1 /*
2 * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stdio.h>
11 #include <string.h>
12
13 #include <openssl/opensslconf.h>
14 #include <openssl/quic.h>
15 #include <openssl/rand.h>
16
17 #include "helpers/ssltestlib.h"
18 #include "helpers/quictestlib.h"
19 #include "testutil.h"
20 #include "testutil/output.h"
21 #include "../ssl/ssl_local.h"
22 #include "internal/quic_error.h"
23
24 static OSSL_LIB_CTX *libctx = NULL;
25 static OSSL_PROVIDER *defctxnull = NULL;
26 static char *certsdir = NULL;
27 static char *cert = NULL;
28 static char *ccert = NULL;
29 static char *cauthca = NULL;
30 static char *privkey = NULL;
31 static char *cprivkey = NULL;
32 static char *datadir = NULL;
33
34 static int is_fips = 0;
35
36 /* The ssltrace test assumes some options are switched on/off */
37 #if !defined(OPENSSL_NO_SSL_TRACE) \
38 && defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) \
39 && !defined(OPENSSL_NO_ECX) && !defined(OPENSSL_NO_DH)
40 # define DO_SSL_TRACE_TEST
41 #endif
42
43 /*
44 * Test that we read what we've written.
45 * Test 0: Non-blocking
46 * Test 1: Blocking
47 * Test 2: Blocking, introduce socket error, test error handling.
48 */
test_quic_write_read(int idx)49 static int test_quic_write_read(int idx)
50 {
51 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
52 SSL_CTX *sctx = NULL;
53 SSL *clientquic = NULL;
54 QUIC_TSERVER *qtserv = NULL;
55 int j, k, ret = 0;
56 unsigned char buf[20], scratch[64];
57 static char *msg = "A test message";
58 size_t msglen = strlen(msg);
59 size_t numbytes = 0;
60 int ssock = 0, csock = 0;
61 uint64_t sid = UINT64_MAX;
62 SSL_SESSION *sess = NULL;
63
64 if (idx >= 1 && !qtest_supports_blocking())
65 return TEST_skip("Blocking tests not supported in this build");
66
67 for (k = 0; k < 2; k++) {
68 if (!TEST_ptr(cctx)
69 || !TEST_true(qtest_create_quic_objects(libctx, cctx, sctx,
70 cert, privkey,
71 idx >= 1
72 ? QTEST_FLAG_BLOCK
73 : 0,
74 &qtserv, &clientquic,
75 NULL, NULL))
76 || !TEST_true(SSL_set_tlsext_host_name(clientquic, "localhost")))
77 goto end;
78
79 if (sess != NULL && !TEST_true(SSL_set_session(clientquic, sess)))
80 goto end;
81
82 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
83 goto end;
84
85 if (idx >= 1) {
86 if (!TEST_true(BIO_get_fd(ossl_quic_tserver_get0_rbio(qtserv),
87 &ssock)))
88 goto end;
89 if (!TEST_int_gt(csock = SSL_get_rfd(clientquic), 0))
90 goto end;
91 }
92
93 sid = 0; /* client-initiated bidirectional stream */
94
95 for (j = 0; j < 2; j++) {
96 /* Check that sending and receiving app data is ok */
97 if (!TEST_true(SSL_write_ex(clientquic, msg, msglen, &numbytes))
98 || !TEST_size_t_eq(numbytes, msglen))
99 goto end;
100 if (idx >= 1) {
101 do {
102 if (!TEST_true(wait_until_sock_readable(ssock)))
103 goto end;
104
105 ossl_quic_tserver_tick(qtserv);
106
107 if (!TEST_true(ossl_quic_tserver_read(qtserv, sid, buf,
108 sizeof(buf),
109 &numbytes)))
110 goto end;
111 } while (numbytes == 0);
112
113 if (!TEST_mem_eq(buf, numbytes, msg, msglen))
114 goto end;
115 }
116
117 if (idx >= 2 && j > 0)
118 /* Introduce permanent socket error */
119 BIO_closesocket(csock);
120
121 ossl_quic_tserver_tick(qtserv);
122 if (!TEST_true(ossl_quic_tserver_write(qtserv, sid,
123 (unsigned char *)msg,
124 msglen, &numbytes)))
125 goto end;
126 ossl_quic_tserver_tick(qtserv);
127 SSL_handle_events(clientquic);
128
129 if (idx >= 2 && j > 0) {
130 if (!TEST_false(SSL_read_ex(clientquic, buf, 1, &numbytes))
131 || !TEST_int_eq(SSL_get_error(clientquic, 0),
132 SSL_ERROR_SYSCALL)
133 || !TEST_false(SSL_write_ex(clientquic, msg, msglen,
134 &numbytes))
135 || !TEST_int_eq(SSL_get_error(clientquic, 0),
136 SSL_ERROR_SYSCALL))
137 goto end;
138 break;
139 }
140
141 /*
142 * In blocking mode the SSL_read_ex call will block until the socket
143 * is readable and has our data. In non-blocking mode we're doing
144 * everything in memory, so it should be immediately available
145 */
146 if (!TEST_true(SSL_read_ex(clientquic, buf, 1, &numbytes))
147 || !TEST_size_t_eq(numbytes, 1)
148 || !TEST_true(SSL_has_pending(clientquic))
149 || !TEST_int_eq(SSL_pending(clientquic), msglen - 1)
150 || !TEST_true(SSL_read_ex(clientquic, buf + 1,
151 sizeof(buf) - 1, &numbytes))
152 || !TEST_mem_eq(buf, numbytes + 1, msg, msglen))
153 goto end;
154 }
155
156 /* Test that exporters work. */
157 if (!TEST_true(SSL_export_keying_material(clientquic, scratch,
158 sizeof(scratch), "test", 4, (unsigned char *)"ctx", 3,
159 1)))
160 goto end;
161
162 if (sess == NULL) {
163 /* We didn't supply a session so we're not expecting resumption */
164 if (!TEST_false(SSL_session_reused(clientquic)))
165 goto end;
166 /* We should have a session ticket by now */
167 sess = SSL_get1_session(clientquic);
168 if (!TEST_ptr(sess))
169 goto end;
170 } else {
171 /* We supplied a session so we should have resumed */
172 if (!TEST_true(SSL_session_reused(clientquic)))
173 goto end;
174 }
175
176 if (!TEST_true(qtest_shutdown(qtserv, clientquic)))
177 goto end;
178
179 if (sctx == NULL) {
180 sctx = ossl_quic_tserver_get0_ssl_ctx(qtserv);
181 if (!TEST_true(SSL_CTX_up_ref(sctx))) {
182 sctx = NULL;
183 goto end;
184 }
185 }
186 ossl_quic_tserver_free(qtserv);
187 qtserv = NULL;
188 SSL_free(clientquic);
189 clientquic = NULL;
190
191 if (idx >= 2)
192 break;
193 }
194
195 ret = 1;
196
197 end:
198 SSL_SESSION_free(sess);
199 ossl_quic_tserver_free(qtserv);
200 SSL_free(clientquic);
201 SSL_CTX_free(cctx);
202 SSL_CTX_free(sctx);
203
204 return ret;
205 }
206
207 /*
208 * Test that sending FIN with no data to a client blocking in SSL_read_ex() will
209 * wake up the client.
210 */
test_fin_only_blocking(void)211 static int test_fin_only_blocking(void)
212 {
213 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
214 SSL_CTX *sctx = NULL;
215 SSL *clientquic = NULL;
216 QUIC_TSERVER *qtserv = NULL;
217 const char *msg = "Hello World";
218 uint64_t sid;
219 size_t numbytes;
220 unsigned char buf[32];
221 int ret = 0;
222 OSSL_TIME timer, timediff;
223
224 if (!qtest_supports_blocking())
225 return TEST_skip("Blocking tests not supported in this build");
226
227 if (!TEST_ptr(cctx)
228 || !TEST_true(qtest_create_quic_objects(libctx, cctx, sctx,
229 cert, privkey,
230 QTEST_FLAG_BLOCK,
231 &qtserv, &clientquic,
232 NULL, NULL))
233 || !TEST_true(SSL_set_tlsext_host_name(clientquic, "localhost")))
234 goto end;
235
236 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
237 goto end;
238
239 if (!TEST_true(ossl_quic_tserver_stream_new(qtserv, 0, &sid))
240 || !TEST_true(ossl_quic_tserver_write(qtserv, sid,
241 (unsigned char *)msg,
242 strlen(msg), &numbytes))
243 || !TEST_size_t_eq(strlen(msg), numbytes))
244 goto end;
245
246 ossl_quic_tserver_tick(qtserv);
247
248 if (!TEST_true(SSL_read_ex(clientquic, buf, sizeof(buf), &numbytes))
249 || !TEST_mem_eq(msg, strlen(msg), buf, numbytes))
250
251
252 goto end;
253
254 if (!TEST_true(ossl_quic_tserver_conclude(qtserv, sid)))
255 goto end;
256
257 timer = ossl_time_now();
258 if (!TEST_false(SSL_read_ex(clientquic, buf, sizeof(buf), &numbytes)))
259 goto end;
260 timediff = ossl_time_subtract(ossl_time_now(), timer);
261
262 if (!TEST_int_eq(SSL_get_error(clientquic, 0), SSL_ERROR_ZERO_RETURN)
263 /*
264 * We expect the SSL_read_ex to not have blocked so this should
265 * be very fast. 20ms should be plenty.
266 */
267 || !TEST_uint64_t_le(ossl_time2ms(timediff), 20))
268 goto end;
269
270 if (!TEST_true(qtest_shutdown(qtserv, clientquic)))
271 goto end;
272
273 ret = 1;
274
275 end:
276 ossl_quic_tserver_free(qtserv);
277 SSL_free(clientquic);
278 SSL_CTX_free(cctx);
279 SSL_CTX_free(sctx);
280
281 return ret;
282 }
283
284 /* Test that a vanilla QUIC SSL object has the expected ciphersuites available */
test_ciphersuites(void)285 static int test_ciphersuites(void)
286 {
287 SSL_CTX *ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
288 SSL *ssl = NULL;
289 int testresult = 0;
290 const STACK_OF(SSL_CIPHER) *ciphers = NULL;
291 const SSL_CIPHER *cipher;
292 /* We expect this exact list of ciphersuites by default */
293 int cipherids[] = {
294 TLS1_3_CK_AES_256_GCM_SHA384,
295 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
296 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
297 #endif
298 TLS1_3_CK_AES_128_GCM_SHA256
299 };
300 size_t i, j;
301
302 if (!TEST_ptr(ctx))
303 return 0;
304
305 /*
306 * Attempting to set TLSv1.2 ciphersuites should succeed, even though they
307 * aren't used in QUIC.
