1 /*
2 * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stdio.h>
11 #include <string.h>
12
13 #include <openssl/opensslconf.h>
14 #include <openssl/quic.h>
15 #include <openssl/rand.h>
16
17 #include "helpers/ssltestlib.h"
18 #include "helpers/quictestlib.h"
19 #include "testutil.h"
20 #include "testutil/output.h"
21 #include "../ssl/ssl_local.h"
22 #include "internal/quic_error.h"
23
24 static OSSL_LIB_CTX *libctx = NULL;
25 static OSSL_PROVIDER *defctxnull = NULL;
26 static char *certsdir = NULL;
27 static char *cert = NULL;
28 static char *ccert = NULL;
29 static char *cauthca = NULL;
30 static char *privkey = NULL;
31 static char *cprivkey = NULL;
32 static char *datadir = NULL;
33
34 static int is_fips = 0;
35
36 /* The ssltrace test assumes some options are switched on/off */
37 #if !defined(OPENSSL_NO_SSL_TRACE) \
38 && defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) \
39 && !defined(OPENSSL_NO_ECX) && !defined(OPENSSL_NO_DH) \
40 && !defined(OPENSSL_NO_ML_DSA) && !defined(OPENSSL_NO_ML_KEM)
41 # define DO_SSL_TRACE_TEST
42 #endif
43
44 /*
45 * Test that we read what we've written.
46 * Test 0: Non-blocking
47 * Test 1: Blocking
48 * Test 2: Blocking, introduce socket error, test error handling.
49 */
test_quic_write_read(int idx)50 static int test_quic_write_read(int idx)
51 {
52 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
53 SSL_CTX *sctx = NULL;
54 SSL *clientquic = NULL;
55 QUIC_TSERVER *qtserv = NULL;
56 int j, k, ret = 0;
57 unsigned char buf[20], scratch[64];
58 static char *msg = "A test message";
59 size_t msglen = strlen(msg);
60 size_t numbytes = 0;
61 int ssock = 0, csock = 0;
62 uint64_t sid = UINT64_MAX;
63 SSL_SESSION *sess = NULL;
64
65 if (idx >= 1 && !qtest_supports_blocking())
66 return TEST_skip("Blocking tests not supported in this build");
67
68 for (k = 0; k < 2; k++) {
69 if (!TEST_ptr(cctx)
70 || !TEST_true(qtest_create_quic_objects(libctx, cctx, sctx,
71 cert, privkey,
72 idx >= 1
73 ? QTEST_FLAG_BLOCK
74 : 0,
75 &qtserv, &clientquic,
76 NULL, NULL))
77 || !TEST_true(SSL_set_tlsext_host_name(clientquic, "localhost")))
78 goto end;
79
80 if (sess != NULL && !TEST_true(SSL_set_session(clientquic, sess)))
81 goto end;
82
83 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
84 goto end;
85
86 if (idx >= 1) {
87 if (!TEST_true(BIO_get_fd(ossl_quic_tserver_get0_rbio(qtserv),
88 &ssock)))
89 goto end;
90 if (!TEST_int_gt(csock = SSL_get_rfd(clientquic), 0))
91 goto end;
92 }
93
94 sid = 0; /* client-initiated bidirectional stream */
95
96 for (j = 0; j < 2; j++) {
97 /* Check that sending and receiving app data is ok */
98 if (!TEST_true(SSL_write_ex(clientquic, msg, msglen, &numbytes))
99 || !TEST_size_t_eq(numbytes, msglen))
100 goto end;
101 if (idx >= 1) {
102 do {
103 if (!TEST_true(wait_until_sock_readable(ssock)))
104 goto end;
105
106 ossl_quic_tserver_tick(qtserv);
107
108 if (!TEST_true(ossl_quic_tserver_read(qtserv, sid, buf,
109 sizeof(buf),
110 &numbytes)))
111 goto end;
112 } while (numbytes == 0);
113
114 if (!TEST_mem_eq(buf, numbytes, msg, msglen))
115 goto end;
116 }
117
118 if (idx >= 2 && j > 0)
119 /* Introduce permanent socket error */
120 BIO_closesocket(csock);
121
122 ossl_quic_tserver_tick(qtserv);
123 if (!TEST_true(ossl_quic_tserver_write(qtserv, sid,
124 (unsigned char *)msg,
125 msglen, &numbytes)))
126 goto end;
127 ossl_quic_tserver_tick(qtserv);
128 SSL_handle_events(clientquic);
129
130 if (idx >= 2 && j > 0) {
131 if (!TEST_false(SSL_read_ex(clientquic, buf, 1, &numbytes))
132 || !TEST_int_eq(SSL_get_error(clientquic, 0),
133 SSL_ERROR_SYSCALL)
134 || !TEST_false(SSL_write_ex(clientquic, msg, msglen,
135 &numbytes))
136 || !TEST_int_eq(SSL_get_error(clientquic, 0),
137 SSL_ERROR_SYSCALL))
138 goto end;
139 break;
140 }
141
142 /*
143 * In blocking mode the SSL_read_ex call will block until the socket
144 * is readable and has our data. In non-blocking mode we're doing
145 * everything in memory, so it should be immediately available
146 */
147 if (!TEST_true(SSL_read_ex(clientquic, buf, 1, &numbytes))
148 || !TEST_size_t_eq(numbytes, 1)
149 || !TEST_true(SSL_has_pending(clientquic))
150 || !TEST_int_eq(SSL_pending(clientquic), msglen - 1)
151 || !TEST_true(SSL_read_ex(clientquic, buf + 1,
152 sizeof(buf) - 1, &numbytes))
153 || !TEST_mem_eq(buf, numbytes + 1, msg, msglen))
154 goto end;
155 }
156
157 /* Test that exporters work. */
158 if (!TEST_true(SSL_export_keying_material(clientquic, scratch,
159 sizeof(scratch), "test", 4, (unsigned char *)"ctx", 3,
160 1)))
161 goto end;
162
163 if (sess == NULL) {
164 /* We didn't supply a session so we're not expecting resumption */
165 if (!TEST_false(SSL_session_reused(clientquic)))
166 goto end;
167 /* We should have a session ticket by now */
168 sess = SSL_get1_session(clientquic);
169 if (!TEST_ptr(sess))
170 goto end;
171 } else {
172 /* We supplied a session so we should have resumed */
173 if (!TEST_true(SSL_session_reused(clientquic)))
174 goto end;
175 }
176
177 if (!TEST_true(qtest_shutdown(qtserv, clientquic)))
178 goto end;
179
180 if (sctx == NULL) {
181 sctx = ossl_quic_tserver_get0_ssl_ctx(qtserv);
182 if (!TEST_true(SSL_CTX_up_ref(sctx))) {
183 sctx = NULL;
184 goto end;
185 }
186 }
187 ossl_quic_tserver_free(qtserv);
188 qtserv = NULL;
189 SSL_free(clientquic);
190 clientquic = NULL;
191
192 if (idx >= 2)
193 break;
194 }
195
196 ret = 1;
197
198 end:
199 SSL_SESSION_free(sess);
200 ossl_quic_tserver_free(qtserv);
201 SSL_free(clientquic);
202 SSL_CTX_free(cctx);
203 SSL_CTX_free(sctx);
204
205 return ret;
206 }
207
208 /*
209 * Test that sending FIN with no data to a client blocking in SSL_read_ex() will
210 * wake up the client.
211 */
test_fin_only_blocking(void)212 static int test_fin_only_blocking(void)
213 {
214 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
215 SSL_CTX *sctx = NULL;
216 SSL *clientquic = NULL;
217 QUIC_TSERVER *qtserv = NULL;
218 const char *msg = "Hello World";
219 uint64_t sid;
220 size_t numbytes;
221 unsigned char buf[32];
222 int ret = 0;
223 OSSL_TIME timer, timediff;
224
225 if (!qtest_supports_blocking())
226 return TEST_skip("Blocking tests not supported in this build");
227
228 if (!TEST_ptr(cctx)
229 || !TEST_true(qtest_create_quic_objects(libctx, cctx, sctx,
230 cert, privkey,
231 QTEST_FLAG_BLOCK,
232 &qtserv, &clientquic,
233 NULL, NULL))
234 || !TEST_true(SSL_set_tlsext_host_name(clientquic, "localhost")))
235 goto end;
236
237 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
238 goto end;
239
240 if (!TEST_true(ossl_quic_tserver_stream_new(qtserv, 0, &sid))
241 || !TEST_true(ossl_quic_tserver_write(qtserv, sid,
242 (unsigned char *)msg,
243 strlen(msg), &numbytes))
244 || !TEST_size_t_eq(strlen(msg), numbytes))
245 goto end;
246
247 ossl_quic_tserver_tick(qtserv);
248
249 if (!TEST_true(SSL_read_ex(clientquic, buf, sizeof(buf), &numbytes))
250 || !TEST_mem_eq(msg, strlen(msg), buf, numbytes))
251
252
253 goto end;
254
255 if (!TEST_true(ossl_quic_tserver_conclude(qtserv, sid)))
256 goto end;
257
258 timer = ossl_time_now();
259 if (!TEST_false(SSL_read_ex(clientquic, buf, sizeof(buf), &numbytes)))
260 goto end;
261 timediff = ossl_time_subtract(ossl_time_now(), timer);
262
263 if (!TEST_int_eq(SSL_get_error(clientquic, 0), SSL_ERROR_ZERO_RETURN)
264 /*
265 * We expect the SSL_read_ex to not have blocked so this should
266 * be very fast. 40ms should be plenty.
267 */
268 || !TEST_uint64_t_le(ossl_time2ms(timediff), 40))
269 goto end;
270
271 if (!TEST_true(qtest_shutdown(qtserv, clientquic)))
272 goto end;
273
274 ret = 1;
275
276 end:
277 ossl_quic_tserver_free(qtserv);
278 SSL_free(clientquic);
279 SSL_CTX_free(cctx);
280 SSL_CTX_free(sctx);
281
282 return ret;
283 }
284
285 /* Test that a vanilla QUIC SSL object has the expected ciphersuites available */
test_ciphersuites(void)286 static int test_ciphersuites(void)
287 {
288 SSL_CTX *ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
289 SSL *ssl = NULL;
290 int testresult = 0;
291 const STACK_OF(SSL_CIPHER) *ciphers = NULL;
292 const SSL_CIPHER *cipher;
293 /* We expect this exact list of ciphersuites by default */
294 int cipherids[] = {
295 TLS1_3_CK_AES_256_GCM_SHA384,
296 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
297 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
298 #endif
299 TLS1_3_CK_AES_128_GCM_SHA256
300 };
301 size_t i, j;
302
303 if (!TEST_ptr(ctx))
304 return 0;
305
306 /*
307 * Attempting to set TLSv1.2 ciphersuites should succeed, even though they
308 * aren't used in QUIC.
309 */
310 if (!TEST_true(SSL_CTX_set_cipher_list(ctx, "DEFAULT")))
311 goto err;
312
313 ssl = SSL_new(ctx);
314 if (!TEST_ptr(ssl))
315 goto err;
316
317 if (!TEST_true(SSL_set_cipher_list(ssl, "DEFAULT")))
318 goto err;
319
320 ciphers = SSL_get_ciphers(ssl);
321
322 for (i = 0, j = 0; i < OSSL_NELEM(cipherids); i++) {
323 if (cipherids[i] == TLS1_3_CK_CHACHA20_POLY1305_SHA256 && is_fips)
324 continue;
325 cipher = sk_SSL_CIPHER_value(ciphers, j++);
326 if (!TEST_ptr(cipher))
327 goto err;
328 if (!TEST_uint_eq(SSL_CIPHER_get_id(cipher), cipherids[i]))
329 goto err;
330 }
331
332 /* We should have checked all the ciphers in the stack */
333 if (!TEST_int_eq(sk_SSL_CIPHER_num(ciphers), j))
334 goto err;
335
336 testresult = 1;
337 err:
338 SSL_free(ssl);
339 SSL_CTX_free(ctx);
340
341 return testresult;
342 }
343
test_cipher_find(void)344 static int test_cipher_find(void)
345 {
346 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
347 SSL *clientquic = NULL;
348 struct {
349 const unsigned char *cipherbytes;
350 int ok;
351 } testciphers[] = {
352 { TLS13_AES_128_GCM_SHA256_BYTES, 1 },
353 { TLS13_AES_256_GCM_SHA384_BYTES, 1 },
354 { TLS13_CHACHA20_POLY1305_SHA256_BYTES, 1 },
355 { TLS13_AES_128_CCM_SHA256_BYTES, 0 },
356 { TLS13_AES_128_CCM_8_SHA256_BYTES, 0 },
357 #if !defined(OPENSSL_NO_INTEGRITY_ONLY_CIPHERS)
358 { TLS13_SHA256_SHA256_BYTES, 0 },
359 { TLS13_SHA384_SHA384_BYTES, 0 }
360 #endif
361 };
362 size_t i;
363 int testresult = 0;
364
365 if (!TEST_ptr(cctx))
366 goto err;
367
368 clientquic = SSL_new(cctx);
369 if (!TEST_ptr(clientquic))
370 goto err;
371
372 for (i = 0; i < OSSL_NELEM(testciphers); i++)
373 if (testciphers[i].ok) {
374 if (!TEST_ptr(SSL_CIPHER_find(clientquic,
375 testciphers[i].cipherbytes)))
376 goto err;
377 } else {
378 if (!TEST_ptr_null(SSL_CIPHER_find(clientquic,
379 testciphers[i].cipherbytes)))
380 goto err;
381 }
382
383 testresult = 1;
384 err:
385 SSL_free(clientquic);
386 SSL_CTX_free(cctx);
387
388 return testresult;
389 }
390
391 /*
392 * Test that SSL_version, SSL_get_version, SSL_is_quic, SSL_is_tls and
393 * SSL_is_dtls return the expected results for a QUIC connection. Compare with
394 * test_version() in sslapitest.c which does the same thing for TLS/DTLS
395 * connections.
