1 /* 2 * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <stdio.h> 11 #include <string.h> 12 13 #include <openssl/opensslconf.h> 14 #include <openssl/quic.h> 15 #include <openssl/rand.h> 16 17 #include "helpers/ssltestlib.h" 18 #include "helpers/quictestlib.h" 19 #include "testutil.h" 20 #include "testutil/output.h" 21 #include "../ssl/ssl_local.h" 22 #include "internal/quic_error.h" 23 24 static OSSL_LIB_CTX *libctx = NULL; 25 static OSSL_PROVIDER *defctxnull = NULL; 26 static char *certsdir = NULL; 27 static char *cert = NULL; 28 static char *ccert = NULL; 29 static char *cauthca = NULL; 30 static char *privkey = NULL; 31 static char *cprivkey = NULL; 32 static char *datadir = NULL; 33 34 static int is_fips = 0; 35 36 /* The ssltrace test assumes some options are switched on/off */ 37 #if !defined(OPENSSL_NO_SSL_TRACE) \ 38 && defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) \ 39 && !defined(OPENSSL_NO_ECX) && !defined(OPENSSL_NO_DH) \ 40 && !defined(OPENSSL_NO_ML_DSA) && !defined(OPENSSL_NO_ML_KEM) 41 # define DO_SSL_TRACE_TEST 42 #endif 43 44 /* 45 * Test that we read what we've written. 46 * Test 0: Non-blocking 47 * Test 1: Blocking 48 * Test 2: Blocking, introduce socket error, test error handling. 49 */ 50 static int test_quic_write_read(int idx) 51 { 52 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); 53 SSL_CTX *sctx = NULL; 54 SSL *clientquic = NULL; 55 QUIC_TSERVER *qtserv = NULL; 56 int j, k, ret = 0; 57 unsigned char buf[20], scratch[64]; 58 static char *msg = "A test message"; 59 size_t msglen = strlen(msg); 60 size_t numbytes = 0; 61 int ssock = 0, csock = 0; 62 uint64_t sid = UINT64_MAX; 63 SSL_SESSION *sess = NULL; 64 65 if (idx >= 1 && !qtest_supports_blocking()) 66 return TEST_skip("Blocking tests not supported in this build"); 67 68 for (k = 0; k < 2; k++) { 69 if (!TEST_ptr(cctx) 70 || !TEST_true(qtest_create_quic_objects(libctx, cctx, sctx, 71 cert, privkey, 72 idx >= 1 73 ? QTEST_FLAG_BLOCK 74 : 0, 75 &qtserv, &clientquic, 76 NULL, NULL)) 77 || !TEST_true(SSL_set_tlsext_host_name(clientquic, "localhost"))) 78 goto end; 79 80 if (sess != NULL && !TEST_true(SSL_set_session(clientquic, sess))) 81 goto end; 82 83 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic))) 84 goto end; 85 86 if (idx >= 1) { 87 if (!TEST_true(BIO_get_fd(ossl_quic_tserver_get0_rbio(qtserv), 88 &ssock))) 89 goto end; 90 if (!TEST_int_gt(csock = SSL_get_rfd(clientquic), 0)) 91 goto end; 92 } 93 94 sid = 0; /* client-initiated bidirectional stream */ 95 96 for (j = 0; j < 2; j++) { 97 /* Check that sending and receiving app data is ok */ 98 if (!TEST_true(SSL_write_ex(clientquic, msg, msglen, &numbytes)) 99 || !TEST_size_t_eq(numbytes, msglen)) 100 goto end; 101 if (idx >= 1) { 102 do { 103 if (!TEST_true(wait_until_sock_readable(ssock))) 104 goto end; 105 106 ossl_quic_tserver_tick(qtserv); 107 108 if (!TEST_true(ossl_quic_tserver_read(qtserv, sid, buf, 109 sizeof(buf), 110 &numbytes))) 111 goto end; 112 } while (numbytes == 0); 113 114 if (!TEST_mem_eq(buf, numbytes, msg, msglen)) 115 goto end; 116 } 117 118 if (idx >= 2 && j > 0) 119 /* Introduce permanent socket error */ 120 BIO_closesocket(csock); 121 122 ossl_quic_tserver_tick(qtserv); 123 if (!TEST_true(ossl_quic_tserver_write(qtserv, sid, 124 (unsigned char *)msg, 125 msglen, &numbytes))) 126 goto end; 127 ossl_quic_tserver_tick(qtserv); 128 SSL_handle_events(clientquic); 129 130 if (idx >= 2 && j > 0) { 131 if (!TEST_false(SSL_read_ex(clientquic, buf, 1, &numbytes)) 132 || !TEST_int_eq(SSL_get_error(clientquic, 0), 133 SSL_ERROR_SYSCALL) 134 || !TEST_false(SSL_write_ex(clientquic, msg, msglen, 135 &numbytes)) 136 || !TEST_int_eq(SSL_get_error(clientquic, 0), 137 SSL_ERROR_SYSCALL)) 138 goto end; 139 break; 140 } 141 142 /* 143 * In blocking mode the SSL_read_ex call will block until the socket 144 * is readable and has our data. In non-blocking mode we're doing 145 * everything in memory, so it should be immediately available 146 */ 147 if (!TEST_true(SSL_read_ex(clientquic, buf, 1, &numbytes)) 148 || !TEST_size_t_eq(numbytes, 1) 149 || !TEST_true(SSL_has_pending(clientquic)) 150 || !TEST_int_eq(SSL_pending(clientquic), msglen - 1) 151 || !TEST_true(SSL_read_ex(clientquic, buf + 1, 152 sizeof(buf) - 1, &numbytes)) 153 || !TEST_mem_eq(buf, numbytes + 1, msg, msglen)) 154 goto end; 155 } 156 157 /* Test that exporters work. */ 158 if (!TEST_true(SSL_export_keying_material(clientquic, scratch, 159 sizeof(scratch), "test", 4, (unsigned char *)"ctx", 3, 160 1))) 161 goto end; 162 163 if (sess == NULL) { 164 /* We didn't supply a session so we're not expecting resumption */ 165 if (!TEST_false(SSL_session_reused(clientquic))) 166 goto end; 167 /* We should have a session ticket by now */ 168 sess = SSL_get1_session(clientquic); 169 if (!TEST_ptr(sess)) 170 goto end; 171 } else { 172 /* We supplied a session so we should have resumed */ 173 if (!TEST_true(SSL_session_reused(clientquic))) 174 goto end; 175 } 176 177 if (!TEST_true(qtest_shutdown(qtserv, clientquic))) 178 goto end; 179 180 if (sctx == NULL) { 181 sctx = ossl_quic_tserver_get0_ssl_ctx(qtserv); 182 if (!TEST_true(SSL_CTX_up_ref(sctx))) { 183 sctx = NULL; 184 goto end; 185 } 186 } 187 ossl_quic_tserver_free(qtserv); 188 qtserv = NULL; 189 SSL_free(clientquic); 190 clientquic = NULL; 191 192 if (idx >= 2) 193 break; 194 } 195 196 ret = 1; 197 198 end: 199 SSL_SESSION_free(sess); 200 ossl_quic_tserver_free(qtserv); 201 SSL_free(clientquic); 202 SSL_CTX_free(cctx); 203 SSL_CTX_free(sctx); 204 205 return ret; 206 } 207 208 /* 209 * Test that sending FIN with no data to a client blocking in SSL_read_ex() will 210 * wake up the client. 211 */ 212 static int test_fin_only_blocking(void) 213 { 214 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); 215 SSL_CTX *sctx = NULL; 216 SSL *clientquic = NULL; 217 QUIC_TSERVER *qtserv = NULL; 218 const char *msg = "Hello World"; 219 uint64_t sid; 220 size_t numbytes; 221 unsigned char buf[32]; 222 int ret = 0; 223 OSSL_TIME timer, timediff; 224 225 if (!qtest_supports_blocking()) 226 return TEST_skip("Blocking tests not supported in this build"); 227 228 if (!TEST_ptr(cctx) 229 || !TEST_true(qtest_create_quic_objects(libctx, cctx, sctx, 230 cert, privkey, 231 QTEST_FLAG_BLOCK, 232 &qtserv, &clientquic, 233 NULL, NULL)) 234 || !TEST_true(SSL_set_tlsext_host_name(clientquic, "localhost"))) 235 goto end; 236 237 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic))) 238 goto end; 239 240 if (!TEST_true(ossl_quic_tserver_stream_new(qtserv, 0, &sid)) 241 || !TEST_true(ossl_quic_tserver_write(qtserv, sid, 242 (unsigned char *)msg, 243 strlen(msg), &numbytes)) 244 || !TEST_size_t_eq(strlen(msg), numbytes)) 245 goto end; 246 247 ossl_quic_tserver_tick(qtserv); 248 249 if (!TEST_true(SSL_read_ex(clientquic, buf, sizeof(buf), &numbytes)) 250 || !TEST_mem_eq(msg, strlen(msg), buf, numbytes)) 251 252 253 goto end; 254 255 if (!TEST_true(ossl_quic_tserver_conclude(qtserv, sid))) 256 goto end; 257 258 timer = ossl_time_now(); 259 if (!TEST_false(SSL_read_ex(clientquic, buf, sizeof(buf), &numbytes))) 260 goto end; 261 timediff = ossl_time_subtract(ossl_time_now(), timer); 262 263 if (!TEST_int_eq(SSL_get_error(clientquic, 0), SSL_ERROR_ZERO_RETURN) 264 /* 265 * We expect the SSL_read_ex to not have blocked so this should 266 * be very fast. 40ms should be plenty. 267 */ 268 || !TEST_uint64_t_le(ossl_time2ms(timediff), 40)) 269 goto end; 270 271 if (!TEST_true(qtest_shutdown(qtserv, clientquic))) 272 goto end; 273 274 ret = 1; 275 276 end: 277 ossl_quic_tserver_free(qtserv); 278 SSL_free(clientquic); 279 SSL_CTX_free(cctx); 280 SSL_CTX_free(sctx); 281 282 return ret; 283 } 284 285 /* Test that a vanilla QUIC SSL object has the expected ciphersuites available */ 286 static int test_ciphersuites(void) 287 { 288 SSL_CTX *ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); 289 SSL *ssl = NULL; 290 int testresult = 0; 291 const STACK_OF(SSL_CIPHER) *ciphers = NULL; 292 const SSL_CIPHER *cipher; 293 /* We expect this exact list of ciphersuites by default */ 294 int cipherids[] = { 295 TLS1_3_CK_AES_256_GCM_SHA384, 296 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) 297 TLS1_3_CK_CHACHA20_POLY1305_SHA256, 298 #endif 299 TLS1_3_CK_AES_128_GCM_SHA256 300 }; 301 size_t i, j; 302 303 if (!TEST_ptr(ctx)) 304 return 0; 305 306 /* 307 * Attempting to set TLSv1.2 ciphersuites should succeed, even though they 308 * aren't used in QUIC. 309 */ 310 if (!TEST_true(SSL_CTX_set_cipher_list(ctx, "DEFAULT"))) 311 goto err; 312 313 ssl = SSL_new(ctx); 314 if (!TEST_ptr(ssl)) 315 goto err; 316 317 if (!TEST_true(SSL_set_cipher_list(ssl, "DEFAULT"))) 318 goto err; 319 320 ciphers = SSL_get_ciphers(ssl); 321 322 for (i = 0, j = 0; i < OSSL_NELEM(cipherids); i++) { 323 if (cipherids[i] == TLS1_3_CK_CHACHA20_POLY1305_SHA256 && is_fips) 324 continue; 325 cipher = sk_SSL_CIPHER_value(ciphers, j++); 326 if (!TEST_ptr(cipher)) 327 goto err; 328 if (!TEST_uint_eq(SSL_CIPHER_get_id(cipher), cipherids[i])) 329 goto err; 330 } 331 332 /* We should have checked all the ciphers in the stack */ 333 if (!TEST_int_eq(sk_SSL_CIPHER_num(ciphers), j)) 334 goto err; 335 336 testresult = 1; 337 err: 338 SSL_free(ssl); 339 SSL_CTX_free(ctx); 340 341 return testresult; 342 } 343 344 static int test_cipher_find(void) 345 { 346 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); 347 SSL *clientquic = NULL; 348 struct { 349 const unsigned char *cipherbytes; 350 int ok; 351 } testciphers[] = { 352 { TLS13_AES_128_GCM_SHA256_BYTES, 1 }, 353 { TLS13_AES_256_GCM_SHA384_BYTES, 1 }, 354 { TLS13_CHACHA20_POLY1305_SHA256_BYTES, 1 }, 355 { TLS13_AES_128_CCM_SHA256_BYTES, 0 }, 356 { TLS13_AES_128_CCM_8_SHA256_BYTES, 0 }, 357 #if !defined(OPENSSL_NO_INTEGRITY_ONLY_CIPHERS) 358 { TLS13_SHA256_SHA256_BYTES, 0 }, 359 { TLS13_SHA384_SHA384_BYTES, 0 } 360 #endif 361 }; 362 size_t i; 363 int testresult = 0; 364 365 if (!TEST_ptr(cctx)) 366 goto err; 367 368 clientquic = SSL_new(cctx); 369 if (!TEST_ptr(clientquic)) 370 goto err; 371 372 for (i = 0; i < OSSL_NELEM(testciphers); i++) 373 if (testciphers[i].ok) { 374 if (!TEST_ptr(SSL_CIPHER_find(clientquic, 375 testciphers[i].cipherbytes))) 376 goto err; 377 } else { 378 if (!TEST_ptr_null(SSL_CIPHER_find(clientquic, 379 testciphers[i].cipherbytes))) 380 goto err; 381 } 382 383 testresult = 1; 384 err: 385 SSL_free(clientquic); 386 SSL_CTX_free(cctx); 387 388 return testresult; 389 } 390 391 /* 392 * Test that SSL_version, SSL_get_version, SSL_is_quic, SSL_is_tls and 393 * SSL_is_dtls return the expected results for a QUIC connection. Compare with 394 * test_version() in sslapitest.c which does the same thing for TLS/DTLS 395 * connections. 