]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/quicapitest.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Add support for timeouts into quictestlib.c
[thirdparty/openssl.git] / test / quicapitest.c
CommitLineData
e44795bd 1/*
da1c088f 2 * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
e44795bd
TM		 3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <stdio.h>
11#include <string.h>
12
13#include <openssl/opensslconf.h>
14#include <openssl/quic.h>
a1c87f64 15#include <openssl/rand.h>
e44795bd
TM		 16
17#include "helpers/ssltestlib.h"
0c593328 18#include "helpers/quictestlib.h"
e44795bd
TM		 19#include "testutil.h"
20#include "testutil/output.h"
f0d9757c 21#include "../ssl/ssl_local.h"
e44795bd
TM		 22
23static OSSL_LIB_CTX *libctx = NULL;
24static OSSL_PROVIDER *defctxnull = NULL;
0c593328
MC		 25static char *certsdir = NULL;
26static char *cert = NULL;
27static char *privkey = NULL;
2e1da969 28static char *datadir = NULL;
e44795bd
TM		 29
30static int is_fips = 0;
31
1be2ee68
MC		 32/* The ssltrace test assumes some options are switched on/off */
33#if !defined(OPENSSL_NO_SSL_TRACE) && !defined(OPENSSL_NO_EC) \
34 && defined(OPENSSL_NO_ZLIB) && defined(OPENSSL_NO_BROTLI) \
61cc84d9
MC		 35 && defined(OPENSSL_NO_ZSTD) && !defined(OPENSSL_NO_ECX) \
36 && !defined(OPENSSL_NO_DH)
1be2ee68
MC		 37# define DO_SSL_TRACE_TEST
38#endif
39
e44795bd
TM		 40/*
41 * Test that we read what we've written.
0c593328
MC		 42 * Test 0: Non-blocking
43 * Test 1: Blocking
5c3474ea 44 * Test 2: Blocking, introduce socket error, test error handling.
e44795bd 45 */
0c593328 46static int test_quic_write_read(int idx)
e44795bd 47{
0c593328 48 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
cf355bd6 49 SSL_CTX *sctx = NULL;
0c593328
MC		 50 SSL *clientquic = NULL;
51 QUIC_TSERVER *qtserv = NULL;
cf355bd6 52 int j, k, ret = 0;
0c593328 53 unsigned char buf[20];
e44795bd
TM		 54 static char *msg = "A test message";
55 size_t msglen = strlen(msg);
56 size_t numbytes = 0;
0c593328 57 int ssock = 0, csock = 0;
b757beb5 58 uint64_t sid = UINT64_MAX;
cf355bd6 59 SSL_SESSION *sess = NULL;
0c593328 60
5c3474ea 61 if (idx >= 1 && !qtest_supports_blocking())
0c593328 62 return TEST_skip("Blocking tests not supported in this build");
e44795bd 63
cf355bd6
MC		 64 for (k = 0; k < 2; k++) {
65 if (!TEST_ptr(cctx)
66 || !TEST_true(qtest_create_quic_objects(libctx, cctx, sctx,
67 cert, privkey,
68 idx >= 1
69 ? QTEST_FLAG_BLOCK
70 : 0,
71 &qtserv, &clientquic,
72 NULL))
73 || !TEST_true(SSL_set_tlsext_host_name(clientquic, "localhost")))
0c593328 74 goto end;
0c593328 75
cf355bd6
MC		 76 if (sess != NULL && !TEST_true(SSL_set_session(clientquic, sess)))
77 goto end;
b757beb5 78
cf355bd6 79 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
0c593328 80 goto end;
cf355bd6 81
5c3474ea 82 if (idx >= 1) {
cf355bd6
MC		 83 if (!TEST_true(BIO_get_fd(ossl_quic_tserver_get0_rbio(qtserv),
84 &ssock)))
85 goto end;
86 if (!TEST_int_gt(csock = SSL_get_rfd(clientquic), 0))
87 goto end;
88 }
89
90 sid = 0; /* client-initiated bidirectional stream */
91
92 for (j = 0; j < 2; j++) {
93 /* Check that sending and receiving app data is ok */
94 if (!TEST_true(SSL_write_ex(clientquic, msg, msglen, &numbytes))
95 || !TEST_size_t_eq(numbytes, msglen))
96 goto end;
97 if (idx >= 1) {
98 do {
99 if (!TEST_true(wait_until_sock_readable(ssock)))
100 goto end;
101
102 ossl_quic_tserver_tick(qtserv);
103
104 if (!TEST_true(ossl_quic_tserver_read(qtserv, sid, buf,
105 sizeof(buf),
106 &numbytes)))
107 goto end;
108 } while (numbytes == 0);
109
110 if (!TEST_mem_eq(buf, numbytes, msg, msglen))
54b86b7f 111 goto end;
cf355bd6 112 }
54b86b7f 113
cf355bd6
MC		 114 if (idx >= 2 && j > 0)
115 /* Introduce permanent socket error */
116 BIO_closesocket(csock);
54b86b7f 117
cf355bd6
MC		 118 ossl_quic_tserver_tick(qtserv);
119 if (!TEST_true(ossl_quic_tserver_write(qtserv, sid,
120 (unsigned char *)msg,
121 msglen, &numbytes)))
122 goto end;
123 ossl_quic_tserver_tick(qtserv);
124 SSL_handle_events(clientquic);
125
126 if (idx >= 2 && j > 0) {
127 if (!TEST_false(SSL_read_ex(clientquic, buf, 1, &numbytes))
128 || !TEST_int_eq(SSL_get_error(clientquic, 0),
129 SSL_ERROR_SYSCALL)
130 || !TEST_false(SSL_write_ex(clientquic, msg, msglen,
131 &numbytes))
132 || !TEST_int_eq(SSL_get_error(clientquic, 0),
133 SSL_ERROR_SYSCALL))
54b86b7f 134 goto end;
cf355bd6
MC		 135 break;
136 }
137
138 /*
139 * In blocking mode the SSL_read_ex call will block until the socket
140 * is readable and has our data. In non-blocking mode we're doing
141 * everything in memory, so it should be immediately available
142 */
143 if (!TEST_true(SSL_read_ex(clientquic, buf, 1, &numbytes))
144 || !TEST_size_t_eq(numbytes, 1)
145 || !TEST_true(SSL_has_pending(clientquic))
146 || !TEST_int_eq(SSL_pending(clientquic), msglen - 1)
147 || !TEST_true(SSL_read_ex(clientquic, buf + 1,
148 sizeof(buf) - 1, &numbytes))
149 || !TEST_mem_eq(buf, numbytes + 1, msg, msglen))
150 goto end;
151 }
54b86b7f 152
cf355bd6
MC		 153 if (sess == NULL) {
154 /* We didn't supply a session so we're not expecting resumption */
155 if (!TEST_false(SSL_session_reused(clientquic)))
156 goto end;
157 /* We should have a session ticket by now */
158 sess = SSL_get1_session(clientquic);
159 if (!TEST_ptr(sess))
160 goto end;
161 } else {
162 /* We supplied a session so we should have resumed */
163 if (!TEST_true(SSL_session_reused(clientquic)))
54b86b7f
HL		 164 goto end;
165 }
e44795bd 166
c9fb65b8
MC		 167 if (!TEST_true(qtest_shutdown(qtserv, clientquic)))
168 goto end;
5c3474ea 169
cf355bd6
MC		 170 if (sctx == NULL) {
171 sctx = ossl_quic_tserver_get0_ssl_ctx(qtserv);
172 if (!TEST_true(SSL_CTX_up_ref(sctx))) {
173 sctx = NULL;
5c3474ea 174 goto end;
cf355bd6 175 }
5c3474ea 176 }
cf355bd6
MC		 177 ossl_quic_tserver_free(qtserv);
178 qtserv = NULL;
179 SSL_free(clientquic);
180 clientquic = NULL;
5c3474ea 181
cf355bd6
MC		 182 if (idx >= 2)
183 break;
e44795bd
TM		 184 }
185
186 ret = 1;
187
188 end:
cf355bd6 189 SSL_SESSION_free(sess);
0c593328 190 ossl_quic_tserver_free(qtserv);
e44795bd 191 SSL_free(clientquic);
e44795bd 192 SSL_CTX_free(cctx);
cf355bd6 193 SSL_CTX_free(sctx);
e44795bd
TM		 194
195 return ret;
196}
197
0fa6612e
MC		 198/*
199 * Test that sending FIN with no data to a client blocking in SSL_read_ex() will
200 * wake up the client.