396 */
test_version(void)397 static int test_version(void)
398 {
399 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
400 SSL *clientquic = NULL;
401 QUIC_TSERVER *qtserv = NULL;
402 int testresult = 0;
403
404 if (!TEST_ptr(cctx)
405 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
406 privkey, 0, &qtserv,
407 &clientquic, NULL, NULL))
408 || !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
409 goto err;
410
411 if (!TEST_int_eq(SSL_version(clientquic), OSSL_QUIC1_VERSION)
412 || !TEST_str_eq(SSL_get_version(clientquic), "QUICv1"))
413 goto err;
414
415 if (!TEST_true(SSL_is_quic(clientquic))
416 || !TEST_false(SSL_is_tls(clientquic))
417 || !TEST_false(SSL_is_dtls(clientquic)))
418 goto err;
419
420
421 testresult = 1;
422 err:
423 ossl_quic_tserver_free(qtserv);
424 SSL_free(clientquic);
425 SSL_CTX_free(cctx);
426
427 return testresult;
428 }
429
430 #if defined(DO_SSL_TRACE_TEST)
strip_line_ends(char * str)431 static void strip_line_ends(char *str)
432 {
433 size_t i;
434
435 for (i = strlen(str);
436 i > 0 && (str[i - 1] == '\n' || str[i - 1] == '\r');
437 i--);
438
439 str[i] = '\0';
440 }
441
compare_with_file(BIO * membio)442 static int compare_with_file(BIO *membio)
443 {
444 BIO *file = NULL, *newfile = NULL;
445 char buf1[8192], buf2[8192];
446 char *reffile;
447 int ret = 0;
448 size_t i;
449
450 #ifdef OPENSSL_NO_ZLIB
451 reffile = test_mk_file_path(datadir, "ssltraceref.txt");
452 #else
453 reffile = test_mk_file_path(datadir, "ssltraceref-zlib.txt");
454 #endif
455 if (!TEST_ptr(reffile))
456 goto err;
457
458 file = BIO_new_file(reffile, "rb");
459 if (!TEST_ptr(file))
460 goto err;
461
462 newfile = BIO_new_file("ssltraceref-new.txt", "wb");
463 if (!TEST_ptr(newfile))
464 goto err;
465
466 while (BIO_gets(membio, buf2, sizeof(buf2)) > 0)
467 if (BIO_puts(newfile, buf2) <= 0) {
468 TEST_error("Failed writing new file data");
469 goto err;
470 }
471
472 if (!TEST_int_ge(BIO_seek(membio, 0), 0))
473 goto err;
474
475 while (BIO_gets(file, buf1, sizeof(buf1)) > 0) {
476 size_t line_len;
477
478 if (BIO_gets(membio, buf2, sizeof(buf2)) <= 0) {
479 TEST_error("Failed reading mem data");
480 goto err;
481 }
482 strip_line_ends(buf1);
483 strip_line_ends(buf2);
484 line_len = strlen(buf1);
485 if (line_len > 0 && buf1[line_len - 1] == '?') {
486 /* Wildcard at the EOL means ignore anything after it */
487 if (strlen(buf2) > line_len)
488 buf2[line_len] = '\0';
489 }
490 if (line_len != strlen(buf2)) {
491 TEST_error("Actual and ref line data length mismatch");
492 TEST_info("%s", buf1);
493 TEST_info("%s", buf2);
494 goto err;
495 }
496 for (i = 0; i < line_len; i++) {
497 /* '?' is a wild card character in the reference text */
498 if (buf1[i] == '?')
499 buf2[i] = '?';
500 }
501 if (!TEST_str_eq(buf1, buf2))
502 goto err;
503 }
504 if (!TEST_true(BIO_eof(file))
505 || !TEST_true(BIO_eof(membio)))
506 goto err;
507
508 ret = 1;
509 err:
510 OPENSSL_free(reffile);
511 BIO_free(file);
512 BIO_free(newfile);
513 return ret;
514 }
515
516 /*
517 * Tests that the SSL_trace() msg_callback works as expected with a QUIC
518 * connection. This also provides testing of the msg_callback at the same time.
519 */
test_ssl_trace(void)520 static int test_ssl_trace(void)
521 {
522 SSL_CTX *cctx = NULL;
523 SSL *clientquic = NULL;
524 QUIC_TSERVER *qtserv = NULL;
525 int testresult = 0;
526 BIO *bio = NULL;
527
528 if (!TEST_ptr(cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()))
529 || !TEST_ptr(bio = BIO_new(BIO_s_mem()))
530 || !TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_128_GCM_SHA256"))
531 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
532 privkey,
533 QTEST_FLAG_FAKE_TIME,
534 &qtserv,
535 &clientquic, NULL, NULL)))
536 goto err;
537
538 SSL_set_msg_callback(clientquic, SSL_trace);
539 SSL_set_msg_callback_arg(clientquic, bio);
540
541 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
542 goto err;
543
544 /* Skip the comparison of the trace when the fips provider is used. */
545 if (is_fips) {
546 /* Check whether there was something written. */
547 if (!TEST_int_gt(BIO_pending(bio), 0))
548 goto err;
549 } else {
550 if (!TEST_true(compare_with_file(bio)))
551 goto err;
552 }
553
554 testresult = 1;
555 err:
556 ossl_quic_tserver_free(qtserv);
557 SSL_free(clientquic);
558 SSL_CTX_free(cctx);
559 BIO_free(bio);
560
561 return testresult;
562 }
563 #endif
564
565 #ifndef OPENSSL_NO_SSL_TRACE
566 enum {
567 INITIAL = 0,
568 GATHER_TOKEN = 1,
569 CHECK_TOKEN = 2,
570 SUCCESS = 3,
571 FAILED = 4
572 };
573
find_new_token_data(BIO * membio)574 static int find_new_token_data(BIO *membio)
575 {
576 char buf[1024];
577 int state = INITIAL;
578 char *tmpstring;
579 char *tokenval = NULL;
580 /*
581 * This is a state machine, in which we traverse the ssl trace
582 * looking for a sequence of items
583 * The states are:
584 * +---Current State---|----------Action-------------|---Next State---+
585 * | INITIAL | "Received Frame: New token" | GATHER_TOKEN |
586 * | | !"Received Frame: New token"| INITIAL |
587 * |-------------------|-----------------------------|----------------|
588 * | GATHER_TOKEN | "Token: <TOKENVAL>" | CHECK_TOKEN |
589 * | | !"Token: <TOKENVAL>" | FAILED |
590 * |-------------------|-----------------------------|----------------|
591 * | CHECK_TOKEN | "Token: <TOKENVAL>" | SUCCESS |
592 * | | EOF | FAILED |
593 * +-------------------|-----------------------------|----------------|
594 */
595
596 while (state != SUCCESS
597 && state != FAILED
598 && BIO_gets(membio, buf, sizeof(buf)) > 0) {
599 switch (state) {
600 case INITIAL:
601 if (strstr(buf, "Received Frame: New token"))
602 state = GATHER_TOKEN;
603 break;
604 case GATHER_TOKEN:
605 TEST_info("Found New Token Marker\n");
606 tmpstring = strstr(buf, "Token: ");
607 if (tmpstring == NULL) {
608 TEST_info("Next line did not contain a new token\n");
609 state = FAILED;
610 } else {
611 if (!TEST_ptr(tokenval = OPENSSL_strdup(tmpstring)))
612 return 0;
613 state = CHECK_TOKEN;
614 TEST_info("Recorded Token %s\n", tokenval);
615 }
616 break;
617 case CHECK_TOKEN:
618 tmpstring = strstr(buf, "Token: ");
619 if (tmpstring != NULL
620 && !strcmp(tmpstring, tokenval)) {
621 state = SUCCESS;
622 TEST_info("Matched next connection token %s\n", tmpstring);
623 }
624 default:
625 break;
626 }
627 }
628
629 OPENSSL_free(tokenval);
630 return (state == SUCCESS);
631 }
632
test_new_token(void)633 static int test_new_token(void)
634 {
635 SSL_CTX *cctx = NULL;
636 SSL *clientquic = NULL;
637 SSL *clientquic2 = NULL;
638 QUIC_TSERVER *qtserv = NULL;
639 QUIC_TSERVER *qtserv2 = NULL;
640 int testresult = 0;
641 BIO *bio = NULL;
642 char msg[] = "The Quic Brown Fox";
643 size_t written;
644
645 if (!TEST_ptr(cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()))
646 || !TEST_ptr(bio = BIO_new(BIO_s_mem()))
647 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
648 privkey,
649 QTEST_FLAG_FAKE_TIME,
650 &qtserv,
651 &clientquic, NULL, NULL)))
652
653 goto err;
654
655 SSL_set_msg_callback(clientquic, SSL_trace);
656 SSL_set_msg_callback_arg(clientquic, bio);
657
658 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
659 goto err;
660
661 /* Send data from the client */
662 if (!SSL_write_ex(clientquic, msg, sizeof(msg), &written))
663 goto err;
664
665 if (written != sizeof(msg))
666 goto err;
667
668 /* Receive data at the server */
669 ossl_quic_tserver_tick(qtserv);
670
671 if (!TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
672 privkey,
673 QTEST_FLAG_FAKE_TIME,
674 &qtserv2,
675 &clientquic2, NULL, NULL)))
676 goto err;
677
678 SSL_set_msg_callback(clientquic2, SSL_trace);
679 SSL_set_msg_callback_arg(clientquic2, bio);
680
681 /* once we have our new token, create the subsequent connection */
682 if (!TEST_true(qtest_create_quic_connection(qtserv2, clientquic2)))
683 goto err;
684
685 /* Skip the comparison of the trace when the fips provider is used. */
686 if (!TEST_true(find_new_token_data(bio)))
687 goto err;
688
689 testresult = 1;
690 err:
691 ossl_quic_tserver_free(qtserv);
692 ossl_quic_tserver_free(qtserv2);
693 SSL_free(clientquic);
694 SSL_free(clientquic2);
695 SSL_CTX_free(cctx);
696 BIO_free(bio);
697
698 return testresult;
699 }
700 #endif
701
ensure_valid_ciphers(const STACK_OF (SSL_CIPHER)* ciphers)702 static int ensure_valid_ciphers(const STACK_OF(SSL_CIPHER) *ciphers)
703 {
704 size_t i;
705
706 /* Ensure ciphersuite list is suitably subsetted. */
707 for (i = 0; i < (size_t)sk_SSL_CIPHER_num(ciphers); ++i) {
708 const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(ciphers, i);
709 switch (SSL_CIPHER_get_id(cipher)) {
710 case TLS1_3_CK_AES_128_GCM_SHA256:
711 case TLS1_3_CK_AES_256_GCM_SHA384:
712 case TLS1_3_CK_CHACHA20_POLY1305_SHA256:
713 break;
714 default:
715 TEST_error("forbidden cipher: %s", SSL_CIPHER_get_name(cipher));
716 return 0;
717 }
718 }
719
720 return 1;
721 }
722
723 /*
724 * Test that handshake-layer APIs which shouldn't work don't work with QUIC.
725 */
test_quic_forbidden_apis_ctx(void)726 static int test_quic_forbidden_apis_ctx(void)
727 {
728 int testresult = 0;
729 SSL_CTX *ctx = NULL;
730
731 if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
732 goto err;
733
734 #ifndef OPENSSL_NO_SRTP
735 /* This function returns 0 on success and 1 on error, and should fail. */
736 if (!TEST_true(SSL_CTX_set_tlsext_use_srtp(ctx, "SRTP_AEAD_AES_128_GCM")))
737 goto err;
738 #endif
739
740 /*
741 * List of ciphersuites we do and don't allow in QUIC.
742 */
743 #define QUIC_CIPHERSUITES \
744 "TLS_AES_128_GCM_SHA256:" \
745 "TLS_AES_256_GCM_SHA384:" \
746 "TLS_CHACHA20_POLY1305_SHA256"
747
748 #define NON_QUIC_CIPHERSUITES \
749 "TLS_AES_128_CCM_SHA256:" \
750 "TLS_AES_256_CCM_SHA384:" \
751 "TLS_AES_128_CCM_8_SHA256:" \
752 "TLS_SHA256_SHA256:" \
753 "TLS_SHA384_SHA384"
754
755 /* Set TLSv1.3 ciphersuite list for the SSL_CTX. */
756 if (!TEST_true(SSL_CTX_set_ciphersuites(ctx,
757 QUIC_CIPHERSUITES ":"
758 NON_QUIC_CIPHERSUITES)))
759 goto err;
760
761 /*
762 * Forbidden ciphersuites should show up in SSL_CTX accessors, they are only
763 * filtered in SSL_get1_supported_ciphers, so we don't check for
764 * non-inclusion here.