396 */ 397 static int test_version(void) 398 { 399 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); 400 SSL *clientquic = NULL; 401 QUIC_TSERVER *qtserv = NULL; 402 int testresult = 0; 403 404 if (!TEST_ptr(cctx) 405 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert, 406 privkey, 0, &qtserv, 407 &clientquic, NULL, NULL)) 408 || !TEST_true(qtest_create_quic_connection(qtserv, clientquic))) 409 goto err; 410 411 if (!TEST_int_eq(SSL_version(clientquic), OSSL_QUIC1_VERSION) 412 || !TEST_str_eq(SSL_get_version(clientquic), "QUICv1")) 413 goto err; 414 415 if (!TEST_true(SSL_is_quic(clientquic)) 416 || !TEST_false(SSL_is_tls(clientquic)) 417 || !TEST_false(SSL_is_dtls(clientquic))) 418 goto err; 419 420 421 testresult = 1; 422 err: 423 ossl_quic_tserver_free(qtserv); 424 SSL_free(clientquic); 425 SSL_CTX_free(cctx); 426 427 return testresult; 428 } 429 430 #if defined(DO_SSL_TRACE_TEST) 431 static void strip_line_ends(char *str) 432 { 433 size_t i; 434 435 for (i = strlen(str); 436 i > 0 && (str[i - 1] == '\n' || str[i - 1] == '\r'); 437 i--); 438 439 str[i] = '\0'; 440 } 441 442 static int compare_with_file(BIO *membio) 443 { 444 BIO *file = NULL, *newfile = NULL; 445 char buf1[8192], buf2[8192]; 446 char *reffile; 447 int ret = 0; 448 size_t i; 449 450 #ifdef OPENSSL_NO_ZLIB 451 reffile = test_mk_file_path(datadir, "ssltraceref.txt"); 452 #else 453 reffile = test_mk_file_path(datadir, "ssltraceref-zlib.txt"); 454 #endif 455 if (!TEST_ptr(reffile)) 456 goto err; 457 458 file = BIO_new_file(reffile, "rb"); 459 if (!TEST_ptr(file)) 460 goto err; 461 462 newfile = BIO_new_file("ssltraceref-new.txt", "wb"); 463 if (!TEST_ptr(newfile)) 464 goto err; 465 466 while (BIO_gets(membio, buf2, sizeof(buf2)) > 0) 467 if (BIO_puts(newfile, buf2) <= 0) { 468 TEST_error("Failed writing new file data"); 469 goto err; 470 } 471 472 if (!TEST_int_ge(BIO_seek(membio, 0), 0)) 473 goto err; 474 475 while (BIO_gets(file, buf1, sizeof(buf1)) > 0) { 476 size_t line_len; 477 478 if (BIO_gets(membio, buf2, sizeof(buf2)) <= 0) { 479 TEST_error("Failed reading mem data"); 480 goto err; 481 } 482 strip_line_ends(buf1); 483 strip_line_ends(buf2); 484 line_len = strlen(buf1); 485 if (line_len > 0 && buf1[line_len - 1] == '?') { 486 /* Wildcard at the EOL means ignore anything after it */ 487 if (strlen(buf2) > line_len) 488 buf2[line_len] = '\0'; 489 } 490 if (line_len != strlen(buf2)) { 491 TEST_error("Actual and ref line data length mismatch"); 492 TEST_info("%s", buf1); 493 TEST_info("%s", buf2); 494 goto err; 495 } 496 for (i = 0; i < line_len; i++) { 497 /* '?' is a wild card character in the reference text */ 498 if (buf1[i] == '?') 499 buf2[i] = '?'; 500 } 501 if (!TEST_str_eq(buf1, buf2)) 502 goto err; 503 } 504 if (!TEST_true(BIO_eof(file)) 505 || !TEST_true(BIO_eof(membio))) 506 goto err; 507 508 ret = 1; 509 err: 510 OPENSSL_free(reffile); 511 BIO_free(file); 512 BIO_free(newfile); 513 return ret; 514 } 515 516 /* 517 * Tests that the SSL_trace() msg_callback works as expected with a QUIC 518 * connection. This also provides testing of the msg_callback at the same time. 519 */ 520 static int test_ssl_trace(void) 521 { 522 SSL_CTX *cctx = NULL; 523 SSL *clientquic = NULL; 524 QUIC_TSERVER *qtserv = NULL; 525 int testresult = 0; 526 BIO *bio = NULL; 527 528 if (!TEST_ptr(cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())) 529 || !TEST_ptr(bio = BIO_new(BIO_s_mem())) 530 || !TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_128_GCM_SHA256")) 531 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert, 532 privkey, 533 QTEST_FLAG_FAKE_TIME, 534 &qtserv, 535 &clientquic, NULL, NULL))) 536 goto err; 537 538 SSL_set_msg_callback(clientquic, SSL_trace); 539 SSL_set_msg_callback_arg(clientquic, bio); 540 541 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic))) 542 goto err; 543 544 /* Skip the comparison of the trace when the fips provider is used. */ 545 if (is_fips) { 546 /* Check whether there was something written. */ 547 if (!TEST_int_gt(BIO_pending(bio), 0)) 548 goto err; 549 } else { 550 if (!TEST_true(compare_with_file(bio))) 551 goto err; 552 } 553 554 testresult = 1; 555 err: 556 ossl_quic_tserver_free(qtserv); 557 SSL_free(clientquic); 558 SSL_CTX_free(cctx); 559 BIO_free(bio); 560 561 return testresult; 562 } 563 #endif 564 565 #ifndef OPENSSL_NO_SSL_TRACE 566 enum { 567 INITIAL = 0, 568 GATHER_TOKEN = 1, 569 CHECK_TOKEN = 2, 570 SUCCESS = 3, 571 FAILED = 4 572 }; 573 574 static int find_new_token_data(BIO *membio) 575 { 576 char buf[1024]; 577 int state = INITIAL; 578 char *tmpstring; 579 char *tokenval = NULL; 580 /* 581 * This is a state machine, in which we traverse the ssl trace 582 * looking for a sequence of items 583 * The states are: 584 * +---Current State---|----------Action-------------|---Next State---+ 585 * | INITIAL | "Received Frame: New token" | GATHER_TOKEN | 586 * | | !"Received Frame: New token"| INITIAL | 587 * |-------------------|-----------------------------|----------------| 588 * | GATHER_TOKEN | "Token: <TOKENVAL>" | CHECK_TOKEN | 589 * | | !"Token: <TOKENVAL>" | FAILED | 590 * |-------------------|-----------------------------|----------------| 591 * | CHECK_TOKEN | "Token: <TOKENVAL>" | SUCCESS | 592 * | | EOF | FAILED | 593 * +-------------------|-----------------------------|----------------| 594 */ 595 596 while (state != SUCCESS 597 && state != FAILED 598 && BIO_gets(membio, buf, sizeof(buf)) > 0) { 599 switch (state) { 600 case INITIAL: 601 if (strstr(buf, "Received Frame: New token")) 602 state = GATHER_TOKEN; 603 break; 604 case GATHER_TOKEN: 605 TEST_info("Found New Token Marker\n"); 606 tmpstring = strstr(buf, "Token: "); 607 if (tmpstring == NULL) { 608 TEST_info("Next line did not contain a new token\n"); 609 state = FAILED; 610 } else { 611 if (!TEST_ptr(tokenval = OPENSSL_strdup(tmpstring))) 612 return 0; 613 state = CHECK_TOKEN; 614 TEST_info("Recorded Token %s\n", tokenval); 615 } 616 break; 617 case CHECK_TOKEN: 618 tmpstring = strstr(buf, "Token: "); 619 if (tmpstring != NULL 620 && !strcmp(tmpstring, tokenval)) { 621 state = SUCCESS; 622 TEST_info("Matched next connection token %s\n", tmpstring); 623 } 624 default: 625 break; 626 } 627 } 628 629 OPENSSL_free(tokenval); 630 return (state == SUCCESS); 631 } 632 633 static int test_new_token(void) 634 { 635 SSL_CTX *cctx = NULL; 636 SSL *clientquic = NULL; 637 SSL *clientquic2 = NULL; 638 QUIC_TSERVER *qtserv = NULL; 639 QUIC_TSERVER *qtserv2 = NULL; 640 int testresult = 0; 641 BIO *bio = NULL; 642 char msg[] = "The Quic Brown Fox"; 643 size_t written; 644 645 if (!TEST_ptr(cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())) 646 || !TEST_ptr(bio = BIO_new(BIO_s_mem())) 647 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert, 648 privkey, 649 QTEST_FLAG_FAKE_TIME, 650 &qtserv, 651 &clientquic, NULL, NULL))) 652 653 goto err; 654 655 SSL_set_msg_callback(clientquic, SSL_trace); 656 SSL_set_msg_callback_arg(clientquic, bio); 657 658 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic))) 659 goto err; 660 661 /* Send data from the client */ 662 if (!SSL_write_ex(clientquic, msg, sizeof(msg), &written)) 663 goto err; 664 665 if (written != sizeof(msg)) 666 goto err; 667 668 /* Receive data at the server */ 669 ossl_quic_tserver_tick(qtserv); 670 671 if (!TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert, 672 privkey, 673 QTEST_FLAG_FAKE_TIME, 674 &qtserv2, 675 &clientquic2, NULL, NULL))) 676 goto err; 677 678 SSL_set_msg_callback(clientquic2, SSL_trace); 679 SSL_set_msg_callback_arg(clientquic2, bio); 680 681 /* once we have our new token, create the subsequent connection */ 682 if (!TEST_true(qtest_create_quic_connection(qtserv2, clientquic2))) 683 goto err; 684 685 /* Skip the comparison of the trace when the fips provider is used. */ 686 if (!TEST_true(find_new_token_data(bio))) 687 goto err; 688 689 testresult = 1; 690 err: 691 ossl_quic_tserver_free(qtserv); 692 ossl_quic_tserver_free(qtserv2); 693 SSL_free(clientquic); 694 SSL_free(clientquic2); 695 SSL_CTX_free(cctx); 696 BIO_free(bio); 697 698 return testresult; 699 } 700 #endif 701 702 static int ensure_valid_ciphers(const STACK_OF(SSL_CIPHER) *ciphers) 703 { 704 size_t i; 705 706 /* Ensure ciphersuite list is suitably subsetted. */ 707 for (i = 0; i < (size_t)sk_SSL_CIPHER_num(ciphers); ++i) { 708 const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(ciphers, i); 709 switch (SSL_CIPHER_get_id(cipher)) { 710 case TLS1_3_CK_AES_128_GCM_SHA256: 711 case TLS1_3_CK_AES_256_GCM_SHA384: 712 case TLS1_3_CK_CHACHA20_POLY1305_SHA256: 713 break; 714 default: 715 TEST_error("forbidden cipher: %s", SSL_CIPHER_get_name(cipher)); 716 return 0; 717 } 718 } 719 720 return 1; 721 } 722 723 /* 724 * Test that handshake-layer APIs which shouldn't work don't work with QUIC. 725 */ 726 static int test_quic_forbidden_apis_ctx(void) 727 { 728 int testresult = 0; 729 SSL_CTX *ctx = NULL; 730 731 if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()))) 732 goto err; 733 734 #ifndef OPENSSL_NO_SRTP 735 /* This function returns 0 on success and 1 on error, and should fail. */ 736 if (!TEST_true(SSL_CTX_set_tlsext_use_srtp(ctx, "SRTP_AEAD_AES_128_GCM"))) 737 goto err; 738 #endif 739 740 /* 741 * List of ciphersuites we do and don't allow in QUIC. 742 */ 743 #define QUIC_CIPHERSUITES \ 744 "TLS_AES_128_GCM_SHA256:" \ 745 "TLS_AES_256_GCM_SHA384:" \ 746 "TLS_CHACHA20_POLY1305_SHA256" 747 748 #define NON_QUIC_CIPHERSUITES \ 749 "TLS_AES_128_CCM_SHA256:" \ 750 "TLS_AES_256_CCM_SHA384:" \ 751 "TLS_AES_128_CCM_8_SHA256:" \ 752 "TLS_SHA256_SHA256:" \ 753 "TLS_SHA384_SHA384" 754 755 /* Set TLSv1.3 ciphersuite list for the SSL_CTX. */ 756 if (!TEST_true(SSL_CTX_set_ciphersuites(ctx, 757 QUIC_CIPHERSUITES ":" 758 NON_QUIC_CIPHERSUITES))) 759 goto err; 760 761 /* 762 * Forbidden ciphersuites should show up in SSL_CTX accessors, they are only 763 * filtered in SSL_get1_supported_ciphers, so we don't check for 764 * non-inclusion here. 765 */ 766 767 testresult = 1; 768 err: 769 SSL_CTX_free(ctx); 770 return testresult; 771 } 772 773 static int test_quic_forbidden_apis(void) 774 { 775 int testresult = 0; 776 SSL_CTX *ctx = NULL; 777 SSL *ssl = NULL; 778 STACK_OF(SSL_CIPHER) *ciphers = NULL; 779 780 if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()))) 781 goto err; 782 783 if (!TEST_ptr(ssl = SSL_new(ctx))) 784 goto err; 785 786 #ifndef OPENSSL_NO_SRTP 787 /* This function returns 0 on success and 1 on error, and should fail. */ 788 if (!TEST_true(SSL_set_tlsext_use_srtp(ssl, "SRTP_AEAD_AES_128_GCM"))) 789 goto err; 790 #endif 791 792 /* Set TLSv1.3 ciphersuite list for the SSL_CTX. */ 793 if (!TEST_true(SSL_set_ciphersuites(ssl, 794 QUIC_CIPHERSUITES ":" 795 NON_QUIC_CIPHERSUITES))) 796 goto err; 797 798 /* Non-QUIC ciphersuites must not appear in supported ciphers list. */ 799 if (!TEST_ptr(ciphers = SSL_get1_supported_ciphers(ssl)) 800 || !TEST_true(ensure_valid_ciphers(ciphers))) 801 goto err; 802 803 testresult = 1; 804 err: 805 sk_SSL_CIPHER_free(ciphers); 806 SSL_free(ssl); 807 SSL_CTX_free(ctx); 808 return testresult; 809 } 810 811 static int test_quic_forbidden_options(void) 812 { 813 int testresult = 0; 814 SSL_CTX *ctx = NULL; 815 SSL *ssl = NULL; 816 char buf[16]; 817 size_t len; 818 819 if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()))) 