xref: /freebsd/crypto/openssl/test/quicapitest.c (revision 046c625e9382e17da953767b881aaa782fa73af8)
1 /*
2  * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 #include <stdio.h>
11 #include <string.h>
12 
13 #include <openssl/opensslconf.h>
14 #include <openssl/quic.h>
15 #include <openssl/rand.h>
16 
17 #include "helpers/ssltestlib.h"
18 #include "helpers/quictestlib.h"
19 #include "testutil.h"
20 #include "testutil/output.h"
21 #include "../ssl/ssl_local.h"
22 #include "internal/quic_error.h"
23 
24 static OSSL_LIB_CTX *libctx = NULL;
25 static OSSL_PROVIDER *defctxnull = NULL;
26 static char *certsdir = NULL;
27 static char *cert = NULL;
28 static char *ccert = NULL;
29 static char *cauthca = NULL;
30 static char *privkey = NULL;
31 static char *cprivkey = NULL;
32 static char *datadir = NULL;
33 
34 static int is_fips = 0;
35 
36 /* The ssltrace test assumes some options are switched on/off */
37 #if !defined(OPENSSL_NO_SSL_TRACE) \
38     && defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) \
39     && !defined(OPENSSL_NO_ECX) && !defined(OPENSSL_NO_DH) \
40     && !defined(OPENSSL_NO_ML_DSA) && !defined(OPENSSL_NO_ML_KEM)
41 # define DO_SSL_TRACE_TEST
42 #endif
43 
44 /*
45  * Test that we read what we've written.
46  * Test 0: Non-blocking
47  * Test 1: Blocking
48  * Test 2: Blocking, introduce socket error, test error handling.
49  */
test_quic_write_read(int idx)50 static int test_quic_write_read(int idx)
51 {
52     SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
53     SSL_CTX *sctx = NULL;
54     SSL *clientquic = NULL;
55     QUIC_TSERVER *qtserv = NULL;
56     int j, k, ret = 0;
57     unsigned char buf[20], scratch[64];
58     static char *msg = "A test message";
59     size_t msglen = strlen(msg);
60     size_t numbytes = 0;
61     int ssock = 0, csock = 0;
62     uint64_t sid = UINT64_MAX;
63     SSL_SESSION *sess = NULL;
64 
65     if (idx >= 1 && !qtest_supports_blocking())
66         return TEST_skip("Blocking tests not supported in this build");
67 
68     for (k = 0; k < 2; k++) {
69         if (!TEST_ptr(cctx)
70                 || !TEST_true(qtest_create_quic_objects(libctx, cctx, sctx,
71                                                         cert, privkey,
72                                                         idx >= 1
73                                                             ? QTEST_FLAG_BLOCK
74                                                             : 0,
75                                                         &qtserv, &clientquic,
76                                                         NULL, NULL))
77                 || !TEST_true(SSL_set_tlsext_host_name(clientquic, "localhost")))
78             goto end;
79 
80         if (sess != NULL && !TEST_true(SSL_set_session(clientquic, sess)))
81             goto end;
82 
83         if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
84             goto end;
85 
86         if (idx >= 1) {
87             if (!TEST_true(BIO_get_fd(ossl_quic_tserver_get0_rbio(qtserv),
88                                       &ssock)))
89                 goto end;
90             if (!TEST_int_gt(csock = SSL_get_rfd(clientquic), 0))
91                 goto end;
92         }
93 
94         sid = 0; /* client-initiated bidirectional stream */
95 
96         for (j = 0; j < 2; j++) {
97             /* Check that sending and receiving app data is ok */
98             if (!TEST_true(SSL_write_ex(clientquic, msg, msglen, &numbytes))
99                 || !TEST_size_t_eq(numbytes, msglen))
100                 goto end;
101             if (idx >= 1) {
102                 do {
103                     if (!TEST_true(wait_until_sock_readable(ssock)))
104                         goto end;
105 
106                     ossl_quic_tserver_tick(qtserv);
107 
108                     if (!TEST_true(ossl_quic_tserver_read(qtserv, sid, buf,
109                                                           sizeof(buf),
110                                                           &numbytes)))
111                         goto end;
112                 } while (numbytes == 0);
113 
114                 if (!TEST_mem_eq(buf, numbytes, msg, msglen))
115                     goto end;
116             }
117 
118             if (idx >= 2 && j > 0)
119                 /* Introduce permanent socket error */
120                 BIO_closesocket(csock);
121 
122             ossl_quic_tserver_tick(qtserv);
123             if (!TEST_true(ossl_quic_tserver_write(qtserv, sid,
124                                                    (unsigned char *)msg,
125                                                    msglen, &numbytes)))
126                 goto end;
127             ossl_quic_tserver_tick(qtserv);
128             SSL_handle_events(clientquic);
129 
130             if (idx >= 2 && j > 0) {
131                 if (!TEST_false(SSL_read_ex(clientquic, buf, 1, &numbytes))
132                         || !TEST_int_eq(SSL_get_error(clientquic, 0),
133                                         SSL_ERROR_SYSCALL)
134                         || !TEST_false(SSL_write_ex(clientquic, msg, msglen,
135                                                     &numbytes))
136                         || !TEST_int_eq(SSL_get_error(clientquic, 0),
137                                         SSL_ERROR_SYSCALL))
138                     goto end;
139                 break;
140             }
141 
142             /*
143             * In blocking mode the SSL_read_ex call will block until the socket
144             * is readable and has our data. In non-blocking mode we're doing
145             * everything in memory, so it should be immediately available
146             */
147             if (!TEST_true(SSL_read_ex(clientquic, buf, 1, &numbytes))
148                     || !TEST_size_t_eq(numbytes, 1)
149                     || !TEST_true(SSL_has_pending(clientquic))
150                     || !TEST_int_eq(SSL_pending(clientquic), msglen - 1)
151                     || !TEST_true(SSL_read_ex(clientquic, buf + 1,
152                                               sizeof(buf) - 1, &numbytes))
153                     || !TEST_mem_eq(buf, numbytes + 1, msg, msglen))
154                 goto end;
155         }
156 
157         /* Test that exporters work. */
158         if (!TEST_true(SSL_export_keying_material(clientquic, scratch,
159                         sizeof(scratch), "test", 4, (unsigned char *)"ctx", 3,
160                         1)))
161             goto end;
162 
163         if (sess == NULL) {
164             /* We didn't supply a session so we're not expecting resumption */
165             if (!TEST_false(SSL_session_reused(clientquic)))
166                 goto end;
167             /* We should have a session ticket by now */
168             sess = SSL_get1_session(clientquic);
169             if (!TEST_ptr(sess))
170                 goto end;
171         } else {
172             /* We supplied a session so we should have resumed */
173             if (!TEST_true(SSL_session_reused(clientquic)))
174                 goto end;
175         }
176 
177         if (!TEST_true(qtest_shutdown(qtserv, clientquic)))
178             goto end;
179 
180         if (sctx == NULL) {
181             sctx = ossl_quic_tserver_get0_ssl_ctx(qtserv);
182             if (!TEST_true(SSL_CTX_up_ref(sctx))) {
183                 sctx = NULL;
184                 goto end;
185             }
186         }
187         ossl_quic_tserver_free(qtserv);
188         qtserv = NULL;
189         SSL_free(clientquic);
190         clientquic = NULL;
191 
192         if (idx >= 2)
193             break;
194     }
195 
196     ret = 1;
197 
198  end:
199     SSL_SESSION_free(sess);
200     ossl_quic_tserver_free(qtserv);
201     SSL_free(clientquic);
202     SSL_CTX_free(cctx);
203     SSL_CTX_free(sctx);
204 
205     return ret;
206 }
207 
208 /*
209  * Test that sending FIN with no data to a client blocking in SSL_read_ex() will
210  * wake up the client.
211  */
test_fin_only_blocking(void)212 static int test_fin_only_blocking(void)
213 {
214     SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
215     SSL_CTX *sctx = NULL;
216     SSL *clientquic = NULL;
217     QUIC_TSERVER *qtserv = NULL;
218     const char *msg = "Hello World";
219     uint64_t sid;
220     size_t numbytes;
221     unsigned char buf[32];
222     int ret = 0;
223     OSSL_TIME timer, timediff;
224 
225     if (!qtest_supports_blocking())
226         return TEST_skip("Blocking tests not supported in this build");
227 
228     if (!TEST_ptr(cctx)
229             || !TEST_true(qtest_create_quic_objects(libctx, cctx, sctx,
230                                                     cert, privkey,
231                                                     QTEST_FLAG_BLOCK,
232                                                     &qtserv, &clientquic,
233                                                     NULL, NULL))
234             || !TEST_true(SSL_set_tlsext_host_name(clientquic, "localhost")))
235         goto end;
236 
237     if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
238         goto end;
239 
240     if (!TEST_true(ossl_quic_tserver_stream_new(qtserv, 0, &sid))
241             || !TEST_true(ossl_quic_tserver_write(qtserv, sid,
242                                                   (unsigned char *)msg,
243                                                   strlen(msg), &numbytes))
244             || !TEST_size_t_eq(strlen(msg), numbytes))
245         goto end;
246 
247     ossl_quic_tserver_tick(qtserv);
248 
249     if (!TEST_true(SSL_read_ex(clientquic, buf, sizeof(buf), &numbytes))
250             || !TEST_mem_eq(msg, strlen(msg), buf, numbytes))
251 
252 
253         goto end;
254 
255     if (!TEST_true(ossl_quic_tserver_conclude(qtserv, sid)))
256         goto end;
257 
258     timer = ossl_time_now();
259     if (!TEST_false(SSL_read_ex(clientquic, buf, sizeof(buf), &numbytes)))
260         goto end;
261     timediff = ossl_time_subtract(ossl_time_now(), timer);
262 
263     if (!TEST_int_eq(SSL_get_error(clientquic, 0), SSL_ERROR_ZERO_RETURN)
264                /*
265                 * We expect the SSL_read_ex to not have blocked so this should
266                 * be very fast. 40ms should be plenty.
267                 */
268             || !TEST_uint64_t_le(ossl_time2ms(timediff), 40))
269         goto end;
270 
271     if (!TEST_true(qtest_shutdown(qtserv, clientquic)))
272         goto end;
273 
274     ret = 1;
275 
276  end:
277     ossl_quic_tserver_free(qtserv);
278     SSL_free(clientquic);
279     SSL_CTX_free(cctx);
280     SSL_CTX_free(sctx);
281 
282     return ret;
283 }
284 
285 /* Test that a vanilla QUIC SSL object has the expected ciphersuites available */
test_ciphersuites(void)286 static int test_ciphersuites(void)
287 {
288     SSL_CTX *ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
289     SSL *ssl = NULL;
290     int testresult = 0;
291     const STACK_OF(SSL_CIPHER) *ciphers = NULL;
292     const SSL_CIPHER *cipher;
293     /* We expect this exact list of ciphersuites by default */
294     int cipherids[] = {
295         TLS1_3_CK_AES_256_GCM_SHA384,
296 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
297         TLS1_3_CK_CHACHA20_POLY1305_SHA256,
298 #endif
299         TLS1_3_CK_AES_128_GCM_SHA256
300     };
301     size_t i, j;
302 
303     if (!TEST_ptr(ctx))
304         return 0;
305 
306     /*
307      * Attempting to set TLSv1.2 ciphersuites should succeed, even though they
308      * aren't used in QUIC.
309      */
310     if (!TEST_true(SSL_CTX_set_cipher_list(ctx, "DEFAULT")))
311         goto err;
312 
313     ssl = SSL_new(ctx);
314     if (!TEST_ptr(ssl))
315         goto err;
316 
317     if (!TEST_true(SSL_set_cipher_list(ssl, "DEFAULT")))
318         goto err;
319 
320     ciphers = SSL_get_ciphers(ssl);
321 
322     for (i = 0, j = 0; i < OSSL_NELEM(cipherids); i++) {
323         if (cipherids[i] == TLS1_3_CK_CHACHA20_POLY1305_SHA256 && is_fips)
324             continue;
325         cipher = sk_SSL_CIPHER_value(ciphers, j++);
326         if (!TEST_ptr(cipher))
327             goto err;
328         if (!TEST_uint_eq(SSL_CIPHER_get_id(cipher), cipherids[i]))
329             goto err;
330     }
331 
332     /* We should have checked all the ciphers in the stack */
333     if (!TEST_int_eq(sk_SSL_CIPHER_num(ciphers), j))
334         goto err;
335 
336     testresult = 1;
337  err:
338     SSL_free(ssl);
339     SSL_CTX_free(ctx);
340 
341     return testresult;
342 }
343 
test_cipher_find(void)344 static int test_cipher_find(void)
345 {
346     SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
347     SSL *clientquic = NULL;
348     struct {
349         const unsigned char *cipherbytes;
350         int ok;
351     } testciphers[]  = {
352         { TLS13_AES_128_GCM_SHA256_BYTES, 1 },
353         { TLS13_AES_256_GCM_SHA384_BYTES, 1 },
354         { TLS13_CHACHA20_POLY1305_SHA256_BYTES, 1 },
355         { TLS13_AES_128_CCM_SHA256_BYTES, 0 },
356         { TLS13_AES_128_CCM_8_SHA256_BYTES, 0 },
357 #if !defined(OPENSSL_NO_INTEGRITY_ONLY_CIPHERS)
358         { TLS13_SHA256_SHA256_BYTES, 0 },
359         { TLS13_SHA384_SHA384_BYTES, 0 }
360 #endif
361     };
362     size_t i;
363     int testresult = 0;
364 
365     if (!TEST_ptr(cctx))
366         goto err;
367 
368     clientquic = SSL_new(cctx);
369     if (!TEST_ptr(clientquic))
370         goto err;
371 
372     for (i = 0; i < OSSL_NELEM(testciphers); i++)
373         if (testciphers[i].ok) {
374             if (!TEST_ptr(SSL_CIPHER_find(clientquic,
375                                           testciphers[i].cipherbytes)))
376                 goto err;
377         } else {
378             if (!TEST_ptr_null(SSL_CIPHER_find(clientquic,
379                                                testciphers[i].cipherbytes)))
380                 goto err;
381         }
382 
383     testresult = 1;
384  err:
385     SSL_free(clientquic);
386     SSL_CTX_free(cctx);
387 
388     return testresult;
389 }
390 
391 /*
392  * Test that SSL_version, SSL_get_version, SSL_is_quic, SSL_is_tls and
393  * SSL_is_dtls return the expected results for a QUIC connection. Compare with
394  * test_version() in sslapitest.c which does the same thing for TLS/DTLS
395  * connections.
