2 * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
13 #include <openssl/opensslconf.h>
14 #include <openssl/quic.h>
15 #include <openssl/rand.h>
17 #include "helpers/ssltestlib.h"
18 #include "helpers/quictestlib.h"
20 #include "testutil/output.h"
21 #include "../ssl/ssl_local.h"
22 #include "internal/quic_error.h"
24 static OSSL_LIB_CTX *libctx = NULL;
25 static OSSL_PROVIDER *defctxnull = NULL;
26 static char *certsdir = NULL;
27 static char *cert = NULL;
28 static char *ccert = NULL;
29 static char *cauthca = NULL;
30 static char *privkey = NULL;
31 static char *cprivkey = NULL;
32 static char *datadir = NULL;
34 static int is_fips = 0;
36 /* The ssltrace test assumes some options are switched on/off */
37 #if !defined(OPENSSL_NO_SSL_TRACE) \
38 && defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) \
39 && !defined(OPENSSL_NO_ECX) && !defined(OPENSSL_NO_DH)
40 # define DO_SSL_TRACE_TEST
44 * Test that we read what we've written.
45 * Test 0: Non-blocking
47 * Test 2: Blocking, introduce socket error, test error handling.
49 static int test_quic_write_read(int idx)
51 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
53 SSL *clientquic = NULL;
54 QUIC_TSERVER *qtserv = NULL;
56 unsigned char buf[20], scratch[64];
57 static char *msg = "A test message";
58 size_t msglen = strlen(msg);
60 int ssock = 0, csock = 0;
61 uint64_t sid = UINT64_MAX;
62 SSL_SESSION *sess = NULL;
64 if (idx >= 1 && !qtest_supports_blocking())
65 return TEST_skip("Blocking tests not supported in this build");
67 for (k = 0; k < 2; k++) {
69 || !TEST_true(qtest_create_quic_objects(libctx, cctx, sctx,
76 || !TEST_true(SSL_set_tlsext_host_name(clientquic, "localhost")))
79 if (sess != NULL && !TEST_true(SSL_set_session(clientquic, sess)))
82 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
86 if (!TEST_true(BIO_get_fd(ossl_quic_tserver_get0_rbio(qtserv),
89 if (!TEST_int_gt(csock = SSL_get_rfd(clientquic), 0))
93 sid = 0; /* client-initiated bidirectional stream */
95 for (j = 0; j < 2; j++) {
96 /* Check that sending and receiving app data is ok */
97 if (!TEST_true(SSL_write_ex(clientquic, msg, msglen, &numbytes))
98 || !TEST_size_t_eq(numbytes, msglen))
102 if (!TEST_true(wait_until_sock_readable(ssock)))
105 ossl_quic_tserver_tick(qtserv);
107 if (!TEST_true(ossl_quic_tserver_read(qtserv, sid, buf,
111 } while (numbytes == 0);
113 if (!TEST_mem_eq(buf, numbytes, msg, msglen))
117 if (idx >= 2 && j > 0)
118 /* Introduce permanent socket error */
119 BIO_closesocket(csock);
121 ossl_quic_tserver_tick(qtserv);
122 if (!TEST_true(ossl_quic_tserver_write(qtserv, sid,
123 (unsigned char *)msg,
126 ossl_quic_tserver_tick(qtserv);
127 SSL_handle_events(clientquic);
129 if (idx >= 2 && j > 0) {
130 if (!TEST_false(SSL_read_ex(clientquic, buf, 1, &numbytes))
131 || !TEST_int_eq(SSL_get_error(clientquic, 0),
133 || !TEST_false(SSL_write_ex(clientquic, msg, msglen,
135 || !TEST_int_eq(SSL_get_error(clientquic, 0),
142 * In blocking mode the SSL_read_ex call will block until the socket
143 * is readable and has our data. In non-blocking mode we're doing
144 * everything in memory, so it should be immediately available
146 if (!TEST_true(SSL_read_ex(clientquic, buf, 1, &numbytes))
147 || !TEST_size_t_eq(numbytes, 1)
148 || !TEST_true(SSL_has_pending(clientquic))
149 || !TEST_int_eq(SSL_pending(clientquic), msglen - 1)
150 || !TEST_true(SSL_read_ex(clientquic, buf + 1,
151 sizeof(buf) - 1, &numbytes))
152 || !TEST_mem_eq(buf, numbytes + 1, msg, msglen))
156 /* Test that exporters work. */
157 if (!TEST_true(SSL_export_keying_material(clientquic, scratch,
158 sizeof(scratch), "test", 4, (unsigned char *)"ctx", 3,
163 /* We didn't supply a session so we're not expecting resumption */
164 if (!TEST_false(SSL_session_reused(clientquic)))
166 /* We should have a session ticket by now */
167 sess = SSL_get1_session(clientquic);
171 /* We supplied a session so we should have resumed */
172 if (!TEST_true(SSL_session_reused(clientquic)))
176 if (!TEST_true(qtest_shutdown(qtserv, clientquic)))
180 sctx = ossl_quic_tserver_get0_ssl_ctx(qtserv);
181 if (!TEST_true(SSL_CTX_up_ref(sctx))) {
186 ossl_quic_tserver_free(qtserv);
188 SSL_free(clientquic);
198 SSL_SESSION_free(sess);
199 ossl_quic_tserver_free(qtserv);
200 SSL_free(clientquic);
208 * Test that sending FIN with no data to a client blocking in SSL_read_ex() will
209 * wake up the client.
211 static int test_fin_only_blocking(void)
213 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
214 SSL_CTX *sctx = NULL;
215 SSL *clientquic = NULL;
216 QUIC_TSERVER *qtserv = NULL;
217 const char *msg = "Hello World";
220 unsigned char buf[32];
222 OSSL_TIME timer, timediff;
224 if (!qtest_supports_blocking())
225 return TEST_skip("Blocking tests not supported in this build");
228 || !TEST_true(qtest_create_quic_objects(libctx, cctx, sctx,
231 &qtserv, &clientquic,
233 || !TEST_true(SSL_set_tlsext_host_name(clientquic, "localhost")))
236 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
239 if (!TEST_true(ossl_quic_tserver_stream_new(qtserv, 0, &sid))
240 || !TEST_true(ossl_quic_tserver_write(qtserv, sid,
241 (unsigned char *)msg,
242 strlen(msg), &numbytes))
243 || !TEST_size_t_eq(strlen(msg), numbytes))
246 ossl_quic_tserver_tick(qtserv);
248 if (!TEST_true(SSL_read_ex(clientquic, buf, sizeof(buf), &numbytes))
249 || !TEST_mem_eq(msg, strlen(msg), buf, numbytes))
254 if (!TEST_true(ossl_quic_tserver_conclude(qtserv, sid)))
257 timer = ossl_time_now();
258 if (!TEST_false(SSL_read_ex(clientquic, buf, sizeof(buf), &numbytes)))
260 timediff = ossl_time_subtract(ossl_time_now(), timer);
262 if (!TEST_int_eq(SSL_get_error(clientquic, 0), SSL_ERROR_ZERO_RETURN)
264 * We expect the SSL_read_ex to not have blocked so this should
265 * be very fast. 20ms should be plenty.