201 */
202static int test_fin_only_blocking(void)
203{
204 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
205 SSL_CTX *sctx = NULL;
206 SSL *clientquic = NULL;
207 QUIC_TSERVER *qtserv = NULL;
208 const char *msg = "Hello World";
209 uint64_t sid;
210 size_t numbytes;
211 unsigned char buf[32];
212 int ret = 0;
213 OSSL_TIME timer, timediff;
214
215 if (!qtest_supports_blocking())
216 return TEST_skip("Blocking tests not supported in this build");
217
218 if (!TEST_ptr(cctx)
219 || !TEST_true(qtest_create_quic_objects(libctx, cctx, sctx,
220 cert, privkey,
221 QTEST_FLAG_BLOCK,
222 &qtserv, &clientquic,
223 NULL))
224 || !TEST_true(SSL_set_tlsext_host_name(clientquic, "localhost")))
225 goto end;
226
227 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
228 goto end;
229
230 if (!TEST_true(ossl_quic_tserver_stream_new(qtserv, 0, &sid))
231 || !TEST_true(ossl_quic_tserver_write(qtserv, sid,
232 (unsigned char *)msg,
233 strlen(msg), &numbytes))
234 || !TEST_size_t_eq(strlen(msg), numbytes))
235 goto end;
236
237 ossl_quic_tserver_tick(qtserv);
238
239 if (!TEST_true(SSL_read_ex(clientquic, buf, sizeof(buf), &numbytes))
240 || !TEST_mem_eq(msg, strlen(msg), buf, numbytes))
241
242
243 goto end;
244
245 if (!TEST_true(ossl_quic_tserver_conclude(qtserv, sid)))
246 goto end;
247
248 timer = ossl_time_now();
249 if (!TEST_false(SSL_read_ex(clientquic, buf, sizeof(buf), &numbytes)))
250 goto end;
251 timediff = ossl_time_subtract(ossl_time_now(), timer);
252
253 if (!TEST_int_eq(SSL_get_error(clientquic, 0), SSL_ERROR_ZERO_RETURN)
254 /*
255 * We expect the SSL_read_ex to not have blocked so this should
256 * be very fast. 20ms should be plenty.
257 */
258 || !TEST_uint64_t_le(ossl_time2ms(timediff), 20))
259 goto end;
260
261 if (!TEST_true(qtest_shutdown(qtserv, clientquic)))
262 goto end;
263
264 ret = 1;
265
266 end:
267 ossl_quic_tserver_free(qtserv);
268 SSL_free(clientquic);
269 SSL_CTX_free(cctx);
270 SSL_CTX_free(sctx);
271
272 return ret;
273}
274
0c9646ec
MC		 275/* Test that a vanilla QUIC SSL object has the expected ciphersuites available */
276static int test_ciphersuites(void)
277{
278 SSL_CTX *ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
279 SSL *ssl;
280 int testresult = 0;
281 const STACK_OF(SSL_CIPHER) *ciphers = NULL;
282 const SSL_CIPHER *cipher;
283 /* We expect this exact list of ciphersuites by default */
284 int cipherids[] = {
285 TLS1_3_CK_AES_256_GCM_SHA384,
286#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
287 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
288#endif
289 TLS1_3_CK_AES_128_GCM_SHA256
290 };
291 size_t i, j;
292
293 if (!TEST_ptr(ctx))
294 return 0;
295
296 ssl = SSL_new(ctx);
297 if (!TEST_ptr(ssl))
298 goto err;
299
300 ciphers = SSL_get_ciphers(ssl);
301
302 for (i = 0, j = 0; i < OSSL_NELEM(cipherids); i++) {
303 if (cipherids[i] == TLS1_3_CK_CHACHA20_POLY1305_SHA256 && is_fips)
304 continue;
305 cipher = sk_SSL_CIPHER_value(ciphers, j++);
306 if (!TEST_ptr(cipher))
307 goto err;
308 if (!TEST_uint_eq(SSL_CIPHER_get_id(cipher), cipherids[i]))
309 goto err;
310 }
311
312 /* We should have checked all the ciphers in the stack */
313 if (!TEST_int_eq(sk_SSL_CIPHER_num(ciphers), j))
314 goto err;
315
316 testresult = 1;
317 err:
318 SSL_free(ssl);
319 SSL_CTX_free(ctx);
320
321 return testresult;
322}
323
9912dfb9
MC		 324static int test_cipher_find(void)
325{
326 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
327 SSL *clientquic = NULL;
328 struct {
329 const unsigned char *cipherbytes;
330 int ok;
331 } testciphers[] = {
332 { TLS13_AES_128_GCM_SHA256_BYTES, 1 },
333 { TLS13_AES_256_GCM_SHA384_BYTES, 1 },
334 { TLS13_CHACHA20_POLY1305_SHA256_BYTES, 1 },
335 { TLS13_AES_128_CCM_SHA256_BYTES, 0 },
336 { TLS13_AES_128_CCM_8_SHA256_BYTES, 0 }
337 };
338 size_t i;
339 int testresult = 0;
340
341 if (!TEST_ptr(cctx))
342 goto err;
343
344 clientquic = SSL_new(cctx);
345 if (!TEST_ptr(clientquic))
346 goto err;
347
348 for (i = 0; i < OSSL_NELEM(testciphers); i++)
349 if (testciphers[i].ok) {
350 if (!TEST_ptr(SSL_CIPHER_find(clientquic,
351 testciphers[i].cipherbytes)))
352 goto err;
353 } else {
354 if (!TEST_ptr_null(SSL_CIPHER_find(clientquic,
355 testciphers[i].cipherbytes)))
356 goto err;
357 }
358
359 testresult = 1;
360 err:
361 SSL_free(clientquic);
362 SSL_CTX_free(cctx);
363
364 return testresult;
365}
366
843f6e27
MC		 367/*
368 * Test that SSL_version, SSL_get_version, SSL_is_quic, SSL_is_tls and
369 * SSL_is_dtls return the expected results for a QUIC connection. Compare with
370 * test_version() in sslapitest.c which does the same thing for TLS/DTLS
371 * connections.
