket, OSSL_NELEM(ssl_session_ticket),
5c753de6 TS	285	&ret_value, value)) {
	286	return 0;
	287	}
	288	test_ctx->session_ticket_expected = ret_value;
	289	return 1;
	290	}
	291
81fc33c9	292	const char *ssl_session_ticket_name(ssl_session_ticket_t server)
5c753de6	293	{
81fc33c9 EK	294	return enum_name(ssl_session_ticket,
81fc33c9 EK	295	OSSL_NELEM(ssl_session_ticket),
5c753de6 TS	296	server);
5c753de6 TS	297	}
453dfd8d	298
74726750	299	/***********************/
9f48bbac	300	/* Method */
74726750 EK	301	/***********************/
	302
	303	static const test_enum ssl_test_methods[] = {
	304	{"TLS", SSL_TEST_METHOD_TLS},
	305	{"DTLS", SSL_TEST_METHOD_DTLS},
	306	};
	307
	308	__owur static int parse_test_method(SSL_TEST_CTX test_ctx, const char value)
	309	{
	310	int ret_value;
	311	if (!parse_enum(ssl_test_methods, OSSL_NELEM(ssl_test_methods),
	312	&ret_value, value)) {
	313	return 0;
	314	}
	315	test_ctx->method = ret_value;
	316	return 1;
	317	}
	318
	319	const char *ssl_test_method_name(ssl_test_method_t method)
	320	{
	321	return enum_name(ssl_test_methods, OSSL_NELEM(ssl_test_methods), method);
	322	}
	323
ce2cdac2 EK	324	/************************************/
	325	/* NPN and ALPN options */
	326	/************************************/
	327
9f48bbac EK	328	IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, npn_protocols)
	329	IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, npn_protocols)
	330	IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_npn_protocol)
	331	IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CLIENT_CONF, client, alpn_protocols)
	332	IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_SERVER_CONF, server, alpn_protocols)
	333	IMPLEMENT_SSL_TEST_STRING_OPTION(SSL_TEST_CTX, test, expected_alpn_protocol)
ce2cdac2	334
590ed3d7 EK	335	/***********************/
	336	/* Handshake mode */
	337	/***********************/
	338
	339	static const test_enum ssl_handshake_modes[] = {
	340	{"Simple", SSL_TEST_HANDSHAKE_SIMPLE},
	341	{"Resume", SSL_TEST_HANDSHAKE_RESUME},
	342	{"Renegotiate", SSL_TEST_HANDSHAKE_RENEGOTIATE},
	343	};
	344
	345	__owur static int parse_handshake_mode(SSL_TEST_CTX test_ctx, const char value)
	346	{
	347	int ret_value;
	348	if (!parse_enum(ssl_handshake_modes, OSSL_NELEM(ssl_handshake_modes),
	349	&ret_value, value)) {
	350	return 0;
	351	}
	352	test_ctx->handshake_mode = ret_value;
	353	return 1;
	354	}
	355
	356	const char *ssl_handshake_mode_name(ssl_handshake_mode_t mode)
	357	{
	358	return enum_name(ssl_handshake_modes, OSSL_NELEM(ssl_handshake_modes),
	359	mode);
	360	}
	361
da085d27 EK	362	/***********************/
	363	/* CT Validation */
	364	/***********************/
	365
	366	static const test_enum ssl_ct_validation_modes[] = {
	367	{"None", SSL_TEST_CT_VALIDATION_NONE},
	368	{"Permissive", SSL_TEST_CT_VALIDATION_PERMISSIVE},
	369	{"Strict", SSL_TEST_CT_VALIDATION_STRICT},
	370	};
	371
	372	__owur static int parse_ct_validation(SSL_TEST_CLIENT_CONF *client_conf,
	373	const char *value)
	374	{
	375	int ret_value;
	376	if (!parse_enum(ssl_ct_validation_modes, OSSL_NELEM(ssl_ct_validation_modes),
	377	&ret_value, value)) {
	378	return 0;
	379	}
	380	client_conf->ct_validation = ret_value;
	381	return 1;
	382	}
	383
	384	const char *ssl_ct_validation_name(ssl_ct_validation_t mode)
	385	{
	386	return enum_name(ssl_ct_validation_modes, OSSL_NELEM(ssl_ct_validation_modes),
	387	mode);
	388	}
	389
9f48bbac EK	390	IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_CTX, test, resumption_expected)
9f48bbac EK	391	IMPLEMENT_SSL_TEST_BOOL_OPTION(SSL_TEST_SERVER_CONF, server, broken_session_ticket)
590ed3d7	392
767ccc3b MC	393	/**************/
	394	/* CertStatus */