267 || !TEST_uint64_t_le(ossl_time2ms(timediff), 20))
270 if (!TEST_true(qtest_shutdown(qtserv, clientquic)))
276 ossl_quic_tserver_free(qtserv);
277 SSL_free(clientquic);
284 /* Test that a vanilla QUIC SSL object has the expected ciphersuites available */
285 static int test_ciphersuites(void)
287 SSL_CTX *ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
290 const STACK_OF(SSL_CIPHER) *ciphers = NULL;
291 const SSL_CIPHER *cipher;
292 /* We expect this exact list of ciphersuites by default */
294 TLS1_3_CK_AES_256_GCM_SHA384,
295 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
296 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
298 TLS1_3_CK_AES_128_GCM_SHA256
309 ciphers = SSL_get_ciphers(ssl);
311 for (i = 0, j = 0; i < OSSL_NELEM(cipherids); i++) {
312 if (cipherids[i] == TLS1_3_CK_CHACHA20_POLY1305_SHA256 && is_fips)
314 cipher = sk_SSL_CIPHER_value(ciphers, j++);
315 if (!TEST_ptr(cipher))
317 if (!TEST_uint_eq(SSL_CIPHER_get_id(cipher), cipherids[i]))
321 /* We should have checked all the ciphers in the stack */
322 if (!TEST_int_eq(sk_SSL_CIPHER_num(ciphers), j))
333 static int test_cipher_find(void)
335 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
336 SSL *clientquic = NULL;
338 const unsigned char *cipherbytes;
341 { TLS13_AES_128_GCM_SHA256_BYTES, 1 },
342 { TLS13_AES_256_GCM_SHA384_BYTES, 1 },
343 { TLS13_CHACHA20_POLY1305_SHA256_BYTES, 1 },
344 { TLS13_AES_128_CCM_SHA256_BYTES, 0 },
345 { TLS13_AES_128_CCM_8_SHA256_BYTES, 0 }
353 clientquic = SSL_new(cctx);
354 if (!TEST_ptr(clientquic))
357 for (i = 0; i < OSSL_NELEM(testciphers); i++)
358 if (testciphers[i].ok) {
359 if (!TEST_ptr(SSL_CIPHER_find(clientquic,
360 testciphers[i].cipherbytes)))
363 if (!TEST_ptr_null(SSL_CIPHER_find(clientquic,
364 testciphers[i].cipherbytes)))
370 SSL_free(clientquic);
377 * Test that SSL_version, SSL_get_version, SSL_is_quic, SSL_is_tls and
378 * SSL_is_dtls return the expected results for a QUIC connection. Compare with
379 * test_version() in sslapitest.c which does the same thing for TLS/DTLS
382 static int test_version(void)
384 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
385 SSL *clientquic = NULL;
386 QUIC_TSERVER *qtserv = NULL;
390 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
392 &clientquic, NULL, NULL))
393 || !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
396 if (!TEST_int_eq(SSL_version(clientquic), OSSL_QUIC1_VERSION)
397 || !TEST_str_eq(SSL_get_version(clientquic), "QUICv1"))
400 if (!TEST_true(SSL_is_quic(clientquic))
401 || !TEST_false(SSL_is_tls(clientquic))
402 || !TEST_false(SSL_is_dtls(clientquic)))
408 ossl_quic_tserver_free(qtserv);
409 SSL_free(clientquic);
415 #if defined(DO_SSL_TRACE_TEST)
416 static void strip_line_ends(char *str)
420 for (i = strlen(str);
421 i > 0 && (str[i - 1] == '\n' || str[i - 1] == '\r');
427 static int compare_with_file(BIO *membio)
429 BIO *file = NULL, *newfile = NULL;
430 char buf1[512], buf2[512];
435 #ifdef OPENSSL_NO_ZLIB
436 reffile = test_mk_file_path(datadir, "ssltraceref.txt");
438 reffile = test_mk_file_path(datadir, "ssltraceref-zlib.txt");
440 if (!TEST_ptr(reffile))
443 file = BIO_new_file(reffile, "rb");
447 newfile = BIO_new_file("ssltraceref-new.txt", "wb");
448 if (!TEST_ptr(newfile))
451 while (BIO_gets(membio, buf2, sizeof(buf2)) > 0)
452 if (BIO_puts(newfile, buf2) <= 0) {
453 TEST_error("Failed writing new file data");
457 if (!TEST_int_ge(BIO_seek(membio, 0), 0))
460 while (BIO_gets(file, buf1, sizeof(buf1)) > 0) {
461 if (BIO_gets(membio, buf2, sizeof(buf2)) <= 0) {
462 TEST_error("Failed reading mem data");
465 strip_line_ends(buf1);
466 strip_line_ends(buf2);
467 if (strlen(buf1) != strlen(buf2)) {
468 TEST_error("Actual and ref line data length mismatch");
469 TEST_info("%s", buf1);
470 TEST_info("%s", buf2);
473 for (i = 0; i < strlen(buf1); i++) {
474 /* '?' is a wild card character in the reference text */
478 if (!TEST_str_eq(buf1, buf2))
481 if (!TEST_true(BIO_eof(file))
482 || !TEST_true(BIO_eof(membio)))
487 OPENSSL_free(reffile);
494 * Tests that the SSL_trace() msg_callback works as expected with a QUIC
495 * connection. This also provides testing of the msg_callback at the same time.
497 static int test_ssl_trace(void)
499 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
500 SSL *clientquic = NULL;
501 QUIC_TSERVER *qtserv = NULL;
503 BIO *bio = BIO_new(BIO_s_mem());
506 * Ensure we only configure ciphersuites that are available with both the
507 * default and fips providers to get the same output in both cases
509 if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_128_GCM_SHA256")))
514 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
516 QTEST_FLAG_FAKE_TIME,
518 &clientquic, NULL, NULL)))
521 SSL_set_msg_callback(clientquic, SSL_trace);
522 SSL_set_msg_callback_arg(clientquic, bio);
524 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
527 if (!TEST_true(compare_with_file(bio)))
532 ossl_quic_tserver_free(qtserv);
533 SSL_free(clientquic);
541 static int ensure_valid_ciphers(const STACK_OF(SSL_CIPHER) *ciphers)
545 /* Ensure ciphersuite list is suitably subsetted. */
546 for (i = 0; i < (size_t)sk_SSL_CIPHER_num(ciphers); ++i) {
547 const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(ciphers, i);
548 switch (SSL_CIPHER_get_id(cipher)) {
549 case TLS1_3_CK_AES_128_GCM_SHA256:
550 case TLS1_3_CK_AES_256_GCM_SHA384:
551 case TLS1_3_CK_CHACHA20_POLY1305_SHA256:
554 TEST_error("forbidden cipher: %s", SSL_CIPHER_get_name(cipher));
563 * Test that handshake-layer APIs which shouldn't work don't work with QUIC.
565 static int test_quic_forbidden_apis_ctx(void)
570 if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
573 #ifndef OPENSSL_NO_SRTP
574 /* This function returns 0 on success and 1 on error, and should fail. */
575 if (!TEST_true(SSL_CTX_set_tlsext_use_srtp(ctx, "SRTP_AEAD_AES_128_GCM")))
580 * List of ciphersuites we do and don't allow in QUIC.
582 #define QUIC_CIPHERSUITES \
583 "TLS_AES_128_GCM_SHA256:" \
584 "TLS_AES_256_GCM_SHA384:" \
585 "TLS_CHACHA20_POLY1305_SHA256"
587 #define NON_QUIC_CIPHERSUITES \
588 "TLS_AES_128_CCM_SHA256:" \
589 "TLS_AES_256_CCM_SHA384:" \
590 "TLS_AES_128_CCM_8_SHA256"
592 /* Set TLSv1.3 ciphersuite list for the SSL_CTX. */
593 if (!TEST_true(SSL_CTX_set_ciphersuites(ctx,
594 QUIC_CIPHERSUITES ":"
595 NON_QUIC_CIPHERSUITES)))
599 * Forbidden ciphersuites should show up in SSL_CTX accessors, they are only
600 * filtered in SSL_get1_supported_ciphers, so we don't check for
601 * non-inclusion here.