308 */
309 if (!TEST_true(SSL_CTX_set_cipher_list(ctx, "DEFAULT")))
310 goto err;
311
312 ssl = SSL_new(ctx);
313 if (!TEST_ptr(ssl))
314 goto err;
315
316 if (!TEST_true(SSL_set_cipher_list(ssl, "DEFAULT")))
317 goto err;
318
319 ciphers = SSL_get_ciphers(ssl);
320
321 for (i = 0, j = 0; i < OSSL_NELEM(cipherids); i++) {
322 if (cipherids[i] == TLS1_3_CK_CHACHA20_POLY1305_SHA256 && is_fips)
323 continue;
324 cipher = sk_SSL_CIPHER_value(ciphers, j++);
325 if (!TEST_ptr(cipher))
326 goto err;
327 if (!TEST_uint_eq(SSL_CIPHER_get_id(cipher), cipherids[i]))
328 goto err;
329 }
330
331 /* We should have checked all the ciphers in the stack */
332 if (!TEST_int_eq(sk_SSL_CIPHER_num(ciphers), j))
333 goto err;
334
335 testresult = 1;
336 err:
337 SSL_free(ssl);
338 SSL_CTX_free(ctx);
339
340 return testresult;
341 }
342
test_cipher_find(void)343 static int test_cipher_find(void)
344 {
345 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
346 SSL *clientquic = NULL;
347 struct {
348 const unsigned char *cipherbytes;
349 int ok;
350 } testciphers[] = {
351 { TLS13_AES_128_GCM_SHA256_BYTES, 1 },
352 { TLS13_AES_256_GCM_SHA384_BYTES, 1 },
353 { TLS13_CHACHA20_POLY1305_SHA256_BYTES, 1 },
354 { TLS13_AES_128_CCM_SHA256_BYTES, 0 },
355 { TLS13_AES_128_CCM_8_SHA256_BYTES, 0 },
356 #if !defined(OPENSSL_NO_INTEGRITY_ONLY_CIPHERS)
357 { TLS13_SHA256_SHA256_BYTES, 0 },
358 { TLS13_SHA384_SHA384_BYTES, 0 }
359 #endif
360 };
361 size_t i;
362 int testresult = 0;
363
364 if (!TEST_ptr(cctx))
365 goto err;
366
367 clientquic = SSL_new(cctx);
368 if (!TEST_ptr(clientquic))
369 goto err;
370
371 for (i = 0; i < OSSL_NELEM(testciphers); i++)
372 if (testciphers[i].ok) {
373 if (!TEST_ptr(SSL_CIPHER_find(clientquic,
374 testciphers[i].cipherbytes)))
375 goto err;
376 } else {
377 if (!TEST_ptr_null(SSL_CIPHER_find(clientquic,
378 testciphers[i].cipherbytes)))
379 goto err;
380 }
381
382 testresult = 1;
383 err:
384 SSL_free(clientquic);
385 SSL_CTX_free(cctx);
386
387 return testresult;
388 }
389
390 /*
391 * Test that SSL_version, SSL_get_version, SSL_is_quic, SSL_is_tls and
392 * SSL_is_dtls return the expected results for a QUIC connection. Compare with
393 * test_version() in sslapitest.c which does the same thing for TLS/DTLS
394 * connections.
395 */
test_version(void)396 static int test_version(void)
397 {
398 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
399 SSL *clientquic = NULL;
400 QUIC_TSERVER *qtserv = NULL;
401 int testresult = 0;
402
403 if (!TEST_ptr(cctx)
404 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
405 privkey, 0, &qtserv,
406 &clientquic, NULL, NULL))
407 || !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
408 goto err;
409
410 if (!TEST_int_eq(SSL_version(clientquic), OSSL_QUIC1_VERSION)
411 || !TEST_str_eq(SSL_get_version(clientquic), "QUICv1"))
412 goto err;
413
414 if (!TEST_true(SSL_is_quic(clientquic))
415 || !TEST_false(SSL_is_tls(clientquic))
416 || !TEST_false(SSL_is_dtls(clientquic)))
417 goto err;
418
419
420 testresult = 1;
421 err:
422 ossl_quic_tserver_free(qtserv);
423 SSL_free(clientquic);
424 SSL_CTX_free(cctx);
425
426 return testresult;
427 }
428
429 #if defined(DO_SSL_TRACE_TEST)
strip_line_ends(char * str)430 static void strip_line_ends(char *str)
431 {
432 size_t i;
433
434 for (i = strlen(str);
435 i > 0 && (str[i - 1] == '\n' || str[i - 1] == '\r');
436 i--);
437
438 str[i] = '\0';
439 }
440
compare_with_file(BIO * membio)441 static int compare_with_file(BIO *membio)
442 {
443 BIO *file = NULL, *newfile = NULL;
444 char buf1[512], buf2[512];
445 char *reffile;
446 int ret = 0;
447 size_t i;
448
449 #ifdef OPENSSL_NO_ZLIB
450 reffile = test_mk_file_path(datadir, "ssltraceref.txt");
451 #else
452 reffile = test_mk_file_path(datadir, "ssltraceref-zlib.txt");
453 #endif
454 if (!TEST_ptr(reffile))
455 goto err;
456
457 file = BIO_new_file(reffile, "rb");
458 if (!TEST_ptr(file))
459 goto err;
460
461 newfile = BIO_new_file("ssltraceref-new.txt", "wb");
462 if (!TEST_ptr(newfile))
463 goto err;
464
465 while (BIO_gets(membio, buf2, sizeof(buf2)) > 0)
466 if (BIO_puts(newfile, buf2) <= 0) {
467 TEST_error("Failed writing new file data");
468 goto err;
469 }
470
471 if (!TEST_int_ge(BIO_seek(membio, 0), 0))
472 goto err;
473
474 while (BIO_gets(file, buf1, sizeof(buf1)) > 0) {
475 if (BIO_gets(membio, buf2, sizeof(buf2)) <= 0) {
476 TEST_error("Failed reading mem data");
477 goto err;
478 }
479 strip_line_ends(buf1);
480 strip_line_ends(buf2);
481 if (strlen(buf1) != strlen(buf2)) {
482 TEST_error("Actual and ref line data length mismatch");
483 TEST_info("%s", buf1);
484 TEST_info("%s", buf2);
485 goto err;
486 }
487 for (i = 0; i < strlen(buf1); i++) {
488 /* '?' is a wild card character in the reference text */
489 if (buf1[i] == '?')
490 buf2[i] = '?';
491 }
492 if (!TEST_str_eq(buf1, buf2))
493 goto err;
494 }
495 if (!TEST_true(BIO_eof(file))
496 || !TEST_true(BIO_eof(membio)))
497 goto err;
498
499 ret = 1;
500 err:
501 OPENSSL_free(reffile);
502 BIO_free(file);
503 BIO_free(newfile);
504 return ret;
505 }
506
507 /*
508 * Tests that the SSL_trace() msg_callback works as expected with a QUIC
509 * connection. This also provides testing of the msg_callback at the same time.
510 */
test_ssl_trace(void)511 static int test_ssl_trace(void)
512 {
513 SSL_CTX *cctx = NULL;
514 SSL *clientquic = NULL;
515 QUIC_TSERVER *qtserv = NULL;
516 int testresult = 0;
517 BIO *bio = NULL;
518
519 if (!TEST_ptr(cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()))
520 || !TEST_ptr(bio = BIO_new(BIO_s_mem()))
521 || !TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_128_GCM_SHA256"))
522 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
523 privkey,
524 QTEST_FLAG_FAKE_TIME,
525 &qtserv,
526 &clientquic, NULL, NULL)))
527 goto err;
528
529 SSL_set_msg_callback(clientquic, SSL_trace);
530 SSL_set_msg_callback_arg(clientquic, bio);
531
532 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
533 goto err;
534
535 /* Skip the comparison of the trace when the fips provider is used. */
536 if (is_fips) {
537 /* Check whether there was something written. */
538 if (!TEST_int_gt(BIO_pending(bio), 0))
539 goto err;
540 } else {
541 if (!TEST_true(compare_with_file(bio)))
542 goto err;
543 }
544
545 testresult = 1;
546 err:
547 ossl_quic_tserver_free(qtserv);
548 SSL_free(clientquic);
549 SSL_CTX_free(cctx);
550 BIO_free(bio);
551
552 return testresult;
553 }
554 #endif
555
ensure_valid_ciphers(const STACK_OF (SSL_CIPHER)* ciphers)556 static int ensure_valid_ciphers(const STACK_OF(SSL_CIPHER) *ciphers)
557 {
558 size_t i;
559
560 /* Ensure ciphersuite list is suitably subsetted. */
561 for (i = 0; i < (size_t)sk_SSL_CIPHER_num(ciphers); ++i) {
562 const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(ciphers, i);
563 switch (SSL_CIPHER_get_id(cipher)) {
564 case TLS1_3_CK_AES_128_GCM_SHA256:
565 case TLS1_3_CK_AES_256_GCM_SHA384:
566 case TLS1_3_CK_CHACHA20_POLY1305_SHA256:
567 break;
568 default:
569 TEST_error("forbidden cipher: %s", SSL_CIPHER_get_name(cipher));
570 return 0;
571 }
572 }
573
574 return 1;
575 }
576
577 /*
578 * Test that handshake-layer APIs which shouldn't work don't work with QUIC.
579 */
test_quic_forbidden_apis_ctx(void)580 static int test_quic_forbidden_apis_ctx(void)
581 {
582 int testresult = 0;
583 SSL_CTX *ctx = NULL;
584
585 if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
586 goto err;
587
588 #ifndef OPENSSL_NO_SRTP
589 /* This function returns 0 on success and 1 on error, and should fail. */
590 if (!TEST_true(SSL_CTX_set_tlsext_use_srtp(ctx, "SRTP_AEAD_AES_128_GCM")))
591 goto err;
592 #endif
593
594 /*
595 * List of ciphersuites we do and don't allow in QUIC.
596 */
597 #define QUIC_CIPHERSUITES \
598 "TLS_AES_128_GCM_SHA256:" \
599 "TLS_AES_256_GCM_SHA384:" \
600 "TLS_CHACHA20_POLY1305_SHA256"
601
602 #define NON_QUIC_CIPHERSUITES \
603 "TLS_AES_128_CCM_SHA256:" \
604 "TLS_AES_256_CCM_SHA384:" \
605 "TLS_AES_128_CCM_8_SHA256:" \
606 "TLS_SHA256_SHA256:" \
607 "TLS_SHA384_SHA384"
608
609 /* Set TLSv1.3 ciphersuite list for the SSL_CTX. */
610 if (!TEST_true(SSL_CTX_set_ciphersuites(ctx,
611 QUIC_CIPHERSUITES ":"
612 NON_QUIC_CIPHERSUITES)))
613 goto err;
614
615 /*
616 * Forbidden ciphersuites should show up in SSL_CTX accessors, they are only
617 * filtered in SSL_get1_supported_ciphers, so we don't check for
618 * non-inclusion here.
