1 /*
2 * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stdio.h>
11 #include <string.h>
12
13 #include <openssl/opensslconf.h>
14 #include <openssl/quic.h>
15 #include <openssl/rand.h>
16
17 #include "helpers/ssltestlib.h"
18 #include "helpers/quictestlib.h"
19 #include "testutil.h"
20 #include "testutil/output.h"
21 #include "../ssl/ssl_local.h"
22 #include "internal/quic_error.h"
23
24 static OSSL_LIB_CTX *libctx = NULL;
25 static OSSL_PROVIDER *defctxnull = NULL;
26 static char *certsdir = NULL;
27 static char *cert = NULL;
28 static char *ccert = NULL;
29 static char *cauthca = NULL;
30 static char *privkey = NULL;
31 static char *cprivkey = NULL;
32 static char *datadir = NULL;
33
34 static int is_fips = 0;
35
36 /* The ssltrace test assumes some options are switched on/off */
37 #if !defined(OPENSSL_NO_SSL_TRACE) \
38 && defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) \
39 && !defined(OPENSSL_NO_ECX) && !defined(OPENSSL_NO_DH)
40 # define DO_SSL_TRACE_TEST
41 #endif
42
43 /*
44 * Test that we read what we've written.
45 * Test 0: Non-blocking
46 * Test 1: Blocking
47 * Test 2: Blocking, introduce socket error, test error handling.
48 */
test_quic_write_read(int idx)49 static int test_quic_write_read(int idx)
50 {
51 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
52 SSL_CTX *sctx = NULL;
53 SSL *clientquic = NULL;
54 QUIC_TSERVER *qtserv = NULL;
55 int j, k, ret = 0;
56 unsigned char buf[20], scratch[64];
57 static char *msg = "A test message";
58 size_t msglen = strlen(msg);
59 size_t numbytes = 0;
60 int ssock = 0, csock = 0;
61 uint64_t sid = UINT64_MAX;
62 SSL_SESSION *sess = NULL;
63
64 if (idx >= 1 && !qtest_supports_blocking())
65 return TEST_skip("Blocking tests not supported in this build");
66
67 for (k = 0; k < 2; k++) {
68 if (!TEST_ptr(cctx)
69 || !TEST_true(qtest_create_quic_objects(libctx, cctx, sctx,
70 cert, privkey,
71 idx >= 1
72 ? QTEST_FLAG_BLOCK
73 : 0,
74 &qtserv, &clientquic,
75 NULL, NULL))
76 || !TEST_true(SSL_set_tlsext_host_name(clientquic, "localhost")))
77 goto end;
78
79 if (sess != NULL && !TEST_true(SSL_set_session(clientquic, sess)))
80 goto end;
81
82 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
83 goto end;
84
85 if (idx >= 1) {
86 if (!TEST_true(BIO_get_fd(ossl_quic_tserver_get0_rbio(qtserv),
87 &ssock)))
88 goto end;
89 if (!TEST_int_gt(csock = SSL_get_rfd(clientquic), 0))
90 goto end;
91 }
92
93 sid = 0; /* client-initiated bidirectional stream */
94
95 for (j = 0; j < 2; j++) {
96 /* Check that sending and receiving app data is ok */
97 if (!TEST_true(SSL_write_ex(clientquic, msg, msglen, &numbytes))
98 || !TEST_size_t_eq(numbytes, msglen))
99 goto end;
100 if (idx >= 1) {
101 do {
102 if (!TEST_true(wait_until_sock_readable(ssock)))
103 goto end;
104
105 ossl_quic_tserver_tick(qtserv);
106
107 if (!TEST_true(ossl_quic_tserver_read(qtserv, sid, buf,
108 sizeof(buf),
109 &numbytes)))
110 goto end;
111 } while (numbytes == 0);
112
113 if (!TEST_mem_eq(buf, numbytes, msg, msglen))
114 goto end;
115 }
116
117 if (idx >= 2 && j > 0)
118 /* Introduce permanent socket error */
119 BIO_closesocket(csock);
120
121 ossl_quic_tserver_tick(qtserv);
122 if (!TEST_true(ossl_quic_tserver_write(qtserv, sid,
123 (unsigned char *)msg,
124 msglen, &numbytes)))
125 goto end;
126 ossl_quic_tserver_tick(qtserv);
127 SSL_handle_events(clientquic);
128
129 if (idx >= 2 && j > 0) {
130 if (!TEST_false(SSL_read_ex(clientquic, buf, 1, &numbytes))
131 || !TEST_int_eq(SSL_get_error(clientquic, 0),
132 SSL_ERROR_SYSCALL)
133 || !TEST_false(SSL_write_ex(clientquic, msg, msglen,
134 &numbytes))
135 || !TEST_int_eq(SSL_get_error(clientquic, 0),
136 SSL_ERROR_SYSCALL))
137 goto end;
138 break;
139 }
140
141 /*
142 * In blocking mode the SSL_read_ex call will block until the socket
143 * is readable and has our data. In non-blocking mode we're doing
144 * everything in memory, so it should be immediately available
145 */
146 if (!TEST_true(SSL_read_ex(clientquic, buf, 1, &numbytes))
147 || !TEST_size_t_eq(numbytes, 1)
148 || !TEST_true(SSL_has_pending(clientquic))
149 || !TEST_int_eq(SSL_pending(clientquic), msglen - 1)
150 || !TEST_true(SSL_read_ex(clientquic, buf + 1,
151 sizeof(buf) - 1, &numbytes))
152 || !TEST_mem_eq(buf, numbytes + 1, msg, msglen))
153 goto end;
154 }
155
156 /* Test that exporters work. */
157 if (!TEST_true(SSL_export_keying_material(clientquic, scratch,
158 sizeof(scratch), "test", 4, (unsigned char *)"ctx", 3,
159 1)))
160 goto end;
161
162 if (sess == NULL) {
163 /* We didn't supply a session so we're not expecting resumption */
164 if (!TEST_false(SSL_session_reused(clientquic)))
165 goto end;
166 /* We should have a session ticket by now */
167 sess = SSL_get1_session(clientquic);
168 if (!TEST_ptr(sess))
169 goto end;
170 } else {
171 /* We supplied a session so we should have resumed */
172 if (!TEST_true(SSL_session_reused(clientquic)))
173 goto end;
174 }
175
176 if (!TEST_true(qtest_shutdown(qtserv, clientquic)))
177 goto end;
178
179 if (sctx == NULL) {
180 sctx = ossl_quic_tserver_get0_ssl_ctx(qtserv);
181 if (!TEST_true(SSL_CTX_up_ref(sctx))) {
182 sctx = NULL;
183 goto end;
184 }
185 }
186 ossl_quic_tserver_free(qtserv);
187 qtserv = NULL;
188 SSL_free(clientquic);
189 clientquic = NULL;
190
191 if (idx >= 2)
192 break;
193 }
194
195 ret = 1;
196
197 end:
198 SSL_SESSION_free(sess);
199 ossl_quic_tserver_free(qtserv);
200 SSL_free(clientquic);
201 SSL_CTX_free(cctx);
202 SSL_CTX_free(sctx);
203
204 return ret;
205 }
206
207 /*
208 * Test that sending FIN with no data to a client blocking in SSL_read_ex() will
209 * wake up the client.
210 */
test_fin_only_blocking(void)211 static int test_fin_only_blocking(void)
212 {
213 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
214 SSL_CTX *sctx = NULL;
215 SSL *clientquic = NULL;
216 QUIC_TSERVER *qtserv = NULL;
217 const char *msg = "Hello World";
218 uint64_t sid;
219 size_t numbytes;
220 unsigned char buf[32];
221 int ret = 0;
222 OSSL_TIME timer, timediff;
223
224 if (!qtest_supports_blocking())
225 return TEST_skip("Blocking tests not supported in this build");
226
227 if (!TEST_ptr(cctx)
228 || !TEST_true(qtest_create_quic_objects(libctx, cctx, sctx,
229 cert, privkey,
230 QTEST_FLAG_BLOCK,
231 &qtserv, &clientquic,
232 NULL, NULL))
233 || !TEST_true(SSL_set_tlsext_host_name(clientquic, "localhost")))
234 goto end;
235
236 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
237 goto end;
238
239 if (!TEST_true(ossl_quic_tserver_stream_new(qtserv, 0, &sid))
240 || !TEST_true(ossl_quic_tserver_write(qtserv, sid,
241 (unsigned char *)msg,
242 strlen(msg), &numbytes))
243 || !TEST_size_t_eq(strlen(msg), numbytes))
244 goto end;
245
246 ossl_quic_tserver_tick(qtserv);
247
248 if (!TEST_true(SSL_read_ex(clientquic, buf, sizeof(buf), &numbytes))
249 || !TEST_mem_eq(msg, strlen(msg), buf, numbytes))
250
251
252 goto end;
253
254 if (!TEST_true(ossl_quic_tserver_conclude(qtserv, sid)))
255 goto end;
256
257 timer = ossl_time_now();
258 if (!TEST_false(SSL_read_ex(clientquic, buf, sizeof(buf), &numbytes)))
259 goto end;
260 timediff = ossl_time_subtract(ossl_time_now(), timer);
261
262 if (!TEST_int_eq(SSL_get_error(clientquic, 0), SSL_ERROR_ZERO_RETURN)
263 /*
264 * We expect the SSL_read_ex to not have blocked so this should
265 * be very fast. 20ms should be plenty.