396  */
test_version(void)397 static int test_version(void)
398 {
399     SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
400     SSL *clientquic = NULL;
401     QUIC_TSERVER *qtserv = NULL;
402     int testresult = 0;
403 
404     if (!TEST_ptr(cctx)
405             || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
406                                                     privkey, 0, &qtserv,
407                                                     &clientquic, NULL, NULL))
408             || !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
409         goto err;
410 
411     if (!TEST_int_eq(SSL_version(clientquic), OSSL_QUIC1_VERSION)
412             || !TEST_str_eq(SSL_get_version(clientquic), "QUICv1"))
413         goto err;
414 
415     if (!TEST_true(SSL_is_quic(clientquic))
416             || !TEST_false(SSL_is_tls(clientquic))
417             || !TEST_false(SSL_is_dtls(clientquic)))
418         goto err;
419 
420 
421     testresult = 1;
422  err:
423     ossl_quic_tserver_free(qtserv);
424     SSL_free(clientquic);
425     SSL_CTX_free(cctx);
426 
427     return testresult;
428 }
429 
430 #if defined(DO_SSL_TRACE_TEST)
431 /*
432  * Tests that the SSL_trace() msg_callback works as expected with a QUIC
433  * connection. This also provides testing of the msg_callback at the same time.
434  */
test_ssl_trace(void)435 static int test_ssl_trace(void)
436 {
437     SSL_CTX *cctx = NULL;
438     SSL *clientquic = NULL;
439     QUIC_TSERVER *qtserv = NULL;
440     int testresult = 0;
441     BIO *bio = NULL;
442     char *reffile = NULL;
443 
444     if (!TEST_ptr(cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()))
445             || !TEST_ptr(bio = BIO_new(BIO_s_mem()))
446             || !TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_128_GCM_SHA256"))
447             || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
448                                                     privkey,
449                                                     QTEST_FLAG_FAKE_TIME,
450                                                     &qtserv,
451                                                     &clientquic, NULL, NULL)))
452         goto err;
453 
454     SSL_set_msg_callback(clientquic, SSL_trace);
455     SSL_set_msg_callback_arg(clientquic, bio);
456 
457     if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
458         goto err;
459 
460     /* Skip the comparison of the trace when the fips provider is used. */
461     if (is_fips) {
462         /* Check whether there was something written. */
463         if (!TEST_int_gt(BIO_pending(bio), 0))
464             goto err;
465     } else {
466 
467 # ifdef OPENSSL_NO_ZLIB
468         reffile = test_mk_file_path(datadir, "ssltraceref.txt");
469 # else
470         reffile = test_mk_file_path(datadir, "ssltraceref-zlib.txt");
471 # endif
472         if (!TEST_true(compare_with_reference_file(bio, reffile)))
473             goto err;
474     }
475 
476     testresult = 1;
477  err:
478     ossl_quic_tserver_free(qtserv);
479     SSL_free(clientquic);
480     SSL_CTX_free(cctx);
481     BIO_free(bio);
482     OPENSSL_free(reffile);
483 
484     return testresult;
485 }
486 #endif
487 
488 #ifndef OPENSSL_NO_SSL_TRACE
489 enum {
490     INITIAL = 0,
491     GATHER_TOKEN = 1,
492     CHECK_TOKEN = 2,
493     SUCCESS = 3,
494     FAILED = 4
495 };
496 
find_new_token_data(BIO * membio)497 static int find_new_token_data(BIO *membio)
498 {
499     char buf[1024];
500     int state = INITIAL;
501     char *tmpstring;
502     char *tokenval = NULL;
503     /*
504      * This is a state machine, in which we traverse the ssl trace
505      * looking for a sequence of items
506      * The states are:
507      * +---Current State---|----------Action-------------|---Next State---+
508      * |      INITIAL      | "Received Frame: New token" | GATHER_TOKEN   |
509      * |                   | !"Received Frame: New token"| INITIAL        |
510      * |-------------------|-----------------------------|----------------|
511      * |    GATHER_TOKEN   | "Token: <TOKENVAL>"         | CHECK_TOKEN    |
512      * |                   | !"Token: <TOKENVAL>"        | FAILED         |
513      * |-------------------|-----------------------------|----------------|
514      * |    CHECK_TOKEN    | "Token: <TOKENVAL>"         | SUCCESS        |
515      * |                   | EOF                         | FAILED         |
516      * +-------------------|-----------------------------|----------------|
517      */
518 
519     while (state != SUCCESS
520            && state != FAILED
521            && BIO_gets(membio, buf, sizeof(buf)) > 0) {
522         switch (state) {
523         case INITIAL:
524             if (strstr(buf, "Received Frame: New token"))
525                 state = GATHER_TOKEN;
526             break;
527         case GATHER_TOKEN:
528             TEST_info("Found New Token Marker\n");
529             tmpstring = strstr(buf, "Token: ");
530             if (tmpstring == NULL) {
531                 TEST_info("Next line did not contain a new token\n");
532                 state = FAILED;
533             } else {
534                 if (!TEST_ptr(tokenval = OPENSSL_strdup(tmpstring)))
535                     return 0;
536                 state = CHECK_TOKEN;
537                 TEST_info("Recorded Token %s\n", tokenval);
538             }
539             break;
540         case CHECK_TOKEN:
541             tmpstring = strstr(buf, "Token: ");
542             if (tmpstring != NULL
543                 && !strcmp(tmpstring, tokenval)) {
544                 state = SUCCESS;
545                 TEST_info("Matched next connection token %s\n", tmpstring);
546             }
547         default:
548             break;
549         }
550     }
551 
552     OPENSSL_free(tokenval);
553     return (state == SUCCESS);
554 }
555 
test_new_token(void)556 static int test_new_token(void)
557 {
558     SSL_CTX *cctx = NULL;
559     SSL *clientquic = NULL;
560     SSL *clientquic2 = NULL;
561     QUIC_TSERVER *qtserv = NULL;
562     QUIC_TSERVER *qtserv2 = NULL;
563     int testresult = 0;
564     BIO *bio = NULL;
565     char msg[] = "The Quic Brown Fox";
566     size_t written;
567 
568     if (!TEST_ptr(cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()))
569         || !TEST_ptr(bio = BIO_new(BIO_s_mem()))
570         || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
571                                                 privkey,
572                                                 QTEST_FLAG_FAKE_TIME,
573                                                 &qtserv,
574                                                 &clientquic, NULL, NULL)))
575 
576         goto err;
577 
578     SSL_set_msg_callback(clientquic, SSL_trace);
579     SSL_set_msg_callback_arg(clientquic, bio);
580 
581     if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
582         goto err;
583 
584     /* Send data from the client */
585     if (!SSL_write_ex(clientquic, msg, sizeof(msg), &written))
586         goto err;
587 
588     if (written != sizeof(msg))
589         goto err;
590 
591     /* Receive data at the server */
592     ossl_quic_tserver_tick(qtserv);
593 
594     if (!TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
595                                              privkey,
596                                              QTEST_FLAG_FAKE_TIME,
597                                              &qtserv2,
598                                              &clientquic2, NULL, NULL)))
599         goto err;
600 
601     SSL_set_msg_callback(clientquic2, SSL_trace);
602     SSL_set_msg_callback_arg(clientquic2, bio);
603 
604     /* once we have our new token, create the subsequent connection */
605     if (!TEST_true(qtest_create_quic_connection(qtserv2, clientquic2)))
606         goto err;
607 
608     /* Skip the comparison of the trace when the fips provider is used. */
609     if (!TEST_true(find_new_token_data(bio)))
610         goto err;
611 
612     testresult = 1;
613  err:
614     ossl_quic_tserver_free(qtserv);
615     ossl_quic_tserver_free(qtserv2);
616     SSL_free(clientquic);
617     SSL_free(clientquic2);
618     SSL_CTX_free(cctx);
619     BIO_free(bio);
620 
621     return testresult;
622 }
623 #endif
624 
ensure_valid_ciphers(const STACK_OF (SSL_CIPHER)* ciphers)625 static int ensure_valid_ciphers(const STACK_OF(SSL_CIPHER) *ciphers)
626 {
627     size_t i;
628 
629     /* Ensure ciphersuite list is suitably subsetted. */
630     for (i = 0; i < (size_t)sk_SSL_CIPHER_num(ciphers); ++i) {
631         const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(ciphers, i);
632         switch (SSL_CIPHER_get_id(cipher)) {
633             case TLS1_3_CK_AES_128_GCM_SHA256:
634             case TLS1_3_CK_AES_256_GCM_SHA384:
635             case TLS1_3_CK_CHACHA20_POLY1305_SHA256:
636                 break;
637             default:
638                 TEST_error("forbidden cipher: %s", SSL_CIPHER_get_name(cipher));
639                 return 0;
640         }
641     }
642 
643     return 1;
644 }
645 
646 /*
647  * Test that handshake-layer APIs which shouldn't work don't work with QUIC.
648  */
test_quic_forbidden_apis_ctx(void)649 static int test_quic_forbidden_apis_ctx(void)
650 {
651     int testresult = 0;
652     SSL_CTX *ctx = NULL;
653 
654     if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
655         goto err;
656 
657 #ifndef OPENSSL_NO_SRTP
658     /* This function returns 0 on success and 1 on error, and should fail. */
659     if (!TEST_true(SSL_CTX_set_tlsext_use_srtp(ctx, "SRTP_AEAD_AES_128_GCM")))
660         goto err;
661 #endif
662 
663     /*
664      * List of ciphersuites we do and don't allow in QUIC.
665      */
666 #define QUIC_CIPHERSUITES \
667     "TLS_AES_128_GCM_SHA256:"           \
668     "TLS_AES_256_GCM_SHA384:"           \
669     "TLS_CHACHA20_POLY1305_SHA256"
670 
671 #define NON_QUIC_CIPHERSUITES           \
672     "TLS_AES_128_CCM_SHA256:"           \
673     "TLS_AES_256_CCM_SHA384:"           \
674     "TLS_AES_128_CCM_8_SHA256:"         \
675     "TLS_SHA256_SHA256:"                \
676     "TLS_SHA384_SHA384"
677 
678     /* Set TLSv1.3 ciphersuite list for the SSL_CTX. */
679     if (!TEST_true(SSL_CTX_set_ciphersuites(ctx,
680                                             QUIC_CIPHERSUITES ":"
681                                             NON_QUIC_CIPHERSUITES)))
682         goto err;
683 
684     /*
685      * Forbidden ciphersuites should show up in SSL_CTX accessors, they are only
686      * filtered in SSL_get1_supported_ciphers, so we don't check for
687      * non-inclusion here.
688      */
689 
690     testresult = 1;
691 err:
692     SSL_CTX_free(ctx);
693     return testresult;
694 }
695 
test_quic_forbidden_apis(void)696 static int test_quic_forbidden_apis(void)
697 {
698     int testresult = 0;
699     SSL_CTX *ctx = NULL;
700     SSL *ssl = NULL;
701     STACK_OF(SSL_CIPHER) *ciphers = NULL;
702 
703     if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
704         goto err;
705 
706     if (!TEST_ptr(ssl = SSL_new(ctx)))
707         goto err;
708 
709 #ifndef OPENSSL_NO_SRTP
710     /* This function returns 0 on success and 1 on error, and should fail. */
711     if (!TEST_true(SSL_set_tlsext_use_srtp(ssl, "SRTP_AEAD_AES_128_GCM")))
712         goto err;
713 #endif
714 
715     /* Set TLSv1.3 ciphersuite list for the SSL_CTX. */
716     if (!TEST_true(SSL_set_ciphersuites(ssl,
717                                         QUIC_CIPHERSUITES ":"
718                                         NON_QUIC_CIPHERSUITES)))
719         goto err;
720 
721     /* Non-QUIC ciphersuites must not appear in supported ciphers list. */
722     if (!TEST_ptr(ciphers = SSL_get1_supported_ciphers(ssl))
723         || !TEST_true(ensure_valid_ciphers(ciphers)))
724         goto err;
725 
726     testresult = 1;
727 err:
728     sk_SSL_CIPHER_free(ciphers);
729     SSL_free(ssl);
730     SSL_CTX_free(ctx);
731     return testresult;
732 }
733 
test_quic_forbidden_options(void)734 static int test_quic_forbidden_options(void)
735 {
736     int testresult = 0;
737     SSL_CTX *ctx = NULL;
738     SSL *ssl = NULL;
739     char buf[16];
740     size_t len;
741 
742     if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
743         goto err;
744 
745     /* QUIC options restrictions do not affect SSL_CTX */
746     SSL_CTX_set_options(ctx, UINT64_MAX);
747 
748     if (!TEST_uint64_t_eq(SSL_CTX_get_options(ctx), UINT64_MAX))
749         goto err;
750 
751     /* Set options on CTX which should not be inherited (tested below). */
752     SSL_CTX_set_read_ahead(ctx, 1);
753     SSL_CTX_set_max_early_data(ctx, 1);
754     SSL_CTX_set_recv_max_early_data(ctx, 1);
755     SSL_CTX_set_quiet_shutdown(ctx, 1);
756 
757     if (!TEST_ptr(ssl = SSL_new(ctx)))
758         goto err;
759 
760     /* Only permitted options get transferred to SSL object */
761     if (!TEST_uint64_t_eq(SSL_get_options(ssl), OSSL_QUIC_PERMITTED_OPTIONS))
762         goto err;
763 
764     /* Try again using SSL_set_options */
765     SSL_set_options(ssl, UINT64_MAX);
766 
767     if (!TEST_uint64_t_eq(SSL_get_options(ssl), OSSL_QUIC_PERMITTED_OPTIONS))
768         goto err;
769 
770     /* Clear everything */
771     SSL_clear_options(ssl, UINT64_MAX);
772 
773     if (!TEST_uint64_t_eq(SSL_get_options(ssl), 0))
774         goto err;
775 
776     /* Readahead */
777     if (!TEST_false(SSL_get_read_ahead(ssl)))
778         goto err;
779 
780     SSL_set_read_ahead(ssl, 1);
781     if (!TEST_false(SSL_get_read_ahead(ssl)))
782         goto err;
783 
784     /* Block padding */
785     if (!TEST_true(SSL_set_block_padding(ssl, 0))
786         || !TEST_true(SSL_set_block_padding(ssl, 1))
787         || !TEST_false(SSL_set_block_padding(ssl, 2)))
788         goto err;
789 
790     /* Max fragment length */
791     if (!TEST_true(SSL_set_tlsext_max_fragment_length(ssl, TLSEXT_max_fragment_length_DISABLED))
792         || !TEST_false(SSL_set_tlsext_max_fragment_length(ssl, TLSEXT_max_fragment_length_512)))
793         goto err;
794 
795     /* Max early data */
796     if (!TEST_false(SSL_set_recv_max_early_data(ssl, 1))
797         || !TEST_false(SSL_set_max_early_data(ssl, 1)))
798         goto err;
799 
800     /* Read/Write */
801     if (!TEST_false(SSL_read_early_data(ssl, buf, sizeof(buf), &len))
802         || !TEST_false(SSL_write_early_data(ssl, buf, sizeof(buf), &len)))
803         goto err;
804 
805     /* Buffer Management */
806     if (!TEST_true(SSL_alloc_buffers(ssl))
807         || !TEST_false(SSL_free_buffers(ssl)))
808         goto err;
809 
810     /* Pipelining */
811     if (!TEST_false(SSL_set_max_send_fragment(ssl, 2))
812         || !TEST_false(SSL_set_split_send_fragment(ssl, 2))
813         || !TEST_false(SSL_set_max_pipelines(ssl, 2)))
814         goto err;
815 
816     /* HRR */
817     if  (!TEST_false(SSL_stateless(ssl)))
818         goto err;
819 
820     /* Quiet Shutdown */
821     if (!TEST_false(SSL_get_quiet_shutdown(ssl)))
822         goto err;
823 
824     /* No duplication */
825     if (!TEST_ptr_null(SSL_dup(ssl)))
826         goto err;
827 
828     /* No clear */
829     if (!TEST_false(SSL_clear(ssl)))
830         goto err;
831 
832     testresult = 1;
833 err:
834     SSL_free(ssl);
835     SSL_CTX_free(ctx);
836     return testresult;
837 }
838 
test_quic_set_fd(int idx)839 static int test_quic_set_fd(int idx)
840 {
841     int testresult = 0;
842     SSL_CTX *ctx = NULL;
843     SSL *ssl = NULL;
844     int fd = -1, resfd = -1;
845     BIO *bio = NULL;
846 
847     if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
848         goto err;
849 
850     if (!TEST_ptr(ssl = SSL_new(ctx)))
851         goto err;
852 
853     if (!TEST_int_ge(fd = BIO_socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP, 0), 0))
854         goto err;
855 
856     if (idx == 0) {
857         if (!TEST_true(SSL_set_fd(ssl, fd)))
858             goto err;
859         if (!TEST_ptr(bio = SSL_get_rbio(ssl)))
860             goto err;
861         if (!TEST_ptr_eq(bio, SSL_get_wbio(ssl)))
862             goto err;
863     } else if (idx == 1) {
864         if (!TEST_true(SSL_set_rfd(ssl, fd)))
865             goto err;
866         if (!TEST_ptr(bio = SSL_get_rbio(ssl)))
867             goto err;
868         if (!TEST_ptr_null(SSL_get_wbio(ssl)))
869             goto err;
870     } else {
871         if (!TEST_true(SSL_set_wfd(ssl, fd)))
872             goto err;
873         if (!TEST_ptr(bio = SSL_get_wbio(ssl)))
874             goto err;
875         if (!TEST_ptr_null(SSL_get_rbio(ssl)))
876             goto err;
877     }
878 
879     if (!TEST_int_eq(BIO_method_type(bio), BIO_TYPE_DGRAM))
880         goto err;
881 
882     if (!TEST_true(BIO_get_fd(bio, &resfd))
883         || !TEST_int_eq(resfd, fd))
884         goto err;
885 
886     testresult = 1;
887 err:
888     SSL_free(ssl);
889     SSL_CTX_free(ctx);
890     if (fd >= 0)
891         BIO_closesocket(fd);
892     return testresult;
893 }
894 
895 #define MAXLOOPS    1000
896 
test_bio_ssl(void)897 static int test_bio_ssl(void)
898 {
899     /*
900      * We just use OSSL_QUIC_client_method() rather than
901      * OSSL_QUIC_client_thread_method(). We will never leave the connection idle
902      * so we will always be implicitly handling time events anyway via other
903      * IO calls.
