Rename various functions OSSL_QUIC_FAULT -> QTEST_FAULT

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/ope

Rename various functions OSSL_QUIC_FAULT -> QTEST_FAULT

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20030)

show more ...

Don't declare SSL_CONNECTION twice

It causes problems with some compilation options

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>

Don't declare SSL_CONNECTION twice

It causes problems with some compilation options

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20030)

show more ...

Ensure calling BIO_recvmmsg() with a dgram pair reports errors

When calling BIO-recvmmsg() and using a dgram pair we were failing to
raise an error in the case that a problem occurs. Thi

Ensure calling BIO_recvmmsg() with a dgram pair reports errors

When calling BIO-recvmmsg() and using a dgram pair we were failing to
raise an error in the case that a problem occurs. This means that the
reason behind a failure cannot be detected and all problems are treated
as fatal even if they may not be.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20030)

show more ...

Add a helper function to prepend a frame to a packet

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openss

Add a helper function to prepend a frame to a packet

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20030)

show more ...

Add explanatory comments to say what happens during resizing of buffers

Explain that buffers are over allocated to being with, so a resize is a
logical resize only. Buffer addresses neve

Add explanatory comments to say what happens during resizing of buffers

Explain that buffers are over allocated to being with, so a resize is a
logical resize only. Buffer addresses never change.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20030)

show more ...

Add a qtest_check_server_transport_err helper function

Allows tests to check that a given transport error was received by the
server.

Reviewed-by: Hugo Landau <hlandau@openssl.o

Add a qtest_check_server_transport_err helper function

Allows tests to check that a given transport error was received by the
server.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20030)

show more ...

Extend the corruption test to truncate a datagram

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/o

Extend the corruption test to truncate a datagram

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20030)

show more ...

Add the capability to listen for datagrams

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/

Add the capability to listen for datagrams

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20030)

show more ...

Don't treat the Tserver as connected until the handshake is confirmed

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://

Don't treat the Tserver as connected until the handshake is confirmed

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20030)

show more ...

Add a test for a corrupted packet

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2003

Add a test for a corrupted packet

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20030)

show more ...

Enable the fault injector to add faults to post-encryption packets

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://git

Enable the fault injector to add faults to post-encryption packets

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20030)

show more ...

Expand some comments in the header file

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pul

Expand some comments in the header file

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20030)

show more ...

Raise a protocol error if we have not received transport params from peer

If we complete the TLS handshake but transport params were not received
then this is a protcol error and we shou

Raise a protocol error if we have not received transport params from peer

If we complete the TLS handshake but transport params were not received
then this is a protcol error and we should fail.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20030)

show more ...

Add a test for a server that doesn't provide transport params

Check that we fail if the server has failed to provide transport params.

Reviewed-by: Hugo Landau <hlandau@openssl.org>

Add a test for a server that doesn't provide transport params

Check that we fail if the server has failed to provide transport params.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20030)

show more ...

Implement the QUIC Fault injector support for TLS handshake messages

Provide helper functions to listen for TLS handshake messages being sent,
as well as the ability to change the conten

Implement the QUIC Fault injector support for TLS handshake messages

Provide helper functions to listen for TLS handshake messages being sent,
as well as the ability to change the contents of those messages as well as
resizing them.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20030)

show more ...

Add the ability to mutate TLS handshake messages before they are written

We add callbacks so that TLS handshake messages can be modified by the test
framework before they are passed to t

Add the ability to mutate TLS handshake messages before they are written

We add callbacks so that TLS handshake messages can be modified by the test
framework before they are passed to the handshake hash, possibly encrypted
and written to the network. This enables us to simulate badly behaving
endpoints.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20030)

show more ...

Add a test where an unknown frame type is received

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/

Add a test where an unknown frame type is received

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20030)

show more ...

Enable QUIC test server to find out the termination reason

We enable querying of the termination reason which is useful for tests.

Reviewed-by: Hugo Landau <hlandau@openssl.org>

Enable QUIC test server to find out the termination reason

We enable querying of the termination reason which is useful for tests.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20030)

show more ...

Treat unknown frames as a protocol error

From RFC9000, section 19.21 "An extension to QUIC that wishes to use a new
type of frame MUST first ensure that a peer is able to understand the

Treat unknown frames as a protocol error

From RFC9000, section 19.21 "An extension to QUIC that wishes to use a new
type of frame MUST first ensure that a peer is able to understand the
frame". So if we receive an unknown frame type from a peer we should treat
it as a protocol violation. In fact we ignore it, and ignore all the
contents of the rest of the packet and continue on regardless.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20030)

show more ...

Don't raise an error on retryable read in a BIO_s_dgram_pair()

This results in spurious errors appearing on the queue in normal
operation, e.g. calling SSL_tick() with a QUIC connection

Don't raise an error on retryable read in a BIO_s_dgram_pair()

This results in spurious errors appearing on the queue in normal
operation, e.g. calling SSL_tick() with a QUIC connection will succeed,
but an error will end up on the queue anyway.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20030)

show more ...

Implement the QUIC Fault injector support for plaintext packets

Provider helper functions to listen for plaintext packets being sent, as
well as the ability to change the contents of tho

Implement the QUIC Fault injector support for plaintext packets

Provider helper functions to listen for plaintext packets being sent, as
well as the ability to change the contents of those packets as well as
resizing them.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20030)

show more ...

Add a skeleton quicfaultstest

Also includes helper support to create a QUIC connection inside a test.

We wil use quicfaultstest to deliberately inject faulty datagrams/packets
t

Add a skeleton quicfaultstest

Also includes helper support to create a QUIC connection inside a test.

We wil use quicfaultstest to deliberately inject faulty datagrams/packets
to test how we handle them.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20030)

show more ...

Add the ability to mutate QUIC packets before they are written

We add callbacks so that QUIC packets can be modified by the test
framework before they are encrypted and written to the ne

Add the ability to mutate QUIC packets before they are written

We add callbacks so that QUIC packets can be modified by the test
framework before they are encrypted and written to the network. This
enables us to simulate badly behaving endpoints.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20030)

show more ...

update documentation to note that EdDSA is not FIPS approved

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://g

update documentation to note that EdDSA is not FIPS approved

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20343)

show more ...

update changes entry to note EdDSA is not FIPS approved

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github

update changes entry to note EdDSA is not FIPS approved

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20343)

show more ...