266 */
267 || !TEST_uint64_t_le(ossl_time2ms(timediff), 20))
268 goto end;
269
270 if (!TEST_true(qtest_shutdown(qtserv, clientquic)))
271 goto end;
272
273 ret = 1;
274
275 end:
276 ossl_quic_tserver_free(qtserv);
277 SSL_free(clientquic);
278 SSL_CTX_free(cctx);
279 SSL_CTX_free(sctx);
280
281 return ret;
282 }
283
284 /* Test that a vanilla QUIC SSL object has the expected ciphersuites available */
test_ciphersuites(void)285 static int test_ciphersuites(void)
286 {
287 SSL_CTX *ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
288 SSL *ssl;
289 int testresult = 0;
290 const STACK_OF(SSL_CIPHER) *ciphers = NULL;
291 const SSL_CIPHER *cipher;
292 /* We expect this exact list of ciphersuites by default */
293 int cipherids[] = {
294 TLS1_3_CK_AES_256_GCM_SHA384,
295 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
296 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
297 #endif
298 TLS1_3_CK_AES_128_GCM_SHA256
299 };
300 size_t i, j;
301
302 if (!TEST_ptr(ctx))
303 return 0;
304
305 ssl = SSL_new(ctx);
306 if (!TEST_ptr(ssl))
307 goto err;
308
309 ciphers = SSL_get_ciphers(ssl);
310
311 for (i = 0, j = 0; i < OSSL_NELEM(cipherids); i++) {
312 if (cipherids[i] == TLS1_3_CK_CHACHA20_POLY1305_SHA256 && is_fips)
313 continue;
314 cipher = sk_SSL_CIPHER_value(ciphers, j++);
315 if (!TEST_ptr(cipher))
316 goto err;
317 if (!TEST_uint_eq(SSL_CIPHER_get_id(cipher), cipherids[i]))
318 goto err;
319 }
320
321 /* We should have checked all the ciphers in the stack */
322 if (!TEST_int_eq(sk_SSL_CIPHER_num(ciphers), j))
323 goto err;
324
325 testresult = 1;
326 err:
327 SSL_free(ssl);
328 SSL_CTX_free(ctx);
329
330 return testresult;
331 }
332
test_cipher_find(void)333 static int test_cipher_find(void)
334 {
335 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
336 SSL *clientquic = NULL;
337 struct {
338 const unsigned char *cipherbytes;
339 int ok;
340 } testciphers[] = {
341 { TLS13_AES_128_GCM_SHA256_BYTES, 1 },
342 { TLS13_AES_256_GCM_SHA384_BYTES, 1 },
343 { TLS13_CHACHA20_POLY1305_SHA256_BYTES, 1 },
344 { TLS13_AES_128_CCM_SHA256_BYTES, 0 },
345 { TLS13_AES_128_CCM_8_SHA256_BYTES, 0 },
346 #if !defined(OPENSSL_NO_INTEGRITY_ONLY_CIPHERS)
347 { TLS13_SHA256_SHA256_BYTES, 0 },
348 { TLS13_SHA384_SHA384_BYTES, 0 }
349 #endif
350 };
351 size_t i;
352 int testresult = 0;
353
354 if (!TEST_ptr(cctx))
355 goto err;
356
357 clientquic = SSL_new(cctx);
358 if (!TEST_ptr(clientquic))
359 goto err;
360
361 for (i = 0; i < OSSL_NELEM(testciphers); i++)
362 if (testciphers[i].ok) {
363 if (!TEST_ptr(SSL_CIPHER_find(clientquic,
364 testciphers[i].cipherbytes)))
365 goto err;
366 } else {
367 if (!TEST_ptr_null(SSL_CIPHER_find(clientquic,
368 testciphers[i].cipherbytes)))
369 goto err;
370 }
371
372 testresult = 1;
373 err:
374 SSL_free(clientquic);
375 SSL_CTX_free(cctx);
376
377 return testresult;
378 }
379
380 /*
381 * Test that SSL_version, SSL_get_version, SSL_is_quic, SSL_is_tls and
382 * SSL_is_dtls return the expected results for a QUIC connection. Compare with
383 * test_version() in sslapitest.c which does the same thing for TLS/DTLS
384 * connections.
385 */
test_version(void)386 static int test_version(void)
387 {
388 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
389 SSL *clientquic = NULL;
390 QUIC_TSERVER *qtserv = NULL;
391 int testresult = 0;
392
393 if (!TEST_ptr(cctx)
394 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
395 privkey, 0, &qtserv,
396 &clientquic, NULL, NULL))
397 || !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
398 goto err;
399
400 if (!TEST_int_eq(SSL_version(clientquic), OSSL_QUIC1_VERSION)
401 || !TEST_str_eq(SSL_get_version(clientquic), "QUICv1"))
402 goto err;
403
404 if (!TEST_true(SSL_is_quic(clientquic))
405 || !TEST_false(SSL_is_tls(clientquic))
406 || !TEST_false(SSL_is_dtls(clientquic)))
407 goto err;
408
409
410 testresult = 1;
411 err:
412 ossl_quic_tserver_free(qtserv);
413 SSL_free(clientquic);
414 SSL_CTX_free(cctx);
415
416 return testresult;
417 }
418
419 #if defined(DO_SSL_TRACE_TEST)
strip_line_ends(char * str)420 static void strip_line_ends(char *str)
421 {
422 size_t i;
423
424 for (i = strlen(str);
425 i > 0 && (str[i - 1] == '\n' || str[i - 1] == '\r');
426 i--);
427
428 str[i] = '\0';
429 }
430
compare_with_file(BIO * membio)431 static int compare_with_file(BIO *membio)
432 {
433 BIO *file = NULL, *newfile = NULL;
434 char buf1[512], buf2[512];
435 char *reffile;
436 int ret = 0;
437 size_t i;
438
439 #ifdef OPENSSL_NO_ZLIB
440 reffile = test_mk_file_path(datadir, "ssltraceref.txt");
441 #else
442 reffile = test_mk_file_path(datadir, "ssltraceref-zlib.txt");
443 #endif
444 if (!TEST_ptr(reffile))
445 goto err;
446
447 file = BIO_new_file(reffile, "rb");
448 if (!TEST_ptr(file))
449 goto err;
450
451 newfile = BIO_new_file("ssltraceref-new.txt", "wb");
452 if (!TEST_ptr(newfile))
453 goto err;
454
455 while (BIO_gets(membio, buf2, sizeof(buf2)) > 0)
456 if (BIO_puts(newfile, buf2) <= 0) {
457 TEST_error("Failed writing new file data");
458 goto err;
459 }
460
461 if (!TEST_int_ge(BIO_seek(membio, 0), 0))
462 goto err;
463
464 while (BIO_gets(file, buf1, sizeof(buf1)) > 0) {
465 if (BIO_gets(membio, buf2, sizeof(buf2)) <= 0) {
466 TEST_error("Failed reading mem data");
467 goto err;
468 }
469 strip_line_ends(buf1);
470 strip_line_ends(buf2);
471 if (strlen(buf1) != strlen(buf2)) {
472 TEST_error("Actual and ref line data length mismatch");
473 TEST_info("%s", buf1);
474 TEST_info("%s", buf2);
475 goto err;
476 }
477 for (i = 0; i < strlen(buf1); i++) {
478 /* '?' is a wild card character in the reference text */
479 if (buf1[i] == '?')
480 buf2[i] = '?';
481 }
482 if (!TEST_str_eq(buf1, buf2))
483 goto err;
484 }
485 if (!TEST_true(BIO_eof(file))
486 || !TEST_true(BIO_eof(membio)))
487 goto err;
488
489 ret = 1;
490 err:
491 OPENSSL_free(reffile);
492 BIO_free(file);
493 BIO_free(newfile);
494 return ret;
495 }
496
497 /*
498 * Tests that the SSL_trace() msg_callback works as expected with a QUIC
499 * connection. This also provides testing of the msg_callback at the same time.
500 */
test_ssl_trace(void)501 static int test_ssl_trace(void)
502 {
503 SSL_CTX *cctx = NULL;
504 SSL *clientquic = NULL;
505 QUIC_TSERVER *qtserv = NULL;
506 int testresult = 0;
507 BIO *bio = NULL;
508
509 if (!TEST_ptr(cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()))
510 || !TEST_ptr(bio = BIO_new(BIO_s_mem()))
511 || !TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_128_GCM_SHA256"))
512 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
513 privkey,
514 QTEST_FLAG_FAKE_TIME,
515 &qtserv,
516 &clientquic, NULL, NULL)))
517 goto err;
518
519 SSL_set_msg_callback(clientquic, SSL_trace);
520 SSL_set_msg_callback_arg(clientquic, bio);
521
522 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
523 goto err;
524
525 /* Skip the comparison of the trace when the fips provider is used. */
526 if (is_fips) {
527 /* Check whether there was something written. */
528 if (!TEST_int_gt(BIO_pending(bio), 0))
529 goto err;
530 } else {
531 if (!TEST_true(compare_with_file(bio)))
532 goto err;
533 }
534
535 testresult = 1;
536 err:
537 ossl_quic_tserver_free(qtserv);
538 SSL_free(clientquic);
539 SSL_CTX_free(cctx);
540 BIO_free(bio);
541
542 return testresult;
543 }
544 #endif
545
ensure_valid_ciphers(const STACK_OF (SSL_CIPHER)* ciphers)546 static int ensure_valid_ciphers(const STACK_OF(SSL_CIPHER) *ciphers)
547 {
548 size_t i;
549
550 /* Ensure ciphersuite list is suitably subsetted. */
551 for (i = 0; i < (size_t)sk_SSL_CIPHER_num(ciphers); ++i) {
552 const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(ciphers, i);
553 switch (SSL_CIPHER_get_id(cipher)) {
554 case TLS1_3_CK_AES_128_GCM_SHA256:
555 case TLS1_3_CK_AES_256_GCM_SHA384:
556 case TLS1_3_CK_CHACHA20_POLY1305_SHA256:
557 break;
558 default:
559 TEST_error("forbidden cipher: %s", SSL_CIPHER_get_name(cipher));
560 return 0;
561 }
562 }
563
564 return 1;
565 }
566
567 /*
568 * Test that handshake-layer APIs which shouldn't work don't work with QUIC.
569 */
test_quic_forbidden_apis_ctx(void)570 static int test_quic_forbidden_apis_ctx(void)
571 {
572 int testresult = 0;
573 SSL_CTX *ctx = NULL;
574
575 if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
576 goto err;
577
578 #ifndef OPENSSL_NO_SRTP
579 /* This function returns 0 on success and 1 on error, and should fail. */
580 if (!TEST_true(SSL_CTX_set_tlsext_use_srtp(ctx, "SRTP_AEAD_AES_128_GCM")))
581 goto err;
582 #endif
583
584 /*
585 * List of ciphersuites we do and don't allow in QUIC.
586 */
587 #define QUIC_CIPHERSUITES \
588 "TLS_AES_128_GCM_SHA256:" \
589 "TLS_AES_256_GCM_SHA384:" \
590 "TLS_CHACHA20_POLY1305_SHA256"
591
592 #define NON_QUIC_CIPHERSUITES \
593 "TLS_AES_128_CCM_SHA256:" \
594 "TLS_AES_256_CCM_SHA384:" \
595 "TLS_AES_128_CCM_8_SHA256:" \
596 "TLS_SHA256_SHA256:" \
597 "TLS_SHA384_SHA384"
598
599 /* Set TLSv1.3 ciphersuite list for the SSL_CTX. */
600 if (!TEST_true(SSL_CTX_set_ciphersuites(ctx,
601 QUIC_CIPHERSUITES ":"
602 NON_QUIC_CIPHERSUITES)))
603 goto err;
604
605 /*
606 * Forbidden ciphersuites should show up in SSL_CTX accessors, they are only
607 * filtered in SSL_get1_supported_ciphers, so we don't check for
608 * non-inclusion here.