904      */
905     SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
906     SSL *clientquic = NULL, *stream = NULL;
907     QUIC_TSERVER *qtserv = NULL;
908     int testresult = 0;
909     BIO *cbio = NULL, *strbio = NULL, *thisbio;
910     const char *msg = "Hello world";
911     int abortctr = 0, err, clienterr = 0, servererr = 0, retc = 0, rets = 0;
912     size_t written, readbytes, msglen;
913     int sid = 0, i;
914     unsigned char buf[80];
915 
916     if (!TEST_ptr(cctx))
917         goto err;
918 
919     cbio = BIO_new_ssl(cctx, 1);
920     if (!TEST_ptr(cbio))
921         goto err;
922 
923     /*
924      * We must configure the ALPN/peer address etc so we get the SSL object in
925      * order to pass it to qtest_create_quic_objects for configuration.
926      */
927     if (!TEST_int_eq(BIO_get_ssl(cbio, &clientquic), 1))
928         goto err;
929 
930     if (!TEST_true(qtest_create_quic_objects(libctx, NULL, NULL, cert, privkey,
931                                              QTEST_FLAG_FAKE_TIME, &qtserv,
932                                              &clientquic, NULL, NULL)))
933         goto err;
934 
935     msglen = strlen(msg);
936 
937     do {
938         err = BIO_FLAGS_WRITE;
939         while (!clienterr && !retc && err == BIO_FLAGS_WRITE) {
940             retc = BIO_write_ex(cbio, msg, msglen, &written);
941             if (!retc) {
942                 if (BIO_should_retry(cbio))
943                     err = BIO_retry_type(cbio);
944                 else
945                     err = 0;
946             }
947         }
948 
949         if (!clienterr && retc <= 0 && err != BIO_FLAGS_READ) {
950             TEST_info("BIO_write_ex() failed %d, %d", retc, err);
951             TEST_openssl_errors();
952             clienterr = 1;
953         }
954 
955         if (!servererr && rets <= 0) {
956             ossl_quic_tserver_tick(qtserv);
957             qtest_add_time(100);
958             servererr = ossl_quic_tserver_is_term_any(qtserv);
959             if (!servererr)
960                 rets = ossl_quic_tserver_is_handshake_confirmed(qtserv);
961         }
962 
963         if (clienterr && servererr)
964             goto err;
965 
966         if (++abortctr == MAXLOOPS) {
967             TEST_info("No progress made");
968             goto err;
969         }
970     } while ((!retc && !clienterr) || (rets <= 0 && !servererr));
971 
972     /*
973      * 2 loops: The first using the default stream, and the second using a new
974      * client initiated bidi stream.
975      */
976     for (i = 0, thisbio = cbio; i < 2; i++) {
977         if (!TEST_true(ossl_quic_tserver_read(qtserv, sid, buf, sizeof(buf),
978                                               &readbytes))
979                 || !TEST_mem_eq(msg, msglen, buf, readbytes))
980             goto err;
981 
982         if (!TEST_true(ossl_quic_tserver_write(qtserv, sid, (unsigned char *)msg,
983                                                msglen, &written)))
984             goto err;
985         ossl_quic_tserver_tick(qtserv);
986 
987         if (!TEST_true(BIO_read_ex(thisbio, buf, sizeof(buf), &readbytes))
988                 || !TEST_mem_eq(msg, msglen, buf, readbytes))
989             goto err;
990 
991         if (i == 1)
992             break;
993 
994         if (!TEST_true(SSL_set_mode(clientquic, 0)))
995             goto err;
996 
997         /*
998          * Now create a new stream and repeat. The bottom two bits of the stream
999          * id represents whether the stream is bidi and whether it is client
1000          * initiated or not. For client initiated bidi they are both 0. So the
1001          * first client initiated bidi stream is 0 and the next one is 4.
1002          */
1003         sid = 4;
1004         stream = SSL_new_stream(clientquic, 0);
1005         if (!TEST_ptr(stream))
1006             goto err;
1007 
1008         if (!TEST_true(SSL_set_mode(stream, 0)))
1009             goto err;
1010 
1011         thisbio = strbio = BIO_new(BIO_f_ssl());
1012         if (!TEST_ptr(strbio))
1013             goto err;
1014 
1015         if (!TEST_int_eq(BIO_set_ssl(thisbio, stream, BIO_CLOSE), 1))
1016             goto err;
1017         stream = NULL;
1018 
1019         if (!TEST_true(BIO_write_ex(thisbio, msg, msglen, &written)))
1020             goto err;
1021 
1022         ossl_quic_tserver_tick(qtserv);
1023     }
1024 
1025     testresult = 1;
1026  err:
1027     BIO_free_all(cbio);
1028     BIO_free_all(strbio);
1029     SSL_free(stream);
1030     ossl_quic_tserver_free(qtserv);
1031     SSL_CTX_free(cctx);
1032 
1033     return testresult;
1034 }
1035 
1036 #define BACK_PRESSURE_NUM_LOOPS 10000
1037 /*
1038  * Test that sending data from the client to the server faster than the server
1039  * can process it eventually results in back pressure on the client.
1040  */
test_back_pressure(void)1041 static int test_back_pressure(void)
1042 {
1043     SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1044     SSL *clientquic = NULL;
1045     QUIC_TSERVER *qtserv = NULL;
1046     int testresult = 0;
1047     unsigned char *msg = NULL;
1048     const size_t msglen = 1024;
1049     unsigned char buf[64];
1050     size_t readbytes, written;
1051     int i;
1052 
1053     if (!TEST_ptr(cctx)
1054             || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
1055                                                     privkey, 0, &qtserv,
1056                                                     &clientquic, NULL, NULL))
1057             || !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1058         goto err;
1059 
1060     msg = OPENSSL_malloc(msglen);
1061     if (!TEST_ptr(msg))
1062         goto err;
1063     if (!TEST_int_eq(RAND_bytes_ex(libctx, msg, msglen, 0), 1))
1064         goto err;
1065 
1066     /*
1067      * Limit to 10000 loops. If we've not seen any back pressure after that
1068      * we're going to run out of memory, so abort.
1069      */
1070     for (i = 0; i < BACK_PRESSURE_NUM_LOOPS; i++) {
1071         /* Send data from the client */
1072         if (!SSL_write_ex(clientquic, msg, msglen, &written)) {
1073             /* Check if we are seeing back pressure */
1074             if (SSL_get_error(clientquic, 0) == SSL_ERROR_WANT_WRITE)
1075                 break;
1076             TEST_error("Unexpected client failure");
1077             goto err;
1078         }
1079 
1080         /* Receive data at the server */
1081         ossl_quic_tserver_tick(qtserv);
1082         if (!TEST_true(ossl_quic_tserver_read(qtserv, 0, buf, sizeof(buf),
1083                                               &readbytes)))
1084             goto err;
1085     }
1086 
1087     if (i == BACK_PRESSURE_NUM_LOOPS) {
1088         TEST_error("No back pressure seen");
1089         goto err;
1090     }
1091 
1092     testresult = 1;
1093  err:
1094     SSL_free(clientquic);
1095     ossl_quic_tserver_free(qtserv);
1096     SSL_CTX_free(cctx);
1097     OPENSSL_free(msg);
1098 
1099     return testresult;
1100 }
1101 
1102 
1103 static int dgram_ctr = 0;
1104 
dgram_cb(int write_p,int version,int content_type,const void * buf,size_t msglen,SSL * ssl,void * arg)1105 static void dgram_cb(int write_p, int version, int content_type,
1106                      const void *buf, size_t msglen, SSL *ssl, void *arg)
1107 {
1108     if (!write_p)
1109         return;
1110 
1111     if (content_type != SSL3_RT_QUIC_DATAGRAM)
1112         return;
1113 
1114     dgram_ctr++;
1115 }
1116 
1117 /* Test that we send multiple datagrams in one go when appropriate */
test_multiple_dgrams(void)1118 static int test_multiple_dgrams(void)
1119 {
1120     SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1121     SSL *clientquic = NULL;
1122     QUIC_TSERVER *qtserv = NULL;
1123     int testresult = 0;
1124     unsigned char *buf;
1125     const size_t buflen = 1400;
1126     size_t written;
1127 
1128     buf = OPENSSL_zalloc(buflen);
1129 
1130     if (!TEST_ptr(cctx)
1131             || !TEST_ptr(buf)
1132             || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
1133                                                     privkey, 0, &qtserv,
1134                                                     &clientquic, NULL, NULL))
1135             || !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1136         goto err;
1137 
1138     dgram_ctr = 0;
1139     SSL_set_msg_callback(clientquic, dgram_cb);
1140     if (!TEST_true(SSL_write_ex(clientquic, buf, buflen, &written))
1141             || !TEST_size_t_eq(written, buflen)
1142                /* We wrote enough data for 2 datagrams */
1143             || !TEST_int_eq(dgram_ctr, 2))
1144         goto err;
1145 
1146     testresult = 1;
1147  err:
1148     OPENSSL_free(buf);
1149     SSL_free(clientquic);
1150     ossl_quic_tserver_free(qtserv);
1151     SSL_CTX_free(cctx);
1152 
1153     return testresult;
1154 }
1155 
non_io_retry_cert_verify_cb(X509_STORE_CTX * ctx,void * arg)1156 static int non_io_retry_cert_verify_cb(X509_STORE_CTX *ctx, void *arg)
1157 {
1158     int idx = SSL_get_ex_data_X509_STORE_CTX_idx();
1159     SSL *ssl;
1160     const int *allow = (int *)arg;
1161 
1162     /* this should not happen but check anyway */
1163     if (idx < 0
1164         || (ssl = X509_STORE_CTX_get_ex_data(ctx, idx)) == NULL)
1165         return 0;
1166 
1167     /* If this is our first attempt then retry */
1168     if (*allow == 0)
1169         return SSL_set_retry_verify(ssl);
1170 
1171     /* Otherwise do nothing - verification succeeds. Continue as normal */
1172     return 1;
1173 }
1174 
1175 /* Test that we can handle a non-io related retry error
1176  * Test 0: Non-blocking
1177  * Test 1: Blocking
1178  */
test_non_io_retry(int idx)1179 static int test_non_io_retry(int idx)
1180 {
1181     SSL_CTX *cctx;
1182     SSL *clientquic = NULL;
1183     QUIC_TSERVER *qtserv = NULL;
1184     int testresult = 0;
1185     int flags = 0, allow = 0;
1186 
1187     if (idx >= 1 && !qtest_supports_blocking())
1188         return TEST_skip("Blocking tests not supported in this build");
1189 
1190     cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1191     if (!TEST_ptr(cctx))
1192         goto err;
1193 
1194     SSL_CTX_set_cert_verify_callback(cctx, non_io_retry_cert_verify_cb, &allow);
1195 
1196     flags = (idx >= 1) ? QTEST_FLAG_BLOCK : 0;
1197     if (!TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert, privkey,
1198                                              flags, &qtserv, &clientquic, NULL,
1199                                              NULL))
1200             || !TEST_true(qtest_create_quic_connection_ex(qtserv, clientquic,
1201                             SSL_ERROR_WANT_RETRY_VERIFY))
1202             || !TEST_int_eq(SSL_want(clientquic), SSL_RETRY_VERIFY))
1203         goto err;
1204 
1205     allow = 1;
1206     if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1207         goto err;
1208 
1209     testresult = 1;
1210  err:
1211     SSL_free(clientquic);
1212     ossl_quic_tserver_free(qtserv);
1213     SSL_CTX_free(cctx);
1214 
1215     return testresult;
1216 }
1217 
1218 static int use_session_cb_cnt = 0;
1219 static int find_session_cb_cnt = 0;
1220 static const char *pskid = "Identity";
1221 static SSL_SESSION *serverpsk = NULL, *clientpsk = NULL;
1222 
use_session_cb(SSL * ssl,const EVP_MD * md,const unsigned char ** id,size_t * idlen,SSL_SESSION ** sess)1223 static int use_session_cb(SSL *ssl, const EVP_MD *md, const unsigned char **id,
1224                           size_t *idlen, SSL_SESSION **sess)
1225 {
1226     use_session_cb_cnt++;
1227 
1228     if (clientpsk == NULL || !SSL_SESSION_up_ref(clientpsk))
1229         return 0;
1230 
1231     *sess = clientpsk;
1232     *id = (const unsigned char *)pskid;
1233     *idlen = strlen(pskid);
1234 
1235     return 1;
1236 }
1237 
find_session_cb(SSL * ssl,const unsigned char * identity,size_t identity_len,SSL_SESSION ** sess)1238 static int find_session_cb(SSL *ssl, const unsigned char *identity,
1239                            size_t identity_len, SSL_SESSION **sess)
1240 {
1241     find_session_cb_cnt++;
1242 
1243     if (serverpsk == NULL || !SSL_SESSION_up_ref(serverpsk))
1244         return 0;
1245 
1246     /* Identity should match that set by the client */
1247     if (strlen(pskid) != identity_len
1248             || strncmp(pskid, (const char *)identity, identity_len) != 0) {
1249         SSL_SESSION_free(serverpsk);
1250         return 0;
1251     }
1252 
1253     *sess = serverpsk;
1254 
1255     return 1;
1256 }
1257 
test_quic_psk(void)1258 static int test_quic_psk(void)
1259 {
1260     SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1261     SSL *clientquic = NULL;
1262     QUIC_TSERVER *qtserv = NULL;
1263     int testresult = 0;
1264 
1265     if (!TEST_ptr(cctx)
1266                /* No cert or private key for the server, i.e. PSK only */
