quicapitest.c

Last change on this file was 109052, checked in by vboxsync, 5 weeks ago
openssl-3.4.1: Applied our changes, regenerated files, added missing files and functions. This time with a three way merge. bugref:10890
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 75.0 KB

Line
1	/*
2	* Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the Apache License 2.0 (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	#include <stdio.h>
11	#include <string.h>
12
13	#include <openssl/opensslconf.h>
14	#include <openssl/quic.h>
15	#include <openssl/rand.h>
16
17	#include "helpers/ssltestlib.h"
18	#include "helpers/quictestlib.h"
19	#include "testutil.h"
20	#include "testutil/output.h"
21	#include "../ssl/ssl_local.h"
22	#include "internal/quic_error.h"
23
24	static OSSL_LIB_CTX *libctx = NULL;
25	static OSSL_PROVIDER *defctxnull = NULL;
26	static char *certsdir = NULL;
27	static char *cert = NULL;
28	static char *ccert = NULL;
29	static char *cauthca = NULL;
30	static char *privkey = NULL;
31	static char *cprivkey = NULL;
32	static char *datadir = NULL;
33
34	static int is_fips = 0;
35
36	/* The ssltrace test assumes some options are switched on/off */
37	#if !defined(OPENSSL_NO_SSL_TRACE) \
38	&& defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) \
39	&& !defined(OPENSSL_NO_ECX) && !defined(OPENSSL_NO_DH)
40	# define DO_SSL_TRACE_TEST
41	#endif
42
43	/*
44	* Test that we read what we've written.
45	* Test 0: Non-blocking
46	* Test 1: Blocking
47	* Test 2: Blocking, introduce socket error, test error handling.
48	*/
49	static int test_quic_write_read(int idx)
50	{
51	SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
52	SSL_CTX *sctx = NULL;
53	SSL *clientquic = NULL;
54	QUIC_TSERVER *qtserv = NULL;
55	int j, k, ret = 0;
56	unsigned char buf[20], scratch[64];
57	static char *msg = "A test message";
58	size_t msglen = strlen(msg);
59	size_t numbytes = 0;
60	int ssock = 0, csock = 0;
61	uint64_t sid = UINT64_MAX;
62	SSL_SESSION *sess = NULL;
63
64	if (idx >= 1 && !qtest_supports_blocking())
65	return TEST_skip("Blocking tests not supported in this build");
66
67	for (k = 0; k < 2; k++) {
68	if (!TEST_ptr(cctx)
69	\|\| !TEST_true(qtest_create_quic_objects(libctx, cctx, sctx,
70	cert, privkey,
71	idx >= 1
72	? QTEST_FLAG_BLOCK
73	: 0,
74	&qtserv, &clientquic,
75	NULL, NULL))
76	\|\| !TEST_true(SSL_set_tlsext_host_name(clientquic, "localhost")))
77	goto end;
78
79	if (sess != NULL && !TEST_true(SSL_set_session(clientquic, sess)))
80	goto end;
81
82	if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
83	goto end;
84
85	if (idx >= 1) {
86	if (!TEST_true(BIO_get_fd(ossl_quic_tserver_get0_rbio(qtserv),
87	&ssock)))
88	goto end;
89	if (!TEST_int_gt(csock = SSL_get_rfd(clientquic), 0))
90	goto end;
91	}
92
93	sid = 0; /* client-initiated bidirectional stream */
94
95	for (j = 0; j < 2; j++) {
96	/* Check that sending and receiving app data is ok */
97	if (!TEST_true(SSL_write_ex(clientquic, msg, msglen, &numbytes))
98	\|\| !TEST_size_t_eq(numbytes, msglen))
99	goto end;
100	if (idx >= 1) {
101	do {
102	if (!TEST_true(wait_until_sock_readable(ssock)))
103	goto end;
104
105	ossl_quic_tserver_tick(qtserv);
106
107	if (!TEST_true(ossl_quic_tserver_read(qtserv, sid, buf,
108	sizeof(buf),
109	&numbytes)))
110	goto end;
111	} while (numbytes == 0);
112
113	if (!TEST_mem_eq(buf, numbytes, msg, msglen))
114	goto end;
115	}
116
117	if (idx >= 2 && j > 0)
118	/* Introduce permanent socket error */
119	BIO_closesocket(csock);
120
121	ossl_quic_tserver_tick(qtserv);
122	if (!TEST_true(ossl_quic_tserver_write(qtserv, sid,
123	(unsigned char *)msg,
124	msglen, &numbytes)))
125	goto end;
126	ossl_quic_tserver_tick(qtserv);
127	SSL_handle_events(clientquic);
128
129	if (idx >= 2 && j > 0) {
130	if (!TEST_false(SSL_read_ex(clientquic, buf, 1, &numbytes))
131	\|\| !TEST_int_eq(SSL_get_error(clientquic, 0),
132	SSL_ERROR_SYSCALL)
133	\|\| !TEST_false(SSL_write_ex(clientquic, msg, msglen,
134	&numbytes))
135	\|\| !TEST_int_eq(SSL_get_error(clientquic, 0),
136	SSL_ERROR_SYSCALL))
137	goto end;
138	break;
139	}
140
141	/*
142	* In blocking mode the SSL_read_ex call will block until the socket
143	* is readable and has our data. In non-blocking mode we're doing
144	* everything in memory, so it should be immediately available
145	*/
146	if (!TEST_true(SSL_read_ex(clientquic, buf, 1, &numbytes))
147	\|\| !TEST_size_t_eq(numbytes, 1)
148	\|\| !TEST_true(SSL_has_pending(clientquic))
149	\|\| !TEST_int_eq(SSL_pending(clientquic), msglen - 1)
150	\|\| !TEST_true(SSL_read_ex(clientquic, buf + 1,
151	sizeof(buf) - 1, &numbytes))
152	\|\| !TEST_mem_eq(buf, numbytes + 1, msg, msglen))
153	goto end;
154	}
155
156	/* Test that exporters work. */
157	if (!TEST_true(SSL_export_keying_material(clientquic, scratch,
158	sizeof(scratch), "test", 4, (unsigned char *)"ctx", 3,
159	1)))
160	goto end;
161
162	if (sess == NULL) {
163	/* We didn't supply a session so we're not expecting resumption */
164	if (!TEST_false(SSL_session_reused(clientquic)))
165	goto end;
166	/* We should have a session ticket by now */
167	sess = SSL_get1_session(clientquic);
168	if (!TEST_ptr(sess))
169	goto end;
170	} else {
171	/* We supplied a session so we should have resumed */
172	if (!TEST_true(SSL_session_reused(clientquic)))
173	goto end;
174	}
175
176	if (!TEST_true(qtest_shutdown(qtserv, clientquic)))
177	goto end;
178
179	if (sctx == NULL) {
180	sctx = ossl_quic_tserver_get0_ssl_ctx(qtserv);
181	if (!TEST_true(SSL_CTX_up_ref(sctx))) {
182	sctx = NULL;
183	goto end;
184	}
185	}
186	ossl_quic_tserver_free(qtserv);
187	qtserv = NULL;
188	SSL_free(clientquic);
189	clientquic = NULL;
190
191	if (idx >= 2)
192	break;
193	}
194
195	ret = 1;
196
197	end:
198	SSL_SESSION_free(sess);
199	ossl_quic_tserver_free(qtserv);
200	SSL_free(clientquic);
201	SSL_CTX_free(cctx);
202	SSL_CTX_free(sctx);
203
204	return ret;
205	}
206
207	/*
208	* Test that sending FIN with no data to a client blocking in SSL_read_ex() will
209	* wake up the client.
210	*/
211	static int test_fin_only_blocking(void)
212	{
213	SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
214	SSL_CTX *sctx = NULL;
215	SSL *clientquic = NULL;
216	QUIC_TSERVER *qtserv = NULL;
217	const char *msg = "Hello World";
218	uint64_t sid;
219	size_t numbytes;
220	unsigned char buf[32];
221	int ret = 0;
222	OSSL_TIME timer, timediff;
223
224	if (!qtest_supports_blocking())
225	return TEST_skip("Blocking tests not supported in this build");
226
227	if (!TEST_ptr(cctx)
228	\|\| !TEST_true(qtest_create_quic_objects(libctx, cctx, sctx,
229	cert, privkey,
230	QTEST_FLAG_BLOCK,
231	&qtserv, &clientquic,
232	NULL, NULL))
233	\|\| !TEST_true(SSL_set_tlsext_host_name(clientquic, "localhost")))
234	goto end;
235
236	if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
237	goto end;
238
239	if (!TEST_true(ossl_quic_tserver_stream_new(qtserv, 0, &sid))
240	\|\| !TEST_true(ossl_quic_tserver_write(qtserv, sid,
241	(unsigned char *)msg,
242	strlen(msg), &numbytes))
243	\|\| !TEST_size_t_eq(strlen(msg), numbytes))
244	goto end;
245
246	ossl_quic_tserver_tick(qtserv);
247
248	if (!TEST_true(SSL_read_ex(clientquic, buf, sizeof(buf), &numbytes))
249	\|\| !TEST_mem_eq(msg, strlen(msg), buf, numbytes))
250
251
252	goto end;
253
254	if (!TEST_true(ossl_quic_tserver_conclude(qtserv, sid)))
255	goto end;
256
257	timer = ossl_time_now();
258	if (!TEST_false(SSL_read_ex(clientquic, buf, sizeof(buf), &numbytes)))
259	goto end;
260	timediff = ossl_time_subtract(ossl_time_now(), timer);
261
262	if (!TEST_int_eq(SSL_get_error(clientquic, 0), SSL_ERROR_ZERO_RETURN)
263	/*
264	* We expect the SSL_read_ex to not have blocked so this should
265	* be very fast. 20ms should be plenty.
266	*/
267	\|\| !TEST_uint64_t_le(ossl_time2ms(timediff), 20))
268	goto end;
269
270	if (!TEST_true(qtest_shutdown(qtserv, clientquic)))
271	goto end;
272
273	ret = 1;
274
275	end:
276	ossl_quic_tserver_free(qtserv);
277	SSL_free(clientquic);
278	SSL_CTX_free(cctx);
279	SSL_CTX_free(sctx);
280
281	return ret;
282	}
283
284	/* Test that a vanilla QUIC SSL object has the expected ciphersuites available */
285	static int test_ciphersuites(void)
286	{
287	SSL_CTX *ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
288	SSL *ssl = NULL;
289	int testresult = 0;
290	const STACK_OF(SSL_CIPHER) *ciphers = NULL;
291	const SSL_CIPHER *cipher;
292	/* We expect this exact list of ciphersuites by default */
293	int cipherids[] = {
294	TLS1_3_CK_AES_256_GCM_SHA384,
295	#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
296	TLS1_3_CK_CHACHA20_POLY1305_SHA256,
297	#endif
298	TLS1_3_CK_AES_128_GCM_SHA256
299	};
300	size_t i, j;
301
302	if (!TEST_ptr(ctx))
303	return 0;
304
305	/*
306	* Attempting to set TLSv1.2 ciphersuites should succeed, even though they
307	* aren't used in QUIC.