609 */
610
611 testresult = 1;
612 err:
613 SSL_CTX_free(ctx);
614 return testresult;
615 }
616
test_quic_forbidden_apis(void)617 static int test_quic_forbidden_apis(void)
618 {
619 int testresult = 0;
620 SSL_CTX *ctx = NULL;
621 SSL *ssl = NULL;
622 STACK_OF(SSL_CIPHER) *ciphers = NULL;
623
624 if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
625 goto err;
626
627 if (!TEST_ptr(ssl = SSL_new(ctx)))
628 goto err;
629
630 #ifndef OPENSSL_NO_SRTP
631 /* This function returns 0 on success and 1 on error, and should fail. */
632 if (!TEST_true(SSL_set_tlsext_use_srtp(ssl, "SRTP_AEAD_AES_128_GCM")))
633 goto err;
634 #endif
635
636 /* Set TLSv1.3 ciphersuite list for the SSL_CTX. */
637 if (!TEST_true(SSL_set_ciphersuites(ssl,
638 QUIC_CIPHERSUITES ":"
639 NON_QUIC_CIPHERSUITES)))
640 goto err;
641
642 /* Non-QUIC ciphersuites must not appear in supported ciphers list. */
643 if (!TEST_ptr(ciphers = SSL_get1_supported_ciphers(ssl))
644 || !TEST_true(ensure_valid_ciphers(ciphers)))
645 goto err;
646
647 testresult = 1;
648 err:
649 sk_SSL_CIPHER_free(ciphers);
650 SSL_free(ssl);
651 SSL_CTX_free(ctx);
652 return testresult;
653 }
654
test_quic_forbidden_options(void)655 static int test_quic_forbidden_options(void)
656 {
657 int testresult = 0;
658 SSL_CTX *ctx = NULL;
659 SSL *ssl = NULL;
660 char buf[16];
661 size_t len;
662
663 if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
664 goto err;
665
666 /* QUIC options restrictions do not affect SSL_CTX */
667 SSL_CTX_set_options(ctx, UINT64_MAX);
668
669 if (!TEST_uint64_t_eq(SSL_CTX_get_options(ctx), UINT64_MAX))
670 goto err;
671
672 /* Set options on CTX which should not be inherited (tested below). */
673 SSL_CTX_set_read_ahead(ctx, 1);
674 SSL_CTX_set_max_early_data(ctx, 1);
675 SSL_CTX_set_recv_max_early_data(ctx, 1);
676 SSL_CTX_set_quiet_shutdown(ctx, 1);
677
678 if (!TEST_ptr(ssl = SSL_new(ctx)))
679 goto err;
680
681 /* Only permitted options get transferred to SSL object */
682 if (!TEST_uint64_t_eq(SSL_get_options(ssl), OSSL_QUIC_PERMITTED_OPTIONS))
683 goto err;
684
685 /* Try again using SSL_set_options */
686 SSL_set_options(ssl, UINT64_MAX);
687
688 if (!TEST_uint64_t_eq(SSL_get_options(ssl), OSSL_QUIC_PERMITTED_OPTIONS))
689 goto err;
690
691 /* Clear everything */
692 SSL_clear_options(ssl, UINT64_MAX);
693
694 if (!TEST_uint64_t_eq(SSL_get_options(ssl), 0))
695 goto err;
696
697 /* Readahead */
698 if (!TEST_false(SSL_get_read_ahead(ssl)))
699 goto err;
700
701 SSL_set_read_ahead(ssl, 1);
702 if (!TEST_false(SSL_get_read_ahead(ssl)))
703 goto err;
704
705 /* Block padding */
706 if (!TEST_true(SSL_set_block_padding(ssl, 0))
707 || !TEST_true(SSL_set_block_padding(ssl, 1))
708 || !TEST_false(SSL_set_block_padding(ssl, 2)))
709 goto err;
710
711 /* Max fragment length */
712 if (!TEST_true(SSL_set_tlsext_max_fragment_length(ssl, TLSEXT_max_fragment_length_DISABLED))
713 || !TEST_false(SSL_set_tlsext_max_fragment_length(ssl, TLSEXT_max_fragment_length_512)))
714 goto err;
715
716 /* Max early data */
717 if (!TEST_false(SSL_set_recv_max_early_data(ssl, 1))
718 || !TEST_false(SSL_set_max_early_data(ssl, 1)))
719 goto err;
720
721 /* Read/Write */
722 if (!TEST_false(SSL_read_early_data(ssl, buf, sizeof(buf), &len))
723 || !TEST_false(SSL_write_early_data(ssl, buf, sizeof(buf), &len)))
724 goto err;
725
726 /* Buffer Management */
727 if (!TEST_true(SSL_alloc_buffers(ssl))
728 || !TEST_false(SSL_free_buffers(ssl)))
729 goto err;
730
731 /* Pipelining */
732 if (!TEST_false(SSL_set_max_send_fragment(ssl, 2))
733 || !TEST_false(SSL_set_split_send_fragment(ssl, 2))
734 || !TEST_false(SSL_set_max_pipelines(ssl, 2)))
735 goto err;
736
737 /* HRR */
738 if (!TEST_false(SSL_stateless(ssl)))
739 goto err;
740
741 /* Quiet Shutdown */
742 if (!TEST_false(SSL_get_quiet_shutdown(ssl)))
743 goto err;
744
745 /* No duplication */
746 if (!TEST_ptr_null(SSL_dup(ssl)))
747 goto err;
748
749 /* No clear */
750 if (!TEST_false(SSL_clear(ssl)))
751 goto err;
752
753 testresult = 1;
754 err:
755 SSL_free(ssl);
756 SSL_CTX_free(ctx);
757 return testresult;
758 }
759
test_quic_set_fd(int idx)760 static int test_quic_set_fd(int idx)
761 {
762 int testresult = 0;
763 SSL_CTX *ctx = NULL;
764 SSL *ssl = NULL;
765 int fd = -1, resfd = -1;
766 BIO *bio = NULL;
767
768 if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
769 goto err;
770
771 if (!TEST_ptr(ssl = SSL_new(ctx)))
772 goto err;
773
774 if (!TEST_int_ge(fd = BIO_socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP, 0), 0))
775 goto err;
776
777 if (idx == 0) {
778 if (!TEST_true(SSL_set_fd(ssl, fd)))
779 goto err;
780 if (!TEST_ptr(bio = SSL_get_rbio(ssl)))
781 goto err;
782 if (!TEST_ptr_eq(bio, SSL_get_wbio(ssl)))
783 goto err;
784 } else if (idx == 1) {
785 if (!TEST_true(SSL_set_rfd(ssl, fd)))
786 goto err;
787 if (!TEST_ptr(bio = SSL_get_rbio(ssl)))
788 goto err;
789 if (!TEST_ptr_null(SSL_get_wbio(ssl)))
790 goto err;
791 } else {
792 if (!TEST_true(SSL_set_wfd(ssl, fd)))
793 goto err;
794 if (!TEST_ptr(bio = SSL_get_wbio(ssl)))
795 goto err;
796 if (!TEST_ptr_null(SSL_get_rbio(ssl)))
797 goto err;
798 }
799
800 if (!TEST_int_eq(BIO_method_type(bio), BIO_TYPE_DGRAM))
801 goto err;
802
803 if (!TEST_true(BIO_get_fd(bio, &resfd))
804 || !TEST_int_eq(resfd, fd))
805 goto err;
806
807 testresult = 1;
808 err:
809 SSL_free(ssl);
810 SSL_CTX_free(ctx);
811 if (fd >= 0)
812 BIO_closesocket(fd);
813 return testresult;
814 }
815
816 #define MAXLOOPS 1000
817
test_bio_ssl(void)818 static int test_bio_ssl(void)
819 {
820 /*
821 * We just use OSSL_QUIC_client_method() rather than
822 * OSSL_QUIC_client_thread_method(). We will never leave the connection idle
823 * so we will always be implicitly handling time events anyway via other
824 * IO calls.
825 */
826 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
827 SSL *clientquic = NULL, *stream = NULL;
828 QUIC_TSERVER *qtserv = NULL;
829 int testresult = 0;
830 BIO *cbio = NULL, *strbio = NULL, *thisbio;
831 const char *msg = "Hello world";
832 int abortctr = 0, err, clienterr = 0, servererr = 0, retc = 0, rets = 0;
833 size_t written, readbytes, msglen;
834 int sid = 0, i;
835 unsigned char buf[80];
836
837 if (!TEST_ptr(cctx))
838 goto err;
839
840 cbio = BIO_new_ssl(cctx, 1);
841 if (!TEST_ptr(cbio))
842 goto err;
843
844 /*
845 * We must configure the ALPN/peer address etc so we get the SSL object in
846 * order to pass it to qtest_create_quic_objects for configuration.
847 */
848 if (!TEST_int_eq(BIO_get_ssl(cbio, &clientquic), 1))
849 goto err;
850
851 if (!TEST_true(qtest_create_quic_objects(libctx, NULL, NULL, cert, privkey,
852 0, &qtserv, &clientquic, NULL,
853 NULL)))
854 goto err;
855
856 msglen = strlen(msg);
857
858 do {
859 err = BIO_FLAGS_WRITE;
860 while (!clienterr && !retc && err == BIO_FLAGS_WRITE) {
861 retc = BIO_write_ex(cbio, msg, msglen, &written);
862 if (!retc) {
863 if (BIO_should_retry(cbio))
864 err = BIO_retry_type(cbio);
865 else
866 err = 0;
867 }
868 }
869
870 if (!clienterr && retc <= 0 && err != BIO_FLAGS_READ) {
871 TEST_info("BIO_write_ex() failed %d, %d", retc, err);
872 TEST_openssl_errors();
873 clienterr = 1;
874 }
875
876 if (!servererr && rets <= 0) {
877 ossl_quic_tserver_tick(qtserv);
878 servererr = ossl_quic_tserver_is_term_any(qtserv);
879 if (!servererr)
880 rets = ossl_quic_tserver_is_handshake_confirmed(qtserv);
881 }
882
883 if (clienterr && servererr)
884 goto err;
885
886 if (++abortctr == MAXLOOPS) {
887 TEST_info("No progress made");
888 goto err;
889 }
890 } while ((!retc && !clienterr) || (rets <= 0 && !servererr));
891
892 /*
893 * 2 loops: The first using the default stream, and the second using a new
894 * client initiated bidi stream.
895 */
896 for (i = 0, thisbio = cbio; i < 2; i++) {
897 if (!TEST_true(ossl_quic_tserver_read(qtserv, sid, buf, sizeof(buf),
898 &readbytes))
899 || !TEST_mem_eq(msg, msglen, buf, readbytes))
900 goto err;
901
902 if (!TEST_true(ossl_quic_tserver_write(qtserv, sid, (unsigned char *)msg,
903 msglen, &written)))
904 goto err;
905 ossl_quic_tserver_tick(qtserv);
906
907 if (!TEST_true(BIO_read_ex(thisbio, buf, sizeof(buf), &readbytes))
908 || !TEST_mem_eq(msg, msglen, buf, readbytes))
909 goto err;
910
911 if (i == 1)
912 break;
913
914 if (!TEST_true(SSL_set_mode(clientquic, 0)))
915 goto err;
916
917 /*
918 * Now create a new stream and repeat. The bottom two bits of the stream
919 * id represents whether the stream is bidi and whether it is client
920 * initiated or not. For client initiated bidi they are both 0. So the
921 * first client initiated bidi stream is 0 and the next one is 4.
922 */
923 sid = 4;
924 stream = SSL_new_stream(clientquic, 0);
925 if (!TEST_ptr(stream))
926 goto err;
927
928 if (!TEST_true(SSL_set_mode(stream, 0)))
929 goto err;
930
931 thisbio = strbio = BIO_new(BIO_f_ssl());
932 if (!TEST_ptr(strbio))
933 goto err;
934
935 if (!TEST_int_eq(BIO_set_ssl(thisbio, stream, BIO_CLOSE), 1))
936 goto err;
937 stream = NULL;
938
939 if (!TEST_true(BIO_write_ex(thisbio, msg, msglen, &written)))
940 goto err;
941
942 ossl_quic_tserver_tick(qtserv);
943 }
944
945 testresult = 1;
946 err:
947 BIO_free_all(cbio);
948 BIO_free_all(strbio);
949 SSL_free(stream);
950 ossl_quic_tserver_free(qtserv);
951 SSL_CTX_free(cctx);
952
953 return testresult;
954 }
955
956 #define BACK_PRESSURE_NUM_LOOPS 10000
957 /*
958 * Test that sending data from the client to the server faster than the server
959 * can process it eventually results in back pressure on the client.