1267             || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, NULL,
1268                                                     NULL, 0, &qtserv,
1269                                                     &clientquic, NULL, NULL)))
1270         goto end;
1271 
1272     SSL_set_psk_use_session_callback(clientquic, use_session_cb);
1273     ossl_quic_tserver_set_psk_find_session_cb(qtserv, find_session_cb);
1274     use_session_cb_cnt = 0;
1275     find_session_cb_cnt = 0;
1276 
1277     clientpsk = serverpsk = create_a_psk(clientquic, SHA384_DIGEST_LENGTH);
1278     /* We already had one ref. Add another one */
1279     if (!TEST_ptr(clientpsk) || !TEST_true(SSL_SESSION_up_ref(clientpsk)))
1280         goto end;
1281 
1282     if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic))
1283             || !TEST_int_eq(1, find_session_cb_cnt)
1284             || !TEST_int_eq(1, use_session_cb_cnt)
1285                /* Check that we actually used the PSK */
1286             || !TEST_true(SSL_session_reused(clientquic)))
1287         goto end;
1288 
1289     testresult = 1;
1290 
1291  end:
1292     SSL_free(clientquic);
1293     ossl_quic_tserver_free(qtserv);
1294     SSL_CTX_free(cctx);
1295     SSL_SESSION_free(clientpsk);
1296     SSL_SESSION_free(serverpsk);
1297     clientpsk = serverpsk = NULL;
1298 
1299     return testresult;
1300 }
1301 
test_client_auth(int idx)1302 static int test_client_auth(int idx)
1303 {
1304     SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1305     SSL_CTX *sctx = SSL_CTX_new_ex(libctx, NULL, TLS_method());
1306     SSL *clientquic = NULL;
1307     QUIC_TSERVER *qtserv = NULL;
1308     int testresult = 0;
1309     unsigned char buf[20];
1310     static char *msg = "A test message";
1311     size_t msglen = strlen(msg);
1312     size_t numbytes = 0;
1313 
1314     if (!TEST_ptr(cctx) || !TEST_ptr(sctx))
1315         goto err;
1316 
1317     SSL_CTX_set_verify(sctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT
1318                              | SSL_VERIFY_CLIENT_ONCE, NULL);
1319 
1320     if (!TEST_true(SSL_CTX_load_verify_file(sctx, cauthca)))
1321         goto err;
1322 
1323     if (idx > 0
1324         && (!TEST_true(SSL_CTX_use_certificate_chain_file(cctx, ccert))
1325             || !TEST_true(SSL_CTX_use_PrivateKey_file(cctx, cprivkey,
1326                                                       SSL_FILETYPE_PEM))))
1327             goto err;
1328 
1329     if (!TEST_true(qtest_create_quic_objects(libctx, cctx, sctx, cert,
1330                                              privkey, 0, &qtserv,
1331                                              &clientquic, NULL, NULL)))
1332         goto err;
1333 
1334     if (idx > 1) {
1335         if (!TEST_true(ssl_ctx_add_large_cert_chain(libctx, cctx, ccert))
1336             || !TEST_true(ssl_ctx_add_large_cert_chain(libctx, sctx, cert)))
1337             goto err;
1338     }
1339 
1340     if (idx == 0) {
1341         if (!TEST_false(qtest_create_quic_connection(qtserv, clientquic)))
1342             goto err;
1343 
1344         /* negative test passed */
1345         testresult = 1;
1346         goto err;
1347     }
1348 
1349     if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1350         goto err;
1351 
1352     /* Check that sending and receiving app data is ok */
1353     if (!TEST_true(SSL_write_ex(clientquic, msg, msglen, &numbytes))
1354         || !TEST_size_t_eq(numbytes, msglen))
1355         goto err;
1356 
1357     ossl_quic_tserver_tick(qtserv);
1358     if (!TEST_true(ossl_quic_tserver_write(qtserv, 0,
1359                                            (unsigned char *)msg,
1360                                            msglen, &numbytes)))
1361         goto err;
1362 
1363     ossl_quic_tserver_tick(qtserv);
1364     SSL_handle_events(clientquic);
1365 
1366     if (!TEST_true(SSL_read_ex(clientquic, buf, sizeof(buf), &numbytes))
1367             || !TEST_size_t_eq(numbytes, msglen)
1368             || !TEST_mem_eq(buf, numbytes, msg, msglen))
1369         goto err;
1370 
1371     if (!TEST_true(qtest_shutdown(qtserv, clientquic)))
1372         goto err;
1373 
1374     testresult = 1;
1375 
1376  err:
1377     SSL_free(clientquic);
1378     ossl_quic_tserver_free(qtserv);
1379     SSL_CTX_free(sctx);
1380     SSL_CTX_free(cctx);
1381 
1382     return testresult;
1383 }
1384 
1385 /*
1386  * Test that we correctly handle ALPN supplied by the application
1387  * Test 0: ALPN is provided
1388  * Test 1: No ALPN is provided
1389  */
test_alpn(int idx)1390 static int test_alpn(int idx)
1391 {
1392     SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1393     SSL *clientquic = NULL;
1394     QUIC_TSERVER *qtserv = NULL;
1395     int testresult = 0;
1396     int ret;
1397 
1398     /*
1399      * Ensure we only configure ciphersuites that are available with both the
1400      * default and fips providers to get the same output in both cases
1401      */
1402     if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_128_GCM_SHA256")))
1403         goto err;
1404 
1405     if (!TEST_ptr(cctx)
1406             || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
1407                                                     privkey,
1408                                                     QTEST_FLAG_FAKE_TIME,
1409                                                     &qtserv,
1410                                                     &clientquic, NULL, NULL)))
1411         goto err;
1412 
1413     if (idx == 0) {
1414         /*
1415         * Clear the ALPN we set in qtest_create_quic_objects. We use TEST_false
1416         * because SSL_set_alpn_protos returns 0 for success.
1417         */
1418         if (!TEST_false(SSL_set_alpn_protos(clientquic, NULL, 0)))
1419             goto err;
1420     }
1421 
1422     ret = SSL_connect(clientquic);
1423     if (!TEST_int_le(ret, 0))
1424         goto err;
1425     if (idx == 0) {
1426         /* We expect an immediate error due to lack of ALPN */
1427         if (!TEST_int_eq(SSL_get_error(clientquic, ret), SSL_ERROR_SSL))
1428             goto err;
1429     } else {
1430         /* ALPN was provided so we expect the connection to succeed */
1431         if (!TEST_int_eq(SSL_get_error(clientquic, ret), SSL_ERROR_WANT_READ)
1432                 || !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1433             goto err;
1434     }
1435 
1436     testresult = 1;
1437  err:
1438     ossl_quic_tserver_free(qtserv);
1439     SSL_free(clientquic);
1440     SSL_CTX_free(cctx);
1441 
1442     return testresult;
1443 }
1444 
1445 /*
1446  * Test SSL_get_shutdown() behavior.
1447  */
test_get_shutdown(void)1448 static int test_get_shutdown(void)
1449 {
1450     SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1451     SSL *clientquic = NULL;
1452     QUIC_TSERVER *qtserv = NULL;
1453     int testresult = 0;
1454 
1455     if (!TEST_ptr(cctx)
1456             || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
1457                                                     privkey,
1458                                                     QTEST_FLAG_FAKE_TIME,
1459                                                     &qtserv, &clientquic,
1460                                                     NULL, NULL))
1461             || !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1462         goto err;
1463 
1464     if (!TEST_int_eq(SSL_get_shutdown(clientquic), 0))
1465         goto err;
1466 
1467     if (!TEST_int_eq(SSL_shutdown(clientquic), 0))
1468         goto err;
1469 
1470     if (!TEST_int_eq(SSL_get_shutdown(clientquic), SSL_SENT_SHUTDOWN))
1471         goto err;
1472 
1473     do {
1474         ossl_quic_tserver_tick(qtserv);
1475         qtest_add_time(100);
1476     } while (SSL_shutdown(clientquic) == 0);
1477 
1478     if (!TEST_int_eq(SSL_get_shutdown(clientquic),
1479                      SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN))
1480         goto err;
1481 
1482     testresult = 1;
1483  err:
1484     ossl_quic_tserver_free(qtserv);
1485     SSL_free(clientquic);
1486     SSL_CTX_free(cctx);
1487 
1488     return testresult;
1489 }
1490 
1491 #define MAX_LOOPS   2000
1492 
1493 /*
1494  * Keep retrying SSL_read_ex until it succeeds or we give up. Accept a stream
1495  * if we don't already have one
1496  */
unreliable_client_read(SSL * clientquic,SSL ** stream,void * buf,size_t buflen,size_t * readbytes,QUIC_TSERVER * qtserv)1497 static int unreliable_client_read(SSL *clientquic, SSL **stream, void *buf,
1498                                   size_t buflen, size_t *readbytes,
1499                                   QUIC_TSERVER *qtserv)
1500 {
1501     int abortctr;
1502 
1503     /* We just do this in a loop with a sleep for simplicity */
1504     for (abortctr = 0; abortctr < MAX_LOOPS; abortctr++) {
1505         if (*stream == NULL) {
1506             SSL_handle_events(clientquic);
1507             *stream = SSL_accept_stream(clientquic, 0);
1508         }
1509 
1510         if (*stream != NULL) {
1511             if (SSL_read_ex(*stream, buf, buflen, readbytes))
1512                 return 1;
1513             if (!TEST_int_eq(SSL_get_error(*stream, 0), SSL_ERROR_WANT_READ))
1514                 return 0;
1515         }
1516         ossl_quic_tserver_tick(qtserv);
1517         qtest_add_time(1);
1518         qtest_wait_for_timeout(clientquic, qtserv);
1519     }
1520 
1521     TEST_error("No progress made");
1522     return 0;
1523 }
1524 
1525 /* Keep retrying ossl_quic_tserver_read until it succeeds or we give up */
unreliable_server_read(QUIC_TSERVER * qtserv,uint64_t sid,void * buf,size_t buflen,size_t * readbytes,SSL * clientquic)1526 static int unreliable_server_read(QUIC_TSERVER *qtserv, uint64_t sid,
1527                                   void *buf, size_t buflen, size_t *readbytes,
1528                                   SSL *clientquic)
1529 {
1530     int abortctr;
1531 
1532     /* We just do this in a loop with a sleep for simplicity */
1533     for (abortctr = 0; abortctr < MAX_LOOPS; abortctr++) {
1534         if (ossl_quic_tserver_read(qtserv, sid, buf, buflen, readbytes)
1535                 && *readbytes > 1)
1536             return 1;
1537         ossl_quic_tserver_tick(qtserv);
1538         SSL_handle_events(clientquic);
1539         qtest_add_time(1);
1540         qtest_wait_for_timeout(clientquic, qtserv);
1541     }
1542 
1543     TEST_error("No progress made");
1544     return 0;
1545 }
1546 
1547 /*
1548  * Create a connection and send data using an unreliable transport. We introduce
1549  * random noise to drop, delay and duplicate datagrams.
1550  * Test 0: Introduce random noise to datagrams
1551  * Test 1: As with test 0 but also split datagrams containing multiple packets
1552  *         into individual datagrams so that individual packets can be affected
1553  *         by noise - not just a whole datagram.
1554  */
test_noisy_dgram(int idx)1555 static int test_noisy_dgram(int idx)
1556 {
1557     SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1558     SSL *clientquic = NULL, *stream[2] = { NULL, NULL };
1559     QUIC_TSERVER *qtserv = NULL;
1560     int testresult = 0;
1561     uint64_t sid = 0;
1562     char *msg = "Hello world!";
1563     size_t msglen = strlen(msg), written, readbytes, i, j;
1564     unsigned char buf[80];
1565     int flags = QTEST_FLAG_NOISE | QTEST_FLAG_FAKE_TIME;
1566     QTEST_FAULT *fault = NULL;
1567 
1568     if (idx == 1)
1569         flags |= QTEST_FLAG_PACKET_SPLIT;
1570 
1571     if (!TEST_ptr(cctx)
1572             || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
1573                                                     privkey, flags,
1574                                                     &qtserv,
1575                                                     &clientquic, &fault, NULL)))
1576         goto err;
1577 
1578     if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1579             goto err;
1580 
1581     if (!TEST_true(SSL_set_incoming_stream_policy(clientquic,
1582                                                   SSL_INCOMING_STREAM_POLICY_ACCEPT,
1583                                                   0))
1584             || !TEST_true(SSL_set_default_stream_mode(clientquic,
1585                                                       SSL_DEFAULT_STREAM_MODE_NONE)))
1586         goto err;
1587 
1588     for (j = 0; j < 2; j++) {
1589         if (!TEST_true(ossl_quic_tserver_stream_new(qtserv, 0, &sid)))
1590             goto err;
1591         ossl_quic_tserver_tick(qtserv);
1592         qtest_add_time(1);
1593 
1594         /*
1595          * Send data from the server to the client. Some datagrams may get
1596          * lost, modified, dropped or re-ordered. We repeat 20 times to ensure
1597          * we are sending enough datagrams for problems to be noticed.