820 goto err; 821 822 /* QUIC options restrictions do not affect SSL_CTX */ 823 SSL_CTX_set_options(ctx, UINT64_MAX); 824 825 if (!TEST_uint64_t_eq(SSL_CTX_get_options(ctx), UINT64_MAX)) 826 goto err; 827 828 /* Set options on CTX which should not be inherited (tested below). */ 829 SSL_CTX_set_read_ahead(ctx, 1); 830 SSL_CTX_set_max_early_data(ctx, 1); 831 SSL_CTX_set_recv_max_early_data(ctx, 1); 832 SSL_CTX_set_quiet_shutdown(ctx, 1); 833 834 if (!TEST_ptr(ssl = SSL_new(ctx))) 835 goto err; 836 837 /* Only permitted options get transferred to SSL object */ 838 if (!TEST_uint64_t_eq(SSL_get_options(ssl), OSSL_QUIC_PERMITTED_OPTIONS)) 839 goto err; 840 841 /* Try again using SSL_set_options */ 842 SSL_set_options(ssl, UINT64_MAX); 843 844 if (!TEST_uint64_t_eq(SSL_get_options(ssl), OSSL_QUIC_PERMITTED_OPTIONS)) 845 goto err; 846 847 /* Clear everything */ 848 SSL_clear_options(ssl, UINT64_MAX); 849 850 if (!TEST_uint64_t_eq(SSL_get_options(ssl), 0)) 851 goto err; 852 853 /* Readahead */ 854 if (!TEST_false(SSL_get_read_ahead(ssl))) 855 goto err; 856 857 SSL_set_read_ahead(ssl, 1); 858 if (!TEST_false(SSL_get_read_ahead(ssl))) 859 goto err; 860 861 /* Block padding */ 862 if (!TEST_true(SSL_set_block_padding(ssl, 0)) 863 || !TEST_true(SSL_set_block_padding(ssl, 1)) 864 || !TEST_false(SSL_set_block_padding(ssl, 2))) 865 goto err; 866 867 /* Max fragment length */ 868 if (!TEST_true(SSL_set_tlsext_max_fragment_length(ssl, TLSEXT_max_fragment_length_DISABLED)) 869 || !TEST_false(SSL_set_tlsext_max_fragment_length(ssl, TLSEXT_max_fragment_length_512))) 870 goto err; 871 872 /* Max early data */ 873 if (!TEST_false(SSL_set_recv_max_early_data(ssl, 1)) 874 || !TEST_false(SSL_set_max_early_data(ssl, 1))) 875 goto err; 876 877 /* Read/Write */ 878 if (!TEST_false(SSL_read_early_data(ssl, buf, sizeof(buf), &len)) 879 || !TEST_false(SSL_write_early_data(ssl, buf, sizeof(buf), &len))) 880 goto err; 881 882 /* Buffer Management */ 883 if (!TEST_true(SSL_alloc_buffers(ssl)) 884 || !TEST_false(SSL_free_buffers(ssl))) 885 goto err; 886 887 /* Pipelining */ 888 if (!TEST_false(SSL_set_max_send_fragment(ssl, 2)) 889 || !TEST_false(SSL_set_split_send_fragment(ssl, 2)) 890 || !TEST_false(SSL_set_max_pipelines(ssl, 2))) 891 goto err; 892 893 /* HRR */ 894 if (!TEST_false(SSL_stateless(ssl))) 895 goto err; 896 897 /* Quiet Shutdown */ 898 if (!TEST_false(SSL_get_quiet_shutdown(ssl))) 899 goto err; 900 901 /* No duplication */ 902 if (!TEST_ptr_null(SSL_dup(ssl))) 903 goto err; 904 905 /* No clear */ 906 if (!TEST_false(SSL_clear(ssl))) 907 goto err; 908 909 testresult = 1; 910 err: 911 SSL_free(ssl); 912 SSL_CTX_free(ctx); 913 return testresult; 914 } 915 916 static int test_quic_set_fd(int idx) 917 { 918 int testresult = 0; 919 SSL_CTX *ctx = NULL; 920 SSL *ssl = NULL; 921 int fd = -1, resfd = -1; 922 BIO *bio = NULL; 923 924 if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()))) 925 goto err; 926 927 if (!TEST_ptr(ssl = SSL_new(ctx))) 928 goto err; 929 930 if (!TEST_int_ge(fd = BIO_socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP, 0), 0)) 931 goto err; 932 933 if (idx == 0) { 934 if (!TEST_true(SSL_set_fd(ssl, fd))) 935 goto err; 936 if (!TEST_ptr(bio = SSL_get_rbio(ssl))) 937 goto err; 938 if (!TEST_ptr_eq(bio, SSL_get_wbio(ssl))) 939 goto err; 940 } else if (idx == 1) { 941 if (!TEST_true(SSL_set_rfd(ssl, fd))) 942 goto err; 943 if (!TEST_ptr(bio = SSL_get_rbio(ssl))) 944 goto err; 945 if (!TEST_ptr_null(SSL_get_wbio(ssl))) 946 goto err; 947 } else { 948 if (!TEST_true(SSL_set_wfd(ssl, fd))) 949 goto err; 950 if (!TEST_ptr(bio = SSL_get_wbio(ssl))) 951 goto err; 952 if (!TEST_ptr_null(SSL_get_rbio(ssl))) 953 goto err; 954 } 955 956 if (!TEST_int_eq(BIO_method_type(bio), BIO_TYPE_DGRAM)) 957 goto err; 958 959 if (!TEST_true(BIO_get_fd(bio, &resfd)) 960 || !TEST_int_eq(resfd, fd)) 961 goto err; 962 963 testresult = 1; 964 err: 965 SSL_free(ssl); 966 SSL_CTX_free(ctx); 967 if (fd >= 0) 968 BIO_closesocket(fd); 969 return testresult; 970 } 971 972 #define MAXLOOPS 1000 973 974 static int test_bio_ssl(void) 975 { 976 /* 977 * We just use OSSL_QUIC_client_method() rather than 978 * OSSL_QUIC_client_thread_method(). We will never leave the connection idle 979 * so we will always be implicitly handling time events anyway via other 980 * IO calls. 981 */ 982 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); 983 SSL *clientquic = NULL, *stream = NULL; 984 QUIC_TSERVER *qtserv = NULL; 985 int testresult = 0; 986 BIO *cbio = NULL, *strbio = NULL, *thisbio; 987 const char *msg = "Hello world"; 988 int abortctr = 0, err, clienterr = 0, servererr = 0, retc = 0, rets = 0; 989 size_t written, readbytes, msglen; 990 int sid = 0, i; 991 unsigned char buf[80]; 992 993 if (!TEST_ptr(cctx)) 994 goto err; 995 996 cbio = BIO_new_ssl(cctx, 1); 997 if (!TEST_ptr(cbio)) 998 goto err; 999 1000 /* 1001 * We must configure the ALPN/peer address etc so we get the SSL object in 1002 * order to pass it to qtest_create_quic_objects for configuration. 1003 */ 1004 if (!TEST_int_eq(BIO_get_ssl(cbio, &clientquic), 1)) 1005 goto err; 1006 1007 if (!TEST_true(qtest_create_quic_objects(libctx, NULL, NULL, cert, privkey, 1008 QTEST_FLAG_FAKE_TIME, &qtserv, 1009 &clientquic, NULL, NULL))) 1010 goto err; 1011 1012 msglen = strlen(msg); 1013 1014 do { 1015 err = BIO_FLAGS_WRITE; 1016 while (!clienterr && !retc && err == BIO_FLAGS_WRITE) { 1017 retc = BIO_write_ex(cbio, msg, msglen, &written); 1018 if (!retc) { 1019 if (BIO_should_retry(cbio)) 1020 err = BIO_retry_type(cbio); 1021 else 1022 err = 0; 1023 } 1024 } 1025 1026 if (!clienterr && retc <= 0 && err != BIO_FLAGS_READ) { 1027 TEST_info("BIO_write_ex() failed %d, %d", retc, err); 1028 TEST_openssl_errors(); 1029 clienterr = 1; 1030 } 1031 1032 if (!servererr && rets <= 0) { 1033 ossl_quic_tserver_tick(qtserv); 1034 qtest_add_time(100); 1035 servererr = ossl_quic_tserver_is_term_any(qtserv); 1036 if (!servererr) 1037 rets = ossl_quic_tserver_is_handshake_confirmed(qtserv); 1038 } 1039 1040 if (clienterr && servererr) 1041 goto err; 1042 1043 if (++abortctr == MAXLOOPS) { 1044 TEST_info("No progress made"); 1045 goto err; 1046 } 1047 } while ((!retc && !clienterr) || (rets <= 0 && !servererr)); 1048 1049 /* 1050 * 2 loops: The first using the default stream, and the second using a new 1051 * client initiated bidi stream. 1052 */ 1053 for (i = 0, thisbio = cbio; i < 2; i++) { 1054 if (!TEST_true(ossl_quic_tserver_read(qtserv, sid, buf, sizeof(buf), 1055 &readbytes)) 1056 || !TEST_mem_eq(msg, msglen, buf, readbytes)) 1057 goto err; 1058 1059 if (!TEST_true(ossl_quic_tserver_write(qtserv, sid, (unsigned char *)msg, 1060 msglen, &written))) 1061 goto err; 1062 ossl_quic_tserver_tick(qtserv); 1063 1064 if (!TEST_true(BIO_read_ex(thisbio, buf, sizeof(buf), &readbytes)) 1065 || !TEST_mem_eq(msg, msglen, buf, readbytes)) 1066 goto err; 1067 1068 if (i == 1) 1069 break; 1070 1071 if (!TEST_true(SSL_set_mode(clientquic, 0))) 1072 goto err; 1073 1074 /* 1075 * Now create a new stream and repeat. The bottom two bits of the stream 1076 * id represents whether the stream is bidi and whether it is client 1077 * initiated or not. For client initiated bidi they are both 0. So the 1078 * first client initiated bidi stream is 0 and the next one is 4. 1079 */ 1080 sid = 4; 1081 stream = SSL_new_stream(clientquic, 0); 1082 if (!TEST_ptr(stream)) 1083 goto err; 1084 1085 if (!TEST_true(SSL_set_mode(stream, 0))) 1086 goto err; 1087 1088 thisbio = strbio = BIO_new(BIO_f_ssl()); 1089 if (!TEST_ptr(strbio)) 1090 goto err; 1091 1092 if (!TEST_int_eq(BIO_set_ssl(thisbio, stream, BIO_CLOSE), 1)) 1093 goto err; 1094 stream = NULL; 1095 1096 if (!TEST_true(BIO_write_ex(thisbio, msg, msglen, &written))) 1097 goto err; 1098 1099 ossl_quic_tserver_tick(qtserv); 1100 } 1101 1102 testresult = 1; 1103 err: 1104 BIO_free_all(cbio); 1105 BIO_free_all(strbio); 1106 SSL_free(stream); 1107 ossl_quic_tserver_free(qtserv); 1108 SSL_CTX_free(cctx); 1109 1110 return testresult; 1111 } 1112 1113 #define BACK_PRESSURE_NUM_LOOPS 10000 1114 /* 1115 * Test that sending data from the client to the server faster than the server 1116 * can process it eventually results in back pressure on the client. 1117 */ 1118 static int test_back_pressure(void) 1119 { 1120 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); 1121 SSL *clientquic = NULL; 1122 QUIC_TSERVER *qtserv = NULL; 1123 int testresult = 0; 1124 unsigned char *msg = NULL; 1125 const size_t msglen = 1024; 1126 unsigned char buf[64]; 1127 size_t readbytes, written; 1128 int i; 1129 1130 if (!TEST_ptr(cctx) 1131 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert, 1132 privkey, 0, &qtserv, 1133 &clientquic, NULL, NULL)) 1134 || !TEST_true(qtest_create_quic_connection(qtserv, clientquic))) 1135 goto err; 1136 1137 msg = OPENSSL_malloc(msglen); 1138 if (!TEST_ptr(msg)) 1139 goto err; 1140 if (!TEST_int_eq(RAND_bytes_ex(libctx, msg, msglen, 0), 1)) 1141 goto err; 1142 1143 /* 1144 * Limit to 10000 loops. If we've not seen any back pressure after that 1145 * we're going to run out of memory, so abort. 1146 */ 1147 for (i = 0; i < BACK_PRESSURE_NUM_LOOPS; i++) { 1148 /* Send data from the client */ 1149 if (!SSL_write_ex(clientquic, msg, msglen, &written)) { 1150 /* Check if we are seeing back pressure */ 1151 if (SSL_get_error(clientquic, 0) == SSL_ERROR_WANT_WRITE) 1152 break; 1153 TEST_error("Unexpected client failure"); 1154 goto err; 1155 } 1156 1157 /* Receive data at the server */ 1158 ossl_quic_tserver_tick(qtserv); 1159 if (!TEST_true(ossl_quic_tserver_read(qtserv, 0, buf, sizeof(buf), 1160 &readbytes))) 1161 goto err; 1162 } 1163 1164 if (i == BACK_PRESSURE_NUM_LOOPS) { 1165 TEST_error("No back pressure seen"); 1166 goto err; 1167 } 1168 1169 testresult = 1; 1170 err: 1171 SSL_free(clientquic); 1172 ossl_quic_tserver_free(qtserv); 1173 SSL_CTX_free(cctx); 1174 OPENSSL_free(msg); 1175 1176 return testresult; 1177 } 1178 1179 1180 static int dgram_ctr = 0; 1181 1182 static void dgram_cb(int write_p, int version, int content_type, 1183 const void *buf, size_t msglen, SSL *ssl, void *arg) 1184 { 1185 if (!write_p) 1186 return; 1187 1188 if (content_type != SSL3_RT_QUIC_DATAGRAM) 1189 return; 1190 1191 dgram_ctr++; 1192 } 1193 1194 /* Test that we send multiple datagrams in one go when appropriate */ 1195 static int test_multiple_dgrams(void) 1196 { 1197 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); 1198 SSL *clientquic = NULL; 1199 QUIC_TSERVER *qtserv = NULL; 1200 int testresult = 0; 1201 unsigned char *buf; 1202 const size_t buflen = 1400; 1203 size_t written; 1204 1205 buf = OPENSSL_zalloc(buflen); 1206 1207 if (!TEST_ptr(cctx) 1208 || !TEST_ptr(buf) 1209 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert, 1210 privkey, 0, &qtserv, 1211 &clientquic, NULL, NULL)) 1212 || !TEST_true(qtest_create_quic_connection(qtserv, clientquic))) 1213 goto err; 1214 1215 dgram_ctr = 0; 1216 SSL_set_msg_callback(clientquic, dgram_cb); 1217 if (!TEST_true(SSL_write_ex(clientquic, buf, buflen, &written)) 