960 */
test_back_pressure(void)961 static int test_back_pressure(void)
962 {
963 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
964 SSL *clientquic = NULL;
965 QUIC_TSERVER *qtserv = NULL;
966 int testresult = 0;
967 unsigned char *msg = NULL;
968 const size_t msglen = 1024;
969 unsigned char buf[64];
970 size_t readbytes, written;
971 int i;
972
973 if (!TEST_ptr(cctx)
974 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
975 privkey, 0, &qtserv,
976 &clientquic, NULL, NULL))
977 || !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
978 goto err;
979
980 msg = OPENSSL_malloc(msglen);
981 if (!TEST_ptr(msg))
982 goto err;
983 if (!TEST_int_eq(RAND_bytes_ex(libctx, msg, msglen, 0), 1))
984 goto err;
985
986 /*
987 * Limit to 10000 loops. If we've not seen any back pressure after that
988 * we're going to run out of memory, so abort.
989 */
990 for (i = 0; i < BACK_PRESSURE_NUM_LOOPS; i++) {
991 /* Send data from the client */
992 if (!SSL_write_ex(clientquic, msg, msglen, &written)) {
993 /* Check if we are seeing back pressure */
994 if (SSL_get_error(clientquic, 0) == SSL_ERROR_WANT_WRITE)
995 break;
996 TEST_error("Unexpected client failure");
997 goto err;
998 }
999
1000 /* Receive data at the server */
1001 ossl_quic_tserver_tick(qtserv);
1002 if (!TEST_true(ossl_quic_tserver_read(qtserv, 0, buf, sizeof(buf),
1003 &readbytes)))
1004 goto err;
1005 }
1006
1007 if (i == BACK_PRESSURE_NUM_LOOPS) {
1008 TEST_error("No back pressure seen");
1009 goto err;
1010 }
1011
1012 testresult = 1;
1013 err:
1014 SSL_free(clientquic);
1015 ossl_quic_tserver_free(qtserv);
1016 SSL_CTX_free(cctx);
1017 OPENSSL_free(msg);
1018
1019 return testresult;
1020 }
1021
1022
1023 static int dgram_ctr = 0;
1024
dgram_cb(int write_p,int version,int content_type,const void * buf,size_t msglen,SSL * ssl,void * arg)1025 static void dgram_cb(int write_p, int version, int content_type,
1026 const void *buf, size_t msglen, SSL *ssl, void *arg)
1027 {
1028 if (!write_p)
1029 return;
1030
1031 if (content_type != SSL3_RT_QUIC_DATAGRAM)
1032 return;
1033
1034 dgram_ctr++;
1035 }
1036
1037 /* Test that we send multiple datagrams in one go when appropriate */
test_multiple_dgrams(void)1038 static int test_multiple_dgrams(void)
1039 {
1040 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1041 SSL *clientquic = NULL;
1042 QUIC_TSERVER *qtserv = NULL;
1043 int testresult = 0;
1044 unsigned char *buf;
1045 const size_t buflen = 1400;
1046 size_t written;
1047
1048 buf = OPENSSL_zalloc(buflen);
1049
1050 if (!TEST_ptr(cctx)
1051 || !TEST_ptr(buf)
1052 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
1053 privkey, 0, &qtserv,
1054 &clientquic, NULL, NULL))
1055 || !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1056 goto err;
1057
1058 dgram_ctr = 0;
1059 SSL_set_msg_callback(clientquic, dgram_cb);
1060 if (!TEST_true(SSL_write_ex(clientquic, buf, buflen, &written))
1061 || !TEST_size_t_eq(written, buflen)
1062 /* We wrote enough data for 2 datagrams */
1063 || !TEST_int_eq(dgram_ctr, 2))
1064 goto err;
1065
1066 testresult = 1;
1067 err:
1068 OPENSSL_free(buf);
1069 SSL_free(clientquic);
1070 ossl_quic_tserver_free(qtserv);
1071 SSL_CTX_free(cctx);
1072
1073 return testresult;
1074 }
1075
non_io_retry_cert_verify_cb(X509_STORE_CTX * ctx,void * arg)1076 static int non_io_retry_cert_verify_cb(X509_STORE_CTX *ctx, void *arg)
1077 {
1078 int idx = SSL_get_ex_data_X509_STORE_CTX_idx();
1079 SSL *ssl;
1080 const int *allow = (int *)arg;
1081
1082 /* this should not happen but check anyway */
1083 if (idx < 0
1084 || (ssl = X509_STORE_CTX_get_ex_data(ctx, idx)) == NULL)
1085 return 0;
1086
1087 /* If this is our first attempt then retry */
1088 if (*allow == 0)
1089 return SSL_set_retry_verify(ssl);
1090
1091 /* Otherwise do nothing - verification succeeds. Continue as normal */
1092 return 1;
1093 }
1094
1095 /* Test that we can handle a non-io related retry error
1096 * Test 0: Non-blocking
1097 * Test 1: Blocking
1098 */
test_non_io_retry(int idx)1099 static int test_non_io_retry(int idx)
1100 {
1101 SSL_CTX *cctx;
1102 SSL *clientquic = NULL;
1103 QUIC_TSERVER *qtserv = NULL;
1104 int testresult = 0;
1105 int flags = 0, allow = 0;
1106
1107 if (idx >= 1 && !qtest_supports_blocking())
1108 return TEST_skip("Blocking tests not supported in this build");
1109
1110 cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1111 if (!TEST_ptr(cctx))
1112 goto err;
1113
1114 SSL_CTX_set_cert_verify_callback(cctx, non_io_retry_cert_verify_cb, &allow);
1115
1116 flags = (idx >= 1) ? QTEST_FLAG_BLOCK : 0;
1117 if (!TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert, privkey,
1118 flags, &qtserv, &clientquic, NULL,
1119 NULL))
1120 || !TEST_true(qtest_create_quic_connection_ex(qtserv, clientquic,
1121 SSL_ERROR_WANT_RETRY_VERIFY))
1122 || !TEST_int_eq(SSL_want(clientquic), SSL_RETRY_VERIFY))
1123 goto err;
1124
1125 allow = 1;
1126 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1127 goto err;
1128
1129 testresult = 1;
1130 err:
1131 SSL_free(clientquic);
1132 ossl_quic_tserver_free(qtserv);
1133 SSL_CTX_free(cctx);
1134
1135 return testresult;
1136 }
1137
1138 static int use_session_cb_cnt = 0;
1139 static int find_session_cb_cnt = 0;
1140 static const char *pskid = "Identity";
1141 static SSL_SESSION *serverpsk = NULL, *clientpsk = NULL;
1142
use_session_cb(SSL * ssl,const EVP_MD * md,const unsigned char ** id,size_t * idlen,SSL_SESSION ** sess)1143 static int use_session_cb(SSL *ssl, const EVP_MD *md, const unsigned char **id,
1144 size_t *idlen, SSL_SESSION **sess)
1145 {
1146 use_session_cb_cnt++;
1147
1148 if (clientpsk == NULL)
1149 return 0;
1150
1151 SSL_SESSION_up_ref(clientpsk);
1152
1153 *sess = clientpsk;
1154 *id = (const unsigned char *)pskid;
1155 *idlen = strlen(pskid);
1156
1157 return 1;
1158 }
1159
find_session_cb(SSL * ssl,const unsigned char * identity,size_t identity_len,SSL_SESSION ** sess)1160 static int find_session_cb(SSL *ssl, const unsigned char *identity,
1161 size_t identity_len, SSL_SESSION **sess)
1162 {
1163 find_session_cb_cnt++;
1164
1165 if (serverpsk == NULL)
1166 return 0;
1167
1168 /* Identity should match that set by the client */
1169 if (strlen(pskid) != identity_len
1170 || strncmp(pskid, (const char *)identity, identity_len) != 0)
1171 return 0;
1172
1173 SSL_SESSION_up_ref(serverpsk);
1174 *sess = serverpsk;
1175
1176 return 1;
1177 }
1178
test_quic_psk(void)1179 static int test_quic_psk(void)
1180 {
1181 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1182 SSL *clientquic = NULL;
1183 QUIC_TSERVER *qtserv = NULL;
1184 int testresult = 0;
1185
1186 if (!TEST_ptr(cctx)
1187 /* No cert or private key for the server, i.e. PSK only */
1188 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, NULL,
1189 NULL, 0, &qtserv,
1190 &clientquic, NULL, NULL)))
1191 goto end;
1192
1193 SSL_set_psk_use_session_callback(clientquic, use_session_cb);
1194 ossl_quic_tserver_set_psk_find_session_cb(qtserv, find_session_cb);
1195 use_session_cb_cnt = 0;
1196 find_session_cb_cnt = 0;
1197
1198 clientpsk = serverpsk = create_a_psk(clientquic, SHA384_DIGEST_LENGTH);
1199 if (!TEST_ptr(clientpsk))
1200 goto end;
1201 /* We already had one ref. Add another one */
1202 SSL_SESSION_up_ref(clientpsk);
1203
1204 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic))
1205 || !TEST_int_eq(1, find_session_cb_cnt)
1206 || !TEST_int_eq(1, use_session_cb_cnt)
1207 /* Check that we actually used the PSK */
1208 || !TEST_true(SSL_session_reused(clientquic)))
1209 goto end;
1210
1211 testresult = 1;
1212
1213 end:
1214 SSL_free(clientquic);
1215 ossl_quic_tserver_free(qtserv);
1216 SSL_CTX_free(cctx);
1217 SSL_SESSION_free(clientpsk);
1218 SSL_SESSION_free(serverpsk);
1219 clientpsk = serverpsk = NULL;
1220
1221 return testresult;
1222 }
1223
test_client_auth(int idx)1224 static int test_client_auth(int idx)
1225 {
1226 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1227 SSL_CTX *sctx = SSL_CTX_new_ex(libctx, NULL, TLS_method());
1228 SSL *clientquic = NULL;
1229 QUIC_TSERVER *qtserv = NULL;
1230 int testresult = 0;
1231 unsigned char buf[20];
1232 static char *msg = "A test message";
1233 size_t msglen = strlen(msg);
1234 size_t numbytes = 0;
1235
1236 if (!TEST_ptr(cctx) || !TEST_ptr(sctx))
1237 goto err;
1238
1239 SSL_CTX_set_verify(sctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT
1240 | SSL_VERIFY_CLIENT_ONCE, NULL);
1241
1242 if (!TEST_true(SSL_CTX_load_verify_file(sctx, cauthca)))
1243 goto err;
1244
1245 if (idx > 0
1246 && (!TEST_true(SSL_CTX_use_certificate_chain_file(cctx, ccert))
1247 || !TEST_true(SSL_CTX_use_PrivateKey_file(cctx, cprivkey,
1248 SSL_FILETYPE_PEM))))
1249 goto err;
1250
1251 if (!TEST_true(qtest_create_quic_objects(libctx, cctx, sctx, cert,
1252 privkey, 0, &qtserv,
1253 &clientquic, NULL, NULL)))
1254 goto err;
1255
1256 if (idx > 1) {
1257 if (!TEST_true(ssl_ctx_add_large_cert_chain(libctx, cctx, ccert))
1258 || !TEST_true(ssl_ctx_add_large_cert_chain(libctx, sctx, cert)))
1259 goto err;
1260 }
1261
1262 if (idx == 0) {
1263 if (!TEST_false(qtest_create_quic_connection(qtserv, clientquic)))
1264 goto err;
1265
1266 /* negative test passed */
1267 testresult = 1;
1268 goto err;
1269 }
1270
1271 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1272 goto err;
1273
1274 /* Check that sending and receiving app data is ok */
1275 if (!TEST_true(SSL_write_ex(clientquic, msg, msglen, &numbytes))
1276 || !TEST_size_t_eq(numbytes, msglen))
1277 goto err;
1278
1279 ossl_quic_tserver_tick(qtserv);
1280 if (!TEST_true(ossl_quic_tserver_write(qtserv, 0,
1281 (unsigned char *)msg,
1282 msglen, &numbytes)))
1283 goto err;
1284
1285 ossl_quic_tserver_tick(qtserv);
1286 SSL_handle_events(clientquic);
1287
1288 if (!TEST_true(SSL_read_ex(clientquic, buf, sizeof(buf), &numbytes))
1289 || !TEST_size_t_eq(numbytes, msglen)
1290 || !TEST_mem_eq(buf, numbytes, msg, msglen))
1291 goto err;
1292
1293 if (!TEST_true(qtest_shutdown(qtserv, clientquic)))
1294 goto err;
1295
1296 testresult = 1;
1297
1298 err:
1299 SSL_free(clientquic);
1300 ossl_quic_tserver_free(qtserv);
1301 SSL_CTX_free(sctx);
1302 SSL_CTX_free(cctx);
1303
1304 return testresult;
1305 }
1306
1307 /*
1308 * Test that we correctly handle ALPN supplied by the application
1309 * Test 0: ALPN is provided
1310 * Test 1: No ALPN is provided
1311 */
test_alpn(int idx)1312 static int test_alpn(int idx)
1313 {
1314 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1315 SSL *clientquic = NULL;
1316 QUIC_TSERVER *qtserv = NULL;
1317 int testresult = 0;
1318 int ret;
1319
1320 /*
1321 * Ensure we only configure ciphersuites that are available with both the
1322 * default and fips providers to get the same output in both cases
1323 */
1324 if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_128_GCM_SHA256")))
1325 goto err;
1326
1327 if (!TEST_ptr(cctx)
1328 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
1329 privkey,
1330 QTEST_FLAG_FAKE_TIME,
1331 &qtserv,
1332 &clientquic, NULL, NULL)))
1333 goto err;
1334
1335 if (idx == 0) {
1336 /*
1337 * Clear the ALPN we set in qtest_create_quic_objects. We use TEST_false
1338 * because SSL_set_alpn_protos returns 0 for success.
