2
0

ssl_test.c 20 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577
  1. /*
  2. * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include <string.h>
  11. #include <openssl/conf.h>
  12. #include <openssl/err.h>
  13. #include <openssl/ssl.h>
  14. #include <openssl/provider.h>
  15. #include "helpers/handshake.h"
  16. #include "helpers/ssl_test_ctx.h"
  17. #include "testutil.h"
  18. static CONF *conf = NULL;
  19. static OSSL_PROVIDER *defctxnull = NULL, *thisprov = NULL;
  20. static OSSL_LIB_CTX *libctx = NULL;
  21. /* Currently the section names are of the form test-<number>, e.g. test-15. */
  22. #define MAX_TESTCASE_NAME_LENGTH 100
  23. static const char *print_alert(int alert)
  24. {
  25. return alert ? SSL_alert_desc_string_long(alert) : "no alert";
  26. }
  27. static int check_result(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
  28. {
  29. if (!TEST_int_eq(result->result, test_ctx->expected_result)) {
  30. TEST_info("ExpectedResult mismatch: expected %s, got %s.",
  31. ssl_test_result_name(test_ctx->expected_result),
  32. ssl_test_result_name(result->result));
  33. return 0;
  34. }
  35. return 1;
  36. }
  37. static int check_alerts(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
  38. {
  39. if (!TEST_int_eq(result->client_alert_sent,
  40. result->client_alert_received)) {
  41. TEST_info("Client sent alert %s but server received %s.",
  42. print_alert(result->client_alert_sent),
  43. print_alert(result->client_alert_received));
  44. /*
  45. * We can't bail here because the peer doesn't always get far enough
  46. * to process a received alert. Specifically, in protocol version
  47. * negotiation tests, we have the following scenario.
  48. * Client supports TLS v1.2 only; Server supports TLS v1.1.
  49. * Client proposes TLS v1.2; server responds with 1.1;
  50. * Client now sends a protocol alert, using TLS v1.2 in the header.
  51. * The server, however, rejects the alert because of version mismatch
  52. * in the record layer; therefore, the server appears to never
  53. * receive the alert.
  54. */
  55. /* return 0; */
  56. }
  57. if (!TEST_int_eq(result->server_alert_sent,
  58. result->server_alert_received)) {
  59. TEST_info("Server sent alert %s but client received %s.",
  60. print_alert(result->server_alert_sent),
  61. print_alert(result->server_alert_received));
  62. /* return 0; */
  63. }
  64. /* Tolerate an alert if one wasn't explicitly specified in the test. */
  65. if (test_ctx->expected_client_alert
  66. /*
  67. * The info callback alert value is computed as
  68. * (s->s3->send_alert[0] << 8) | s->s3->send_alert[1]
  69. * where the low byte is the alert code and the high byte is other stuff.
  70. */
  71. && (result->client_alert_sent & 0xff) != test_ctx->expected_client_alert) {
  72. TEST_error("ClientAlert mismatch: expected %s, got %s.",
  73. print_alert(test_ctx->expected_client_alert),
  74. print_alert(result->client_alert_sent));
  75. return 0;
  76. }
  77. if (test_ctx->expected_server_alert
  78. && (result->server_alert_sent & 0xff) != test_ctx->expected_server_alert) {
  79. TEST_error("ServerAlert mismatch: expected %s, got %s.",
  80. print_alert(test_ctx->expected_server_alert),
  81. print_alert(result->server_alert_sent));
  82. return 0;
  83. }
  84. if (!TEST_int_le(result->client_num_fatal_alerts_sent, 1))
  85. return 0;
  86. if (!TEST_int_le(result->server_num_fatal_alerts_sent, 1))
  87. return 0;
  88. return 1;
  89. }
  90. static int check_protocol(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
  91. {
  92. if (!TEST_int_eq(result->client_protocol, result->server_protocol)) {
  93. TEST_info("Client has protocol %s but server has %s.",
  94. ssl_protocol_name(result->client_protocol),
  95. ssl_protocol_name(result->server_protocol));
  96. return 0;
  97. }
  98. if (test_ctx->expected_protocol) {
  99. if (!TEST_int_eq(result->client_protocol,
  100. test_ctx->expected_protocol)) {