610 static int test_quic_forbidden_apis(void)
615 STACK_OF(SSL_CIPHER) *ciphers = NULL;
617 if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
620 if (!TEST_ptr(ssl = SSL_new(ctx)))
623 #ifndef OPENSSL_NO_SRTP
624 /* This function returns 0 on success and 1 on error, and should fail. */
625 if (!TEST_true(SSL_set_tlsext_use_srtp(ssl, "SRTP_AEAD_AES_128_GCM")))
629 /* Set TLSv1.3 ciphersuite list for the SSL_CTX. */
630 if (!TEST_true(SSL_set_ciphersuites(ssl,
631 QUIC_CIPHERSUITES ":"
632 NON_QUIC_CIPHERSUITES)))
635 /* Non-QUIC ciphersuites must not appear in supported ciphers list. */
636 if (!TEST_ptr(ciphers = SSL_get1_supported_ciphers(ssl))
637 || !TEST_true(ensure_valid_ciphers(ciphers)))
642 sk_SSL_CIPHER_free(ciphers);
648 static int test_quic_forbidden_options(void)
656 if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
659 /* QUIC options restrictions do not affect SSL_CTX */
660 SSL_CTX_set_options(ctx, UINT64_MAX);
662 if (!TEST_uint64_t_eq(SSL_CTX_get_options(ctx), UINT64_MAX))
665 /* Set options on CTX which should not be inherited (tested below). */
666 SSL_CTX_set_read_ahead(ctx, 1);
667 SSL_CTX_set_max_early_data(ctx, 1);
668 SSL_CTX_set_recv_max_early_data(ctx, 1);
669 SSL_CTX_set_quiet_shutdown(ctx, 1);
671 if (!TEST_ptr(ssl = SSL_new(ctx)))
674 /* Only permitted options get transferred to SSL object */
675 if (!TEST_uint64_t_eq(SSL_get_options(ssl), OSSL_QUIC_PERMITTED_OPTIONS))
678 /* Try again using SSL_set_options */
679 SSL_set_options(ssl, UINT64_MAX);
681 if (!TEST_uint64_t_eq(SSL_get_options(ssl), OSSL_QUIC_PERMITTED_OPTIONS))
684 /* Clear everything */
685 SSL_clear_options(ssl, UINT64_MAX);
687 if (!TEST_uint64_t_eq(SSL_get_options(ssl), 0))
691 if (!TEST_false(SSL_get_read_ahead(ssl)))
694 SSL_set_read_ahead(ssl, 1);
695 if (!TEST_false(SSL_get_read_ahead(ssl)))
699 if (!TEST_true(SSL_set_block_padding(ssl, 0))
700 || !TEST_true(SSL_set_block_padding(ssl, 1))
701 || !TEST_false(SSL_set_block_padding(ssl, 2)))
704 /* Max fragment length */
705 if (!TEST_true(SSL_set_tlsext_max_fragment_length(ssl, TLSEXT_max_fragment_length_DISABLED))
706 || !TEST_false(SSL_set_tlsext_max_fragment_length(ssl, TLSEXT_max_fragment_length_512)))
710 if (!TEST_false(SSL_set_recv_max_early_data(ssl, 1))
711 || !TEST_false(SSL_set_max_early_data(ssl, 1)))
715 if (!TEST_false(SSL_read_early_data(ssl, buf, sizeof(buf), &len))
716 || !TEST_false(SSL_write_early_data(ssl, buf, sizeof(buf), &len)))
719 /* Buffer Management */
720 if (!TEST_true(SSL_alloc_buffers(ssl))
721 || !TEST_false(SSL_free_buffers(ssl)))
725 if (!TEST_false(SSL_set_max_send_fragment(ssl, 2))
726 || !TEST_false(SSL_set_split_send_fragment(ssl, 2))
727 || !TEST_false(SSL_set_max_pipelines(ssl, 2)))
731 if (!TEST_false(SSL_stateless(ssl)))
735 if (!TEST_false(SSL_get_quiet_shutdown(ssl)))
739 if (!TEST_ptr_null(SSL_dup(ssl)))
743 if (!TEST_false(SSL_clear(ssl)))
753 static int test_quic_set_fd(int idx)
758 int fd = -1, resfd = -1;
761 if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
764 if (!TEST_ptr(ssl = SSL_new(ctx)))
767 if (!TEST_int_ge(fd = BIO_socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP, 0), 0))
771 if (!TEST_true(SSL_set_fd(ssl, fd)))
773 if (!TEST_ptr(bio = SSL_get_rbio(ssl)))
775 if (!TEST_ptr_eq(bio, SSL_get_wbio(ssl)))
777 } else if (idx == 1) {
778 if (!TEST_true(SSL_set_rfd(ssl, fd)))
780 if (!TEST_ptr(bio = SSL_get_rbio(ssl)))
782 if (!TEST_ptr_null(SSL_get_wbio(ssl)))
785 if (!TEST_true(SSL_set_wfd(ssl, fd)))
787 if (!TEST_ptr(bio = SSL_get_wbio(ssl)))
789 if (!TEST_ptr_null(SSL_get_rbio(ssl)))
793 if (!TEST_int_eq(BIO_method_type(bio), BIO_TYPE_DGRAM))
796 if (!TEST_true(BIO_get_fd(bio, &resfd))
797 || !TEST_int_eq(resfd, fd))
809 #define MAXLOOPS 1000
811 static int test_bio_ssl(void)
814 * We just use OSSL_QUIC_client_method() rather than
815 * OSSL_QUIC_client_thread_method(). We will never leave the connection idle
816 * so we will always be implicitly handling time events anyway via other
819 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
820 SSL *clientquic = NULL, *stream = NULL;
821 QUIC_TSERVER *qtserv = NULL;
823 BIO *cbio = NULL, *strbio = NULL, *thisbio;
824 const char *msg = "Hello world";
825 int abortctr = 0, err, clienterr = 0, servererr = 0, retc = 0, rets = 0;
826 size_t written, readbytes, msglen;
828 unsigned char buf[80];
833 cbio = BIO_new_ssl(cctx, 1);
838 * We must configure the ALPN/peer address etc so we get the SSL object in
839 * order to pass it to qtest_create_quic_objects for configuration.
841 if (!TEST_int_eq(BIO_get_ssl(cbio, &clientquic), 1))
844 if (!TEST_true(qtest_create_quic_objects(libctx, NULL, NULL, cert, privkey,
845 0, &qtserv, &clientquic, NULL,
849 msglen = strlen(msg);
852 err = BIO_FLAGS_WRITE;
853 while (!clienterr && !retc && err == BIO_FLAGS_WRITE) {
854 retc = BIO_write_ex(cbio, msg, msglen, &written);
856 if (BIO_should_retry(cbio))
857 err = BIO_retry_type(cbio);
863 if (!clienterr && retc <= 0 && err != BIO_FLAGS_READ) {
864 TEST_info("BIO_write_ex() failed %d, %d", retc, err);
865 TEST_openssl_errors();
869 if (!servererr && rets <= 0) {
870 ossl_quic_tserver_tick(qtserv);
871 servererr = ossl_quic_tserver_is_term_any(qtserv);
873 rets = ossl_quic_tserver_is_handshake_confirmed(qtserv);
876 if (clienterr && servererr)
879 if (++abortctr == MAXLOOPS) {
880 TEST_info("No progress made");
883 } while ((!retc && !clienterr) || (rets <= 0 && !servererr));
886 * 2 loops: The first using the default stream, and the second using a new
887 * client initiated bidi stream.
889 for (i = 0, thisbio = cbio; i < 2; i++) {
890 if (!TEST_true(ossl_quic_tserver_read(qtserv, sid, buf, sizeof(buf),
892 || !TEST_mem_eq(msg, msglen, buf, readbytes))
895 if (!TEST_true(ossl_quic_tserver_write(qtserv, sid, (unsigned char *)msg,
898 ossl_quic_tserver_tick(qtserv);
900 if (!TEST_true(BIO_read_ex(thisbio, buf, sizeof(buf), &readbytes))
901 || !TEST_mem_eq(msg, msglen, buf, readbytes))
907 if (!TEST_true(SSL_set_mode(clientquic, 0)))
911 * Now create a new stream and repeat. The bottom two bits of the stream
912 * id represents whether the stream is bidi and whether it is client
913 * initiated or not. For client initiated bidi they are both 0. So the
914 * first client initiated bidi stream is 0 and the next one is 4.
917 stream = SSL_new_stream(clientquic, 0);
918 if (!TEST_ptr(stream))
921 if (!TEST_true(SSL_set_mode(stream, 0)))
924 thisbio = strbio = BIO_new(BIO_f_ssl());
925 if (!TEST_ptr(strbio))
928 if (!TEST_int_eq(BIO_set_ssl(thisbio, stream, BIO_CLOSE), 1))
932 if (!TEST_true(BIO_write_ex(thisbio, msg, msglen, &written)))
935 ossl_quic_tserver_tick(qtserv);
941 BIO_free_all(strbio);
943 ossl_quic_tserver_free(qtserv);
949 #define BACK_PRESSURE_NUM_LOOPS 10000
951 * Test that sending data from the client to the server faster than the server
952 * can process it eventually results in back pressure on the client.
954 static int test_back_pressure(void)
956 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
957 SSL *clientquic = NULL;
958 QUIC_TSERVER *qtserv = NULL;
960 unsigned char *msg = NULL;
961 const size_t msglen = 1024;
962 unsigned char buf[64];
963 size_t readbytes, written;
967 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
969 &clientquic, NULL, NULL))
970 || !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
973 msg = OPENSSL_malloc(msglen);
976 if (!TEST_int_eq(RAND_bytes_ex(libctx, msg, msglen, 0), 1))
980 * Limit to 10000 loops. If we've not seen any back pressure after that
981 * we're going to run out of memory, so abort.