765 */
766
767 testresult = 1;
768 err:
769 SSL_CTX_free(ctx);
770 return testresult;
771 }
772
test_quic_forbidden_apis(void)773 static int test_quic_forbidden_apis(void)
774 {
775 int testresult = 0;
776 SSL_CTX *ctx = NULL;
777 SSL *ssl = NULL;
778 STACK_OF(SSL_CIPHER) *ciphers = NULL;
779
780 if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
781 goto err;
782
783 if (!TEST_ptr(ssl = SSL_new(ctx)))
784 goto err;
785
786 #ifndef OPENSSL_NO_SRTP
787 /* This function returns 0 on success and 1 on error, and should fail. */
788 if (!TEST_true(SSL_set_tlsext_use_srtp(ssl, "SRTP_AEAD_AES_128_GCM")))
789 goto err;
790 #endif
791
792 /* Set TLSv1.3 ciphersuite list for the SSL_CTX. */
793 if (!TEST_true(SSL_set_ciphersuites(ssl,
794 QUIC_CIPHERSUITES ":"
795 NON_QUIC_CIPHERSUITES)))
796 goto err;
797
798 /* Non-QUIC ciphersuites must not appear in supported ciphers list. */
799 if (!TEST_ptr(ciphers = SSL_get1_supported_ciphers(ssl))
800 || !TEST_true(ensure_valid_ciphers(ciphers)))
801 goto err;
802
803 testresult = 1;
804 err:
805 sk_SSL_CIPHER_free(ciphers);
806 SSL_free(ssl);
807 SSL_CTX_free(ctx);
808 return testresult;
809 }
810
test_quic_forbidden_options(void)811 static int test_quic_forbidden_options(void)
812 {
813 int testresult = 0;
814 SSL_CTX *ctx = NULL;
815 SSL *ssl = NULL;
816 char buf[16];
817 size_t len;
818
819 if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
820 goto err;
821
822 /* QUIC options restrictions do not affect SSL_CTX */
823 SSL_CTX_set_options(ctx, UINT64_MAX);
824
825 if (!TEST_uint64_t_eq(SSL_CTX_get_options(ctx), UINT64_MAX))
826 goto err;
827
828 /* Set options on CTX which should not be inherited (tested below). */
829 SSL_CTX_set_read_ahead(ctx, 1);
830 SSL_CTX_set_max_early_data(ctx, 1);
831 SSL_CTX_set_recv_max_early_data(ctx, 1);
832 SSL_CTX_set_quiet_shutdown(ctx, 1);
833
834 if (!TEST_ptr(ssl = SSL_new(ctx)))
835 goto err;
836
837 /* Only permitted options get transferred to SSL object */
838 if (!TEST_uint64_t_eq(SSL_get_options(ssl), OSSL_QUIC_PERMITTED_OPTIONS))
839 goto err;
840
841 /* Try again using SSL_set_options */
842 SSL_set_options(ssl, UINT64_MAX);
843
844 if (!TEST_uint64_t_eq(SSL_get_options(ssl), OSSL_QUIC_PERMITTED_OPTIONS))
845 goto err;
846
847 /* Clear everything */
848 SSL_clear_options(ssl, UINT64_MAX);
849
850 if (!TEST_uint64_t_eq(SSL_get_options(ssl), 0))
851 goto err;
852
853 /* Readahead */
854 if (!TEST_false(SSL_get_read_ahead(ssl)))
855 goto err;
856
857 SSL_set_read_ahead(ssl, 1);
858 if (!TEST_false(SSL_get_read_ahead(ssl)))
859 goto err;
860
861 /* Block padding */
862 if (!TEST_true(SSL_set_block_padding(ssl, 0))
863 || !TEST_true(SSL_set_block_padding(ssl, 1))
864 || !TEST_false(SSL_set_block_padding(ssl, 2)))
865 goto err;
866
867 /* Max fragment length */
868 if (!TEST_true(SSL_set_tlsext_max_fragment_length(ssl, TLSEXT_max_fragment_length_DISABLED))
869 || !TEST_false(SSL_set_tlsext_max_fragment_length(ssl, TLSEXT_max_fragment_length_512)))
870 goto err;
871
872 /* Max early data */
873 if (!TEST_false(SSL_set_recv_max_early_data(ssl, 1))
874 || !TEST_false(SSL_set_max_early_data(ssl, 1)))
875 goto err;
876
877 /* Read/Write */
878 if (!TEST_false(SSL_read_early_data(ssl, buf, sizeof(buf), &len))
879 || !TEST_false(SSL_write_early_data(ssl, buf, sizeof(buf), &len)))
880 goto err;
881
882 /* Buffer Management */
883 if (!TEST_true(SSL_alloc_buffers(ssl))
884 || !TEST_false(SSL_free_buffers(ssl)))
885 goto err;
886
887 /* Pipelining */
888 if (!TEST_false(SSL_set_max_send_fragment(ssl, 2))
889 || !TEST_false(SSL_set_split_send_fragment(ssl, 2))
890 || !TEST_false(SSL_set_max_pipelines(ssl, 2)))
891 goto err;
892
893 /* HRR */
894 if (!TEST_false(SSL_stateless(ssl)))
895 goto err;
896
897 /* Quiet Shutdown */
898 if (!TEST_false(SSL_get_quiet_shutdown(ssl)))
899 goto err;
900
901 /* No duplication */
902 if (!TEST_ptr_null(SSL_dup(ssl)))
903 goto err;
904
905 /* No clear */
906 if (!TEST_false(SSL_clear(ssl)))
907 goto err;
908
909 testresult = 1;
910 err:
911 SSL_free(ssl);
912 SSL_CTX_free(ctx);
913 return testresult;
914 }
915
test_quic_set_fd(int idx)916 static int test_quic_set_fd(int idx)
917 {
918 int testresult = 0;
919 SSL_CTX *ctx = NULL;
920 SSL *ssl = NULL;
921 int fd = -1, resfd = -1;
922 BIO *bio = NULL;
923
924 if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
925 goto err;
926
927 if (!TEST_ptr(ssl = SSL_new(ctx)))
928 goto err;
929
930 if (!TEST_int_ge(fd = BIO_socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP, 0), 0))
931 goto err;
932
933 if (idx == 0) {
934 if (!TEST_true(SSL_set_fd(ssl, fd)))
935 goto err;
936 if (!TEST_ptr(bio = SSL_get_rbio(ssl)))
937 goto err;
938 if (!TEST_ptr_eq(bio, SSL_get_wbio(ssl)))
939 goto err;
940 } else if (idx == 1) {
941 if (!TEST_true(SSL_set_rfd(ssl, fd)))
942 goto err;
943 if (!TEST_ptr(bio = SSL_get_rbio(ssl)))
944 goto err;
945 if (!TEST_ptr_null(SSL_get_wbio(ssl)))
946 goto err;
947 } else {
948 if (!TEST_true(SSL_set_wfd(ssl, fd)))
949 goto err;
950 if (!TEST_ptr(bio = SSL_get_wbio(ssl)))
951 goto err;
952 if (!TEST_ptr_null(SSL_get_rbio(ssl)))
953 goto err;
954 }
955
956 if (!TEST_int_eq(BIO_method_type(bio), BIO_TYPE_DGRAM))
957 goto err;
958
959 if (!TEST_true(BIO_get_fd(bio, &resfd))
960 || !TEST_int_eq(resfd, fd))
961 goto err;
962
963 testresult = 1;
964 err:
965 SSL_free(ssl);
966 SSL_CTX_free(ctx);
967 if (fd >= 0)
968 BIO_closesocket(fd);
969 return testresult;
970 }
971
972 #define MAXLOOPS 1000
973
test_bio_ssl(void)974 static int test_bio_ssl(void)
975 {
976 /*
977 * We just use OSSL_QUIC_client_method() rather than
978 * OSSL_QUIC_client_thread_method(). We will never leave the connection idle
979 * so we will always be implicitly handling time events anyway via other
980 * IO calls.
981 */
982 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
983 SSL *clientquic = NULL, *stream = NULL;
984 QUIC_TSERVER *qtserv = NULL;
985 int testresult = 0;
986 BIO *cbio = NULL, *strbio = NULL, *thisbio;
987 const char *msg = "Hello world";
988 int abortctr = 0, err, clienterr = 0, servererr = 0, retc = 0, rets = 0;
989 size_t written, readbytes, msglen;
990 int sid = 0, i;
991 unsigned char buf[80];
992
993 if (!TEST_ptr(cctx))
994 goto err;
995
996 cbio = BIO_new_ssl(cctx, 1);
997 if (!TEST_ptr(cbio))
998 goto err;
999
1000 /*
1001 * We must configure the ALPN/peer address etc so we get the SSL object in
1002 * order to pass it to qtest_create_quic_objects for configuration.
1003 */
1004 if (!TEST_int_eq(BIO_get_ssl(cbio, &clientquic), 1))
1005 goto err;
1006
1007 if (!TEST_true(qtest_create_quic_objects(libctx, NULL, NULL, cert, privkey,
1008 QTEST_FLAG_FAKE_TIME, &qtserv,
1009 &clientquic, NULL, NULL)))
1010 goto err;
1011
1012 msglen = strlen(msg);
1013
1014 do {
1015 err = BIO_FLAGS_WRITE;
1016 while (!clienterr && !retc && err == BIO_FLAGS_WRITE) {
1017 retc = BIO_write_ex(cbio, msg, msglen, &written);
1018 if (!retc) {
1019 if (BIO_should_retry(cbio))
1020 err = BIO_retry_type(cbio);
1021 else
1022 err = 0;
1023 }
1024 }
1025
1026 if (!clienterr && retc <= 0 && err != BIO_FLAGS_READ) {
1027 TEST_info("BIO_write_ex() failed %d, %d", retc, err);
1028 TEST_openssl_errors();
1029 clienterr = 1;
1030 }
1031
1032 if (!servererr && rets <= 0) {
1033 ossl_quic_tserver_tick(qtserv);
1034 qtest_add_time(100);
1035 servererr = ossl_quic_tserver_is_term_any(qtserv);
1036 if (!servererr)
1037 rets = ossl_quic_tserver_is_handshake_confirmed(qtserv);
1038 }
1039
1040 if (clienterr && servererr)
1041 goto err;
1042
1043 if (++abortctr == MAXLOOPS) {
1044 TEST_info("No progress made");
1045 goto err;
1046 }
1047 } while ((!retc && !clienterr) || (rets <= 0 && !servererr));
1048
1049 /*
1050 * 2 loops: The first using the default stream, and the second using a new
1051 * client initiated bidi stream.
1052 */
1053 for (i = 0, thisbio = cbio; i < 2; i++) {
1054 if (!TEST_true(ossl_quic_tserver_read(qtserv, sid, buf, sizeof(buf),
1055 &readbytes))
1056 || !TEST_mem_eq(msg, msglen, buf, readbytes))
1057 goto err;
1058
1059 if (!TEST_true(ossl_quic_tserver_write(qtserv, sid, (unsigned char *)msg,
1060 msglen, &written)))
1061 goto err;
1062 ossl_quic_tserver_tick(qtserv);
1063
1064 if (!TEST_true(BIO_read_ex(thisbio, buf, sizeof(buf), &readbytes))
1065 || !TEST_mem_eq(msg, msglen, buf, readbytes))
1066 goto err;
1067
1068 if (i == 1)
1069 break;
1070
1071 if (!TEST_true(SSL_set_mode(clientquic, 0)))
1072 goto err;
1073
1074 /*
1075 * Now create a new stream and repeat. The bottom two bits of the stream
1076 * id represents whether the stream is bidi and whether it is client
1077 * initiated or not. For client initiated bidi they are both 0. So the
1078 * first client initiated bidi stream is 0 and the next one is 4.
1079 */
1080 sid = 4;
1081 stream = SSL_new_stream(clientquic, 0);
1082 if (!TEST_ptr(stream))
1083 goto err;
1084
1085 if (!TEST_true(SSL_set_mode(stream, 0)))
1086 goto err;
1087
1088 thisbio = strbio = BIO_new(BIO_f_ssl());
1089 if (!TEST_ptr(strbio))
1090 goto err;
1091
1092 if (!TEST_int_eq(BIO_set_ssl(thisbio, stream, BIO_CLOSE), 1))
1093 goto err;
1094 stream = NULL;
1095
1096 if (!TEST_true(BIO_write_ex(thisbio, msg, msglen, &written)))
1097 goto err;
1098
1099 ossl_quic_tserver_tick(qtserv);
1100 }
1101
1102 testresult = 1;
1103 err:
1104 BIO_free_all(cbio);
1105 BIO_free_all(strbio);
1106 SSL_free(stream);
1107 ossl_quic_tserver_free(qtserv);
1108 SSL_CTX_free(cctx);
1109
1110 return testresult;
1111 }
1112
1113 #define BACK_PRESSURE_NUM_LOOPS 10000
1114 /*
1115 * Test that sending data from the client to the server faster than the server
1116 * can process it eventually results in back pressure on the client.
1117 */
test_back_pressure(void)1118 static int test_back_pressure(void)
1119 {
1120 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1121 SSL *clientquic = NULL;
1122 QUIC_TSERVER *qtserv = NULL;
1123 int testresult = 0;
1124 unsigned char *msg = NULL;
1125 const size_t msglen = 1024;
1126 unsigned char buf[64];
1127 size_t readbytes, written;
1128 int i;
1129
1130 if (!TEST_ptr(cctx)
1131 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
1132 privkey, 0, &qtserv,
1133 &clientquic, NULL, NULL))
1134 || !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1135 goto err;
1136
1137 msg = OPENSSL_malloc(msglen);
1138 if (!TEST_ptr(msg))
1139 goto err;
1140 if (!TEST_int_eq(RAND_bytes_ex(libctx, msg, msglen, 0), 1))
1141 goto err;
1142
1143 /*
1144 * Limit to 10000 loops. If we've not seen any back pressure after that
1145 * we're going to run out of memory, so abort.