308	*/
309	if (!TEST_true(SSL_CTX_set_cipher_list(ctx, "DEFAULT")))
310	goto err;
311
312	ssl = SSL_new(ctx);
313	if (!TEST_ptr(ssl))
314	goto err;
315
316	if (!TEST_true(SSL_set_cipher_list(ssl, "DEFAULT")))
317	goto err;
318
319	ciphers = SSL_get_ciphers(ssl);
320
321	for (i = 0, j = 0; i < OSSL_NELEM(cipherids); i++) {
322	if (cipherids[i] == TLS1_3_CK_CHACHA20_POLY1305_SHA256 && is_fips)
323	continue;
324	cipher = sk_SSL_CIPHER_value(ciphers, j++);
325	if (!TEST_ptr(cipher))
326	goto err;
327	if (!TEST_uint_eq(SSL_CIPHER_get_id(cipher), cipherids[i]))
328	goto err;
329	}
330
331	/* We should have checked all the ciphers in the stack */
332	if (!TEST_int_eq(sk_SSL_CIPHER_num(ciphers), j))
333	goto err;
334
335	testresult = 1;
336	err:
337	SSL_free(ssl);
338	SSL_CTX_free(ctx);
339
340	return testresult;
341	}
342
343	static int test_cipher_find(void)
344	{
345	SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
346	SSL *clientquic = NULL;
347	struct {
348	const unsigned char *cipherbytes;
349	int ok;
350	} testciphers[] = {
351	{ TLS13_AES_128_GCM_SHA256_BYTES, 1 },
352	{ TLS13_AES_256_GCM_SHA384_BYTES, 1 },
353	{ TLS13_CHACHA20_POLY1305_SHA256_BYTES, 1 },
354	{ TLS13_AES_128_CCM_SHA256_BYTES, 0 },
355	{ TLS13_AES_128_CCM_8_SHA256_BYTES, 0 },
356	#if !defined(OPENSSL_NO_INTEGRITY_ONLY_CIPHERS)
357	{ TLS13_SHA256_SHA256_BYTES, 0 },
358	{ TLS13_SHA384_SHA384_BYTES, 0 }
359	#endif
360	};
361	size_t i;
362	int testresult = 0;
363
364	if (!TEST_ptr(cctx))
365	goto err;
366
367	clientquic = SSL_new(cctx);
368	if (!TEST_ptr(clientquic))
369	goto err;
370
371	for (i = 0; i < OSSL_NELEM(testciphers); i++)
372	if (testciphers[i].ok) {
373	if (!TEST_ptr(SSL_CIPHER_find(clientquic,
374	testciphers[i].cipherbytes)))
375	goto err;
376	} else {
377	if (!TEST_ptr_null(SSL_CIPHER_find(clientquic,
378	testciphers[i].cipherbytes)))
379	goto err;
380	}
381
382	testresult = 1;
383	err:
384	SSL_free(clientquic);
385	SSL_CTX_free(cctx);
386
387	return testresult;
388	}
389
390	/*
391	* Test that SSL_version, SSL_get_version, SSL_is_quic, SSL_is_tls and
392	* SSL_is_dtls return the expected results for a QUIC connection. Compare with
393	* test_version() in sslapitest.c which does the same thing for TLS/DTLS
394	* connections.
395	*/
396	static int test_version(void)
397	{
398	SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
399	SSL *clientquic = NULL;
400	QUIC_TSERVER *qtserv = NULL;
401	int testresult = 0;
402
403	if (!TEST_ptr(cctx)
404	\|\| !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
405	privkey, 0, &qtserv,
406	&clientquic, NULL, NULL))
407	\|\| !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
408	goto err;
409
410	if (!TEST_int_eq(SSL_version(clientquic), OSSL_QUIC1_VERSION)
411	\|\| !TEST_str_eq(SSL_get_version(clientquic), "QUICv1"))
412	goto err;
413
414	if (!TEST_true(SSL_is_quic(clientquic))
415	\|\| !TEST_false(SSL_is_tls(clientquic))
416	\|\| !TEST_false(SSL_is_dtls(clientquic)))
417	goto err;
418
419
420	testresult = 1;
421	err:
422	ossl_quic_tserver_free(qtserv);
423	SSL_free(clientquic);
424	SSL_CTX_free(cctx);
425
426	return testresult;
427	}
428
429	#if defined(DO_SSL_TRACE_TEST)
430	static void strip_line_ends(char *str)
431	{
432	size_t i;
433
434	for (i = strlen(str);
435	i > 0 && (str[i - 1] == '\n' \|\| str[i - 1] == '\r');
436	i--);
437
438	str[i] = '\0';
439	}
440
441	static int compare_with_file(BIO *membio)
442	{
443	BIO file = NULL, newfile = NULL;
444	char buf1[512], buf2[512];
445	char *reffile;
446	int ret = 0;
447	size_t i;
448
449	#ifdef OPENSSL_NO_ZLIB
450	reffile = test_mk_file_path(datadir, "ssltraceref.txt");
451	#else
452	reffile = test_mk_file_path(datadir, "ssltraceref-zlib.txt");
453	#endif
454	if (!TEST_ptr(reffile))
455	goto err;
456
457	file = BIO_new_file(reffile, "rb");
458	if (!TEST_ptr(file))
459	goto err;
460
461	newfile = BIO_new_file("ssltraceref-new.txt", "wb");
462	if (!TEST_ptr(newfile))
463	goto err;
464
465	while (BIO_gets(membio, buf2, sizeof(buf2)) > 0)
466	if (BIO_puts(newfile, buf2) <= 0) {
467	TEST_error("Failed writing new file data");
468	goto err;
469	}
470
471	if (!TEST_int_ge(BIO_seek(membio, 0), 0))
472	goto err;
473
474	while (BIO_gets(file, buf1, sizeof(buf1)) > 0) {
475	if (BIO_gets(membio, buf2, sizeof(buf2)) <= 0) {
476	TEST_error("Failed reading mem data");
477	goto err;
478	}
479	strip_line_ends(buf1);
480	strip_line_ends(buf2);
481	if (strlen(buf1) != strlen(buf2)) {
482	TEST_error("Actual and ref line data length mismatch");
483	TEST_info("%s", buf1);
484	TEST_info("%s", buf2);
485	goto err;
486	}
487	for (i = 0; i < strlen(buf1); i++) {
488	/* '?' is a wild card character in the reference text */
489	if (buf1[i] == '?')
490	buf2[i] = '?';
491	}
492	if (!TEST_str_eq(buf1, buf2))
493	goto err;
494	}
495	if (!TEST_true(BIO_eof(file))
496	\|\| !TEST_true(BIO_eof(membio)))
497	goto err;
498
499	ret = 1;
500	err:
501	OPENSSL_free(reffile);
502	BIO_free(file);
503	BIO_free(newfile);
504	return ret;
505	}
506
507	/*
508	* Tests that the SSL_trace() msg_callback works as expected with a QUIC
509	* connection. This also provides testing of the msg_callback at the same time.
510	*/
511	static int test_ssl_trace(void)
512	{
513	SSL_CTX *cctx = NULL;
514	SSL *clientquic = NULL;
515	QUIC_TSERVER *qtserv = NULL;
516	int testresult = 0;
517	BIO *bio = NULL;
518
519	if (!TEST_ptr(cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()))
520	\|\| !TEST_ptr(bio = BIO_new(BIO_s_mem()))
521	\|\| !TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_128_GCM_SHA256"))
522	\|\| !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
523	privkey,
524	QTEST_FLAG_FAKE_TIME,
525	&qtserv,
526	&clientquic, NULL, NULL)))
527	goto err;
528
529	SSL_set_msg_callback(clientquic, SSL_trace);
530	SSL_set_msg_callback_arg(clientquic, bio);
531
532	if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
533	goto err;
534
535	/* Skip the comparison of the trace when the fips provider is used. */
536	if (is_fips) {
537	/* Check whether there was something written. */
538	if (!TEST_int_gt(BIO_pending(bio), 0))
539	goto err;
540	} else {
541	if (!TEST_true(compare_with_file(bio)))
542	goto err;
543	}
544
545	testresult = 1;
546	err:
547	ossl_quic_tserver_free(qtserv);
548	SSL_free(clientquic);
549	SSL_CTX_free(cctx);
550	BIO_free(bio);
551
552	return testresult;
553	}
554	#endif
555
556	static int ensure_valid_ciphers(const STACK_OF(SSL_CIPHER) *ciphers)
557	{
558	size_t i;
559
560	/* Ensure ciphersuite list is suitably subsetted. */
561	for (i = 0; i < (size_t)sk_SSL_CIPHER_num(ciphers); ++i) {
562	const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(ciphers, i);
563	switch (SSL_CIPHER_get_id(cipher)) {
564	case TLS1_3_CK_AES_128_GCM_SHA256:
565	case TLS1_3_CK_AES_256_GCM_SHA384:
566	case TLS1_3_CK_CHACHA20_POLY1305_SHA256:
567	break;
568	default:
569	TEST_error("forbidden cipher: %s", SSL_CIPHER_get_name(cipher));
570	return 0;
571	}
572	}
573
574	return 1;
575	}
576
577	/*
578	* Test that handshake-layer APIs which shouldn't work don't work with QUIC.
579	*/
580	static int test_quic_forbidden_apis_ctx(void)
581	{
582	int testresult = 0;
583	SSL_CTX *ctx = NULL;
584
585	if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
586	goto err;
587
588	#ifndef OPENSSL_NO_SRTP
589	/* This function returns 0 on success and 1 on error, and should fail. */
590	if (!TEST_true(SSL_CTX_set_tlsext_use_srtp(ctx, "SRTP_AEAD_AES_128_GCM")))
591	goto err;
592	#endif
593
594	/*
595	* List of ciphersuites we do and don't allow in QUIC.
596	*/
597	#define QUIC_CIPHERSUITES \
598	"TLS_AES_128_GCM_SHA256:" \
599	"TLS_AES_256_GCM_SHA384:" \
600	"TLS_CHACHA20_POLY1305_SHA256"
601
602	#define NON_QUIC_CIPHERSUITES \
603	"TLS_AES_128_CCM_SHA256:" \
604	"TLS_AES_256_CCM_SHA384:" \
605	"TLS_AES_128_CCM_8_SHA256:" \
606	"TLS_SHA256_SHA256:" \
607	"TLS_SHA384_SHA384"
608
609	/* Set TLSv1.3 ciphersuite list for the SSL_CTX. */
610	if (!TEST_true(SSL_CTX_set_ciphersuites(ctx,
611	QUIC_CIPHERSUITES ":"
612	NON_QUIC_CIPHERSUITES)))
613	goto err;
614
615	/*
616	* Forbidden ciphersuites should show up in SSL_CTX accessors, they are only
617	* filtered in SSL_get1_supported_ciphers, so we don't check for
618	* non-inclusion here.