372 */
373static int test_version(void)
374{
375 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
376 SSL *clientquic = NULL;
377 QUIC_TSERVER *qtserv = NULL;
378 int testresult = 0;
379
380 if (!TEST_ptr(cctx)
cf355bd6
MC		 381 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
382 privkey, 0, &qtserv,
383 &clientquic, NULL))
843f6e27
MC		 384 || !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
385 goto err;
386
387 if (!TEST_int_eq(SSL_version(clientquic), OSSL_QUIC1_VERSION)
388 || !TEST_str_eq(SSL_get_version(clientquic), "QUICv1"))
389 goto err;
390
391 if (!TEST_true(SSL_is_quic(clientquic))
392 || !TEST_false(SSL_is_tls(clientquic))
393 || !TEST_false(SSL_is_dtls(clientquic)))
394 goto err;
395
396
397 testresult = 1;
398 err:
399 ossl_quic_tserver_free(qtserv);
400 SSL_free(clientquic);
401 SSL_CTX_free(cctx);
402
403 return testresult;
404}
405
1be2ee68 406#if defined(DO_SSL_TRACE_TEST)
2e1da969
MC		 407static void strip_line_ends(char *str)
408{
409 size_t i;
410
411 for (i = strlen(str);
412 i > 0 && (str[i - 1] == '\n' || str[i - 1] == '\r');
413 i--);
414
415 str[i] = '\0';
416}
417
418static int compare_with_file(BIO *membio)
419{
b7278eea 420 BIO *file = NULL, *newfile = NULL;
2e1da969
MC		 421 char buf1[512], buf2[512];
422 char *reffile;
423 int ret = 0;
424 size_t i;
425
426 reffile = test_mk_file_path(datadir, "ssltraceref.txt");
427 if (!TEST_ptr(reffile))
428 goto err;
429
430 file = BIO_new_file(reffile, "rb");
431 if (!TEST_ptr(file))
432 goto err;
433
b7278eea
TM		 434 newfile = BIO_new_file("ssltraceref-new.txt", "wb");
435 if (!TEST_ptr(newfile))
436 goto err;
437
438 while (BIO_gets(membio, buf2, sizeof(buf2)) > 0)
439 if (BIO_puts(newfile, buf2) <= 0) {
440 TEST_error("Failed writing new file data");
441 goto err;
442 }
443
444 if (!TEST_int_ge(BIO_seek(membio, 0), 0))
445 goto err;
446
2e1da969
MC		 447 while (BIO_gets(file, buf1, sizeof(buf1)) > 0) {
448 if (BIO_gets(membio, buf2, sizeof(buf2)) <= 0) {
449 TEST_error("Failed reading mem data");
450 goto err;
451 }
452 strip_line_ends(buf1);
453 strip_line_ends(buf2);
454 if (strlen(buf1) != strlen(buf2)) {
455 TEST_error("Actual and ref line data length mismatch");
456 TEST_info("%s", buf1);
457 TEST_info("%s", buf2);
458 goto err;
459 }
460 for (i = 0; i < strlen(buf1); i++) {
461 /* '?' is a wild card character in the reference text */
462 if (buf1[i] == '?')
463 buf2[i] = '?';
464 }
465 if (!TEST_str_eq(buf1, buf2))
466 goto err;
467 }
468 if (!TEST_true(BIO_eof(file))
469 || !TEST_true(BIO_eof(membio)))
470 goto err;
471
472 ret = 1;
473 err:
474 OPENSSL_free(reffile);
475 BIO_free(file);
b7278eea 476 BIO_free(newfile);
2e1da969
MC		 477 return ret;
478}
479
480/*
481 * Tests that the SSL_trace() msg_callback works as expected with a QUIC
482 * connection. This also provides testing of the msg_callback at the same time.
483 */
484static int test_ssl_trace(void)
485{
486 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
487 SSL *clientquic = NULL;
488 QUIC_TSERVER *qtserv = NULL;
489 int testresult = 0;
490 BIO *bio = BIO_new(BIO_s_mem());
491
492 /*
493 * Ensure we only configure ciphersuites that are available with both the
494 * default and fips providers to get the same output in both cases
495 */
496 if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_128_GCM_SHA256")))
497 goto err;
498
499 if (!TEST_ptr(cctx)
500 || !TEST_ptr(bio)
cf355bd6 501 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
617cab09
TM		 502 privkey,
503 QTEST_FLAG_FAKE_TIME,
504 &qtserv,
cf355bd6 505 &clientquic, NULL)))
2e1da969
MC		 506 goto err;
507
508 SSL_set_msg_callback(clientquic, SSL_trace);
509 SSL_set_msg_callback_arg(clientquic, bio);
510
511 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
512 goto err;
513
514 if (!TEST_true(compare_with_file(bio)))
515 goto err;
516
517 testresult = 1;
518 err:
519 ossl_quic_tserver_free(qtserv);
520 SSL_free(clientquic);
521 SSL_CTX_free(cctx);
522 BIO_free(bio);
523
524 return testresult;
525}
526#endif
527
09d56d20
HL		 528static int ensure_valid_ciphers(const STACK_OF(SSL_CIPHER) *ciphers)
529{
530 size_t i;
531
532 /* Ensure ciphersuite list is suitably subsetted. */
533 for (i = 0; i < (size_t)sk_SSL_CIPHER_num(ciphers); ++i) {
534 const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(ciphers, i);
535 switch (SSL_CIPHER_get_id(cipher)) {
536 case TLS1_3_CK_AES_128_GCM_SHA256:
537 case TLS1_3_CK_AES_256_GCM_SHA384:
538 case TLS1_3_CK_CHACHA20_POLY1305_SHA256:
539 break;
540 default:
541 TEST_error("forbidden cipher: %s", SSL_CIPHER_get_name(cipher));
542 return 0;
543 }
544 }
545
546 return 1;
547}
548
f082205b
HL		 549/*
550 * Test that handshake-layer APIs which shouldn't work don't work with QUIC.
551 */
09d56d20 552static int test_quic_forbidden_apis_ctx(void)
f082205b
HL		 553{
554 int testresult = 0;
555 SSL_CTX *ctx = NULL;
f082205b
HL		 556
557 if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
558 goto err;
559
9f3cd808 560#ifndef OPENSSL_NO_SRTP
f082205b
HL		 561 /* This function returns 0 on success and 1 on error, and should fail. */
562 if (!TEST_true(SSL_CTX_set_tlsext_use_srtp(ctx, "SRTP_AEAD_AES_128_GCM")))
563 goto err;
9f3cd808 564#endif
f082205b 565
09d56d20
HL		 566 /*
567 * List of ciphersuites we do and don't allow in QUIC.