1218 || !TEST_size_t_eq(written, buflen) 1219 /* We wrote enough data for 2 datagrams */ 1220 || !TEST_int_eq(dgram_ctr, 2)) 1221 goto err; 1222 1223 testresult = 1; 1224 err: 1225 OPENSSL_free(buf); 1226 SSL_free(clientquic); 1227 ossl_quic_tserver_free(qtserv); 1228 SSL_CTX_free(cctx); 1229 1230 return testresult; 1231 } 1232 1233 static int non_io_retry_cert_verify_cb(X509_STORE_CTX *ctx, void *arg) 1234 { 1235 int idx = SSL_get_ex_data_X509_STORE_CTX_idx(); 1236 SSL *ssl; 1237 const int *allow = (int *)arg; 1238 1239 /* this should not happen but check anyway */ 1240 if (idx < 0 1241 || (ssl = X509_STORE_CTX_get_ex_data(ctx, idx)) == NULL) 1242 return 0; 1243 1244 /* If this is our first attempt then retry */ 1245 if (*allow == 0) 1246 return SSL_set_retry_verify(ssl); 1247 1248 /* Otherwise do nothing - verification succeeds. Continue as normal */ 1249 return 1; 1250 } 1251 1252 /* Test that we can handle a non-io related retry error 1253 * Test 0: Non-blocking 1254 * Test 1: Blocking 1255 */ 1256 static int test_non_io_retry(int idx) 1257 { 1258 SSL_CTX *cctx; 1259 SSL *clientquic = NULL; 1260 QUIC_TSERVER *qtserv = NULL; 1261 int testresult = 0; 1262 int flags = 0, allow = 0; 1263 1264 if (idx >= 1 && !qtest_supports_blocking()) 1265 return TEST_skip("Blocking tests not supported in this build"); 1266 1267 cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); 1268 if (!TEST_ptr(cctx)) 1269 goto err; 1270 1271 SSL_CTX_set_cert_verify_callback(cctx, non_io_retry_cert_verify_cb, &allow); 1272 1273 flags = (idx >= 1) ? QTEST_FLAG_BLOCK : 0; 1274 if (!TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert, privkey, 1275 flags, &qtserv, &clientquic, NULL, 1276 NULL)) 1277 || !TEST_true(qtest_create_quic_connection_ex(qtserv, clientquic, 1278 SSL_ERROR_WANT_RETRY_VERIFY)) 1279 || !TEST_int_eq(SSL_want(clientquic), SSL_RETRY_VERIFY)) 1280 goto err; 1281 1282 allow = 1; 1283 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic))) 1284 goto err; 1285 1286 testresult = 1; 1287 err: 1288 SSL_free(clientquic); 1289 ossl_quic_tserver_free(qtserv); 1290 SSL_CTX_free(cctx); 1291 1292 return testresult; 1293 } 1294 1295 static int use_session_cb_cnt = 0; 1296 static int find_session_cb_cnt = 0; 1297 static const char *pskid = "Identity"; 1298 static SSL_SESSION *serverpsk = NULL, *clientpsk = NULL; 1299 1300 static int use_session_cb(SSL *ssl, const EVP_MD *md, const unsigned char **id, 1301 size_t *idlen, SSL_SESSION **sess) 1302 { 1303 use_session_cb_cnt++; 1304 1305 if (clientpsk == NULL || !SSL_SESSION_up_ref(clientpsk)) 1306 return 0; 1307 1308 *sess = clientpsk; 1309 *id = (const unsigned char *)pskid; 1310 *idlen = strlen(pskid); 1311 1312 return 1; 1313 } 1314 1315 static int find_session_cb(SSL *ssl, const unsigned char *identity, 1316 size_t identity_len, SSL_SESSION **sess) 1317 { 1318 find_session_cb_cnt++; 1319 1320 if (serverpsk == NULL || !SSL_SESSION_up_ref(serverpsk)) 1321 return 0; 1322 1323 /* Identity should match that set by the client */ 1324 if (strlen(pskid) != identity_len 1325 || strncmp(pskid, (const char *)identity, identity_len) != 0) { 1326 SSL_SESSION_free(serverpsk); 1327 return 0; 1328 } 1329 1330 *sess = serverpsk; 1331 1332 return 1; 1333 } 1334 1335 static int test_quic_psk(void) 1336 { 1337 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); 1338 SSL *clientquic = NULL; 1339 QUIC_TSERVER *qtserv = NULL; 1340 int testresult = 0; 1341 1342 if (!TEST_ptr(cctx) 1343 /* No cert or private key for the server, i.e. PSK only */ 1344 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, NULL, 1345 NULL, 0, &qtserv, 1346 &clientquic, NULL, NULL))) 1347 goto end; 1348 1349 SSL_set_psk_use_session_callback(clientquic, use_session_cb); 1350 ossl_quic_tserver_set_psk_find_session_cb(qtserv, find_session_cb); 1351 use_session_cb_cnt = 0; 1352 find_session_cb_cnt = 0; 1353 1354 clientpsk = serverpsk = create_a_psk(clientquic, SHA384_DIGEST_LENGTH); 1355 /* We already had one ref. Add another one */ 1356 if (!TEST_ptr(clientpsk) || !TEST_true(SSL_SESSION_up_ref(clientpsk))) 1357 goto end; 1358 1359 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)) 1360 || !TEST_int_eq(1, find_session_cb_cnt) 1361 || !TEST_int_eq(1, use_session_cb_cnt) 1362 /* Check that we actually used the PSK */ 1363 || !TEST_true(SSL_session_reused(clientquic))) 1364 goto end; 1365 1366 testresult = 1; 1367 1368 end: 1369 SSL_free(clientquic); 1370 ossl_quic_tserver_free(qtserv); 1371 SSL_CTX_free(cctx); 1372 SSL_SESSION_free(clientpsk); 1373 SSL_SESSION_free(serverpsk); 1374 clientpsk = serverpsk = NULL; 1375 1376 return testresult; 1377 } 1378 1379 static int test_client_auth(int idx) 1380 { 1381 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); 1382 SSL_CTX *sctx = SSL_CTX_new_ex(libctx, NULL, TLS_method()); 1383 SSL *clientquic = NULL; 1384 QUIC_TSERVER *qtserv = NULL; 1385 int testresult = 0; 1386 unsigned char buf[20]; 1387 static char *msg = "A test message"; 1388 size_t msglen = strlen(msg); 1389 size_t numbytes = 0; 1390 1391 if (!TEST_ptr(cctx) || !TEST_ptr(sctx)) 1392 goto err; 1393 1394 SSL_CTX_set_verify(sctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT 1395 | SSL_VERIFY_CLIENT_ONCE, NULL); 1396 1397 if (!TEST_true(SSL_CTX_load_verify_file(sctx, cauthca))) 1398 goto err; 1399 1400 if (idx > 0 1401 && (!TEST_true(SSL_CTX_use_certificate_chain_file(cctx, ccert)) 1402 || !TEST_true(SSL_CTX_use_PrivateKey_file(cctx, cprivkey, 1403 SSL_FILETYPE_PEM)))) 1404 goto err; 1405 1406 if (!TEST_true(qtest_create_quic_objects(libctx, cctx, sctx, cert, 1407 privkey, 0, &qtserv, 1408 &clientquic, NULL, NULL))) 1409 goto err; 1410 1411 if (idx > 1) { 1412 if (!TEST_true(ssl_ctx_add_large_cert_chain(libctx, cctx, ccert)) 1413 || !TEST_true(ssl_ctx_add_large_cert_chain(libctx, sctx, cert))) 1414 goto err; 1415 } 1416 1417 if (idx == 0) { 1418 if (!TEST_false(qtest_create_quic_connection(qtserv, clientquic))) 1419 goto err; 1420 1421 /* negative test passed */ 1422 testresult = 1; 1423 goto err; 1424 } 1425 1426 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic))) 1427 goto err; 1428 1429 /* Check that sending and receiving app data is ok */ 1430 if (!TEST_true(SSL_write_ex(clientquic, msg, msglen, &numbytes)) 1431 || !TEST_size_t_eq(numbytes, msglen)) 1432 goto err; 1433 1434 ossl_quic_tserver_tick(qtserv); 1435 if (!TEST_true(ossl_quic_tserver_write(qtserv, 0, 1436 (unsigned char *)msg, 1437 msglen, &numbytes))) 1438 goto err; 1439 1440 ossl_quic_tserver_tick(qtserv); 1441 SSL_handle_events(clientquic); 1442 1443 if (!TEST_true(SSL_read_ex(clientquic, buf, sizeof(buf), &numbytes)) 1444 || !TEST_size_t_eq(numbytes, msglen) 1445 || !TEST_mem_eq(buf, numbytes, msg, msglen)) 1446 goto err; 1447 1448 if (!TEST_true(qtest_shutdown(qtserv, clientquic))) 1449 goto err; 1450 1451 testresult = 1; 1452 1453 err: 1454 SSL_free(clientquic); 1455 ossl_quic_tserver_free(qtserv); 1456 SSL_CTX_free(sctx); 1457 SSL_CTX_free(cctx); 1458 1459 return testresult; 1460 } 1461 1462 /* 1463 * Test that we correctly handle ALPN supplied by the application 1464 * Test 0: ALPN is provided 1465 * Test 1: No ALPN is provided 1466 */ 1467 static int test_alpn(int idx) 1468 { 1469 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); 1470 SSL *clientquic = NULL; 1471 QUIC_TSERVER *qtserv = NULL; 1472 int testresult = 0; 1473 int ret; 1474 1475 /* 1476 * Ensure we only configure ciphersuites that are available with both the 1477 * default and fips providers to get the same output in both cases 1478 */ 1479 if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_128_GCM_SHA256"))) 1480 goto err; 1481 1482 if (!TEST_ptr(cctx) 1483 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert, 1484 privkey, 1485 QTEST_FLAG_FAKE_TIME, 1486 &qtserv, 1487 &clientquic, NULL, NULL))) 1488 goto err; 1489 1490 if (idx == 0) { 1491 /* 1492 * Clear the ALPN we set in qtest_create_quic_objects. We use TEST_false 1493 * because SSL_set_alpn_protos returns 0 for success. 1494 */ 1495 if (!TEST_false(SSL_set_alpn_protos(clientquic, NULL, 0))) 1496 goto err; 1497 } 1498 1499 ret = SSL_connect(clientquic); 1500 if (!TEST_int_le(ret, 0)) 1501 goto err; 1502 if (idx == 0) { 1503 /* We expect an immediate error due to lack of ALPN */ 1504 if (!TEST_int_eq(SSL_get_error(clientquic, ret), SSL_ERROR_SSL)) 1505 goto err; 1506 } else { 1507 /* ALPN was provided so we expect the connection to succeed */ 1508 if (!TEST_int_eq(SSL_get_error(clientquic, ret), SSL_ERROR_WANT_READ) 1509 || !TEST_true(qtest_create_quic_connection(qtserv, clientquic))) 1510 goto err; 1511 } 1512 1513 testresult = 1; 1514 err: 1515 ossl_quic_tserver_free(qtserv); 1516 SSL_free(clientquic); 1517 SSL_CTX_free(cctx); 1518 1519 return testresult; 1520 } 1521 1522 /* 1523 * Test SSL_get_shutdown() behavior. 1524 */ 1525 static int test_get_shutdown(void) 1526 { 1527 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); 1528 SSL *clientquic = NULL; 1529 QUIC_TSERVER *qtserv = NULL; 1530 int testresult = 0; 1531 1532 if (!TEST_ptr(cctx) 1533 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert, 1534 privkey, 1535 QTEST_FLAG_FAKE_TIME, 1536 &qtserv, &clientquic, 1537 NULL, NULL)) 1538 || !TEST_true(qtest_create_quic_connection(qtserv, clientquic))) 1539 goto err; 1540 1541 if (!TEST_int_eq(SSL_get_shutdown(clientquic), 0)) 1542 goto err; 1543 1544 if (!TEST_int_eq(SSL_shutdown(clientquic), 0)) 1545 goto err; 1546 1547 if (!TEST_int_eq(SSL_get_shutdown(clientquic), SSL_SENT_SHUTDOWN)) 1548 goto err; 1549 1550 do { 1551 ossl_quic_tserver_tick(qtserv); 1552 qtest_add_time(100); 1553 } while (SSL_shutdown(clientquic) == 0); 1554 1555 if (!TEST_int_eq(SSL_get_shutdown(clientquic), 1556 SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) 1557 goto err; 1558 1559 testresult = 1; 1560 err: 1561 ossl_quic_tserver_free(qtserv); 1562 SSL_free(clientquic); 1563 SSL_CTX_free(cctx); 1564 1565 return testresult; 1566 } 1567 1568 #define MAX_LOOPS 2000 1569 1570 /* 1571 * Keep retrying SSL_read_ex until it succeeds or we give up. Accept a stream 1572 * if we don't already have one 1573 */ 1574 static int unreliable_client_read(SSL *clientquic, SSL **stream, void *buf, 1575 size_t buflen, size_t *readbytes, 1576 QUIC_TSERVER *qtserv) 1577 { 1578 int abortctr; 1579 1580 /* We just do this in a loop with a sleep for simplicity */ 1581 for (abortctr = 0; abortctr < MAX_LOOPS; abortctr++) { 1582 if (*stream == NULL) { 1583 SSL_handle_events(clientquic); 1584 *stream = SSL_accept_stream(clientquic, 0); 1585 } 1586 1587 if (*stream != NULL) { 1588 if (SSL_read_ex(*stream, buf, buflen, readbytes)) 1589 return 1; 1590 if (!TEST_int_eq(SSL_get_error(*stream, 0), SSL_ERROR_WANT_READ)) 1591 return 0; 1592 } 1593 ossl_quic_tserver_tick(qtserv); 1594 qtest_add_time(1); 1595 qtest_wait_for_timeout(clientquic, qtserv); 1596 } 1597 1598 TEST_error("No progress made"); 1599 return 0; 1600 } 1601 1602 /* Keep retrying ossl_quic_tserver_read until it succeeds or we give up */ 1603 static int unreliable_server_read(QUIC_TSERVER *qtserv, uint64_t sid, 1604 void *buf, size_t buflen, size_t *readbytes, 1605 SSL *clientquic) 1606 { 1607 int abortctr; 1608 1609 /* We just do this in a loop with a sleep for simplicity */ 1610 for (abortctr = 0; abortctr < MAX_LOOPS; abortctr++) { 1611 if (ossl_quic_tserver_read(qtserv, sid, buf, buflen, readbytes) 1612 && *readbytes > 1) 1613 return 1; 1614 ossl_quic_tserver_tick(qtserv); 1615 SSL_handle_events(clientquic); 1616 qtest_add_time(1); 1617 qtest_wait_for_timeout(clientquic, qtserv); 1618 } 1619 1620 TEST_error("No progress made"); 1621 return 0; 1622 } 1623 1624 /* 1625 * Create a connection and send data using an unreliable transport. We introduce 1626 * random noise to drop, delay and duplicate datagrams. 