	395	/**************/
	396
	397	static const test_enum ssl_certstatus[] = {
	398	{"None", SSL_TEST_CERT_STATUS_NONE},
	399	{"GoodResponse", SSL_TEST_CERT_STATUS_GOOD_RESPONSE},
	400	{"BadResponse", SSL_TEST_CERT_STATUS_BAD_RESPONSE}
	401	};
	402
	403	__owur static int parse_certstatus(SSL_TEST_SERVER_CONF *server_conf,
	404	const char *value)
	405	{
	406	int ret_value;
	407	if (!parse_enum(ssl_certstatus, OSSL_NELEM(ssl_certstatus), &ret_value,
	408	value)) {
	409	return 0;
	410	}
	411	server_conf->cert_status = ret_value;
	412	return 1;
	413	}
	414
	415	const char *ssl_certstatus_name(ssl_cert_status_t cert_status)
	416	{
	417	return enum_name(ssl_certstatus,
	418	OSSL_NELEM(ssl_certstatus), cert_status);
	419	}
	420
e0421bd8	421	/***********************/
6dc99745	422	/* ApplicationData */
e0421bd8 EK	423	/***********************/
	424
	425	IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, app_data_size)
	426
6dc99745 EK	427	/***********************/
	428	/* MaxFragmentSize */
	429	/***********************/
	430
	431	IMPLEMENT_SSL_TEST_INT_OPTION(SSL_TEST_CTX, test, max_fragment_size)
	432
453dfd8d EK	433	/*************************************************************/
	434	/* Known test options and their corresponding parse methods. */
	435	/*************************************************************/
	436
9f48bbac	437	/* Top-level options. */
453dfd8d EK	438	typedef struct {
	439	const char *name;
	440	int (parse)(SSL_TEST_CTX test_ctx, const char *value);
	441	} ssl_test_ctx_option;
	442
	443	static const ssl_test_ctx_option ssl_test_ctx_options[] = {
	444	{ "ExpectedResult", &parse_expected_result },
9f48bbac EK	445	{ "ExpectedClientAlert", &parse_client_alert },
	446	{ "ExpectedServerAlert", &parse_server_alert },
	447	{ "ExpectedProtocol", &parse_protocol },
d2b23cd2	448	{ "ExpectedServerName", &parse_expected_servername },
81fc33c9	449	{ "SessionTicketExpected", &parse_session_ticket },
74726750	450	{ "Method", &parse_test_method },
9f48bbac EK	451	{ "ExpectedNPNProtocol", &parse_test_expected_npn_protocol },
9f48bbac EK	452	{ "ExpectedALPNProtocol", &parse_test_expected_alpn_protocol },
590ed3d7	453	{ "HandshakeMode", &parse_handshake_mode },
9f48bbac	454	{ "ResumptionExpected", &parse_test_resumption_expected },
e0421bd8	455	{ "ApplicationData", &parse_test_app_data_size },
6dc99745	456	{ "MaxFragmentSize", &parse_test_max_fragment_size },
9f48bbac EK	457	};
	458
	459	/* Nested client options. */
	460	typedef struct {
	461	const char *name;
	462	int (parse)(SSL_TEST_CLIENT_CONF conf, const char *value);
	463	} ssl_test_client_option;
	464
	465	static const ssl_test_client_option ssl_test_client_options[] = {
	466	{ "VerifyCallback", &parse_client_verify_callback },
	467	{ "ServerName", &parse_servername },
	468	{ "NPNProtocols", &parse_client_npn_protocols },
	469	{ "ALPNProtocols", &parse_client_alpn_protocols },
da085d27	470	{ "CTValidation", &parse_ct_validation },
9f48bbac EK	471	};
	472
	473	/* Nested server options. */
	474	typedef struct {
	475	const char *name;
	476	int (parse)(SSL_TEST_SERVER_CONF conf, const char *value);
	477	} ssl_test_server_option;
	478
	479	static const ssl_test_server_option ssl_test_server_options[] = {
	480	{ "ServerNameCallback", &parse_servername_callback },
	481	{ "NPNProtocols", &parse_server_npn_protocols },
	482	{ "ALPNProtocols", &parse_server_alpn_protocols },
	483	{ "BrokenSessionTicket", &parse_server_broken_session_ticket },
767ccc3b	484	{ "CertStatus", &parse_certstatus },
453dfd8d EK	485	};
453dfd8d EK	486
453dfd8d	487	/*
d61f0078	488	* Since these methods are used to create tests, we use TEST_check liberally
453dfd8d EK	489	* for malloc failures and other internal errors.