983 for (i = 0; i < BACK_PRESSURE_NUM_LOOPS; i++) {
984 /* Send data from the client */
985 if (!SSL_write_ex(clientquic, msg, msglen, &written)) {
986 /* Check if we are seeing back pressure */
987 if (SSL_get_error(clientquic, 0) == SSL_ERROR_WANT_WRITE)
989 TEST_error("Unexpected client failure");
993 /* Receive data at the server */
994 ossl_quic_tserver_tick(qtserv);
995 if (!TEST_true(ossl_quic_tserver_read(qtserv, 0, buf, sizeof(buf),
1000 if (i == BACK_PRESSURE_NUM_LOOPS) {
1001 TEST_error("No back pressure seen");
1007 SSL_free(clientquic);
1008 ossl_quic_tserver_free(qtserv);
1016 static int dgram_ctr = 0;
1018 static void dgram_cb(int write_p, int version, int content_type,
1019 const void *buf, size_t msglen, SSL *ssl, void *arg)
1024 if (content_type != SSL3_RT_QUIC_DATAGRAM)
1030 /* Test that we send multiple datagrams in one go when appropriate */
1031 static int test_multiple_dgrams(void)
1033 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1034 SSL *clientquic = NULL;
1035 QUIC_TSERVER *qtserv = NULL;
1038 const size_t buflen = 1400;
1041 buf = OPENSSL_zalloc(buflen);
1045 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
1046 privkey, 0, &qtserv,
1047 &clientquic, NULL, NULL))
1048 || !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1052 SSL_set_msg_callback(clientquic, dgram_cb);
1053 if (!TEST_true(SSL_write_ex(clientquic, buf, buflen, &written))
1054 || !TEST_size_t_eq(written, buflen)
1055 /* We wrote enough data for 2 datagrams */
1056 || !TEST_int_eq(dgram_ctr, 2))
1062 SSL_free(clientquic);
1063 ossl_quic_tserver_free(qtserv);
1069 static int non_io_retry_cert_verify_cb(X509_STORE_CTX *ctx, void *arg)
1071 int idx = SSL_get_ex_data_X509_STORE_CTX_idx();
1073 const int *allow = (int *)arg;
1075 /* this should not happen but check anyway */
1077 || (ssl = X509_STORE_CTX_get_ex_data(ctx, idx)) == NULL)
1080 /* If this is our first attempt then retry */
1082 return SSL_set_retry_verify(ssl);
1084 /* Otherwise do nothing - verification succeeds. Continue as normal */
1088 /* Test that we can handle a non-io related retry error
1089 * Test 0: Non-blocking
1092 static int test_non_io_retry(int idx)
1095 SSL *clientquic = NULL;
1096 QUIC_TSERVER *qtserv = NULL;
1098 int flags = 0, allow = 0;
1100 if (idx >= 1 && !qtest_supports_blocking())
1101 return TEST_skip("Blocking tests not supported in this build");
1103 cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1104 if (!TEST_ptr(cctx))
1107 SSL_CTX_set_cert_verify_callback(cctx, non_io_retry_cert_verify_cb, &allow);
1109 flags = (idx >= 1) ? QTEST_FLAG_BLOCK : 0;
1110 if (!TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert, privkey,
1111 flags, &qtserv, &clientquic, NULL,
1113 || !TEST_true(qtest_create_quic_connection_ex(qtserv, clientquic,
1114 SSL_ERROR_WANT_RETRY_VERIFY))
1115 || !TEST_int_eq(SSL_want(clientquic), SSL_RETRY_VERIFY))
1119 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1124 SSL_free(clientquic);
1125 ossl_quic_tserver_free(qtserv);
1131 static int use_session_cb_cnt = 0;
1132 static int find_session_cb_cnt = 0;
1133 static const char *pskid = "Identity";
1134 static SSL_SESSION *serverpsk = NULL, *clientpsk = NULL;
1136 static int use_session_cb(SSL *ssl, const EVP_MD *md, const unsigned char **id,
1137 size_t *idlen, SSL_SESSION **sess)
1139 use_session_cb_cnt++;
1141 if (clientpsk == NULL)
1144 SSL_SESSION_up_ref(clientpsk);
1147 *id = (const unsigned char *)pskid;
1148 *idlen = strlen(pskid);
1153 static int find_session_cb(SSL *ssl, const unsigned char *identity,
1154 size_t identity_len, SSL_SESSION **sess)
1156 find_session_cb_cnt++;
1158 if (serverpsk == NULL)
1161 /* Identity should match that set by the client */
1162 if (strlen(pskid) != identity_len
1163 || strncmp(pskid, (const char *)identity, identity_len) != 0)
1166 SSL_SESSION_up_ref(serverpsk);
1172 static int test_quic_psk(void)
1174 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1175 SSL *clientquic = NULL;
1176 QUIC_TSERVER *qtserv = NULL;
1180 /* No cert or private key for the server, i.e. PSK only */
1181 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, NULL,
1183 &clientquic, NULL, NULL)))
1186 SSL_set_psk_use_session_callback(clientquic, use_session_cb);
1187 ossl_quic_tserver_set_psk_find_session_cb(qtserv, find_session_cb);
1188 use_session_cb_cnt = 0;
1189 find_session_cb_cnt = 0;
1191 clientpsk = serverpsk = create_a_psk(clientquic, SHA384_DIGEST_LENGTH);
1192 if (!TEST_ptr(clientpsk))
1194 /* We already had one ref. Add another one */
1195 SSL_SESSION_up_ref(clientpsk);
1197 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic))
1198 || !TEST_int_eq(1, find_session_cb_cnt)
1199 || !TEST_int_eq(1, use_session_cb_cnt)
1200 /* Check that we actually used the PSK */
1201 || !TEST_true(SSL_session_reused(clientquic)))
1207 SSL_free(clientquic);
1208 ossl_quic_tserver_free(qtserv);
1210 SSL_SESSION_free(clientpsk);
1211 SSL_SESSION_free(serverpsk);
1212 clientpsk = serverpsk = NULL;
1217 static int test_client_auth(int idx)
1219 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1220 SSL_CTX *sctx = SSL_CTX_new_ex(libctx, NULL, TLS_method());
1221 SSL *clientquic = NULL;
1222 QUIC_TSERVER *qtserv = NULL;
1224 unsigned char buf[20];
1225 static char *msg = "A test message";
1226 size_t msglen = strlen(msg);
1227 size_t numbytes = 0;
1229 if (!TEST_ptr(cctx) || !TEST_ptr(sctx))
1232 SSL_CTX_set_verify(sctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT
1233 | SSL_VERIFY_CLIENT_ONCE, NULL);
1235 if (!TEST_true(SSL_CTX_load_verify_file(sctx, cauthca)))
1239 && (!TEST_true(SSL_CTX_use_certificate_chain_file(cctx, ccert))
1240 || !TEST_true(SSL_CTX_use_PrivateKey_file(cctx, cprivkey,
1241 SSL_FILETYPE_PEM))))
1244 if (!TEST_true(qtest_create_quic_objects(libctx, cctx, sctx, cert,
1245 privkey, 0, &qtserv,
1246 &clientquic, NULL, NULL)))
1250 if (!TEST_true(ssl_ctx_add_large_cert_chain(libctx, cctx, ccert))
1251 || !TEST_true(ssl_ctx_add_large_cert_chain(libctx, sctx, cert)))
1256 if (!TEST_false(qtest_create_quic_connection(qtserv, clientquic)))
1259 /* negative test passed */
1264 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1267 /* Check that sending and receiving app data is ok */
1268 if (!TEST_true(SSL_write_ex(clientquic, msg, msglen, &numbytes))
1269 || !TEST_size_t_eq(numbytes, msglen))
1272 ossl_quic_tserver_tick(qtserv);
1273 if (!TEST_true(ossl_quic_tserver_write(qtserv, 0,
1274 (unsigned char *)msg,
1275 msglen, &numbytes)))
1278 ossl_quic_tserver_tick(qtserv);
1279 SSL_handle_events(clientquic);
1281 if (!TEST_true(SSL_read_ex(clientquic, buf, sizeof(buf), &numbytes))
1282 || !TEST_size_t_eq(numbytes, msglen)
1283 || !TEST_mem_eq(buf, numbytes, msg, msglen))
1286 if (!TEST_true(qtest_shutdown(qtserv, clientquic)))
1292 SSL_free(clientquic);
1293 ossl_quic_tserver_free(qtserv);
1301 * Test that we correctly handle ALPN supplied by the application
1302 * Test 0: ALPN is provided
1303 * Test 1: No ALPN is provided
1305 static int test_alpn(int idx)
1307 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1308 SSL *clientquic = NULL;
1309 QUIC_TSERVER *qtserv = NULL;
1314 * Ensure we only configure ciphersuites that are available with both the
1315 * default and fips providers to get the same output in both cases
1317 if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_128_GCM_SHA256")))
1321 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
1323 QTEST_FLAG_FAKE_TIME,
1325 &clientquic, NULL, NULL)))
1330 * Clear the ALPN we set in qtest_create_quic_objects. We use TEST_false
1331 * because SSL_set_alpn_protos returns 0 for success.