619	*/
620
621	testresult = 1;
622	err:
623	SSL_CTX_free(ctx);
624	return testresult;
625	}
626
627	static int test_quic_forbidden_apis(void)
628	{
629	int testresult = 0;
630	SSL_CTX *ctx = NULL;
631	SSL *ssl = NULL;
632	STACK_OF(SSL_CIPHER) *ciphers = NULL;
633
634	if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
635	goto err;
636
637	if (!TEST_ptr(ssl = SSL_new(ctx)))
638	goto err;
639
640	#ifndef OPENSSL_NO_SRTP
641	/* This function returns 0 on success and 1 on error, and should fail. */
642	if (!TEST_true(SSL_set_tlsext_use_srtp(ssl, "SRTP_AEAD_AES_128_GCM")))
643	goto err;
644	#endif
645
646	/* Set TLSv1.3 ciphersuite list for the SSL_CTX. */
647	if (!TEST_true(SSL_set_ciphersuites(ssl,
648	QUIC_CIPHERSUITES ":"
649	NON_QUIC_CIPHERSUITES)))
650	goto err;
651
652	/* Non-QUIC ciphersuites must not appear in supported ciphers list. */
653	if (!TEST_ptr(ciphers = SSL_get1_supported_ciphers(ssl))
654	\|\| !TEST_true(ensure_valid_ciphers(ciphers)))
655	goto err;
656
657	testresult = 1;
658	err:
659	sk_SSL_CIPHER_free(ciphers);
660	SSL_free(ssl);
661	SSL_CTX_free(ctx);
662	return testresult;
663	}
664
665	static int test_quic_forbidden_options(void)
666	{
667	int testresult = 0;
668	SSL_CTX *ctx = NULL;
669	SSL *ssl = NULL;
670	char buf[16];
671	size_t len;
672
673	if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
674	goto err;
675
676	/* QUIC options restrictions do not affect SSL_CTX */
677	SSL_CTX_set_options(ctx, UINT64_MAX);
678
679	if (!TEST_uint64_t_eq(SSL_CTX_get_options(ctx), UINT64_MAX))
680	goto err;
681
682	/* Set options on CTX which should not be inherited (tested below). */
683	SSL_CTX_set_read_ahead(ctx, 1);
684	SSL_CTX_set_max_early_data(ctx, 1);
685	SSL_CTX_set_recv_max_early_data(ctx, 1);
686	SSL_CTX_set_quiet_shutdown(ctx, 1);
687
688	if (!TEST_ptr(ssl = SSL_new(ctx)))
689	goto err;
690
691	/* Only permitted options get transferred to SSL object */
692	if (!TEST_uint64_t_eq(SSL_get_options(ssl), OSSL_QUIC_PERMITTED_OPTIONS))
693	goto err;
694
695	/* Try again using SSL_set_options */
696	SSL_set_options(ssl, UINT64_MAX);
697
698	if (!TEST_uint64_t_eq(SSL_get_options(ssl), OSSL_QUIC_PERMITTED_OPTIONS))
699	goto err;
700
701	/* Clear everything */
702	SSL_clear_options(ssl, UINT64_MAX);
703
704	if (!TEST_uint64_t_eq(SSL_get_options(ssl), 0))
705	goto err;
706
707	/* Readahead */
708	if (!TEST_false(SSL_get_read_ahead(ssl)))
709	goto err;
710
711	SSL_set_read_ahead(ssl, 1);
712	if (!TEST_false(SSL_get_read_ahead(ssl)))
713	goto err;
714
715	/* Block padding */
716	if (!TEST_true(SSL_set_block_padding(ssl, 0))
717	\|\| !TEST_true(SSL_set_block_padding(ssl, 1))
718	\|\| !TEST_false(SSL_set_block_padding(ssl, 2)))
719	goto err;
720
721	/* Max fragment length */
722	if (!TEST_true(SSL_set_tlsext_max_fragment_length(ssl, TLSEXT_max_fragment_length_DISABLED))
723	\|\| !TEST_false(SSL_set_tlsext_max_fragment_length(ssl, TLSEXT_max_fragment_length_512)))
724	goto err;
725
726	/* Max early data */
727	if (!TEST_false(SSL_set_recv_max_early_data(ssl, 1))
728	\|\| !TEST_false(SSL_set_max_early_data(ssl, 1)))
729	goto err;
730
731	/* Read/Write */
732	if (!TEST_false(SSL_read_early_data(ssl, buf, sizeof(buf), &len))
733	\|\| !TEST_false(SSL_write_early_data(ssl, buf, sizeof(buf), &len)))
734	goto err;
735
736	/* Buffer Management */
737	if (!TEST_true(SSL_alloc_buffers(ssl))
738	\|\| !TEST_false(SSL_free_buffers(ssl)))
739	goto err;
740
741	/* Pipelining */
742	if (!TEST_false(SSL_set_max_send_fragment(ssl, 2))
743	\|\| !TEST_false(SSL_set_split_send_fragment(ssl, 2))
744	\|\| !TEST_false(SSL_set_max_pipelines(ssl, 2)))
745	goto err;
746
747	/* HRR */
748	if (!TEST_false(SSL_stateless(ssl)))
749	goto err;
750
751	/* Quiet Shutdown */
752	if (!TEST_false(SSL_get_quiet_shutdown(ssl)))
753	goto err;
754
755	/* No duplication */
756	if (!TEST_ptr_null(SSL_dup(ssl)))
757	goto err;
758
759	/* No clear */
760	if (!TEST_false(SSL_clear(ssl)))
761	goto err;
762
763	testresult = 1;
764	err:
765	SSL_free(ssl);
766	SSL_CTX_free(ctx);
767	return testresult;
768	}
769
770	static int test_quic_set_fd(int idx)
771	{
772	int testresult = 0;
773	SSL_CTX *ctx = NULL;
774	SSL *ssl = NULL;
775	int fd = -1, resfd = -1;
776	BIO *bio = NULL;
777
778	if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
779	goto err;
780
781	if (!TEST_ptr(ssl = SSL_new(ctx)))
782	goto err;
783
784	if (!TEST_int_ge(fd = BIO_socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP, 0), 0))
785	goto err;
786
787	if (idx == 0) {
788	if (!TEST_true(SSL_set_fd(ssl, fd)))
789	goto err;
790	if (!TEST_ptr(bio = SSL_get_rbio(ssl)))
791	goto err;
792	if (!TEST_ptr_eq(bio, SSL_get_wbio(ssl)))
793	goto err;
794	} else if (idx == 1) {
795	if (!TEST_true(SSL_set_rfd(ssl, fd)))
796	goto err;
797	if (!TEST_ptr(bio = SSL_get_rbio(ssl)))
798	goto err;
799	if (!TEST_ptr_null(SSL_get_wbio(ssl)))
800	goto err;
801	} else {
802	if (!TEST_true(SSL_set_wfd(ssl, fd)))
803	goto err;
804	if (!TEST_ptr(bio = SSL_get_wbio(ssl)))
805	goto err;
806	if (!TEST_ptr_null(SSL_get_rbio(ssl)))
807	goto err;
808	}
809
810	if (!TEST_int_eq(BIO_method_type(bio), BIO_TYPE_DGRAM))
811	goto err;
812
813	if (!TEST_true(BIO_get_fd(bio, &resfd))
814	\|\| !TEST_int_eq(resfd, fd))
815	goto err;
816
817	testresult = 1;
818	err:
819	SSL_free(ssl);
820	SSL_CTX_free(ctx);
821	if (fd >= 0)
822	BIO_closesocket(fd);
823	return testresult;
824	}
825
826	#define MAXLOOPS 1000
827
828	static int test_bio_ssl(void)
829	{
830	/*
831	* We just use OSSL_QUIC_client_method() rather than
832	* OSSL_QUIC_client_thread_method(). We will never leave the connection idle
833	* so we will always be implicitly handling time events anyway via other
834	* IO calls.
835	*/
836	SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
837	SSL clientquic = NULL, stream = NULL;
838	QUIC_TSERVER *qtserv = NULL;
839	int testresult = 0;
840	BIO cbio = NULL, strbio = NULL, *thisbio;
841	const char *msg = "Hello world";
842	int abortctr = 0, err, clienterr = 0, servererr = 0, retc = 0, rets = 0;
843	size_t written, readbytes, msglen;
844	int sid = 0, i;
845	unsigned char buf[80];
846
847	if (!TEST_ptr(cctx))
848	goto err;
849
850	cbio = BIO_new_ssl(cctx, 1);
851	if (!TEST_ptr(cbio))
852	goto err;
853
854	/*
855	* We must configure the ALPN/peer address etc so we get the SSL object in
856	* order to pass it to qtest_create_quic_objects for configuration.
857	*/
858	if (!TEST_int_eq(BIO_get_ssl(cbio, &clientquic), 1))
859	goto err;
860
861	if (!TEST_true(qtest_create_quic_objects(libctx, NULL, NULL, cert, privkey,
862	0, &qtserv, &clientquic, NULL,
863	NULL)))
864	goto err;
865
866	msglen = strlen(msg);
867
868	do {
869	err = BIO_FLAGS_WRITE;
870	while (!clienterr && !retc && err == BIO_FLAGS_WRITE) {
871	retc = BIO_write_ex(cbio, msg, msglen, &written);
872	if (!retc) {
873	if (BIO_should_retry(cbio))
874	err = BIO_retry_type(cbio);
875	else
876	err = 0;
877	}
878	}
879
880	if (!clienterr && retc <= 0 && err != BIO_FLAGS_READ) {
881	TEST_info("BIO_write_ex() failed %d, %d", retc, err);
882	TEST_openssl_errors();
883	clienterr = 1;
884	}
885
886	if (!servererr && rets <= 0) {
887	ossl_quic_tserver_tick(qtserv);
888	servererr = ossl_quic_tserver_is_term_any(qtserv);
889	if (!servererr)
890	rets = ossl_quic_tserver_is_handshake_confirmed(qtserv);
891	}
892
893	if (clienterr && servererr)
894	goto err;
895
896	if (++abortctr == MAXLOOPS) {
897	TEST_info("No progress made");
898	goto err;
899	}
900	} while ((!retc && !clienterr) \|\| (rets <= 0 && !servererr));
901
902	/*
903	* 2 loops: The first using the default stream, and the second using a new
904	* client initiated bidi stream.
905	*/
906	for (i = 0, thisbio = cbio; i < 2; i++) {
907	if (!TEST_true(ossl_quic_tserver_read(qtserv, sid, buf, sizeof(buf),
908	&readbytes))
909	\|\| !TEST_mem_eq(msg, msglen, buf, readbytes))
910	goto err;
911
912	if (!TEST_true(ossl_quic_tserver_write(qtserv, sid, (unsigned char *)msg,
913	msglen, &written)))
914	goto err;
915	ossl_quic_tserver_tick(qtserv);
916
917	if (!TEST_true(BIO_read_ex(thisbio, buf, sizeof(buf), &readbytes))
918	\|\| !TEST_mem_eq(msg, msglen, buf, readbytes))
919	goto err;
920
921	if (i == 1)
922	break;
923
924	if (!TEST_true(SSL_set_mode(clientquic, 0)))
925	goto err;
926
927	/*
928	* Now create a new stream and repeat. The bottom two bits of the stream
929	* id represents whether the stream is bidi and whether it is client
930	* initiated or not. For client initiated bidi they are both 0. So the
931	* first client initiated bidi stream is 0 and the next one is 4.
932	*/
933	sid = 4;
934	stream = SSL_new_stream(clientquic, 0);
935	if (!TEST_ptr(stream))
936	goto err;
937
938	if (!TEST_true(SSL_set_mode(stream, 0)))
939	goto err;
940
941	thisbio = strbio = BIO_new(BIO_f_ssl());
942	if (!TEST_ptr(strbio))
943	goto err;
944
945	if (!TEST_int_eq(BIO_set_ssl(thisbio, stream, BIO_CLOSE), 1))
946	goto err;
947	stream = NULL;
948
949	if (!TEST_true(BIO_write_ex(thisbio, msg, msglen, &written)))
950	goto err;
951
952	ossl_quic_tserver_tick(qtserv);
953	}
954
955	testresult = 1;
956	err:
957	BIO_free_all(cbio);
958	BIO_free_all(strbio);
959	SSL_free(stream);
960	ossl_quic_tserver_free(qtserv);
961	SSL_CTX_free(cctx);
962
963	return testresult;
964	}
965
966	#define BACK_PRESSURE_NUM_LOOPS 10000
967	/*
968	* Test that sending data from the client to the server faster than the server
969	* can process it eventually results in back pressure on the client.