1598          */
1599         for (i = 0; i < 20; i++) {
1600             if (!TEST_true(ossl_quic_tserver_write(qtserv, sid,
1601                                                    (unsigned char *)msg, msglen,
1602                                                    &written))
1603                     || !TEST_size_t_eq(msglen, written))
1604                 goto err;
1605             ossl_quic_tserver_tick(qtserv);
1606             qtest_add_time(1);
1607 
1608             /*
1609              * Since the underlying BIO is now noisy we may get failures that
1610              * need to be retried - so we use unreliable_client_read() to
1611              * handle that
1612              */
1613             if (!TEST_true(unreliable_client_read(clientquic, &stream[j], buf,
1614                                                   sizeof(buf), &readbytes,
1615                                                   qtserv))
1616                     || !TEST_mem_eq(msg, msglen, buf, readbytes))
1617                 goto err;
1618         }
1619 
1620         /* Send data from the client to the server */
1621         for (i = 0; i < 20; i++) {
1622             if (!TEST_true(SSL_write_ex(stream[j], (unsigned char *)msg,
1623                                         msglen, &written))
1624                     || !TEST_size_t_eq(msglen, written))
1625                 goto err;
1626 
1627             ossl_quic_tserver_tick(qtserv);
1628             qtest_add_time(1);
1629 
1630             /*
1631              * Since the underlying BIO is now noisy we may get failures that
1632              * need to be retried - so we use unreliable_server_read() to
1633              * handle that
1634              */
1635             if (!TEST_true(unreliable_server_read(qtserv, sid, buf, sizeof(buf),
1636                                                   &readbytes, clientquic))
1637                     || !TEST_mem_eq(msg, msglen, buf, readbytes))
1638                 goto err;
1639         }
1640     }
1641 
1642     testresult = 1;
1643  err:
1644     ossl_quic_tserver_free(qtserv);
1645     SSL_free(stream[0]);
1646     SSL_free(stream[1]);
1647     SSL_free(clientquic);
1648     SSL_CTX_free(cctx);
1649     qtest_fault_free(fault);
1650 
1651     return testresult;
1652 }
1653 
1654 /*
1655  * Create a connection and send some big data using a transport with limited bandwidth.
1656  */
1657 
1658 #define TEST_TRANSFER_DATA_SIZE (2*1024*1024)    /* 2 MBytes */
1659 #define TEST_SINGLE_WRITE_SIZE (16*1024)        /* 16 kBytes */
1660 #define TEST_BW_LIMIT 1000                      /* 1000 Bytes/ms */
test_bw_limit(void)1661 static int test_bw_limit(void)
1662 {
1663     SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1664     SSL *clientquic = NULL;
1665     QUIC_TSERVER *qtserv = NULL;
1666     int testresult = 0;
1667     unsigned char *msg = NULL, *recvbuf = NULL;
1668     size_t sendlen = TEST_TRANSFER_DATA_SIZE;
1669     size_t recvlen = TEST_TRANSFER_DATA_SIZE;
1670     size_t written, readbytes;
1671     int flags = QTEST_FLAG_NOISE | QTEST_FLAG_FAKE_TIME;
1672     QTEST_FAULT *fault = NULL;
1673     uint64_t real_bw;
1674 
1675     if (!TEST_ptr(cctx)
1676             || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
1677                                                     privkey, flags,
1678                                                     &qtserv,
1679                                                     &clientquic, &fault, NULL)))
1680         goto err;
1681 
1682     if (!TEST_ptr(msg = OPENSSL_zalloc(TEST_SINGLE_WRITE_SIZE))
1683         || !TEST_ptr(recvbuf = OPENSSL_zalloc(TEST_SINGLE_WRITE_SIZE)))
1684         goto err;
1685 
1686     /* Set BW to 1000 Bytes/ms -> 1MByte/s both ways */
1687     if (!TEST_true(qtest_fault_set_bw_limit(fault, 1000, 1000, 0)))
1688         goto err;
1689 
1690     if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1691             goto err;
1692 
1693     qtest_start_stopwatch();
1694 
1695     while (recvlen > 0) {
1696         qtest_add_time(1);
1697 
1698         if (sendlen > 0) {
1699             if (!SSL_write_ex(clientquic, msg,
1700                               sendlen > TEST_SINGLE_WRITE_SIZE ? TEST_SINGLE_WRITE_SIZE
1701                                                                : sendlen,
1702                               &written)) {
1703                 TEST_info("Retrying to send: %llu", (unsigned long long) sendlen);
1704                 if (!TEST_int_eq(SSL_get_error(clientquic, 0), SSL_ERROR_WANT_WRITE))
1705                     goto err;
1706             } else {
1707                 sendlen -= written;
1708                 TEST_info("Remaining to send: %llu", (unsigned long long) sendlen);
1709             }
1710         } else {
1711             SSL_handle_events(clientquic);
1712         }
1713 
1714         if (ossl_quic_tserver_read(qtserv, 0, recvbuf,
1715                                    recvlen > TEST_SINGLE_WRITE_SIZE ? TEST_SINGLE_WRITE_SIZE
1716                                                                     : recvlen,
1717                                    &readbytes)
1718             && readbytes > 1) {
1719             recvlen -= readbytes;
1720             TEST_info("Remaining to recv: %llu", (unsigned long long) recvlen);
1721         } else {
1722             TEST_info("No progress on recv: %llu", (unsigned long long) recvlen);
1723         }
1724         ossl_quic_tserver_tick(qtserv);
1725     }
1726     real_bw = TEST_TRANSFER_DATA_SIZE / qtest_get_stopwatch_time();
1727 
1728     TEST_info("BW limit: %d Bytes/ms Real bandwidth reached: %llu Bytes/ms",
1729               TEST_BW_LIMIT, (unsigned long long)real_bw);
1730 
1731     if (!TEST_uint64_t_lt(real_bw, TEST_BW_LIMIT))
1732         goto err;
1733 
1734     testresult = 1;
1735  err:
1736     OPENSSL_free(msg);
1737     OPENSSL_free(recvbuf);
1738     ossl_quic_tserver_free(qtserv);
1739     SSL_free(clientquic);
1740     SSL_CTX_free(cctx);
1741     qtest_fault_free(fault);
1742 
1743     return testresult;
1744 }
1745 
1746 enum {
1747     TPARAM_OP_DUP,
1748     TPARAM_OP_DROP,
1749     TPARAM_OP_INJECT,
1750     TPARAM_OP_INJECT_TWICE,
1751     TPARAM_OP_INJECT_RAW,
1752     TPARAM_OP_DROP_INJECT,
1753     TPARAM_OP_MUTATE
1754 };
1755 
1756 #define TPARAM_CHECK_DUP(name, reason) \
1757     { QUIC_TPARAM_##name, TPARAM_OP_DUP, (reason) },
1758 #define TPARAM_CHECK_DROP(name, reason) \
1759     { QUIC_TPARAM_##name, TPARAM_OP_DROP, (reason) },
1760 #define TPARAM_CHECK_INJECT(name, buf, buf_len, reason) \
1761     { QUIC_TPARAM_##name, TPARAM_OP_INJECT, (reason), \
1762       (buf), (buf_len) },
1763 #define TPARAM_CHECK_INJECT_A(name, buf, reason) \
1764     TPARAM_CHECK_INJECT(name, buf, sizeof(buf), reason)
1765 #define TPARAM_CHECK_DROP_INJECT(name, buf, buf_len, reason) \
1766     { QUIC_TPARAM_##name, TPARAM_OP_DROP_INJECT, (reason), \
1767       (buf), (buf_len) },
1768 #define TPARAM_CHECK_DROP_INJECT_A(name, buf, reason) \
1769     TPARAM_CHECK_DROP_INJECT(name, buf, sizeof(buf), reason)
1770 #define TPARAM_CHECK_INJECT_TWICE(name, buf, buf_len, reason) \
1771     { QUIC_TPARAM_##name, TPARAM_OP_INJECT_TWICE, (reason), \
1772       (buf), (buf_len) },
1773 #define TPARAM_CHECK_INJECT_TWICE_A(name, buf, reason) \
1774     TPARAM_CHECK_INJECT_TWICE(name, buf, sizeof(buf), reason)
1775 #define TPARAM_CHECK_INJECT_RAW(buf, buf_len, reason) \
1776     { 0, TPARAM_OP_INJECT_RAW, (reason), \
1777       (buf), (buf_len) },
1778 #define TPARAM_CHECK_INJECT_RAW_A(buf, reason) \
1779     TPARAM_CHECK_INJECT_RAW(buf, sizeof(buf), reason)
1780 #define TPARAM_CHECK_MUTATE(name, reason) \
1781     { QUIC_TPARAM_##name, TPARAM_OP_MUTATE, (reason) },
1782 #define TPARAM_CHECK_INT(name, reason) \
1783     TPARAM_CHECK_DROP_INJECT(name, NULL, 0, reason) \
1784     TPARAM_CHECK_DROP_INJECT_A(name, bogus_int, reason) \
1785     TPARAM_CHECK_DROP_INJECT_A(name, int_with_trailer, reason)
1786 
1787 struct tparam_test {
1788     uint64_t    id;
1789     int         op;
1790     const char  *expect_fail; /* substring to expect in reason */
1791     const void  *buf;
1792     size_t      buf_len;
1793 };
1794 
1795 
1796 static const unsigned char disable_active_migration_1[] = {
1797     0x00
1798 };
1799 
1800 static const unsigned char malformed_stateless_reset_token_1[] = {
1801     0x02, 0xff
1802 };
1803 
1804 static const unsigned char malformed_stateless_reset_token_2[] = {
1805     0x01
1806 };
1807 
1808 static const unsigned char malformed_stateless_reset_token_3[15] = { 0 };
1809 
1810 static const unsigned char malformed_stateless_reset_token_4[17] = { 0 };
1811 
1812 static const unsigned char malformed_preferred_addr_1[] = {
1813     0x0d, 0xff
1814 };
1815 
1816 static const unsigned char malformed_preferred_addr_2[42] = {
1817     0x0d, 0x28, /* too short */
1818 };
1819 
1820 static const unsigned char malformed_preferred_addr_3[64] = {
1821     0x0d, 0x3e, /* too long */
1822 };
1823 
1824 static const unsigned char malformed_preferred_addr_4[] = {
1825     /* TPARAM too short for CID length indicated */
1826     0x0d, 0x29, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1827     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1828     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1829     0x00, 0x00, 0x01, 0x55,
1830     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1831     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1832 };
1833 
1834 static const unsigned char malformed_unknown_1[] = {
1835     0xff
1836 };
1837 
1838 static const unsigned char malformed_unknown_2[] = {
1839     0x55, 0x55,
1840 };
1841 
1842 static const unsigned char malformed_unknown_3[] = {
1843     0x55, 0x55, 0x01,
1844 };
1845 
1846 static const unsigned char ack_delay_exp[] = {
1847     0x03
1848 };
1849 
1850 static const unsigned char stateless_reset_token[16] = { 0x42 };
1851 
1852 static const unsigned char preferred_addr[] = {
1853     0x44, 0x44, 0x44, 0x44,
1854     0x55, 0x55,
1855     0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
1856     0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
1857     0x77, 0x77,
1858     0x02, 0xAA, 0xBB,
1859     0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99,
1860     0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99,
1861 };
1862 
1863 static const unsigned char long_cid[21] = { 0x42 };
1864 
1865 static const unsigned char excess_ack_delay_exp[] = {
1866     0x15,
1867 };
1868 
1869 static const unsigned char excess_max_ack_delay[] = {
1870     0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00,
1871 };
1872 
1873 static const unsigned char excess_initial_max_streams[] = {
1874     0xD0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
1875 };
1876 
1877 static const unsigned char undersize_udp_payload_size[] = {
1878     0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0xaf,
1879 };
1880 
1881 static const unsigned char undersize_active_conn_id_limit[] = {
1882     0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
1883 };
1884 
1885 static const unsigned char bogus_int[9] = { 0 };
1886 
1887 static const unsigned char int_with_trailer[2] = { 0x01 };
1888 
1889 #define QUIC_TPARAM_UNKNOWN_1   0xf1f1
1890 
1891 static const struct tparam_test tparam_tests[] = {
1892     TPARAM_CHECK_DUP(ORIG_DCID,
1893                      "ORIG_DCID appears multiple times")
1894     TPARAM_CHECK_DUP(INITIAL_SCID,
1895                      "INITIAL_SCID appears multiple times")
1896     TPARAM_CHECK_DUP(INITIAL_MAX_DATA,
1897                      "INITIAL_MAX_DATA appears multiple times")
1898     TPARAM_CHECK_DUP(INITIAL_MAX_STREAM_DATA_BIDI_LOCAL,
1899                      "INITIAL_MAX_STREAM_DATA_BIDI_LOCAL appears multiple times")
1900     TPARAM_CHECK_DUP(INITIAL_MAX_STREAM_DATA_BIDI_REMOTE,
1901                      "INITIAL_MAX_STREAM_DATA_BIDI_REMOTE appears multiple times")
1902     TPARAM_CHECK_DUP(INITIAL_MAX_STREAM_DATA_UNI,
1903                      "INITIAL_MAX_STREAM_DATA_UNI appears multiple times")
1904     TPARAM_CHECK_DUP(INITIAL_MAX_STREAMS_BIDI,
1905                      "INITIAL_MAX_STREAMS_BIDI appears multiple times")
1906     TPARAM_CHECK_DUP(INITIAL_MAX_STREAMS_UNI,
1907                      "INITIAL_MAX_STREAMS_UNI appears multiple times")
1908     TPARAM_CHECK_DUP(MAX_IDLE_TIMEOUT,
1909                      "MAX_IDLE_TIMEOUT appears multiple times")
1910     TPARAM_CHECK_DUP(MAX_UDP_PAYLOAD_SIZE,
1911                      "MAX_UDP_PAYLOAD_SIZE appears multiple times")
1912     TPARAM_CHECK_DUP(ACTIVE_CONN_ID_LIMIT,
1913                      "ACTIVE_CONN_ID_LIMIT appears multiple times")
1914     TPARAM_CHECK_DUP(DISABLE_ACTIVE_MIGRATION,
1915                      "DISABLE_ACTIVE_MIGRATION appears multiple times")
1916 
1917     TPARAM_CHECK_DROP(INITIAL_SCID,
1918                       "INITIAL_SCID was not sent but is required")
1919     TPARAM_CHECK_DROP(ORIG_DCID,
1920                       "ORIG_DCID was not sent but is required")
1921 
1922     TPARAM_CHECK_DROP_INJECT_A(DISABLE_ACTIVE_MIGRATION, disable_active_migration_1,
1923                                "DISABLE_ACTIVE_MIGRATION is malformed")
1924     TPARAM_CHECK_INJECT(UNKNOWN_1, NULL, 0,
1925                         NULL)
1926     TPARAM_CHECK_INJECT_RAW_A(malformed_stateless_reset_token_1,
1927                               "STATELESS_RESET_TOKEN is malformed")
1928     TPARAM_CHECK_INJECT_A(STATELESS_RESET_TOKEN,
1929                           malformed_stateless_reset_token_2,
1930                           "STATELESS_RESET_TOKEN is malformed")
1931     TPARAM_CHECK_INJECT_A(STATELESS_RESET_TOKEN,
1932                           malformed_stateless_reset_token_3,
1933                           "STATELESS_RESET_TOKEN is malformed")
1934     TPARAM_CHECK_INJECT_A(STATELESS_RESET_TOKEN,
1935                           malformed_stateless_reset_token_4,
1936                           "STATELESS_RESET_TOKEN is malformed")
1937     TPARAM_CHECK_INJECT(STATELESS_RESET_TOKEN,
1938                         NULL, 0,