1146 */
1147 for (i = 0; i < BACK_PRESSURE_NUM_LOOPS; i++) {
1148 /* Send data from the client */
1149 if (!SSL_write_ex(clientquic, msg, msglen, &written)) {
1150 /* Check if we are seeing back pressure */
1151 if (SSL_get_error(clientquic, 0) == SSL_ERROR_WANT_WRITE)
1152 break;
1153 TEST_error("Unexpected client failure");
1154 goto err;
1155 }
1156
1157 /* Receive data at the server */
1158 ossl_quic_tserver_tick(qtserv);
1159 if (!TEST_true(ossl_quic_tserver_read(qtserv, 0, buf, sizeof(buf),
1160 &readbytes)))
1161 goto err;
1162 }
1163
1164 if (i == BACK_PRESSURE_NUM_LOOPS) {
1165 TEST_error("No back pressure seen");
1166 goto err;
1167 }
1168
1169 testresult = 1;
1170 err:
1171 SSL_free(clientquic);
1172 ossl_quic_tserver_free(qtserv);
1173 SSL_CTX_free(cctx);
1174 OPENSSL_free(msg);
1175
1176 return testresult;
1177 }
1178
1179
1180 static int dgram_ctr = 0;
1181
dgram_cb(int write_p,int version,int content_type,const void * buf,size_t msglen,SSL * ssl,void * arg)1182 static void dgram_cb(int write_p, int version, int content_type,
1183 const void *buf, size_t msglen, SSL *ssl, void *arg)
1184 {
1185 if (!write_p)
1186 return;
1187
1188 if (content_type != SSL3_RT_QUIC_DATAGRAM)
1189 return;
1190
1191 dgram_ctr++;
1192 }
1193
1194 /* Test that we send multiple datagrams in one go when appropriate */
test_multiple_dgrams(void)1195 static int test_multiple_dgrams(void)
1196 {
1197 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1198 SSL *clientquic = NULL;
1199 QUIC_TSERVER *qtserv = NULL;
1200 int testresult = 0;
1201 unsigned char *buf;
1202 const size_t buflen = 1400;
1203 size_t written;
1204
1205 buf = OPENSSL_zalloc(buflen);
1206
1207 if (!TEST_ptr(cctx)
1208 || !TEST_ptr(buf)
1209 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
1210 privkey, 0, &qtserv,
1211 &clientquic, NULL, NULL))
1212 || !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1213 goto err;
1214
1215 dgram_ctr = 0;
1216 SSL_set_msg_callback(clientquic, dgram_cb);
1217 if (!TEST_true(SSL_write_ex(clientquic, buf, buflen, &written))
1218 || !TEST_size_t_eq(written, buflen)
1219 /* We wrote enough data for 2 datagrams */
1220 || !TEST_int_eq(dgram_ctr, 2))
1221 goto err;
1222
1223 testresult = 1;
1224 err:
1225 OPENSSL_free(buf);
1226 SSL_free(clientquic);
1227 ossl_quic_tserver_free(qtserv);
1228 SSL_CTX_free(cctx);
1229
1230 return testresult;
1231 }
1232
non_io_retry_cert_verify_cb(X509_STORE_CTX * ctx,void * arg)1233 static int non_io_retry_cert_verify_cb(X509_STORE_CTX *ctx, void *arg)
1234 {
1235 int idx = SSL_get_ex_data_X509_STORE_CTX_idx();
1236 SSL *ssl;
1237 const int *allow = (int *)arg;
1238
1239 /* this should not happen but check anyway */
1240 if (idx < 0
1241 || (ssl = X509_STORE_CTX_get_ex_data(ctx, idx)) == NULL)
1242 return 0;
1243
1244 /* If this is our first attempt then retry */
1245 if (*allow == 0)
1246 return SSL_set_retry_verify(ssl);
1247
1248 /* Otherwise do nothing - verification succeeds. Continue as normal */
1249 return 1;
1250 }
1251
1252 /* Test that we can handle a non-io related retry error
1253 * Test 0: Non-blocking
1254 * Test 1: Blocking
1255 */
test_non_io_retry(int idx)1256 static int test_non_io_retry(int idx)
1257 {
1258 SSL_CTX *cctx;
1259 SSL *clientquic = NULL;
1260 QUIC_TSERVER *qtserv = NULL;
1261 int testresult = 0;
1262 int flags = 0, allow = 0;
1263
1264 if (idx >= 1 && !qtest_supports_blocking())
1265 return TEST_skip("Blocking tests not supported in this build");
1266
1267 cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1268 if (!TEST_ptr(cctx))
1269 goto err;
1270
1271 SSL_CTX_set_cert_verify_callback(cctx, non_io_retry_cert_verify_cb, &allow);
1272
1273 flags = (idx >= 1) ? QTEST_FLAG_BLOCK : 0;
1274 if (!TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert, privkey,
1275 flags, &qtserv, &clientquic, NULL,
1276 NULL))
1277 || !TEST_true(qtest_create_quic_connection_ex(qtserv, clientquic,
1278 SSL_ERROR_WANT_RETRY_VERIFY))
1279 || !TEST_int_eq(SSL_want(clientquic), SSL_RETRY_VERIFY))
1280 goto err;
1281
1282 allow = 1;
1283 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1284 goto err;
1285
1286 testresult = 1;
1287 err:
1288 SSL_free(clientquic);
1289 ossl_quic_tserver_free(qtserv);
1290 SSL_CTX_free(cctx);
1291
1292 return testresult;
1293 }
1294
1295 static int use_session_cb_cnt = 0;
1296 static int find_session_cb_cnt = 0;
1297 static const char *pskid = "Identity";
1298 static SSL_SESSION *serverpsk = NULL, *clientpsk = NULL;
1299
use_session_cb(SSL * ssl,const EVP_MD * md,const unsigned char ** id,size_t * idlen,SSL_SESSION ** sess)1300 static int use_session_cb(SSL *ssl, const EVP_MD *md, const unsigned char **id,
1301 size_t *idlen, SSL_SESSION **sess)
1302 {
1303 use_session_cb_cnt++;
1304
1305 if (clientpsk == NULL || !SSL_SESSION_up_ref(clientpsk))
1306 return 0;
1307
1308 *sess = clientpsk;
1309 *id = (const unsigned char *)pskid;
1310 *idlen = strlen(pskid);
1311
1312 return 1;
1313 }
1314
find_session_cb(SSL * ssl,const unsigned char * identity,size_t identity_len,SSL_SESSION ** sess)1315 static int find_session_cb(SSL *ssl, const unsigned char *identity,
1316 size_t identity_len, SSL_SESSION **sess)
1317 {
1318 find_session_cb_cnt++;
1319
1320 if (serverpsk == NULL || !SSL_SESSION_up_ref(serverpsk))
1321 return 0;
1322
1323 /* Identity should match that set by the client */
1324 if (strlen(pskid) != identity_len
1325 || strncmp(pskid, (const char *)identity, identity_len) != 0) {
1326 SSL_SESSION_free(serverpsk);
1327 return 0;
1328 }
1329
1330 *sess = serverpsk;
1331
1332 return 1;
1333 }
1334
test_quic_psk(void)1335 static int test_quic_psk(void)
1336 {
1337 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1338 SSL *clientquic = NULL;
1339 QUIC_TSERVER *qtserv = NULL;
1340 int testresult = 0;
1341
1342 if (!TEST_ptr(cctx)
1343 /* No cert or private key for the server, i.e. PSK only */
1344 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, NULL,
1345 NULL, 0, &qtserv,
1346 &clientquic, NULL, NULL)))
1347 goto end;
1348
1349 SSL_set_psk_use_session_callback(clientquic, use_session_cb);
1350 ossl_quic_tserver_set_psk_find_session_cb(qtserv, find_session_cb);
1351 use_session_cb_cnt = 0;
1352 find_session_cb_cnt = 0;
1353
1354 clientpsk = serverpsk = create_a_psk(clientquic, SHA384_DIGEST_LENGTH);
1355 /* We already had one ref. Add another one */
1356 if (!TEST_ptr(clientpsk) || !TEST_true(SSL_SESSION_up_ref(clientpsk)))
1357 goto end;
1358
1359 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic))
1360 || !TEST_int_eq(1, find_session_cb_cnt)
1361 || !TEST_int_eq(1, use_session_cb_cnt)
1362 /* Check that we actually used the PSK */
1363 || !TEST_true(SSL_session_reused(clientquic)))
1364 goto end;
1365
1366 testresult = 1;
1367
1368 end:
1369 SSL_free(clientquic);
1370 ossl_quic_tserver_free(qtserv);
1371 SSL_CTX_free(cctx);
1372 SSL_SESSION_free(clientpsk);
1373 SSL_SESSION_free(serverpsk);
1374 clientpsk = serverpsk = NULL;
1375
1376 return testresult;
1377 }
1378
test_client_auth(int idx)1379 static int test_client_auth(int idx)
1380 {
1381 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1382 SSL_CTX *sctx = SSL_CTX_new_ex(libctx, NULL, TLS_method());
1383 SSL *clientquic = NULL;
1384 QUIC_TSERVER *qtserv = NULL;
1385 int testresult = 0;
1386 unsigned char buf[20];
1387 static char *msg = "A test message";
1388 size_t msglen = strlen(msg);
1389 size_t numbytes = 0;
1390
1391 if (!TEST_ptr(cctx) || !TEST_ptr(sctx))
1392 goto err;
1393
1394 SSL_CTX_set_verify(sctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT
1395 | SSL_VERIFY_CLIENT_ONCE, NULL);
1396
1397 if (!TEST_true(SSL_CTX_load_verify_file(sctx, cauthca)))
1398 goto err;
1399
1400 if (idx > 0
1401 && (!TEST_true(SSL_CTX_use_certificate_chain_file(cctx, ccert))
1402 || !TEST_true(SSL_CTX_use_PrivateKey_file(cctx, cprivkey,
1403 SSL_FILETYPE_PEM))))
1404 goto err;
1405
1406 if (!TEST_true(qtest_create_quic_objects(libctx, cctx, sctx, cert,
1407 privkey, 0, &qtserv,
1408 &clientquic, NULL, NULL)))
1409 goto err;
1410
1411 if (idx > 1) {
1412 if (!TEST_true(ssl_ctx_add_large_cert_chain(libctx, cctx, ccert))
1413 || !TEST_true(ssl_ctx_add_large_cert_chain(libctx, sctx, cert)))
1414 goto err;
1415 }
1416
1417 if (idx == 0) {
1418 if (!TEST_false(qtest_create_quic_connection(qtserv, clientquic)))
1419 goto err;
1420
1421 /* negative test passed */
1422 testresult = 1;
1423 goto err;
1424 }
1425
1426 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1427 goto err;
1428
1429 /* Check that sending and receiving app data is ok */
1430 if (!TEST_true(SSL_write_ex(clientquic, msg, msglen, &numbytes))
1431 || !TEST_size_t_eq(numbytes, msglen))
1432 goto err;
1433
1434 ossl_quic_tserver_tick(qtserv);
1435 if (!TEST_true(ossl_quic_tserver_write(qtserv, 0,
1436 (unsigned char *)msg,
1437 msglen, &numbytes)))
1438 goto err;
1439
1440 ossl_quic_tserver_tick(qtserv);
1441 SSL_handle_events(clientquic);
1442
1443 if (!TEST_true(SSL_read_ex(clientquic, buf, sizeof(buf), &numbytes))
1444 || !TEST_size_t_eq(numbytes, msglen)
1445 || !TEST_mem_eq(buf, numbytes, msg, msglen))
1446 goto err;
1447
1448 if (!TEST_true(qtest_shutdown(qtserv, clientquic)))
1449 goto err;
1450
1451 testresult = 1;
1452
1453 err:
1454 SSL_free(clientquic);
1455 ossl_quic_tserver_free(qtserv);
1456 SSL_CTX_free(sctx);
1457 SSL_CTX_free(cctx);
1458
1459 return testresult;
1460 }
1461
1462 /*
1463 * Test that we correctly handle ALPN supplied by the application
1464 * Test 0: ALPN is provided
1465 * Test 1: No ALPN is provided
1466 */
test_alpn(int idx)1467 static int test_alpn(int idx)
1468 {
1469 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1470 SSL *clientquic = NULL;
1471 QUIC_TSERVER *qtserv = NULL;
1472 int testresult = 0;
1473 int ret;
1474
1475 /*
1476 * Ensure we only configure ciphersuites that are available with both the
1477 * default and fips providers to get the same output in both cases
1478 */
1479 if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_128_GCM_SHA256")))
1480 goto err;
1481
1482 if (!TEST_ptr(cctx)
1483 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
1484 privkey,
1485 QTEST_FLAG_FAKE_TIME,
1486 &qtserv,
1487 &clientquic, NULL, NULL)))
1488 goto err;
1489
1490 if (idx == 0) {
1491 /*
1492 * Clear the ALPN we set in qtest_create_quic_objects. We use TEST_false
1493 * because SSL_set_alpn_protos returns 0 for success.
1494 */
1495 if (!TEST_false(SSL_set_alpn_protos(clientquic, NULL, 0)))
1496 goto err;
1497 }
1498
1499 ret = SSL_connect(clientquic);
1500 if (!TEST_int_le(ret, 0))
1501 goto err;
1502 if (idx == 0) {
1503 /* We expect an immediate error due to lack of ALPN */
1504 if (!TEST_int_eq(SSL_get_error(clientquic, ret), SSL_ERROR_SSL))
1505 goto err;
1506 } else {
1507 /* ALPN was provided so we expect the connection to succeed */
1508 if (!TEST_int_eq(SSL_get_error(clientquic, ret), SSL_ERROR_WANT_READ)
1509 || !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1510 goto err;
1511 }
1512
1513 testresult = 1;
1514 err:
1515 ossl_quic_tserver_free(qtserv);
1516 SSL_free(clientquic);
1517 SSL_CTX_free(cctx);
1518
1519 return testresult;
1520 }
1521
1522 /*
1523 * Test SSL_get_shutdown() behavior.
1524 */
test_get_shutdown(void)1525 static int test_get_shutdown(void)
1526 {
1527 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1528 SSL *clientquic = NULL;
1529 QUIC_TSERVER *qtserv = NULL;
1530 int testresult = 0;
1531
1532 if (!TEST_ptr(cctx)
1533 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
1534 privkey,
1535 QTEST_FLAG_FAKE_TIME,
1536 &qtserv, &clientquic,
1537 NULL, NULL))
1538 || !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1539 goto err;
1540
1541 if (!TEST_int_eq(SSL_get_shutdown(clientquic), 0))
1542 goto err;
1543
1544 if (!TEST_int_eq(SSL_shutdown(clientquic), 0))
1545 goto err;
1546
1547 if (!TEST_int_eq(SSL_get_shutdown(clientquic), SSL_SENT_SHUTDOWN))
1548 goto err;
1549
1550 do {
1551 ossl_quic_tserver_tick(qtserv);
1552 qtest_add_time(100);
1553 } while (SSL_shutdown(clientquic) == 0);
1554
1555 if (!TEST_int_eq(SSL_get_shutdown(clientquic),
1556 SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN))
1557 goto err;
1558
1559 testresult = 1;
1560 err:
1561 ossl_quic_tserver_free(qtserv);
1562 SSL_free(clientquic);
1563 SSL_CTX_free(cctx);
1564
1565 return testresult;
1566 }
1567
1568 #define MAX_LOOPS 2000
1569
1570 /*
1571 * Keep retrying SSL_read_ex until it succeeds or we give up. Accept a stream
1572 * if we don't already have one
1573 */
unreliable_client_read(SSL * clientquic,SSL ** stream,void * buf,size_t buflen,size_t * readbytes,QUIC_TSERVER * qtserv)1574 static int unreliable_client_read(SSL *clientquic, SSL **stream, void *buf,
1575 size_t buflen, size_t *readbytes,
1576 QUIC_TSERVER *qtserv)
1577 {
1578 int abortctr;
1579
1580 /* We just do this in a loop with a sleep for simplicity */
1581 for (abortctr = 0; abortctr < MAX_LOOPS; abortctr++) {
1582 if (*stream == NULL) {
1583 SSL_handle_events(clientquic);
1584 *stream = SSL_accept_stream(clientquic, 0);
1585 }
1586
1587 if (*stream != NULL) {
1588 if (SSL_read_ex(*stream, buf, buflen, readbytes))
1589 return 1;
1590 if (!TEST_int_eq(SSL_get_error(*stream, 0), SSL_ERROR_WANT_READ))
1591 return 0;
1592 }
1593 ossl_quic_tserver_tick(qtserv);
1594 qtest_add_time(1);
1595 qtest_wait_for_timeout(clientquic, qtserv);
1596 }
1597
1598 TEST_error("No progress made");
1599 return 0;
1600 }
1601
1602 /* Keep retrying ossl_quic_tserver_read until it succeeds or we give up */
unreliable_server_read(QUIC_TSERVER * qtserv,uint64_t sid,void * buf,size_t buflen,size_t * readbytes,SSL * clientquic)1603 static int unreliable_server_read(QUIC_TSERVER *qtserv, uint64_t sid,
1604 void *buf, size_t buflen, size_t *readbytes,
1605 SSL *clientquic)
1606 {
1607 int abortctr;
1608
1609 /* We just do this in a loop with a sleep for simplicity */
1610 for (abortctr = 0; abortctr < MAX_LOOPS; abortctr++) {
1611 if (ossl_quic_tserver_read(qtserv, sid, buf, buflen, readbytes)
1612 && *readbytes > 1)
1613 return 1;
1614 ossl_quic_tserver_tick(qtserv);
1615 SSL_handle_events(clientquic);
1616 qtest_add_time(1);
1617 qtest_wait_for_timeout(clientquic, qtserv);
1618 }
1619
1620 TEST_error("No progress made");
1621 return 0;
1622 }
1623
1624 /*
1625 * Create a connection and send data using an unreliable transport. We introduce
1626 * random noise to drop, delay and duplicate datagrams.