970	*/
971	static int test_back_pressure(void)
972	{
973	SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
974	SSL *clientquic = NULL;
975	QUIC_TSERVER *qtserv = NULL;
976	int testresult = 0;
977	unsigned char *msg = NULL;
978	const size_t msglen = 1024;
979	unsigned char buf[64];
980	size_t readbytes, written;
981	int i;
982
983	if (!TEST_ptr(cctx)
984	\|\| !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
985	privkey, 0, &qtserv,
986	&clientquic, NULL, NULL))
987	\|\| !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
988	goto err;
989
990	msg = OPENSSL_malloc(msglen);
991	if (!TEST_ptr(msg))
992	goto err;
993	if (!TEST_int_eq(RAND_bytes_ex(libctx, msg, msglen, 0), 1))
994	goto err;
995
996	/*
997	* Limit to 10000 loops. If we've not seen any back pressure after that
998	* we're going to run out of memory, so abort.
999	*/
1000	for (i = 0; i < BACK_PRESSURE_NUM_LOOPS; i++) {
1001	/* Send data from the client */
1002	if (!SSL_write_ex(clientquic, msg, msglen, &written)) {
1003	/* Check if we are seeing back pressure */
1004	if (SSL_get_error(clientquic, 0) == SSL_ERROR_WANT_WRITE)
1005	break;
1006	TEST_error("Unexpected client failure");
1007	goto err;
1008	}
1009
1010	/* Receive data at the server */
1011	ossl_quic_tserver_tick(qtserv);
1012	if (!TEST_true(ossl_quic_tserver_read(qtserv, 0, buf, sizeof(buf),
1013	&readbytes)))
1014	goto err;
1015	}
1016
1017	if (i == BACK_PRESSURE_NUM_LOOPS) {
1018	TEST_error("No back pressure seen");
1019	goto err;
1020	}
1021
1022	testresult = 1;
1023	err:
1024	SSL_free(clientquic);
1025	ossl_quic_tserver_free(qtserv);
1026	SSL_CTX_free(cctx);
1027	OPENSSL_free(msg);
1028
1029	return testresult;
1030	}
1031
1032
1033	static int dgram_ctr = 0;
1034
1035	static void dgram_cb(int write_p, int version, int content_type,
1036	const void buf, size_t msglen, SSL ssl, void *arg)
1037	{
1038	if (!write_p)
1039	return;
1040
1041	if (content_type != SSL3_RT_QUIC_DATAGRAM)
1042	return;
1043
1044	dgram_ctr++;
1045	}
1046
1047	/* Test that we send multiple datagrams in one go when appropriate */
1048	static int test_multiple_dgrams(void)
1049	{
1050	SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1051	SSL *clientquic = NULL;
1052	QUIC_TSERVER *qtserv = NULL;
1053	int testresult = 0;
1054	unsigned char *buf;
1055	const size_t buflen = 1400;
1056	size_t written;
1057
1058	buf = OPENSSL_zalloc(buflen);
1059
1060	if (!TEST_ptr(cctx)
1061	\|\| !TEST_ptr(buf)
1062	\|\| !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
1063	privkey, 0, &qtserv,
1064	&clientquic, NULL, NULL))
1065	\|\| !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1066	goto err;
1067
1068	dgram_ctr = 0;
1069	SSL_set_msg_callback(clientquic, dgram_cb);
1070	if (!TEST_true(SSL_write_ex(clientquic, buf, buflen, &written))
1071	\|\| !TEST_size_t_eq(written, buflen)
1072	/* We wrote enough data for 2 datagrams */
1073	\|\| !TEST_int_eq(dgram_ctr, 2))
1074	goto err;
1075
1076	testresult = 1;
1077	err:
1078	OPENSSL_free(buf);
1079	SSL_free(clientquic);
1080	ossl_quic_tserver_free(qtserv);
1081	SSL_CTX_free(cctx);
1082
1083	return testresult;
1084	}
1085
1086	static int non_io_retry_cert_verify_cb(X509_STORE_CTX ctx, void arg)
1087	{
1088	int idx = SSL_get_ex_data_X509_STORE_CTX_idx();
1089	SSL *ssl;
1090	const int allow = (int )arg;
1091
1092	/* this should not happen but check anyway */
1093	if (idx < 0
1094	\|\| (ssl = X509_STORE_CTX_get_ex_data(ctx, idx)) == NULL)
1095	return 0;
1096
1097	/* If this is our first attempt then retry */
1098	if (*allow == 0)
1099	return SSL_set_retry_verify(ssl);
1100
1101	/* Otherwise do nothing - verification succeeds. Continue as normal */
1102	return 1;
1103	}
1104
1105	/* Test that we can handle a non-io related retry error
1106	* Test 0: Non-blocking
1107	* Test 1: Blocking
1108	*/
1109	static int test_non_io_retry(int idx)
1110	{
1111	SSL_CTX *cctx;
1112	SSL *clientquic = NULL;
1113	QUIC_TSERVER *qtserv = NULL;
1114	int testresult = 0;
1115	int flags = 0, allow = 0;
1116
1117	if (idx >= 1 && !qtest_supports_blocking())
1118	return TEST_skip("Blocking tests not supported in this build");
1119
1120	cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1121	if (!TEST_ptr(cctx))
1122	goto err;
1123
1124	SSL_CTX_set_cert_verify_callback(cctx, non_io_retry_cert_verify_cb, &allow);
1125
1126	flags = (idx >= 1) ? QTEST_FLAG_BLOCK : 0;
1127	if (!TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert, privkey,
1128	flags, &qtserv, &clientquic, NULL,
1129	NULL))
1130	\|\| !TEST_true(qtest_create_quic_connection_ex(qtserv, clientquic,
1131	SSL_ERROR_WANT_RETRY_VERIFY))
1132	\|\| !TEST_int_eq(SSL_want(clientquic), SSL_RETRY_VERIFY))
1133	goto err;
1134
1135	allow = 1;
1136	if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1137	goto err;
1138
1139	testresult = 1;
1140	err:
1141	SSL_free(clientquic);
1142	ossl_quic_tserver_free(qtserv);
1143	SSL_CTX_free(cctx);
1144
1145	return testresult;
1146	}
1147
1148	static int use_session_cb_cnt = 0;
1149	static int find_session_cb_cnt = 0;
1150	static const char *pskid = "Identity";
1151	static SSL_SESSION serverpsk = NULL, clientpsk = NULL;
1152
1153	static int use_session_cb(SSL ssl, const EVP_MD md, const unsigned char **id,
1154	size_t idlen, SSL_SESSION *sess)
1155	{
1156	use_session_cb_cnt++;
1157
1158	if (clientpsk == NULL)
1159	return 0;
1160
1161	SSL_SESSION_up_ref(clientpsk);
1162
1163	*sess = clientpsk;
1164	id = (const unsigned char )pskid;
1165	*idlen = strlen(pskid);
1166
1167	return 1;
1168	}
1169
1170	static int find_session_cb(SSL ssl, const unsigned char identity,
1171	size_t identity_len, SSL_SESSION **sess)
1172	{
1173	find_session_cb_cnt++;
1174
1175	if (serverpsk == NULL)
1176	return 0;
1177
1178	/* Identity should match that set by the client */
1179	if (strlen(pskid) != identity_len
1180	\|\| strncmp(pskid, (const char *)identity, identity_len) != 0)
1181	return 0;
1182
1183	SSL_SESSION_up_ref(serverpsk);
1184	*sess = serverpsk;
1185
1186	return 1;
1187	}
1188
1189	static int test_quic_psk(void)
1190	{
1191	SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1192	SSL *clientquic = NULL;
1193	QUIC_TSERVER *qtserv = NULL;
1194	int testresult = 0;
1195
1196	if (!TEST_ptr(cctx)
1197	/* No cert or private key for the server, i.e. PSK only */
1198	\|\| !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, NULL,
1199	NULL, 0, &qtserv,
1200	&clientquic, NULL, NULL)))
1201	goto end;
1202
1203	SSL_set_psk_use_session_callback(clientquic, use_session_cb);
1204	ossl_quic_tserver_set_psk_find_session_cb(qtserv, find_session_cb);
1205	use_session_cb_cnt = 0;
1206	find_session_cb_cnt = 0;
1207
1208	clientpsk = serverpsk = create_a_psk(clientquic, SHA384_DIGEST_LENGTH);
1209	if (!TEST_ptr(clientpsk))
1210	goto end;
1211	/* We already had one ref. Add another one */
1212	SSL_SESSION_up_ref(clientpsk);
1213
1214	if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic))
1215	\|\| !TEST_int_eq(1, find_session_cb_cnt)
1216	\|\| !TEST_int_eq(1, use_session_cb_cnt)
1217	/* Check that we actually used the PSK */
1218	\|\| !TEST_true(SSL_session_reused(clientquic)))
1219	goto end;
1220
1221	testresult = 1;
1222
1223	end:
1224	SSL_free(clientquic);
1225	ossl_quic_tserver_free(qtserv);
1226	SSL_CTX_free(cctx);
1227	SSL_SESSION_free(clientpsk);
1228	SSL_SESSION_free(serverpsk);
1229	clientpsk = serverpsk = NULL;
1230
1231	return testresult;
1232	}
1233
1234	static int test_client_auth(int idx)
1235	{
1236	SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1237	SSL_CTX *sctx = SSL_CTX_new_ex(libctx, NULL, TLS_method());
1238	SSL *clientquic = NULL;
1239	QUIC_TSERVER *qtserv = NULL;
1240	int testresult = 0;
1241	unsigned char buf[20];
1242	static char *msg = "A test message";
1243	size_t msglen = strlen(msg);
1244	size_t numbytes = 0;
1245
1246	if (!TEST_ptr(cctx) \|\| !TEST_ptr(sctx))
1247	goto err;
1248
1249	SSL_CTX_set_verify(sctx, SSL_VERIFY_PEER \| SSL_VERIFY_FAIL_IF_NO_PEER_CERT
1250	\| SSL_VERIFY_CLIENT_ONCE, NULL);
1251
1252	if (!TEST_true(SSL_CTX_load_verify_file(sctx, cauthca)))
1253	goto err;
1254
1255	if (idx > 0
1256	&& (!TEST_true(SSL_CTX_use_certificate_chain_file(cctx, ccert))
1257	\|\| !TEST_true(SSL_CTX_use_PrivateKey_file(cctx, cprivkey,
1258	SSL_FILETYPE_PEM))))
1259	goto err;
1260
1261	if (!TEST_true(qtest_create_quic_objects(libctx, cctx, sctx, cert,
1262	privkey, 0, &qtserv,
1263	&clientquic, NULL, NULL)))
1264	goto err;
1265
1266	if (idx > 1) {
1267	if (!TEST_true(ssl_ctx_add_large_cert_chain(libctx, cctx, ccert))
1268	\|\| !TEST_true(ssl_ctx_add_large_cert_chain(libctx, sctx, cert)))
1269	goto err;
1270	}
1271
1272	if (idx == 0) {
1273	if (!TEST_false(qtest_create_quic_connection(qtserv, clientquic)))
1274	goto err;
1275
1276	/* negative test passed */
1277	testresult = 1;
1278	goto err;
1279	}
1280
1281	if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1282	goto err;
1283
1284	/* Check that sending and receiving app data is ok */
1285	if (!TEST_true(SSL_write_ex(clientquic, msg, msglen, &numbytes))
1286	\|\| !TEST_size_t_eq(numbytes, msglen))
1287	goto err;
1288
1289	ossl_quic_tserver_tick(qtserv);
1290	if (!TEST_true(ossl_quic_tserver_write(qtserv, 0,
1291	(unsigned char *)msg,
1292	msglen, &numbytes)))
1293	goto err;
1294
1295	ossl_quic_tserver_tick(qtserv);
1296	SSL_handle_events(clientquic);
1297
1298	if (!TEST_true(SSL_read_ex(clientquic, buf, sizeof(buf), &numbytes))
1299	\|\| !TEST_size_t_eq(numbytes, msglen)
1300	\|\| !TEST_mem_eq(buf, numbytes, msg, msglen))
1301	goto err;
1302
1303	if (!TEST_true(qtest_shutdown(qtserv, clientquic)))
1304	goto err;
1305
1306	testresult = 1;
1307
1308	err:
1309	SSL_free(clientquic);
1310	ossl_quic_tserver_free(qtserv);
1311	SSL_CTX_free(sctx);
1312	SSL_CTX_free(cctx);
1313
1314	return testresult;
1315	}
1316
1317	/*
1318	* Test that we correctly handle ALPN supplied by the application
1319	* Test 0: ALPN is provided
1320	* Test 1: No ALPN is provided
1321	*/
1322	static int test_alpn(int idx)
1323	{
1324	SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1325	SSL *clientquic = NULL;
1326	QUIC_TSERVER *qtserv = NULL;
1327	int testresult = 0;
1328	int ret;
1329
1330	/*
1331	* Ensure we only configure ciphersuites that are available with both the
1332	* default and fips providers to get the same output in both cases
1333	*/
1334	if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_128_GCM_SHA256")))
1335	goto err;
1336
1337	if (!TEST_ptr(cctx)
1338	\|\| !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
1339	privkey,
1340	QTEST_FLAG_FAKE_TIME,
1341	&qtserv,
1342	&clientquic, NULL, NULL)))
1343	goto err;
1344
1345	if (idx == 0) {
1346	/*
1347	* Clear the ALPN we set in qtest_create_quic_objects. We use TEST_false
1348	* because SSL_set_alpn_protos returns 0 for success.