1333 if (!TEST_false(SSL_set_alpn_protos(clientquic, NULL, 0)))
1337 ret = SSL_connect(clientquic);
1338 if (!TEST_int_le(ret, 0))
1341 /* We expect an immediate error due to lack of ALPN */
1342 if (!TEST_int_eq(SSL_get_error(clientquic, ret), SSL_ERROR_SSL))
1345 /* ALPN was provided so we expect the connection to succeed */
1346 if (!TEST_int_eq(SSL_get_error(clientquic, ret), SSL_ERROR_WANT_READ)
1347 || !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1353 ossl_quic_tserver_free(qtserv);
1354 SSL_free(clientquic);
1361 * Test SSL_get_shutdown() behavior.
1363 static int test_get_shutdown(void)
1365 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1366 SSL *clientquic = NULL;
1367 QUIC_TSERVER *qtserv = NULL;
1371 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
1373 QTEST_FLAG_FAKE_TIME,
1374 &qtserv, &clientquic,
1376 || !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1379 if (!TEST_int_eq(SSL_get_shutdown(clientquic), 0))
1382 if (!TEST_int_eq(SSL_shutdown(clientquic), 0))
1385 if (!TEST_int_eq(SSL_get_shutdown(clientquic), SSL_SENT_SHUTDOWN))
1389 ossl_quic_tserver_tick(qtserv);
1390 qtest_add_time(100);
1391 } while (SSL_shutdown(clientquic) == 0);
1393 if (!TEST_int_eq(SSL_get_shutdown(clientquic),
1394 SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN))
1399 ossl_quic_tserver_free(qtserv);
1400 SSL_free(clientquic);
1406 #define MAX_LOOPS 2000
1409 * Keep retrying SSL_read_ex until it succeeds or we give up. Accept a stream
1410 * if we don't already have one
1412 static int unreliable_client_read(SSL *clientquic, SSL **stream, void *buf,
1413 size_t buflen, size_t *readbytes,
1414 QUIC_TSERVER *qtserv)
1418 /* We just do this in a loop with a sleep for simplicity */
1419 for (abortctr = 0; abortctr < MAX_LOOPS; abortctr++) {
1420 if (*stream == NULL) {
1421 SSL_handle_events(clientquic);
1422 *stream = SSL_accept_stream(clientquic, 0);
1425 if (*stream != NULL) {
1426 if (SSL_read_ex(*stream, buf, buflen, readbytes))
1428 if (!TEST_int_eq(SSL_get_error(*stream, 0), SSL_ERROR_WANT_READ))
1431 ossl_quic_tserver_tick(qtserv);
1433 qtest_wait_for_timeout(clientquic, qtserv);
1436 TEST_error("No progress made");
1440 /* Keep retrying ossl_quic_tserver_read until it succeeds or we give up */
1441 static int unreliable_server_read(QUIC_TSERVER *qtserv, uint64_t sid,
1442 void *buf, size_t buflen, size_t *readbytes,
1447 /* We just do this in a loop with a sleep for simplicity */
1448 for (abortctr = 0; abortctr < MAX_LOOPS; abortctr++) {
1449 if (ossl_quic_tserver_read(qtserv, sid, buf, buflen, readbytes)
1452 ossl_quic_tserver_tick(qtserv);
1453 SSL_handle_events(clientquic);
1455 qtest_wait_for_timeout(clientquic, qtserv);
1458 TEST_error("No progress made");
1463 * Create a connection and send data using an unreliable transport. We introduce
1464 * random noise to drop, delay and duplicate datagrams.
1465 * Test 0: Introduce random noise to datagrams
1466 * Test 1: As with test 0 but also split datagrams containing multiple packets
1467 * into individual datagrams so that individual packets can be affected
1468 * by noise - not just a whole datagram.
1470 static int test_noisy_dgram(int idx)
1472 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1473 SSL *clientquic = NULL, *stream[2] = { NULL, NULL };
1474 QUIC_TSERVER *qtserv = NULL;
1477 char *msg = "Hello world!";
1478 size_t msglen = strlen(msg), written, readbytes, i, j;
1479 unsigned char buf[80];
1480 int flags = QTEST_FLAG_NOISE | QTEST_FLAG_FAKE_TIME;
1481 QTEST_FAULT *fault = NULL;
1484 flags |= QTEST_FLAG_PACKET_SPLIT;
1487 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
1490 &clientquic, &fault, NULL)))
1493 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1496 if (!TEST_true(SSL_set_incoming_stream_policy(clientquic,
1497 SSL_INCOMING_STREAM_POLICY_ACCEPT,
1499 || !TEST_true(SSL_set_default_stream_mode(clientquic,
1500 SSL_DEFAULT_STREAM_MODE_NONE)))
1503 for (j = 0; j < 2; j++) {
1504 if (!TEST_true(ossl_quic_tserver_stream_new(qtserv, 0, &sid)))
1506 ossl_quic_tserver_tick(qtserv);
1510 * Send data from the server to the client. Some datagrams may get
1511 * lost, modified, dropped or re-ordered. We repeat 20 times to ensure
1512 * we are sending enough datagrams for problems to be noticed.
1514 for (i = 0; i < 20; i++) {
1515 if (!TEST_true(ossl_quic_tserver_write(qtserv, sid,
1516 (unsigned char *)msg, msglen,
1518 || !TEST_size_t_eq(msglen, written))
1520 ossl_quic_tserver_tick(qtserv);
1524 * Since the underlying BIO is now noisy we may get failures that
1525 * need to be retried - so we use unreliable_client_read() to
1528 if (!TEST_true(unreliable_client_read(clientquic, &stream[j], buf,
1529 sizeof(buf), &readbytes,
1531 || !TEST_mem_eq(msg, msglen, buf, readbytes))
1535 /* Send data from the client to the server */
1536 for (i = 0; i < 20; i++) {
1537 if (!TEST_true(SSL_write_ex(stream[j], (unsigned char *)msg,
1539 || !TEST_size_t_eq(msglen, written))
1542 ossl_quic_tserver_tick(qtserv);
1546 * Since the underlying BIO is now noisy we may get failures that
1547 * need to be retried - so we use unreliable_server_read() to
1550 if (!TEST_true(unreliable_server_read(qtserv, sid, buf, sizeof(buf),
1551 &readbytes, clientquic))
1552 || !TEST_mem_eq(msg, msglen, buf, readbytes))
1559 ossl_quic_tserver_free(qtserv);
1560 SSL_free(stream[0]);
1561 SSL_free(stream[1]);
1562 SSL_free(clientquic);
1564 qtest_fault_free(fault);
1570 * Create a connection and send some big data using a transport with limited bandwidth.