	490	*/
	491	SSL_TEST_CTX *SSL_TEST_CTX_new()
	492	{
	493	SSL_TEST_CTX *ret;
	494	ret = OPENSSL_zalloc(sizeof(*ret));
d61f0078	495	TEST_check(ret != NULL);
e0421bd8	496	ret->app_data_size = default_app_data_size;
6dc99745	497	ret->max_fragment_size = default_max_fragment_size;
453dfd8d EK	498	return ret;
	499	}
	500
9f48bbac EK	501	static void ssl_test_extra_conf_free_data(SSL_TEST_EXTRA_CONF *conf)
	502	{
	503	OPENSSL_free(conf->client.npn_protocols);
	504	OPENSSL_free(conf->server.npn_protocols);
	505	OPENSSL_free(conf->server2.npn_protocols);
	506	OPENSSL_free(conf->client.alpn_protocols);
	507	OPENSSL_free(conf->server.alpn_protocols);
	508	OPENSSL_free(conf->server2.alpn_protocols);
	509	}
	510
	511	static void ssl_test_ctx_free_extra_data(SSL_TEST_CTX *ctx)
453dfd8d	512	{
9f48bbac EK	513	ssl_test_extra_conf_free_data(&ctx->extra);
	514	ssl_test_extra_conf_free_data(&ctx->resume_extra);
	515	}
ce2cdac2	516
9f48bbac EK	517	void SSL_TEST_CTX_free(SSL_TEST_CTX *ctx)
	518	{
	519	ssl_test_ctx_free_extra_data(ctx);
ce2cdac2 EK	520	OPENSSL_free(ctx->expected_npn_protocol);
ce2cdac2 EK	521	OPENSSL_free(ctx->expected_alpn_protocol);
453dfd8d EK	522	OPENSSL_free(ctx);
	523	}
	524
9f48bbac EK	525	static int parse_client_options(SSL_TEST_CLIENT_CONF client, const CONF conf,
9f48bbac EK	526	const char *client_section)
453dfd8d EK	527	{
453dfd8d EK	528	STACK_OF(CONF_VALUE) *sk_conf;
453dfd8d EK	529	int i;
	530	size_t j;
	531
9f48bbac	532	sk_conf = NCONF_get_section(conf, client_section);
d61f0078	533	TEST_check(sk_conf != NULL);
453dfd8d	534
9f48bbac EK	535	for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) {
	536	int found = 0;
	537	const CONF_VALUE *option = sk_CONF_VALUE_value(sk_conf, i);
	538	for (j = 0; j < OSSL_NELEM(ssl_test_client_options); j++) {
	539	if (strcmp(option->name, ssl_test_client_options[j].name) == 0) {
	540	if (!ssl_test_client_options[j].parse(client, option->value)) {
	541	fprintf(stderr, "Bad value %s for option %s\n",
	542	option->value, option->name);
	543	return 0;
	544	}
	545	found = 1;
	546	break;
	547	}
	548	}
	549	if (!found) {
	550	fprintf(stderr, "Unknown test option: %s\n", option->name);
	551	return 0;
	552	}
	553	}
	554
	555	return 1;
	556	}
	557
	558	static int parse_server_options(SSL_TEST_SERVER_CONF server, const CONF conf,
	559	const char *server_section)
	560	{
	561	STACK_OF(CONF_VALUE) *sk_conf;
	562	int i;
	563	size_t j;
	564
	565	sk_conf = NCONF_get_section(conf, server_section);
d61f0078	566	TEST_check(sk_conf != NULL);
453dfd8d EK	567
	568	for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) {
	569	int found = 0;
	570	const CONF_VALUE *option = sk_CONF_VALUE_value(sk_conf, i);