1349	*/
1350	if (!TEST_false(SSL_set_alpn_protos(clientquic, NULL, 0)))
1351	goto err;
1352	}
1353
1354	ret = SSL_connect(clientquic);
1355	if (!TEST_int_le(ret, 0))
1356	goto err;
1357	if (idx == 0) {
1358	/* We expect an immediate error due to lack of ALPN */
1359	if (!TEST_int_eq(SSL_get_error(clientquic, ret), SSL_ERROR_SSL))
1360	goto err;
1361	} else {
1362	/* ALPN was provided so we expect the connection to succeed */
1363	if (!TEST_int_eq(SSL_get_error(clientquic, ret), SSL_ERROR_WANT_READ)
1364	\|\| !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1365	goto err;
1366	}
1367
1368	testresult = 1;
1369	err:
1370	ossl_quic_tserver_free(qtserv);
1371	SSL_free(clientquic);
1372	SSL_CTX_free(cctx);
1373
1374	return testresult;
1375	}
1376
1377	/*
1378	* Test SSL_get_shutdown() behavior.
1379	*/
1380	static int test_get_shutdown(void)
1381	{
1382	SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1383	SSL *clientquic = NULL;
1384	QUIC_TSERVER *qtserv = NULL;
1385	int testresult = 0;
1386
1387	if (!TEST_ptr(cctx)
1388	\|\| !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
1389	privkey,
1390	QTEST_FLAG_FAKE_TIME,
1391	&qtserv, &clientquic,
1392	NULL, NULL))
1393	\|\| !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1394	goto err;
1395
1396	if (!TEST_int_eq(SSL_get_shutdown(clientquic), 0))
1397	goto err;
1398
1399	if (!TEST_int_eq(SSL_shutdown(clientquic), 0))
1400	goto err;
1401
1402	if (!TEST_int_eq(SSL_get_shutdown(clientquic), SSL_SENT_SHUTDOWN))
1403	goto err;
1404
1405	do {
1406	ossl_quic_tserver_tick(qtserv);
1407	qtest_add_time(100);
1408	} while (SSL_shutdown(clientquic) == 0);
1409
1410	if (!TEST_int_eq(SSL_get_shutdown(clientquic),
1411	SSL_SENT_SHUTDOWN \| SSL_RECEIVED_SHUTDOWN))
1412	goto err;
1413
1414	testresult = 1;
1415	err:
1416	ossl_quic_tserver_free(qtserv);
1417	SSL_free(clientquic);
1418	SSL_CTX_free(cctx);
1419
1420	return testresult;
1421	}
1422
1423	#define MAX_LOOPS 2000
1424
1425	/*
1426	* Keep retrying SSL_read_ex until it succeeds or we give up. Accept a stream
1427	* if we don't already have one
1428	*/
1429	static int unreliable_client_read(SSL clientquic, SSL stream, void buf,
1430	size_t buflen, size_t *readbytes,
1431	QUIC_TSERVER *qtserv)
1432	{
1433	int abortctr;
1434
1435	/* We just do this in a loop with a sleep for simplicity */
1436	for (abortctr = 0; abortctr < MAX_LOOPS; abortctr++) {
1437	if (*stream == NULL) {
1438	SSL_handle_events(clientquic);
1439	*stream = SSL_accept_stream(clientquic, 0);
1440	}
1441
1442	if (*stream != NULL) {
1443	if (SSL_read_ex(*stream, buf, buflen, readbytes))
1444	return 1;
1445	if (!TEST_int_eq(SSL_get_error(*stream, 0), SSL_ERROR_WANT_READ))
1446	return 0;
1447	}
1448	ossl_quic_tserver_tick(qtserv);
1449	qtest_add_time(1);
1450	qtest_wait_for_timeout(clientquic, qtserv);
1451	}
1452
1453	TEST_error("No progress made");
1454	return 0;
1455	}
1456
1457	/* Keep retrying ossl_quic_tserver_read until it succeeds or we give up */
1458	static int unreliable_server_read(QUIC_TSERVER *qtserv, uint64_t sid,
1459	void buf, size_t buflen, size_t readbytes,
1460	SSL *clientquic)
1461	{
1462	int abortctr;
1463
1464	/* We just do this in a loop with a sleep for simplicity */
1465	for (abortctr = 0; abortctr < MAX_LOOPS; abortctr++) {
1466	if (ossl_quic_tserver_read(qtserv, sid, buf, buflen, readbytes)
1467	&& *readbytes > 1)
1468	return 1;
1469	ossl_quic_tserver_tick(qtserv);
1470	SSL_handle_events(clientquic);
1471	qtest_add_time(1);
1472	qtest_wait_for_timeout(clientquic, qtserv);
1473	}
1474
1475	TEST_error("No progress made");
1476	return 0;
1477	}
1478
1479	/*
1480	* Create a connection and send data using an unreliable transport. We introduce
1481	* random noise to drop, delay and duplicate datagrams.
1482	* Test 0: Introduce random noise to datagrams
1483	* Test 1: As with test 0 but also split datagrams containing multiple packets
1484	* into individual datagrams so that individual packets can be affected
1485	* by noise - not just a whole datagram.
1486	*/
1487	static int test_noisy_dgram(int idx)
1488	{
1489	SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1490	SSL clientquic = NULL, stream[2] = { NULL, NULL };
1491	QUIC_TSERVER *qtserv = NULL;
1492	int testresult = 0;
1493	uint64_t sid = 0;
1494	char *msg = "Hello world!";
1495	size_t msglen = strlen(msg), written, readbytes, i, j;
1496	unsigned char buf[80];
1497	int flags = QTEST_FLAG_NOISE \| QTEST_FLAG_FAKE_TIME;
1498	QTEST_FAULT *fault = NULL;
1499
1500	if (idx == 1)
1501	flags \|= QTEST_FLAG_PACKET_SPLIT;
1502
1503	if (!TEST_ptr(cctx)
1504	\|\| !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
1505	privkey, flags,
1506	&qtserv,
1507	&clientquic, &fault, NULL)))
1508	goto err;
1509
1510	if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1511	goto err;
1512
1513	if (!TEST_true(SSL_set_incoming_stream_policy(clientquic,
1514	SSL_INCOMING_STREAM_POLICY_ACCEPT,
1515	0))
1516	\|\| !TEST_true(SSL_set_default_stream_mode(clientquic,
1517	SSL_DEFAULT_STREAM_MODE_NONE)))
1518	goto err;
1519
1520	for (j = 0; j < 2; j++) {
1521	if (!TEST_true(ossl_quic_tserver_stream_new(qtserv, 0, &sid)))
1522	goto err;
1523	ossl_quic_tserver_tick(qtserv);
1524	qtest_add_time(1);
1525
1526	/*
1527	* Send data from the server to the client. Some datagrams may get
1528	* lost, modified, dropped or re-ordered. We repeat 20 times to ensure
1529	* we are sending enough datagrams for problems to be noticed.
1530	*/
1531	for (i = 0; i < 20; i++) {
1532	if (!TEST_true(ossl_quic_tserver_write(qtserv, sid,
1533	(unsigned char *)msg, msglen,
1534	&written))
1535	\|\| !TEST_size_t_eq(msglen, written))
1536	goto err;
1537	ossl_quic_tserver_tick(qtserv);
1538	qtest_add_time(1);
1539
1540	/*
1541	* Since the underlying BIO is now noisy we may get failures that
1542	* need to be retried - so we use unreliable_client_read() to
1543	* handle that
1544	*/
1545	if (!TEST_true(unreliable_client_read(clientquic, &stream[j], buf,
1546	sizeof(buf), &readbytes,
1547	qtserv))
1548	\|\| !TEST_mem_eq(msg, msglen, buf, readbytes))
1549	goto err;
1550	}
1551
1552	/* Send data from the client to the server */
1553	for (i = 0; i < 20; i++) {
1554	if (!TEST_true(SSL_write_ex(stream[j], (unsigned char *)msg,
1555	msglen, &written))
1556	\|\| !TEST_size_t_eq(msglen, written))
1557	goto err;
1558
1559	ossl_quic_tserver_tick(qtserv);
1560	qtest_add_time(1);
1561
1562	/*
1563	* Since the underlying BIO is now noisy we may get failures that
1564	* need to be retried - so we use unreliable_server_read() to
1565	* handle that
1566	*/
1567	if (!TEST_true(unreliable_server_read(qtserv, sid, buf, sizeof(buf),
1568	&readbytes, clientquic))
1569	\|\| !TEST_mem_eq(msg, msglen, buf, readbytes))
1570	goto err;
1571	}
1572	}
1573
1574	testresult = 1;
1575	err:
1576	ossl_quic_tserver_free(qtserv);
1577	SSL_free(stream[0]);
1578	SSL_free(stream[1]);
1579	SSL_free(clientquic);
1580	SSL_CTX_free(cctx);
1581	qtest_fault_free(fault);
1582
1583	return testresult;
1584	}
1585
1586	/*
1587	* Create a connection and send some big data using a transport with limited bandwidth.