619 */
620
621 testresult = 1;
622 err:
623 SSL_CTX_free(ctx);
624 return testresult;
625 }
626
test_quic_forbidden_apis(void)627 static int test_quic_forbidden_apis(void)
628 {
629 int testresult = 0;
630 SSL_CTX *ctx = NULL;
631 SSL *ssl = NULL;
632 STACK_OF(SSL_CIPHER) *ciphers = NULL;
633
634 if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
635 goto err;
636
637 if (!TEST_ptr(ssl = SSL_new(ctx)))
638 goto err;
639
640 #ifndef OPENSSL_NO_SRTP
641 /* This function returns 0 on success and 1 on error, and should fail. */
642 if (!TEST_true(SSL_set_tlsext_use_srtp(ssl, "SRTP_AEAD_AES_128_GCM")))
643 goto err;
644 #endif
645
646 /* Set TLSv1.3 ciphersuite list for the SSL_CTX. */
647 if (!TEST_true(SSL_set_ciphersuites(ssl,
648 QUIC_CIPHERSUITES ":"
649 NON_QUIC_CIPHERSUITES)))
650 goto err;
651
652 /* Non-QUIC ciphersuites must not appear in supported ciphers list. */
653 if (!TEST_ptr(ciphers = SSL_get1_supported_ciphers(ssl))
654 || !TEST_true(ensure_valid_ciphers(ciphers)))
655 goto err;
656
657 testresult = 1;
658 err:
659 sk_SSL_CIPHER_free(ciphers);
660 SSL_free(ssl);
661 SSL_CTX_free(ctx);
662 return testresult;
663 }
664
test_quic_forbidden_options(void)665 static int test_quic_forbidden_options(void)
666 {
667 int testresult = 0;
668 SSL_CTX *ctx = NULL;
669 SSL *ssl = NULL;
670 char buf[16];
671 size_t len;
672
673 if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
674 goto err;
675
676 /* QUIC options restrictions do not affect SSL_CTX */
677 SSL_CTX_set_options(ctx, UINT64_MAX);
678
679 if (!TEST_uint64_t_eq(SSL_CTX_get_options(ctx), UINT64_MAX))
680 goto err;
681
682 /* Set options on CTX which should not be inherited (tested below). */
683 SSL_CTX_set_read_ahead(ctx, 1);
684 SSL_CTX_set_max_early_data(ctx, 1);
685 SSL_CTX_set_recv_max_early_data(ctx, 1);
686 SSL_CTX_set_quiet_shutdown(ctx, 1);
687
688 if (!TEST_ptr(ssl = SSL_new(ctx)))
689 goto err;
690
691 /* Only permitted options get transferred to SSL object */
692 if (!TEST_uint64_t_eq(SSL_get_options(ssl), OSSL_QUIC_PERMITTED_OPTIONS))
693 goto err;
694
695 /* Try again using SSL_set_options */
696 SSL_set_options(ssl, UINT64_MAX);
697
698 if (!TEST_uint64_t_eq(SSL_get_options(ssl), OSSL_QUIC_PERMITTED_OPTIONS))
699 goto err;
700
701 /* Clear everything */
702 SSL_clear_options(ssl, UINT64_MAX);
703
704 if (!TEST_uint64_t_eq(SSL_get_options(ssl), 0))
705 goto err;
706
707 /* Readahead */
708 if (!TEST_false(SSL_get_read_ahead(ssl)))
709 goto err;
710
711 SSL_set_read_ahead(ssl, 1);
712 if (!TEST_false(SSL_get_read_ahead(ssl)))
713 goto err;
714
715 /* Block padding */
716 if (!TEST_true(SSL_set_block_padding(ssl, 0))
717 || !TEST_true(SSL_set_block_padding(ssl, 1))
718 || !TEST_false(SSL_set_block_padding(ssl, 2)))
719 goto err;
720
721 /* Max fragment length */
722 if (!TEST_true(SSL_set_tlsext_max_fragment_length(ssl, TLSEXT_max_fragment_length_DISABLED))
723 || !TEST_false(SSL_set_tlsext_max_fragment_length(ssl, TLSEXT_max_fragment_length_512)))
724 goto err;
725
726 /* Max early data */
727 if (!TEST_false(SSL_set_recv_max_early_data(ssl, 1))
728 || !TEST_false(SSL_set_max_early_data(ssl, 1)))
729 goto err;
730
731 /* Read/Write */
732 if (!TEST_false(SSL_read_early_data(ssl, buf, sizeof(buf), &len))
733 || !TEST_false(SSL_write_early_data(ssl, buf, sizeof(buf), &len)))
734 goto err;
735
736 /* Buffer Management */
737 if (!TEST_true(SSL_alloc_buffers(ssl))
738 || !TEST_false(SSL_free_buffers(ssl)))
739 goto err;
740
741 /* Pipelining */
742 if (!TEST_false(SSL_set_max_send_fragment(ssl, 2))
743 || !TEST_false(SSL_set_split_send_fragment(ssl, 2))
744 || !TEST_false(SSL_set_max_pipelines(ssl, 2)))
745 goto err;
746
747 /* HRR */
748 if (!TEST_false(SSL_stateless(ssl)))
749 goto err;
750
751 /* Quiet Shutdown */
752 if (!TEST_false(SSL_get_quiet_shutdown(ssl)))
753 goto err;
754
755 /* No duplication */
756 if (!TEST_ptr_null(SSL_dup(ssl)))
757 goto err;
758
759 /* No clear */
760 if (!TEST_false(SSL_clear(ssl)))
761 goto err;
762
763 testresult = 1;
764 err:
765 SSL_free(ssl);
766 SSL_CTX_free(ctx);
767 return testresult;
768 }
769
test_quic_set_fd(int idx)770 static int test_quic_set_fd(int idx)
771 {
772 int testresult = 0;
773 SSL_CTX *ctx = NULL;
774 SSL *ssl = NULL;
775 int fd = -1, resfd = -1;
776 BIO *bio = NULL;
777
778 if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
779 goto err;
780
781 if (!TEST_ptr(ssl = SSL_new(ctx)))
782 goto err;
783
784 if (!TEST_int_ge(fd = BIO_socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP, 0), 0))
785 goto err;
786
787 if (idx == 0) {
788 if (!TEST_true(SSL_set_fd(ssl, fd)))
789 goto err;
790 if (!TEST_ptr(bio = SSL_get_rbio(ssl)))
791 goto err;
792 if (!TEST_ptr_eq(bio, SSL_get_wbio(ssl)))
793 goto err;
794 } else if (idx == 1) {
795 if (!TEST_true(SSL_set_rfd(ssl, fd)))
796 goto err;
797 if (!TEST_ptr(bio = SSL_get_rbio(ssl)))
798 goto err;
799 if (!TEST_ptr_null(SSL_get_wbio(ssl)))
800 goto err;
801 } else {
802 if (!TEST_true(SSL_set_wfd(ssl, fd)))
803 goto err;
804 if (!TEST_ptr(bio = SSL_get_wbio(ssl)))
805 goto err;
806 if (!TEST_ptr_null(SSL_get_rbio(ssl)))
807 goto err;
808 }
809
810 if (!TEST_int_eq(BIO_method_type(bio), BIO_TYPE_DGRAM))
811 goto err;
812
813 if (!TEST_true(BIO_get_fd(bio, &resfd))
814 || !TEST_int_eq(resfd, fd))
815 goto err;
816
817 testresult = 1;
818 err:
819 SSL_free(ssl);
820 SSL_CTX_free(ctx);
821 if (fd >= 0)
822 BIO_closesocket(fd);
823 return testresult;
824 }
825
826 #define MAXLOOPS 1000
827
test_bio_ssl(void)828 static int test_bio_ssl(void)
829 {
830 /*
831 * We just use OSSL_QUIC_client_method() rather than
832 * OSSL_QUIC_client_thread_method(). We will never leave the connection idle
833 * so we will always be implicitly handling time events anyway via other
834 * IO calls.
835 */
836 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
837 SSL *clientquic = NULL, *stream = NULL;
838 QUIC_TSERVER *qtserv = NULL;
839 int testresult = 0;
840 BIO *cbio = NULL, *strbio = NULL, *thisbio;
841 const char *msg = "Hello world";
842 int abortctr = 0, err, clienterr = 0, servererr = 0, retc = 0, rets = 0;
843 size_t written, readbytes, msglen;
844 int sid = 0, i;
845 unsigned char buf[80];
846
847 if (!TEST_ptr(cctx))
848 goto err;
849
850 cbio = BIO_new_ssl(cctx, 1);
851 if (!TEST_ptr(cbio))
852 goto err;
853
854 /*
855 * We must configure the ALPN/peer address etc so we get the SSL object in
856 * order to pass it to qtest_create_quic_objects for configuration.
857 */
858 if (!TEST_int_eq(BIO_get_ssl(cbio, &clientquic), 1))
859 goto err;
860
861 if (!TEST_true(qtest_create_quic_objects(libctx, NULL, NULL, cert, privkey,
862 0, &qtserv, &clientquic, NULL,
863 NULL)))
864 goto err;
865
866 msglen = strlen(msg);
867
868 do {
869 err = BIO_FLAGS_WRITE;
870 while (!clienterr && !retc && err == BIO_FLAGS_WRITE) {
871 retc = BIO_write_ex(cbio, msg, msglen, &written);
872 if (!retc) {
873 if (BIO_should_retry(cbio))
874 err = BIO_retry_type(cbio);
875 else
876 err = 0;
877 }
878 }
879
880 if (!clienterr && retc <= 0 && err != BIO_FLAGS_READ) {
881 TEST_info("BIO_write_ex() failed %d, %d", retc, err);
882 TEST_openssl_errors();
883 clienterr = 1;
884 }
885
886 if (!servererr && rets <= 0) {
887 ossl_quic_tserver_tick(qtserv);
888 servererr = ossl_quic_tserver_is_term_any(qtserv);
889 if (!servererr)
890 rets = ossl_quic_tserver_is_handshake_confirmed(qtserv);
891 }
892
893 if (clienterr && servererr)
894 goto err;
895
896 if (++abortctr == MAXLOOPS) {
897 TEST_info("No progress made");
898 goto err;
899 }
900 } while ((!retc && !clienterr) || (rets <= 0 && !servererr));
901
902 /*
903 * 2 loops: The first using the default stream, and the second using a new
904 * client initiated bidi stream.
905 */
906 for (i = 0, thisbio = cbio; i < 2; i++) {
907 if (!TEST_true(ossl_quic_tserver_read(qtserv, sid, buf, sizeof(buf),
908 &readbytes))
909 || !TEST_mem_eq(msg, msglen, buf, readbytes))
910 goto err;
911
912 if (!TEST_true(ossl_quic_tserver_write(qtserv, sid, (unsigned char *)msg,
913 msglen, &written)))
914 goto err;
915 ossl_quic_tserver_tick(qtserv);
916
917 if (!TEST_true(BIO_read_ex(thisbio, buf, sizeof(buf), &readbytes))
918 || !TEST_mem_eq(msg, msglen, buf, readbytes))
919 goto err;
920
921 if (i == 1)
922 break;
923
924 if (!TEST_true(SSL_set_mode(clientquic, 0)))
925 goto err;
926
927 /*
928 * Now create a new stream and repeat. The bottom two bits of the stream
929 * id represents whether the stream is bidi and whether it is client
930 * initiated or not. For client initiated bidi they are both 0. So the
931 * first client initiated bidi stream is 0 and the next one is 4.
932 */
933 sid = 4;
934 stream = SSL_new_stream(clientquic, 0);
935 if (!TEST_ptr(stream))
936 goto err;
937
938 if (!TEST_true(SSL_set_mode(stream, 0)))
939 goto err;
940
941 thisbio = strbio = BIO_new(BIO_f_ssl());
942 if (!TEST_ptr(strbio))
943 goto err;
944
945 if (!TEST_int_eq(BIO_set_ssl(thisbio, stream, BIO_CLOSE), 1))
946 goto err;
947 stream = NULL;
948
949 if (!TEST_true(BIO_write_ex(thisbio, msg, msglen, &written)))
950 goto err;
951
952 ossl_quic_tserver_tick(qtserv);
953 }
954
955 testresult = 1;
956 err:
957 BIO_free_all(cbio);
958 BIO_free_all(strbio);
959 SSL_free(stream);
960 ossl_quic_tserver_free(qtserv);
961 SSL_CTX_free(cctx);
962
963 return testresult;
964 }
965
966 #define BACK_PRESSURE_NUM_LOOPS 10000
967 /*
968 * Test that sending data from the client to the server faster than the server
969 * can process it eventually results in back pressure on the client.