1939                         "STATELESS_RESET_TOKEN is malformed")
1940     TPARAM_CHECK_INJECT_RAW_A(malformed_preferred_addr_1,
1941                               "PREFERRED_ADDR is malformed")
1942     TPARAM_CHECK_INJECT_RAW_A(malformed_preferred_addr_2,
1943                               "PREFERRED_ADDR is malformed")
1944     TPARAM_CHECK_INJECT_RAW_A(malformed_preferred_addr_3,
1945                               "PREFERRED_ADDR is malformed")
1946     TPARAM_CHECK_INJECT_RAW_A(malformed_preferred_addr_4,
1947                               "PREFERRED_ADDR is malformed")
1948     TPARAM_CHECK_INJECT_RAW_A(malformed_unknown_1,
1949                               "bad transport parameter")
1950     TPARAM_CHECK_INJECT_RAW_A(malformed_unknown_2,
1951                               "bad transport parameter")
1952     TPARAM_CHECK_INJECT_RAW_A(malformed_unknown_3,
1953                               "bad transport parameter")
1954 
1955     TPARAM_CHECK_INJECT_A(ACK_DELAY_EXP, excess_ack_delay_exp,
1956                           "ACK_DELAY_EXP is malformed")
1957     TPARAM_CHECK_INJECT_A(MAX_ACK_DELAY, excess_max_ack_delay,
1958                           "MAX_ACK_DELAY is malformed")
1959     TPARAM_CHECK_DROP_INJECT_A(INITIAL_MAX_STREAMS_BIDI, excess_initial_max_streams,
1960                                "INITIAL_MAX_STREAMS_BIDI is malformed")
1961     TPARAM_CHECK_DROP_INJECT_A(INITIAL_MAX_STREAMS_UNI, excess_initial_max_streams,
1962                                "INITIAL_MAX_STREAMS_UNI is malformed")
1963 
1964     TPARAM_CHECK_DROP_INJECT_A(MAX_UDP_PAYLOAD_SIZE, undersize_udp_payload_size,
1965                                "MAX_UDP_PAYLOAD_SIZE is malformed")
1966     TPARAM_CHECK_DROP_INJECT_A(ACTIVE_CONN_ID_LIMIT, undersize_active_conn_id_limit,
1967                                "ACTIVE_CONN_ID_LIMIT is malformed")
1968 
1969     TPARAM_CHECK_INJECT_TWICE_A(ACK_DELAY_EXP, ack_delay_exp,
1970                                 "ACK_DELAY_EXP appears multiple times")
1971     TPARAM_CHECK_INJECT_TWICE_A(MAX_ACK_DELAY, ack_delay_exp,
1972                                 "MAX_ACK_DELAY appears multiple times")
1973     TPARAM_CHECK_INJECT_TWICE_A(STATELESS_RESET_TOKEN, stateless_reset_token,
1974                                 "STATELESS_RESET_TOKEN appears multiple times")
1975     TPARAM_CHECK_INJECT_TWICE_A(PREFERRED_ADDR, preferred_addr,
1976                                 "PREFERRED_ADDR appears multiple times")
1977 
1978     TPARAM_CHECK_MUTATE(ORIG_DCID,
1979                         "ORIG_DCID does not match expected value")
1980     TPARAM_CHECK_MUTATE(INITIAL_SCID,
1981                         "INITIAL_SCID does not match expected value")
1982 
1983     TPARAM_CHECK_DROP_INJECT_A(ORIG_DCID, long_cid,
1984                                "ORIG_DCID is malformed")
1985     TPARAM_CHECK_DROP_INJECT_A(INITIAL_SCID, long_cid,
1986                                "INITIAL_SCID is malformed")
1987 
1988     TPARAM_CHECK_INT(INITIAL_MAX_DATA,
1989                      "INITIAL_MAX_DATA is malformed")
1990     TPARAM_CHECK_INT(INITIAL_MAX_STREAM_DATA_BIDI_LOCAL,
1991                      "INITIAL_MAX_STREAM_DATA_BIDI_LOCAL is malformed")
1992     TPARAM_CHECK_INT(INITIAL_MAX_STREAM_DATA_BIDI_REMOTE,
1993                      "INITIAL_MAX_STREAM_DATA_BIDI_REMOTE is malformed")
1994     TPARAM_CHECK_INT(INITIAL_MAX_STREAM_DATA_UNI,
1995                      "INITIAL_MAX_STREAM_DATA_UNI is malformed")
1996     TPARAM_CHECK_INT(ACK_DELAY_EXP,
1997                      "ACK_DELAY_EXP is malformed")
1998     TPARAM_CHECK_INT(MAX_ACK_DELAY,
1999                      "MAX_ACK_DELAY is malformed")
2000     TPARAM_CHECK_INT(INITIAL_MAX_STREAMS_BIDI,
2001                      "INITIAL_MAX_STREAMS_BIDI is malformed")
2002     TPARAM_CHECK_INT(INITIAL_MAX_STREAMS_UNI,
2003                      "INITIAL_MAX_STREAMS_UNI is malformed")
2004     TPARAM_CHECK_INT(MAX_IDLE_TIMEOUT,
2005                      "MAX_IDLE_TIMEOUT is malformed")
2006     TPARAM_CHECK_INT(MAX_UDP_PAYLOAD_SIZE,
2007                      "MAX_UDP_PAYLOAD_SIZE is malformed")
2008     TPARAM_CHECK_INT(ACTIVE_CONN_ID_LIMIT,
2009                      "ACTIVE_CONN_ID_LIMIT is malformed")
2010 };
2011 
2012 struct tparam_ctx {
2013     const struct tparam_test *t;
2014 };
2015 
tparam_handle(struct tparam_ctx * ctx,uint64_t id,unsigned char * data,size_t data_len,WPACKET * wpkt)2016 static int tparam_handle(struct tparam_ctx *ctx,
2017                          uint64_t id, unsigned char *data,
2018                          size_t data_len,
2019                          WPACKET *wpkt)
2020 {
2021     const struct tparam_test *t = ctx->t;
2022 
2023     switch (t->op) {
2024     case TPARAM_OP_DUP:
2025         if (!TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(wpkt, id,
2026                                                                   data, data_len)))
2027             return 0;
2028 
2029         /*
2030          * If this is the matching ID, write it again, duplicating the TPARAM.
2031          */
2032         if (id == t->id
2033             && !TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(wpkt, id,
2034                                                                      data, data_len)))
2035             return 0;
2036 
2037         return 1;
2038 
2039     case TPARAM_OP_DROP:
2040     case TPARAM_OP_DROP_INJECT:
2041         /* Pass through unless ID matches. */
2042         if (id != t->id
2043             && !TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(wpkt, id,
2044                                                                      data, data_len)))
2045             return 0;
2046 
2047         return 1;
2048 
2049     case TPARAM_OP_INJECT:
2050     case TPARAM_OP_INJECT_TWICE:
2051     case TPARAM_OP_INJECT_RAW:
2052         /* Always pass through. */
2053         if (!TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(wpkt, id,
2054                                                                   data, data_len)))
2055             return 0;
2056 
2057         return 1;
2058 
2059     case TPARAM_OP_MUTATE:
2060         if (id == t->id) {
2061             if (!TEST_size_t_gt(data_len, 0))
2062                 return 0;
2063 
2064             data[0] ^= 1;
2065         }
2066 
2067         if (!TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(wpkt, id,
2068                                                                   data, data_len)))
2069             return 0;
2070 
2071         if (id == t->id)
2072             data[0] ^= 1;
2073 
2074         return 1;
2075 
2076     default:
2077         return 0;
2078     }
2079 }
2080 
tparam_on_enc_ext(QTEST_FAULT * qtf,QTEST_ENCRYPTED_EXTENSIONS * ee,size_t ee_len,void * arg)2081 static int tparam_on_enc_ext(QTEST_FAULT *qtf, QTEST_ENCRYPTED_EXTENSIONS *ee,
2082                              size_t ee_len, void *arg)
2083 {
2084     int rc = 0;
2085     struct tparam_ctx *ctx = arg;
2086     PACKET pkt = {0};
2087     WPACKET wpkt;
2088     int have_wpkt = 0;
2089     BUF_MEM *old_bufm = NULL, *new_bufm = NULL;
2090     unsigned char *tp_p;
2091     size_t tp_len, written, old_len, eb_len;
2092     uint64_t id;
2093 
2094     if (!TEST_ptr(old_bufm = BUF_MEM_new()))
2095         goto err;
2096 
2097     /*
2098      * Delete transport parameters TLS extension and capture the contents of the
2099      * extension which was removed.
2100      */
2101     if (!TEST_true(qtest_fault_delete_extension(qtf, TLSEXT_TYPE_quic_transport_parameters,
2102                                                 ee->extensions, &ee->extensionslen,
2103                                                 old_bufm)))
2104         goto err;
2105 
2106     if (!TEST_true(PACKET_buf_init(&pkt, (unsigned char *)old_bufm->data, old_bufm->length))
2107         || !TEST_ptr(new_bufm = BUF_MEM_new())
2108         || !TEST_true(WPACKET_init(&wpkt, new_bufm)))
2109         goto err;
2110 
2111     have_wpkt = 1;
2112 
2113     /*
2114      * Open transport parameters TLS extension:
2115      *
2116      *   u16  Extension ID (quic_transport_parameters)
2117      *   u16  Extension Data Length
2118      *   ...  Extension Data
2119      *
2120      */
2121     if (!TEST_true(WPACKET_put_bytes_u16(&wpkt,
2122                                          TLSEXT_TYPE_quic_transport_parameters))
2123         || !TEST_true(WPACKET_start_sub_packet_u16(&wpkt)))
2124         goto err;
2125 
2126     for (; PACKET_remaining(&pkt) > 0; ) {
2127         tp_p = (unsigned char *)ossl_quic_wire_decode_transport_param_bytes(&pkt,
2128                                                                             &id,
2129                                                                             &tp_len);
2130         if (!TEST_ptr(tp_p)) {
2131             TEST_mem_eq(PACKET_data(&pkt), PACKET_remaining(&pkt), NULL, 0);
2132             goto err;
2133         }
2134 
2135         if (!TEST_true(tparam_handle(ctx, id, tp_p, tp_len, &wpkt)))
2136             goto err;
2137     }
2138 
2139     if (ctx->t->op == TPARAM_OP_INJECT || ctx->t->op == TPARAM_OP_DROP_INJECT
2140         || ctx->t->op == TPARAM_OP_INJECT_TWICE) {
2141         if (!TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(&wpkt, ctx->t->id,
2142                                                                   ctx->t->buf,
2143                                                                   ctx->t->buf_len)))
2144             goto err;
2145 
2146         if (ctx->t->op == TPARAM_OP_INJECT_TWICE
2147             && !TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(&wpkt, ctx->t->id,
2148                                                                      ctx->t->buf,
2149                                                                      ctx->t->buf_len)))
2150             goto err;
2151     } else if (ctx->t->op == TPARAM_OP_INJECT_RAW) {
2152         if (!TEST_true(WPACKET_memcpy(&wpkt, ctx->t->buf, ctx->t->buf_len)))
2153             goto err;
2154     }
2155 
2156     if (!TEST_true(WPACKET_close(&wpkt))) /* end extension data, set length */
2157         goto err;
2158 
2159     if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
2160         goto err;
2161 
2162     WPACKET_finish(&wpkt);
2163     have_wpkt = 0;
2164 
2165     /*
2166      * Append the constructed extension blob to the extension block.
2167      */
2168     old_len = ee->extensionslen;
2169 
2170     if (!qtest_fault_resize_message(qtf, ee->extensionslen + written))
2171         goto err;
2172 
2173     memcpy(ee->extensions + old_len, new_bufm->data, written);
2174 
2175     /* Fixup the extension block header (u16 length of entire block). */
2176     eb_len = (((uint16_t)ee->extensions[0]) << 8) + (uint16_t)ee->extensions[1];
2177     eb_len += written;
2178     ee->extensions[0] = (unsigned char)((eb_len >> 8) & 0xFF);
2179     ee->extensions[1] = (unsigned char)( eb_len       & 0xFF);
2180 
2181     rc = 1;
2182 err:
2183     if (have_wpkt)
2184         WPACKET_cleanup(&wpkt);
2185     BUF_MEM_free(old_bufm);
2186     BUF_MEM_free(new_bufm);
2187     return rc;
2188 }
2189 
test_tparam(int idx)2190 static int test_tparam(int idx)
2191 {
2192     int testresult = 0;
2193     SSL_CTX *c_ctx = NULL;
2194     SSL *c_ssl = NULL;
2195     QUIC_TSERVER *s = NULL;
2196     QTEST_FAULT *qtf = NULL;
2197     struct tparam_ctx ctx = {0};
2198 
2199     ctx.t = &tparam_tests[idx];
2200 
2201     if (!TEST_ptr(c_ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
2202         goto err;
2203 
2204     if (!TEST_true(qtest_create_quic_objects(libctx, c_ctx, NULL, cert,
2205                                              privkey, 0, &s,
2206                                              &c_ssl, &qtf, NULL)))
2207         goto err;
2208 
2209     if (!TEST_true(qtest_fault_set_hand_enc_ext_listener(qtf, tparam_on_enc_ext,
2210                                                          &ctx)))
2211         goto err;
2212 
2213     if (!TEST_true(qtest_create_quic_connection_ex(s, c_ssl,
2214                                                    ctx.t->expect_fail != NULL)))
2215         goto err;
2216 
2217     if (ctx.t->expect_fail != NULL) {
2218         SSL_CONN_CLOSE_INFO info = {0};
2219 
2220         if (!TEST_true(SSL_get_conn_close_info(c_ssl, &info, sizeof(info))))
2221             goto err;
2222 
2223         if (!TEST_true((info.flags & SSL_CONN_CLOSE_FLAG_TRANSPORT) != 0)
2224             || !TEST_uint64_t_eq(info.error_code, OSSL_QUIC_ERR_TRANSPORT_PARAMETER_ERROR)
2225             || !TEST_ptr(strstr(info.reason, ctx.t->expect_fail))) {
2226             TEST_error("expected connection closure information mismatch"
2227                        " during TPARAM test: flags=%llu ec=%llu reason='%s'",
2228                        (unsigned long long)info.flags,
2229                        (unsigned long long)info.error_code,
2230                        info.reason);
2231             goto err;
2232         }
2233     }
2234 
2235     testresult = 1;
2236 err:
2237     if (!testresult) {
2238         if (ctx.t->expect_fail != NULL)
2239             TEST_info("failed during test for id=%llu, op=%d, bl=%zu, "
2240                       "expected failure='%s'", (unsigned long long)ctx.t->id,
2241                       ctx.t->op, ctx.t->buf_len, ctx.t->expect_fail);
2242         else
2243             TEST_info("failed during test for id=%llu, op=%d, bl=%zu",
2244                       (unsigned long long)ctx.t->id, ctx.t->op, ctx.t->buf_len);
2245     }
2246 
2247     ossl_quic_tserver_free(s);
2248     SSL_free(c_ssl);
2249     SSL_CTX_free(c_ctx);
2250     qtest_fault_free(qtf);
2251     return testresult;
2252 }
2253 
2254 static int new_called = 0;
2255 static SSL *cbssl = NULL;
2256 
new_session_cb(SSL * ssl,SSL_SESSION * sess)2257 static int new_session_cb(SSL *ssl, SSL_SESSION *sess)
2258 {
2259     new_called++;
2260     /*
2261      * Remember the SSL ref we were called with. No need to up-ref this. It
2262      * should remain valid for the duration of the test.