1339 */
1340 if (!TEST_false(SSL_set_alpn_protos(clientquic, NULL, 0)))
1341 goto err;
1342 }
1343
1344 ret = SSL_connect(clientquic);
1345 if (!TEST_int_le(ret, 0))
1346 goto err;
1347 if (idx == 0) {
1348 /* We expect an immediate error due to lack of ALPN */
1349 if (!TEST_int_eq(SSL_get_error(clientquic, ret), SSL_ERROR_SSL))
1350 goto err;
1351 } else {
1352 /* ALPN was provided so we expect the connection to succeed */
1353 if (!TEST_int_eq(SSL_get_error(clientquic, ret), SSL_ERROR_WANT_READ)
1354 || !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1355 goto err;
1356 }
1357
1358 testresult = 1;
1359 err:
1360 ossl_quic_tserver_free(qtserv);
1361 SSL_free(clientquic);
1362 SSL_CTX_free(cctx);
1363
1364 return testresult;
1365 }
1366
1367 /*
1368 * Test SSL_get_shutdown() behavior.
1369 */
test_get_shutdown(void)1370 static int test_get_shutdown(void)
1371 {
1372 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1373 SSL *clientquic = NULL;
1374 QUIC_TSERVER *qtserv = NULL;
1375 int testresult = 0;
1376
1377 if (!TEST_ptr(cctx)
1378 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
1379 privkey,
1380 QTEST_FLAG_FAKE_TIME,
1381 &qtserv, &clientquic,
1382 NULL, NULL))
1383 || !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1384 goto err;
1385
1386 if (!TEST_int_eq(SSL_get_shutdown(clientquic), 0))
1387 goto err;
1388
1389 if (!TEST_int_eq(SSL_shutdown(clientquic), 0))
1390 goto err;
1391
1392 if (!TEST_int_eq(SSL_get_shutdown(clientquic), SSL_SENT_SHUTDOWN))
1393 goto err;
1394
1395 do {
1396 ossl_quic_tserver_tick(qtserv);
1397 qtest_add_time(100);
1398 } while (SSL_shutdown(clientquic) == 0);
1399
1400 if (!TEST_int_eq(SSL_get_shutdown(clientquic),
1401 SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN))
1402 goto err;
1403
1404 testresult = 1;
1405 err:
1406 ossl_quic_tserver_free(qtserv);
1407 SSL_free(clientquic);
1408 SSL_CTX_free(cctx);
1409
1410 return testresult;
1411 }
1412
1413 #define MAX_LOOPS 2000
1414
1415 /*
1416 * Keep retrying SSL_read_ex until it succeeds or we give up. Accept a stream
1417 * if we don't already have one
1418 */
unreliable_client_read(SSL * clientquic,SSL ** stream,void * buf,size_t buflen,size_t * readbytes,QUIC_TSERVER * qtserv)1419 static int unreliable_client_read(SSL *clientquic, SSL **stream, void *buf,
1420 size_t buflen, size_t *readbytes,
1421 QUIC_TSERVER *qtserv)
1422 {
1423 int abortctr;
1424
1425 /* We just do this in a loop with a sleep for simplicity */
1426 for (abortctr = 0; abortctr < MAX_LOOPS; abortctr++) {
1427 if (*stream == NULL) {
1428 SSL_handle_events(clientquic);
1429 *stream = SSL_accept_stream(clientquic, 0);
1430 }
1431
1432 if (*stream != NULL) {
1433 if (SSL_read_ex(*stream, buf, buflen, readbytes))
1434 return 1;
1435 if (!TEST_int_eq(SSL_get_error(*stream, 0), SSL_ERROR_WANT_READ))
1436 return 0;
1437 }
1438 ossl_quic_tserver_tick(qtserv);
1439 qtest_add_time(1);
1440 qtest_wait_for_timeout(clientquic, qtserv);
1441 }
1442
1443 TEST_error("No progress made");
1444 return 0;
1445 }
1446
1447 /* Keep retrying ossl_quic_tserver_read until it succeeds or we give up */
unreliable_server_read(QUIC_TSERVER * qtserv,uint64_t sid,void * buf,size_t buflen,size_t * readbytes,SSL * clientquic)1448 static int unreliable_server_read(QUIC_TSERVER *qtserv, uint64_t sid,
1449 void *buf, size_t buflen, size_t *readbytes,
1450 SSL *clientquic)
1451 {
1452 int abortctr;
1453
1454 /* We just do this in a loop with a sleep for simplicity */
1455 for (abortctr = 0; abortctr < MAX_LOOPS; abortctr++) {
1456 if (ossl_quic_tserver_read(qtserv, sid, buf, buflen, readbytes)
1457 && *readbytes > 1)
1458 return 1;
1459 ossl_quic_tserver_tick(qtserv);
1460 SSL_handle_events(clientquic);
1461 qtest_add_time(1);
1462 qtest_wait_for_timeout(clientquic, qtserv);
1463 }
1464
1465 TEST_error("No progress made");
1466 return 0;
1467 }
1468
1469 /*
1470 * Create a connection and send data using an unreliable transport. We introduce
1471 * random noise to drop, delay and duplicate datagrams.
1472 * Test 0: Introduce random noise to datagrams
1473 * Test 1: As with test 0 but also split datagrams containing multiple packets
1474 * into individual datagrams so that individual packets can be affected
1475 * by noise - not just a whole datagram.
1476 */
test_noisy_dgram(int idx)1477 static int test_noisy_dgram(int idx)
1478 {
1479 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1480 SSL *clientquic = NULL, *stream[2] = { NULL, NULL };
1481 QUIC_TSERVER *qtserv = NULL;
1482 int testresult = 0;
1483 uint64_t sid = 0;
1484 char *msg = "Hello world!";
1485 size_t msglen = strlen(msg), written, readbytes, i, j;
1486 unsigned char buf[80];
1487 int flags = QTEST_FLAG_NOISE | QTEST_FLAG_FAKE_TIME;
1488 QTEST_FAULT *fault = NULL;
1489
1490 if (idx == 1)
1491 flags |= QTEST_FLAG_PACKET_SPLIT;
1492
1493 if (!TEST_ptr(cctx)
1494 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
1495 privkey, flags,
1496 &qtserv,
1497 &clientquic, &fault, NULL)))
1498 goto err;
1499
1500 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1501 goto err;
1502
1503 if (!TEST_true(SSL_set_incoming_stream_policy(clientquic,
1504 SSL_INCOMING_STREAM_POLICY_ACCEPT,
1505 0))
1506 || !TEST_true(SSL_set_default_stream_mode(clientquic,
1507 SSL_DEFAULT_STREAM_MODE_NONE)))
1508 goto err;
1509
1510 for (j = 0; j < 2; j++) {
1511 if (!TEST_true(ossl_quic_tserver_stream_new(qtserv, 0, &sid)))
1512 goto err;
1513 ossl_quic_tserver_tick(qtserv);
1514 qtest_add_time(1);
1515
1516 /*
1517 * Send data from the server to the client. Some datagrams may get
1518 * lost, modified, dropped or re-ordered. We repeat 20 times to ensure
1519 * we are sending enough datagrams for problems to be noticed.
1520 */
1521 for (i = 0; i < 20; i++) {
1522 if (!TEST_true(ossl_quic_tserver_write(qtserv, sid,
1523 (unsigned char *)msg, msglen,
1524 &written))
1525 || !TEST_size_t_eq(msglen, written))
1526 goto err;
1527 ossl_quic_tserver_tick(qtserv);
1528 qtest_add_time(1);
1529
1530 /*
1531 * Since the underlying BIO is now noisy we may get failures that
1532 * need to be retried - so we use unreliable_client_read() to
1533 * handle that
1534 */
1535 if (!TEST_true(unreliable_client_read(clientquic, &stream[j], buf,
1536 sizeof(buf), &readbytes,
1537 qtserv))
1538 || !TEST_mem_eq(msg, msglen, buf, readbytes))
1539 goto err;
1540 }
1541
1542 /* Send data from the client to the server */
1543 for (i = 0; i < 20; i++) {
1544 if (!TEST_true(SSL_write_ex(stream[j], (unsigned char *)msg,
1545 msglen, &written))
1546 || !TEST_size_t_eq(msglen, written))
1547 goto err;
1548
1549 ossl_quic_tserver_tick(qtserv);
1550 qtest_add_time(1);
1551
1552 /*
1553 * Since the underlying BIO is now noisy we may get failures that
1554 * need to be retried - so we use unreliable_server_read() to
1555 * handle that
1556 */
1557 if (!TEST_true(unreliable_server_read(qtserv, sid, buf, sizeof(buf),
1558 &readbytes, clientquic))
1559 || !TEST_mem_eq(msg, msglen, buf, readbytes))
1560 goto err;
1561 }
1562 }
1563
1564 testresult = 1;
1565 err:
1566 ossl_quic_tserver_free(qtserv);
1567 SSL_free(stream[0]);
1568 SSL_free(stream[1]);
1569 SSL_free(clientquic);
1570 SSL_CTX_free(cctx);
1571 qtest_fault_free(fault);
1572
1573 return testresult;
1574 }
1575
1576 /*
1577 * Create a connection and send some big data using a transport with limited bandwidth.