568 */
569#define QUIC_CIPHERSUITES \
570 "TLS_AES_128_GCM_SHA256:" \
571 "TLS_AES_256_GCM_SHA384:" \
572 "TLS_CHACHA20_POLY1305_SHA256"
573
574#define NON_QUIC_CIPHERSUITES \
575 "TLS_AES_128_CCM_SHA256:" \
576 "TLS_AES_256_CCM_SHA384:" \
577 "TLS_AES_128_CCM_8_SHA256"
578
579 /* Set TLSv1.3 ciphersuite list for the SSL_CTX. */
580 if (!TEST_true(SSL_CTX_set_ciphersuites(ctx,
581 QUIC_CIPHERSUITES ":"
582 NON_QUIC_CIPHERSUITES)))
583 goto err;
584
585 /*
586 * Forbidden ciphersuites should show up in SSL_CTX accessors, they are only
587 * filtered in SSL_get1_supported_ciphers, so we don't check for
588 * non-inclusion here.
589 */
590
591 testresult = 1;
592err:
593 SSL_CTX_free(ctx);
594 return testresult;
595}
596
597static int test_quic_forbidden_apis(void)
598{
599 int testresult = 0;
600 SSL_CTX *ctx = NULL;
601 SSL *ssl = NULL;
602 STACK_OF(SSL_CIPHER) *ciphers = NULL;
603
604 if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
605 goto err;
606
f082205b
HL		 607 if (!TEST_ptr(ssl = SSL_new(ctx)))
608 goto err;
609
9f3cd808 610#ifndef OPENSSL_NO_SRTP
f082205b
HL		 611 /* This function returns 0 on success and 1 on error, and should fail. */
612 if (!TEST_true(SSL_set_tlsext_use_srtp(ssl, "SRTP_AEAD_AES_128_GCM")))
613 goto err;
9f3cd808 614#endif
f082205b 615
09d56d20
HL		 616 /* Set TLSv1.3 ciphersuite list for the SSL_CTX. */
617 if (!TEST_true(SSL_set_ciphersuites(ssl,
618 QUIC_CIPHERSUITES ":"
619 NON_QUIC_CIPHERSUITES)))
620 goto err;
621
622 /* Non-QUIC ciphersuites must not appear in supported ciphers list. */
623 if (!TEST_ptr(ciphers = SSL_get1_supported_ciphers(ssl))
624 || !TEST_true(ensure_valid_ciphers(ciphers)))
625 goto err;
626
f082205b
HL		 627 testresult = 1;
628err:
09d56d20 629 sk_SSL_CIPHER_free(ciphers);
f082205b
HL		 630 SSL_free(ssl);
631 SSL_CTX_free(ctx);
632 return testresult;
633}
634
f0d9757c
HL		 635static int test_quic_forbidden_options(void)
636{
637 int testresult = 0;
638 SSL_CTX *ctx = NULL;
639 SSL *ssl = NULL;
82a2beca
HL		 640 char buf[16];
641 size_t len;
f0d9757c
HL		 642
643 if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
644 goto err;
645
646 /* QUIC options restrictions do not affect SSL_CTX */
647 SSL_CTX_set_options(ctx, UINT64_MAX);
648
649 if (!TEST_uint64_t_eq(SSL_CTX_get_options(ctx), UINT64_MAX))
650 goto err;
651
82a2beca
HL		 652 /* Set options on CTX which should not be inherited (tested below). */
653 SSL_CTX_set_read_ahead(ctx, 1);
654 SSL_CTX_set_max_early_data(ctx, 1);
655 SSL_CTX_set_recv_max_early_data(ctx, 1);
f66f0d3c 656 SSL_CTX_set_quiet_shutdown(ctx, 1);
82a2beca 657
f0d9757c
HL		 658 if (!TEST_ptr(ssl = SSL_new(ctx)))
659 goto err;
660
661 /* Only permitted options get transferred to SSL object */
662 if (!TEST_uint64_t_eq(SSL_get_options(ssl), OSSL_QUIC_PERMITTED_OPTIONS))
663 goto err;
664
665 /* Try again using SSL_set_options */
666 SSL_set_options(ssl, UINT64_MAX);
667
668 if (!TEST_uint64_t_eq(SSL_get_options(ssl), OSSL_QUIC_PERMITTED_OPTIONS))
669 goto err;
670
671 /* Clear everything */
672 SSL_clear_options(ssl, UINT64_MAX);
673
674 if (!TEST_uint64_t_eq(SSL_get_options(ssl), 0))
675 goto err;
676
d0638fd5 677 /* Readahead */
82a2beca
HL		 678 if (!TEST_false(SSL_get_read_ahead(ssl)))
679 goto err;
680
d0638fd5
HL		 681 SSL_set_read_ahead(ssl, 1);
682 if (!TEST_false(SSL_get_read_ahead(ssl)))
683 goto err;
684
685 /* Block padding */
686 if (!TEST_true(SSL_set_block_padding(ssl, 0))
687 || !TEST_true(SSL_set_block_padding(ssl, 1))
688 || !TEST_false(SSL_set_block_padding(ssl, 2)))
689 goto err;
690
691 /* Max fragment length */
692 if (!TEST_true(SSL_set_tlsext_max_fragment_length(ssl, TLSEXT_max_fragment_length_DISABLED))
693 || !TEST_false(SSL_set_tlsext_max_fragment_length(ssl, TLSEXT_max_fragment_length_512)))
694 goto err;
695
82a2beca 696 /* Max early data */
6e5550a1 697 if (!TEST_false(SSL_set_recv_max_early_data(ssl, 1))
82a2beca
HL		 698 || !TEST_false(SSL_set_max_early_data(ssl, 1)))
699 goto err;
700
701 /* Read/Write */
702 if (!TEST_false(SSL_read_early_data(ssl, buf, sizeof(buf), &len))
703 || !TEST_false(SSL_write_early_data(ssl, buf, sizeof(buf), &len)))
704 goto err;
705
fe33e2c8 706 /* Buffer Management */
a1c56bbe 707 if (!TEST_true(SSL_alloc_buffers(ssl))
fe33e2c8
HL		 708 || !TEST_false(SSL_free_buffers(ssl)))
709 goto err;
710
38c0ff1f
HL		 711 /* Pipelining */
712 if (!TEST_false(SSL_set_max_send_fragment(ssl, 2))
713 || !TEST_false(SSL_set_split_send_fragment(ssl, 2))
714 || !TEST_false(SSL_set_max_pipelines(ssl, 2)))
715 goto err;
716
a1c56bbe
HL		 717 /* HRR */
718 if (!TEST_false(SSL_stateless(ssl)))
719 goto err;
720
f66f0d3c
HL		 721 /* Quiet Shutdown */
722 if (!TEST_false(SSL_get_quiet_shutdown(ssl)))
723 goto err;
724
764817c4
HL		 725 /* No duplication */
726 if (!TEST_ptr_null(SSL_dup(ssl)))
727 goto err;
728
5f69db39
HL		 729 /* No clear */
730 if (!TEST_false(SSL_clear(ssl)))
731 goto err;
732
f0d9757c
HL		 733 testresult = 1;
734err:
735 SSL_free(ssl);
736 SSL_CTX_free(ctx);
737 return testresult;
738}
739
5e6015af
HL		 740static int test_quic_set_fd(int idx)
741{
742 int testresult = 0;
743 SSL_CTX *ctx = NULL;
744 SSL *ssl = NULL;