1627 * Test 0: Introduce random noise to datagrams
1628 * Test 1: As with test 0 but also split datagrams containing multiple packets
1629 * into individual datagrams so that individual packets can be affected
1630 * by noise - not just a whole datagram.
1631 */
test_noisy_dgram(int idx)1632 static int test_noisy_dgram(int idx)
1633 {
1634 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1635 SSL *clientquic = NULL, *stream[2] = { NULL, NULL };
1636 QUIC_TSERVER *qtserv = NULL;
1637 int testresult = 0;
1638 uint64_t sid = 0;
1639 char *msg = "Hello world!";
1640 size_t msglen = strlen(msg), written, readbytes, i, j;
1641 unsigned char buf[80];
1642 int flags = QTEST_FLAG_NOISE | QTEST_FLAG_FAKE_TIME;
1643 QTEST_FAULT *fault = NULL;
1644
1645 if (idx == 1)
1646 flags |= QTEST_FLAG_PACKET_SPLIT;
1647
1648 if (!TEST_ptr(cctx)
1649 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
1650 privkey, flags,
1651 &qtserv,
1652 &clientquic, &fault, NULL)))
1653 goto err;
1654
1655 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1656 goto err;
1657
1658 if (!TEST_true(SSL_set_incoming_stream_policy(clientquic,
1659 SSL_INCOMING_STREAM_POLICY_ACCEPT,
1660 0))
1661 || !TEST_true(SSL_set_default_stream_mode(clientquic,
1662 SSL_DEFAULT_STREAM_MODE_NONE)))
1663 goto err;
1664
1665 for (j = 0; j < 2; j++) {
1666 if (!TEST_true(ossl_quic_tserver_stream_new(qtserv, 0, &sid)))
1667 goto err;
1668 ossl_quic_tserver_tick(qtserv);
1669 qtest_add_time(1);
1670
1671 /*
1672 * Send data from the server to the client. Some datagrams may get
1673 * lost, modified, dropped or re-ordered. We repeat 20 times to ensure
1674 * we are sending enough datagrams for problems to be noticed.
1675 */
1676 for (i = 0; i < 20; i++) {
1677 if (!TEST_true(ossl_quic_tserver_write(qtserv, sid,
1678 (unsigned char *)msg, msglen,
1679 &written))
1680 || !TEST_size_t_eq(msglen, written))
1681 goto err;
1682 ossl_quic_tserver_tick(qtserv);
1683 qtest_add_time(1);
1684
1685 /*
1686 * Since the underlying BIO is now noisy we may get failures that
1687 * need to be retried - so we use unreliable_client_read() to
1688 * handle that
1689 */
1690 if (!TEST_true(unreliable_client_read(clientquic, &stream[j], buf,
1691 sizeof(buf), &readbytes,
1692 qtserv))
1693 || !TEST_mem_eq(msg, msglen, buf, readbytes))
1694 goto err;
1695 }
1696
1697 /* Send data from the client to the server */
1698 for (i = 0; i < 20; i++) {
1699 if (!TEST_true(SSL_write_ex(stream[j], (unsigned char *)msg,
1700 msglen, &written))
1701 || !TEST_size_t_eq(msglen, written))
1702 goto err;
1703
1704 ossl_quic_tserver_tick(qtserv);
1705 qtest_add_time(1);
1706
1707 /*
1708 * Since the underlying BIO is now noisy we may get failures that
1709 * need to be retried - so we use unreliable_server_read() to
1710 * handle that
1711 */
1712 if (!TEST_true(unreliable_server_read(qtserv, sid, buf, sizeof(buf),
1713 &readbytes, clientquic))
1714 || !TEST_mem_eq(msg, msglen, buf, readbytes))
1715 goto err;
1716 }
1717 }
1718
1719 testresult = 1;
1720 err:
1721 ossl_quic_tserver_free(qtserv);
1722 SSL_free(stream[0]);
1723 SSL_free(stream[1]);
1724 SSL_free(clientquic);
1725 SSL_CTX_free(cctx);
1726 qtest_fault_free(fault);
1727
1728 return testresult;
1729 }
1730
1731 /*
1732 * Create a connection and send some big data using a transport with limited bandwidth.
1733 */
1734
1735 #define TEST_TRANSFER_DATA_SIZE (2*1024*1024) /* 2 MBytes */
1736 #define TEST_SINGLE_WRITE_SIZE (16*1024) /* 16 kBytes */
1737 #define TEST_BW_LIMIT 1000 /* 1000 Bytes/ms */
test_bw_limit(void)1738 static int test_bw_limit(void)
1739 {
1740 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1741 SSL *clientquic = NULL;
1742 QUIC_TSERVER *qtserv = NULL;
1743 int testresult = 0;
1744 unsigned char *msg = NULL, *recvbuf = NULL;
1745 size_t sendlen = TEST_TRANSFER_DATA_SIZE;
1746 size_t recvlen = TEST_TRANSFER_DATA_SIZE;
1747 size_t written, readbytes;
1748 int flags = QTEST_FLAG_NOISE | QTEST_FLAG_FAKE_TIME;
1749 QTEST_FAULT *fault = NULL;
1750 uint64_t real_bw;
1751
1752 if (!TEST_ptr(cctx)
1753 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
1754 privkey, flags,
1755 &qtserv,
1756 &clientquic, &fault, NULL)))
1757 goto err;
1758
1759 if (!TEST_ptr(msg = OPENSSL_zalloc(TEST_SINGLE_WRITE_SIZE))
1760 || !TEST_ptr(recvbuf = OPENSSL_zalloc(TEST_SINGLE_WRITE_SIZE)))
1761 goto err;
1762
1763 /* Set BW to 1000 Bytes/ms -> 1MByte/s both ways */
1764 if (!TEST_true(qtest_fault_set_bw_limit(fault, 1000, 1000, 0)))
1765 goto err;
1766
1767 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1768 goto err;
1769
1770 qtest_start_stopwatch();
1771
1772 while (recvlen > 0) {
1773 qtest_add_time(1);
1774
1775 if (sendlen > 0) {
1776 if (!SSL_write_ex(clientquic, msg,
1777 sendlen > TEST_SINGLE_WRITE_SIZE ? TEST_SINGLE_WRITE_SIZE
1778 : sendlen,
1779 &written)) {
1780 TEST_info("Retrying to send: %llu", (unsigned long long) sendlen);
1781 if (!TEST_int_eq(SSL_get_error(clientquic, 0), SSL_ERROR_WANT_WRITE))
1782 goto err;
1783 } else {
1784 sendlen -= written;
1785 TEST_info("Remaining to send: %llu", (unsigned long long) sendlen);
1786 }
1787 } else {
1788 SSL_handle_events(clientquic);
1789 }
1790
1791 if (ossl_quic_tserver_read(qtserv, 0, recvbuf,
1792 recvlen > TEST_SINGLE_WRITE_SIZE ? TEST_SINGLE_WRITE_SIZE
1793 : recvlen,
1794 &readbytes)
1795 && readbytes > 1) {
1796 recvlen -= readbytes;
1797 TEST_info("Remaining to recv: %llu", (unsigned long long) recvlen);
1798 } else {
1799 TEST_info("No progress on recv: %llu", (unsigned long long) recvlen);
1800 }
1801 ossl_quic_tserver_tick(qtserv);
1802 }
1803 real_bw = TEST_TRANSFER_DATA_SIZE / qtest_get_stopwatch_time();
1804
1805 TEST_info("BW limit: %d Bytes/ms Real bandwidth reached: %llu Bytes/ms",
1806 TEST_BW_LIMIT, (unsigned long long)real_bw);
1807
1808 if (!TEST_uint64_t_lt(real_bw, TEST_BW_LIMIT))
1809 goto err;
1810
1811 testresult = 1;
1812 err:
1813 OPENSSL_free(msg);
1814 OPENSSL_free(recvbuf);
1815 ossl_quic_tserver_free(qtserv);
1816 SSL_free(clientquic);
1817 SSL_CTX_free(cctx);
1818 qtest_fault_free(fault);
1819
1820 return testresult;
1821 }
1822
1823 enum {
1824 TPARAM_OP_DUP,
1825 TPARAM_OP_DROP,
1826 TPARAM_OP_INJECT,
1827 TPARAM_OP_INJECT_TWICE,
1828 TPARAM_OP_INJECT_RAW,
1829 TPARAM_OP_DROP_INJECT,
1830 TPARAM_OP_MUTATE
1831 };
1832
1833 #define TPARAM_CHECK_DUP(name, reason) \
1834 { QUIC_TPARAM_##name, TPARAM_OP_DUP, (reason) },
1835 #define TPARAM_CHECK_DROP(name, reason) \
1836 { QUIC_TPARAM_##name, TPARAM_OP_DROP, (reason) },
1837 #define TPARAM_CHECK_INJECT(name, buf, buf_len, reason) \
1838 { QUIC_TPARAM_##name, TPARAM_OP_INJECT, (reason), \
1839 (buf), (buf_len) },
1840 #define TPARAM_CHECK_INJECT_A(name, buf, reason) \
1841 TPARAM_CHECK_INJECT(name, buf, sizeof(buf), reason)
1842 #define TPARAM_CHECK_DROP_INJECT(name, buf, buf_len, reason) \
1843 { QUIC_TPARAM_##name, TPARAM_OP_DROP_INJECT, (reason), \
1844 (buf), (buf_len) },
1845 #define TPARAM_CHECK_DROP_INJECT_A(name, buf, reason) \
1846 TPARAM_CHECK_DROP_INJECT(name, buf, sizeof(buf), reason)
1847 #define TPARAM_CHECK_INJECT_TWICE(name, buf, buf_len, reason) \
1848 { QUIC_TPARAM_##name, TPARAM_OP_INJECT_TWICE, (reason), \
1849 (buf), (buf_len) },
1850 #define TPARAM_CHECK_INJECT_TWICE_A(name, buf, reason) \
1851 TPARAM_CHECK_INJECT_TWICE(name, buf, sizeof(buf), reason)
1852 #define TPARAM_CHECK_INJECT_RAW(buf, buf_len, reason) \
1853 { 0, TPARAM_OP_INJECT_RAW, (reason), \
1854 (buf), (buf_len) },
1855 #define TPARAM_CHECK_INJECT_RAW_A(buf, reason) \
1856 TPARAM_CHECK_INJECT_RAW(buf, sizeof(buf), reason)
1857 #define TPARAM_CHECK_MUTATE(name, reason) \
1858 { QUIC_TPARAM_##name, TPARAM_OP_MUTATE, (reason) },
1859 #define TPARAM_CHECK_INT(name, reason) \
1860 TPARAM_CHECK_DROP_INJECT(name, NULL, 0, reason) \
1861 TPARAM_CHECK_DROP_INJECT_A(name, bogus_int, reason) \
1862 TPARAM_CHECK_DROP_INJECT_A(name, int_with_trailer, reason)
1863
1864 struct tparam_test {
1865 uint64_t id;
1866 int op;
1867 const char *expect_fail; /* substring to expect in reason */
1868 const void *buf;
1869 size_t buf_len;
1870 };
1871
1872
1873 static const unsigned char disable_active_migration_1[] = {
1874 0x00
1875 };
1876
1877 static const unsigned char malformed_stateless_reset_token_1[] = {
1878 0x02, 0xff
1879 };
1880
1881 static const unsigned char malformed_stateless_reset_token_2[] = {
1882 0x01
1883 };
1884
1885 static const unsigned char malformed_stateless_reset_token_3[15] = { 0 };
1886
1887 static const unsigned char malformed_stateless_reset_token_4[17] = { 0 };
1888
1889 static const unsigned char malformed_preferred_addr_1[] = {
1890 0x0d, 0xff
1891 };
1892
1893 static const unsigned char malformed_preferred_addr_2[42] = {
1894 0x0d, 0x28, /* too short */
1895 };
1896
1897 static const unsigned char malformed_preferred_addr_3[64] = {
1898 0x0d, 0x3e, /* too long */
1899 };
1900
1901 static const unsigned char malformed_preferred_addr_4[] = {
1902 /* TPARAM too short for CID length indicated */
1903 0x0d, 0x29, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1904 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1905 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1906 0x00, 0x00, 0x01, 0x55,
1907 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1908 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1909 };
1910
1911 static const unsigned char malformed_unknown_1[] = {
1912 0xff
1913 };
1914
1915 static const unsigned char malformed_unknown_2[] = {
1916 0x55, 0x55,
1917 };
1918
1919 static const unsigned char malformed_unknown_3[] = {
1920 0x55, 0x55, 0x01,
1921 };
1922
1923 static const unsigned char ack_delay_exp[] = {
1924 0x03
1925 };
1926
1927 static const unsigned char stateless_reset_token[16] = { 0x42 };
1928
1929 static const unsigned char preferred_addr[] = {
1930 0x44, 0x44, 0x44, 0x44,
1931 0x55, 0x55,
1932 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
1933 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
1934 0x77, 0x77,
1935 0x02, 0xAA, 0xBB,
1936 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99,
1937 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99,
1938 };
1939
1940 static const unsigned char long_cid[21] = { 0x42 };
1941
1942 static const unsigned char excess_ack_delay_exp[] = {
1943 0x15,
1944 };
1945
1946 static const unsigned char excess_max_ack_delay[] = {
1947 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00,
1948 };
1949