1578 */
1579
1580 #define TEST_TRANSFER_DATA_SIZE (2*1024*1024) /* 2 MBytes */
1581 #define TEST_SINGLE_WRITE_SIZE (16*1024) /* 16 kBytes */
1582 #define TEST_BW_LIMIT 1000 /* 1000 Bytes/ms */
test_bw_limit(void)1583 static int test_bw_limit(void)
1584 {
1585 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1586 SSL *clientquic = NULL;
1587 QUIC_TSERVER *qtserv = NULL;
1588 int testresult = 0;
1589 unsigned char *msg = NULL, *recvbuf = NULL;
1590 size_t sendlen = TEST_TRANSFER_DATA_SIZE;
1591 size_t recvlen = TEST_TRANSFER_DATA_SIZE;
1592 size_t written, readbytes;
1593 int flags = QTEST_FLAG_NOISE | QTEST_FLAG_FAKE_TIME;
1594 QTEST_FAULT *fault = NULL;
1595 uint64_t real_bw;
1596
1597 if (!TEST_ptr(cctx)
1598 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
1599 privkey, flags,
1600 &qtserv,
1601 &clientquic, &fault, NULL)))
1602 goto err;
1603
1604 if (!TEST_ptr(msg = OPENSSL_zalloc(TEST_SINGLE_WRITE_SIZE))
1605 || !TEST_ptr(recvbuf = OPENSSL_zalloc(TEST_SINGLE_WRITE_SIZE)))
1606 goto err;
1607
1608 /* Set BW to 1000 Bytes/ms -> 1MByte/s both ways */
1609 if (!TEST_true(qtest_fault_set_bw_limit(fault, 1000, 1000, 0)))
1610 goto err;
1611
1612 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1613 goto err;
1614
1615 qtest_start_stopwatch();
1616
1617 while (recvlen > 0) {
1618 qtest_add_time(1);
1619
1620 if (sendlen > 0) {
1621 if (!SSL_write_ex(clientquic, msg,
1622 sendlen > TEST_SINGLE_WRITE_SIZE ? TEST_SINGLE_WRITE_SIZE
1623 : sendlen,
1624 &written)) {
1625 TEST_info("Retrying to send: %llu", (unsigned long long) sendlen);
1626 if (!TEST_int_eq(SSL_get_error(clientquic, 0), SSL_ERROR_WANT_WRITE))
1627 goto err;
1628 } else {
1629 sendlen -= written;
1630 TEST_info("Remaining to send: %llu", (unsigned long long) sendlen);
1631 }
1632 } else {
1633 SSL_handle_events(clientquic);
1634 }
1635
1636 if (ossl_quic_tserver_read(qtserv, 0, recvbuf,
1637 recvlen > TEST_SINGLE_WRITE_SIZE ? TEST_SINGLE_WRITE_SIZE
1638 : recvlen,
1639 &readbytes)
1640 && readbytes > 1) {
1641 recvlen -= readbytes;
1642 TEST_info("Remaining to recv: %llu", (unsigned long long) recvlen);
1643 } else {
1644 TEST_info("No progress on recv: %llu", (unsigned long long) recvlen);
1645 }
1646 ossl_quic_tserver_tick(qtserv);
1647 }
1648 real_bw = TEST_TRANSFER_DATA_SIZE / qtest_get_stopwatch_time();
1649
1650 TEST_info("BW limit: %d Bytes/ms Real bandwidth reached: %llu Bytes/ms",
1651 TEST_BW_LIMIT, (unsigned long long)real_bw);
1652
1653 if (!TEST_uint64_t_lt(real_bw, TEST_BW_LIMIT))
1654 goto err;
1655
1656 testresult = 1;
1657 err:
1658 OPENSSL_free(msg);
1659 OPENSSL_free(recvbuf);
1660 ossl_quic_tserver_free(qtserv);
1661 SSL_free(clientquic);
1662 SSL_CTX_free(cctx);
1663 qtest_fault_free(fault);
1664
1665 return testresult;
1666 }
1667
1668 enum {
1669 TPARAM_OP_DUP,
1670 TPARAM_OP_DROP,
1671 TPARAM_OP_INJECT,
1672 TPARAM_OP_INJECT_TWICE,
1673 TPARAM_OP_INJECT_RAW,
1674 TPARAM_OP_DROP_INJECT,
1675 TPARAM_OP_MUTATE
1676 };
1677
1678 #define TPARAM_CHECK_DUP(name, reason) \
1679 { QUIC_TPARAM_##name, TPARAM_OP_DUP, (reason) },
1680 #define TPARAM_CHECK_DROP(name, reason) \
1681 { QUIC_TPARAM_##name, TPARAM_OP_DROP, (reason) },
1682 #define TPARAM_CHECK_INJECT(name, buf, buf_len, reason) \
1683 { QUIC_TPARAM_##name, TPARAM_OP_INJECT, (reason), \
1684 (buf), (buf_len) },
1685 #define TPARAM_CHECK_INJECT_A(name, buf, reason) \
1686 TPARAM_CHECK_INJECT(name, buf, sizeof(buf), reason)
1687 #define TPARAM_CHECK_DROP_INJECT(name, buf, buf_len, reason) \
1688 { QUIC_TPARAM_##name, TPARAM_OP_DROP_INJECT, (reason), \
1689 (buf), (buf_len) },
1690 #define TPARAM_CHECK_DROP_INJECT_A(name, buf, reason) \
1691 TPARAM_CHECK_DROP_INJECT(name, buf, sizeof(buf), reason)
1692 #define TPARAM_CHECK_INJECT_TWICE(name, buf, buf_len, reason) \
1693 { QUIC_TPARAM_##name, TPARAM_OP_INJECT_TWICE, (reason), \
1694 (buf), (buf_len) },
1695 #define TPARAM_CHECK_INJECT_TWICE_A(name, buf, reason) \
1696 TPARAM_CHECK_INJECT_TWICE(name, buf, sizeof(buf), reason)
1697 #define TPARAM_CHECK_INJECT_RAW(buf, buf_len, reason) \
1698 { 0, TPARAM_OP_INJECT_RAW, (reason), \
1699 (buf), (buf_len) },
1700 #define TPARAM_CHECK_INJECT_RAW_A(buf, reason) \
1701 TPARAM_CHECK_INJECT_RAW(buf, sizeof(buf), reason)
1702 #define TPARAM_CHECK_MUTATE(name, reason) \
1703 { QUIC_TPARAM_##name, TPARAM_OP_MUTATE, (reason) },
1704 #define TPARAM_CHECK_INT(name, reason) \
1705 TPARAM_CHECK_DROP_INJECT(name, NULL, 0, reason) \
1706 TPARAM_CHECK_DROP_INJECT_A(name, bogus_int, reason) \
1707 TPARAM_CHECK_DROP_INJECT_A(name, int_with_trailer, reason)
1708
1709 struct tparam_test {
1710 uint64_t id;
1711 int op;
1712 const char *expect_fail; /* substring to expect in reason */
1713 const void *buf;
1714 size_t buf_len;
1715 };
1716
1717 static const unsigned char retry_scid_1[8] = { 0 };
1718
1719 static const unsigned char disable_active_migration_1[] = {
1720 0x00
1721 };
1722
1723 static const unsigned char malformed_stateless_reset_token_1[] = {
1724 0x02, 0xff
1725 };
1726
1727 static const unsigned char malformed_stateless_reset_token_2[] = {
1728 0x01
1729 };
1730
1731 static const unsigned char malformed_stateless_reset_token_3[15] = { 0 };
1732
1733 static const unsigned char malformed_stateless_reset_token_4[17] = { 0 };
1734
1735 static const unsigned char malformed_preferred_addr_1[] = {
1736 0x0d, 0xff
1737 };
1738
1739 static const unsigned char malformed_preferred_addr_2[42] = {
1740 0x0d, 0x28, /* too short */
1741 };
1742
1743 static const unsigned char malformed_preferred_addr_3[64] = {
1744 0x0d, 0x3e, /* too long */
1745 };
1746
1747 static const unsigned char malformed_preferred_addr_4[] = {
1748 /* TPARAM too short for CID length indicated */
1749 0x0d, 0x29, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1750 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1751 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1752 0x00, 0x00, 0x01, 0x55,
1753 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1754 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1755 };
1756
1757 static const unsigned char malformed_unknown_1[] = {
1758 0xff
1759 };
1760
1761 static const unsigned char malformed_unknown_2[] = {
1762 0x55, 0x55,
1763 };
1764
1765 static const unsigned char malformed_unknown_3[] = {
1766 0x55, 0x55, 0x01,
1767 };
1768
1769 static const unsigned char ack_delay_exp[] = {
1770 0x03
1771 };
1772
1773 static const unsigned char stateless_reset_token[16] = { 0x42 };
1774
1775 static const unsigned char preferred_addr[] = {
1776 0x44, 0x44, 0x44, 0x44,
1777 0x55, 0x55,
1778 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
1779 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
1780 0x77, 0x77,
1781 0x02, 0xAA, 0xBB,
1782 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99,
1783 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99,
1784 };
1785
1786 static const unsigned char long_cid[21] = { 0x42 };
1787
1788 static const unsigned char excess_ack_delay_exp[] = {
1789 0x15,
1790 };
1791
1792 static const unsigned char excess_max_ack_delay[] = {
1793 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00,
1794 };
1795
1796 static const unsigned char excess_initial_max_streams[] = {
1797 0xD0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
1798 };
1799
1800 static const unsigned char undersize_udp_payload_size[] = {
1801 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0xaf,
1802 };
1803
1804 static const unsigned char undersize_active_conn_id_limit[] = {
1805 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
1806 };
1807
1808 static const unsigned char bogus_int[9] = { 0 };
1809
1810 static const unsigned char int_with_trailer[2] = { 0x01 };
1811
1812 #define QUIC_TPARAM_UNKNOWN_1 0xf1f1
1813
1814 static const struct tparam_test tparam_tests[] = {