970 */
test_back_pressure(void)971 static int test_back_pressure(void)
972 {
973 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
974 SSL *clientquic = NULL;
975 QUIC_TSERVER *qtserv = NULL;
976 int testresult = 0;
977 unsigned char *msg = NULL;
978 const size_t msglen = 1024;
979 unsigned char buf[64];
980 size_t readbytes, written;
981 int i;
982
983 if (!TEST_ptr(cctx)
984 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
985 privkey, 0, &qtserv,
986 &clientquic, NULL, NULL))
987 || !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
988 goto err;
989
990 msg = OPENSSL_malloc(msglen);
991 if (!TEST_ptr(msg))
992 goto err;
993 if (!TEST_int_eq(RAND_bytes_ex(libctx, msg, msglen, 0), 1))
994 goto err;
995
996 /*
997 * Limit to 10000 loops. If we've not seen any back pressure after that
998 * we're going to run out of memory, so abort.
999 */
1000 for (i = 0; i < BACK_PRESSURE_NUM_LOOPS; i++) {
1001 /* Send data from the client */
1002 if (!SSL_write_ex(clientquic, msg, msglen, &written)) {
1003 /* Check if we are seeing back pressure */
1004 if (SSL_get_error(clientquic, 0) == SSL_ERROR_WANT_WRITE)
1005 break;
1006 TEST_error("Unexpected client failure");
1007 goto err;
1008 }
1009
1010 /* Receive data at the server */
1011 ossl_quic_tserver_tick(qtserv);
1012 if (!TEST_true(ossl_quic_tserver_read(qtserv, 0, buf, sizeof(buf),
1013 &readbytes)))
1014 goto err;
1015 }
1016
1017 if (i == BACK_PRESSURE_NUM_LOOPS) {
1018 TEST_error("No back pressure seen");
1019 goto err;
1020 }
1021
1022 testresult = 1;
1023 err:
1024 SSL_free(clientquic);
1025 ossl_quic_tserver_free(qtserv);
1026 SSL_CTX_free(cctx);
1027 OPENSSL_free(msg);
1028
1029 return testresult;
1030 }
1031
1032
1033 static int dgram_ctr = 0;
1034
dgram_cb(int write_p,int version,int content_type,const void * buf,size_t msglen,SSL * ssl,void * arg)1035 static void dgram_cb(int write_p, int version, int content_type,
1036 const void *buf, size_t msglen, SSL *ssl, void *arg)
1037 {
1038 if (!write_p)
1039 return;
1040
1041 if (content_type != SSL3_RT_QUIC_DATAGRAM)
1042 return;
1043
1044 dgram_ctr++;
1045 }
1046
1047 /* Test that we send multiple datagrams in one go when appropriate */
test_multiple_dgrams(void)1048 static int test_multiple_dgrams(void)
1049 {
1050 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1051 SSL *clientquic = NULL;
1052 QUIC_TSERVER *qtserv = NULL;
1053 int testresult = 0;
1054 unsigned char *buf;
1055 const size_t buflen = 1400;
1056 size_t written;
1057
1058 buf = OPENSSL_zalloc(buflen);
1059
1060 if (!TEST_ptr(cctx)
1061 || !TEST_ptr(buf)
1062 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
1063 privkey, 0, &qtserv,
1064 &clientquic, NULL, NULL))
1065 || !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1066 goto err;
1067
1068 dgram_ctr = 0;
1069 SSL_set_msg_callback(clientquic, dgram_cb);
1070 if (!TEST_true(SSL_write_ex(clientquic, buf, buflen, &written))
1071 || !TEST_size_t_eq(written, buflen)
1072 /* We wrote enough data for 2 datagrams */
1073 || !TEST_int_eq(dgram_ctr, 2))
1074 goto err;
1075
1076 testresult = 1;
1077 err:
1078 OPENSSL_free(buf);
1079 SSL_free(clientquic);
1080 ossl_quic_tserver_free(qtserv);
1081 SSL_CTX_free(cctx);
1082
1083 return testresult;
1084 }
1085
non_io_retry_cert_verify_cb(X509_STORE_CTX * ctx,void * arg)1086 static int non_io_retry_cert_verify_cb(X509_STORE_CTX *ctx, void *arg)
1087 {
1088 int idx = SSL_get_ex_data_X509_STORE_CTX_idx();
1089 SSL *ssl;
1090 const int *allow = (int *)arg;
1091
1092 /* this should not happen but check anyway */
1093 if (idx < 0
1094 || (ssl = X509_STORE_CTX_get_ex_data(ctx, idx)) == NULL)
1095 return 0;
1096
1097 /* If this is our first attempt then retry */
1098 if (*allow == 0)
1099 return SSL_set_retry_verify(ssl);
1100
1101 /* Otherwise do nothing - verification succeeds. Continue as normal */
1102 return 1;
1103 }
1104
1105 /* Test that we can handle a non-io related retry error
1106 * Test 0: Non-blocking
1107 * Test 1: Blocking
1108 */
test_non_io_retry(int idx)1109 static int test_non_io_retry(int idx)
1110 {
1111 SSL_CTX *cctx;
1112 SSL *clientquic = NULL;
1113 QUIC_TSERVER *qtserv = NULL;
1114 int testresult = 0;
1115 int flags = 0, allow = 0;
1116
1117 if (idx >= 1 && !qtest_supports_blocking())
1118 return TEST_skip("Blocking tests not supported in this build");
1119
1120 cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1121 if (!TEST_ptr(cctx))
1122 goto err;
1123
1124 SSL_CTX_set_cert_verify_callback(cctx, non_io_retry_cert_verify_cb, &allow);
1125
1126 flags = (idx >= 1) ? QTEST_FLAG_BLOCK : 0;
1127 if (!TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert, privkey,
1128 flags, &qtserv, &clientquic, NULL,
1129 NULL))
1130 || !TEST_true(qtest_create_quic_connection_ex(qtserv, clientquic,
1131 SSL_ERROR_WANT_RETRY_VERIFY))
1132 || !TEST_int_eq(SSL_want(clientquic), SSL_RETRY_VERIFY))
1133 goto err;
1134
1135 allow = 1;
1136 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1137 goto err;
1138
1139 testresult = 1;
1140 err:
1141 SSL_free(clientquic);
1142 ossl_quic_tserver_free(qtserv);
1143 SSL_CTX_free(cctx);
1144
1145 return testresult;
1146 }
1147
1148 static int use_session_cb_cnt = 0;
1149 static int find_session_cb_cnt = 0;
1150 static const char *pskid = "Identity";
1151 static SSL_SESSION *serverpsk = NULL, *clientpsk = NULL;
1152
use_session_cb(SSL * ssl,const EVP_MD * md,const unsigned char ** id,size_t * idlen,SSL_SESSION ** sess)1153 static int use_session_cb(SSL *ssl, const EVP_MD *md, const unsigned char **id,
1154 size_t *idlen, SSL_SESSION **sess)
1155 {
1156 use_session_cb_cnt++;
1157
1158 if (clientpsk == NULL)
1159 return 0;
1160
1161 SSL_SESSION_up_ref(clientpsk);
1162
1163 *sess = clientpsk;
1164 *id = (const unsigned char *)pskid;
1165 *idlen = strlen(pskid);
1166
1167 return 1;
1168 }
1169
find_session_cb(SSL * ssl,const unsigned char * identity,size_t identity_len,SSL_SESSION ** sess)1170 static int find_session_cb(SSL *ssl, const unsigned char *identity,
1171 size_t identity_len, SSL_SESSION **sess)
1172 {
1173 find_session_cb_cnt++;
1174
1175 if (serverpsk == NULL)
1176 return 0;
1177
1178 /* Identity should match that set by the client */
1179 if (strlen(pskid) != identity_len
1180 || strncmp(pskid, (const char *)identity, identity_len) != 0)
1181 return 0;
1182
1183 SSL_SESSION_up_ref(serverpsk);
1184 *sess = serverpsk;
1185
1186 return 1;
1187 }
1188
test_quic_psk(void)1189 static int test_quic_psk(void)
1190 {
1191 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1192 SSL *clientquic = NULL;
1193 QUIC_TSERVER *qtserv = NULL;
1194 int testresult = 0;
1195
1196 if (!TEST_ptr(cctx)
1197 /* No cert or private key for the server, i.e. PSK only */
1198 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, NULL,
1199 NULL, 0, &qtserv,
1200 &clientquic, NULL, NULL)))
1201 goto end;
1202
1203 SSL_set_psk_use_session_callback(clientquic, use_session_cb);
1204 ossl_quic_tserver_set_psk_find_session_cb(qtserv, find_session_cb);
1205 use_session_cb_cnt = 0;
1206 find_session_cb_cnt = 0;
1207
1208 clientpsk = serverpsk = create_a_psk(clientquic, SHA384_DIGEST_LENGTH);
1209 if (!TEST_ptr(clientpsk))
1210 goto end;
1211 /* We already had one ref. Add another one */
1212 SSL_SESSION_up_ref(clientpsk);
1213
1214 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic))
1215 || !TEST_int_eq(1, find_session_cb_cnt)
1216 || !TEST_int_eq(1, use_session_cb_cnt)
1217 /* Check that we actually used the PSK */
1218 || !TEST_true(SSL_session_reused(clientquic)))
1219 goto end;
1220
1221 testresult = 1;
1222
1223 end:
1224 SSL_free(clientquic);
1225 ossl_quic_tserver_free(qtserv);
1226 SSL_CTX_free(cctx);
1227 SSL_SESSION_free(clientpsk);
1228 SSL_SESSION_free(serverpsk);
1229 clientpsk = serverpsk = NULL;
1230
1231 return testresult;
1232 }
1233
test_client_auth(int idx)1234 static int test_client_auth(int idx)
1235 {
1236 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1237 SSL_CTX *sctx = SSL_CTX_new_ex(libctx, NULL, TLS_method());
1238 SSL *clientquic = NULL;
1239 QUIC_TSERVER *qtserv = NULL;
1240 int testresult = 0;
1241 unsigned char buf[20];
1242 static char *msg = "A test message";
1243 size_t msglen = strlen(msg);
1244 size_t numbytes = 0;
1245
1246 if (!TEST_ptr(cctx) || !TEST_ptr(sctx))
1247 goto err;
1248
1249 SSL_CTX_set_verify(sctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT
1250 | SSL_VERIFY_CLIENT_ONCE, NULL);
1251
1252 if (!TEST_true(SSL_CTX_load_verify_file(sctx, cauthca)))
1253 goto err;
1254
1255 if (idx > 0
1256 && (!TEST_true(SSL_CTX_use_certificate_chain_file(cctx, ccert))
1257 || !TEST_true(SSL_CTX_use_PrivateKey_file(cctx, cprivkey,
1258 SSL_FILETYPE_PEM))))
1259 goto err;
1260
1261 if (!TEST_true(qtest_create_quic_objects(libctx, cctx, sctx, cert,
1262 privkey, 0, &qtserv,
1263 &clientquic, NULL, NULL)))
1264 goto err;
1265
1266 if (idx > 1) {
1267 if (!TEST_true(ssl_ctx_add_large_cert_chain(libctx, cctx, ccert))
1268 || !TEST_true(ssl_ctx_add_large_cert_chain(libctx, sctx, cert)))
1269 goto err;
1270 }
1271
1272 if (idx == 0) {
1273 if (!TEST_false(qtest_create_quic_connection(qtserv, clientquic)))
1274 goto err;
1275
1276 /* negative test passed */
1277 testresult = 1;
1278 goto err;
1279 }
1280
1281 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1282 goto err;
1283
1284 /* Check that sending and receiving app data is ok */
1285 if (!TEST_true(SSL_write_ex(clientquic, msg, msglen, &numbytes))
1286 || !TEST_size_t_eq(numbytes, msglen))
1287 goto err;
1288
1289 ossl_quic_tserver_tick(qtserv);
1290 if (!TEST_true(ossl_quic_tserver_write(qtserv, 0,
1291 (unsigned char *)msg,
1292 msglen, &numbytes)))
1293 goto err;
1294
1295 ossl_quic_tserver_tick(qtserv);
1296 SSL_handle_events(clientquic);
1297
1298 if (!TEST_true(SSL_read_ex(clientquic, buf, sizeof(buf), &numbytes))
1299 || !TEST_size_t_eq(numbytes, msglen)
1300 || !TEST_mem_eq(buf, numbytes, msg, msglen))
1301 goto err;
1302
1303 if (!TEST_true(qtest_shutdown(qtserv, clientquic)))
1304 goto err;
1305
1306 testresult = 1;
1307
1308 err:
1309 SSL_free(clientquic);
1310 ossl_quic_tserver_free(qtserv);
1311 SSL_CTX_free(sctx);
1312 SSL_CTX_free(cctx);
1313
1314 return testresult;
1315 }
1316
1317 /*
1318 * Test that we correctly handle ALPN supplied by the application
1319 * Test 0: ALPN is provided
1320 * Test 1: No ALPN is provided
1321 */
test_alpn(int idx)1322 static int test_alpn(int idx)
1323 {
1324 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1325 SSL *clientquic = NULL;
1326 QUIC_TSERVER *qtserv = NULL;
1327 int testresult = 0;
1328 int ret;
1329
1330 /*
1331 * Ensure we only configure ciphersuites that are available with both the
1332 * default and fips providers to get the same output in both cases
1333 */
1334 if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_128_GCM_SHA256")))
1335 goto err;
1336
1337 if (!TEST_ptr(cctx)
1338 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
1339 privkey,
1340 QTEST_FLAG_FAKE_TIME,
1341 &qtserv,
1342 &clientquic, NULL, NULL)))
1343 goto err;
1344
1345 if (idx == 0) {
1346 /*
1347 * Clear the ALPN we set in qtest_create_quic_objects. We use TEST_false
1348 * because SSL_set_alpn_protos returns 0 for success.