1573 #define TEST_TRANSFER_DATA_SIZE (2*1024*1024) /* 2 MBytes */
1574 #define TEST_SINGLE_WRITE_SIZE (16*1024) /* 16 kBytes */
1575 #define TEST_BW_LIMIT 1000 /* 1000 Bytes/ms */
1576 static int test_bw_limit(void)
1578 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1579 SSL *clientquic = NULL;
1580 QUIC_TSERVER *qtserv = NULL;
1582 unsigned char *msg = NULL, *recvbuf = NULL;
1583 size_t sendlen = TEST_TRANSFER_DATA_SIZE;
1584 size_t recvlen = TEST_TRANSFER_DATA_SIZE;
1585 size_t written, readbytes;
1586 int flags = QTEST_FLAG_NOISE | QTEST_FLAG_FAKE_TIME;
1587 QTEST_FAULT *fault = NULL;
1591 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
1594 &clientquic, &fault, NULL)))
1597 if (!TEST_ptr(msg = OPENSSL_zalloc(TEST_SINGLE_WRITE_SIZE))
1598 || !TEST_ptr(recvbuf = OPENSSL_zalloc(TEST_SINGLE_WRITE_SIZE)))
1601 /* Set BW to 1000 Bytes/ms -> 1MByte/s both ways */
1602 if (!TEST_true(qtest_fault_set_bw_limit(fault, 1000, 1000, 0)))
1605 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1608 qtest_start_stopwatch();
1610 while (recvlen > 0) {
1614 if (!SSL_write_ex(clientquic, msg,
1615 sendlen > TEST_SINGLE_WRITE_SIZE ? TEST_SINGLE_WRITE_SIZE
1618 TEST_info("Retrying to send: %llu", (unsigned long long) sendlen);
1619 if (!TEST_int_eq(SSL_get_error(clientquic, 0), SSL_ERROR_WANT_WRITE))
1623 TEST_info("Remaining to send: %llu", (unsigned long long) sendlen);
1626 SSL_handle_events(clientquic);
1629 if (ossl_quic_tserver_read(qtserv, 0, recvbuf,
1630 recvlen > TEST_SINGLE_WRITE_SIZE ? TEST_SINGLE_WRITE_SIZE
1634 recvlen -= readbytes;
1635 TEST_info("Remaining to recv: %llu", (unsigned long long) recvlen);
1637 TEST_info("No progress on recv: %llu", (unsigned long long) recvlen);
1639 ossl_quic_tserver_tick(qtserv);
1641 real_bw = TEST_TRANSFER_DATA_SIZE / qtest_get_stopwatch_time();
1643 TEST_info("BW limit: %d Bytes/ms Real bandwidth reached: %llu Bytes/ms",
1644 TEST_BW_LIMIT, (unsigned long long)real_bw);
1646 if (!TEST_uint64_t_lt(real_bw, TEST_BW_LIMIT))
1652 OPENSSL_free(recvbuf);
1653 ossl_quic_tserver_free(qtserv);
1654 SSL_free(clientquic);
1656 qtest_fault_free(fault);
1665 TPARAM_OP_INJECT_TWICE,
1666 TPARAM_OP_INJECT_RAW,
1667 TPARAM_OP_DROP_INJECT,
1671 #define TPARAM_CHECK_DUP(name, reason) \
1672 { QUIC_TPARAM_##name, TPARAM_OP_DUP, (reason) },
1673 #define TPARAM_CHECK_DROP(name, reason) \
1674 { QUIC_TPARAM_##name, TPARAM_OP_DROP, (reason) },
1675 #define TPARAM_CHECK_INJECT(name, buf, buf_len, reason) \
1676 { QUIC_TPARAM_##name, TPARAM_OP_INJECT, (reason), \
1678 #define TPARAM_CHECK_INJECT_A(name, buf, reason) \
1679 TPARAM_CHECK_INJECT(name, buf, sizeof(buf), reason)
1680 #define TPARAM_CHECK_DROP_INJECT(name, buf, buf_len, reason) \
1681 { QUIC_TPARAM_##name, TPARAM_OP_DROP_INJECT, (reason), \
1683 #define TPARAM_CHECK_DROP_INJECT_A(name, buf, reason) \
1684 TPARAM_CHECK_DROP_INJECT(name, buf, sizeof(buf), reason)
1685 #define TPARAM_CHECK_INJECT_TWICE(name, buf, buf_len, reason) \
1686 { QUIC_TPARAM_##name, TPARAM_OP_INJECT_TWICE, (reason), \
1688 #define TPARAM_CHECK_INJECT_TWICE_A(name, buf, reason) \
1689 TPARAM_CHECK_INJECT_TWICE(name, buf, sizeof(buf), reason)
1690 #define TPARAM_CHECK_INJECT_RAW(buf, buf_len, reason) \
1691 { 0, TPARAM_OP_INJECT_RAW, (reason), \
1693 #define TPARAM_CHECK_INJECT_RAW_A(buf, reason) \
1694 TPARAM_CHECK_INJECT_RAW(buf, sizeof(buf), reason)
1695 #define TPARAM_CHECK_MUTATE(name, reason) \
1696 { QUIC_TPARAM_##name, TPARAM_OP_MUTATE, (reason) },
1697 #define TPARAM_CHECK_INT(name, reason) \
1698 TPARAM_CHECK_DROP_INJECT(name, NULL, 0, reason) \
1699 TPARAM_CHECK_DROP_INJECT_A(name, bogus_int, reason) \
1700 TPARAM_CHECK_DROP_INJECT_A(name, int_with_trailer, reason)
1702 struct tparam_test {
1705 const char *expect_fail; /* substring to expect in reason */
1710 static const unsigned char retry_scid_1[8] = { 0 };
1712 static const unsigned char disable_active_migration_1[] = {
1716 static const unsigned char malformed_stateless_reset_token_1[] = {
1720 static const unsigned char malformed_stateless_reset_token_2[] = {
1724 static const unsigned char malformed_stateless_reset_token_3[15] = { 0 };
1726 static const unsigned char malformed_stateless_reset_token_4[17] = { 0 };
1728 static const unsigned char malformed_preferred_addr_1[] = {
1732 static const unsigned char malformed_preferred_addr_2[42] = {
1733 0x0d, 0x28, /* too short */
1736 static const unsigned char malformed_preferred_addr_3[64] = {
1737 0x0d, 0x3e, /* too long */
1740 static const unsigned char malformed_preferred_addr_4[] = {
1741 /* TPARAM too short for CID length indicated */
1742 0x0d, 0x29, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1743 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1744 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1745 0x00, 0x00, 0x01, 0x55,
1746 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1747 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1750 static const unsigned char malformed_unknown_1[] = {
1754 static const unsigned char malformed_unknown_2[] = {
1758 static const unsigned char malformed_unknown_3[] = {
1762 static const unsigned char ack_delay_exp[] = {
1766 static const unsigned char stateless_reset_token[16] = { 0x42 };
1768 static const unsigned char preferred_addr[] = {
1769 0x44, 0x44, 0x44, 0x44,
1771 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
1772 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
1775 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99,
1776 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99,
1779 static const unsigned char long_cid[21] = { 0x42 };
1781 static const unsigned char excess_ack_delay_exp[] = {
1785 static const unsigned char excess_max_ack_delay[] = {
1786 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00,
1789 static const unsigned char excess_initial_max_streams[] = {
1790 0xD0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
1793 static const unsigned char undersize_udp_payload_size[] = {
1794 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0xaf,
1797 static const unsigned char undersize_active_conn_id_limit[] = {
1798 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
1801 static const unsigned char bogus_int[9] = { 0 };
1803 static const unsigned char int_with_trailer[2] = { 0x01 };
1805 #define QUIC_TPARAM_UNKNOWN_1 0xf1f1
1807 static const struct tparam_test tparam_tests[] = {
1808 TPARAM_CHECK_DUP(ORIG_DCID,
1809 "ORIG_DCID appears multiple times")
1810 TPARAM_CHECK_DUP(INITIAL_SCID,
1811 "INITIAL_SCID appears multiple times")