  101. TEST_info("Protocol mismatch: expected %s, got %s.\n",
  102. ssl_protocol_name(test_ctx->expected_protocol),
  103. ssl_protocol_name(result->client_protocol));
  104. return 0;
  105. }
  106. }
  107. return 1;
  108. }
  109. static int check_servername(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
  110. {
  111. if (!TEST_int_eq(result->servername, test_ctx->expected_servername)) {
  112. TEST_info("Client ServerName mismatch, expected %s, got %s.",
  113. ssl_servername_name(test_ctx->expected_servername),
  114. ssl_servername_name(result->servername));
  115. return 0;
  116. }
  117. return 1;
  118. }
  119. static int check_session_ticket(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
  120. {
  121. if (test_ctx->session_ticket_expected == SSL_TEST_SESSION_TICKET_IGNORE)
  122. return 1;
  123. if (!TEST_int_eq(result->session_ticket,
  124. test_ctx->session_ticket_expected)) {
  125. TEST_info("Client SessionTicketExpected mismatch, expected %s, got %s.",
  126. ssl_session_ticket_name(test_ctx->session_ticket_expected),
  127. ssl_session_ticket_name(result->session_ticket));
  128. return 0;
  129. }
  130. return 1;
  131. }
  132. static int check_session_id(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
  133. {
  134. if (test_ctx->session_id_expected == SSL_TEST_SESSION_ID_IGNORE)
  135. return 1;
  136. if (!TEST_int_eq(result->session_id, test_ctx->session_id_expected)) {
  137. TEST_info("Client SessionIdExpected mismatch, expected %s, got %s\n.",
  138. ssl_session_id_name(test_ctx->session_id_expected),
  139. ssl_session_id_name(result->session_id));
  140. return 0;
  141. }
  142. return 1;
  143. }
  144. static int check_compression(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
  145. {
  146. if (!TEST_int_eq(result->compression, test_ctx->compression_expected))
  147. return 0;
  148. return 1;
  149. }
  150. #ifndef OPENSSL_NO_NEXTPROTONEG
  151. static int check_npn(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
  152. {
  153. int ret = 1;
  154. if (!TEST_str_eq(result->client_npn_negotiated,
  155. result->server_npn_negotiated))
  156. ret = 0;
  157. if (!TEST_str_eq(test_ctx->expected_npn_protocol,
  158. result->client_npn_negotiated))
  159. ret = 0;
  160. return ret;
  161. }
  162. #endif
  163. static int check_alpn(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
  164. {
  165. int ret = 1;
  166. if (!TEST_str_eq(result->client_alpn_negotiated,
  167. result->server_alpn_negotiated))
  168. ret = 0;
  169. if (!TEST_str_eq(test_ctx->expected_alpn_protocol,
  170. result->client_alpn_negotiated))
  171. ret = 0;
  172. return ret;
  173. }
  174. static int check_session_ticket_app_data(HANDSHAKE_RESULT *result,
  175. SSL_TEST_CTX *test_ctx)
  176. {
  177. size_t result_len = 0;
  178. size_t expected_len = 0;
  179. /* consider empty and NULL strings to be the same */
  180. if (result->result_session_ticket_app_data != NULL)
  181. result_len = strlen(result->result_session_ticket_app_data);
  182. if (test_ctx->expected_session_ticket_app_data != NULL)
  183. expected_len = strlen(test_ctx->expected_session_ticket_app_data);
  184. if (result_len == 0 && expected_len == 0)
  185. return 1;
  186. if (!TEST_str_eq(result->result_session_ticket_app_data,
  187. test_ctx->expected_session_ticket_app_data))
  188. return 0;
  189. return 1;
  190. }
  191. static int check_resumption(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
  192. {
  193. if (!TEST_int_eq(result->client_resumed, result->server_resumed))
  194. return 0;
  195. if (!TEST_int_eq(result->client_resumed, test_ctx->resumption_expected))
  196. return 0;
  197. return 1;
  198. }
  199. static int check_nid(const char *name, int expected_nid, int nid)
  200. {
  201. if (expected_nid == 0 || expected_nid == nid)
  202. return 1;
  203. TEST_error("%s type mismatch, %s vs %s\n",
  204. name, OBJ_nid2ln(expected_nid),