1349 */
1350 if (!TEST_false(SSL_set_alpn_protos(clientquic, NULL, 0)))
1351 goto err;
1352 }
1353
1354 ret = SSL_connect(clientquic);
1355 if (!TEST_int_le(ret, 0))
1356 goto err;
1357 if (idx == 0) {
1358 /* We expect an immediate error due to lack of ALPN */
1359 if (!TEST_int_eq(SSL_get_error(clientquic, ret), SSL_ERROR_SSL))
1360 goto err;
1361 } else {
1362 /* ALPN was provided so we expect the connection to succeed */
1363 if (!TEST_int_eq(SSL_get_error(clientquic, ret), SSL_ERROR_WANT_READ)
1364 || !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1365 goto err;
1366 }
1367
1368 testresult = 1;
1369 err:
1370 ossl_quic_tserver_free(qtserv);
1371 SSL_free(clientquic);
1372 SSL_CTX_free(cctx);
1373
1374 return testresult;
1375 }
1376
1377 /*
1378 * Test SSL_get_shutdown() behavior.
1379 */
test_get_shutdown(void)1380 static int test_get_shutdown(void)
1381 {
1382 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1383 SSL *clientquic = NULL;
1384 QUIC_TSERVER *qtserv = NULL;
1385 int testresult = 0;
1386
1387 if (!TEST_ptr(cctx)
1388 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
1389 privkey,
1390 QTEST_FLAG_FAKE_TIME,
1391 &qtserv, &clientquic,
1392 NULL, NULL))
1393 || !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1394 goto err;
1395
1396 if (!TEST_int_eq(SSL_get_shutdown(clientquic), 0))
1397 goto err;
1398
1399 if (!TEST_int_eq(SSL_shutdown(clientquic), 0))
1400 goto err;
1401
1402 if (!TEST_int_eq(SSL_get_shutdown(clientquic), SSL_SENT_SHUTDOWN))
1403 goto err;
1404
1405 do {
1406 ossl_quic_tserver_tick(qtserv);
1407 qtest_add_time(100);
1408 } while (SSL_shutdown(clientquic) == 0);
1409
1410 if (!TEST_int_eq(SSL_get_shutdown(clientquic),
1411 SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN))
1412 goto err;
1413
1414 testresult = 1;
1415 err:
1416 ossl_quic_tserver_free(qtserv);
1417 SSL_free(clientquic);
1418 SSL_CTX_free(cctx);
1419
1420 return testresult;
1421 }
1422
1423 #define MAX_LOOPS 2000
1424
1425 /*
1426 * Keep retrying SSL_read_ex until it succeeds or we give up. Accept a stream
1427 * if we don't already have one
1428 */
unreliable_client_read(SSL * clientquic,SSL ** stream,void * buf,size_t buflen,size_t * readbytes,QUIC_TSERVER * qtserv)1429 static int unreliable_client_read(SSL *clientquic, SSL **stream, void *buf,
1430 size_t buflen, size_t *readbytes,
1431 QUIC_TSERVER *qtserv)
1432 {
1433 int abortctr;
1434
1435 /* We just do this in a loop with a sleep for simplicity */
1436 for (abortctr = 0; abortctr < MAX_LOOPS; abortctr++) {
1437 if (*stream == NULL) {
1438 SSL_handle_events(clientquic);
1439 *stream = SSL_accept_stream(clientquic, 0);
1440 }
1441
1442 if (*stream != NULL) {
1443 if (SSL_read_ex(*stream, buf, buflen, readbytes))
1444 return 1;
1445 if (!TEST_int_eq(SSL_get_error(*stream, 0), SSL_ERROR_WANT_READ))
1446 return 0;
1447 }
1448 ossl_quic_tserver_tick(qtserv);
1449 qtest_add_time(1);
1450 qtest_wait_for_timeout(clientquic, qtserv);
1451 }
1452
1453 TEST_error("No progress made");
1454 return 0;
1455 }
1456
1457 /* Keep retrying ossl_quic_tserver_read until it succeeds or we give up */
unreliable_server_read(QUIC_TSERVER * qtserv,uint64_t sid,void * buf,size_t buflen,size_t * readbytes,SSL * clientquic)1458 static int unreliable_server_read(QUIC_TSERVER *qtserv, uint64_t sid,
1459 void *buf, size_t buflen, size_t *readbytes,
1460 SSL *clientquic)
1461 {
1462 int abortctr;
1463
1464 /* We just do this in a loop with a sleep for simplicity */
1465 for (abortctr = 0; abortctr < MAX_LOOPS; abortctr++) {
1466 if (ossl_quic_tserver_read(qtserv, sid, buf, buflen, readbytes)
1467 && *readbytes > 1)
1468 return 1;
1469 ossl_quic_tserver_tick(qtserv);
1470 SSL_handle_events(clientquic);
1471 qtest_add_time(1);
1472 qtest_wait_for_timeout(clientquic, qtserv);
1473 }
1474
1475 TEST_error("No progress made");
1476 return 0;
1477 }
1478
1479 /*
1480 * Create a connection and send data using an unreliable transport. We introduce
1481 * random noise to drop, delay and duplicate datagrams.
1482 * Test 0: Introduce random noise to datagrams
1483 * Test 1: As with test 0 but also split datagrams containing multiple packets
1484 * into individual datagrams so that individual packets can be affected
1485 * by noise - not just a whole datagram.
1486 */
test_noisy_dgram(int idx)1487 static int test_noisy_dgram(int idx)
1488 {
1489 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1490 SSL *clientquic = NULL, *stream[2] = { NULL, NULL };
1491 QUIC_TSERVER *qtserv = NULL;
1492 int testresult = 0;
1493 uint64_t sid = 0;
1494 char *msg = "Hello world!";
1495 size_t msglen = strlen(msg), written, readbytes, i, j;
1496 unsigned char buf[80];
1497 int flags = QTEST_FLAG_NOISE | QTEST_FLAG_FAKE_TIME;
1498 QTEST_FAULT *fault = NULL;
1499
1500 if (idx == 1)
1501 flags |= QTEST_FLAG_PACKET_SPLIT;
1502
1503 if (!TEST_ptr(cctx)
1504 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
1505 privkey, flags,
1506 &qtserv,
1507 &clientquic, &fault, NULL)))
1508 goto err;
1509
1510 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1511 goto err;
1512
1513 if (!TEST_true(SSL_set_incoming_stream_policy(clientquic,
1514 SSL_INCOMING_STREAM_POLICY_ACCEPT,
1515 0))
1516 || !TEST_true(SSL_set_default_stream_mode(clientquic,
1517 SSL_DEFAULT_STREAM_MODE_NONE)))
1518 goto err;
1519
1520 for (j = 0; j < 2; j++) {
1521 if (!TEST_true(ossl_quic_tserver_stream_new(qtserv, 0, &sid)))
1522 goto err;
1523 ossl_quic_tserver_tick(qtserv);
1524 qtest_add_time(1);
1525
1526 /*
1527 * Send data from the server to the client. Some datagrams may get
1528 * lost, modified, dropped or re-ordered. We repeat 20 times to ensure
1529 * we are sending enough datagrams for problems to be noticed.
1530 */
1531 for (i = 0; i < 20; i++) {
1532 if (!TEST_true(ossl_quic_tserver_write(qtserv, sid,
1533 (unsigned char *)msg, msglen,
1534 &written))
1535 || !TEST_size_t_eq(msglen, written))
1536 goto err;
1537 ossl_quic_tserver_tick(qtserv);
1538 qtest_add_time(1);
1539
1540 /*
1541 * Since the underlying BIO is now noisy we may get failures that
1542 * need to be retried - so we use unreliable_client_read() to
1543 * handle that
1544 */
1545 if (!TEST_true(unreliable_client_read(clientquic, &stream[j], buf,
1546 sizeof(buf), &readbytes,
1547 qtserv))
1548 || !TEST_mem_eq(msg, msglen, buf, readbytes))
1549 goto err;
1550 }
1551
1552 /* Send data from the client to the server */
1553 for (i = 0; i < 20; i++) {
1554 if (!TEST_true(SSL_write_ex(stream[j], (unsigned char *)msg,
1555 msglen, &written))
1556 || !TEST_size_t_eq(msglen, written))
1557 goto err;
1558
1559 ossl_quic_tserver_tick(qtserv);
1560 qtest_add_time(1);
1561
1562 /*
1563 * Since the underlying BIO is now noisy we may get failures that
1564 * need to be retried - so we use unreliable_server_read() to
1565 * handle that
1566 */
1567 if (!TEST_true(unreliable_server_read(qtserv, sid, buf, sizeof(buf),
1568 &readbytes, clientquic))
1569 || !TEST_mem_eq(msg, msglen, buf, readbytes))
1570 goto err;
1571 }
1572 }
1573
1574 testresult = 1;
1575 err:
1576 ossl_quic_tserver_free(qtserv);
1577 SSL_free(stream[0]);
1578 SSL_free(stream[1]);
1579 SSL_free(clientquic);
1580 SSL_CTX_free(cctx);
1581 qtest_fault_free(fault);
1582
1583 return testresult;
1584 }
1585
1586 /*
1587 * Create a connection and send some big data using a transport with limited bandwidth.