1950 static const unsigned char excess_initial_max_streams[] = {
1951 0xD0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
1952 };
1953
1954 static const unsigned char undersize_udp_payload_size[] = {
1955 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0xaf,
1956 };
1957
1958 static const unsigned char undersize_active_conn_id_limit[] = {
1959 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
1960 };
1961
1962 static const unsigned char bogus_int[9] = { 0 };
1963
1964 static const unsigned char int_with_trailer[2] = { 0x01 };
1965
1966 #define QUIC_TPARAM_UNKNOWN_1 0xf1f1
1967
1968 static const struct tparam_test tparam_tests[] = {
1969 TPARAM_CHECK_DUP(ORIG_DCID,
1970 "ORIG_DCID appears multiple times")
1971 TPARAM_CHECK_DUP(INITIAL_SCID,
1972 "INITIAL_SCID appears multiple times")
1973 TPARAM_CHECK_DUP(INITIAL_MAX_DATA,
1974 "INITIAL_MAX_DATA appears multiple times")
1975 TPARAM_CHECK_DUP(INITIAL_MAX_STREAM_DATA_BIDI_LOCAL,
1976 "INITIAL_MAX_STREAM_DATA_BIDI_LOCAL appears multiple times")
1977 TPARAM_CHECK_DUP(INITIAL_MAX_STREAM_DATA_BIDI_REMOTE,
1978 "INITIAL_MAX_STREAM_DATA_BIDI_REMOTE appears multiple times")
1979 TPARAM_CHECK_DUP(INITIAL_MAX_STREAM_DATA_UNI,
1980 "INITIAL_MAX_STREAM_DATA_UNI appears multiple times")
1981 TPARAM_CHECK_DUP(INITIAL_MAX_STREAMS_BIDI,
1982 "INITIAL_MAX_STREAMS_BIDI appears multiple times")
1983 TPARAM_CHECK_DUP(INITIAL_MAX_STREAMS_UNI,
1984 "INITIAL_MAX_STREAMS_UNI appears multiple times")
1985 TPARAM_CHECK_DUP(MAX_IDLE_TIMEOUT,
1986 "MAX_IDLE_TIMEOUT appears multiple times")
1987 TPARAM_CHECK_DUP(MAX_UDP_PAYLOAD_SIZE,
1988 "MAX_UDP_PAYLOAD_SIZE appears multiple times")
1989 TPARAM_CHECK_DUP(ACTIVE_CONN_ID_LIMIT,
1990 "ACTIVE_CONN_ID_LIMIT appears multiple times")
1991 TPARAM_CHECK_DUP(DISABLE_ACTIVE_MIGRATION,
1992 "DISABLE_ACTIVE_MIGRATION appears multiple times")
1993
1994 TPARAM_CHECK_DROP(INITIAL_SCID,
1995 "INITIAL_SCID was not sent but is required")
1996 TPARAM_CHECK_DROP(ORIG_DCID,
1997 "ORIG_DCID was not sent but is required")
1998
1999 TPARAM_CHECK_DROP_INJECT_A(DISABLE_ACTIVE_MIGRATION, disable_active_migration_1,
2000 "DISABLE_ACTIVE_MIGRATION is malformed")
2001 TPARAM_CHECK_INJECT(UNKNOWN_1, NULL, 0,
2002 NULL)
2003 TPARAM_CHECK_INJECT_RAW_A(malformed_stateless_reset_token_1,
2004 "STATELESS_RESET_TOKEN is malformed")
2005 TPARAM_CHECK_INJECT_A(STATELESS_RESET_TOKEN,
2006 malformed_stateless_reset_token_2,
2007 "STATELESS_RESET_TOKEN is malformed")
2008 TPARAM_CHECK_INJECT_A(STATELESS_RESET_TOKEN,
2009 malformed_stateless_reset_token_3,
2010 "STATELESS_RESET_TOKEN is malformed")
2011 TPARAM_CHECK_INJECT_A(STATELESS_RESET_TOKEN,
2012 malformed_stateless_reset_token_4,
2013 "STATELESS_RESET_TOKEN is malformed")
2014 TPARAM_CHECK_INJECT(STATELESS_RESET_TOKEN,
2015 NULL, 0,
2016 "STATELESS_RESET_TOKEN is malformed")
2017 TPARAM_CHECK_INJECT_RAW_A(malformed_preferred_addr_1,
2018 "PREFERRED_ADDR is malformed")
2019 TPARAM_CHECK_INJECT_RAW_A(malformed_preferred_addr_2,
2020 "PREFERRED_ADDR is malformed")
2021 TPARAM_CHECK_INJECT_RAW_A(malformed_preferred_addr_3,
2022 "PREFERRED_ADDR is malformed")
2023 TPARAM_CHECK_INJECT_RAW_A(malformed_preferred_addr_4,
2024 "PREFERRED_ADDR is malformed")
2025 TPARAM_CHECK_INJECT_RAW_A(malformed_unknown_1,
2026 "bad transport parameter")
2027 TPARAM_CHECK_INJECT_RAW_A(malformed_unknown_2,
2028 "bad transport parameter")
2029 TPARAM_CHECK_INJECT_RAW_A(malformed_unknown_3,
2030 "bad transport parameter")
2031
2032 TPARAM_CHECK_INJECT_A(ACK_DELAY_EXP, excess_ack_delay_exp,
2033 "ACK_DELAY_EXP is malformed")
2034 TPARAM_CHECK_INJECT_A(MAX_ACK_DELAY, excess_max_ack_delay,
2035 "MAX_ACK_DELAY is malformed")
2036 TPARAM_CHECK_DROP_INJECT_A(INITIAL_MAX_STREAMS_BIDI, excess_initial_max_streams,
2037 "INITIAL_MAX_STREAMS_BIDI is malformed")
2038 TPARAM_CHECK_DROP_INJECT_A(INITIAL_MAX_STREAMS_UNI, excess_initial_max_streams,
2039 "INITIAL_MAX_STREAMS_UNI is malformed")
2040
2041 TPARAM_CHECK_DROP_INJECT_A(MAX_UDP_PAYLOAD_SIZE, undersize_udp_payload_size,
2042 "MAX_UDP_PAYLOAD_SIZE is malformed")
2043 TPARAM_CHECK_DROP_INJECT_A(ACTIVE_CONN_ID_LIMIT, undersize_active_conn_id_limit,
2044 "ACTIVE_CONN_ID_LIMIT is malformed")
2045
2046 TPARAM_CHECK_INJECT_TWICE_A(ACK_DELAY_EXP, ack_delay_exp,
2047 "ACK_DELAY_EXP appears multiple times")
2048 TPARAM_CHECK_INJECT_TWICE_A(MAX_ACK_DELAY, ack_delay_exp,
2049 "MAX_ACK_DELAY appears multiple times")
2050 TPARAM_CHECK_INJECT_TWICE_A(STATELESS_RESET_TOKEN, stateless_reset_token,
2051 "STATELESS_RESET_TOKEN appears multiple times")
2052 TPARAM_CHECK_INJECT_TWICE_A(PREFERRED_ADDR, preferred_addr,
2053 "PREFERRED_ADDR appears multiple times")
2054
2055 TPARAM_CHECK_MUTATE(ORIG_DCID,
2056 "ORIG_DCID does not match expected value")
2057 TPARAM_CHECK_MUTATE(INITIAL_SCID,
2058 "INITIAL_SCID does not match expected value")
2059
2060 TPARAM_CHECK_DROP_INJECT_A(ORIG_DCID, long_cid,
2061 "ORIG_DCID is malformed")
2062 TPARAM_CHECK_DROP_INJECT_A(INITIAL_SCID, long_cid,
2063 "INITIAL_SCID is malformed")
2064
2065 TPARAM_CHECK_INT(INITIAL_MAX_DATA,
2066 "INITIAL_MAX_DATA is malformed")
2067 TPARAM_CHECK_INT(INITIAL_MAX_STREAM_DATA_BIDI_LOCAL,
2068 "INITIAL_MAX_STREAM_DATA_BIDI_LOCAL is malformed")
2069 TPARAM_CHECK_INT(INITIAL_MAX_STREAM_DATA_BIDI_REMOTE,
2070 "INITIAL_MAX_STREAM_DATA_BIDI_REMOTE is malformed")
2071 TPARAM_CHECK_INT(INITIAL_MAX_STREAM_DATA_UNI,
2072 "INITIAL_MAX_STREAM_DATA_UNI is malformed")
2073 TPARAM_CHECK_INT(ACK_DELAY_EXP,
2074 "ACK_DELAY_EXP is malformed")
2075 TPARAM_CHECK_INT(MAX_ACK_DELAY,
2076 "MAX_ACK_DELAY is malformed")
2077 TPARAM_CHECK_INT(INITIAL_MAX_STREAMS_BIDI,
2078 "INITIAL_MAX_STREAMS_BIDI is malformed")
2079 TPARAM_CHECK_INT(INITIAL_MAX_STREAMS_UNI,
2080 "INITIAL_MAX_STREAMS_UNI is malformed")
2081 TPARAM_CHECK_INT(MAX_IDLE_TIMEOUT,
2082 "MAX_IDLE_TIMEOUT is malformed")
2083 TPARAM_CHECK_INT(MAX_UDP_PAYLOAD_SIZE,
2084 "MAX_UDP_PAYLOAD_SIZE is malformed")
2085 TPARAM_CHECK_INT(ACTIVE_CONN_ID_LIMIT,
2086 "ACTIVE_CONN_ID_LIMIT is malformed")
2087 };
2088
2089 struct tparam_ctx {
2090 const struct tparam_test *t;
2091 };
2092
tparam_handle(struct tparam_ctx * ctx,uint64_t id,unsigned char * data,size_t data_len,WPACKET * wpkt)2093 static int tparam_handle(struct tparam_ctx *ctx,
2094 uint64_t id, unsigned char *data,
2095 size_t data_len,
2096 WPACKET *wpkt)
2097 {
2098 const struct tparam_test *t = ctx->t;
2099
2100 switch (t->op) {
2101 case TPARAM_OP_DUP:
2102 if (!TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(wpkt, id,
2103 data, data_len)))
2104 return 0;
2105
2106 /*
2107 * If this is the matching ID, write it again, duplicating the TPARAM.
2108 */
2109 if (id == t->id
2110 && !TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(wpkt, id,
2111 data, data_len)))
2112 return 0;
2113
2114 return 1;
2115
2116 case TPARAM_OP_DROP:
2117 case TPARAM_OP_DROP_INJECT:
2118 /* Pass through unless ID matches. */
2119 if (id != t->id
2120 && !TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(wpkt, id,
2121 data, data_len)))
2122 return 0;
2123
2124 return 1;
2125
2126 case TPARAM_OP_INJECT:
2127 case TPARAM_OP_INJECT_TWICE:
2128 case TPARAM_OP_INJECT_RAW:
2129 /* Always pass through. */
2130 if (!TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(wpkt, id,
2131 data, data_len)))
2132 return 0;
2133
2134 return 1;
2135
2136 case TPARAM_OP_MUTATE:
2137 if (id == t->id) {
2138 if (!TEST_size_t_gt(data_len, 0))
2139 return 0;
2140
2141 data[0] ^= 1;
2142 }
2143
2144 if (!TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(wpkt, id,
2145 data, data_len)))
2146 return 0;
2147
2148 if (id == t->id)
2149 data[0] ^= 1;
2150
2151 return 1;
2152
2153 default:
2154 return 0;
2155 }
2156 }
2157
tparam_on_enc_ext(QTEST_FAULT * qtf,QTEST_ENCRYPTED_EXTENSIONS * ee,size_t ee_len,void * arg)2158 static int tparam_on_enc_ext(QTEST_FAULT *qtf, QTEST_ENCRYPTED_EXTENSIONS *ee,
2159 size_t ee_len, void *arg)
2160 {
2161 int rc = 0;
2162 struct tparam_ctx *ctx = arg;
2163 PACKET pkt = {0};
2164 WPACKET wpkt;
2165 int have_wpkt = 0;
2166 BUF_MEM *old_bufm = NULL, *new_bufm = NULL;
2167 unsigned char *tp_p;
2168 size_t tp_len, written, old_len, eb_len;
2169 uint64_t id;
2170
2171 if (!TEST_ptr(old_bufm = BUF_MEM_new()))
2172 goto err;
2173
2174 /*
2175 * Delete transport parameters TLS extension and capture the contents of the
2176 * extension which was removed.
2177 */
2178 if (!TEST_true(qtest_fault_delete_extension(qtf, TLSEXT_TYPE_quic_transport_parameters,
2179 ee->extensions, &ee->extensionslen,
2180 old_bufm)))
2181 goto err;
2182
2183 if (!TEST_true(PACKET_buf_init(&pkt, (unsigned char *)old_bufm->data, old_bufm->length))
2184 || !TEST_ptr(new_bufm = BUF_MEM_new())
2185 || !TEST_true(WPACKET_init(&wpkt, new_bufm)))
2186 goto err;
2187
2188 have_wpkt = 1;
2189
2190 /*
2191 * Open transport parameters TLS extension:
2192 *
2193 * u16 Extension ID (quic_transport_parameters)
2194 * u16 Extension Data Length
2195 * ... Extension Data
2196 *
2197 */
2198 if (!TEST_true(WPACKET_put_bytes_u16(&wpkt,
2199 TLSEXT_TYPE_quic_transport_parameters))
2200 || !TEST_true(WPACKET_start_sub_packet_u16(&wpkt)))
2201 goto err;
2202
2203 for (; PACKET_remaining(&pkt) > 0; ) {
2204 tp_p = (unsigned char *)ossl_quic_wire_decode_transport_param_bytes(&pkt,
2205 &id,
2206 &tp_len);
2207 if (!TEST_ptr(tp_p)) {
2208 TEST_mem_eq(PACKET_data(&pkt), PACKET_remaining(&pkt), NULL, 0);
2209 goto err;
2210 }
2211
2212 if (!TEST_true(tparam_handle(ctx, id, tp_p, tp_len, &wpkt)))
2213 goto err;
2214 }
2215
2216 if (ctx->t->op == TPARAM_OP_INJECT || ctx->t->op == TPARAM_OP_DROP_INJECT
2217 || ctx->t->op == TPARAM_OP_INJECT_TWICE) {
2218 if (!TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(&wpkt, ctx->t->id,
2219 ctx->t->buf,
2220 ctx->t->buf_len)))
2221 goto err;
2222
2223 if (ctx->t->op == TPARAM_OP_INJECT_TWICE
2224 && !TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(&wpkt, ctx->t->id,
2225 ctx->t->buf,
2226 ctx->t->buf_len)))
2227 goto err;
2228 } else if (ctx->t->op == TPARAM_OP_INJECT_RAW) {
2229 if (!TEST_true(WPACKET_memcpy(&wpkt, ctx->t->buf, ctx->t->buf_len)))
2230 goto err;
2231 }
2232
2233 if (!TEST_true(WPACKET_close(&wpkt))) /* end extension data, set length */
2234 goto err;
2235
2236 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
2237 goto err;
2238
2239 WPACKET_finish(&wpkt);
2240 have_wpkt = 0;
2241
2242 /*
2243 * Append the constructed extension blob to the extension block.