745 int fd = -1, resfd = -1;
746 BIO *bio = NULL;
747
748 if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
749 goto err;
750
751 if (!TEST_ptr(ssl = SSL_new(ctx)))
752 goto err;
753
754 if (!TEST_int_ge(fd = BIO_socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP, 0), 0))
755 goto err;
756
757 if (idx == 0) {
758 if (!TEST_true(SSL_set_fd(ssl, fd)))
759 goto err;
760 if (!TEST_ptr(bio = SSL_get_rbio(ssl)))
761 goto err;
762 if (!TEST_ptr_eq(bio, SSL_get_wbio(ssl)))
763 goto err;
764 } else if (idx == 1) {
765 if (!TEST_true(SSL_set_rfd(ssl, fd)))
766 goto err;
767 if (!TEST_ptr(bio = SSL_get_rbio(ssl)))
768 goto err;
769 if (!TEST_ptr_null(SSL_get_wbio(ssl)))
770 goto err;
771 } else {
772 if (!TEST_true(SSL_set_wfd(ssl, fd)))
773 goto err;
774 if (!TEST_ptr(bio = SSL_get_wbio(ssl)))
775 goto err;
776 if (!TEST_ptr_null(SSL_get_rbio(ssl)))
777 goto err;
778 }
779
780 if (!TEST_int_eq(BIO_method_type(bio), BIO_TYPE_DGRAM))
781 goto err;
782
783 if (!TEST_true(BIO_get_fd(bio, &resfd))
784 || !TEST_int_eq(resfd, fd))
785 goto err;
786
787 testresult = 1;
788err:
789 SSL_free(ssl);
790 SSL_CTX_free(ctx);
791 if (fd >= 0)
792 BIO_closesocket(fd);
793 return testresult;
794}
795
0a3733ba
MC		 796#define MAXLOOPS 1000
797
798static int test_bio_ssl(void)
799{
800 /*
801 * We just use OSSL_QUIC_client_method() rather than
802 * OSSL_QUIC_client_thread_method(). We will never leave the connection idle
803 * so we will always be implicitly handling time events anyway via other
804 * IO calls.
805 */
806 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
807 SSL *clientquic = NULL, *stream = NULL;
808 QUIC_TSERVER *qtserv = NULL;
809 int testresult = 0;
810 BIO *cbio = NULL, *strbio = NULL, *thisbio;
811 const char *msg = "Hello world";
812 int abortctr = 0, err, clienterr = 0, servererr = 0, retc = 0, rets = 0;
813 size_t written, readbytes, msglen;
814 int sid = 0, i;
815 unsigned char buf[80];
816
817 if (!TEST_ptr(cctx))
818 goto err;
819
820 cbio = BIO_new_ssl(cctx, 1);
821 if (!TEST_ptr(cbio))
822 goto err;
823
824 /*
825 * We must configure the ALPN/peer address etc so we get the SSL object in
826 * order to pass it to qtest_create_quic_objects for configuration.
827 */
828 if (!TEST_int_eq(BIO_get_ssl(cbio, &clientquic), 1))
829 goto err;
830
cf355bd6 831 if (!TEST_true(qtest_create_quic_objects(libctx, NULL, NULL, cert, privkey,
0a3733ba
MC		 832 0, &qtserv, &clientquic, NULL)))
833 goto err;
834
835 msglen = strlen(msg);
836
837 do {
838 err = BIO_FLAGS_WRITE;
839 while (!clienterr && !retc && err == BIO_FLAGS_WRITE) {
840 retc = BIO_write_ex(cbio, msg, msglen, &written);
841 if (!retc) {
842 if (BIO_should_retry(cbio))
843 err = BIO_retry_type(cbio);
844 else
845 err = 0;
846 }
847 }
848
849 if (!clienterr && retc <= 0 && err != BIO_FLAGS_READ) {
850 TEST_info("BIO_write_ex() failed %d, %d", retc, err);
851 TEST_openssl_errors();
852 clienterr = 1;
853 }
854
855 if (!servererr && rets <= 0) {
856 ossl_quic_tserver_tick(qtserv);
857 servererr = ossl_quic_tserver_is_term_any(qtserv);
858 if (!servererr)
859 rets = ossl_quic_tserver_is_handshake_confirmed(qtserv);
860 }
861
862 if (clienterr && servererr)
863 goto err;
864
865 if (++abortctr == MAXLOOPS) {
866 TEST_info("No progress made");
867 goto err;
868 }
869 } while ((!retc && !clienterr) || (rets <= 0 && !servererr));
870
871 /*
872 * 2 loops: The first using the default stream, and the second using a new
873 * client initiated bidi stream.
874 */
875 for (i = 0, thisbio = cbio; i < 2; i++) {
876 if (!TEST_true(ossl_quic_tserver_read(qtserv, sid, buf, sizeof(buf),
877 &readbytes))
878 || !TEST_mem_eq(msg, msglen, buf, readbytes))
879 goto err;
880
881 if (!TEST_true(ossl_quic_tserver_write(qtserv, sid, (unsigned char *)msg,
882 msglen, &written)))
883 goto err;
884 ossl_quic_tserver_tick(qtserv);
885
886 if (!TEST_true(BIO_read_ex(thisbio, buf, sizeof(buf), &readbytes))
887 || !TEST_mem_eq(msg, msglen, buf, readbytes))
888 goto err;
889
890 if (i == 1)
891 break;
892
893 /*
894 * Now create a new stream and repeat. The bottom two bits of the stream
895 * id represents whether the stream is bidi and whether it is client
896 * initiated or not. For client initiated bidi they are both 0. So the
897 * first client initiated bidi stream is 0 and the next one is 4.
898 */
899 sid = 4;
900 stream = SSL_new_stream(clientquic, 0);
901 if (!TEST_ptr(stream))
902 goto err;
903
904 thisbio = strbio = BIO_new(BIO_f_ssl());
905 if (!TEST_ptr(strbio))
906 goto err;
907
908 if (!TEST_int_eq(BIO_set_ssl(thisbio, stream, BIO_CLOSE), 1))
909 goto err;
910 stream = NULL;
911
912 if (!TEST_true(BIO_write_ex(thisbio, msg, msglen, &written)))
913 goto err;
914
915 ossl_quic_tserver_tick(qtserv);
916 }
917
918 testresult = 1;
919 err:
920 BIO_free_all(cbio);
921 BIO_free_all(strbio);
922 SSL_free(stream);
923 ossl_quic_tserver_free(qtserv);
924 SSL_CTX_free(cctx);
925
926 return testresult;
927}
928
a1c87f64
MC		 929#define BACK_PRESSURE_NUM_LOOPS 10000
930/*
931 * Test that sending data from the client to the server faster than the server
932 * can process it eventually results in back pressure on the client.