9f48bbac EK	571	for (j = 0; j < OSSL_NELEM(ssl_test_server_options); j++) {
	572	if (strcmp(option->name, ssl_test_server_options[j].name) == 0) {
	573	if (!ssl_test_server_options[j].parse(server, option->value)) {
453dfd8d EK	574	fprintf(stderr, "Bad value %s for option %s\n",
453dfd8d EK	575	option->value, option->name);
9f48bbac	576	return 0;
453dfd8d EK	577	}
	578	found = 1;
	579	break;
	580	}
	581	}
	582	if (!found) {
	583	fprintf(stderr, "Unknown test option: %s\n", option->name);
9f48bbac EK	584	return 0;
	585	}
	586	}
	587
	588	return 1;
	589	}
	590
	591	SSL_TEST_CTX SSL_TEST_CTX_create(const CONF conf, const char *test_section)
	592	{
	593	STACK_OF(CONF_VALUE) *sk_conf;
	594	SSL_TEST_CTX *ctx;
	595	int i;
	596	size_t j;
	597
	598	sk_conf = NCONF_get_section(conf, test_section);
d61f0078	599	TEST_check(sk_conf != NULL);
9f48bbac EK	600
9f48bbac EK	601	ctx = SSL_TEST_CTX_new();
d61f0078	602	TEST_check(ctx != NULL);
9f48bbac EK	603
	604	for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) {
	605	int found = 0;
	606	const CONF_VALUE *option = sk_CONF_VALUE_value(sk_conf, i);
	607
	608	/* Subsections */
	609	if (strcmp(option->name, "client") == 0) {
	610	if (!parse_client_options(&ctx->extra.client, conf,
	611	option->value))
	612	goto err;
	613	} else if (strcmp(option->name, "server") == 0) {
	614	if (!parse_server_options(&ctx->extra.server, conf,
	615	option->value))
	616	goto err;
	617	} else if (strcmp(option->name, "server2") == 0) {
	618	if (!parse_server_options(&ctx->extra.server2, conf,
	619	option->value))
	620	goto err;
	621	} else if (strcmp(option->name, "resume-client") == 0) {
	622	if (!parse_client_options(&ctx->resume_extra.client, conf,
	623	option->value))
	624	goto err;
	625	} else if (strcmp(option->name, "resume-server") == 0) {
	626	if (!parse_server_options(&ctx->resume_extra.server, conf,
	627	option->value))
	628	goto err;
	629	} else if (strcmp(option->name, "resume-server2") == 0) {
	630	if (!parse_server_options(&ctx->resume_extra.server2, conf,
	631	option->value))
	632	goto err;
	633
	634	} else {
	635	for (j = 0; j < OSSL_NELEM(ssl_test_ctx_options); j++) {
	636	if (strcmp(option->name, ssl_test_ctx_options[j].name) == 0) {
	637	if (!ssl_test_ctx_options[j].parse(ctx, option->value)) {
	638	fprintf(stderr, "Bad value %s for option %s\n",
	639	option->value, option->name);
	640	goto err;
	641	}
	642	found = 1;
	643	break;
	644	}
	645	}
	646	if (!found) {
	647	fprintf(stderr, "Unknown test option: %s\n", option->name);
	648	goto err;
	649	}
453dfd8d EK	650	}
	651	}
	652
	653	goto done;
	654
	655	err:
	656	SSL_TEST_CTX_free(ctx);
	657	ctx = NULL;
	658	done:
	659	return ctx;
	660	}