1812 TPARAM_CHECK_DUP(INITIAL_MAX_DATA,
1813 "INITIAL_MAX_DATA appears multiple times")
1814 TPARAM_CHECK_DUP(INITIAL_MAX_STREAM_DATA_BIDI_LOCAL,
1815 "INITIAL_MAX_STREAM_DATA_BIDI_LOCAL appears multiple times")
1816 TPARAM_CHECK_DUP(INITIAL_MAX_STREAM_DATA_BIDI_REMOTE,
1817 "INITIAL_MAX_STREAM_DATA_BIDI_REMOTE appears multiple times")
1818 TPARAM_CHECK_DUP(INITIAL_MAX_STREAM_DATA_UNI,
1819 "INITIAL_MAX_STREAM_DATA_UNI appears multiple times")
1820 TPARAM_CHECK_DUP(INITIAL_MAX_STREAMS_BIDI,
1821 "INITIAL_MAX_STREAMS_BIDI appears multiple times")
1822 TPARAM_CHECK_DUP(INITIAL_MAX_STREAMS_UNI,
1823 "INITIAL_MAX_STREAMS_UNI appears multiple times")
1824 TPARAM_CHECK_DUP(MAX_IDLE_TIMEOUT,
1825 "MAX_IDLE_TIMEOUT appears multiple times")
1826 TPARAM_CHECK_DUP(MAX_UDP_PAYLOAD_SIZE,
1827 "MAX_UDP_PAYLOAD_SIZE appears multiple times")
1828 TPARAM_CHECK_DUP(ACTIVE_CONN_ID_LIMIT,
1829 "ACTIVE_CONN_ID_LIMIT appears multiple times")
1830 TPARAM_CHECK_DUP(DISABLE_ACTIVE_MIGRATION,
1831 "DISABLE_ACTIVE_MIGRATION appears multiple times")
1833 TPARAM_CHECK_DROP(INITIAL_SCID,
1834 "INITIAL_SCID was not sent but is required")
1835 TPARAM_CHECK_DROP(ORIG_DCID,
1836 "ORIG_DCID was not sent but is required")
1838 TPARAM_CHECK_INJECT_A(RETRY_SCID, retry_scid_1,
1839 "RETRY_SCID sent when not performing a retry")
1840 TPARAM_CHECK_DROP_INJECT_A(DISABLE_ACTIVE_MIGRATION, disable_active_migration_1,
1841 "DISABLE_ACTIVE_MIGRATION is malformed")
1842 TPARAM_CHECK_INJECT(UNKNOWN_1, NULL, 0,
1844 TPARAM_CHECK_INJECT_RAW_A(malformed_stateless_reset_token_1,
1845 "STATELESS_RESET_TOKEN is malformed")
1846 TPARAM_CHECK_INJECT_A(STATELESS_RESET_TOKEN,
1847 malformed_stateless_reset_token_2,
1848 "STATELESS_RESET_TOKEN is malformed")
1849 TPARAM_CHECK_INJECT_A(STATELESS_RESET_TOKEN,
1850 malformed_stateless_reset_token_3,
1851 "STATELESS_RESET_TOKEN is malformed")
1852 TPARAM_CHECK_INJECT_A(STATELESS_RESET_TOKEN,
1853 malformed_stateless_reset_token_4,
1854 "STATELESS_RESET_TOKEN is malformed")
1855 TPARAM_CHECK_INJECT(STATELESS_RESET_TOKEN,
1857 "STATELESS_RESET_TOKEN is malformed")
1858 TPARAM_CHECK_INJECT_RAW_A(malformed_preferred_addr_1,
1859 "PREFERRED_ADDR is malformed")
1860 TPARAM_CHECK_INJECT_RAW_A(malformed_preferred_addr_2,
1861 "PREFERRED_ADDR is malformed")
1862 TPARAM_CHECK_INJECT_RAW_A(malformed_preferred_addr_3,
1863 "PREFERRED_ADDR is malformed")
1864 TPARAM_CHECK_INJECT_RAW_A(malformed_preferred_addr_4,
1865 "PREFERRED_ADDR is malformed")
1866 TPARAM_CHECK_INJECT_RAW_A(malformed_unknown_1,
1867 "bad transport parameter")
1868 TPARAM_CHECK_INJECT_RAW_A(malformed_unknown_2,
1869 "bad transport parameter")
1870 TPARAM_CHECK_INJECT_RAW_A(malformed_unknown_3,
1871 "bad transport parameter")
1873 TPARAM_CHECK_INJECT_A(ACK_DELAY_EXP, excess_ack_delay_exp,
1874 "ACK_DELAY_EXP is malformed")
1875 TPARAM_CHECK_INJECT_A(MAX_ACK_DELAY, excess_max_ack_delay,
1876 "MAX_ACK_DELAY is malformed")
1877 TPARAM_CHECK_DROP_INJECT_A(INITIAL_MAX_STREAMS_BIDI, excess_initial_max_streams,
1878 "INITIAL_MAX_STREAMS_BIDI is malformed")
1879 TPARAM_CHECK_DROP_INJECT_A(INITIAL_MAX_STREAMS_UNI, excess_initial_max_streams,
1880 "INITIAL_MAX_STREAMS_UNI is malformed")
1882 TPARAM_CHECK_DROP_INJECT_A(MAX_UDP_PAYLOAD_SIZE, undersize_udp_payload_size,
1883 "MAX_UDP_PAYLOAD_SIZE is malformed")
1884 TPARAM_CHECK_DROP_INJECT_A(ACTIVE_CONN_ID_LIMIT, undersize_active_conn_id_limit,
1885 "ACTIVE_CONN_ID_LIMIT is malformed")
1887 TPARAM_CHECK_INJECT_TWICE_A(ACK_DELAY_EXP, ack_delay_exp,
1888 "ACK_DELAY_EXP appears multiple times")
1889 TPARAM_CHECK_INJECT_TWICE_A(MAX_ACK_DELAY, ack_delay_exp,
1890 "MAX_ACK_DELAY appears multiple times")
1891 TPARAM_CHECK_INJECT_TWICE_A(STATELESS_RESET_TOKEN, stateless_reset_token,
1892 "STATELESS_RESET_TOKEN appears multiple times")
1893 TPARAM_CHECK_INJECT_TWICE_A(PREFERRED_ADDR, preferred_addr,
1894 "PREFERRED_ADDR appears multiple times")
1896 TPARAM_CHECK_MUTATE(ORIG_DCID,
1897 "ORIG_DCID does not match expected value")
1898 TPARAM_CHECK_MUTATE(INITIAL_SCID,
1899 "INITIAL_SCID does not match expected value")
1901 TPARAM_CHECK_DROP_INJECT_A(ORIG_DCID, long_cid,
1902 "ORIG_DCID is malformed")
1903 TPARAM_CHECK_DROP_INJECT_A(INITIAL_SCID, long_cid,
1904 "INITIAL_SCID is malformed")
1906 TPARAM_CHECK_INT(INITIAL_MAX_DATA,
1907 "INITIAL_MAX_DATA is malformed")
1908 TPARAM_CHECK_INT(INITIAL_MAX_STREAM_DATA_BIDI_LOCAL,
1909 "INITIAL_MAX_STREAM_DATA_BIDI_LOCAL is malformed")
1910 TPARAM_CHECK_INT(INITIAL_MAX_STREAM_DATA_BIDI_REMOTE,
1911 "INITIAL_MAX_STREAM_DATA_BIDI_REMOTE is malformed")
1912 TPARAM_CHECK_INT(INITIAL_MAX_STREAM_DATA_UNI,
1913 "INITIAL_MAX_STREAM_DATA_UNI is malformed")
1914 TPARAM_CHECK_INT(ACK_DELAY_EXP,
1915 "ACK_DELAY_EXP is malformed")
1916 TPARAM_CHECK_INT(MAX_ACK_DELAY,
1917 "MAX_ACK_DELAY is malformed")
1918 TPARAM_CHECK_INT(INITIAL_MAX_STREAMS_BIDI,
1919 "INITIAL_MAX_STREAMS_BIDI is malformed")
1920 TPARAM_CHECK_INT(INITIAL_MAX_STREAMS_UNI,
1921 "INITIAL_MAX_STREAMS_UNI is malformed")
1922 TPARAM_CHECK_INT(MAX_IDLE_TIMEOUT,
1923 "MAX_IDLE_TIMEOUT is malformed")
1924 TPARAM_CHECK_INT(MAX_UDP_PAYLOAD_SIZE,
1925 "MAX_UDP_PAYLOAD_SIZE is malformed")
1926 TPARAM_CHECK_INT(ACTIVE_CONN_ID_LIMIT,
1927 "ACTIVE_CONN_ID_LIMIT is malformed")
1931 const struct tparam_test *t;
1934 static int tparam_handle(struct tparam_ctx *ctx,
1935 uint64_t id, unsigned char *data,
1939 const struct tparam_test *t = ctx->t;
1943 if (!TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(wpkt, id,
1948 * If this is the matching ID, write it again, duplicating the TPARAM.
1951 && !TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(wpkt, id,
1957 case TPARAM_OP_DROP:
1958 case TPARAM_OP_DROP_INJECT:
1959 /* Pass through unless ID matches. */
1961 && !TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(wpkt, id,
1967 case TPARAM_OP_INJECT:
1968 case TPARAM_OP_INJECT_TWICE:
1969 case TPARAM_OP_INJECT_RAW:
1970 /* Always pass through. */
1971 if (!TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(wpkt, id,
1977 case TPARAM_OP_MUTATE:
1979 if (!TEST_size_t_gt(data_len, 0))
1985 if (!TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(wpkt, id,
1999 static int tparam_on_enc_ext(QTEST_FAULT *qtf, QTEST_ENCRYPTED_EXTENSIONS *ee,
2000 size_t ee_len, void *arg)
2003 struct tparam_ctx *ctx = arg;
2007 BUF_MEM *old_bufm = NULL, *new_bufm = NULL;
2008 unsigned char *tp_p;
2009 size_t tp_len, written, old_len, eb_len;
2012 if (!TEST_ptr(old_bufm = BUF_MEM_new()))
2016 * Delete transport parameters TLS extension and capture the contents of the
2017 * extension which was removed.