933 */
934static int test_back_pressure(void)
935{
936 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
937 SSL *clientquic = NULL;
938 QUIC_TSERVER *qtserv = NULL;
939 int testresult = 0;
940 unsigned char *msg = NULL;
941 const size_t msglen = 1024;
942 unsigned char buf[64];
943 size_t readbytes, written;
944 int i;
945
946 if (!TEST_ptr(cctx)
1e7cc86b
HL		 947 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
948 privkey, 0, &qtserv,
949 &clientquic, NULL))
a1c87f64
MC		 950 || !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
951 goto err;
952
953 msg = OPENSSL_malloc(msglen);
954 if (!TEST_ptr(msg))
955 goto err;
956 if (!TEST_int_eq(RAND_bytes_ex(libctx, msg, msglen, 0), 1))
957 goto err;
958
959 /*
960 * Limit to 10000 loops. If we've not seen any back pressure after that
961 * we're going to run out of memory, so abort.
962 */
963 for (i = 0; i < BACK_PRESSURE_NUM_LOOPS; i++) {
964 /* Send data from the client */
965 if (!SSL_write_ex(clientquic, msg, msglen, &written)) {
966 /* Check if we are seeing back pressure */
967 if (SSL_get_error(clientquic, 0) == SSL_ERROR_WANT_WRITE)
968 break;
969 TEST_error("Unexpected client failure");
970 goto err;
971 }
972
973 /* Receive data at the server */
974 ossl_quic_tserver_tick(qtserv);
975 if (!TEST_true(ossl_quic_tserver_read(qtserv, 0, buf, sizeof(buf),
976 &readbytes)))
977 goto err;
978 }
979
980 if (i == BACK_PRESSURE_NUM_LOOPS) {
981 TEST_error("No back pressure seen");
982 goto err;
983 }
984
985 testresult = 1;
986 err:
987 SSL_free(clientquic);
988 ossl_quic_tserver_free(qtserv);
989 SSL_CTX_free(cctx);
990 OPENSSL_free(msg);
991
992 return testresult;
993}
994
8c5284ff
MC		 995
996static int dgram_ctr = 0;
997
998static void dgram_cb(int write_p, int version, int content_type,
999 const void *buf, size_t msglen, SSL *ssl, void *arg)
1000{
1001 if (!write_p)
1002 return;
1003
1004 if (content_type != SSL3_RT_QUIC_DATAGRAM)
1005 return;
1006
1007 dgram_ctr++;
1008}
1009
1010/* Test that we send multiple datagrams in one go when appropriate */
1011static int test_multiple_dgrams(void)
1012{
1013 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1014 SSL *clientquic = NULL;
1015 QUIC_TSERVER *qtserv = NULL;
1016 int testresult = 0;
1017 unsigned char *buf;
1018 const size_t buflen = 1400;
1019 size_t written;
1020
1021 buf = OPENSSL_zalloc(buflen);
1022
1023 if (!TEST_ptr(cctx)
1024 || !TEST_ptr(buf)
1025 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
1026 privkey, 0, &qtserv,
1027 &clientquic, NULL))
1028 || !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1029 goto err;
1030
1031 dgram_ctr = 0;
1032 SSL_set_msg_callback(clientquic, dgram_cb);
1033 if (!TEST_true(SSL_write_ex(clientquic, buf, buflen, &written))
1034 || !TEST_size_t_eq(written, buflen)
1035 /* We wrote enough data for 2 datagrams */
1036 || !TEST_int_eq(dgram_ctr, 2))
1037 goto err;
1038
1039 testresult = 1;
1040 err:
1041 OPENSSL_free(buf);
1042 SSL_free(clientquic);
1043 ossl_quic_tserver_free(qtserv);
1044 SSL_CTX_free(cctx);
1045
1046 return testresult;
1047}
1048
48724e8a
MC		 1049static int non_io_retry_cert_verify_cb(X509_STORE_CTX *ctx, void *arg)
1050{
1051 int idx = SSL_get_ex_data_X509_STORE_CTX_idx();
1052 SSL *ssl;
1053 int *ctr = (int *)arg;
1054
1055 /* this should not happen but check anyway */
1056 if (idx < 0
1057 || (ssl = X509_STORE_CTX_get_ex_data(ctx, idx)) == NULL)
1058 return 0;
1059
1060 /* If this is the first time we've been called then retry */
1061 if (((*ctr)++) == 0)
1062 return SSL_set_retry_verify(ssl);
1063
1064 /* Otherwise do nothing - verification succeeds. Continue as normal */
1065 return 1;
1066}
1067
1068/* Test that we can handle a non-io related retry error
1069 * Test 0: Non-blocking
1070 * Test 1: Blocking
1071 */
1072static int test_non_io_retry(int idx)
1073{
1074 SSL_CTX *cctx;
1075 SSL *clientquic = NULL;
1076 QUIC_TSERVER *qtserv = NULL;
1077 int testresult = 0;
1078 int flags = 0, ctr = 0;
1079
1080 if (idx >= 1 && !qtest_supports_blocking())
1081 return TEST_skip("Blocking tests not supported in this build");
1082
1083 cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1084 if (!TEST_ptr(cctx))
1085 goto err;
1086
1087 SSL_CTX_set_cert_verify_callback(cctx, non_io_retry_cert_verify_cb, &ctr);
1088
1089 flags = (idx >= 1) ? QTEST_FLAG_BLOCK : 0;
1090 if (!TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert, privkey,
1091 flags, &qtserv, &clientquic, NULL))
1092 || !TEST_true(qtest_create_quic_connection_ex(qtserv, clientquic,
1093 SSL_ERROR_WANT_RETRY_VERIFY))
1094 || !TEST_int_eq(SSL_want(clientquic), SSL_RETRY_VERIFY)
1095 || !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1096 goto err;
1097
1098 testresult = 1;
1099 err:
1100 SSL_free(clientquic);
1101 ossl_quic_tserver_free(qtserv);
1102 SSL_CTX_free(cctx);
1103
1104 return testresult;
1105}
1106
1e4fc0b2
MC		 1107static int use_session_cb_cnt = 0;
1108static int find_session_cb_cnt = 0;
1109static const char *pskid = "Identity";
1110static SSL_SESSION *serverpsk = NULL, *clientpsk = NULL;
1111
1112static int use_session_cb(SSL *ssl, const EVP_MD *md, const unsigned char **id,
1113 size_t *idlen, SSL_SESSION **sess)
1114{
1115 use_session_cb_cnt++;
1116
1117 if (clientpsk == NULL)
1118 return 0;
1119
1120 SSL_SESSION_up_ref(clientpsk);
1121
1122 *sess = clientpsk;
1123 *id = (const unsigned char *)pskid;
1124 *idlen = strlen(pskid);
1125
1126 return 1;
1127}
1128
1129static int find_session_cb(SSL *ssl, const unsigned char *identity,
1130 size_t identity_len, SSL_SESSION **sess)
1131{
1132 find_session_cb_cnt++;
1133
1134 if (serverpsk == NULL)
1135 return 0;
1136
1137 /* Identity should match that set by the client */
1138 if (strlen(pskid) != identity_len
1139 || strncmp(pskid, (const char *)identity, identity_len) != 0)
1140 return 0;
1141
1142 SSL_SESSION_up_ref(serverpsk);
1143 *sess = serverpsk;
1144
1145 return 1;
1146}