1627 * Test 0: Introduce random noise to datagrams 1628 * Test 1: As with test 0 but also split datagrams containing multiple packets 1629 * into individual datagrams so that individual packets can be affected 1630 * by noise - not just a whole datagram. 1631 */ 1632 static int test_noisy_dgram(int idx) 1633 { 1634 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); 1635 SSL *clientquic = NULL, *stream[2] = { NULL, NULL }; 1636 QUIC_TSERVER *qtserv = NULL; 1637 int testresult = 0; 1638 uint64_t sid = 0; 1639 char *msg = "Hello world!"; 1640 size_t msglen = strlen(msg), written, readbytes, i, j; 1641 unsigned char buf[80]; 1642 int flags = QTEST_FLAG_NOISE | QTEST_FLAG_FAKE_TIME; 1643 QTEST_FAULT *fault = NULL; 1644 1645 if (idx == 1) 1646 flags |= QTEST_FLAG_PACKET_SPLIT; 1647 1648 if (!TEST_ptr(cctx) 1649 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert, 1650 privkey, flags, 1651 &qtserv, 1652 &clientquic, &fault, NULL))) 1653 goto err; 1654 1655 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic))) 1656 goto err; 1657 1658 if (!TEST_true(SSL_set_incoming_stream_policy(clientquic, 1659 SSL_INCOMING_STREAM_POLICY_ACCEPT, 1660 0)) 1661 || !TEST_true(SSL_set_default_stream_mode(clientquic, 1662 SSL_DEFAULT_STREAM_MODE_NONE))) 1663 goto err; 1664 1665 for (j = 0; j < 2; j++) { 1666 if (!TEST_true(ossl_quic_tserver_stream_new(qtserv, 0, &sid))) 1667 goto err; 1668 ossl_quic_tserver_tick(qtserv); 1669 qtest_add_time(1); 1670 1671 /* 1672 * Send data from the server to the client. Some datagrams may get 1673 * lost, modified, dropped or re-ordered. We repeat 20 times to ensure 1674 * we are sending enough datagrams for problems to be noticed. 1675 */ 1676 for (i = 0; i < 20; i++) { 1677 if (!TEST_true(ossl_quic_tserver_write(qtserv, sid, 1678 (unsigned char *)msg, msglen, 1679 &written)) 1680 || !TEST_size_t_eq(msglen, written)) 1681 goto err; 1682 ossl_quic_tserver_tick(qtserv); 1683 qtest_add_time(1); 1684 1685 /* 1686 * Since the underlying BIO is now noisy we may get failures that 1687 * need to be retried - so we use unreliable_client_read() to 1688 * handle that 1689 */ 1690 if (!TEST_true(unreliable_client_read(clientquic, &stream[j], buf, 1691 sizeof(buf), &readbytes, 1692 qtserv)) 1693 || !TEST_mem_eq(msg, msglen, buf, readbytes)) 1694 goto err; 1695 } 1696 1697 /* Send data from the client to the server */ 1698 for (i = 0; i < 20; i++) { 1699 if (!TEST_true(SSL_write_ex(stream[j], (unsigned char *)msg, 1700 msglen, &written)) 1701 || !TEST_size_t_eq(msglen, written)) 1702 goto err; 1703 1704 ossl_quic_tserver_tick(qtserv); 1705 qtest_add_time(1); 1706 1707 /* 1708 * Since the underlying BIO is now noisy we may get failures that 1709 * need to be retried - so we use unreliable_server_read() to 1710 * handle that 1711 */ 1712 if (!TEST_true(unreliable_server_read(qtserv, sid, buf, sizeof(buf), 1713 &readbytes, clientquic)) 1714 || !TEST_mem_eq(msg, msglen, buf, readbytes)) 1715 goto err; 1716 } 1717 } 1718 1719 testresult = 1; 1720 err: 1721 ossl_quic_tserver_free(qtserv); 1722 SSL_free(stream[0]); 1723 SSL_free(stream[1]); 1724 SSL_free(clientquic); 1725 SSL_CTX_free(cctx); 1726 qtest_fault_free(fault); 1727 1728 return testresult; 1729 } 1730 1731 /* 1732 * Create a connection and send some big data using a transport with limited bandwidth. 1733 */ 1734 1735 #define TEST_TRANSFER_DATA_SIZE (2*1024*1024) /* 2 MBytes */ 1736 #define TEST_SINGLE_WRITE_SIZE (16*1024) /* 16 kBytes */ 1737 #define TEST_BW_LIMIT 1000 /* 1000 Bytes/ms */ 1738 static int test_bw_limit(void) 1739 { 1740 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); 1741 SSL *clientquic = NULL; 1742 QUIC_TSERVER *qtserv = NULL; 1743 int testresult = 0; 1744 unsigned char *msg = NULL, *recvbuf = NULL; 1745 size_t sendlen = TEST_TRANSFER_DATA_SIZE; 1746 size_t recvlen = TEST_TRANSFER_DATA_SIZE; 1747 size_t written, readbytes; 1748 int flags = QTEST_FLAG_NOISE | QTEST_FLAG_FAKE_TIME; 1749 QTEST_FAULT *fault = NULL; 1750 uint64_t real_bw; 1751 1752 if (!TEST_ptr(cctx) 1753 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert, 1754 privkey, flags, 1755 &qtserv, 1756 &clientquic, &fault, NULL))) 1757 goto err; 1758 1759 if (!TEST_ptr(msg = OPENSSL_zalloc(TEST_SINGLE_WRITE_SIZE)) 1760 || !TEST_ptr(recvbuf = OPENSSL_zalloc(TEST_SINGLE_WRITE_SIZE))) 1761 goto err; 1762 1763 /* Set BW to 1000 Bytes/ms -> 1MByte/s both ways */ 1764 if (!TEST_true(qtest_fault_set_bw_limit(fault, 1000, 1000, 0))) 1765 goto err; 1766 1767 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic))) 1768 goto err; 1769 1770 qtest_start_stopwatch(); 1771 1772 while (recvlen > 0) { 1773 qtest_add_time(1); 1774 1775 if (sendlen > 0) { 1776 if (!SSL_write_ex(clientquic, msg, 1777 sendlen > TEST_SINGLE_WRITE_SIZE ? TEST_SINGLE_WRITE_SIZE 1778 : sendlen, 1779 &written)) { 1780 TEST_info("Retrying to send: %llu", (unsigned long long) sendlen); 1781 if (!TEST_int_eq(SSL_get_error(clientquic, 0), SSL_ERROR_WANT_WRITE)) 1782 goto err; 1783 } else { 1784 sendlen -= written; 1785 TEST_info("Remaining to send: %llu", (unsigned long long) sendlen); 1786 } 1787 } else { 1788 SSL_handle_events(clientquic); 1789 } 1790 1791 if (ossl_quic_tserver_read(qtserv, 0, recvbuf, 1792 recvlen > TEST_SINGLE_WRITE_SIZE ? TEST_SINGLE_WRITE_SIZE 1793 : recvlen, 1794 &readbytes) 1795 && readbytes > 1) { 1796 recvlen -= readbytes; 1797 TEST_info("Remaining to recv: %llu", (unsigned long long) recvlen); 1798 } else { 1799 TEST_info("No progress on recv: %llu", (unsigned long long) recvlen); 1800 } 1801 ossl_quic_tserver_tick(qtserv); 1802 } 1803 real_bw = TEST_TRANSFER_DATA_SIZE / qtest_get_stopwatch_time(); 1804 1805 TEST_info("BW limit: %d Bytes/ms Real bandwidth reached: %llu Bytes/ms", 1806 TEST_BW_LIMIT, (unsigned long long)real_bw); 1807 1808 if (!TEST_uint64_t_lt(real_bw, TEST_BW_LIMIT)) 1809 goto err; 1810 1811 testresult = 1; 1812 err: 1813 OPENSSL_free(msg); 1814 OPENSSL_free(recvbuf); 1815 ossl_quic_tserver_free(qtserv); 1816 SSL_free(clientquic); 1817 SSL_CTX_free(cctx); 1818 qtest_fault_free(fault); 1819 1820 return testresult; 1821 } 1822 1823 enum { 1824 TPARAM_OP_DUP, 1825 TPARAM_OP_DROP, 1826 TPARAM_OP_INJECT, 1827 TPARAM_OP_INJECT_TWICE, 1828 TPARAM_OP_INJECT_RAW, 1829 TPARAM_OP_DROP_INJECT, 1830 TPARAM_OP_MUTATE 1831 }; 1832 1833 #define TPARAM_CHECK_DUP(name, reason) \ 1834 { QUIC_TPARAM_##name, TPARAM_OP_DUP, (reason) }, 1835 #define TPARAM_CHECK_DROP(name, reason) \ 1836 { QUIC_TPARAM_##name, TPARAM_OP_DROP, (reason) }, 1837 #define TPARAM_CHECK_INJECT(name, buf, buf_len, reason) \ 1838 { QUIC_TPARAM_##name, TPARAM_OP_INJECT, (reason), \ 1839 (buf), (buf_len) }, 1840 #define TPARAM_CHECK_INJECT_A(name, buf, reason) \ 1841 TPARAM_CHECK_INJECT(name, buf, sizeof(buf), reason) 1842 #define TPARAM_CHECK_DROP_INJECT(name, buf, buf_len, reason) \ 1843 { QUIC_TPARAM_##name, TPARAM_OP_DROP_INJECT, (reason), \ 1844 (buf), (buf_len) }, 1845 #define TPARAM_CHECK_DROP_INJECT_A(name, buf, reason) \ 1846 TPARAM_CHECK_DROP_INJECT(name, buf, sizeof(buf), reason) 1847 #define TPARAM_CHECK_INJECT_TWICE(name, buf, buf_len, reason) \ 1848 { QUIC_TPARAM_##name, TPARAM_OP_INJECT_TWICE, (reason), \ 1849 (buf), (buf_len) }, 1850 #define TPARAM_CHECK_INJECT_TWICE_A(name, buf, reason) \ 1851 TPARAM_CHECK_INJECT_TWICE(name, buf, sizeof(buf), reason) 1852 #define TPARAM_CHECK_INJECT_RAW(buf, buf_len, reason) \ 1853 { 0, TPARAM_OP_INJECT_RAW, (reason), \ 1854 (buf), (buf_len) }, 1855 #define TPARAM_CHECK_INJECT_RAW_A(buf, reason) \ 1856 TPARAM_CHECK_INJECT_RAW(buf, sizeof(buf), reason) 1857 #define TPARAM_CHECK_MUTATE(name, reason) \ 1858 { QUIC_TPARAM_##name, TPARAM_OP_MUTATE, (reason) }, 1859 #define TPARAM_CHECK_INT(name, reason) \ 1860 TPARAM_CHECK_DROP_INJECT(name, NULL, 0, reason) \ 1861 TPARAM_CHECK_DROP_INJECT_A(name, bogus_int, reason) \ 1862 TPARAM_CHECK_DROP_INJECT_A(name, int_with_trailer, reason) 1863 1864 struct tparam_test { 1865 uint64_t id; 1866 int op; 1867 const char *expect_fail; /* substring to expect in reason */ 1868 const void *buf; 1869 size_t buf_len; 1870 }; 1871 1872 1873 static const unsigned char disable_active_migration_1[] = { 1874 0x00 1875 }; 1876 1877 static const unsigned char malformed_stateless_reset_token_1[] = { 1878 0x02, 0xff 1879 }; 1880 1881 static const unsigned char malformed_stateless_reset_token_2[] = { 1882 0x01 1883 }; 1884 1885 static const unsigned char malformed_stateless_reset_token_3[15] = { 0 }; 1886 1887 static const unsigned char malformed_stateless_reset_token_4[17] = { 0 }; 1888 1889 static const unsigned char malformed_preferred_addr_1[] = { 1890 0x0d, 0xff 1891 }; 1892 1893 static const unsigned char malformed_preferred_addr_2[42] = { 1894 0x0d, 0x28, /* too short */ 1895 }; 1896 1897 static const unsigned char malformed_preferred_addr_3[64] = { 1898 0x0d, 0x3e, /* too long */ 1899 }; 1900 1901 static const unsigned char malformed_preferred_addr_4[] = { 1902 /* TPARAM too short for CID length indicated */ 1903 0x0d, 0x29, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1904 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1905 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1906 0x00, 0x00, 0x01, 0x55, 1907 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1908 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1909 }; 1910 1911 static const unsigned char malformed_unknown_1[] = { 1912 0xff 1913 }; 1914 1915 static const unsigned char malformed_unknown_2[] = { 1916 0x55, 0x55, 1917 }; 1918 1919 static const unsigned char malformed_unknown_3[] = { 1920 0x55, 0x55, 0x01, 1921 }; 1922 1923 static const unsigned char ack_delay_exp[] = { 1924 0x03 1925 }; 1926 1927 static const unsigned char stateless_reset_token[16] = { 0x42 }; 1928 1929 static const unsigned char preferred_addr[] = { 1930 0x44, 0x44, 0x44, 0x44, 1931 0x55, 0x55, 1932 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 1933 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 1934 0x77, 0x77, 1935 0x02, 0xAA, 0xBB, 1936 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 1937 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 1938 }; 1939 1940 static const unsigned char long_cid[21] = { 0x42 }; 1941 1942 static const unsigned char excess_ack_delay_exp[] = { 1943 0x15, 1944 }; 1945 1946 static const unsigned char excess_max_ack_delay[] = { 1947 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 1948 }; 1949 1950 static const unsigned char excess_initial_max_streams[] = { 1951 0xD0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 1952 }; 1953 1954 static const unsigned char undersize_udp_payload_size[] = { 1955 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0xaf, 1956 }; 1957 1958 static const unsigned char undersize_active_conn_id_limit[] = { 1959 0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 1960 }; 1961 1962 static const unsigned char bogus_int[9] = { 0 }; 1963 1964 static const unsigned char int_with_trailer[2] = { 0x01 }; 1965 1966 #define QUIC_TPARAM_UNKNOWN_1 0xf1f1 1967 1968 static const struct tparam_test tparam_tests[] = { 1969 TPARAM_CHECK_DUP(ORIG_DCID, 1970 "ORIG_DCID appears multiple times") 1971 TPARAM_CHECK_DUP(INITIAL_SCID, 1972 "INITIAL_SCID appears multiple times") 1973 TPARAM_CHECK_DUP(INITIAL_MAX_DATA, 1974 "INITIAL_MAX_DATA appears multiple times") 1975 TPARAM_CHECK_DUP(INITIAL_MAX_STREAM_DATA_BIDI_LOCAL, 1976 "INITIAL_MAX_STREAM_DATA_BIDI_LOCAL appears multiple times") 1977 TPARAM_CHECK_DUP(INITIAL_MAX_STREAM_DATA_BIDI_REMOTE, 1978 "INITIAL_MAX_STREAM_DATA_BIDI_REMOTE appears multiple times") 1979 TPARAM_CHECK_DUP(INITIAL_MAX_STREAM_DATA_UNI, 1980 "INITIAL_MAX_STREAM_DATA_UNI appears multiple times") 1981 TPARAM_CHECK_DUP(INITIAL_MAX_STREAMS_BIDI, 1982 "INITIAL_MAX_STREAMS_BIDI appears multiple times") 1983 TPARAM_CHECK_DUP(INITIAL_MAX_STREAMS_UNI, 1984 "INITIAL_MAX_STREAMS_UNI appears multiple times") 1985 TPARAM_CHECK_DUP(MAX_IDLE_TIMEOUT, 1986 "MAX_IDLE_TIMEOUT appears multiple times") 1987 TPARAM_CHECK_DUP(MAX_UDP_PAYLOAD_SIZE, 1988 "MAX_UDP_PAYLOAD_SIZE appears multiple times") 1989 TPARAM_CHECK_DUP(ACTIVE_CONN_ID_LIMIT, 1990 "ACTIVE_CONN_ID_LIMIT appears multiple times") 1991 TPARAM_CHECK_DUP(DISABLE_ACTIVE_MIGRATION, 1992 "DISABLE_ACTIVE_MIGRATION appears multiple times") 1993 1994 TPARAM_CHECK_DROP(INITIAL_SCID, 1995 "INITIAL_SCID was not sent but is required") 1996 TPARAM_CHECK_DROP(ORIG_DCID, 1997 "ORIG_DCID was not sent but is required") 1998 1999 TPARAM_CHECK_DROP_INJECT_A(DISABLE_ACTIVE_MIGRATION, disable_active_migration_1, 2000 "DISABLE_ACTIVE_MIGRATION is malformed") 2001 TPARAM_CHECK_INJECT(UNKNOWN_1, NULL, 0, 2002 NULL) 2003 TPARAM_CHECK_INJECT_RAW_A(malformed_stateless_reset_token_1, 2004 "STATELESS_RESET_TOKEN is malformed") 2005 TPARAM_CHECK_INJECT_A(STATELESS_RESET_TOKEN, 2006 malformed_stateless_reset_token_2, 2007 "STATELESS_RESET_TOKEN is malformed") 2008 TPARAM_CHECK_INJECT_A(STATELESS_RESET_TOKEN, 2009 malformed_stateless_reset_token_3, 2010 "STATELESS_RESET_TOKEN is malformed") 2011 TPARAM_CHECK_INJECT_A(STATELESS_RESET_TOKEN, 2012 malformed_stateless_reset_token_4, 2013 "STATELESS_RESET_TOKEN is malformed") 2014 TPARAM_CHECK_INJECT(STATELESS_RESET_TOKEN, 2015 NULL, 0, 2016 "STATELESS_RESET_TOKEN is malformed") 2017 TPARAM_CHECK_INJECT_RAW_A(malformed_preferred_addr_1, 2018 "PREFERRED_ADDR is malformed") 2019 TPARAM_CHECK_INJECT_RAW_A(malformed_preferred_addr_2, 2020 "PREFERRED_ADDR is malformed") 2021 TPARAM_CHECK_INJECT_RAW_A(malformed_preferred_addr_3, 2022 "PREFERRED_ADDR is malformed") 2023 TPARAM_CHECK_INJECT_RAW_A(malformed_preferred_addr_4, 2024 "PREFERRED_ADDR is malformed") 2025 TPARAM_CHECK_INJECT_RAW_A(malformed_unknown_1, 2026 "bad transport parameter") 2027 TPARAM_CHECK_INJECT_RAW_A(malformed_unknown_2, 2028 "bad transport parameter") 2029 TPARAM_CHECK_INJECT_RAW_A(malformed_unknown_3, 2030 "bad transport parameter") 2031 2032 TPARAM_CHECK_INJECT_A(ACK_DELAY_EXP, excess_ack_delay_exp, 2033 "ACK_DELAY_EXP is malformed") 2034 TPARAM_CHECK_INJECT_A(MAX_ACK_DELAY, excess_max_ack_delay, 2035 "MAX_ACK_DELAY is malformed") 2036 TPARAM_CHECK_DROP_INJECT_A(INITIAL_MAX_STREAMS_BIDI, excess_initial_max_streams, 2037 "INITIAL_MAX_STREAMS_BIDI is malformed") 2038 TPARAM_CHECK_DROP_INJECT_A(INITIAL_MAX_STREAMS_UNI, excess_initial_max_streams, 2039 "INITIAL_MAX_STREAMS_UNI is malformed") 2040 2041 TPARAM_CHECK_DROP_INJECT_A(MAX_UDP_PAYLOAD_SIZE, undersize_udp_payload_size, 2042 "MAX_UDP_PAYLOAD_SIZE is malformed") 2043 TPARAM_CHECK_DROP_INJECT_A(ACTIVE_CONN_ID_LIMIT, undersize_active_conn_id_limit, 2044 "ACTIVE_CONN_ID_LIMIT is malformed") 2045 2046 TPARAM_CHECK_INJECT_TWICE_A(ACK_DELAY_EXP, ack_delay_exp, 2047 "ACK_DELAY_EXP appears multiple times") 2048 TPARAM_CHECK_INJECT_TWICE_A(MAX_ACK_DELAY, ack_delay_exp, 2049 "MAX_ACK_DELAY appears multiple times") 2050 TPARAM_CHECK_INJECT_TWICE_A(STATELESS_RESET_TOKEN, stateless_reset_token, 2051 "STATELESS_RESET_TOKEN appears multiple times") 2052 TPARAM_CHECK_INJECT_TWICE_A(PREFERRED_ADDR, preferred_addr, 2053 "PREFERRED_ADDR appears multiple times") 2054 2055 TPARAM_CHECK_MUTATE(ORIG_DCID, 2056 "ORIG_DCID does not match expected value") 2057 TPARAM_CHECK_MUTATE(INITIAL_SCID, 2058 "INITIAL_SCID does not match expected value") 2059 2060 TPARAM_CHECK_DROP_INJECT_A(ORIG_DCID, long_cid, 2061 "ORIG_DCID is malformed") 2062 TPARAM_CHECK_DROP_INJECT_A(INITIAL_SCID, long_cid, 2063 "INITIAL_SCID is malformed") 2064 2065 TPARAM_CHECK_INT(INITIAL_MAX_DATA, 2066 "INITIAL_MAX_DATA is malformed") 2067 TPARAM_CHECK_INT(INITIAL_MAX_STREAM_DATA_BIDI_LOCAL, 2068 "INITIAL_MAX_STREAM_DATA_BIDI_LOCAL is malformed") 2069 TPARAM_CHECK_INT(INITIAL_MAX_STREAM_DATA_BIDI_REMOTE, 2070 "INITIAL_MAX_STREAM_DATA_BIDI_REMOTE is malformed") 2071 TPARAM_CHECK_INT(INITIAL_MAX_STREAM_DATA_UNI, 2072 "INITIAL_MAX_STREAM_DATA_UNI is malformed") 2073 TPARAM_CHECK_INT(ACK_DELAY_EXP, 2074 "ACK_DELAY_EXP is malformed") 2075 TPARAM_CHECK_INT(MAX_ACK_DELAY, 2076 "MAX_ACK_DELAY is malformed") 2077 TPARAM_CHECK_INT(INITIAL_MAX_STREAMS_BIDI, 2078 "INITIAL_MAX_STREAMS_BIDI is malformed") 2079 TPARAM_CHECK_INT(INITIAL_MAX_STREAMS_UNI, 2080 "INITIAL_MAX_STREAMS_UNI is malformed") 2081 TPARAM_CHECK_INT(MAX_IDLE_TIMEOUT, 2082 "MAX_IDLE_TIMEOUT is malformed") 2083 TPARAM_CHECK_INT(MAX_UDP_PAYLOAD_SIZE, 2084 "MAX_UDP_PAYLOAD_SIZE is malformed") 2085 TPARAM_CHECK_INT(ACTIVE_CONN_ID_LIMIT, 2086 "ACTIVE_CONN_ID_LIMIT is malformed") 2087 }; 2088 2089 struct tparam_ctx { 2090 const struct tparam_test *t; 2091 }; 2092 2093 static int tparam_handle(struct tparam_ctx *ctx, 2094 uint64_t id, unsigned char *data, 2095 size_t data_len, 2096 WPACKET *wpkt) 2097 { 2098 const struct tparam_test *t = ctx->t; 2099 2100 switch (t->op) { 2101 case TPARAM_OP_DUP: 2102 if (!TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(wpkt, id, 2103 data, data_len))) 2104 return 0; 2105 2106 /* 2107 * If this is the matching ID, write it again, duplicating the TPARAM. 2108 */ 2109 if (id == t->id 2110 && !TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(wpkt, id, 2111 data, data_len))) 2112 return 0; 2113 2114 return 1; 2115 2116 case TPARAM_OP_DROP: 2117 case TPARAM_OP_DROP_INJECT: 2118 /* Pass through unless ID matches. */ 2119 if (id != t->id 2120 && !TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(wpkt, id, 2121 data, data_len))) 2122 return 0; 2123 2124 return 1; 2125 2126 case TPARAM_OP_INJECT: 2127 case TPARAM_OP_INJECT_TWICE: 2128 case TPARAM_OP_INJECT_RAW: 2129 /* Always pass through. */ 2130 if (!TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(wpkt, id, 2131 data, data_len))) 2132 return 0; 2133 2134 return 1; 2135 2136 case TPARAM_OP_MUTATE: 2137 if (id == t->id) { 2138 if (!TEST_size_t_gt(data_len, 0)) 2139 return 0; 2140 2141 data[0] ^= 1; 2142 } 2143 2144 if (!TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(wpkt, id, 2145 data, data_len))) 2146 return 0; 2147 2148 if (id == t->id) 2149 data[0] ^= 1; 2150 2151 return 1; 2152 2153 default: 2154 return 0; 2155 } 2156 } 2157 2158 static int tparam_on_enc_ext(QTEST_FAULT *qtf, QTEST_ENCRYPTED_EXTENSIONS *ee, 2159 size_t ee_len, void *arg) 2160 { 2161 int rc = 0; 2162 struct tparam_ctx *ctx = arg; 2163 PACKET pkt = {0}; 2164 WPACKET wpkt; 2165 int have_wpkt = 0; 2166 BUF_MEM *old_bufm = NULL, *new_bufm = NULL; 2167 unsigned char *tp_p; 2168 size_t tp_len, written, old_len, eb_len; 2169 uint64_t id; 2170 2171 if (!TEST_ptr(old_bufm = BUF_MEM_new())) 2172 goto err; 2173 2174 /* 2175 * Delete transport parameters TLS extension and capture the contents of the 2176 * extension which was removed. 2177 */ 2178 if (!TEST_true(qtest_fault_delete_extension(qtf, TLSEXT_TYPE_quic_transport_parameters, 2179 ee->extensions, &ee->extensionslen, 2180 old_bufm))) 2181 goto err; 2182 2183 if (!TEST_true(PACKET_buf_init(&pkt, (unsigned char *)old_bufm->data, old_bufm->length)) 2184 || !TEST_ptr(new_bufm = BUF_MEM_new()) 2185 || !TEST_true(WPACKET_init(&wpkt, new_bufm))) 2186 goto err; 2187 2188 have_wpkt = 1; 2189 2190 /* 2191 * Open transport parameters TLS extension: 2192 * 2193 * u16 Extension ID (quic_transport_parameters) 2194 * u16 Extension Data Length 2195 * ... Extension Data 2196 * 2197 */ 2198 if (!TEST_true(WPACKET_put_bytes_u16(&wpkt, 2199 TLSEXT_TYPE_quic_transport_parameters)) 2200 || !TEST_true(WPACKET_start_sub_packet_u16(&wpkt))) 2201 goto err; 2202 2203 for (; PACKET_remaining(&pkt) > 0; ) { 2204 tp_p = (unsigned char *)ossl_quic_wire_decode_transport_param_bytes(&pkt, 2205 &id, 2206 &tp_len); 2207 if (!TEST_ptr(tp_p)) { 2208 TEST_mem_eq(PACKET_data(&pkt), PACKET_remaining(&pkt), NULL, 0); 2209 goto err; 2210 } 2211 2212 if (!TEST_true(tparam_handle(ctx, id, tp_p, tp_len, &wpkt))) 2213 goto err; 2214 } 2215 2216 if (ctx->t->op == TPARAM_OP_INJECT || ctx->t->op == TPARAM_OP_DROP_INJECT 2217 || ctx->t->op == TPARAM_OP_INJECT_TWICE) { 2218 if (!TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(&wpkt, ctx->t->id, 2219 ctx->t->buf, 2220 ctx->t->buf_len))) 2221 goto err; 2222 2223 if (ctx->t->op == TPARAM_OP_INJECT_TWICE 2224 && !TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(&wpkt, ctx->t->id, 2225 ctx->t->buf, 2226 ctx->t->buf_len))) 2227 goto err; 2228 } else if (ctx->t->op == TPARAM_OP_INJECT_RAW) { 2229 if (!TEST_true(WPACKET_memcpy(&wpkt, ctx->t->buf, ctx->t->buf_len))) 2230 goto err; 2231 } 2232 2233 if (!TEST_true(WPACKET_close(&wpkt))) /* end extension data, set length */ 2234 goto err; 2235 2236 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written))) 2237 goto err; 2238 2239 WPACKET_finish(&wpkt); 2240 have_wpkt = 0; 2241 2242 /* 2243 * Append the constructed extension blob to the extension block. 