2263      */
2264     cbssl = ssl;
2265     /*
2266      * sess has been up-refed for us, but we don't actually need it so free it
2267      * immediately.
2268      */
2269     SSL_SESSION_free(sess);
2270     return 1;
2271 }
2272 
2273 /* Test using a new_session_cb with a QUIC SSL object works as expected */
test_session_cb(void)2274 static int test_session_cb(void)
2275 {
2276     SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
2277     SSL *clientquic = NULL;
2278     QUIC_TSERVER *qtserv = NULL;
2279     int testresult = 0;
2280 
2281     if (!TEST_ptr(cctx))
2282         goto err;
2283 
2284     new_called = 0;
2285     cbssl = NULL;
2286     SSL_CTX_sess_set_new_cb(cctx, new_session_cb);
2287     SSL_CTX_set_session_cache_mode(cctx, SSL_SESS_CACHE_CLIENT);
2288 
2289     if (!TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
2290                                              privkey,
2291                                              QTEST_FLAG_FAKE_TIME,
2292                                              &qtserv, &clientquic,
2293                                              NULL, NULL)))
2294         goto err;
2295 
2296     if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
2297         goto err;
2298 
2299     /* Process the pending NewSessionTickets */
2300     if (!TEST_true(SSL_handle_events(clientquic)))
2301         goto err;
2302 
2303     if (!TEST_int_eq(SSL_shutdown(clientquic), 0))
2304         goto err;
2305 
2306     /*
2307      * Check the callback was called twice (we expect 2 tickets), and with the
2308      * correct SSL reference
2309      */
2310     if (!TEST_int_eq(new_called, 2)
2311             || !TEST_ptr_eq(clientquic, cbssl))
2312         goto err;
2313 
2314     testresult = 1;
2315  err:
2316     cbssl = NULL;
2317     ossl_quic_tserver_free(qtserv);
2318     SSL_free(clientquic);
2319     SSL_CTX_free(cctx);
2320 
2321     return testresult;
2322 }
2323 
test_domain_flags(void)2324 static int test_domain_flags(void)
2325 {
2326     int testresult = 0;
2327     SSL_CTX *ctx = NULL;
2328     SSL *domain = NULL, *listener = NULL, *other_conn = NULL;
2329     uint64_t domain_flags = 0;
2330 
2331     if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()))
2332         || !TEST_true(SSL_CTX_get_domain_flags(ctx, &domain_flags))
2333         || !TEST_uint64_t_ne(domain_flags, 0)
2334         || !TEST_uint64_t_ne(domain_flags & (SSL_DOMAIN_FLAG_SINGLE_THREAD
2335                                              | SSL_DOMAIN_FLAG_MULTI_THREAD), 0)
2336         || !TEST_uint64_t_ne(domain_flags & SSL_DOMAIN_FLAG_LEGACY_BLOCKING, 0)
2337         || !TEST_true(SSL_CTX_set_domain_flags(ctx, SSL_DOMAIN_FLAG_SINGLE_THREAD))
2338         || !TEST_true(SSL_CTX_get_domain_flags(ctx, &domain_flags))
2339         || !TEST_uint64_t_eq(domain_flags, SSL_DOMAIN_FLAG_SINGLE_THREAD)
2340         || !TEST_ptr(domain = SSL_new_domain(ctx, 0))
2341         || !TEST_true(SSL_get_domain_flags(domain, &domain_flags))
2342         || !TEST_uint64_t_eq(domain_flags, SSL_DOMAIN_FLAG_SINGLE_THREAD)
2343         || !TEST_true(other_conn = SSL_new(ctx))
2344         || !TEST_true(SSL_get_domain_flags(other_conn, &domain_flags))
2345         || !TEST_uint64_t_eq(domain_flags, SSL_DOMAIN_FLAG_SINGLE_THREAD)
2346         || !TEST_true(SSL_is_domain(domain))
2347         || !TEST_false(SSL_is_domain(other_conn))
2348         || !TEST_ptr_eq(SSL_get0_domain(domain), domain)
2349         || !TEST_ptr_null(SSL_get0_domain(other_conn))
2350         || !TEST_ptr(listener = SSL_new_listener_from(domain, 0))
2351         || !TEST_true(SSL_is_listener(listener))
2352         || !TEST_false(SSL_is_domain(listener))
2353         || !TEST_ptr_eq(SSL_get0_domain(listener), domain)
2354         || !TEST_ptr_eq(SSL_get0_listener(listener), listener))
2355         goto err;
2356 
2357     testresult = 1;
2358 err:
2359     SSL_free(domain);
2360     SSL_free(listener);
2361     SSL_free(other_conn);
2362     SSL_CTX_free(ctx);
2363     return testresult;
2364 }
2365 
2366 /*
2367  * Test that calling SSL_handle_events() early behaves as expected
2368  */
test_early_ticks(void)2369 static int test_early_ticks(void)
2370 {
2371     SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
2372     SSL *clientquic = NULL;
2373     QUIC_TSERVER *qtserv = NULL;
2374     int testresult = 0;
2375     struct timeval tv;
2376     int inf = 0;
2377 
2378     if (!TEST_ptr(cctx)
2379             || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
2380                                                     privkey, QTEST_FLAG_FAKE_TIME,
2381                                                     &qtserv,
2382                                                     &clientquic, NULL, NULL)))
2383         goto err;
2384 
2385     if (!TEST_true(SSL_in_before(clientquic)))
2386         goto err;
2387 
2388     if (!TEST_true(SSL_handle_events(clientquic)))
2389         goto err;
2390 
2391     if (!TEST_true(SSL_get_event_timeout(clientquic, &tv, &inf))
2392             || !TEST_true(inf))
2393         goto err;
2394 
2395     if (!TEST_false(SSL_has_pending(clientquic))
2396             || !TEST_int_eq(SSL_pending(clientquic), 0))
2397         goto err;
2398 
2399     if (!TEST_true(SSL_in_before(clientquic)))
2400         goto err;
2401 
2402     if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
2403         goto err;
2404 
2405     if (!TEST_false(SSL_in_before(clientquic)))
2406         goto err;
2407 
2408     testresult = 1;
2409  err:
2410     SSL_free(clientquic);
2411     SSL_CTX_free(cctx);
2412     ossl_quic_tserver_free(qtserv);
2413     return testresult;
2414 }
2415 
select_alpn(SSL * ssl,const unsigned char ** out,unsigned char * out_len,const unsigned char * in,unsigned int in_len,void * arg)2416 static int select_alpn(SSL *ssl, const unsigned char **out,
2417                        unsigned char *out_len, const unsigned char *in,
2418                        unsigned int in_len, void *arg)
2419 {
2420     static unsigned char alpn[] = { 8, 'o', 's', 's', 'l', 't', 'e', 's', 't' };
2421 
2422     if (SSL_select_next_proto((unsigned char **)out, out_len, alpn, sizeof(alpn),
2423                               in, in_len) == OPENSSL_NPN_NEGOTIATED)
2424         return SSL_TLSEXT_ERR_OK;
2425     return SSL_TLSEXT_ERR_ALERT_FATAL;
2426 }
2427 
create_client_ctx(void)2428 static SSL_CTX *create_client_ctx(void)
2429 {
2430     SSL_CTX *ssl_ctx;
2431 
2432     if (!TEST_ptr(ssl_ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()))) {
2433         SSL_CTX_free(ssl_ctx);
2434         ssl_ctx = NULL;
2435     }
2436 
2437     return ssl_ctx;
2438 }
2439 
create_server_ctx(void)2440 static SSL_CTX *create_server_ctx(void)
2441 {
2442     SSL_CTX *ssl_ctx;
2443 
2444     if (!TEST_ptr(ssl_ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_server_method()))
2445         || !TEST_true(SSL_CTX_use_certificate_file(ssl_ctx, cert, SSL_FILETYPE_PEM))
2446         || !TEST_true(SSL_CTX_use_PrivateKey_file(ssl_ctx, privkey, SSL_FILETYPE_PEM))) {
2447         SSL_CTX_free(ssl_ctx);
2448         ssl_ctx = NULL;
2449     } else {
2450         SSL_CTX_set_alpn_select_cb(ssl_ctx, select_alpn, NULL);
2451         SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_NONE, NULL);
2452     }
2453 
2454     return ssl_ctx;
2455 }
2456 
create_addr(struct in_addr * ina,short int port)2457 static BIO_ADDR *create_addr(struct in_addr *ina, short int port)
2458 {
2459     BIO_ADDR *addr = NULL;
2460 
2461     if (!TEST_ptr(addr = BIO_ADDR_new()))
2462         return NULL;
2463 
2464     if (!TEST_true(BIO_ADDR_rawmake(addr, AF_INET, ina, sizeof(struct in_addr),
2465                                     htons(port)))) {
2466         BIO_ADDR_free(addr);
2467         return NULL;
2468     }
2469 
2470     return addr;
2471 }
2472 
bio_addr_bind(BIO * bio,BIO_ADDR * addr)2473 static int bio_addr_bind(BIO *bio, BIO_ADDR *addr)
2474 {
2475     int bio_caps = BIO_DGRAM_CAP_HANDLES_DST_ADDR | BIO_DGRAM_CAP_HANDLES_SRC_ADDR;
2476 
2477     if (!TEST_true(BIO_dgram_set_caps(bio, bio_caps)))
2478         return 0;
2479 
2480     if (!TEST_int_eq(BIO_dgram_set0_local_addr(bio, addr), 1))
2481         return 0;
2482 
2483     return 1;
2484 }
2485 
ql_create(SSL_CTX * ssl_ctx,BIO * bio)2486 static SSL *ql_create(SSL_CTX *ssl_ctx, BIO *bio)
2487 {
2488     SSL *qserver;
2489 
2490     if (!TEST_ptr(qserver = SSL_new_listener(ssl_ctx, 0))) {
2491         BIO_free(bio);
2492         return NULL;
2493     }
2494 
2495     SSL_set_bio(qserver, bio, bio);
2496 
2497     if (!TEST_true(SSL_listen(qserver))) {
2498         SSL_free(qserver);
2499         return NULL;
2500     }
2501 
2502     return qserver;
2503 }
2504 
qc_init(SSL * qconn,BIO_ADDR * dst_addr)2505 static int qc_init(SSL *qconn, BIO_ADDR *dst_addr)
2506 {
2507     static unsigned char alpn[] = { 8, 'o', 's', 's', 'l', 't', 'e', 's', 't' };
2508 
2509     if (!TEST_true(SSL_set1_initial_peer_addr(qconn, dst_addr)))
2510         return 0;
2511 
2512     if (!TEST_false(SSL_set_alpn_protos(qconn, alpn, sizeof(alpn))))
2513         return 0;
2514 
2515     return 1;
2516 }
2517 
test_ssl_new_from_listener(void)2518 static int test_ssl_new_from_listener(void)
2519 {
2520     SSL_CTX *lctx = NULL, *sctx = NULL;
2521     SSL *qlistener = NULL, *qserver = NULL, *qconn = 0;
2522     int testresult = 0;
2523     int chk;
2524     BIO *lbio = NULL, *sbio = NULL;
2525     BIO_ADDR *addr = NULL;
2526     struct in_addr ina;
2527 
2528     ina.s_addr = htonl(0x1f000001);
2529     if (!TEST_ptr(lctx = create_server_ctx())
2530         || !TEST_ptr(sctx = create_server_ctx())
2531         || !TEST_true(BIO_new_bio_dgram_pair(&lbio, 0, &sbio, 0)))
2532         goto err;
2533 
2534     if (!TEST_ptr(addr = create_addr(&ina, 8040)))
2535         goto err;
2536 
2537     if (!TEST_true(bio_addr_bind(lbio, addr)))
2538         goto err;
2539     addr = NULL;
2540 
2541     if (!TEST_ptr(addr = create_addr(&ina, 4080)))
2542         goto err;
2543 
2544     if (!TEST_true(bio_addr_bind(sbio, addr)))
2545         goto err;
2546     addr = NULL;
2547 
2548     qlistener = ql_create(lctx, lbio);
2549     lbio = NULL;
2550     if (!TEST_ptr(qlistener))
2551         goto err;
2552 
2553     qserver = ql_create(sctx, sbio);
2554     sbio = NULL;
2555     if (!TEST_ptr(qserver))
2556         goto err;
2557 
2558     if (!TEST_ptr(qconn = SSL_new_from_listener(qlistener, 0)))
2559         goto err;
2560 
2561     if (!TEST_ptr(addr = create_addr(&ina, 4080)))
2562         goto err;
2563 
2564     chk = qc_init(qconn, addr);
2565     if (!TEST_true(chk))
2566         goto err;
2567 
2568     while ((chk = SSL_do_handshake(qconn)) == -1) {
2569         SSL_handle_events(qserver);
2570         SSL_handle_events(qlistener);
2571     }
2572 
2573     if (!TEST_int_gt(chk, 0)) {
2574         TEST_info("SSL_do_handshake() failed\n");
2575         goto err;
2576     }
2577 
2578     testresult = 1;
2579  err:
2580     SSL_free(qconn);
2581     SSL_free(qlistener);
2582     SSL_free(qserver);
2583     BIO_free(lbio);
2584     BIO_free(sbio);
2585     SSL_CTX_free(sctx);
2586     SSL_CTX_free(lctx);
2587     BIO_ADDR_free(addr);
2588 
2589     return testresult;
2590 }
2591 
test_server_method_with_ssl_new(void)2592 static int test_server_method_with_ssl_new(void)
2593 {
2594     SSL_CTX *ctx = NULL;
2595     SSL *ssl = NULL;
2596     int ret = 0;
2597     unsigned long err;
2598 
2599     /* Create a new SSL_CTX using the QUIC server method */
2600     ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_server_method());
2601     if (!TEST_ptr(ctx))
2602         goto end;
2603 
2604     /* Try to create a new SSL object - this should fail */
2605     ssl = SSL_new(ctx);
2606 
2607     /* Check that SSL_new() returned NULL */
2608     if (!TEST_ptr_null(ssl))
2609         goto end;
2610 