  205. nid == NID_undef ? "absent" : OBJ_nid2ln(nid));
  206. return 0;
  207. }
  208. static void print_ca_names(STACK_OF(X509_NAME) *names)
  209. {
  210. int i;
  211. if (names == NULL || sk_X509_NAME_num(names) == 0) {
  212. TEST_note(" <empty>");
  213. return;
  214. }
  215. for (i = 0; i < sk_X509_NAME_num(names); i++) {
  216. X509_NAME_print_ex(bio_err, sk_X509_NAME_value(names, i), 4,
  217. XN_FLAG_ONELINE);
  218. BIO_puts(bio_err, "\n");
  219. }
  220. }
  221. static int check_ca_names(const char *name,
  222. STACK_OF(X509_NAME) *expected_names,
  223. STACK_OF(X509_NAME) *names)
  224. {
  225. int i;
  226. if (expected_names == NULL)
  227. return 1;
  228. if (names == NULL || sk_X509_NAME_num(names) == 0) {
  229. if (TEST_int_eq(sk_X509_NAME_num(expected_names), 0))
  230. return 1;
  231. goto err;
  232. }
  233. if (sk_X509_NAME_num(names) != sk_X509_NAME_num(expected_names))
  234. goto err;
  235. for (i = 0; i < sk_X509_NAME_num(names); i++) {
  236. if (!TEST_int_eq(X509_NAME_cmp(sk_X509_NAME_value(names, i),
  237. sk_X509_NAME_value(expected_names, i)),
  238. 0)) {
  239. goto err;
  240. }
  241. }
  242. return 1;
  243. err:
  244. TEST_info("%s: list mismatch", name);
  245. TEST_note("Expected Names:");
  246. print_ca_names(expected_names);
  247. TEST_note("Received Names:");
  248. print_ca_names(names);
  249. return 0;
  250. }
  251. static int check_tmp_key(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
  252. {
  253. return check_nid("Tmp key", test_ctx->expected_tmp_key_type,
  254. result->tmp_key_type);
  255. }
  256. static int check_server_cert_type(HANDSHAKE_RESULT *result,
  257. SSL_TEST_CTX *test_ctx)
  258. {
  259. return check_nid("Server certificate", test_ctx->expected_server_cert_type,
  260. result->server_cert_type);
  261. }
  262. static int check_server_sign_hash(HANDSHAKE_RESULT *result,
  263. SSL_TEST_CTX *test_ctx)
  264. {
  265. return check_nid("Server signing hash", test_ctx->expected_server_sign_hash,
  266. result->server_sign_hash);
  267. }
  268. static int check_server_sign_type(HANDSHAKE_RESULT *result,
  269. SSL_TEST_CTX *test_ctx)
  270. {
  271. return check_nid("Server signing", test_ctx->expected_server_sign_type,
  272. result->server_sign_type);
  273. }
  274. static int check_server_ca_names(HANDSHAKE_RESULT *result,
  275. SSL_TEST_CTX *test_ctx)
  276. {
  277. return check_ca_names("Server CA names",
  278. test_ctx->expected_server_ca_names,
  279. result->server_ca_names);
  280. }
  281. static int check_client_cert_type(HANDSHAKE_RESULT *result,
  282. SSL_TEST_CTX *test_ctx)
  283. {
  284. return check_nid("Client certificate", test_ctx->expected_client_cert_type,
  285. result->client_cert_type);
  286. }
  287. static int check_client_sign_hash(HANDSHAKE_RESULT *result,
  288. SSL_TEST_CTX *test_ctx)
  289. {
  290. return check_nid("Client signing hash", test_ctx->expected_client_sign_hash,
  291. result->client_sign_hash);
  292. }
  293. static int check_client_sign_type(HANDSHAKE_RESULT *result,
  294. SSL_TEST_CTX *test_ctx)
  295. {
  296. return check_nid("Client signing", test_ctx->expected_client_sign_type,
  297. result->client_sign_type);
  298. }
  299. static int check_client_ca_names(HANDSHAKE_RESULT *result,
  300. SSL_TEST_CTX *test_ctx)
  301. {
  302. return check_ca_names("Client CA names",
  303. test_ctx->expected_client_ca_names,
  304. result->client_ca_names);
  305. }
  306. static int check_cipher(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
  307. {
  308. if (test_ctx->expected_cipher == NULL)
  309. return 1;
  310. if (!TEST_ptr(result->cipher))
  311. return 0;
  312. if (!TEST_str_eq(test_ctx->expected_cipher,
  313. result->cipher))
  314. return 0;
  315. return 1;
  316. }
  317. /*
  318. * This could be further simplified by constructing an expected
  319. * HANDSHAKE_RESULT, and implementing comparison methods for
  320. * its fields.