2244 */ 2245 old_len = ee->extensionslen; 2246 2247 if (!qtest_fault_resize_message(qtf, ee->extensionslen + written)) 2248 goto err; 2249 2250 memcpy(ee->extensions + old_len, new_bufm->data, written); 2251 2252 /* Fixup the extension block header (u16 length of entire block). */ 2253 eb_len = (((uint16_t)ee->extensions[0]) << 8) + (uint16_t)ee->extensions[1]; 2254 eb_len += written; 2255 ee->extensions[0] = (unsigned char)((eb_len >> 8) & 0xFF); 2256 ee->extensions[1] = (unsigned char)( eb_len & 0xFF); 2257 2258 rc = 1; 2259 err: 2260 if (have_wpkt) 2261 WPACKET_cleanup(&wpkt); 2262 BUF_MEM_free(old_bufm); 2263 BUF_MEM_free(new_bufm); 2264 return rc; 2265 } 2266 2267 static int test_tparam(int idx) 2268 { 2269 int testresult = 0; 2270 SSL_CTX *c_ctx = NULL; 2271 SSL *c_ssl = NULL; 2272 QUIC_TSERVER *s = NULL; 2273 QTEST_FAULT *qtf = NULL; 2274 struct tparam_ctx ctx = {0}; 2275 2276 ctx.t = &tparam_tests[idx]; 2277 2278 if (!TEST_ptr(c_ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()))) 2279 goto err; 2280 2281 if (!TEST_true(qtest_create_quic_objects(libctx, c_ctx, NULL, cert, 2282 privkey, 0, &s, 2283 &c_ssl, &qtf, NULL))) 2284 goto err; 2285 2286 if (!TEST_true(qtest_fault_set_hand_enc_ext_listener(qtf, tparam_on_enc_ext, 2287 &ctx))) 2288 goto err; 2289 2290 if (!TEST_true(qtest_create_quic_connection_ex(s, c_ssl, 2291 ctx.t->expect_fail != NULL))) 2292 goto err; 2293 2294 if (ctx.t->expect_fail != NULL) { 2295 SSL_CONN_CLOSE_INFO info = {0}; 2296 2297 if (!TEST_true(SSL_get_conn_close_info(c_ssl, &info, sizeof(info)))) 2298 goto err; 2299 2300 if (!TEST_true((info.flags & SSL_CONN_CLOSE_FLAG_TRANSPORT) != 0) 2301 || !TEST_uint64_t_eq(info.error_code, OSSL_QUIC_ERR_TRANSPORT_PARAMETER_ERROR) 2302 || !TEST_ptr(strstr(info.reason, ctx.t->expect_fail))) { 2303 TEST_error("expected connection closure information mismatch" 2304 " during TPARAM test: flags=%llu ec=%llu reason='%s'", 2305 (unsigned long long)info.flags, 2306 (unsigned long long)info.error_code, 2307 info.reason); 2308 goto err; 2309 } 2310 } 2311 2312 testresult = 1; 2313 err: 2314 if (!testresult) { 2315 if (ctx.t->expect_fail != NULL) 2316 TEST_info("failed during test for id=%llu, op=%d, bl=%zu, " 2317 "expected failure='%s'", (unsigned long long)ctx.t->id, 2318 ctx.t->op, ctx.t->buf_len, ctx.t->expect_fail); 2319 else 2320 TEST_info("failed during test for id=%llu, op=%d, bl=%zu", 2321 (unsigned long long)ctx.t->id, ctx.t->op, ctx.t->buf_len); 2322 } 2323 2324 ossl_quic_tserver_free(s); 2325 SSL_free(c_ssl); 2326 SSL_CTX_free(c_ctx); 2327 qtest_fault_free(qtf); 2328 return testresult; 2329 } 2330 2331 static int new_called = 0; 2332 static SSL *cbssl = NULL; 2333 2334 static int new_session_cb(SSL *ssl, SSL_SESSION *sess) 2335 { 2336 new_called++; 2337 /* 2338 * Remember the SSL ref we were called with. No need to up-ref this. It 2339 * should remain valid for the duration of the test. 2340 */ 2341 cbssl = ssl; 2342 /* 2343 * sess has been up-refed for us, but we don't actually need it so free it 2344 * immediately. 2345 */ 2346 SSL_SESSION_free(sess); 2347 return 1; 2348 } 2349 2350 /* Test using a new_session_cb with a QUIC SSL object works as expected */ 2351 static int test_session_cb(void) 2352 { 2353 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); 2354 SSL *clientquic = NULL; 2355 QUIC_TSERVER *qtserv = NULL; 2356 int testresult = 0; 2357 2358 if (!TEST_ptr(cctx)) 2359 goto err; 2360 2361 new_called = 0; 2362 cbssl = NULL; 2363 SSL_CTX_sess_set_new_cb(cctx, new_session_cb); 2364 SSL_CTX_set_session_cache_mode(cctx, SSL_SESS_CACHE_CLIENT); 2365 2366 if (!TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert, 2367 privkey, 2368 QTEST_FLAG_FAKE_TIME, 2369 &qtserv, &clientquic, 2370 NULL, NULL))) 2371 goto err; 2372 2373 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic))) 2374 goto err; 2375 2376 /* Process the pending NewSessionTickets */ 2377 if (!TEST_true(SSL_handle_events(clientquic))) 2378 goto err; 2379 2380 if (!TEST_int_eq(SSL_shutdown(clientquic), 0)) 2381 goto err; 2382 2383 /* 2384 * Check the callback was called twice (we expect 2 tickets), and with the 2385 * correct SSL reference 2386 */ 2387 if (!TEST_int_eq(new_called, 2) 2388 || !TEST_ptr_eq(clientquic, cbssl)) 2389 goto err; 2390 2391 testresult = 1; 2392 err: 2393 cbssl = NULL; 2394 ossl_quic_tserver_free(qtserv); 2395 SSL_free(clientquic); 2396 SSL_CTX_free(cctx); 2397 2398 return testresult; 2399 } 2400 2401 static int test_domain_flags(void) 2402 { 2403 int testresult = 0; 2404 SSL_CTX *ctx = NULL; 2405 SSL *domain = NULL, *listener = NULL, *other_conn = NULL; 2406 uint64_t domain_flags = 0; 2407 2408 if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())) 2409 || !TEST_true(SSL_CTX_get_domain_flags(ctx, &domain_flags)) 2410 || !TEST_uint64_t_ne(domain_flags, 0) 2411 || !TEST_uint64_t_ne(domain_flags & (SSL_DOMAIN_FLAG_SINGLE_THREAD 2412 | SSL_DOMAIN_FLAG_MULTI_THREAD), 0) 2413 || !TEST_uint64_t_ne(domain_flags & SSL_DOMAIN_FLAG_LEGACY_BLOCKING, 0) 2414 || !TEST_true(SSL_CTX_set_domain_flags(ctx, SSL_DOMAIN_FLAG_SINGLE_THREAD)) 2415 || !TEST_true(SSL_CTX_get_domain_flags(ctx, &domain_flags)) 2416 || !TEST_uint64_t_eq(domain_flags, SSL_DOMAIN_FLAG_SINGLE_THREAD) 2417 || !TEST_ptr(domain = SSL_new_domain(ctx, 0)) 2418 || !TEST_true(SSL_get_domain_flags(domain, &domain_flags)) 2419 || !TEST_uint64_t_eq(domain_flags, SSL_DOMAIN_FLAG_SINGLE_THREAD) 2420 || !TEST_true(other_conn = SSL_new(ctx)) 2421 || !TEST_true(SSL_get_domain_flags(other_conn, &domain_flags)) 2422 || !TEST_uint64_t_eq(domain_flags, SSL_DOMAIN_FLAG_SINGLE_THREAD) 2423 || !TEST_true(SSL_is_domain(domain)) 2424 || !TEST_false(SSL_is_domain(other_conn)) 2425 || !TEST_ptr_eq(SSL_get0_domain(domain), domain) 2426 || !TEST_ptr_null(SSL_get0_domain(other_conn)) 2427 || !TEST_ptr(listener = SSL_new_listener_from(domain, 0)) 2428 || !TEST_true(SSL_is_listener(listener)) 2429 || !TEST_false(SSL_is_domain(listener)) 2430 || !TEST_ptr_eq(SSL_get0_domain(listener), domain) 2431 || !TEST_ptr_eq(SSL_get0_listener(listener), listener)) 2432 goto err; 2433 2434 testresult = 1; 2435 err: 2436 SSL_free(domain); 2437 SSL_free(listener); 2438 SSL_free(other_conn); 2439 SSL_CTX_free(ctx); 2440 return testresult; 2441 } 2442 2443 /* 2444 * Test that calling SSL_handle_events() early behaves as expected 2445 */ 2446 static int test_early_ticks(void) 2447 { 2448 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); 2449 SSL *clientquic = NULL; 2450 QUIC_TSERVER *qtserv = NULL; 2451 int testresult = 0; 2452 struct timeval tv; 2453 int inf = 0; 2454 2455 if (!TEST_ptr(cctx) 2456 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert, 2457 privkey, QTEST_FLAG_FAKE_TIME, 2458 &qtserv, 2459 &clientquic, NULL, NULL))) 2460 goto err; 2461 2462 if (!TEST_true(SSL_in_before(clientquic))) 2463 goto err; 2464 2465 if (!TEST_true(SSL_handle_events(clientquic))) 2466 goto err; 2467 2468 if (!TEST_true(SSL_get_event_timeout(clientquic, &tv, &inf)) 2469 || !TEST_true(inf)) 2470 goto err; 2471 2472 if (!TEST_false(SSL_has_pending(clientquic)) 2473 || !TEST_int_eq(SSL_pending(clientquic), 0)) 2474 goto err; 2475 2476 if (!TEST_true(SSL_in_before(clientquic))) 2477 goto err; 2478 2479 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic))) 2480 goto err; 2481 2482 if (!TEST_false(SSL_in_before(clientquic))) 2483 goto err; 2484 2485 testresult = 1; 2486 err: 2487 SSL_free(clientquic); 2488 SSL_CTX_free(cctx); 2489 ossl_quic_tserver_free(qtserv); 2490 return testresult; 2491 } 2492 2493 static int select_alpn(SSL *ssl, const unsigned char **out, 2494 unsigned char *out_len, const unsigned char *in, 2495 unsigned int in_len, void *arg) 2496 { 2497 static unsigned char alpn[] = { 8, 'o', 's', 's', 'l', 't', 'e', 's', 't' }; 2498 2499 if (SSL_select_next_proto((unsigned char **)out, out_len, alpn, sizeof(alpn), 2500 in, in_len) == OPENSSL_NPN_NEGOTIATED) 2501 return SSL_TLSEXT_ERR_OK; 2502 return SSL_TLSEXT_ERR_ALERT_FATAL; 2503 } 2504 2505 static SSL_CTX *create_client_ctx(void) 2506 { 2507 SSL_CTX *ssl_ctx; 2508 2509 if (!TEST_ptr(ssl_ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()))) { 2510 SSL_CTX_free(ssl_ctx); 2511 ssl_ctx = NULL; 2512 } 2513 2514 return ssl_ctx; 2515 } 2516 2517 static SSL_CTX *create_server_ctx(void) 2518 { 2519 SSL_CTX *ssl_ctx; 2520 2521 if (!TEST_ptr(ssl_ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_server_method())) 2522 || !TEST_true(SSL_CTX_use_certificate_file(ssl_ctx, cert, SSL_FILETYPE_PEM)) 2523 || !TEST_true(SSL_CTX_use_PrivateKey_file(ssl_ctx, privkey, SSL_FILETYPE_PEM))) { 2524 SSL_CTX_free(ssl_ctx); 2525 ssl_ctx = NULL; 2526 } else { 2527 SSL_CTX_set_alpn_select_cb(ssl_ctx, select_alpn, NULL); 2528 SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_NONE, NULL); 2529 } 2530 2531 return ssl_ctx; 2532 } 2533 2534 static BIO_ADDR *create_addr(struct in_addr *ina, short int port) 2535 { 2536 BIO_ADDR *addr = NULL; 2537 2538 if (!TEST_ptr(addr = BIO_ADDR_new())) 2539 return NULL; 2540 2541 if (!TEST_true(BIO_ADDR_rawmake(addr, AF_INET, ina, sizeof(struct in_addr), 2542 htons(port)))) { 2543 BIO_ADDR_free(addr); 2544 return NULL; 2545 } 2546 2547 return addr; 2548 } 2549 2550 static int bio_addr_bind(BIO *bio, BIO_ADDR *addr) 2551 { 2552 int bio_caps = BIO_DGRAM_CAP_HANDLES_DST_ADDR | BIO_DGRAM_CAP_HANDLES_SRC_ADDR; 2553 2554 if (!TEST_true(BIO_dgram_set_caps(bio, bio_caps))) 2555 return 0; 2556 2557 if (!TEST_int_eq(BIO_dgram_set0_local_addr(bio, addr), 1)) 2558 return 0; 2559 2560 return 1; 2561 } 2562 2563 static SSL *ql_create(SSL_CTX *ssl_ctx, BIO *bio) 2564 { 2565 SSL *qserver; 2566 2567 if (!TEST_ptr(qserver = SSL_new_listener(ssl_ctx, 0))) { 2568 BIO_free(bio); 2569 return NULL; 2570 } 2571 2572 SSL_set_bio(qserver, bio, bio); 2573 2574 if (!TEST_true(SSL_listen(qserver))) { 2575 SSL_free(qserver); 2576 return NULL; 2577 } 2578 2579 return qserver; 2580 } 2581 2582 static int qc_init(SSL *qconn, BIO_ADDR *dst_addr) 2583 { 2584 static unsigned char alpn[] = { 8, 'o', 's', 's', 'l', 't', 'e', 's', 't' }; 2585 2586 if (!TEST_true(SSL_set1_initial_peer_addr(qconn, dst_addr))) 2587 return 0; 2588 2589 if (!TEST_false(SSL_set_alpn_protos(qconn, alpn, sizeof(alpn)))) 2590 return 0; 2591 2592 return 1; 2593 } 2594 2595 static int test_ssl_new_from_listener(void) 2596 { 2597 SSL_CTX *lctx = NULL, *sctx = NULL; 2598 SSL *qlistener = NULL, *qserver = NULL, *qconn = 0; 2599 int testresult = 0; 2600 int chk; 2601 BIO *lbio = NULL, *sbio = NULL; 2602 BIO_ADDR *addr = NULL; 2603 struct in_addr ina; 2604 2605 ina.s_addr = htonl(0x1f000001); 2606 if (!TEST_ptr(lctx = create_server_ctx()) 2607 || !TEST_ptr(sctx = create_server_ctx()) 2608 || !TEST_true(BIO_new_bio_dgram_pair(&lbio, 0, &sbio, 0))) 2609 goto err; 2610 2611 if (!TEST_ptr(addr = create_addr(&ina, 8040))) 2612 goto err; 2613 2614 if (!TEST_true(bio_addr_bind(lbio, addr))) 2615 goto err; 2616 addr = NULL; 2617 2618 if (!TEST_ptr(addr = create_addr(&ina, 4080))) 2619 goto err; 2620 2621 if (!TEST_true(bio_addr_bind(sbio, addr))) 2622 goto err; 2623 addr = NULL; 2624 2625 qlistener = ql_create(lctx, lbio); 2626 lbio = NULL; 2627 if (!TEST_ptr(qlistener)) 2628 goto err; 2629 2630 qserver = ql_create(sctx, sbio); 2631 sbio = NULL; 2632 if (!TEST_ptr(qserver)) 2633 goto err; 2634 2635 if (!TEST_ptr(qconn = SSL_new_from_listener(qlistener, 0))) 2636 goto err; 2637 2638 if (!TEST_ptr(addr = create_addr(&ina, 4080))) 2639 goto err; 2640 2641 chk = qc_init(qconn, addr); 2642 if (!TEST_true(chk)) 2643 goto err; 2644 2645 while ((chk = SSL_do_handshake(qconn)) == -1) { 2646 SSL_handle_events(qserver); 2647 SSL_handle_events(qlistener); 2648 } 2649 