2244 */
2245 old_len = ee->extensionslen;
2246
2247 if (!qtest_fault_resize_message(qtf, ee->extensionslen + written))
2248 goto err;
2249
2250 memcpy(ee->extensions + old_len, new_bufm->data, written);
2251
2252 /* Fixup the extension block header (u16 length of entire block). */
2253 eb_len = (((uint16_t)ee->extensions[0]) << 8) + (uint16_t)ee->extensions[1];
2254 eb_len += written;
2255 ee->extensions[0] = (unsigned char)((eb_len >> 8) & 0xFF);
2256 ee->extensions[1] = (unsigned char)( eb_len & 0xFF);
2257
2258 rc = 1;
2259 err:
2260 if (have_wpkt)
2261 WPACKET_cleanup(&wpkt);
2262 BUF_MEM_free(old_bufm);
2263 BUF_MEM_free(new_bufm);
2264 return rc;
2265 }
2266
test_tparam(int idx)2267 static int test_tparam(int idx)
2268 {
2269 int testresult = 0;
2270 SSL_CTX *c_ctx = NULL;
2271 SSL *c_ssl = NULL;
2272 QUIC_TSERVER *s = NULL;
2273 QTEST_FAULT *qtf = NULL;
2274 struct tparam_ctx ctx = {0};
2275
2276 ctx.t = &tparam_tests[idx];
2277
2278 if (!TEST_ptr(c_ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
2279 goto err;
2280
2281 if (!TEST_true(qtest_create_quic_objects(libctx, c_ctx, NULL, cert,
2282 privkey, 0, &s,
2283 &c_ssl, &qtf, NULL)))
2284 goto err;
2285
2286 if (!TEST_true(qtest_fault_set_hand_enc_ext_listener(qtf, tparam_on_enc_ext,
2287 &ctx)))
2288 goto err;
2289
2290 if (!TEST_true(qtest_create_quic_connection_ex(s, c_ssl,
2291 ctx.t->expect_fail != NULL)))
2292 goto err;
2293
2294 if (ctx.t->expect_fail != NULL) {
2295 SSL_CONN_CLOSE_INFO info = {0};
2296
2297 if (!TEST_true(SSL_get_conn_close_info(c_ssl, &info, sizeof(info))))
2298 goto err;
2299
2300 if (!TEST_true((info.flags & SSL_CONN_CLOSE_FLAG_TRANSPORT) != 0)
2301 || !TEST_uint64_t_eq(info.error_code, OSSL_QUIC_ERR_TRANSPORT_PARAMETER_ERROR)
2302 || !TEST_ptr(strstr(info.reason, ctx.t->expect_fail))) {
2303 TEST_error("expected connection closure information mismatch"
2304 " during TPARAM test: flags=%llu ec=%llu reason='%s'",
2305 (unsigned long long)info.flags,
2306 (unsigned long long)info.error_code,
2307 info.reason);
2308 goto err;
2309 }
2310 }
2311
2312 testresult = 1;
2313 err:
2314 if (!testresult) {
2315 if (ctx.t->expect_fail != NULL)
2316 TEST_info("failed during test for id=%llu, op=%d, bl=%zu, "
2317 "expected failure='%s'", (unsigned long long)ctx.t->id,
2318 ctx.t->op, ctx.t->buf_len, ctx.t->expect_fail);
2319 else
2320 TEST_info("failed during test for id=%llu, op=%d, bl=%zu",
2321 (unsigned long long)ctx.t->id, ctx.t->op, ctx.t->buf_len);
2322 }
2323
2324 ossl_quic_tserver_free(s);
2325 SSL_free(c_ssl);
2326 SSL_CTX_free(c_ctx);
2327 qtest_fault_free(qtf);
2328 return testresult;
2329 }
2330
2331 static int new_called = 0;
2332 static SSL *cbssl = NULL;
2333
new_session_cb(SSL * ssl,SSL_SESSION * sess)2334 static int new_session_cb(SSL *ssl, SSL_SESSION *sess)
2335 {
2336 new_called++;
2337 /*
2338 * Remember the SSL ref we were called with. No need to up-ref this. It
2339 * should remain valid for the duration of the test.
2340 */
2341 cbssl = ssl;
2342 /*
2343 * sess has been up-refed for us, but we don't actually need it so free it
2344 * immediately.
2345 */
2346 SSL_SESSION_free(sess);
2347 return 1;
2348 }
2349
2350 /* Test using a new_session_cb with a QUIC SSL object works as expected */
test_session_cb(void)2351 static int test_session_cb(void)
2352 {
2353 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
2354 SSL *clientquic = NULL;
2355 QUIC_TSERVER *qtserv = NULL;
2356 int testresult = 0;
2357
2358 if (!TEST_ptr(cctx))
2359 goto err;
2360
2361 new_called = 0;
2362 cbssl = NULL;
2363 SSL_CTX_sess_set_new_cb(cctx, new_session_cb);
2364 SSL_CTX_set_session_cache_mode(cctx, SSL_SESS_CACHE_CLIENT);
2365
2366 if (!TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
2367 privkey,
2368 QTEST_FLAG_FAKE_TIME,
2369 &qtserv, &clientquic,
2370 NULL, NULL)))
2371 goto err;
2372
2373 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
2374 goto err;
2375
2376 /* Process the pending NewSessionTickets */
2377 if (!TEST_true(SSL_handle_events(clientquic)))
2378 goto err;
2379
2380 if (!TEST_int_eq(SSL_shutdown(clientquic), 0))
2381 goto err;
2382
2383 /*
2384 * Check the callback was called twice (we expect 2 tickets), and with the
2385 * correct SSL reference
2386 */
2387 if (!TEST_int_eq(new_called, 2)
2388 || !TEST_ptr_eq(clientquic, cbssl))
2389 goto err;
2390
2391 testresult = 1;
2392 err:
2393 cbssl = NULL;
2394 ossl_quic_tserver_free(qtserv);
2395 SSL_free(clientquic);
2396 SSL_CTX_free(cctx);
2397
2398 return testresult;
2399 }
2400
test_domain_flags(void)2401 static int test_domain_flags(void)
2402 {
2403 int testresult = 0;
2404 SSL_CTX *ctx = NULL;
2405 SSL *domain = NULL, *listener = NULL, *other_conn = NULL;
2406 uint64_t domain_flags = 0;
2407
2408 if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()))
2409 || !TEST_true(SSL_CTX_get_domain_flags(ctx, &domain_flags))
2410 || !TEST_uint64_t_ne(domain_flags, 0)
2411 || !TEST_uint64_t_ne(domain_flags & (SSL_DOMAIN_FLAG_SINGLE_THREAD
2412 | SSL_DOMAIN_FLAG_MULTI_THREAD), 0)
2413 || !TEST_uint64_t_ne(domain_flags & SSL_DOMAIN_FLAG_LEGACY_BLOCKING, 0)
2414 || !TEST_true(SSL_CTX_set_domain_flags(ctx, SSL_DOMAIN_FLAG_SINGLE_THREAD))
2415 || !TEST_true(SSL_CTX_get_domain_flags(ctx, &domain_flags))
2416 || !TEST_uint64_t_eq(domain_flags, SSL_DOMAIN_FLAG_SINGLE_THREAD)
2417 || !TEST_ptr(domain = SSL_new_domain(ctx, 0))
2418 || !TEST_true(SSL_get_domain_flags(domain, &domain_flags))
2419 || !TEST_uint64_t_eq(domain_flags, SSL_DOMAIN_FLAG_SINGLE_THREAD)
2420 || !TEST_true(other_conn = SSL_new(ctx))
2421 || !TEST_true(SSL_get_domain_flags(other_conn, &domain_flags))
2422 || !TEST_uint64_t_eq(domain_flags, SSL_DOMAIN_FLAG_SINGLE_THREAD)
2423 || !TEST_true(SSL_is_domain(domain))
2424 || !TEST_false(SSL_is_domain(other_conn))
2425 || !TEST_ptr_eq(SSL_get0_domain(domain), domain)
2426 || !TEST_ptr_null(SSL_get0_domain(other_conn))
2427 || !TEST_ptr(listener = SSL_new_listener_from(domain, 0))
2428 || !TEST_true(SSL_is_listener(listener))
2429 || !TEST_false(SSL_is_domain(listener))
2430 || !TEST_ptr_eq(SSL_get0_domain(listener), domain)
2431 || !TEST_ptr_eq(SSL_get0_listener(listener), listener))
2432 goto err;
2433
2434 testresult = 1;
2435 err:
2436 SSL_free(domain);
2437 SSL_free(listener);
2438 SSL_free(other_conn);
2439 SSL_CTX_free(ctx);
2440 return testresult;
2441 }
2442
2443 /*
2444 * Test that calling SSL_handle_events() early behaves as expected
2445 */
test_early_ticks(void)2446 static int test_early_ticks(void)
2447 {
2448 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
2449 SSL *clientquic = NULL;
2450 QUIC_TSERVER *qtserv = NULL;
2451 int testresult = 0;
2452 struct timeval tv;
2453 int inf = 0;
2454
2455 if (!TEST_ptr(cctx)
2456 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
2457 privkey, QTEST_FLAG_FAKE_TIME,
2458 &qtserv,
2459 &clientquic, NULL, NULL)))
2460 goto err;
2461
2462 if (!TEST_true(SSL_in_before(clientquic)))
2463 goto err;
2464
2465 if (!TEST_true(SSL_handle_events(clientquic)))
2466 goto err;
2467
2468 if (!TEST_true(SSL_get_event_timeout(clientquic, &tv, &inf))
2469 || !TEST_true(inf))
2470 goto err;
2471
2472 if (!TEST_false(SSL_has_pending(clientquic))
2473 || !TEST_int_eq(SSL_pending(clientquic), 0))
2474 goto err;
2475
2476 if (!TEST_true(SSL_in_before(clientquic)))
2477 goto err;
2478
2479 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
2480 goto err;
2481
2482 if (!TEST_false(SSL_in_before(clientquic)))
2483 goto err;
2484
2485 testresult = 1;
2486 err:
2487 SSL_free(clientquic);
2488 SSL_CTX_free(cctx);
2489 ossl_quic_tserver_free(qtserv);
2490 return testresult;
2491 }
2492
select_alpn(SSL * ssl,const unsigned char ** out,unsigned char * out_len,const unsigned char * in,unsigned int in_len,void * arg)2493 static int select_alpn(SSL *ssl, const unsigned char **out,
2494 unsigned char *out_len, const unsigned char *in,
2495 unsigned int in_len, void *arg)
2496 {
2497 static unsigned char alpn[] = { 8, 'o', 's', 's', 'l', 't', 'e', 's', 't' };
2498
2499 if (SSL_select_next_proto((unsigned char **)out, out_len, alpn, sizeof(alpn),
2500 in, in_len) == OPENSSL_NPN_NEGOTIATED)
2501 return SSL_TLSEXT_ERR_OK;
2502 return SSL_TLSEXT_ERR_ALERT_FATAL;
2503 }
2504
create_client_ctx(void)2505 static SSL_CTX *create_client_ctx(void)
2506 {
2507 SSL_CTX *ssl_ctx;
2508
2509 if (!TEST_ptr(ssl_ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()))) {
2510 SSL_CTX_free(ssl_ctx);
2511 ssl_ctx = NULL;
2512 }
2513
2514 return ssl_ctx;
2515 }
2516
create_server_ctx(void)2517 static SSL_CTX *create_server_ctx(void)
2518 {
2519 SSL_CTX *ssl_ctx;
2520
2521 if (!TEST_ptr(ssl_ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_server_method()))
2522 || !TEST_true(SSL_CTX_use_certificate_file(ssl_ctx, cert, SSL_FILETYPE_PEM))
2523 || !TEST_true(SSL_CTX_use_PrivateKey_file(ssl_ctx, privkey, SSL_FILETYPE_PEM))) {
2524 SSL_CTX_free(ssl_ctx);
2525 ssl_ctx = NULL;
2526 } else {
2527 SSL_CTX_set_alpn_select_cb(ssl_ctx, select_alpn, NULL);
2528 SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_NONE, NULL);
2529 }
2530
2531 return ssl_ctx;
2532 }
2533
create_addr(struct in_addr * ina,short int port)2534 static BIO_ADDR *create_addr(struct in_addr *ina, short int port)
2535 {
2536 BIO_ADDR *addr = NULL;
2537
2538 if (!TEST_ptr(addr = BIO_ADDR_new()))
2539 return NULL;
2540
2541 if (!TEST_true(BIO_ADDR_rawmake(addr, AF_INET, ina, sizeof(struct in_addr),
2542 htons(port)))) {
2543 BIO_ADDR_free(addr);
2544 return NULL;
2545 }
2546
2547 return addr;
2548 }
2549
bio_addr_bind(BIO * bio,BIO_ADDR * addr)2550 static int bio_addr_bind(BIO *bio, BIO_ADDR *addr)
2551 {
2552 int bio_caps = BIO_DGRAM_CAP_HANDLES_DST_ADDR | BIO_DGRAM_CAP_HANDLES_SRC_ADDR;
2553
2554 if (!TEST_true(BIO_dgram_set_caps(bio, bio_caps)))
2555 return 0;
2556
2557 if (!TEST_int_eq(BIO_dgram_set0_local_addr(bio, addr), 1))
2558 return 0;
2559
2560 return 1;
2561 }
2562
ql_create(SSL_CTX * ssl_ctx,BIO * bio)2563 static SSL *ql_create(SSL_CTX *ssl_ctx, BIO *bio)
2564 {
2565 SSL *qserver;
2566
2567 if (!TEST_ptr(qserver = SSL_new_listener(ssl_ctx, 0))) {
2568 BIO_free(bio);
2569 return NULL;
2570 }
2571
2572 SSL_set_bio(qserver, bio, bio);
2573
2574 if (!TEST_true(SSL_listen(qserver))) {
2575 SSL_free(qserver);
2576 return NULL;
2577 }
2578
2579 return qserver;
2580 }
2581
qc_init(SSL * qconn,BIO_ADDR * dst_addr)2582 static int qc_init(SSL *qconn, BIO_ADDR *dst_addr)
2583 {
2584 static unsigned char alpn[] = { 8, 'o', 's', 's', 'l', 't', 'e', 's', 't' };
2585
2586 if (!TEST_true(SSL_set1_initial_peer_addr(qconn, dst_addr)))
2587 return 0;
2588
2589 if (!TEST_false(SSL_set_alpn_protos(qconn, alpn, sizeof(alpn))))
2590 return 0;
2591
2592 return 1;
2593 }
2594
test_ssl_new_from_listener(void)2595 static int test_ssl_new_from_listener(void)
2596 {