1815 TPARAM_CHECK_DUP(ORIG_DCID,
1816 "ORIG_DCID appears multiple times")
1817 TPARAM_CHECK_DUP(INITIAL_SCID,
1818 "INITIAL_SCID appears multiple times")
1819 TPARAM_CHECK_DUP(INITIAL_MAX_DATA,
1820 "INITIAL_MAX_DATA appears multiple times")
1821 TPARAM_CHECK_DUP(INITIAL_MAX_STREAM_DATA_BIDI_LOCAL,
1822 "INITIAL_MAX_STREAM_DATA_BIDI_LOCAL appears multiple times")
1823 TPARAM_CHECK_DUP(INITIAL_MAX_STREAM_DATA_BIDI_REMOTE,
1824 "INITIAL_MAX_STREAM_DATA_BIDI_REMOTE appears multiple times")
1825 TPARAM_CHECK_DUP(INITIAL_MAX_STREAM_DATA_UNI,
1826 "INITIAL_MAX_STREAM_DATA_UNI appears multiple times")
1827 TPARAM_CHECK_DUP(INITIAL_MAX_STREAMS_BIDI,
1828 "INITIAL_MAX_STREAMS_BIDI appears multiple times")
1829 TPARAM_CHECK_DUP(INITIAL_MAX_STREAMS_UNI,
1830 "INITIAL_MAX_STREAMS_UNI appears multiple times")
1831 TPARAM_CHECK_DUP(MAX_IDLE_TIMEOUT,
1832 "MAX_IDLE_TIMEOUT appears multiple times")
1833 TPARAM_CHECK_DUP(MAX_UDP_PAYLOAD_SIZE,
1834 "MAX_UDP_PAYLOAD_SIZE appears multiple times")
1835 TPARAM_CHECK_DUP(ACTIVE_CONN_ID_LIMIT,
1836 "ACTIVE_CONN_ID_LIMIT appears multiple times")
1837 TPARAM_CHECK_DUP(DISABLE_ACTIVE_MIGRATION,
1838 "DISABLE_ACTIVE_MIGRATION appears multiple times")
1839
1840 TPARAM_CHECK_DROP(INITIAL_SCID,
1841 "INITIAL_SCID was not sent but is required")
1842 TPARAM_CHECK_DROP(ORIG_DCID,
1843 "ORIG_DCID was not sent but is required")
1844
1845 TPARAM_CHECK_INJECT_A(RETRY_SCID, retry_scid_1,
1846 "RETRY_SCID sent when not performing a retry")
1847 TPARAM_CHECK_DROP_INJECT_A(DISABLE_ACTIVE_MIGRATION, disable_active_migration_1,
1848 "DISABLE_ACTIVE_MIGRATION is malformed")
1849 TPARAM_CHECK_INJECT(UNKNOWN_1, NULL, 0,
1850 NULL)
1851 TPARAM_CHECK_INJECT_RAW_A(malformed_stateless_reset_token_1,
1852 "STATELESS_RESET_TOKEN is malformed")
1853 TPARAM_CHECK_INJECT_A(STATELESS_RESET_TOKEN,
1854 malformed_stateless_reset_token_2,
1855 "STATELESS_RESET_TOKEN is malformed")
1856 TPARAM_CHECK_INJECT_A(STATELESS_RESET_TOKEN,
1857 malformed_stateless_reset_token_3,
1858 "STATELESS_RESET_TOKEN is malformed")
1859 TPARAM_CHECK_INJECT_A(STATELESS_RESET_TOKEN,
1860 malformed_stateless_reset_token_4,
1861 "STATELESS_RESET_TOKEN is malformed")
1862 TPARAM_CHECK_INJECT(STATELESS_RESET_TOKEN,
1863 NULL, 0,
1864 "STATELESS_RESET_TOKEN is malformed")
1865 TPARAM_CHECK_INJECT_RAW_A(malformed_preferred_addr_1,
1866 "PREFERRED_ADDR is malformed")
1867 TPARAM_CHECK_INJECT_RAW_A(malformed_preferred_addr_2,
1868 "PREFERRED_ADDR is malformed")
1869 TPARAM_CHECK_INJECT_RAW_A(malformed_preferred_addr_3,
1870 "PREFERRED_ADDR is malformed")
1871 TPARAM_CHECK_INJECT_RAW_A(malformed_preferred_addr_4,
1872 "PREFERRED_ADDR is malformed")
1873 TPARAM_CHECK_INJECT_RAW_A(malformed_unknown_1,
1874 "bad transport parameter")
1875 TPARAM_CHECK_INJECT_RAW_A(malformed_unknown_2,
1876 "bad transport parameter")
1877 TPARAM_CHECK_INJECT_RAW_A(malformed_unknown_3,
1878 "bad transport parameter")
1879
1880 TPARAM_CHECK_INJECT_A(ACK_DELAY_EXP, excess_ack_delay_exp,
1881 "ACK_DELAY_EXP is malformed")
1882 TPARAM_CHECK_INJECT_A(MAX_ACK_DELAY, excess_max_ack_delay,
1883 "MAX_ACK_DELAY is malformed")
1884 TPARAM_CHECK_DROP_INJECT_A(INITIAL_MAX_STREAMS_BIDI, excess_initial_max_streams,
1885 "INITIAL_MAX_STREAMS_BIDI is malformed")
1886 TPARAM_CHECK_DROP_INJECT_A(INITIAL_MAX_STREAMS_UNI, excess_initial_max_streams,
1887 "INITIAL_MAX_STREAMS_UNI is malformed")
1888
1889 TPARAM_CHECK_DROP_INJECT_A(MAX_UDP_PAYLOAD_SIZE, undersize_udp_payload_size,
1890 "MAX_UDP_PAYLOAD_SIZE is malformed")
1891 TPARAM_CHECK_DROP_INJECT_A(ACTIVE_CONN_ID_LIMIT, undersize_active_conn_id_limit,
1892 "ACTIVE_CONN_ID_LIMIT is malformed")
1893
1894 TPARAM_CHECK_INJECT_TWICE_A(ACK_DELAY_EXP, ack_delay_exp,
1895 "ACK_DELAY_EXP appears multiple times")
1896 TPARAM_CHECK_INJECT_TWICE_A(MAX_ACK_DELAY, ack_delay_exp,
1897 "MAX_ACK_DELAY appears multiple times")
1898 TPARAM_CHECK_INJECT_TWICE_A(STATELESS_RESET_TOKEN, stateless_reset_token,
1899 "STATELESS_RESET_TOKEN appears multiple times")
1900 TPARAM_CHECK_INJECT_TWICE_A(PREFERRED_ADDR, preferred_addr,
1901 "PREFERRED_ADDR appears multiple times")
1902
1903 TPARAM_CHECK_MUTATE(ORIG_DCID,
1904 "ORIG_DCID does not match expected value")
1905 TPARAM_CHECK_MUTATE(INITIAL_SCID,
1906 "INITIAL_SCID does not match expected value")
1907
1908 TPARAM_CHECK_DROP_INJECT_A(ORIG_DCID, long_cid,
1909 "ORIG_DCID is malformed")
1910 TPARAM_CHECK_DROP_INJECT_A(INITIAL_SCID, long_cid,
1911 "INITIAL_SCID is malformed")
1912
1913 TPARAM_CHECK_INT(INITIAL_MAX_DATA,
1914 "INITIAL_MAX_DATA is malformed")
1915 TPARAM_CHECK_INT(INITIAL_MAX_STREAM_DATA_BIDI_LOCAL,
1916 "INITIAL_MAX_STREAM_DATA_BIDI_LOCAL is malformed")
1917 TPARAM_CHECK_INT(INITIAL_MAX_STREAM_DATA_BIDI_REMOTE,
1918 "INITIAL_MAX_STREAM_DATA_BIDI_REMOTE is malformed")
1919 TPARAM_CHECK_INT(INITIAL_MAX_STREAM_DATA_UNI,
1920 "INITIAL_MAX_STREAM_DATA_UNI is malformed")
1921 TPARAM_CHECK_INT(ACK_DELAY_EXP,
1922 "ACK_DELAY_EXP is malformed")
1923 TPARAM_CHECK_INT(MAX_ACK_DELAY,
1924 "MAX_ACK_DELAY is malformed")
1925 TPARAM_CHECK_INT(INITIAL_MAX_STREAMS_BIDI,
1926 "INITIAL_MAX_STREAMS_BIDI is malformed")
1927 TPARAM_CHECK_INT(INITIAL_MAX_STREAMS_UNI,
1928 "INITIAL_MAX_STREAMS_UNI is malformed")
1929 TPARAM_CHECK_INT(MAX_IDLE_TIMEOUT,
1930 "MAX_IDLE_TIMEOUT is malformed")
1931 TPARAM_CHECK_INT(MAX_UDP_PAYLOAD_SIZE,
1932 "MAX_UDP_PAYLOAD_SIZE is malformed")
1933 TPARAM_CHECK_INT(ACTIVE_CONN_ID_LIMIT,
1934 "ACTIVE_CONN_ID_LIMIT is malformed")
1935 };
1936
1937 struct tparam_ctx {
1938 const struct tparam_test *t;
1939 };
1940
tparam_handle(struct tparam_ctx * ctx,uint64_t id,unsigned char * data,size_t data_len,WPACKET * wpkt)1941 static int tparam_handle(struct tparam_ctx *ctx,
1942 uint64_t id, unsigned char *data,
1943 size_t data_len,
1944 WPACKET *wpkt)
1945 {
1946 const struct tparam_test *t = ctx->t;
1947
1948 switch (t->op) {
1949 case TPARAM_OP_DUP:
1950 if (!TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(wpkt, id,
1951 data, data_len)))
1952 return 0;
1953
1954 /*
1955 * If this is the matching ID, write it again, duplicating the TPARAM.
1956 */
1957 if (id == t->id
1958 && !TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(wpkt, id,
1959 data, data_len)))
1960 return 0;
1961
1962 return 1;
1963
1964 case TPARAM_OP_DROP:
1965 case TPARAM_OP_DROP_INJECT:
1966 /* Pass through unless ID matches. */
1967 if (id != t->id
1968 && !TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(wpkt, id,
1969 data, data_len)))
1970 return 0;
1971
1972 return 1;
1973
1974 case TPARAM_OP_INJECT:
1975 case TPARAM_OP_INJECT_TWICE:
1976 case TPARAM_OP_INJECT_RAW:
1977 /* Always pass through. */
1978 if (!TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(wpkt, id,
1979 data, data_len)))
1980 return 0;
1981
1982 return 1;
1983
1984 case TPARAM_OP_MUTATE:
1985 if (id == t->id) {
1986 if (!TEST_size_t_gt(data_len, 0))
1987 return 0;
1988
1989 data[0] ^= 1;
1990 }
1991
1992 if (!TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(wpkt, id,
1993 data, data_len)))
1994 return 0;
1995
1996 if (id == t->id)
1997 data[0] ^= 1;
1998
1999 return 1;
2000
2001 default:
2002 return 0;
2003 }
2004 }
2005
tparam_on_enc_ext(QTEST_FAULT * qtf,QTEST_ENCRYPTED_EXTENSIONS * ee,size_t ee_len,void * arg)2006 static int tparam_on_enc_ext(QTEST_FAULT *qtf, QTEST_ENCRYPTED_EXTENSIONS *ee,
2007 size_t ee_len, void *arg)
2008 {
2009 int rc = 0;
2010 struct tparam_ctx *ctx = arg;
2011 PACKET pkt = {0};
2012 WPACKET wpkt;
2013 int have_wpkt = 0;
2014 BUF_MEM *old_bufm = NULL, *new_bufm = NULL;
2015 unsigned char *tp_p;
2016 size_t tp_len, written, old_len, eb_len;
2017 uint64_t id;
2018
2019 if (!TEST_ptr(old_bufm = BUF_MEM_new()))
2020 goto err;
2021
2022 /*
2023 * Delete transport parameters TLS extension and capture the contents of the
2024 * extension which was removed.