2650 if (!TEST_int_gt(chk, 0)) { 2651 TEST_info("SSL_do_handshake() failed\n"); 2652 goto err; 2653 } 2654 2655 testresult = 1; 2656 err: 2657 SSL_free(qconn); 2658 SSL_free(qlistener); 2659 SSL_free(qserver); 2660 BIO_free(lbio); 2661 BIO_free(sbio); 2662 SSL_CTX_free(sctx); 2663 SSL_CTX_free(lctx); 2664 BIO_ADDR_free(addr); 2665 2666 return testresult; 2667 } 2668 2669 static int test_server_method_with_ssl_new(void) 2670 { 2671 SSL_CTX *ctx = NULL; 2672 SSL *ssl = NULL; 2673 int ret = 0; 2674 unsigned long err; 2675 2676 /* Create a new SSL_CTX using the QUIC server method */ 2677 ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_server_method()); 2678 if (!TEST_ptr(ctx)) 2679 goto end; 2680 2681 /* Try to create a new SSL object - this should fail */ 2682 ssl = SSL_new(ctx); 2683 2684 /* Check that SSL_new() returned NULL */ 2685 if (!TEST_ptr_null(ssl)) 2686 goto end; 2687 2688 /* Check for the expected error */ 2689 err = ERR_peek_error(); 2690 if (!TEST_true(ERR_GET_LIB(err) == ERR_LIB_SSL && 2691 ERR_GET_REASON(err) == ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED)) 2692 goto end; 2693 2694 ret = 1; 2695 2696 end: 2697 SSL_free(ssl); 2698 SSL_CTX_free(ctx); 2699 return ret; 2700 } 2701 2702 static int create_quic_ssl_objects(SSL_CTX *sctx, SSL_CTX *cctx, 2703 SSL **lssl, SSL **cssl) 2704 { 2705 BIO_ADDR *addr = NULL; 2706 struct in_addr ina; 2707 BIO *cbio = NULL, *sbio = NULL; 2708 int ret = 0; 2709 2710 *cssl = *lssl = NULL; 2711 ina.s_addr = htonl(0x1f000001); 2712 2713 if (!TEST_true(BIO_new_bio_dgram_pair(&cbio, 0, &sbio, 0))) 2714 goto err; 2715 2716 if (!TEST_ptr(addr = create_addr(&ina, 8040))) 2717 goto err; 2718 2719 if (!TEST_true(bio_addr_bind(sbio, addr))) 2720 goto err; 2721 addr = NULL; 2722 2723 *lssl = ql_create(sctx, sbio); 2724 sbio = NULL; 2725 if (!TEST_ptr(*lssl)) 2726 goto err; 2727 2728 if (!TEST_ptr(*cssl = SSL_new(cctx))) 2729 goto err; 2730 2731 if (!TEST_ptr(addr = create_addr(&ina, 8040))) 2732 goto err; 2733 if (!TEST_true(bio_addr_bind(cbio, addr))) 2734 goto err; 2735 2736 if (!TEST_true(qc_init(*cssl, addr))) { 2737 addr = NULL; 2738 goto err; 2739 } 2740 addr = NULL; 2741 SSL_set_bio(*cssl, cbio, cbio); 2742 cbio = NULL; 2743 2744 ret = 1; 2745 2746 err: 2747 if (!ret) { 2748 SSL_free(*cssl); 2749 SSL_free(*lssl); 2750 *cssl = *lssl = NULL; 2751 } 2752 BIO_free(cbio); 2753 BIO_free(sbio); 2754 BIO_ADDR_free(addr); 2755 2756 return ret; 2757 } 2758 2759 static int test_ssl_accept_connection(void) 2760 { 2761 SSL_CTX *cctx = NULL, *sctx = NULL; 2762 SSL *clientssl = NULL, *serverssl = NULL, *qlistener = NULL; 2763 int testresult = 0; 2764 int ret, i; 2765 2766 if (!TEST_ptr(sctx = create_server_ctx()) 2767 || !TEST_ptr(cctx = create_client_ctx())) 2768 goto err; 2769 2770 if (!create_quic_ssl_objects(sctx, cctx, &qlistener, &clientssl)) 2771 goto err; 2772 2773 /* Calling SSL_accept() on a listener is expected to fail */ 2774 ret = SSL_accept(qlistener); 2775 if (!TEST_int_le(ret, 0) 2776 || !TEST_int_eq(SSL_get_error(qlistener, ret), SSL_ERROR_SSL)) 2777 goto err; 2778 2779 /* Send ClientHello and server retry */ 2780 for (i = 0; i < 2; i++) { 2781 ret = SSL_connect(clientssl); 2782 if (!TEST_int_le(ret, 0) 2783 || !TEST_int_eq(SSL_get_error(clientssl, ret), SSL_ERROR_WANT_READ)) 2784 goto err; 2785 SSL_handle_events(qlistener); 2786 } 2787 2788 /* We expect a server SSL object which has not yet completed its handshake */ 2789 serverssl = SSL_accept_connection(qlistener, 0); 2790 if (!TEST_ptr(serverssl) || !TEST_false(SSL_is_init_finished(serverssl))) 2791 goto err; 2792 2793 /* Call SSL_accept() and SSL_connect() until we are connected */ 2794 if (!TEST_true(create_bare_ssl_connection(serverssl, clientssl, 2795 SSL_ERROR_NONE, 0, 0))) 2796 goto err; 2797 2798 testresult = 1; 2799 2800 err: 2801 SSL_free(serverssl); 2802 SSL_free(clientssl); 2803 SSL_free(qlistener); 2804 SSL_CTX_free(sctx); 2805 SSL_CTX_free(cctx); 2806 2807 return testresult; 2808 } 2809 2810 static SSL *quic_verify_ssl = NULL; 2811 2812 static int quic_verify_cb(int ok, X509_STORE_CTX *ctx) 2813 { 2814 SSL *cssl = (SSL *)X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); 2815 2816 /* Confirm we got the SSL object we were expecting */ 2817 return TEST_ptr_eq(cssl, quic_verify_ssl); 2818 } 2819 2820 static int test_ssl_set_verify(void) 2821 { 2822 SSL_CTX *cctx = NULL, *sctx = NULL; 2823 SSL *clientssl = NULL, *serverssl = NULL, *qlistener = NULL; 2824 int testresult = 0; 2825 int ret, i; 2826 2827 if (!TEST_ptr(sctx = create_server_ctx()) 2828 || !TEST_ptr(cctx = create_client_ctx())) 2829 goto err; 2830 2831 if (!create_quic_ssl_objects(sctx, cctx, &qlistener, &clientssl)) 2832 goto err; 2833 2834 quic_verify_ssl = clientssl; 2835 SSL_set_verify(clientssl, SSL_VERIFY_PEER, quic_verify_cb); 2836 2837 /* Send ClientHello and server retry */ 2838 for (i = 0; i < 2; i++) { 2839 ret = SSL_connect(clientssl); 2840 if (!TEST_int_le(ret, 0) 2841 || !TEST_int_eq(SSL_get_error(clientssl, ret), SSL_ERROR_WANT_READ)) 2842 goto err; 2843 SSL_handle_events(qlistener); 2844 } 2845 2846 /* We expect a server SSL object which has not yet completed its handshake */ 2847 serverssl = SSL_accept_connection(qlistener, 0); 2848 2849 /* Call SSL_accept() and SSL_connect() until we are connected */ 2850 if (!TEST_true(create_bare_ssl_connection(serverssl, clientssl, 2851 SSL_ERROR_NONE, 0, 0))) 2852 goto err; 2853 2854 testresult = 1; 2855 2856 err: 2857 SSL_free(serverssl); 2858 SSL_free(clientssl); 2859 SSL_free(qlistener); 2860 SSL_CTX_free(sctx); 2861 SSL_CTX_free(cctx); 2862 2863 return testresult; 2864 } 2865 2866 /* 2867 * When the server has a different primary group than the client, the server 2868 * should not fail on the client hello retry. 2869 */ 2870 static int test_client_hello_retry(void) 2871 { 2872 #if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECX) 2873 SSL_CTX *cctx = NULL, *sctx = NULL; 2874 SSL *clientssl = NULL, *serverssl = NULL, *qlistener = NULL; 2875 int testresult = 0, i = 0, ret = 0; 2876 2877 if (!TEST_ptr(sctx = create_server_ctx()) 2878 || !TEST_ptr(cctx = create_client_ctx())) 2879 goto err; 2880 /* 2881 * set the specific groups for the test 2882 */ 2883 if (!TEST_true(SSL_CTX_set1_groups_list(cctx, "secp384r1:secp256r1"))) 2884 goto err; 2885 if (!TEST_true(SSL_CTX_set1_groups_list(sctx, "secp256r1"))) 2886 goto err; 2887 2888 if (!create_quic_ssl_objects(sctx, cctx, &qlistener, &clientssl)) 2889 goto err; 2890 2891 /* Send ClientHello and server retry */ 2892 for (i = 0; i < 2; i++) { 2893 ret = SSL_connect(clientssl); 2894 if (!TEST_int_le(ret, 0) 2895 || !TEST_int_eq(SSL_get_error(clientssl, ret), SSL_ERROR_WANT_READ)) 2896 goto err; 2897 SSL_handle_events(qlistener); 2898 } 2899 2900 /* We expect a server SSL object which has not yet completed its handshake */ 2901 serverssl = SSL_accept_connection(qlistener, 0); 2902 2903 /* Call SSL_accept() and SSL_connect() until we are connected */ 2904 if (!TEST_true(create_bare_ssl_connection(serverssl, clientssl, 2905 SSL_ERROR_NONE, 0, 0))) 2906 goto err; 2907 2908 testresult = 1; 2909 2910 err: 2911 SSL_CTX_free(cctx); 2912 SSL_CTX_free(sctx); 2913 SSL_free(clientssl); 2914 SSL_free(serverssl); 2915 SSL_free(qlistener); 2916 2917 return testresult; 2918 #else 2919 return TEST_skip("EC(X) keys are not supported in this build"); 2920 #endif 2921 } 2922 /***********************************************************************************/ 2923 OPT_TEST_DECLARE_USAGE("provider config certsdir datadir\n") 2924 2925 int setup_tests(void) 2926 { 2927 char *modulename; 2928 char *configfile; 2929 2930 libctx = OSSL_LIB_CTX_new(); 2931 if (!TEST_ptr(libctx)) 2932 return 0; 2933 2934 defctxnull = OSSL_PROVIDER_load(NULL, "null"); 2935 2936 /* 2937 * Verify that the default and fips providers in the default libctx are not 2938 * available 2939 */ 2940 if (!TEST_false(OSSL_PROVIDER_available(NULL, "default")) 2941 || !TEST_false(OSSL_PROVIDER_available(NULL, "fips"))) 2942 goto err; 2943 2944 if (!test_skip_common_options()) { 2945 TEST_error("Error parsing test options\n"); 2946 goto err; 2947 } 2948 2949 if (!TEST_ptr(modulename = test_get_argument(0)) 2950 || !TEST_ptr(configfile = test_get_argument(1)) 2951 || !TEST_ptr(certsdir = test_get_argument(2)) 2952 || !TEST_ptr(datadir = test_get_argument(3))) 2953 goto err; 2954 2955 if (!TEST_true(OSSL_LIB_CTX_load_config(libctx, configfile))) 2956 goto err; 2957 2958 /* Check we have the expected provider available */ 2959 if (!TEST_true(OSSL_PROVIDER_available(libctx, modulename))) 2960 goto err; 2961 2962 /* Check the default provider is not available */ 2963 if (strcmp(modulename, "default") != 0 2964 && !TEST_false(OSSL_PROVIDER_available(libctx, "default"))) 2965 goto err; 2966 2967 if (strcmp(modulename, "fips") == 0) 2968 is_fips = 1; 2969 2970 cert = test_mk_file_path(certsdir, "servercert.pem"); 2971 if (cert == NULL) 2972 goto err; 2973 2974 ccert = test_mk_file_path(certsdir, "ee-client-chain.pem"); 2975 if (ccert == NULL) 2976 goto err; 2977 2978 cauthca = test_mk_file_path(certsdir, "root-cert.pem"); 2979 if (cauthca == NULL) 2980 goto err; 2981 2982 privkey = test_mk_file_path(certsdir, "serverkey.pem"); 2983 if (privkey == NULL) 2984 goto err; 2985 2986 cprivkey = test_mk_file_path(certsdir, "ee-key.pem"); 2987 if (privkey == NULL) 2988 goto err; 2989 2990 ADD_ALL_TESTS(test_quic_write_read, 3); 2991 ADD_TEST(test_fin_only_blocking); 2992 ADD_TEST(test_ciphersuites); 2993 ADD_TEST(test_cipher_find); 2994 ADD_TEST(test_version); 2995 #if defined(DO_SSL_TRACE_TEST) 2996 ADD_TEST(test_ssl_trace); 2997 #endif 2998 ADD_TEST(test_quic_forbidden_apis_ctx); 2999 ADD_TEST(test_quic_forbidden_apis); 3000 ADD_TEST(test_quic_forbidden_options); 3001 ADD_ALL_TESTS(test_quic_set_fd, 3); 3002 ADD_TEST(test_bio_ssl); 3003 ADD_TEST(test_back_pressure); 3004 ADD_TEST(test_multiple_dgrams); 3005 ADD_ALL_TESTS(test_non_io_retry, 2); 3006 ADD_TEST(test_quic_psk); 3007 ADD_ALL_TESTS(test_client_auth, 3); 3008 ADD_ALL_TESTS(test_alpn, 2); 3009 ADD_ALL_TESTS(test_noisy_dgram, 2); 3010 ADD_TEST(test_bw_limit); 3011 ADD_TEST(test_get_shutdown); 3012 ADD_ALL_TESTS(test_tparam, OSSL_NELEM(tparam_tests)); 3013 ADD_TEST(test_session_cb); 3014 ADD_TEST(test_domain_flags); 3015 ADD_TEST(test_early_ticks); 3016 ADD_TEST(test_ssl_new_from_listener); 3017 #ifndef OPENSSL_NO_SSL_TRACE 3018 ADD_TEST(test_new_token); 3019 #endif 3020 ADD_TEST(test_server_method_with_ssl_new); 3021 ADD_TEST(test_ssl_accept_connection); 3022 ADD_TEST(test_ssl_set_verify); 3023 ADD_TEST(test_client_hello_retry); 3024 return 1; 3025 err: 3026 cleanup_tests(); 3027 return 0; 3028 } 3029 3030 void cleanup_tests(void) 3031 { 3032 bio_f_noisy_dgram_filter_free(); 3033 bio_f_pkt_split_dgram_filter_free(); 3034 OPENSSL_free(cert); 3035 OPENSSL_free(privkey); 3036 OPENSSL_free(ccert); 3037 OPENSSL_free(cauthca); 3038 OPENSSL_free(cprivkey); 3039 OSSL_PROVIDER_unload(defctxnull); 3040 OSSL_LIB_CTX_free(libctx); 3041 } 3042