1147
1148static int test_quic_psk(void)
1149{
1150 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1151 SSL *clientquic = NULL;
1152 QUIC_TSERVER *qtserv = NULL;
1153 int testresult = 0;
1154
1155 if (!TEST_ptr(cctx)
1156 /* No cert or private key for the server, i.e. PSK only */
1157 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, NULL,
1158 NULL, 0, &qtserv,
1159 &clientquic, NULL)))
1160 goto end;
1161
1162 SSL_set_psk_use_session_callback(clientquic, use_session_cb);
1163 ossl_quic_tserver_set_psk_find_session_cb(qtserv, find_session_cb);
1164 use_session_cb_cnt = 0;
1165 find_session_cb_cnt = 0;
1166
1167 clientpsk = serverpsk = create_a_psk(clientquic, SHA384_DIGEST_LENGTH);
1168 if (!TEST_ptr(clientpsk))
1169 goto end;
1170 /* We already had one ref. Add another one */
1171 SSL_SESSION_up_ref(clientpsk);
1172
1173 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic))
1174 || !TEST_int_eq(1, find_session_cb_cnt)
1175 || !TEST_int_eq(1, use_session_cb_cnt)
1176 /* Check that we actually used the PSK */
1177 || !TEST_true(SSL_session_reused(clientquic)))
1178 goto end;
1179
1180 testresult = 1;
1181
1182 end:
1183 SSL_free(clientquic);
1184 ossl_quic_tserver_free(qtserv);
1185 SSL_CTX_free(cctx);
1186 SSL_SESSION_free(clientpsk);
1187 SSL_SESSION_free(serverpsk);
1188 clientpsk = serverpsk = NULL;
1189
1190 return testresult;
1191}
1192
122d4e20
MC		 1193/*
1194 * Test that we correctly handle ALPN supplied by the application
1195 * Test 0: ALPN is provided
1196 * Test 1: No ALPN is provided
1197 */
1198static int test_alpn(int idx)
1199{
1200 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
1201 SSL *clientquic = NULL;
1202 QUIC_TSERVER *qtserv = NULL;
1203 int testresult = 0;
1204 int ret;
1205
1206 /*
1207 * Ensure we only configure ciphersuites that are available with both the
1208 * default and fips providers to get the same output in both cases
1209 */
1210 if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_128_GCM_SHA256")))
1211 goto err;
1212
1213 if (!TEST_ptr(cctx)
1214 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
1215 privkey,
1216 QTEST_FLAG_FAKE_TIME,
1217 &qtserv,
1218 &clientquic, NULL)))
1219 goto err;
1220
1221 if (idx == 0) {
1222 /*
1223 * Clear the ALPN we set in qtest_create_quic_objects. We use TEST_false
1224 * because SSL_set_alpn_protos returns 0 for success.
1225 */
1226 if (!TEST_false(SSL_set_alpn_protos(clientquic, NULL, 0)))
1227 goto err;
1228 }
1229
1230 ret = SSL_connect(clientquic);
1231 if (!TEST_int_le(ret, 0))
1232 goto err;
1233 if (idx == 0) {
1234 /* We expect an immediate error due to lack of ALPN */
1235 if (!TEST_int_eq(SSL_get_error(clientquic, ret), SSL_ERROR_SSL))
1236 goto err;
1237 } else {
1238 /* ALPN was provided so we expect the connection to succeed */
1239 if (!TEST_int_eq(SSL_get_error(clientquic, ret), SSL_ERROR_WANT_READ)
1240 || !TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1241 goto err;
1242 }
1243
1244 testresult = 1;
1245 err:
1246 ossl_quic_tserver_free(qtserv);
1247 SSL_free(clientquic);
1248 SSL_CTX_free(cctx);
1249
1250 return testresult;
1251}
1252
d3a8daca 1253#define MAX_LOOPS 2000
19d79bb2
MC		 1254
1255/*
1256 * Keep retrying SSL_read_ex until it succeeds or we give up. Accept a stream
1257 * if we don't already have one
1258 */
1259static int unreliable_client_read(SSL *clientquic, SSL **stream, void *buf,
1260 size_t buflen, size_t *readbytes,
1261 QUIC_TSERVER *qtserv)
1262{
1263 int abortctr;
1264
1265 /* We just do this in a loop with a sleep for simplicity */
1266 for (abortctr = 0; abortctr < MAX_LOOPS; abortctr++) {
1267 if (*stream == NULL) {
1268 SSL_handle_events(clientquic);
1269 *stream = SSL_accept_stream(clientquic, 0);
1270 }
1271
1272 if (*stream != NULL) {
1273 if (SSL_read_ex(*stream, buf, buflen, readbytes))
1274 return 1;
1275 if (SSL_get_error(*stream, 0) != SSL_ERROR_WANT_READ)
1276 return 0;
1277 }
1278 ossl_quic_tserver_tick(qtserv);
1279 OSSL_sleep(10);
1280 }
1281
1282 return 0;
1283}
1284
1285/* Keep retrying ossl_quic_tserver_read until it succeeds or we give up */
1286static int unreliable_server_read(QUIC_TSERVER *qtserv, uint64_t sid,
1287 void *buf, size_t buflen, size_t *readbytes,
1288 SSL *clientquic)
1289{
1290 int abortctr;
1291
1292 /* We just do this in a loop with a sleep for simplicity */
1293 for (abortctr = 0; abortctr < MAX_LOOPS; abortctr++) {
1294 if (ossl_quic_tserver_read(qtserv, sid, buf, buflen, readbytes))
1295 return 1;
1296 ossl_quic_tserver_tick(qtserv);
1297 SSL_handle_events(clientquic);
1298 OSSL_sleep(10);
1299 }
1300
1301 return 0;
1302}
1303
43b94c7f
MC		 1304static int test_noisy_dgram(void)
1305{
1306 SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
19d79bb2 1307 SSL *clientquic = NULL, *stream[2] = { NULL, NULL };
43b94c7f
MC		 1308 QUIC_TSERVER *qtserv = NULL;
1309 int testresult = 0;
19d79bb2
MC		 1310 uint64_t sid = 0;
1311 char *msg = "Hello world!";
1312 size_t msglen = strlen(msg), written, readbytes, i, j;
1313 unsigned char buf[80];
43b94c7f
MC		 1314
1315 if (!TEST_ptr(cctx)
1316 || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
1317 privkey,
1318 QTEST_FLAG_NOISE,
1319 &qtserv,
1320 &clientquic, NULL)))
1321 goto err;
1322
1323 if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
1324 goto err;
1325
19d79bb2
MC		 1326 if (!TEST_true(SSL_set_incoming_stream_policy(clientquic,
1327 SSL_INCOMING_STREAM_POLICY_ACCEPT,
1328 0))
1329 || !TEST_true(SSL_set_default_stream_mode(clientquic,
1330 SSL_DEFAULT_STREAM_MODE_NONE)))
1331 goto err;
1332
1333 for (j = 0; j < 2; j++) {
1334 if (!TEST_true(ossl_quic_tserver_stream_new(qtserv, 0, &sid)))
1335 goto err;
1336 ossl_quic_tserver_tick(qtserv);
1337
1338 /*
1339 * Send data from the server to the client. Some datagrams may get lost,
1340 * dropped or re-ordered. We repeat 10 times to ensure we are sending
1341 * enough datagrams for problems to be noticed.