2597 SSL_CTX *lctx = NULL, *sctx = NULL;
2598 SSL *qlistener = NULL, *qserver = NULL, *qconn = 0;
2599 int testresult = 0;
2600 int chk;
2601 BIO *lbio = NULL, *sbio = NULL;
2602 BIO_ADDR *addr = NULL;
2603 struct in_addr ina;
2604
2605 ina.s_addr = htonl(0x1f000001);
2606 if (!TEST_ptr(lctx = create_server_ctx())
2607 || !TEST_ptr(sctx = create_server_ctx())
2608 || !TEST_true(BIO_new_bio_dgram_pair(&lbio, 0, &sbio, 0)))
2609 goto err;
2610
2611 if (!TEST_ptr(addr = create_addr(&ina, 8040)))
2612 goto err;
2613
2614 if (!TEST_true(bio_addr_bind(lbio, addr)))
2615 goto err;
2616 addr = NULL;
2617
2618 if (!TEST_ptr(addr = create_addr(&ina, 4080)))
2619 goto err;
2620
2621 if (!TEST_true(bio_addr_bind(sbio, addr)))
2622 goto err;
2623 addr = NULL;
2624
2625 qlistener = ql_create(lctx, lbio);
2626 lbio = NULL;
2627 if (!TEST_ptr(qlistener))
2628 goto err;
2629
2630 qserver = ql_create(sctx, sbio);
2631 sbio = NULL;
2632 if (!TEST_ptr(qserver))
2633 goto err;
2634
2635 if (!TEST_ptr(qconn = SSL_new_from_listener(qlistener, 0)))
2636 goto err;
2637
2638 if (!TEST_ptr(addr = create_addr(&ina, 4080)))
2639 goto err;
2640
2641 chk = qc_init(qconn, addr);
2642 if (!TEST_true(chk))
2643 goto err;
2644
2645 while ((chk = SSL_do_handshake(qconn)) == -1) {
2646 SSL_handle_events(qserver);
2647 SSL_handle_events(qlistener);
2648 }
2649
2650 if (!TEST_int_gt(chk, 0)) {
2651 TEST_info("SSL_do_handshake() failed\n");
2652 goto err;
2653 }
2654
2655 testresult = 1;
2656 err:
2657 SSL_free(qconn);
2658 SSL_free(qlistener);
2659 SSL_free(qserver);
2660 BIO_free(lbio);
2661 BIO_free(sbio);
2662 SSL_CTX_free(sctx);
2663 SSL_CTX_free(lctx);
2664 BIO_ADDR_free(addr);
2665
2666 return testresult;
2667 }
2668
test_server_method_with_ssl_new(void)2669 static int test_server_method_with_ssl_new(void)
2670 {
2671 SSL_CTX *ctx = NULL;
2672 SSL *ssl = NULL;
2673 int ret = 0;
2674 unsigned long err;
2675
2676 /* Create a new SSL_CTX using the QUIC server method */
2677 ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_server_method());
2678 if (!TEST_ptr(ctx))
2679 goto end;
2680
2681 /* Try to create a new SSL object - this should fail */
2682 ssl = SSL_new(ctx);
2683
2684 /* Check that SSL_new() returned NULL */
2685 if (!TEST_ptr_null(ssl))
2686 goto end;
2687
2688 /* Check for the expected error */
2689 err = ERR_peek_error();
2690 if (!TEST_true(ERR_GET_LIB(err) == ERR_LIB_SSL &&
2691 ERR_GET_REASON(err) == ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED))
2692 goto end;
2693
2694 ret = 1;
2695
2696 end:
2697 SSL_free(ssl);
2698 SSL_CTX_free(ctx);
2699 return ret;
2700 }
2701
create_quic_ssl_objects(SSL_CTX * sctx,SSL_CTX * cctx,SSL ** lssl,SSL ** cssl)2702 static int create_quic_ssl_objects(SSL_CTX *sctx, SSL_CTX *cctx,
2703 SSL **lssl, SSL **cssl)
2704 {
2705 BIO_ADDR *addr = NULL;
2706 struct in_addr ina;
2707 BIO *cbio = NULL, *sbio = NULL;
2708 int ret = 0;
2709
2710 *cssl = *lssl = NULL;
2711 ina.s_addr = htonl(0x1f000001);
2712
2713 if (!TEST_true(BIO_new_bio_dgram_pair(&cbio, 0, &sbio, 0)))
2714 goto err;
2715
2716 if (!TEST_ptr(addr = create_addr(&ina, 8040)))
2717 goto err;
2718
2719 if (!TEST_true(bio_addr_bind(sbio, addr)))
2720 goto err;
2721 addr = NULL;
2722
2723 *lssl = ql_create(sctx, sbio);
2724 sbio = NULL;
2725 if (!TEST_ptr(*lssl))
2726 goto err;
2727
2728 if (!TEST_ptr(*cssl = SSL_new(cctx)))
2729 goto err;
2730
2731 if (!TEST_ptr(addr = create_addr(&ina, 8040)))
2732 goto err;
2733 if (!TEST_true(bio_addr_bind(cbio, addr)))
2734 goto err;
2735
2736 if (!TEST_true(qc_init(*cssl, addr))) {
2737 addr = NULL;
2738 goto err;
2739 }
2740 addr = NULL;
2741 SSL_set_bio(*cssl, cbio, cbio);
2742 cbio = NULL;
2743
2744 ret = 1;
2745
2746 err:
2747 if (!ret) {
2748 SSL_free(*cssl);
2749 SSL_free(*lssl);
2750 *cssl = *lssl = NULL;
2751 }
2752 BIO_free(cbio);
2753 BIO_free(sbio);
2754 BIO_ADDR_free(addr);
2755
2756 return ret;
2757 }
2758
test_ssl_accept_connection(void)2759 static int test_ssl_accept_connection(void)
2760 {
2761 SSL_CTX *cctx = NULL, *sctx = NULL;
2762 SSL *clientssl = NULL, *serverssl = NULL, *qlistener = NULL;
2763 int testresult = 0;
2764 int ret, i;
2765
2766 if (!TEST_ptr(sctx = create_server_ctx())
2767 || !TEST_ptr(cctx = create_client_ctx()))
2768 goto err;
2769
2770 if (!create_quic_ssl_objects(sctx, cctx, &qlistener, &clientssl))
2771 goto err;
2772
2773 /* Calling SSL_accept() on a listener is expected to fail */
2774 ret = SSL_accept(qlistener);
2775 if (!TEST_int_le(ret, 0)
2776 || !TEST_int_eq(SSL_get_error(qlistener, ret), SSL_ERROR_SSL))
2777 goto err;
2778
2779 /* Send ClientHello and server retry */
2780 for (i = 0; i < 2; i++) {
2781 ret = SSL_connect(clientssl);
2782 if (!TEST_int_le(ret, 0)
2783 || !TEST_int_eq(SSL_get_error(clientssl, ret), SSL_ERROR_WANT_READ))
2784 goto err;
2785 SSL_handle_events(qlistener);
2786 }
2787
2788 /* We expect a server SSL object which has not yet completed its handshake */
2789 serverssl = SSL_accept_connection(qlistener, 0);
2790 if (!TEST_ptr(serverssl) || !TEST_false(SSL_is_init_finished(serverssl)))
2791 goto err;
2792
2793 /* Call SSL_accept() and SSL_connect() until we are connected */
2794 if (!TEST_true(create_bare_ssl_connection(serverssl, clientssl,
2795 SSL_ERROR_NONE, 0, 0)))
2796 goto err;
2797
2798 testresult = 1;
2799
2800 err:
2801 SSL_free(serverssl);
2802 SSL_free(clientssl);
2803 SSL_free(qlistener);
2804 SSL_CTX_free(sctx);
2805 SSL_CTX_free(cctx);
2806
2807 return testresult;
2808 }
2809
2810 static SSL *quic_verify_ssl = NULL;
2811
quic_verify_cb(int ok,X509_STORE_CTX * ctx)2812 static int quic_verify_cb(int ok, X509_STORE_CTX *ctx)
2813 {
2814 SSL *cssl = (SSL *)X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
2815
2816 /* Confirm we got the SSL object we were expecting */
2817 return TEST_ptr_eq(cssl, quic_verify_ssl);
2818 }
2819
test_ssl_set_verify(void)2820 static int test_ssl_set_verify(void)
2821 {
2822 SSL_CTX *cctx = NULL, *sctx = NULL;
2823 SSL *clientssl = NULL, *serverssl = NULL, *qlistener = NULL;
2824 int testresult = 0;
2825 int ret, i;
2826
2827 if (!TEST_ptr(sctx = create_server_ctx())
2828 || !TEST_ptr(cctx = create_client_ctx()))
2829 goto err;
2830
2831 if (!create_quic_ssl_objects(sctx, cctx, &qlistener, &clientssl))
2832 goto err;
2833
2834 quic_verify_ssl = clientssl;
2835 SSL_set_verify(clientssl, SSL_VERIFY_PEER, quic_verify_cb);
2836
2837 /* Send ClientHello and server retry */
2838 for (i = 0; i < 2; i++) {
2839 ret = SSL_connect(clientssl);
2840 if (!TEST_int_le(ret, 0)
2841 || !TEST_int_eq(SSL_get_error(clientssl, ret), SSL_ERROR_WANT_READ))
2842 goto err;
2843 SSL_handle_events(qlistener);
2844 }
2845
2846 /* We expect a server SSL object which has not yet completed its handshake */
2847 serverssl = SSL_accept_connection(qlistener, 0);
2848
2849 /* Call SSL_accept() and SSL_connect() until we are connected */
2850 if (!TEST_true(create_bare_ssl_connection(serverssl, clientssl,
2851 SSL_ERROR_NONE, 0, 0)))
2852 goto err;
2853
2854 testresult = 1;
2855
2856 err:
2857 SSL_free(serverssl);
2858 SSL_free(clientssl);
2859 SSL_free(qlistener);
2860 SSL_CTX_free(sctx);
2861 SSL_CTX_free(cctx);
2862
2863 return testresult;
2864 }
2865
2866 /***********************************************************************************/
2867 OPT_TEST_DECLARE_USAGE("provider config certsdir datadir\n")
2868
setup_tests(void)2869 int setup_tests(void)
2870 {
2871 char *modulename;
2872 char *configfile;
2873
2874 libctx = OSSL_LIB_CTX_new();
2875 if (!TEST_ptr(libctx))
2876 return 0;
2877
2878 defctxnull = OSSL_PROVIDER_load(NULL, "null");
2879
2880 /*
2881 * Verify that the default and fips providers in the default libctx are not
2882 * available
2883 */
2884 if (!TEST_false(OSSL_PROVIDER_available(NULL, "default"))
2885 || !TEST_false(OSSL_PROVIDER_available(NULL, "fips")))
2886 goto err;
2887
2888 if (!test_skip_common_options()) {
2889 TEST_error("Error parsing test options\n");
2890 goto err;
2891 }
2892
2893 if (!TEST_ptr(modulename = test_get_argument(0))
2894 || !TEST_ptr(configfile = test_get_argument(1))
2895 || !TEST_ptr(certsdir = test_get_argument(2))
2896 || !TEST_ptr(datadir = test_get_argument(3)))
2897 goto err;
2898
2899 if (!TEST_true(OSSL_LIB_CTX_load_config(libctx, configfile)))
2900 goto err;
2901
2902 /* Check we have the expected provider available */
2903 if (!TEST_true(OSSL_PROVIDER_available(libctx, modulename)))
2904 goto err;
2905
2906 /* Check the default provider is not available */
2907 if (strcmp(modulename, "default") != 0
2908 && !TEST_false(OSSL_PROVIDER_available(libctx, "default")))
2909 goto err;
2910
2911 if (strcmp(modulename, "fips") == 0)
2912 is_fips = 1;
2913
2914 cert = test_mk_file_path(certsdir, "servercert.pem");
2915 if (cert == NULL)
2916 goto err;
2917
2918 ccert = test_mk_file_path(certsdir, "ee-client-chain.pem");
2919 if (ccert == NULL)
2920 goto err;
2921
2922 cauthca = test_mk_file_path(certsdir, "root-cert.pem");
2923 if (cauthca == NULL)
2924 goto err;
2925
2926 privkey = test_mk_file_path(certsdir, "serverkey.pem");
2927 if (privkey == NULL)
2928 goto err;
2929
2930 cprivkey = test_mk_file_path(certsdir, "ee-key.pem");
2931 if (privkey == NULL)
2932 goto err;
2933
2934 ADD_ALL_TESTS(test_quic_write_read, 3);
2935 ADD_TEST(test_fin_only_blocking);
2936 ADD_TEST(test_ciphersuites);
2937 ADD_TEST(test_cipher_find);
2938 ADD_TEST(test_version);
2939 #if defined(DO_SSL_TRACE_TEST)
2940 ADD_TEST(test_ssl_trace);
2941 #endif
2942 ADD_TEST(test_quic_forbidden_apis_ctx);
2943 ADD_TEST(test_quic_forbidden_apis);
2944 ADD_TEST(test_quic_forbidden_options);
2945 ADD_ALL_TESTS(test_quic_set_fd, 3);
2946 ADD_TEST(test_bio_ssl);
2947 ADD_TEST(test_back_pressure);
2948 ADD_TEST(test_multiple_dgrams);
2949 ADD_ALL_TESTS(test_non_io_retry, 2);
2950 ADD_TEST(test_quic_psk);
2951 ADD_ALL_TESTS(test_client_auth, 3);
2952 ADD_ALL_TESTS(test_alpn, 2);
2953 ADD_ALL_TESTS(test_noisy_dgram, 2);
2954 ADD_TEST(test_bw_limit);
2955 ADD_TEST(test_get_shutdown);
2956 ADD_ALL_TESTS(test_tparam, OSSL_NELEM(tparam_tests));
2957 ADD_TEST(test_session_cb);
2958 ADD_TEST(test_domain_flags);
2959 ADD_TEST(test_early_ticks);
2960 ADD_TEST(test_ssl_new_from_listener);
2961 #ifndef OPENSSL_NO_SSL_TRACE
2962 ADD_TEST(test_new_token);
2963 #endif
2964 ADD_TEST(test_server_method_with_ssl_new);
2965 ADD_TEST(test_ssl_accept_connection);
2966 ADD_TEST(test_ssl_set_verify);
2967 return 1;
2968 err:
2969 cleanup_tests();
2970 return 0;
2971 }
2972
cleanup_tests(void)2973 void cleanup_tests(void)
2974 {
2975 bio_f_noisy_dgram_filter_free();
2976 bio_f_pkt_split_dgram_filter_free();
2977 OPENSSL_free(cert);
2978 OPENSSL_free(privkey);
2979 OPENSSL_free(ccert);
2980 OPENSSL_free(cauthca);
2981 OPENSSL_free(cprivkey);
2982 OSSL_PROVIDER_unload(defctxnull);
2983 OSSL_LIB_CTX_free(libctx);
2984 }
2985