2019 if (!TEST_true(qtest_fault_delete_extension(qtf, TLSEXT_TYPE_quic_transport_parameters,
2020 ee->extensions, &ee->extensionslen,
2024 if (!TEST_true(PACKET_buf_init(&pkt, (unsigned char *)old_bufm->data, old_bufm->length))
2025 || !TEST_ptr(new_bufm = BUF_MEM_new())
2026 || !TEST_true(WPACKET_init(&wpkt, new_bufm)))
2032 * Open transport parameters TLS extension:
2034 * u16 Extension ID (quic_transport_parameters)
2035 * u16 Extension Data Length
2036 * ... Extension Data
2039 if (!TEST_true(WPACKET_put_bytes_u16(&wpkt,
2040 TLSEXT_TYPE_quic_transport_parameters))
2041 || !TEST_true(WPACKET_start_sub_packet_u16(&wpkt)))
2044 for (; PACKET_remaining(&pkt) > 0; ) {
2045 tp_p = (unsigned char *)ossl_quic_wire_decode_transport_param_bytes(&pkt,
2048 if (!TEST_ptr(tp_p)) {
2049 TEST_mem_eq(PACKET_data(&pkt), PACKET_remaining(&pkt), NULL, 0);
2053 if (!TEST_true(tparam_handle(ctx, id, tp_p, tp_len, &wpkt)))
2057 if (ctx->t->op == TPARAM_OP_INJECT || ctx->t->op == TPARAM_OP_DROP_INJECT
2058 || ctx->t->op == TPARAM_OP_INJECT_TWICE) {
2059 if (!TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(&wpkt, ctx->t->id,
2064 if (ctx->t->op == TPARAM_OP_INJECT_TWICE
2065 && !TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(&wpkt, ctx->t->id,
2069 } else if (ctx->t->op == TPARAM_OP_INJECT_RAW) {
2070 if (!TEST_true(WPACKET_memcpy(&wpkt, ctx->t->buf, ctx->t->buf_len)))
2074 if (!TEST_true(WPACKET_close(&wpkt))) /* end extension data, set length */
2077 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
2080 WPACKET_finish(&wpkt);
2084 * Append the constructed extension blob to the extension block.
2086 old_len = ee->extensionslen;
2088 if (!qtest_fault_resize_message(qtf, ee->extensionslen + written))
2091 memcpy(ee->extensions + old_len, new_bufm->data, written);
2093 /* Fixup the extension block header (u16 length of entire block). */
2094 eb_len = (((uint16_t)ee->extensions[0]) << 8) + (uint16_t)ee->extensions[1];
2096 ee->extensions[0] = (unsigned char)((eb_len >> 8) & 0xFF);
2097 ee->extensions[1] = (unsigned char)( eb_len & 0xFF);
2102 WPACKET_cleanup(&wpkt);
2103 BUF_MEM_free(old_bufm);
2104 BUF_MEM_free(new_bufm);
2108 static int test_tparam(int idx)
2111 SSL_CTX *c_ctx = NULL;
2113 QUIC_TSERVER *s = NULL;
2114 QTEST_FAULT *qtf = NULL;
2115 struct tparam_ctx ctx = {0};
2117 ctx.t = &tparam_tests[idx];
2119 if (!TEST_ptr(c_ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
2122 if (!TEST_true(qtest_create_quic_objects(libctx, c_ctx, NULL, cert,
2124 &c_ssl, &qtf, NULL)))
2127 if (!TEST_true(qtest_fault_set_hand_enc_ext_listener(qtf, tparam_on_enc_ext,
2131 if (!TEST_true(qtest_create_quic_connection_ex(s, c_ssl,
2132 ctx.t->expect_fail != NULL)))
2135 if (ctx.t->expect_fail != NULL) {
2136 SSL_CONN_CLOSE_INFO info = {0};
2138 if (!TEST_true(SSL_get_conn_close_info(c_ssl, &info, sizeof(info))))
2141 if (!TEST_true((info.flags & SSL_CONN_CLOSE_FLAG_TRANSPORT) != 0)
2142 || !TEST_uint64_t_eq(info.error_code, OSSL_QUIC_ERR_TRANSPORT_PARAMETER_ERROR)
2143 || !TEST_ptr(strstr(info.reason, ctx.t->expect_fail))) {
2144 TEST_error("expected connection closure information mismatch"
2145 " during TPARAM test: flags=%llu ec=%llu reason='%s'",
2146 (unsigned long long)info.flags,
2147 (unsigned long long)info.error_code,
2156 if (ctx.t->expect_fail != NULL)
2157 TEST_info("failed during test for id=%llu, op=%d, bl=%zu, "
2158 "expected failure='%s'", (unsigned long long)ctx.t->id,
2159 ctx.t->op, ctx.t->buf_len, ctx.t->expect_fail);
2161 TEST_info("failed during test for id=%llu, op=%d, bl=%zu",
2162 (unsigned long long)ctx.t->id, ctx.t->op, ctx.t->buf_len);
2165 ossl_quic_tserver_free(s);
2167 SSL_CTX_free(c_ctx);
2168 qtest_fault_free(qtf);
2171 /***********************************************************************************/
2173 OPT_TEST_DECLARE_USAGE("provider config certsdir datadir\n")
2175 int setup_tests(void)
2180 libctx = OSSL_LIB_CTX_new();
2181 if (!TEST_ptr(libctx))
2184 defctxnull = OSSL_PROVIDER_load(NULL, "null");
2187 * Verify that the default and fips providers in the default libctx are not
2190 if (!TEST_false(OSSL_PROVIDER_available(NULL, "default"))
2191 || !TEST_false(OSSL_PROVIDER_available(NULL, "fips")))
2194 if (!test_skip_common_options()) {
2195 TEST_error("Error parsing test options\n");
2199 if (!TEST_ptr(modulename = test_get_argument(0))
2200 || !TEST_ptr(configfile = test_get_argument(1))
2201 || !TEST_ptr(certsdir = test_get_argument(2))
2202 || !TEST_ptr(datadir = test_get_argument(3)))
2205 if (!TEST_true(OSSL_LIB_CTX_load_config(libctx, configfile)))
2208 /* Check we have the expected provider available */
2209 if (!TEST_true(OSSL_PROVIDER_available(libctx, modulename)))
2212 /* Check the default provider is not available */
2213 if (strcmp(modulename, "default") != 0
2214 && !TEST_false(OSSL_PROVIDER_available(libctx, "default")))
2217 if (strcmp(modulename, "fips") == 0)
2220 cert = test_mk_file_path(certsdir, "servercert.pem");
2224 ccert = test_mk_file_path(certsdir, "ee-client-chain.pem");
2228 cauthca = test_mk_file_path(certsdir, "root-cert.pem");
2229 if (cauthca == NULL)
2232 privkey = test_mk_file_path(certsdir, "serverkey.pem");
2233 if (privkey == NULL)
2236 cprivkey = test_mk_file_path(certsdir, "ee-key.pem");
2237 if (privkey == NULL)
2240 ADD_ALL_TESTS(test_quic_write_read, 3);
2241 ADD_TEST(test_fin_only_blocking);
2242 ADD_TEST(test_ciphersuites);
2243 ADD_TEST(test_cipher_find);
2244 ADD_TEST(test_version);
2245 #if defined(DO_SSL_TRACE_TEST)
2246 ADD_TEST(test_ssl_trace);
2248 ADD_TEST(test_quic_forbidden_apis_ctx);
2249 ADD_TEST(test_quic_forbidden_apis);
2250 ADD_TEST(test_quic_forbidden_options);
2251 ADD_ALL_TESTS(test_quic_set_fd, 3);
2252 ADD_TEST(test_bio_ssl);
2253 ADD_TEST(test_back_pressure);
2254 ADD_TEST(test_multiple_dgrams);
2255 ADD_ALL_TESTS(test_non_io_retry, 2);
2256 ADD_TEST(test_quic_psk);
2257 ADD_ALL_TESTS(test_client_auth, 3);
2258 ADD_ALL_TESTS(test_alpn, 2);
2259 ADD_ALL_TESTS(test_noisy_dgram, 2);
2260 ADD_TEST(test_bw_limit);
2261 ADD_TEST(test_get_shutdown);
2262 ADD_ALL_TESTS(test_tparam, OSSL_NELEM(tparam_tests));
2270 void cleanup_tests(void)
2272 bio_f_noisy_dgram_filter_free();
2273 bio_f_pkt_split_dgram_filter_free();
2275 OPENSSL_free(privkey);
2276 OPENSSL_free(ccert);
2277 OPENSSL_free(cauthca);
2278 OPENSSL_free(cprivkey);
2279 OSSL_PROVIDER_unload(defctxnull);
2280 OSSL_LIB_CTX_free(libctx);
projects / openssl.git / blob