1588 */
1589
1590 #define TEST_TRANSFER_DATA_SIZE (2*1024*1024) /* 2 MBytes */
1591 #define TEST_SINGLE_WRITE_SIZE (16*1024) /* 16 kBytes */
1592 #define TEST_BW_LIMIT 1000 /* 1000 Bytes/ms */
test_bw_limit(void)1593 static int test_bw_limit(void)
1594 {
1595 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1596 SSL *clientquic = NULL;
1597 QUIC_TSERVER *qtserv = NULL;
1598 int testresult = 0;
1599 unsigned char *msg = NULL, *recvbuf = NULL;
1600 size_t sendlen = TEST_TRANSFER_DATA_SIZE;
1601 size_t recvlen = TEST_TRANSFER_DATA_SIZE;
1602 size_t written, readbytes;
1603 int flags = QTEST_FLAG_NOISE | QTEST_FLAG_FAKE_TIME;
1604 QTEST_FAULT *fault = NULL;
1605 uint64_t real_bw;
1606
1607 if (!TEST_ptr(cctx)
1608 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
1609 privkey, flags,
1610 &qtserv,
1611 &clientquic, &fault, NULL)))
1612 goto err;
1613
1614 if (!TEST_ptr(msg = OPENSSL_zalloc(TEST_SINGLE_WRITE_SIZE))
1615 || !TEST_ptr(recvbuf = OPENSSL_zalloc(TEST_SINGLE_WRITE_SIZE)))
1616 goto err;
1617
1618 /* Set BW to 1000 Bytes/ms -> 1MByte/s both ways */
1619 if (!TEST_true(qtest_fault_set_bw_limit(fault, 1000, 1000, 0)))
1620 goto err;
1621
1622 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1623 goto err;
1624
1625 qtest_start_stopwatch();
1626
1627 while (recvlen > 0) {
1628 qtest_add_time(1);
1629
1630 if (sendlen > 0) {
1631 if (!SSL_write_ex(clientquic, msg,
1632 sendlen > TEST_SINGLE_WRITE_SIZE ? TEST_SINGLE_WRITE_SIZE
1633 : sendlen,
1634 &written)) {
1635 TEST_info("Retrying to send: %llu", (unsigned long long) sendlen);
1636 if (!TEST_int_eq(SSL_get_error(clientquic, 0), SSL_ERROR_WANT_WRITE))
1637 goto err;
1638 } else {
1639 sendlen -= written;
1640 TEST_info("Remaining to send: %llu", (unsigned long long) sendlen);
1641 }
1642 } else {
1643 SSL_handle_events(clientquic);
1644 }
1645
1646 if (ossl_quic_tserver_read(qtserv, 0, recvbuf,
1647 recvlen > TEST_SINGLE_WRITE_SIZE ? TEST_SINGLE_WRITE_SIZE
1648 : recvlen,
1649 &readbytes)
1650 && readbytes > 1) {
1651 recvlen -= readbytes;
1652 TEST_info("Remaining to recv: %llu", (unsigned long long) recvlen);
1653 } else {
1654 TEST_info("No progress on recv: %llu", (unsigned long long) recvlen);
1655 }
1656 ossl_quic_tserver_tick(qtserv);
1657 }
1658 real_bw = TEST_TRANSFER_DATA_SIZE / qtest_get_stopwatch_time();
1659
1660 TEST_info("BW limit: %d Bytes/ms Real bandwidth reached: %llu Bytes/ms",
1661 TEST_BW_LIMIT, (unsigned long long)real_bw);
1662
1663 if (!TEST_uint64_t_lt(real_bw, TEST_BW_LIMIT))
1664 goto err;
1665
1666 testresult = 1;
1667 err:
1668 OPENSSL_free(msg);
1669 OPENSSL_free(recvbuf);
1670 ossl_quic_tserver_free(qtserv);
1671 SSL_free(clientquic);
1672 SSL_CTX_free(cctx);
1673 qtest_fault_free(fault);
1674
1675 return testresult;
1676 }
1677
1678 enum {
1679 TPARAM_OP_DUP,
1680 TPARAM_OP_DROP,
1681 TPARAM_OP_INJECT,
1682 TPARAM_OP_INJECT_TWICE,
1683 TPARAM_OP_INJECT_RAW,
1684 TPARAM_OP_DROP_INJECT,
1685 TPARAM_OP_MUTATE
1686 };
1687
1688 #define TPARAM_CHECK_DUP(name, reason) \
1689 { QUIC_TPARAM_##name, TPARAM_OP_DUP, (reason) },
1690 #define TPARAM_CHECK_DROP(name, reason) \
1691 { QUIC_TPARAM_##name, TPARAM_OP_DROP, (reason) },
1692 #define TPARAM_CHECK_INJECT(name, buf, buf_len, reason) \
1693 { QUIC_TPARAM_##name, TPARAM_OP_INJECT, (reason), \
1694 (buf), (buf_len) },
1695 #define TPARAM_CHECK_INJECT_A(name, buf, reason) \
1696 TPARAM_CHECK_INJECT(name, buf, sizeof(buf), reason)
1697 #define TPARAM_CHECK_DROP_INJECT(name, buf, buf_len, reason) \
1698 { QUIC_TPARAM_##name, TPARAM_OP_DROP_INJECT, (reason), \
1699 (buf), (buf_len) },
1700 #define TPARAM_CHECK_DROP_INJECT_A(name, buf, reason) \
1701 TPARAM_CHECK_DROP_INJECT(name, buf, sizeof(buf), reason)
1702 #define TPARAM_CHECK_INJECT_TWICE(name, buf, buf_len, reason) \
1703 { QUIC_TPARAM_##name, TPARAM_OP_INJECT_TWICE, (reason), \
1704 (buf), (buf_len) },
1705 #define TPARAM_CHECK_INJECT_TWICE_A(name, buf, reason) \
1706 TPARAM_CHECK_INJECT_TWICE(name, buf, sizeof(buf), reason)
1707 #define TPARAM_CHECK_INJECT_RAW(buf, buf_len, reason) \
1708 { 0, TPARAM_OP_INJECT_RAW, (reason), \
1709 (buf), (buf_len) },
1710 #define TPARAM_CHECK_INJECT_RAW_A(buf, reason) \
1711 TPARAM_CHECK_INJECT_RAW(buf, sizeof(buf), reason)
1712 #define TPARAM_CHECK_MUTATE(name, reason) \
1713 { QUIC_TPARAM_##name, TPARAM_OP_MUTATE, (reason) },
1714 #define TPARAM_CHECK_INT(name, reason) \
1715 TPARAM_CHECK_DROP_INJECT(name, NULL, 0, reason) \
1716 TPARAM_CHECK_DROP_INJECT_A(name, bogus_int, reason) \
1717 TPARAM_CHECK_DROP_INJECT_A(name, int_with_trailer, reason)
1718
1719 struct tparam_test {
1720 uint64_t id;
1721 int op;
1722 const char *expect_fail; /* substring to expect in reason */
1723 const void *buf;
1724 size_t buf_len;
1725 };
1726
1727 static const unsigned char retry_scid_1[8] = { 0 };
1728
1729 static const unsigned char disable_active_migration_1[] = {
1730 0x00
1731 };
1732
1733 static const unsigned char malformed_stateless_reset_token_1[] = {
1734 0x02, 0xff
1735 };
1736
1737 static const unsigned char malformed_stateless_reset_token_2[] = {
1738 0x01
1739 };
1740
1741 static const unsigned char malformed_stateless_reset_token_3[15] = { 0 };
1742
1743 static const unsigned char malformed_stateless_reset_token_4[17] = { 0 };
1744
1745 static const unsigned char malformed_preferred_addr_1[] = {
1746 0x0d, 0xff
1747 };
1748
1749 static const unsigned char malformed_preferred_addr_2[42] = {
1750 0x0d, 0x28, /* too short */
1751 };
1752
1753 static const unsigned char malformed_preferred_addr_3[64] = {
1754 0x0d, 0x3e, /* too long */
1755 };
1756
1757 static const unsigned char malformed_preferred_addr_4[] = {
1758 /* TPARAM too short for CID length indicated */
1759 0x0d, 0x29, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1760 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1761 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1762 0x00, 0x00, 0x01, 0x55,
1763 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1764 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1765 };
1766
1767 static const unsigned char malformed_unknown_1[] = {
1768 0xff
1769 };
1770
1771 static const unsigned char malformed_unknown_2[] = {
1772 0x55, 0x55,
1773 };
1774
1775 static const unsigned char malformed_unknown_3[] = {
1776 0x55, 0x55, 0x01,
1777 };
1778
1779 static const unsigned char ack_delay_exp[] = {
1780 0x03
1781 };
1782
1783 static const unsigned char stateless_reset_token[16] = { 0x42 };
1784
1785 static const unsigned char preferred_addr[] = {
1786 0x44, 0x44, 0x44, 0x44,
1787 0x55, 0x55,
1788 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
1789 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
1790 0x77, 0x77,
1791 0x02, 0xAA, 0xBB,
1792 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99,
1793 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99,
1794 };
1795
1796 static const unsigned char long_cid[21] = { 0x42 };
1797
1798 static const unsigned char excess_ack_delay_exp[] = {
1799 0x15,
1800 };
1801
1802 static const unsigned char excess_max_ack_delay[] = {
1803 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00,
1804 };
1805
1806 static const unsigned char excess_initial_max_streams[] = {
1807 0xD0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
1808 };
1809
1810 static const unsigned char undersize_udp_payload_size[] = {
1811 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0xaf,
1812 };
1813
1814 static const unsigned char undersize_active_conn_id_limit[] = {
1815 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
1816 };
1817
1818 static const unsigned char bogus_int[9] = { 0 };
1819
1820 static const unsigned char int_with_trailer[2] = { 0x01 };
1821
1822 #define QUIC_TPARAM_UNKNOWN_1 0xf1f1
1823
1824 static const struct tparam_test tparam_tests[] = {
1825 TPARAM_CHECK_DUP(ORIG_DCID,
1826 "ORIG_DCID appears multiple times")
1827 TPARAM_CHECK_DUP(INITIAL_SCID,
1828 "INITIAL_SCID appears multiple times")
1829 TPARAM_CHECK_DUP(INITIAL_MAX_DATA,
1830 "INITIAL_MAX_DATA appears multiple times")
1831 TPARAM_CHECK_DUP(INITIAL_MAX_STREAM_DATA_BIDI_LOCAL,
1832 "INITIAL_MAX_STREAM_DATA_BIDI_LOCAL appears multiple times")
1833 TPARAM_CHECK_DUP(INITIAL_MAX_STREAM_DATA_BIDI_REMOTE,
1834 "INITIAL_MAX_STREAM_DATA_BIDI_REMOTE appears multiple times")
1835 TPARAM_CHECK_DUP(INITIAL_MAX_STREAM_DATA_UNI,
1836 "INITIAL_MAX_STREAM_DATA_UNI appears multiple times")
1837 TPARAM_CHECK_DUP(INITIAL_MAX_STREAMS_BIDI,
1838 "INITIAL_MAX_STREAMS_BIDI appears multiple times")
1839 TPARAM_CHECK_DUP(INITIAL_MAX_STREAMS_UNI,
1840 "INITIAL_MAX_STREAMS_UNI appears multiple times")
1841 TPARAM_CHECK_DUP(MAX_IDLE_TIMEOUT,
1842 "MAX_IDLE_TIMEOUT appears multiple times")
1843 TPARAM_CHECK_DUP(MAX_UDP_PAYLOAD_SIZE,
1844 "MAX_UDP_PAYLOAD_SIZE appears multiple times")
1845 TPARAM_CHECK_DUP(ACTIVE_CONN_ID_LIMIT,