1588	*/
1589
1590	#define TEST_TRANSFER_DATA_SIZE (210241024) /* 2 MBytes */
1591	#define TEST_SINGLE_WRITE_SIZE (161024) / 16 kBytes */
1592	#define TEST_BW_LIMIT 1000 /* 1000 Bytes/ms */
1593	static int test_bw_limit(void)
1594	{
1595	SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1596	SSL *clientquic = NULL;
1597	QUIC_TSERVER *qtserv = NULL;
1598	int testresult = 0;
1599	unsigned char msg = NULL, recvbuf = NULL;
1600	size_t sendlen = TEST_TRANSFER_DATA_SIZE;
1601	size_t recvlen = TEST_TRANSFER_DATA_SIZE;
1602	size_t written, readbytes;
1603	int flags = QTEST_FLAG_NOISE \| QTEST_FLAG_FAKE_TIME;
1604	QTEST_FAULT *fault = NULL;
1605	uint64_t real_bw;
1606
1607	if (!TEST_ptr(cctx)
1608	\|\| !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
1609	privkey, flags,
1610	&qtserv,
1611	&clientquic, &fault, NULL)))
1612	goto err;
1613
1614	if (!TEST_ptr(msg = OPENSSL_zalloc(TEST_SINGLE_WRITE_SIZE))
1615	\|\| !TEST_ptr(recvbuf = OPENSSL_zalloc(TEST_SINGLE_WRITE_SIZE)))
1616	goto err;
1617
1618	/* Set BW to 1000 Bytes/ms -> 1MByte/s both ways */
1619	if (!TEST_true(qtest_fault_set_bw_limit(fault, 1000, 1000, 0)))
1620	goto err;
1621
1622	if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1623	goto err;
1624
1625	qtest_start_stopwatch();
1626
1627	while (recvlen > 0) {
1628	qtest_add_time(1);
1629
1630	if (sendlen > 0) {
1631	if (!SSL_write_ex(clientquic, msg,
1632	sendlen > TEST_SINGLE_WRITE_SIZE ? TEST_SINGLE_WRITE_SIZE
1633	: sendlen,
1634	&written)) {
1635	TEST_info("Retrying to send: %llu", (unsigned long long) sendlen);
1636	if (!TEST_int_eq(SSL_get_error(clientquic, 0), SSL_ERROR_WANT_WRITE))
1637	goto err;
1638	} else {
1639	sendlen -= written;
1640	TEST_info("Remaining to send: %llu", (unsigned long long) sendlen);
1641	}
1642	} else {
1643	SSL_handle_events(clientquic);
1644	}
1645
1646	if (ossl_quic_tserver_read(qtserv, 0, recvbuf,
1647	recvlen > TEST_SINGLE_WRITE_SIZE ? TEST_SINGLE_WRITE_SIZE
1648	: recvlen,
1649	&readbytes)
1650	&& readbytes > 1) {
1651	recvlen -= readbytes;
1652	TEST_info("Remaining to recv: %llu", (unsigned long long) recvlen);
1653	} else {
1654	TEST_info("No progress on recv: %llu", (unsigned long long) recvlen);
1655	}
1656	ossl_quic_tserver_tick(qtserv);
1657	}
1658	real_bw = TEST_TRANSFER_DATA_SIZE / qtest_get_stopwatch_time();
1659
1660	TEST_info("BW limit: %d Bytes/ms Real bandwidth reached: %llu Bytes/ms",
1661	TEST_BW_LIMIT, (unsigned long long)real_bw);
1662
1663	if (!TEST_uint64_t_lt(real_bw, TEST_BW_LIMIT))
1664	goto err;
1665
1666	testresult = 1;
1667	err:
1668	OPENSSL_free(msg);
1669	OPENSSL_free(recvbuf);
1670	ossl_quic_tserver_free(qtserv);
1671	SSL_free(clientquic);
1672	SSL_CTX_free(cctx);
1673	qtest_fault_free(fault);
1674
1675	return testresult;
1676	}
1677
1678	enum {
1679	TPARAM_OP_DUP,
1680	TPARAM_OP_DROP,
1681	TPARAM_OP_INJECT,
1682	TPARAM_OP_INJECT_TWICE,
1683	TPARAM_OP_INJECT_RAW,
1684	TPARAM_OP_DROP_INJECT,
1685	TPARAM_OP_MUTATE
1686	};
1687
1688	#define TPARAM_CHECK_DUP(name, reason) \
1689	{ QUIC_TPARAM_##name, TPARAM_OP_DUP, (reason) },
1690	#define TPARAM_CHECK_DROP(name, reason) \
1691	{ QUIC_TPARAM_##name, TPARAM_OP_DROP, (reason) },
1692	#define TPARAM_CHECK_INJECT(name, buf, buf_len, reason) \
1693	{ QUIC_TPARAM_##name, TPARAM_OP_INJECT, (reason), \
1694	(buf), (buf_len) },
1695	#define TPARAM_CHECK_INJECT_A(name, buf, reason) \
1696	TPARAM_CHECK_INJECT(name, buf, sizeof(buf), reason)
1697	#define TPARAM_CHECK_DROP_INJECT(name, buf, buf_len, reason) \
1698	{ QUIC_TPARAM_##name, TPARAM_OP_DROP_INJECT, (reason), \
1699	(buf), (buf_len) },
1700	#define TPARAM_CHECK_DROP_INJECT_A(name, buf, reason) \
1701	TPARAM_CHECK_DROP_INJECT(name, buf, sizeof(buf), reason)
1702	#define TPARAM_CHECK_INJECT_TWICE(name, buf, buf_len, reason) \
1703	{ QUIC_TPARAM_##name, TPARAM_OP_INJECT_TWICE, (reason), \
1704	(buf), (buf_len) },
1705	#define TPARAM_CHECK_INJECT_TWICE_A(name, buf, reason) \
1706	TPARAM_CHECK_INJECT_TWICE(name, buf, sizeof(buf), reason)
1707	#define TPARAM_CHECK_INJECT_RAW(buf, buf_len, reason) \
1708	{ 0, TPARAM_OP_INJECT_RAW, (reason), \
1709	(buf), (buf_len) },
1710	#define TPARAM_CHECK_INJECT_RAW_A(buf, reason) \
1711	TPARAM_CHECK_INJECT_RAW(buf, sizeof(buf), reason)
1712	#define TPARAM_CHECK_MUTATE(name, reason) \
1713	{ QUIC_TPARAM_##name, TPARAM_OP_MUTATE, (reason) },
1714	#define TPARAM_CHECK_INT(name, reason) \
1715	TPARAM_CHECK_DROP_INJECT(name, NULL, 0, reason) \
1716	TPARAM_CHECK_DROP_INJECT_A(name, bogus_int, reason) \
1717	TPARAM_CHECK_DROP_INJECT_A(name, int_with_trailer, reason)
1718
1719	struct tparam_test {
1720	uint64_t id;
1721	int op;
1722	const char expect_fail; / substring to expect in reason */
1723	const void *buf;
1724	size_t buf_len;
1725	};
1726
1727	static const unsigned char retry_scid_1[8] = { 0 };
1728
1729	static const unsigned char disable_active_migration_1[] = {
1730	0x00
1731	};
1732
1733	static const unsigned char malformed_stateless_reset_token_1[] = {
1734	0x02, 0xff
1735	};
1736
1737	static const unsigned char malformed_stateless_reset_token_2[] = {
1738	0x01
1739	};
1740
1741	static const unsigned char malformed_stateless_reset_token_3[15] = { 0 };
1742
1743	static const unsigned char malformed_stateless_reset_token_4[17] = { 0 };
1744
1745	static const unsigned char malformed_preferred_addr_1[] = {
1746	0x0d, 0xff
1747	};
1748
1749	static const unsigned char malformed_preferred_addr_2[42] = {
1750	0x0d, 0x28, /* too short */
1751	};
1752
1753	static const unsigned char malformed_preferred_addr_3[64] = {
1754	0x0d, 0x3e, /* too long */
1755	};
1756
1757	static const unsigned char malformed_preferred_addr_4[] = {
1758	/* TPARAM too short for CID length indicated */
1759	0x0d, 0x29, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1760	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1761	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1762	0x00, 0x00, 0x01, 0x55,
1763	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1764	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1765	};
1766
1767	static const unsigned char malformed_unknown_1[] = {
1768	0xff
1769	};
1770
1771	static const unsigned char malformed_unknown_2[] = {
1772	0x55, 0x55,
1773	};
1774
1775	static const unsigned char malformed_unknown_3[] = {
1776	0x55, 0x55, 0x01,
1777	};
1778
1779	static const unsigned char ack_delay_exp[] = {
1780	0x03
1781	};
1782
1783	static const unsigned char stateless_reset_token[16] = { 0x42 };
1784
1785	static const unsigned char preferred_addr[] = {
1786	0x44, 0x44, 0x44, 0x44,
1787	0x55, 0x55,
1788	0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
1789	0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
1790	0x77, 0x77,
1791	0x02, 0xAA, 0xBB,
1792	0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99,
1793	0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99,
1794	};
1795
1796	static const unsigned char long_cid[21] = { 0x42 };
1797
1798	static const unsigned char excess_ack_delay_exp[] = {
1799	0x15,
1800	};
1801
1802	static const unsigned char excess_max_ack_delay[] = {
1803	0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00,
1804	};
1805
1806	static const unsigned char excess_initial_max_streams[] = {
1807	0xD0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
1808	};
1809
1810	static const unsigned char undersize_udp_payload_size[] = {
1811	0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0xaf,
1812	};
1813
1814	static const unsigned char undersize_active_conn_id_limit[] = {
1815	0xC0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
1816	};
1817
1818	static const unsigned char bogus_int[9] = { 0 };
1819
1820	static const unsigned char int_with_trailer[2] = { 0x01 };
1821
1822	#define QUIC_TPARAM_UNKNOWN_1 0xf1f1
1823
1824	static const struct tparam_test tparam_tests[] = {
1825	TPARAM_CHECK_DUP(ORIG_DCID,
1826	"ORIG_DCID appears multiple times")
1827	TPARAM_CHECK_DUP(INITIAL_SCID,
1828	"INITIAL_SCID appears multiple times")
1829	TPARAM_CHECK_DUP(INITIAL_MAX_DATA,
1830	"INITIAL_MAX_DATA appears multiple times")
1831	TPARAM_CHECK_DUP(INITIAL_MAX_STREAM_DATA_BIDI_LOCAL,
1832	"INITIAL_MAX_STREAM_DATA_BIDI_LOCAL appears multiple times")
1833	TPARAM_CHECK_DUP(INITIAL_MAX_STREAM_DATA_BIDI_REMOTE,
1834	"INITIAL_MAX_STREAM_DATA_BIDI_REMOTE appears multiple times")
1835	TPARAM_CHECK_DUP(INITIAL_MAX_STREAM_DATA_UNI,
1836	"INITIAL_MAX_STREAM_DATA_UNI appears multiple times")
1837	TPARAM_CHECK_DUP(INITIAL_MAX_STREAMS_BIDI,
1838	"INITIAL_MAX_STREAMS_BIDI appears multiple times")
1839	TPARAM_CHECK_DUP(INITIAL_MAX_STREAMS_UNI,
1840	"INITIAL_MAX_STREAMS_UNI appears multiple times")
1841	TPARAM_CHECK_DUP(MAX_IDLE_TIMEOUT,
1842	"MAX_IDLE_TIMEOUT appears multiple times")
1843	TPARAM_CHECK_DUP(MAX_UDP_PAYLOAD_SIZE,