2025 */
2026 if (!TEST_true(qtest_fault_delete_extension(qtf, TLSEXT_TYPE_quic_transport_parameters,
2027 ee->extensions, &ee->extensionslen,
2028 old_bufm)))
2029 goto err;
2030
2031 if (!TEST_true(PACKET_buf_init(&pkt, (unsigned char *)old_bufm->data, old_bufm->length))
2032 || !TEST_ptr(new_bufm = BUF_MEM_new())
2033 || !TEST_true(WPACKET_init(&wpkt, new_bufm)))
2034 goto err;
2035
2036 have_wpkt = 1;
2037
2038 /*
2039 * Open transport parameters TLS extension:
2040 *
2041 * u16 Extension ID (quic_transport_parameters)
2042 * u16 Extension Data Length
2043 * ... Extension Data
2044 *
2045 */
2046 if (!TEST_true(WPACKET_put_bytes_u16(&wpkt,
2047 TLSEXT_TYPE_quic_transport_parameters))
2048 || !TEST_true(WPACKET_start_sub_packet_u16(&wpkt)))
2049 goto err;
2050
2051 for (; PACKET_remaining(&pkt) > 0; ) {
2052 tp_p = (unsigned char *)ossl_quic_wire_decode_transport_param_bytes(&pkt,
2053 &id,
2054 &tp_len);
2055 if (!TEST_ptr(tp_p)) {
2056 TEST_mem_eq(PACKET_data(&pkt), PACKET_remaining(&pkt), NULL, 0);
2057 goto err;
2058 }
2059
2060 if (!TEST_true(tparam_handle(ctx, id, tp_p, tp_len, &wpkt)))
2061 goto err;
2062 }
2063
2064 if (ctx->t->op == TPARAM_OP_INJECT || ctx->t->op == TPARAM_OP_DROP_INJECT
2065 || ctx->t->op == TPARAM_OP_INJECT_TWICE) {
2066 if (!TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(&wpkt, ctx->t->id,
2067 ctx->t->buf,
2068 ctx->t->buf_len)))
2069 goto err;
2070
2071 if (ctx->t->op == TPARAM_OP_INJECT_TWICE
2072 && !TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(&wpkt, ctx->t->id,
2073 ctx->t->buf,
2074 ctx->t->buf_len)))
2075 goto err;
2076 } else if (ctx->t->op == TPARAM_OP_INJECT_RAW) {
2077 if (!TEST_true(WPACKET_memcpy(&wpkt, ctx->t->buf, ctx->t->buf_len)))
2078 goto err;
2079 }
2080
2081 if (!TEST_true(WPACKET_close(&wpkt))) /* end extension data, set length */
2082 goto err;
2083
2084 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
2085 goto err;
2086
2087 WPACKET_finish(&wpkt);
2088 have_wpkt = 0;
2089
2090 /*
2091 * Append the constructed extension blob to the extension block.
2092 */
2093 old_len = ee->extensionslen;
2094
2095 if (!qtest_fault_resize_message(qtf, ee->extensionslen + written))
2096 goto err;
2097
2098 memcpy(ee->extensions + old_len, new_bufm->data, written);
2099
2100 /* Fixup the extension block header (u16 length of entire block). */
2101 eb_len = (((uint16_t)ee->extensions[0]) << 8) + (uint16_t)ee->extensions[1];
2102 eb_len += written;
2103 ee->extensions[0] = (unsigned char)((eb_len >> 8) & 0xFF);
2104 ee->extensions[1] = (unsigned char)( eb_len & 0xFF);
2105
2106 rc = 1;
2107 err:
2108 if (have_wpkt)
2109 WPACKET_cleanup(&wpkt);
2110 BUF_MEM_free(old_bufm);
2111 BUF_MEM_free(new_bufm);
2112 return rc;
2113 }
2114
test_tparam(int idx)2115 static int test_tparam(int idx)
2116 {
2117 int testresult = 0;
2118 SSL_CTX *c_ctx = NULL;
2119 SSL *c_ssl = NULL;
2120 QUIC_TSERVER *s = NULL;
2121 QTEST_FAULT *qtf = NULL;
2122 struct tparam_ctx ctx = {0};
2123
2124 ctx.t = &tparam_tests[idx];
2125
2126 if (!TEST_ptr(c_ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
2127 goto err;
2128
2129 if (!TEST_true(qtest_create_quic_objects(libctx, c_ctx, NULL, cert,
2130 privkey, 0, &s,
2131 &c_ssl, &qtf, NULL)))
2132 goto err;
2133
2134 if (!TEST_true(qtest_fault_set_hand_enc_ext_listener(qtf, tparam_on_enc_ext,
2135 &ctx)))
2136 goto err;
2137
2138 if (!TEST_true(qtest_create_quic_connection_ex(s, c_ssl,
2139 ctx.t->expect_fail != NULL)))
2140 goto err;
2141
2142 if (ctx.t->expect_fail != NULL) {
2143 SSL_CONN_CLOSE_INFO info = {0};
2144
2145 if (!TEST_true(SSL_get_conn_close_info(c_ssl, &info, sizeof(info))))
2146 goto err;
2147
2148 if (!TEST_true((info.flags & SSL_CONN_CLOSE_FLAG_TRANSPORT) != 0)
2149 || !TEST_uint64_t_eq(info.error_code, OSSL_QUIC_ERR_TRANSPORT_PARAMETER_ERROR)
2150 || !TEST_ptr(strstr(info.reason, ctx.t->expect_fail))) {
2151 TEST_error("expected connection closure information mismatch"
2152 " during TPARAM test: flags=%llu ec=%llu reason='%s'",
2153 (unsigned long long)info.flags,
2154 (unsigned long long)info.error_code,
2155 info.reason);
2156 goto err;
2157 }
2158 }
2159
2160 testresult = 1;
2161 err:
2162 if (!testresult) {
2163 if (ctx.t->expect_fail != NULL)
2164 TEST_info("failed during test for id=%llu, op=%d, bl=%zu, "
2165 "expected failure='%s'", (unsigned long long)ctx.t->id,
2166 ctx.t->op, ctx.t->buf_len, ctx.t->expect_fail);
2167 else
2168 TEST_info("failed during test for id=%llu, op=%d, bl=%zu",
2169 (unsigned long long)ctx.t->id, ctx.t->op, ctx.t->buf_len);
2170 }
2171
2172 ossl_quic_tserver_free(s);
2173 SSL_free(c_ssl);
2174 SSL_CTX_free(c_ctx);
2175 qtest_fault_free(qtf);
2176 return testresult;
2177 }
2178 /***********************************************************************************/
2179
2180 OPT_TEST_DECLARE_USAGE("provider config certsdir datadir\n")
2181
setup_tests(void)2182 int setup_tests(void)
2183 {
2184 char *modulename;
2185 char *configfile;
2186
2187 libctx = OSSL_LIB_CTX_new();
2188 if (!TEST_ptr(libctx))
2189 return 0;
2190
2191 defctxnull = OSSL_PROVIDER_load(NULL, "null");
2192
2193 /*
2194 * Verify that the default and fips providers in the default libctx are not
2195 * available
2196 */
2197 if (!TEST_false(OSSL_PROVIDER_available(NULL, "default"))
2198 || !TEST_false(OSSL_PROVIDER_available(NULL, "fips")))
2199 goto err;
2200
2201 if (!test_skip_common_options()) {
2202 TEST_error("Error parsing test options\n");
2203 goto err;
2204 }
2205
2206 if (!TEST_ptr(modulename = test_get_argument(0))
2207 || !TEST_ptr(configfile = test_get_argument(1))
2208 || !TEST_ptr(certsdir = test_get_argument(2))
2209 || !TEST_ptr(datadir = test_get_argument(3)))
2210 goto err;
2211
2212 if (!TEST_true(OSSL_LIB_CTX_load_config(libctx, configfile)))
2213 goto err;
2214
2215 /* Check we have the expected provider available */
2216 if (!TEST_true(OSSL_PROVIDER_available(libctx, modulename)))
2217 goto err;
2218
2219 /* Check the default provider is not available */
2220 if (strcmp(modulename, "default") != 0
2221 && !TEST_false(OSSL_PROVIDER_available(libctx, "default")))
2222 goto err;
2223
2224 if (strcmp(modulename, "fips") == 0)
2225 is_fips = 1;
2226
2227 cert = test_mk_file_path(certsdir, "servercert.pem");
2228 if (cert == NULL)
2229 goto err;
2230
2231 ccert = test_mk_file_path(certsdir, "ee-client-chain.pem");
2232 if (ccert == NULL)
2233 goto err;
2234
2235 cauthca = test_mk_file_path(certsdir, "root-cert.pem");
2236 if (cauthca == NULL)
2237 goto err;
2238
2239 privkey = test_mk_file_path(certsdir, "serverkey.pem");
2240 if (privkey == NULL)
2241 goto err;
2242
2243 cprivkey = test_mk_file_path(certsdir, "ee-key.pem");
2244 if (privkey == NULL)
2245 goto err;
2246
2247 ADD_ALL_TESTS(test_quic_write_read, 3);
2248 ADD_TEST(test_fin_only_blocking);
2249 ADD_TEST(test_ciphersuites);
2250 ADD_TEST(test_cipher_find);
2251 ADD_TEST(test_version);
2252 #if defined(DO_SSL_TRACE_TEST)
2253 ADD_TEST(test_ssl_trace);
2254 #endif
2255 ADD_TEST(test_quic_forbidden_apis_ctx);
2256 ADD_TEST(test_quic_forbidden_apis);
2257 ADD_TEST(test_quic_forbidden_options);
2258 ADD_ALL_TESTS(test_quic_set_fd, 3);
2259 ADD_TEST(test_bio_ssl);
2260 ADD_TEST(test_back_pressure);
2261 ADD_TEST(test_multiple_dgrams);
2262 ADD_ALL_TESTS(test_non_io_retry, 2);
2263 ADD_TEST(test_quic_psk);
2264 ADD_ALL_TESTS(test_client_auth, 3);
2265 ADD_ALL_TESTS(test_alpn, 2);
2266 ADD_ALL_TESTS(test_noisy_dgram, 2);
2267 ADD_TEST(test_bw_limit);
2268 ADD_TEST(test_get_shutdown);
2269 ADD_ALL_TESTS(test_tparam, OSSL_NELEM(tparam_tests));
2270
2271 return 1;
2272 err:
2273 cleanup_tests();
2274 return 0;
2275 }
2276
cleanup_tests(void)2277 void cleanup_tests(void)
2278 {
2279 bio_f_noisy_dgram_filter_free();
2280 bio_f_pkt_split_dgram_filter_free();
2281 OPENSSL_free(cert);
2282 OPENSSL_free(privkey);
2283 OPENSSL_free(ccert);
2284 OPENSSL_free(cauthca);
2285 OPENSSL_free(cprivkey);
2286 OSSL_PROVIDER_unload(defctxnull);
2287 OSSL_LIB_CTX_free(libctx);
2288 }
2289