1846 "ACTIVE_CONN_ID_LIMIT appears multiple times")
1847 TPARAM_CHECK_DUP(DISABLE_ACTIVE_MIGRATION,
1848 "DISABLE_ACTIVE_MIGRATION appears multiple times")
1849
1850 TPARAM_CHECK_DROP(INITIAL_SCID,
1851 "INITIAL_SCID was not sent but is required")
1852 TPARAM_CHECK_DROP(ORIG_DCID,
1853 "ORIG_DCID was not sent but is required")
1854
1855 TPARAM_CHECK_INJECT_A(RETRY_SCID, retry_scid_1,
1856 "RETRY_SCID sent when not performing a retry")
1857 TPARAM_CHECK_DROP_INJECT_A(DISABLE_ACTIVE_MIGRATION, disable_active_migration_1,
1858 "DISABLE_ACTIVE_MIGRATION is malformed")
1859 TPARAM_CHECK_INJECT(UNKNOWN_1, NULL, 0,
1860 NULL)
1861 TPARAM_CHECK_INJECT_RAW_A(malformed_stateless_reset_token_1,
1862 "STATELESS_RESET_TOKEN is malformed")
1863 TPARAM_CHECK_INJECT_A(STATELESS_RESET_TOKEN,
1864 malformed_stateless_reset_token_2,
1865 "STATELESS_RESET_TOKEN is malformed")
1866 TPARAM_CHECK_INJECT_A(STATELESS_RESET_TOKEN,
1867 malformed_stateless_reset_token_3,
1868 "STATELESS_RESET_TOKEN is malformed")
1869 TPARAM_CHECK_INJECT_A(STATELESS_RESET_TOKEN,
1870 malformed_stateless_reset_token_4,
1871 "STATELESS_RESET_TOKEN is malformed")
1872 TPARAM_CHECK_INJECT(STATELESS_RESET_TOKEN,
1873 NULL, 0,
1874 "STATELESS_RESET_TOKEN is malformed")
1875 TPARAM_CHECK_INJECT_RAW_A(malformed_preferred_addr_1,
1876 "PREFERRED_ADDR is malformed")
1877 TPARAM_CHECK_INJECT_RAW_A(malformed_preferred_addr_2,
1878 "PREFERRED_ADDR is malformed")
1879 TPARAM_CHECK_INJECT_RAW_A(malformed_preferred_addr_3,
1880 "PREFERRED_ADDR is malformed")
1881 TPARAM_CHECK_INJECT_RAW_A(malformed_preferred_addr_4,
1882 "PREFERRED_ADDR is malformed")
1883 TPARAM_CHECK_INJECT_RAW_A(malformed_unknown_1,
1884 "bad transport parameter")
1885 TPARAM_CHECK_INJECT_RAW_A(malformed_unknown_2,
1886 "bad transport parameter")
1887 TPARAM_CHECK_INJECT_RAW_A(malformed_unknown_3,
1888 "bad transport parameter")
1889
1890 TPARAM_CHECK_INJECT_A(ACK_DELAY_EXP, excess_ack_delay_exp,
1891 "ACK_DELAY_EXP is malformed")
1892 TPARAM_CHECK_INJECT_A(MAX_ACK_DELAY, excess_max_ack_delay,
1893 "MAX_ACK_DELAY is malformed")
1894 TPARAM_CHECK_DROP_INJECT_A(INITIAL_MAX_STREAMS_BIDI, excess_initial_max_streams,
1895 "INITIAL_MAX_STREAMS_BIDI is malformed")
1896 TPARAM_CHECK_DROP_INJECT_A(INITIAL_MAX_STREAMS_UNI, excess_initial_max_streams,
1897 "INITIAL_MAX_STREAMS_UNI is malformed")
1898
1899 TPARAM_CHECK_DROP_INJECT_A(MAX_UDP_PAYLOAD_SIZE, undersize_udp_payload_size,
1900 "MAX_UDP_PAYLOAD_SIZE is malformed")
1901 TPARAM_CHECK_DROP_INJECT_A(ACTIVE_CONN_ID_LIMIT, undersize_active_conn_id_limit,
1902 "ACTIVE_CONN_ID_LIMIT is malformed")
1903
1904 TPARAM_CHECK_INJECT_TWICE_A(ACK_DELAY_EXP, ack_delay_exp,
1905 "ACK_DELAY_EXP appears multiple times")
1906 TPARAM_CHECK_INJECT_TWICE_A(MAX_ACK_DELAY, ack_delay_exp,
1907 "MAX_ACK_DELAY appears multiple times")
1908 TPARAM_CHECK_INJECT_TWICE_A(STATELESS_RESET_TOKEN, stateless_reset_token,
1909 "STATELESS_RESET_TOKEN appears multiple times")
1910 TPARAM_CHECK_INJECT_TWICE_A(PREFERRED_ADDR, preferred_addr,
1911 "PREFERRED_ADDR appears multiple times")
1912
1913 TPARAM_CHECK_MUTATE(ORIG_DCID,
1914 "ORIG_DCID does not match expected value")
1915 TPARAM_CHECK_MUTATE(INITIAL_SCID,
1916 "INITIAL_SCID does not match expected value")
1917
1918 TPARAM_CHECK_DROP_INJECT_A(ORIG_DCID, long_cid,
1919 "ORIG_DCID is malformed")
1920 TPARAM_CHECK_DROP_INJECT_A(INITIAL_SCID, long_cid,
1921 "INITIAL_SCID is malformed")
1922
1923 TPARAM_CHECK_INT(INITIAL_MAX_DATA,
1924 "INITIAL_MAX_DATA is malformed")
1925 TPARAM_CHECK_INT(INITIAL_MAX_STREAM_DATA_BIDI_LOCAL,
1926 "INITIAL_MAX_STREAM_DATA_BIDI_LOCAL is malformed")
1927 TPARAM_CHECK_INT(INITIAL_MAX_STREAM_DATA_BIDI_REMOTE,
1928 "INITIAL_MAX_STREAM_DATA_BIDI_REMOTE is malformed")
1929 TPARAM_CHECK_INT(INITIAL_MAX_STREAM_DATA_UNI,
1930 "INITIAL_MAX_STREAM_DATA_UNI is malformed")
1931 TPARAM_CHECK_INT(ACK_DELAY_EXP,
1932 "ACK_DELAY_EXP is malformed")
1933 TPARAM_CHECK_INT(MAX_ACK_DELAY,
1934 "MAX_ACK_DELAY is malformed")
1935 TPARAM_CHECK_INT(INITIAL_MAX_STREAMS_BIDI,
1936 "INITIAL_MAX_STREAMS_BIDI is malformed")
1937 TPARAM_CHECK_INT(INITIAL_MAX_STREAMS_UNI,
1938 "INITIAL_MAX_STREAMS_UNI is malformed")
1939 TPARAM_CHECK_INT(MAX_IDLE_TIMEOUT,
1940 "MAX_IDLE_TIMEOUT is malformed")
1941 TPARAM_CHECK_INT(MAX_UDP_PAYLOAD_SIZE,
1942 "MAX_UDP_PAYLOAD_SIZE is malformed")
1943 TPARAM_CHECK_INT(ACTIVE_CONN_ID_LIMIT,
1944 "ACTIVE_CONN_ID_LIMIT is malformed")
1945 };
1946
1947 struct tparam_ctx {
1948 const struct tparam_test *t;
1949 };
1950
tparam_handle(struct tparam_ctx * ctx,uint64_t id,unsigned char * data,size_t data_len,WPACKET * wpkt)1951 static int tparam_handle(struct tparam_ctx *ctx,
1952 uint64_t id, unsigned char *data,
1953 size_t data_len,
1954 WPACKET *wpkt)
1955 {
1956 const struct tparam_test *t = ctx->t;
1957
1958 switch (t->op) {
1959 case TPARAM_OP_DUP:
1960 if (!TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(wpkt, id,
1961 data, data_len)))
1962 return 0;
1963
1964 /*
1965 * If this is the matching ID, write it again, duplicating the TPARAM.
1966 */
1967 if (id == t->id
1968 && !TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(wpkt, id,
1969 data, data_len)))
1970 return 0;
1971
1972 return 1;
1973
1974 case TPARAM_OP_DROP:
1975 case TPARAM_OP_DROP_INJECT:
1976 /* Pass through unless ID matches. */
1977 if (id != t->id
1978 && !TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(wpkt, id,
1979 data, data_len)))
1980 return 0;
1981
1982 return 1;
1983
1984 case TPARAM_OP_INJECT:
1985 case TPARAM_OP_INJECT_TWICE:
1986 case TPARAM_OP_INJECT_RAW:
1987 /* Always pass through. */
1988 if (!TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(wpkt, id,
1989 data, data_len)))
1990 return 0;
1991
1992 return 1;
1993
1994 case TPARAM_OP_MUTATE:
1995 if (id == t->id) {
1996 if (!TEST_size_t_gt(data_len, 0))
1997 return 0;
1998
1999 data[0] ^= 1;
2000 }
2001
2002 if (!TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(wpkt, id,
2003 data, data_len)))
2004 return 0;
2005
2006 if (id == t->id)
2007 data[0] ^= 1;
2008
2009 return 1;
2010
2011 default:
2012 return 0;
2013 }
2014 }
2015
tparam_on_enc_ext(QTEST_FAULT * qtf,QTEST_ENCRYPTED_EXTENSIONS * ee,size_t ee_len,void * arg)2016 static int tparam_on_enc_ext(QTEST_FAULT *qtf, QTEST_ENCRYPTED_EXTENSIONS *ee,
2017 size_t ee_len, void *arg)
2018 {
2019 int rc = 0;
2020 struct tparam_ctx *ctx = arg;
2021 PACKET pkt = {0};
2022 WPACKET wpkt;
2023 int have_wpkt = 0;
2024 BUF_MEM *old_bufm = NULL, *new_bufm = NULL;
2025 unsigned char *tp_p;
2026 size_t tp_len, written, old_len, eb_len;
2027 uint64_t id;
2028
2029 if (!TEST_ptr(old_bufm = BUF_MEM_new()))
2030 goto err;
2031
2032 /*
2033 * Delete transport parameters TLS extension and capture the contents of the
2034 * extension which was removed.
2035 */
2036 if (!TEST_true(qtest_fault_delete_extension(qtf, TLSEXT_TYPE_quic_transport_parameters,
2037 ee->extensions, &ee->extensionslen,
2038 old_bufm)))
2039 goto err;
2040
2041 if (!TEST_true(PACKET_buf_init(&pkt, (unsigned char *)old_bufm->data, old_bufm->length))
2042 || !TEST_ptr(new_bufm = BUF_MEM_new())
2043 || !TEST_true(WPACKET_init(&wpkt, new_bufm)))
2044 goto err;
2045
2046 have_wpkt = 1;
2047
2048 /*
2049 * Open transport parameters TLS extension:
2050 *
2051 * u16 Extension ID (quic_transport_parameters)
2052 * u16 Extension Data Length
2053 * ... Extension Data
2054 *
2055 */
2056 if (!TEST_true(WPACKET_put_bytes_u16(&wpkt,
2057 TLSEXT_TYPE_quic_transport_parameters))
2058 || !TEST_true(WPACKET_start_sub_packet_u16(&wpkt)))
2059 goto err;
2060
2061 for (; PACKET_remaining(&pkt) > 0; ) {
2062 tp_p = (unsigned char *)ossl_quic_wire_decode_transport_param_bytes(&pkt,
2063 &id,
2064 &tp_len);
2065 if (!TEST_ptr(tp_p)) {
2066 TEST_mem_eq(PACKET_data(&pkt), PACKET_remaining(&pkt), NULL, 0);
2067 goto err;
2068 }
2069
2070 if (!TEST_true(tparam_handle(ctx, id, tp_p, tp_len, &wpkt)))
2071 goto err;
2072 }
2073
2074 if (ctx->t->op == TPARAM_OP_INJECT || ctx->t->op == TPARAM_OP_DROP_INJECT
2075 || ctx->t->op == TPARAM_OP_INJECT_TWICE) {
2076 if (!TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(&wpkt, ctx->t->id,
2077 ctx->t->buf,
2078 ctx->t->buf_len)))
2079 goto err;
2080
2081 if (ctx->t->op == TPARAM_OP_INJECT_TWICE
2082 && !TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(&wpkt, ctx->t->id,
2083 ctx->t->buf,
2084 ctx->t->buf_len)))
2085 goto err;
2086 } else if (ctx->t->op == TPARAM_OP_INJECT_RAW) {
2087 if (!TEST_true(WPACKET_memcpy(&wpkt, ctx->t->buf, ctx->t->buf_len)))
2088 goto err;
2089 }
2090
2091 if (!TEST_true(WPACKET_close(&wpkt))) /* end extension data, set length */
2092 goto err;
2093
2094 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
2095 goto err;
2096
2097 WPACKET_finish(&wpkt);
2098 have_wpkt = 0;
2099
2100 /*
2101 * Append the constructed extension blob to the extension block.