  321. */
  322. static int check_test(HANDSHAKE_RESULT *result, SSL_TEST_CTX *test_ctx)
  323. {
  324. int ret = 1;
  325. ret &= check_result(result, test_ctx);
  326. ret &= check_alerts(result, test_ctx);
  327. if (result->result == SSL_TEST_SUCCESS) {
  328. ret &= check_protocol(result, test_ctx);
  329. ret &= check_servername(result, test_ctx);
  330. ret &= check_session_ticket(result, test_ctx);
  331. ret &= check_compression(result, test_ctx);
  332. ret &= check_session_id(result, test_ctx);
  333. ret &= (result->session_ticket_do_not_call == 0);
  334. #ifndef OPENSSL_NO_NEXTPROTONEG
  335. ret &= check_npn(result, test_ctx);
  336. #endif
  337. ret &= check_cipher(result, test_ctx);
  338. ret &= check_alpn(result, test_ctx);
  339. ret &= check_session_ticket_app_data(result, test_ctx);
  340. ret &= check_resumption(result, test_ctx);
  341. ret &= check_tmp_key(result, test_ctx);
  342. ret &= check_server_cert_type(result, test_ctx);
  343. ret &= check_server_sign_hash(result, test_ctx);
  344. ret &= check_server_sign_type(result, test_ctx);
  345. ret &= check_server_ca_names(result, test_ctx);
  346. ret &= check_client_cert_type(result, test_ctx);
  347. ret &= check_client_sign_hash(result, test_ctx);
  348. ret &= check_client_sign_type(result, test_ctx);
  349. ret &= check_client_ca_names(result, test_ctx);
  350. }
  351. return ret;
  352. }
  353. static int test_handshake(int idx)
  354. {
  355. int ret = 0;
  356. SSL_CTX *server_ctx = NULL, *server2_ctx = NULL, *client_ctx = NULL,
  357. *resume_server_ctx = NULL, *resume_client_ctx = NULL;
  358. SSL_TEST_CTX *test_ctx = NULL;
  359. HANDSHAKE_RESULT *result = NULL;
  360. char test_app[MAX_TESTCASE_NAME_LENGTH];
  361. BIO_snprintf(test_app, sizeof(test_app), "test-%d", idx);
  362. test_ctx = SSL_TEST_CTX_create(conf, test_app, libctx);
  363. if (!TEST_ptr(test_ctx))
  364. goto err;
  365. /* Verify that the FIPS provider supports this test */
  366. if (test_ctx->fips_version != NULL
  367. && !fips_provider_version_match(libctx, test_ctx->fips_version)) {
  368. ret = TEST_skip("FIPS provider unable to run this test");
  369. goto err;
  370. }
  371. #ifndef OPENSSL_NO_DTLS
  372. if (test_ctx->method == SSL_TEST_METHOD_DTLS) {
  373. server_ctx = SSL_CTX_new_ex(libctx, NULL, DTLS_server_method());
  374. if (!TEST_true(SSL_CTX_set_options(server_ctx,
  375. SSL_OP_ALLOW_CLIENT_RENEGOTIATION))
  376. || !TEST_true(SSL_CTX_set_max_proto_version(server_ctx, 0)))
  377. goto err;
  378. if (test_ctx->extra.server.servername_callback !=
  379. SSL_TEST_SERVERNAME_CB_NONE) {
  380. if (!TEST_ptr(server2_ctx =
  381. SSL_CTX_new_ex(libctx, NULL, DTLS_server_method()))
  382. || !TEST_true(SSL_CTX_set_options(server2_ctx,
  383. SSL_OP_ALLOW_CLIENT_RENEGOTIATION)))
  384. goto err;
  385. }
  386. client_ctx = SSL_CTX_new_ex(libctx, NULL, DTLS_client_method());
  387. if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx, 0)))
  388. goto err;
  389. if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {
  390. resume_server_ctx = SSL_CTX_new_ex(libctx, NULL,
  391. DTLS_server_method());
  392. if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx, 0))
  393. || !TEST_true(SSL_CTX_set_options(resume_server_ctx,
  394. SSL_OP_ALLOW_CLIENT_RENEGOTIATION)))
  395. goto err;
  396. resume_client_ctx = SSL_CTX_new_ex(libctx, NULL,
  397. DTLS_client_method());
  398. if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx, 0)))
  399. goto err;
  400. if (!TEST_ptr(resume_server_ctx)
  401. || !TEST_ptr(resume_client_ctx))
  402. goto err;
  403. }
  404. }
  405. #endif
  406. if (test_ctx->method == SSL_TEST_METHOD_TLS) {
  407. #if !defined(OPENSSL_NO_TLS1_3) \
  408. && defined(OPENSSL_NO_EC) \
  409. && defined(OPENSSL_NO_DH)
  410. /* Without ec or dh there are no built-in groups for TLSv1.3 */
  411. int maxversion = TLS1_2_VERSION;