2611     /* Check for the expected error */
2612     err = ERR_peek_error();
2613     if (!TEST_true(ERR_GET_LIB(err) == ERR_LIB_SSL &&
2614                    ERR_GET_REASON(err) == ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED))
2615         goto end;
2616 
2617     ret = 1;
2618 
2619 end:
2620     SSL_free(ssl);
2621     SSL_CTX_free(ctx);
2622     return ret;
2623 }
2624 
create_quic_ssl_objects(SSL_CTX * sctx,SSL_CTX * cctx,SSL ** lssl,SSL ** cssl)2625 static int create_quic_ssl_objects(SSL_CTX *sctx, SSL_CTX *cctx,
2626                                    SSL **lssl, SSL **cssl)
2627 {
2628     BIO_ADDR *addr = NULL;
2629     struct in_addr ina;
2630     BIO *cbio = NULL, *sbio = NULL;
2631     int ret = 0;
2632 
2633     *cssl = *lssl = NULL;
2634     ina.s_addr = htonl(0x1f000001);
2635 
2636     if (!TEST_true(BIO_new_bio_dgram_pair(&cbio, 0, &sbio, 0)))
2637         goto err;
2638 
2639     if (!TEST_ptr(addr = create_addr(&ina, 8040)))
2640         goto err;
2641 
2642     if (!TEST_true(bio_addr_bind(sbio, addr)))
2643         goto err;
2644     addr = NULL;
2645 
2646     *lssl = ql_create(sctx, sbio);
2647     sbio = NULL;
2648     if (!TEST_ptr(*lssl))
2649         goto err;
2650 
2651     if (!TEST_ptr(*cssl = SSL_new(cctx)))
2652         goto err;
2653 
2654     if (!TEST_ptr(addr = create_addr(&ina, 8040)))
2655         goto err;
2656     if (!TEST_true(bio_addr_bind(cbio, addr)))
2657         goto err;
2658 
2659     if (!TEST_true(qc_init(*cssl, addr))) {
2660         addr = NULL;
2661         goto err;
2662     }
2663     addr = NULL;
2664     SSL_set_bio(*cssl, cbio, cbio);
2665     cbio = NULL;
2666 
2667     ret = 1;
2668 
2669  err:
2670     if (!ret) {
2671         SSL_free(*cssl);
2672         SSL_free(*lssl);
2673         *cssl = *lssl = NULL;
2674     }
2675     BIO_free(cbio);
2676     BIO_free(sbio);
2677     BIO_ADDR_free(addr);
2678 
2679     return ret;
2680 }
2681 
test_ssl_accept_connection(void)2682 static int test_ssl_accept_connection(void)
2683 {
2684     SSL_CTX *cctx = NULL, *sctx = NULL;
2685     SSL *clientssl = NULL, *serverssl = NULL, *qlistener = NULL;
2686     int testresult = 0;
2687     int ret, i;
2688 
2689     if (!TEST_ptr(sctx = create_server_ctx())
2690         || !TEST_ptr(cctx = create_client_ctx()))
2691         goto err;
2692 
2693     if (!create_quic_ssl_objects(sctx, cctx, &qlistener, &clientssl))
2694         goto err;
2695 
2696     /* Calling SSL_accept() on a listener is expected to fail */
2697     ret = SSL_accept(qlistener);
2698     if (!TEST_int_le(ret, 0)
2699         || !TEST_int_eq(SSL_get_error(qlistener, ret), SSL_ERROR_SSL))
2700         goto err;
2701 
2702     /* Send ClientHello and server retry */
2703     for (i = 0; i < 2; i++) {
2704         ret = SSL_connect(clientssl);
2705         if (!TEST_int_le(ret, 0)
2706             || !TEST_int_eq(SSL_get_error(clientssl, ret), SSL_ERROR_WANT_READ))
2707             goto err;
2708         SSL_handle_events(qlistener);
2709     }
2710 
2711     /* We expect a server SSL object which has not yet completed its handshake */
2712     serverssl = SSL_accept_connection(qlistener, 0);
2713     if (!TEST_ptr(serverssl) || !TEST_false(SSL_is_init_finished(serverssl)))
2714         goto err;
2715 
2716     /* Call SSL_accept() and SSL_connect() until we are connected */
2717     if (!TEST_true(create_bare_ssl_connection(serverssl, clientssl,
2718                                               SSL_ERROR_NONE, 0, 0)))
2719         goto err;
2720 
2721     testresult = 1;
2722 
2723  err:
2724     SSL_free(serverssl);
2725     SSL_free(clientssl);
2726     SSL_free(qlistener);
2727     SSL_CTX_free(sctx);
2728     SSL_CTX_free(cctx);
2729 
2730     return testresult;
2731 }
2732 
2733 static SSL *quic_verify_ssl = NULL;
2734 
quic_verify_cb(int ok,X509_STORE_CTX * ctx)2735 static int quic_verify_cb(int ok, X509_STORE_CTX *ctx)
2736 {
2737     SSL *cssl = (SSL *)X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
2738 
2739     /* Confirm we got the SSL object we were expecting */
2740     return TEST_ptr_eq(cssl, quic_verify_ssl);
2741 }
2742 
test_ssl_set_verify(void)2743 static int test_ssl_set_verify(void)
2744 {
2745     SSL_CTX *cctx = NULL, *sctx = NULL;
2746     SSL *clientssl = NULL, *serverssl = NULL, *qlistener = NULL;
2747     int testresult = 0;
2748     int ret, i;
2749 
2750     if (!TEST_ptr(sctx = create_server_ctx())
2751         || !TEST_ptr(cctx = create_client_ctx()))
2752         goto err;
2753 
2754     if (!create_quic_ssl_objects(sctx, cctx, &qlistener, &clientssl))
2755         goto err;
2756 
2757     quic_verify_ssl = clientssl;
2758     SSL_set_verify(clientssl, SSL_VERIFY_PEER, quic_verify_cb);
2759 
2760     /* Send ClientHello and server retry */
2761     for (i = 0; i < 2; i++) {
2762         ret = SSL_connect(clientssl);
2763         if (!TEST_int_le(ret, 0)
2764             || !TEST_int_eq(SSL_get_error(clientssl, ret), SSL_ERROR_WANT_READ))
2765             goto err;
2766         SSL_handle_events(qlistener);
2767     }
2768 
2769     /* We expect a server SSL object which has not yet completed its handshake */
2770     serverssl = SSL_accept_connection(qlistener, 0);
2771 
2772     /* Call SSL_accept() and SSL_connect() until we are connected */
2773     if (!TEST_true(create_bare_ssl_connection(serverssl, clientssl,
2774                                               SSL_ERROR_NONE, 0, 0)))
2775         goto err;
2776 
2777     testresult = 1;
2778 
2779  err:
2780     SSL_free(serverssl);
2781     SSL_free(clientssl);
2782     SSL_free(qlistener);
2783     SSL_CTX_free(sctx);
2784     SSL_CTX_free(cctx);
2785 
2786     return testresult;
2787 }
2788 
2789 /*
2790  * When the server has a different primary group than the client, the server
2791  * should not fail on the client hello retry.
2792  */
test_client_hello_retry(void)2793 static int test_client_hello_retry(void)
2794 {
2795 #if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECX)
2796     SSL_CTX *cctx = NULL, *sctx = NULL;
2797     SSL *clientssl = NULL, *serverssl = NULL, *qlistener = NULL;
2798     int testresult = 0, i = 0, ret = 0;
2799 
2800     if (!TEST_ptr(sctx = create_server_ctx())
2801         || !TEST_ptr(cctx = create_client_ctx()))
2802         goto err;
2803     /*
2804      * set the specific groups for the test
2805      */
2806     if (!TEST_true(SSL_CTX_set1_groups_list(cctx, "secp384r1:secp256r1")))
2807         goto err;
2808     if (!TEST_true(SSL_CTX_set1_groups_list(sctx, "secp256r1")))
2809         goto err;
2810 
2811     if (!create_quic_ssl_objects(sctx, cctx, &qlistener, &clientssl))
2812         goto err;
2813 
2814     /* Send ClientHello and server retry */
2815     for (i = 0; i < 2; i++) {
2816         ret = SSL_connect(clientssl);
2817         if (!TEST_int_le(ret, 0)
2818             || !TEST_int_eq(SSL_get_error(clientssl, ret), SSL_ERROR_WANT_READ))
2819             goto err;
2820         SSL_handle_events(qlistener);
2821     }
2822 
2823     /* We expect a server SSL object which has not yet completed its handshake */
2824     serverssl = SSL_accept_connection(qlistener, 0);
2825 
2826     /* Call SSL_accept() and SSL_connect() until we are connected */
2827     if (!TEST_true(create_bare_ssl_connection(serverssl, clientssl,
2828                                               SSL_ERROR_NONE, 0, 0)))
2829         goto err;
2830 
2831     testresult = 1;
2832 
2833 err:
2834     SSL_CTX_free(cctx);
2835     SSL_CTX_free(sctx);
2836     SSL_free(clientssl);
2837     SSL_free(serverssl);
2838     SSL_free(qlistener);
2839 
2840     return testresult;
2841 #else
2842     return TEST_skip("EC(X) keys are not supported in this build");
2843 #endif
2844 }
2845 /***********************************************************************************/
2846 OPT_TEST_DECLARE_USAGE("provider config certsdir datadir\n")
2847 
setup_tests(void)2848 int setup_tests(void)
2849 {
2850     char *modulename;
2851     char *configfile;
2852 
2853     libctx = OSSL_LIB_CTX_new();
2854     if (!TEST_ptr(libctx))
2855         return 0;
2856 
2857     defctxnull = OSSL_PROVIDER_load(NULL, "null");
2858 
2859     /*
2860      * Verify that the default and fips providers in the default libctx are not
2861      * available
2862      */
2863     if (!TEST_false(OSSL_PROVIDER_available(NULL, "default"))
2864             || !TEST_false(OSSL_PROVIDER_available(NULL, "fips")))
2865         goto err;
2866 
2867     if (!test_skip_common_options()) {
2868         TEST_error("Error parsing test options\n");
2869         goto err;
2870     }
2871 
2872     if (!TEST_ptr(modulename = test_get_argument(0))
2873             || !TEST_ptr(configfile = test_get_argument(1))
2874             || !TEST_ptr(certsdir = test_get_argument(2))
2875             || !TEST_ptr(datadir = test_get_argument(3)))
2876         goto err;
2877 
2878     if (!TEST_true(OSSL_LIB_CTX_load_config(libctx, configfile)))
2879         goto err;
2880 
2881     /* Check we have the expected provider available */
2882     if (!TEST_true(OSSL_PROVIDER_available(libctx, modulename)))
2883         goto err;
2884 
2885     /* Check the default provider is not available */
2886     if (strcmp(modulename, "default") != 0
2887             && !TEST_false(OSSL_PROVIDER_available(libctx, "default")))
2888         goto err;
2889 
2890     if (strcmp(modulename, "fips") == 0)
2891         is_fips = 1;
2892 
2893     cert = test_mk_file_path(certsdir, "servercert.pem");
2894     if (cert == NULL)
2895         goto err;
2896 
2897     ccert = test_mk_file_path(certsdir, "ee-client-chain.pem");
2898     if (ccert == NULL)
2899         goto err;
2900 
2901     cauthca = test_mk_file_path(certsdir, "root-cert.pem");
2902     if (cauthca == NULL)
2903         goto err;
2904 
2905     privkey = test_mk_file_path(certsdir, "serverkey.pem");
2906     if (privkey == NULL)
2907         goto err;
2908 
2909     cprivkey = test_mk_file_path(certsdir, "ee-key.pem");
2910     if (privkey == NULL)
2911         goto err;
2912 
2913     ADD_ALL_TESTS(test_quic_write_read, 3);
2914     ADD_TEST(test_fin_only_blocking);
2915     ADD_TEST(test_ciphersuites);
2916     ADD_TEST(test_cipher_find);
2917     ADD_TEST(test_version);
2918 #if defined(DO_SSL_TRACE_TEST)
2919     ADD_TEST(test_ssl_trace);
2920 #endif
2921     ADD_TEST(test_quic_forbidden_apis_ctx);
2922     ADD_TEST(test_quic_forbidden_apis);
2923     ADD_TEST(test_quic_forbidden_options);
2924     ADD_ALL_TESTS(test_quic_set_fd, 3);
2925     ADD_TEST(test_bio_ssl);
2926     ADD_TEST(test_back_pressure);
2927     ADD_TEST(test_multiple_dgrams);
2928     ADD_ALL_TESTS(test_non_io_retry, 2);
2929     ADD_TEST(test_quic_psk);
2930     ADD_ALL_TESTS(test_client_auth, 3);
2931     ADD_ALL_TESTS(test_alpn, 2);
2932     ADD_ALL_TESTS(test_noisy_dgram, 2);
2933     ADD_TEST(test_bw_limit);
2934     ADD_TEST(test_get_shutdown);
2935     ADD_ALL_TESTS(test_tparam, OSSL_NELEM(tparam_tests));
2936     ADD_TEST(test_session_cb);
2937     ADD_TEST(test_domain_flags);
2938     ADD_TEST(test_early_ticks);
2939     ADD_TEST(test_ssl_new_from_listener);
2940 #ifndef OPENSSL_NO_SSL_TRACE
2941     ADD_TEST(test_new_token);
2942 #endif
2943     ADD_TEST(test_server_method_with_ssl_new);
2944     ADD_TEST(test_ssl_accept_connection);
2945     ADD_TEST(test_ssl_set_verify);
2946     ADD_TEST(test_client_hello_retry);
2947     return 1;
2948  err:
2949     cleanup_tests();
2950     return 0;
2951 }
2952 
cleanup_tests(void)2953 void cleanup_tests(void)
2954 {
2955     bio_f_noisy_dgram_filter_free();
2956     bio_f_pkt_split_dgram_filter_free();
2957     OPENSSL_free(cert);
2958     OPENSSL_free(privkey);
2959     OPENSSL_free(ccert);
2960     OPENSSL_free(cauthca);
2961     OPENSSL_free(cprivkey);
2962     OSSL_PROVIDER_unload(defctxnull);
2963     OSSL_LIB_CTX_free(libctx);
2964 }
2965