2102 */
2103 old_len = ee->extensionslen;
2104
2105 if (!qtest_fault_resize_message(qtf, ee->extensionslen + written))
2106 goto err;
2107
2108 memcpy(ee->extensions + old_len, new_bufm->data, written);
2109
2110 /* Fixup the extension block header (u16 length of entire block). */
2111 eb_len = (((uint16_t)ee->extensions[0]) << 8) + (uint16_t)ee->extensions[1];
2112 eb_len += written;
2113 ee->extensions[0] = (unsigned char)((eb_len >> 8) & 0xFF);
2114 ee->extensions[1] = (unsigned char)( eb_len & 0xFF);
2115
2116 rc = 1;
2117 err:
2118 if (have_wpkt)
2119 WPACKET_cleanup(&wpkt);
2120 BUF_MEM_free(old_bufm);
2121 BUF_MEM_free(new_bufm);
2122 return rc;
2123 }
2124
test_tparam(int idx)2125 static int test_tparam(int idx)
2126 {
2127 int testresult = 0;
2128 SSL_CTX *c_ctx = NULL;
2129 SSL *c_ssl = NULL;
2130 QUIC_TSERVER *s = NULL;
2131 QTEST_FAULT *qtf = NULL;
2132 struct tparam_ctx ctx = {0};
2133
2134 ctx.t = &tparam_tests[idx];
2135
2136 if (!TEST_ptr(c_ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
2137 goto err;
2138
2139 if (!TEST_true(qtest_create_quic_objects(libctx, c_ctx, NULL, cert,
2140 privkey, 0, &s,
2141 &c_ssl, &qtf, NULL)))
2142 goto err;
2143
2144 if (!TEST_true(qtest_fault_set_hand_enc_ext_listener(qtf, tparam_on_enc_ext,
2145 &ctx)))
2146 goto err;
2147
2148 if (!TEST_true(qtest_create_quic_connection_ex(s, c_ssl,
2149 ctx.t->expect_fail != NULL)))
2150 goto err;
2151
2152 if (ctx.t->expect_fail != NULL) {
2153 SSL_CONN_CLOSE_INFO info = {0};
2154
2155 if (!TEST_true(SSL_get_conn_close_info(c_ssl, &info, sizeof(info))))
2156 goto err;
2157
2158 if (!TEST_true((info.flags & SSL_CONN_CLOSE_FLAG_TRANSPORT) != 0)
2159 || !TEST_uint64_t_eq(info.error_code, OSSL_QUIC_ERR_TRANSPORT_PARAMETER_ERROR)
2160 || !TEST_ptr(strstr(info.reason, ctx.t->expect_fail))) {
2161 TEST_error("expected connection closure information mismatch"
2162 " during TPARAM test: flags=%llu ec=%llu reason='%s'",
2163 (unsigned long long)info.flags,
2164 (unsigned long long)info.error_code,
2165 info.reason);
2166 goto err;
2167 }
2168 }
2169
2170 testresult = 1;
2171 err:
2172 if (!testresult) {
2173 if (ctx.t->expect_fail != NULL)
2174 TEST_info("failed during test for id=%llu, op=%d, bl=%zu, "
2175 "expected failure='%s'", (unsigned long long)ctx.t->id,
2176 ctx.t->op, ctx.t->buf_len, ctx.t->expect_fail);
2177 else
2178 TEST_info("failed during test for id=%llu, op=%d, bl=%zu",
2179 (unsigned long long)ctx.t->id, ctx.t->op, ctx.t->buf_len);
2180 }
2181
2182 ossl_quic_tserver_free(s);
2183 SSL_free(c_ssl);
2184 SSL_CTX_free(c_ctx);
2185 qtest_fault_free(qtf);
2186 return testresult;
2187 }
2188
2189 static int new_called = 0;
2190 static SSL *cbssl = NULL;
2191
new_session_cb(SSL * ssl,SSL_SESSION * sess)2192 static int new_session_cb(SSL *ssl, SSL_SESSION *sess)
2193 {
2194 new_called++;
2195 /*
2196 * Remember the SSL ref we were called with. No need to up-ref this. It
2197 * should remain valid for the duration of the test.
2198 */
2199 cbssl = ssl;
2200 /*
2201 * sess has been up-refed for us, but we don't actually need it so free it
2202 * immediately.
2203 */
2204 SSL_SESSION_free(sess);
2205 return 1;
2206 }
2207
2208 /* Test using a new_session_cb with a QUIC SSL object works as expected */
test_session_cb(void)2209 static int test_session_cb(void)
2210 {
2211 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
2212 SSL *clientquic = NULL;
2213 QUIC_TSERVER *qtserv = NULL;
2214 int testresult = 0;
2215
2216 if (!TEST_ptr(cctx))
2217 goto err;
2218
2219 new_called = 0;
2220 cbssl = NULL;
2221 SSL_CTX_sess_set_new_cb(cctx, new_session_cb);
2222 SSL_CTX_set_session_cache_mode(cctx, SSL_SESS_CACHE_CLIENT);
2223
2224 if (!TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
2225 privkey,
2226 QTEST_FLAG_FAKE_TIME,
2227 &qtserv, &clientquic,
2228 NULL, NULL)))
2229 goto err;
2230
2231 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
2232 goto err;
2233
2234 /* Process the pending NewSessionTickets */
2235 if (!TEST_true(SSL_handle_events(clientquic)))
2236 goto err;
2237
2238 if (!TEST_int_eq(SSL_shutdown(clientquic), 0))
2239 goto err;
2240
2241 /*
2242 * Check the callback was called twice (we expect 2 tickets), and with the
2243 * correct SSL reference
2244 */
2245 if (!TEST_int_eq(new_called, 2)
2246 || !TEST_ptr_eq(clientquic, cbssl))
2247 goto err;
2248
2249 testresult = 1;
2250 err:
2251 cbssl = NULL;
2252 ossl_quic_tserver_free(qtserv);
2253 SSL_free(clientquic);
2254 SSL_CTX_free(cctx);
2255
2256 return testresult;
2257 }
2258
2259 /***********************************************************************************/
2260
2261 OPT_TEST_DECLARE_USAGE("provider config certsdir datadir\n")
2262
setup_tests(void)2263 int setup_tests(void)
2264 {
2265 char *modulename;
2266 char *configfile;
2267
2268 libctx = OSSL_LIB_CTX_new();
2269 if (!TEST_ptr(libctx))
2270 return 0;
2271
2272 defctxnull = OSSL_PROVIDER_load(NULL, "null");
2273
2274 /*
2275 * Verify that the default and fips providers in the default libctx are not
2276 * available
2277 */
2278 if (!TEST_false(OSSL_PROVIDER_available(NULL, "default"))
2279 || !TEST_false(OSSL_PROVIDER_available(NULL, "fips")))
2280 goto err;
2281
2282 if (!test_skip_common_options()) {
2283 TEST_error("Error parsing test options\n");
2284 goto err;
2285 }
2286
2287 if (!TEST_ptr(modulename = test_get_argument(0))
2288 || !TEST_ptr(configfile = test_get_argument(1))
2289 || !TEST_ptr(certsdir = test_get_argument(2))
2290 || !TEST_ptr(datadir = test_get_argument(3)))
2291 goto err;
2292
2293 if (!TEST_true(OSSL_LIB_CTX_load_config(libctx, configfile)))
2294 goto err;
2295
2296 /* Check we have the expected provider available */
2297 if (!TEST_true(OSSL_PROVIDER_available(libctx, modulename)))
2298 goto err;
2299
2300 /* Check the default provider is not available */
2301 if (strcmp(modulename, "default") != 0
2302 && !TEST_false(OSSL_PROVIDER_available(libctx, "default")))
2303 goto err;
2304
2305 if (strcmp(modulename, "fips") == 0)
2306 is_fips = 1;
2307
2308 cert = test_mk_file_path(certsdir, "servercert.pem");
2309 if (cert == NULL)
2310 goto err;
2311
2312 ccert = test_mk_file_path(certsdir, "ee-client-chain.pem");
2313 if (ccert == NULL)
2314 goto err;
2315
2316 cauthca = test_mk_file_path(certsdir, "root-cert.pem");
2317 if (cauthca == NULL)
2318 goto err;
2319
2320 privkey = test_mk_file_path(certsdir, "serverkey.pem");
2321 if (privkey == NULL)
2322 goto err;
2323
2324 cprivkey = test_mk_file_path(certsdir, "ee-key.pem");
2325 if (privkey == NULL)
2326 goto err;
2327
2328 ADD_ALL_TESTS(test_quic_write_read, 3);
2329 ADD_TEST(test_fin_only_blocking);
2330 ADD_TEST(test_ciphersuites);
2331 ADD_TEST(test_cipher_find);
2332 ADD_TEST(test_version);
2333 #if defined(DO_SSL_TRACE_TEST)
2334 ADD_TEST(test_ssl_trace);
2335 #endif
2336 ADD_TEST(test_quic_forbidden_apis_ctx);
2337 ADD_TEST(test_quic_forbidden_apis);
2338 ADD_TEST(test_quic_forbidden_options);
2339 ADD_ALL_TESTS(test_quic_set_fd, 3);
2340 ADD_TEST(test_bio_ssl);
2341 ADD_TEST(test_back_pressure);
2342 ADD_TEST(test_multiple_dgrams);
2343 ADD_ALL_TESTS(test_non_io_retry, 2);
2344 ADD_TEST(test_quic_psk);
2345 ADD_ALL_TESTS(test_client_auth, 3);
2346 ADD_ALL_TESTS(test_alpn, 2);
2347 ADD_ALL_TESTS(test_noisy_dgram, 2);
2348 ADD_TEST(test_bw_limit);
2349 ADD_TEST(test_get_shutdown);
2350 ADD_ALL_TESTS(test_tparam, OSSL_NELEM(tparam_tests));
2351 ADD_TEST(test_session_cb);
2352
2353 return 1;
2354 err:
2355 cleanup_tests();
2356 return 0;
2357 }
2358
cleanup_tests(void)2359 void cleanup_tests(void)
2360 {
2361 bio_f_noisy_dgram_filter_free();
2362 bio_f_pkt_split_dgram_filter_free();
2363 OPENSSL_free(cert);
2364 OPENSSL_free(privkey);
2365 OPENSSL_free(ccert);
2366 OPENSSL_free(cauthca);
2367 OPENSSL_free(cprivkey);
2368 OSSL_PROVIDER_unload(defctxnull);
2369 OSSL_LIB_CTX_free(libctx);
2370 }
2371