  412. #else
  413. int maxversion = 0;
  414. #endif
  415. server_ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method());
  416. if (!TEST_true(SSL_CTX_set_max_proto_version(server_ctx, maxversion))
  417. || !TEST_true(SSL_CTX_set_options(server_ctx,
  418. SSL_OP_ALLOW_CLIENT_RENEGOTIATION)))
  419. goto err;
  420. /* SNI on resumption isn't supported/tested yet. */
  421. if (test_ctx->extra.server.servername_callback !=
  422. SSL_TEST_SERVERNAME_CB_NONE) {
  423. if (!TEST_ptr(server2_ctx =
  424. SSL_CTX_new_ex(libctx, NULL, TLS_server_method()))
  425. || !TEST_true(SSL_CTX_set_options(server2_ctx,
  426. SSL_OP_ALLOW_CLIENT_RENEGOTIATION)))
  427. goto err;
  428. if (!TEST_true(SSL_CTX_set_max_proto_version(server2_ctx,
  429. maxversion)))
  430. goto err;
  431. }
  432. client_ctx = SSL_CTX_new_ex(libctx, NULL, TLS_client_method());
  433. if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx, maxversion)))
  434. goto err;
  435. if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {
  436. resume_server_ctx = SSL_CTX_new_ex(libctx, NULL,
  437. TLS_server_method());
  438. if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx,
  439. maxversion))
  440. || !TEST_true(SSL_CTX_set_options(resume_server_ctx,
  441. SSL_OP_ALLOW_CLIENT_RENEGOTIATION)))
  442. goto err;
  443. resume_client_ctx = SSL_CTX_new_ex(libctx, NULL,
  444. TLS_client_method());
  445. if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx,
  446. maxversion)))
  447. goto err;
  448. if (!TEST_ptr(resume_server_ctx)
  449. || !TEST_ptr(resume_client_ctx))
  450. goto err;
  451. }
  452. }
  453. #ifdef OPENSSL_NO_AUTOLOAD_CONFIG
  454. if (!TEST_true(OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL)))
  455. goto err;
  456. #endif
  457. if (!TEST_ptr(server_ctx)
  458. || !TEST_ptr(client_ctx)
  459. || !TEST_int_gt(CONF_modules_load(conf, test_app, 0), 0))
  460. goto err;
  461. if (!SSL_CTX_config(server_ctx, "server")
  462. || !SSL_CTX_config(client_ctx, "client")) {
  463. goto err;
  464. }
  465. if (server2_ctx != NULL && !SSL_CTX_config(server2_ctx, "server2"))
  466. goto err;
  467. if (resume_server_ctx != NULL
  468. && !SSL_CTX_config(resume_server_ctx, "resume-server"))
  469. goto err;
  470. if (resume_client_ctx != NULL
  471. && !SSL_CTX_config(resume_client_ctx, "resume-client"))
  472. goto err;
  473. result = do_handshake(server_ctx, server2_ctx, client_ctx,
  474. resume_server_ctx, resume_client_ctx, test_ctx);
  475. if (result != NULL)
  476. ret = check_test(result, test_ctx);
  477. err:
  478. CONF_modules_unload(0);
  479. SSL_CTX_free(server_ctx);
  480. SSL_CTX_free(server2_ctx);
  481. SSL_CTX_free(client_ctx);
  482. SSL_CTX_free(resume_server_ctx);
  483. SSL_CTX_free(resume_client_ctx);
  484. SSL_TEST_CTX_free(test_ctx);
  485. HANDSHAKE_RESULT_free(result);
  486. return ret;
  487. }
  488. #define USAGE "conf_file module_name [module_conf_file]\n"
  489. OPT_TEST_DECLARE_USAGE(USAGE)
  490. int setup_tests(void)
  491. {
  492. long num_tests;
  493. if (!test_skip_common_options()) {
  494. TEST_error("Error parsing test options\n");
  495. return 0;
  496. }
  497. if (!TEST_ptr(conf = NCONF_new(NULL))
  498. /* argv[1] should point to the test conf file */
  499. || !TEST_int_gt(NCONF_load(conf, test_get_argument(0), NULL), 0)
  500. || !TEST_int_ne(NCONF_get_number_e(conf, NULL, "num_tests",
  501. &num_tests), 0)) {
  502. TEST_error("usage: ssl_test %s", USAGE);
  503. return 0;
  504. }
  505. if (!test_arg_libctx(&libctx, &defctxnull, &thisprov, 1, USAGE))
  506. return 0;
  507. ADD_ALL_TESTS(test_handshake, (int)num_tests);
  508. return 1;
  509. }
  510. void cleanup_tests(void)
  511. {
  512. NCONF_free(conf);
  513. OSSL_PROVIDER_unload(defctxnull);
  514. OSSL_PROVIDER_unload(thisprov);
  515. OSSL_LIB_CTX_free(libctx);
  516. }