1342 */
1343 for (i = 0; i < 10; i++) {
1344 if (!TEST_true(ossl_quic_tserver_write(qtserv, sid,
1345 (unsigned char *)msg, msglen,
1346 &written))
1347 || !TEST_size_t_eq(msglen, written))
1348 goto err;
1349 ossl_quic_tserver_tick(qtserv);
1350
1351 /*
1352 * Since the underlying BIO is now noisy we may get failures that
1353 * need to be retried - so we use unreliable_client_read() to handle
1354 * that
1355 */
1356 if (!TEST_true(unreliable_client_read(clientquic, &stream[j], buf,
1357 sizeof(buf), &readbytes,
1358 qtserv))
1359 || !TEST_mem_eq(msg, msglen, buf, readbytes))
1360 goto err;
1361 }
1362
1363 /* Send data from the client to the server */
1364 for (i = 0; i < 10; i++) {
1365 if (!TEST_true(SSL_write_ex(stream[j], (unsigned char *)msg,
1366 msglen, &written))
1367 || !TEST_size_t_eq(msglen, written))
1368 goto err;
1369
1370 ossl_quic_tserver_tick(qtserv);
1371 /*
1372 * Since the underlying BIO is now noisy we may get failures that
1373 * need to be retried - so we use unreliable_server_read() to handle
1374 * that
1375 */
1376 if (!TEST_true(unreliable_server_read(qtserv, sid, buf, sizeof(buf),
1377 &readbytes, clientquic))
1378 || !TEST_mem_eq(msg, msglen, buf, readbytes))
1379 goto err;
1380 }
1381 }
1382
43b94c7f
MC		 1383 testresult = 1;
1384 err:
1385 ossl_quic_tserver_free(qtserv);
19d79bb2
MC		 1386 SSL_free(stream[0]);
1387 SSL_free(stream[1]);
43b94c7f
MC		 1388 SSL_free(clientquic);
1389 SSL_CTX_free(cctx);
1390
1391 return testresult;
1392}
1393
1394
2e1da969 1395OPT_TEST_DECLARE_USAGE("provider config certsdir datadir\n")
e44795bd
TM		 1396
1397int setup_tests(void)
1398{
1399 char *modulename;
1400 char *configfile;
1401
1402 libctx = OSSL_LIB_CTX_new();
1403 if (!TEST_ptr(libctx))
1404 return 0;
1405
1406 defctxnull = OSSL_PROVIDER_load(NULL, "null");
1407
1408 /*
1409 * Verify that the default and fips providers in the default libctx are not
1410 * available
1411 */
1412 if (!TEST_false(OSSL_PROVIDER_available(NULL, "default"))
1413 || !TEST_false(OSSL_PROVIDER_available(NULL, "fips")))
0c593328 1414 goto err;
e44795bd
TM		 1415
1416 if (!test_skip_common_options()) {
1417 TEST_error("Error parsing test options\n");
0c593328 1418 goto err;
e44795bd
TM		 1419 }
1420
1421 if (!TEST_ptr(modulename = test_get_argument(0))
0c593328 1422 || !TEST_ptr(configfile = test_get_argument(1))
2e1da969
MC		 1423 || !TEST_ptr(certsdir = test_get_argument(2))
1424 || !TEST_ptr(datadir = test_get_argument(3)))
0c593328 1425 goto err;
e44795bd
TM		 1426
1427 if (!TEST_true(OSSL_LIB_CTX_load_config(libctx, configfile)))
0c593328 1428 goto err;
e44795bd
TM		 1429
1430 /* Check we have the expected provider available */
1431 if (!TEST_true(OSSL_PROVIDER_available(libctx, modulename)))
0c593328 1432 goto err;
e44795bd
TM		 1433
1434 /* Check the default provider is not available */
1435 if (strcmp(modulename, "default") != 0
1436 && !TEST_false(OSSL_PROVIDER_available(libctx, "default")))
0c593328 1437 goto err;
e44795bd
TM		 1438
1439 if (strcmp(modulename, "fips") == 0)
1440 is_fips = 1;
1441
0c593328
MC		 1442 cert = test_mk_file_path(certsdir, "servercert.pem");
1443 if (cert == NULL)
1444 goto err;
1445
1446 privkey = test_mk_file_path(certsdir, "serverkey.pem");
1447 if (privkey == NULL)
1448 goto err;
1449
5c3474ea 1450 ADD_ALL_TESTS(test_quic_write_read, 3);
0fa6612e 1451 ADD_TEST(test_fin_only_blocking);
0c9646ec 1452 ADD_TEST(test_ciphersuites);
9912dfb9 1453 ADD_TEST(test_cipher_find);
843f6e27 1454 ADD_TEST(test_version);
1be2ee68 1455#if defined(DO_SSL_TRACE_TEST)
2e1da969
MC		 1456 ADD_TEST(test_ssl_trace);
1457#endif
09d56d20 1458 ADD_TEST(test_quic_forbidden_apis_ctx);
f082205b 1459 ADD_TEST(test_quic_forbidden_apis);
f0d9757c 1460 ADD_TEST(test_quic_forbidden_options);
5e6015af 1461 ADD_ALL_TESTS(test_quic_set_fd, 3);
0a3733ba 1462 ADD_TEST(test_bio_ssl);
a1c87f64 1463 ADD_TEST(test_back_pressure);
8c5284ff 1464 ADD_TEST(test_multiple_dgrams);
48724e8a 1465 ADD_ALL_TESTS(test_non_io_retry, 2);
1e4fc0b2 1466 ADD_TEST(test_quic_psk);
122d4e20 1467 ADD_ALL_TESTS(test_alpn, 2);
43b94c7f
MC		 1468 ADD_TEST(test_noisy_dgram);
1469
e44795bd 1470 return 1;
0c593328
MC		 1471 err:
1472 cleanup_tests();
1473 return 0;
e44795bd
TM		 1474}
1475
1476void cleanup_tests(void)
1477{
43b94c7f 1478 bio_f_noisy_dgram_filter_free();
0c593328
MC		 1479 OPENSSL_free(cert);
1480 OPENSSL_free(privkey);
e44795bd
TM		 1481 OSSL_PROVIDER_unload(defctxnull);
1482 OSSL_LIB_CTX_free(libctx);
1483}
A mirror of the official openssl repository