1844	"MAX_UDP_PAYLOAD_SIZE appears multiple times")
1845	TPARAM_CHECK_DUP(ACTIVE_CONN_ID_LIMIT,
1846	"ACTIVE_CONN_ID_LIMIT appears multiple times")
1847	TPARAM_CHECK_DUP(DISABLE_ACTIVE_MIGRATION,
1848	"DISABLE_ACTIVE_MIGRATION appears multiple times")
1849
1850	TPARAM_CHECK_DROP(INITIAL_SCID,
1851	"INITIAL_SCID was not sent but is required")
1852	TPARAM_CHECK_DROP(ORIG_DCID,
1853	"ORIG_DCID was not sent but is required")
1854
1855	TPARAM_CHECK_INJECT_A(RETRY_SCID, retry_scid_1,
1856	"RETRY_SCID sent when not performing a retry")
1857	TPARAM_CHECK_DROP_INJECT_A(DISABLE_ACTIVE_MIGRATION, disable_active_migration_1,
1858	"DISABLE_ACTIVE_MIGRATION is malformed")
1859	TPARAM_CHECK_INJECT(UNKNOWN_1, NULL, 0,
1860	NULL)
1861	TPARAM_CHECK_INJECT_RAW_A(malformed_stateless_reset_token_1,
1862	"STATELESS_RESET_TOKEN is malformed")
1863	TPARAM_CHECK_INJECT_A(STATELESS_RESET_TOKEN,
1864	malformed_stateless_reset_token_2,
1865	"STATELESS_RESET_TOKEN is malformed")
1866	TPARAM_CHECK_INJECT_A(STATELESS_RESET_TOKEN,
1867	malformed_stateless_reset_token_3,
1868	"STATELESS_RESET_TOKEN is malformed")
1869	TPARAM_CHECK_INJECT_A(STATELESS_RESET_TOKEN,
1870	malformed_stateless_reset_token_4,
1871	"STATELESS_RESET_TOKEN is malformed")
1872	TPARAM_CHECK_INJECT(STATELESS_RESET_TOKEN,
1873	NULL, 0,
1874	"STATELESS_RESET_TOKEN is malformed")
1875	TPARAM_CHECK_INJECT_RAW_A(malformed_preferred_addr_1,
1876	"PREFERRED_ADDR is malformed")
1877	TPARAM_CHECK_INJECT_RAW_A(malformed_preferred_addr_2,
1878	"PREFERRED_ADDR is malformed")
1879	TPARAM_CHECK_INJECT_RAW_A(malformed_preferred_addr_3,
1880	"PREFERRED_ADDR is malformed")
1881	TPARAM_CHECK_INJECT_RAW_A(malformed_preferred_addr_4,
1882	"PREFERRED_ADDR is malformed")
1883	TPARAM_CHECK_INJECT_RAW_A(malformed_unknown_1,
1884	"bad transport parameter")
1885	TPARAM_CHECK_INJECT_RAW_A(malformed_unknown_2,
1886	"bad transport parameter")
1887	TPARAM_CHECK_INJECT_RAW_A(malformed_unknown_3,
1888	"bad transport parameter")
1889
1890	TPARAM_CHECK_INJECT_A(ACK_DELAY_EXP, excess_ack_delay_exp,
1891	"ACK_DELAY_EXP is malformed")
1892	TPARAM_CHECK_INJECT_A(MAX_ACK_DELAY, excess_max_ack_delay,
1893	"MAX_ACK_DELAY is malformed")
1894	TPARAM_CHECK_DROP_INJECT_A(INITIAL_MAX_STREAMS_BIDI, excess_initial_max_streams,
1895	"INITIAL_MAX_STREAMS_BIDI is malformed")
1896	TPARAM_CHECK_DROP_INJECT_A(INITIAL_MAX_STREAMS_UNI, excess_initial_max_streams,
1897	"INITIAL_MAX_STREAMS_UNI is malformed")
1898
1899	TPARAM_CHECK_DROP_INJECT_A(MAX_UDP_PAYLOAD_SIZE, undersize_udp_payload_size,
1900	"MAX_UDP_PAYLOAD_SIZE is malformed")
1901	TPARAM_CHECK_DROP_INJECT_A(ACTIVE_CONN_ID_LIMIT, undersize_active_conn_id_limit,
1902	"ACTIVE_CONN_ID_LIMIT is malformed")
1903
1904	TPARAM_CHECK_INJECT_TWICE_A(ACK_DELAY_EXP, ack_delay_exp,
1905	"ACK_DELAY_EXP appears multiple times")
1906	TPARAM_CHECK_INJECT_TWICE_A(MAX_ACK_DELAY, ack_delay_exp,
1907	"MAX_ACK_DELAY appears multiple times")
1908	TPARAM_CHECK_INJECT_TWICE_A(STATELESS_RESET_TOKEN, stateless_reset_token,
1909	"STATELESS_RESET_TOKEN appears multiple times")
1910	TPARAM_CHECK_INJECT_TWICE_A(PREFERRED_ADDR, preferred_addr,
1911	"PREFERRED_ADDR appears multiple times")
1912
1913	TPARAM_CHECK_MUTATE(ORIG_DCID,
1914	"ORIG_DCID does not match expected value")
1915	TPARAM_CHECK_MUTATE(INITIAL_SCID,
1916	"INITIAL_SCID does not match expected value")
1917
1918	TPARAM_CHECK_DROP_INJECT_A(ORIG_DCID, long_cid,
1919	"ORIG_DCID is malformed")
1920	TPARAM_CHECK_DROP_INJECT_A(INITIAL_SCID, long_cid,
1921	"INITIAL_SCID is malformed")
1922
1923	TPARAM_CHECK_INT(INITIAL_MAX_DATA,
1924	"INITIAL_MAX_DATA is malformed")
1925	TPARAM_CHECK_INT(INITIAL_MAX_STREAM_DATA_BIDI_LOCAL,
1926	"INITIAL_MAX_STREAM_DATA_BIDI_LOCAL is malformed")
1927	TPARAM_CHECK_INT(INITIAL_MAX_STREAM_DATA_BIDI_REMOTE,
1928	"INITIAL_MAX_STREAM_DATA_BIDI_REMOTE is malformed")
1929	TPARAM_CHECK_INT(INITIAL_MAX_STREAM_DATA_UNI,
1930	"INITIAL_MAX_STREAM_DATA_UNI is malformed")
1931	TPARAM_CHECK_INT(ACK_DELAY_EXP,
1932	"ACK_DELAY_EXP is malformed")
1933	TPARAM_CHECK_INT(MAX_ACK_DELAY,
1934	"MAX_ACK_DELAY is malformed")
1935	TPARAM_CHECK_INT(INITIAL_MAX_STREAMS_BIDI,
1936	"INITIAL_MAX_STREAMS_BIDI is malformed")
1937	TPARAM_CHECK_INT(INITIAL_MAX_STREAMS_UNI,
1938	"INITIAL_MAX_STREAMS_UNI is malformed")
1939	TPARAM_CHECK_INT(MAX_IDLE_TIMEOUT,
1940	"MAX_IDLE_TIMEOUT is malformed")
1941	TPARAM_CHECK_INT(MAX_UDP_PAYLOAD_SIZE,
1942	"MAX_UDP_PAYLOAD_SIZE is malformed")
1943	TPARAM_CHECK_INT(ACTIVE_CONN_ID_LIMIT,
1944	"ACTIVE_CONN_ID_LIMIT is malformed")
1945	};
1946
1947	struct tparam_ctx {
1948	const struct tparam_test *t;
1949	};
1950
1951	static int tparam_handle(struct tparam_ctx *ctx,
1952	uint64_t id, unsigned char *data,
1953	size_t data_len,
1954	WPACKET *wpkt)
1955	{
1956	const struct tparam_test *t = ctx->t;
1957
1958	switch (t->op) {
1959	case TPARAM_OP_DUP:
1960	if (!TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(wpkt, id,
1961	data, data_len)))
1962	return 0;
1963
1964	/*
1965	* If this is the matching ID, write it again, duplicating the TPARAM.
1966	*/
1967	if (id == t->id
1968	&& !TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(wpkt, id,
1969	data, data_len)))
1970	return 0;
1971
1972	return 1;
1973
1974	case TPARAM_OP_DROP:
1975	case TPARAM_OP_DROP_INJECT:
1976	/* Pass through unless ID matches. */
1977	if (id != t->id
1978	&& !TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(wpkt, id,
1979	data, data_len)))
1980	return 0;
1981
1982	return 1;
1983
1984	case TPARAM_OP_INJECT:
1985	case TPARAM_OP_INJECT_TWICE:
1986	case TPARAM_OP_INJECT_RAW:
1987	/* Always pass through. */
1988	if (!TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(wpkt, id,
1989	data, data_len)))
1990	return 0;
1991
1992	return 1;
1993
1994	case TPARAM_OP_MUTATE:
1995	if (id == t->id) {
1996	if (!TEST_size_t_gt(data_len, 0))
1997	return 0;
1998
1999	data[0] ^= 1;
2000	}
2001
2002	if (!TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(wpkt, id,
2003	data, data_len)))
2004	return 0;
2005
2006	if (id == t->id)
2007	data[0] ^= 1;
2008
2009	return 1;
2010
2011	default:
2012	return 0;
2013	}
2014	}
2015
2016	static int tparam_on_enc_ext(QTEST_FAULT qtf, QTEST_ENCRYPTED_EXTENSIONS ee,
2017	size_t ee_len, void *arg)
2018	{
2019	int rc = 0;
2020	struct tparam_ctx *ctx = arg;
2021	PACKET pkt = {0};
2022	WPACKET wpkt;
2023	int have_wpkt = 0;
2024	BUF_MEM old_bufm = NULL, new_bufm = NULL;
2025	unsigned char *tp_p;
2026	size_t tp_len, written, old_len, eb_len;
2027	uint64_t id;
2028
2029	if (!TEST_ptr(old_bufm = BUF_MEM_new()))
2030	goto err;
2031
2032	/*
2033	* Delete transport parameters TLS extension and capture the contents of the
2034	* extension which was removed.
2035	*/
2036	if (!TEST_true(qtest_fault_delete_extension(qtf, TLSEXT_TYPE_quic_transport_parameters,
2037	ee->extensions, &ee->extensionslen,
2038	old_bufm)))
2039	goto err;
2040
2041	if (!TEST_true(PACKET_buf_init(&pkt, (unsigned char *)old_bufm->data, old_bufm->length))
2042	\|\| !TEST_ptr(new_bufm = BUF_MEM_new())
2043	\|\| !TEST_true(WPACKET_init(&wpkt, new_bufm)))
2044	goto err;
2045
2046	have_wpkt = 1;
2047
2048	/*
2049	* Open transport parameters TLS extension:
2050	*
2051	* u16 Extension ID (quic_transport_parameters)
2052	* u16 Extension Data Length
2053	* ... Extension Data
2054	*
2055	*/
2056	if (!TEST_true(WPACKET_put_bytes_u16(&wpkt,
2057	TLSEXT_TYPE_quic_transport_parameters))
2058	\|\| !TEST_true(WPACKET_start_sub_packet_u16(&wpkt)))
2059	goto err;
2060
2061	for (; PACKET_remaining(&pkt) > 0; ) {
2062	tp_p = (unsigned char *)ossl_quic_wire_decode_transport_param_bytes(&pkt,
2063	&id,
2064	&tp_len);
2065	if (!TEST_ptr(tp_p)) {
2066	TEST_mem_eq(PACKET_data(&pkt), PACKET_remaining(&pkt), NULL, 0);
2067	goto err;
2068	}
2069
2070	if (!TEST_true(tparam_handle(ctx, id, tp_p, tp_len, &wpkt)))
2071	goto err;
2072	}
2073
2074	if (ctx->t->op == TPARAM_OP_INJECT \|\| ctx->t->op == TPARAM_OP_DROP_INJECT
2075	\|\| ctx->t->op == TPARAM_OP_INJECT_TWICE) {
2076	if (!TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(&wpkt, ctx->t->id,
2077	ctx->t->buf,
2078	ctx->t->buf_len)))
2079	goto err;
2080
2081	if (ctx->t->op == TPARAM_OP_INJECT_TWICE
2082	&& !TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(&wpkt, ctx->t->id,
2083	ctx->t->buf,
2084	ctx->t->buf_len)))
2085	goto err;
2086	} else if (ctx->t->op == TPARAM_OP_INJECT_RAW) {
2087	if (!TEST_true(WPACKET_memcpy(&wpkt, ctx->t->buf, ctx->t->buf_len)))
2088	goto err;
2089	}
2090
2091	if (!TEST_true(WPACKET_close(&wpkt))) /* end extension data, set length */
2092	goto err;
2093
2094	if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
2095	goto err;
2096
2097	WPACKET_finish(&wpkt);
2098	have_wpkt = 0;
2099
2100	/*
2101	* Append the constructed extension blob to the extension block.
2102	*/
2103	old_len = ee->extensionslen;
2104
2105	if (!qtest_fault_resize_message(qtf, ee->extensionslen + written))
2106	goto err;
2107
2108	memcpy(ee->extensions + old_len, new_bufm->data, written);
2109
2110	/* Fixup the extension block header (u16 length of entire block). */
2111	eb_len = (((uint16_t)ee->extensions[0]) << 8) + (uint16_t)ee->extensions[1];
2112	eb_len += written;
2113	ee->extensions[0] = (unsigned char)((eb_len >> 8) & 0xFF);
2114	ee->extensions[1] = (unsigned char)( eb_len & 0xFF);
2115
2116	rc = 1;
2117	err:
2118	if (have_wpkt)
2119	WPACKET_cleanup(&wpkt);
2120	BUF_MEM_free(old_bufm);
2121	BUF_MEM_free(new_bufm);
2122	return rc;
2123	}
2124
2125	static int test_tparam(int idx)
2126	{
2127	int testresult = 0;
2128	SSL_CTX *c_ctx = NULL;
2129	SSL *c_ssl = NULL;
2130	QUIC_TSERVER *s = NULL;
2131	QTEST_FAULT *qtf = NULL;
2132	struct tparam_ctx ctx = {0};
2133
2134	ctx.t = &tparam_tests[idx];
2135
2136	if (!TEST_ptr(c_ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
2137	goto err;
2138
2139	if (!TEST_true(qtest_create_quic_objects(libctx, c_ctx, NULL, cert,
2140	privkey, 0, &s,
2141	&c_ssl, &qtf, NULL)))
2142	goto err;
2143
2144	if (!TEST_true(qtest_fault_set_hand_enc_ext_listener(qtf, tparam_on_enc_ext,
2145	&ctx)))
2146	goto err;
2147
2148	if (!TEST_true(qtest_create_quic_connection_ex(s, c_ssl,
2149	ctx.t->expect_fail != NULL)))
2150	goto err;
2151
2152	if (ctx.t->expect_fail != NULL) {
2153	SSL_CONN_CLOSE_INFO info = {0};
2154
2155	if (!TEST_true(SSL_get_conn_close_info(c_ssl, &info, sizeof(info))))
2156	goto err;
2157
2158	if (!TEST_true((info.flags & SSL_CONN_CLOSE_FLAG_TRANSPORT) != 0)
2159	\|\| !TEST_uint64_t_eq(info.error_code, OSSL_QUIC_ERR_TRANSPORT_PARAMETER_ERROR)
2160	\|\| !TEST_ptr(strstr(info.reason, ctx.t->expect_fail))) {
2161	TEST_error("expected connection closure information mismatch"
2162	" during TPARAM test: flags=%llu ec=%llu reason='%s'",
2163	(unsigned long long)info.flags,
2164	(unsigned long long)info.error_code,
2165	info.reason);
2166	goto err;
2167	}
2168	}
2169
2170	testresult = 1;
2171	err:
2172	if (!testresult) {
2173	if (ctx.t->expect_fail != NULL)
2174	TEST_info("failed during test for id=%llu, op=%d, bl=%zu, "
2175	"expected failure='%s'", (unsigned long long)ctx.t->id,
2176	ctx.t->op, ctx.t->buf_len, ctx.t->expect_fail);
2177	else
2178	TEST_info("failed during test for id=%llu, op=%d, bl=%zu",
2179	(unsigned long long)ctx.t->id, ctx.t->op, ctx.t->buf_len);
2180	}
2181
2182	ossl_quic_tserver_free(s);
2183	SSL_free(c_ssl);
2184	SSL_CTX_free(c_ctx);
2185	qtest_fault_free(qtf);
2186	return testresult;
2187	}
2188
2189	static int new_called = 0;
2190	static SSL *cbssl = NULL;
2191
2192	static int new_session_cb(SSL ssl, SSL_SESSION sess)
2193	{
2194	new_called++;
2195	/*
2196	* Remember the SSL ref we were called with. No need to up-ref this. It
2197	* should remain valid for the duration of the test.
2198	*/
2199	cbssl = ssl;
2200	/*
2201	* sess has been up-refed for us, but we don't actually need it so free it
2202	* immediately.
2203	*/
2204	SSL_SESSION_free(sess);
2205	return 1;
2206	}
2207
2208	/* Test using a new_session_cb with a QUIC SSL object works as expected */
2209	static int test_session_cb(void)
2210	{
2211	SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
2212	SSL *clientquic = NULL;
2213	QUIC_TSERVER *qtserv = NULL;
2214	int testresult = 0;
2215
2216	if (!TEST_ptr(cctx))
2217	goto err;
2218
2219	new_called = 0;
2220	cbssl = NULL;
2221	SSL_CTX_sess_set_new_cb(cctx, new_session_cb);
2222	SSL_CTX_set_session_cache_mode(cctx, SSL_SESS_CACHE_CLIENT);
2223
2224	if (!TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
2225	privkey,
2226	QTEST_FLAG_FAKE_TIME,
2227	&qtserv, &clientquic,
2228	NULL, NULL)))
2229	goto err;
2230
2231	if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
2232	goto err;
2233
2234	/* Process the pending NewSessionTickets */
2235	if (!TEST_true(SSL_handle_events(clientquic)))
2236	goto err;
2237
2238	if (!TEST_int_eq(SSL_shutdown(clientquic), 0))
2239	goto err;
2240
2241	/*
2242	* Check the callback was called twice (we expect 2 tickets), and with the
2243	* correct SSL reference
2244	*/
2245	if (!TEST_int_eq(new_called, 2)
2246	\|\| !TEST_ptr_eq(clientquic, cbssl))
2247	goto err;
2248
2249	testresult = 1;
2250	err:
2251	cbssl = NULL;
2252	ossl_quic_tserver_free(qtserv);
2253	SSL_free(clientquic);
2254	SSL_CTX_free(cctx);
2255
2256	return testresult;
2257	}
2258
2259	/***********************************************************************************/
2260
2261	OPT_TEST_DECLARE_USAGE("provider config certsdir datadir\n")
2262
2263	int setup_tests(void)
2264	{
2265	char *modulename;
2266	char *configfile;
2267
2268	libctx = OSSL_LIB_CTX_new();
2269	if (!TEST_ptr(libctx))
2270	return 0;
2271
2272	defctxnull = OSSL_PROVIDER_load(NULL, "null");
2273
2274	/*
2275	* Verify that the default and fips providers in the default libctx are not
2276	* available
2277	*/
2278	if (!TEST_false(OSSL_PROVIDER_available(NULL, "default"))
2279	\|\| !TEST_false(OSSL_PROVIDER_available(NULL, "fips")))
2280	goto err;
2281
2282	if (!test_skip_common_options()) {
2283	TEST_error("Error parsing test options\n");
2284	goto err;
2285	}
2286
2287	if (!TEST_ptr(modulename = test_get_argument(0))
2288	\|\| !TEST_ptr(configfile = test_get_argument(1))
2289	\|\| !TEST_ptr(certsdir = test_get_argument(2))
2290	\|\| !TEST_ptr(datadir = test_get_argument(3)))
2291	goto err;
2292
2293	if (!TEST_true(OSSL_LIB_CTX_load_config(libctx, configfile)))
2294	goto err;
2295
2296	/* Check we have the expected provider available */
2297	if (!TEST_true(OSSL_PROVIDER_available(libctx, modulename)))
2298	goto err;
2299
2300	/* Check the default provider is not available */
2301	if (strcmp(modulename, "default") != 0
2302	&& !TEST_false(OSSL_PROVIDER_available(libctx, "default")))
2303	goto err;
2304
2305	if (strcmp(modulename, "fips") == 0)
2306	is_fips = 1;
2307
2308	cert = test_mk_file_path(certsdir, "servercert.pem");
2309	if (cert == NULL)
2310	goto err;
2311
2312	ccert = test_mk_file_path(certsdir, "ee-client-chain.pem");
2313	if (ccert == NULL)
2314	goto err;
2315
2316	cauthca = test_mk_file_path(certsdir, "root-cert.pem");
2317	if (cauthca == NULL)
2318	goto err;
2319
2320	privkey = test_mk_file_path(certsdir, "serverkey.pem");
2321	if (privkey == NULL)
2322	goto err;
2323
2324	cprivkey = test_mk_file_path(certsdir, "ee-key.pem");
2325	if (privkey == NULL)
2326	goto err;
2327
2328	ADD_ALL_TESTS(test_quic_write_read, 3);
2329	ADD_TEST(test_fin_only_blocking);
2330	ADD_TEST(test_ciphersuites);
2331	ADD_TEST(test_cipher_find);
2332	ADD_TEST(test_version);
2333	#if defined(DO_SSL_TRACE_TEST)
2334	ADD_TEST(test_ssl_trace);
2335	#endif
2336	ADD_TEST(test_quic_forbidden_apis_ctx);
2337	ADD_TEST(test_quic_forbidden_apis);
2338	ADD_TEST(test_quic_forbidden_options);
2339	ADD_ALL_TESTS(test_quic_set_fd, 3);
2340	ADD_TEST(test_bio_ssl);
2341	ADD_TEST(test_back_pressure);
2342	ADD_TEST(test_multiple_dgrams);
2343	ADD_ALL_TESTS(test_non_io_retry, 2);
2344	ADD_TEST(test_quic_psk);
2345	ADD_ALL_TESTS(test_client_auth, 3);
2346	ADD_ALL_TESTS(test_alpn, 2);
2347	ADD_ALL_TESTS(test_noisy_dgram, 2);
2348	ADD_TEST(test_bw_limit);
2349	ADD_TEST(test_get_shutdown);
2350	ADD_ALL_TESTS(test_tparam, OSSL_NELEM(tparam_tests));
2351	ADD_TEST(test_session_cb);
2352
2353	return 1;
2354	err:
2355	cleanup_tests();
2356	return 0;
2357	}
2358
2359	void cleanup_tests(void)
2360	{
2361	bio_f_noisy_dgram_filter_free();
2362	bio_f_pkt_split_dgram_filter_free();
2363	OPENSSL_free(cert);
2364	OPENSSL_free(privkey);
2365	OPENSSL_free(ccert);
2366	OPENSSL_free(cauthca);
2367	OPENSSL_free(cprivkey);
2368	OSSL_PROVIDER_unload(defctxnull);
2369	OSSL_LIB_CTX_free(libctx);
2370	}

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/libs/openssl-3.4.1/test/quicapitest.c

Download in other formats: