2 * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
13 #include <openssl/opensslconf.h>
14 #include <openssl/quic.h>
15 #include <openssl/rand.h>
17 #include "helpers/ssltestlib.h"
18 #include "helpers/quictestlib.h"
20 #include "testutil/output.h"
21 #include "../ssl/ssl_local.h"
23 static OSSL_LIB_CTX
*libctx
= NULL
;
24 static OSSL_PROVIDER
*defctxnull
= NULL
;
25 static char *certsdir
= NULL
;
26 static char *cert
= NULL
;
27 static char *ccert
= NULL
;
28 static char *cauthca
= NULL
;
29 static char *privkey
= NULL
;
30 static char *cprivkey
= NULL
;
31 static char *datadir
= NULL
;
33 static int is_fips
= 0;
35 /* The ssltrace test assumes some options are switched on/off */
36 #if !defined(OPENSSL_NO_SSL_TRACE) && !defined(OPENSSL_NO_EC) \
37 && defined(OPENSSL_NO_ZLIB) && defined(OPENSSL_NO_BROTLI) \
38 && defined(OPENSSL_NO_ZSTD) && !defined(OPENSSL_NO_ECX) \
39 && !defined(OPENSSL_NO_DH)
40 # define DO_SSL_TRACE_TEST
44 * Test that we read what we've written.
45 * Test 0: Non-blocking
47 * Test 2: Blocking, introduce socket error, test error handling.
49 static int test_quic_write_read(int idx
)
51 SSL_CTX
*cctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method());
53 SSL
*clientquic
= NULL
;
54 QUIC_TSERVER
*qtserv
= NULL
;
56 unsigned char buf
[20];
57 static char *msg
= "A test message";
58 size_t msglen
= strlen(msg
);
60 int ssock
= 0, csock
= 0;
61 uint64_t sid
= UINT64_MAX
;
62 SSL_SESSION
*sess
= NULL
;
64 if (idx
>= 1 && !qtest_supports_blocking())
65 return TEST_skip("Blocking tests not supported in this build");
67 for (k
= 0; k
< 2; k
++) {
69 || !TEST_true(qtest_create_quic_objects(libctx
, cctx
, sctx
,
76 || !TEST_true(SSL_set_tlsext_host_name(clientquic
, "localhost")))
79 if (sess
!= NULL
&& !TEST_true(SSL_set_session(clientquic
, sess
)))
82 if (!TEST_true(qtest_create_quic_connection(qtserv
, clientquic
)))
86 if (!TEST_true(BIO_get_fd(ossl_quic_tserver_get0_rbio(qtserv
),
89 if (!TEST_int_gt(csock
= SSL_get_rfd(clientquic
), 0))
93 sid
= 0; /* client-initiated bidirectional stream */
95 for (j
= 0; j
< 2; j
++) {
96 /* Check that sending and receiving app data is ok */
97 if (!TEST_true(SSL_write_ex(clientquic
, msg
, msglen
, &numbytes
))
98 || !TEST_size_t_eq(numbytes
, msglen
))
102 if (!TEST_true(wait_until_sock_readable(ssock
)))
105 ossl_quic_tserver_tick(qtserv
);
107 if (!TEST_true(ossl_quic_tserver_read(qtserv
, sid
, buf
,
111 } while (numbytes
== 0);
113 if (!TEST_mem_eq(buf
, numbytes
, msg
, msglen
))
117 if (idx
>= 2 && j
> 0)
118 /* Introduce permanent socket error */
119 BIO_closesocket(csock
);
121 ossl_quic_tserver_tick(qtserv
);
122 if (!TEST_true(ossl_quic_tserver_write(qtserv
, sid
,
123 (unsigned char *)msg
,
126 ossl_quic_tserver_tick(qtserv
);
127 SSL_handle_events(clientquic
);
129 if (idx
>= 2 && j
> 0) {
130 if (!TEST_false(SSL_read_ex(clientquic
, buf
, 1, &numbytes
))
131 || !TEST_int_eq(SSL_get_error(clientquic
, 0),
133 || !TEST_false(SSL_write_ex(clientquic
, msg
, msglen
,
135 || !TEST_int_eq(SSL_get_error(clientquic
, 0),
142 * In blocking mode the SSL_read_ex call will block until the socket
143 * is readable and has our data. In non-blocking mode we're doing
144 * everything in memory, so it should be immediately available
146 if (!TEST_true(SSL_read_ex(clientquic
, buf
, 1, &numbytes
))
147 || !TEST_size_t_eq(numbytes
, 1)
148 || !TEST_true(SSL_has_pending(clientquic
))
149 || !TEST_int_eq(SSL_pending(clientquic
), msglen
- 1)
150 || !TEST_true(SSL_read_ex(clientquic
, buf
+ 1,
151 sizeof(buf
) - 1, &numbytes
))
152 || !TEST_mem_eq(buf
, numbytes
+ 1, msg
, msglen
))
157 /* We didn't supply a session so we're not expecting resumption */
158 if (!TEST_false(SSL_session_reused(clientquic
)))
160 /* We should have a session ticket by now */
161 sess
= SSL_get1_session(clientquic
);
165 /* We supplied a session so we should have resumed */
166 if (!TEST_true(SSL_session_reused(clientquic
)))
170 if (!TEST_true(qtest_shutdown(qtserv
, clientquic
)))
174 sctx
= ossl_quic_tserver_get0_ssl_ctx(qtserv
);
175 if (!TEST_true(SSL_CTX_up_ref(sctx
))) {
180 ossl_quic_tserver_free(qtserv
);
182 SSL_free(clientquic
);
192 SSL_SESSION_free(sess
);
193 ossl_quic_tserver_free(qtserv
);
194 SSL_free(clientquic
);
202 * Test that sending FIN with no data to a client blocking in SSL_read_ex() will
203 * wake up the client.
205 static int test_fin_only_blocking(void)
207 SSL_CTX
*cctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method());
208 SSL_CTX
*sctx
= NULL
;
209 SSL
*clientquic
= NULL
;
210 QUIC_TSERVER
*qtserv
= NULL
;
211 const char *msg
= "Hello World";
214 unsigned char buf
[32];
216 OSSL_TIME timer
, timediff
;
218 if (!qtest_supports_blocking())
219 return TEST_skip("Blocking tests not supported in this build");
222 || !TEST_true(qtest_create_quic_objects(libctx
, cctx
, sctx
,
225 &qtserv
, &clientquic
,
227 || !TEST_true(SSL_set_tlsext_host_name(clientquic
, "localhost")))
230 if (!TEST_true(qtest_create_quic_connection(qtserv
, clientquic
)))
233 if (!TEST_true(ossl_quic_tserver_stream_new(qtserv
, 0, &sid
))
234 || !TEST_true(ossl_quic_tserver_write(qtserv
, sid
,
235 (unsigned char *)msg
,
236 strlen(msg
), &numbytes
))
237 || !TEST_size_t_eq(strlen(msg
), numbytes
))
240 ossl_quic_tserver_tick(qtserv
);
242 if (!TEST_true(SSL_read_ex(clientquic
, buf
, sizeof(buf
), &numbytes
))
243 || !TEST_mem_eq(msg
, strlen(msg
), buf
, numbytes
))
248 if (!TEST_true(ossl_quic_tserver_conclude(qtserv
, sid
)))
251 timer
= ossl_time_now();
252 if (!TEST_false(SSL_read_ex(clientquic
, buf
, sizeof(buf
), &numbytes
)))
254 timediff
= ossl_time_subtract(ossl_time_now(), timer
);
256 if (!TEST_int_eq(SSL_get_error(clientquic
, 0), SSL_ERROR_ZERO_RETURN
)
258 * We expect the SSL_read_ex to not have blocked so this should
259 * be very fast. 20ms should be plenty.
261 || !TEST_uint64_t_le(ossl_time2ms(timediff
), 20))
264 if (!TEST_true(qtest_shutdown(qtserv
, clientquic
)))
270 ossl_quic_tserver_free(qtserv
);
271 SSL_free(clientquic
);
278 /* Test that a vanilla QUIC SSL object has the expected ciphersuites available */
279 static int test_ciphersuites(void)
281 SSL_CTX
*ctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method());
284 const STACK_OF(SSL_CIPHER
) *ciphers
= NULL
;
285 const SSL_CIPHER
*cipher
;
286 /* We expect this exact list of ciphersuites by default */
288 TLS1_3_CK_AES_256_GCM_SHA384
,
289 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
290 TLS1_3_CK_CHACHA20_POLY1305_SHA256
,
292 TLS1_3_CK_AES_128_GCM_SHA256
303 ciphers
= SSL_get_ciphers(ssl
);
305 for (i
= 0, j
= 0; i
< OSSL_NELEM(cipherids
); i
++) {
306 if (cipherids
[i
] == TLS1_3_CK_CHACHA20_POLY1305_SHA256
&& is_fips
)
308 cipher
= sk_SSL_CIPHER_value(ciphers
, j
++);
309 if (!TEST_ptr(cipher
))
311 if (!TEST_uint_eq(SSL_CIPHER_get_id(cipher
), cipherids
[i
]))
315 /* We should have checked all the ciphers in the stack */
316 if (!TEST_int_eq(sk_SSL_CIPHER_num(ciphers
), j
))
327 static int test_cipher_find(void)
329 SSL_CTX
*cctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method());
330 SSL
*clientquic
= NULL
;
332 const unsigned char *cipherbytes
;
335 { TLS13_AES_128_GCM_SHA256_BYTES
, 1 },
336 { TLS13_AES_256_GCM_SHA384_BYTES
, 1 },
337 { TLS13_CHACHA20_POLY1305_SHA256_BYTES
, 1 },
338 { TLS13_AES_128_CCM_SHA256_BYTES
, 0 },
339 { TLS13_AES_128_CCM_8_SHA256_BYTES
, 0 }
347 clientquic
= SSL_new(cctx
);
348 if (!TEST_ptr(clientquic
))
351 for (i
= 0; i
< OSSL_NELEM(testciphers
); i
++)
352 if (testciphers
[i
].ok
) {
353 if (!TEST_ptr(SSL_CIPHER_find(clientquic
,
354 testciphers
[i
].cipherbytes
)))
357 if (!TEST_ptr_null(SSL_CIPHER_find(clientquic
,
358 testciphers
[i
].cipherbytes
)))
364 SSL_free(clientquic
);
371 * Test that SSL_version, SSL_get_version, SSL_is_quic, SSL_is_tls and
372 * SSL_is_dtls return the expected results for a QUIC connection. Compare with
373 * test_version() in sslapitest.c which does the same thing for TLS/DTLS
376 static int test_version(void)
378 SSL_CTX
*cctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method());
379 SSL
*clientquic
= NULL
;
380 QUIC_TSERVER
*qtserv
= NULL
;
384 || !TEST_true(qtest_create_quic_objects(libctx
, cctx
, NULL
, cert
,
386 &clientquic
, NULL
, NULL
))
387 || !TEST_true(qtest_create_quic_connection(qtserv
, clientquic
)))
390 if (!TEST_int_eq(SSL_version(clientquic
), OSSL_QUIC1_VERSION
)
391 || !TEST_str_eq(SSL_get_version(clientquic
), "QUICv1"))
394 if (!TEST_true(SSL_is_quic(clientquic
))
395 || !TEST_false(SSL_is_tls(clientquic
))
396 || !TEST_false(SSL_is_dtls(clientquic
)))
402 ossl_quic_tserver_free(qtserv
);
403 SSL_free(clientquic
);
409 #if defined(DO_SSL_TRACE_TEST)
410 static void strip_line_ends(char *str
)
414 for (i
= strlen(str
);
415 i
> 0 && (str
[i
- 1] == '\n' || str
[i
- 1] == '\r');
421 static int compare_with_file(BIO
*membio
)
423 BIO
*file
= NULL
, *newfile
= NULL
;
424 char buf1
[512], buf2
[512];
429 reffile
= test_mk_file_path(datadir
, "ssltraceref.txt");
430 if (!TEST_ptr(reffile
))
433 file
= BIO_new_file(reffile
, "rb");
437 newfile
= BIO_new_file("ssltraceref-new.txt", "wb");
438 if (!TEST_ptr(newfile
))
441 while (BIO_gets(membio
, buf2
, sizeof(buf2
)) > 0)
442 if (BIO_puts(newfile
, buf2
) <= 0) {
443 TEST_error("Failed writing new file data");
447 if (!TEST_int_ge(BIO_seek(membio
, 0), 0))
450 while (BIO_gets(file
, buf1
, sizeof(buf1
)) > 0) {
451 if (BIO_gets(membio
, buf2
, sizeof(buf2
)) <= 0) {
452 TEST_error("Failed reading mem data");
455 strip_line_ends(buf1
);
456 strip_line_ends(buf2
);
457 if (strlen(buf1
) != strlen(buf2
)) {
458 TEST_error("Actual and ref line data length mismatch");
459 TEST_info("%s", buf1
);
460 TEST_info("%s", buf2
);
463 for (i
= 0; i
< strlen(buf1
); i
++) {
464 /* '?' is a wild card character in the reference text */
468 if (!TEST_str_eq(buf1
, buf2
))
471 if (!TEST_true(BIO_eof(file
))
472 || !TEST_true(BIO_eof(membio
)))
477 OPENSSL_free(reffile
);
484 * Tests that the SSL_trace() msg_callback works as expected with a QUIC
485 * connection. This also provides testing of the msg_callback at the same time.
487 static int test_ssl_trace(void)
489 SSL_CTX
*cctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method());
490 SSL
*clientquic
= NULL
;
491 QUIC_TSERVER
*qtserv
= NULL
;
493 BIO
*bio
= BIO_new(BIO_s_mem());
496 * Ensure we only configure ciphersuites that are available with both the
497 * default and fips providers to get the same output in both cases
499 if (!TEST_true(SSL_CTX_set_ciphersuites(cctx
, "TLS_AES_128_GCM_SHA256")))
504 || !TEST_true(qtest_create_quic_objects(libctx
, cctx
, NULL
, cert
,
506 QTEST_FLAG_FAKE_TIME
,
508 &clientquic
, NULL
, NULL
)))
511 SSL_set_msg_callback(clientquic
, SSL_trace
);
512 SSL_set_msg_callback_arg(clientquic
, bio
);
514 if (!TEST_true(qtest_create_quic_connection(qtserv
, clientquic
)))
517 if (!TEST_true(compare_with_file(bio
)))
522 ossl_quic_tserver_free(qtserv
);
523 SSL_free(clientquic
);
531 static int ensure_valid_ciphers(const STACK_OF(SSL_CIPHER
) *ciphers
)
535 /* Ensure ciphersuite list is suitably subsetted. */
536 for (i
= 0; i
< (size_t)sk_SSL_CIPHER_num(ciphers
); ++i
) {
537 const SSL_CIPHER
*cipher
= sk_SSL_CIPHER_value(ciphers
, i
);
538 switch (SSL_CIPHER_get_id(cipher
)) {
539 case TLS1_3_CK_AES_128_GCM_SHA256
:
540 case TLS1_3_CK_AES_256_GCM_SHA384
:
541 case TLS1_3_CK_CHACHA20_POLY1305_SHA256
:
544 TEST_error("forbidden cipher: %s", SSL_CIPHER_get_name(cipher
));
553 * Test that handshake-layer APIs which shouldn't work don't work with QUIC.
555 static int test_quic_forbidden_apis_ctx(void)
560 if (!TEST_ptr(ctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method())))
563 #ifndef OPENSSL_NO_SRTP
564 /* This function returns 0 on success and 1 on error, and should fail. */
565 if (!TEST_true(SSL_CTX_set_tlsext_use_srtp(ctx
, "SRTP_AEAD_AES_128_GCM")))
570 * List of ciphersuites we do and don't allow in QUIC.
572 #define QUIC_CIPHERSUITES \
573 "TLS_AES_128_GCM_SHA256:" \
574 "TLS_AES_256_GCM_SHA384:" \
575 "TLS_CHACHA20_POLY1305_SHA256"
577 #define NON_QUIC_CIPHERSUITES \
578 "TLS_AES_128_CCM_SHA256:" \
579 "TLS_AES_256_CCM_SHA384:" \
580 "TLS_AES_128_CCM_8_SHA256"
582 /* Set TLSv1.3 ciphersuite list for the SSL_CTX. */
583 if (!TEST_true(SSL_CTX_set_ciphersuites(ctx
,
584 QUIC_CIPHERSUITES
":"
585 NON_QUIC_CIPHERSUITES
)))
589 * Forbidden ciphersuites should show up in SSL_CTX accessors, they are only
590 * filtered in SSL_get1_supported_ciphers, so we don't check for
591 * non-inclusion here.
600 static int test_quic_forbidden_apis(void)
605 STACK_OF(SSL_CIPHER
) *ciphers
= NULL
;
607 if (!TEST_ptr(ctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method())))
610 if (!TEST_ptr(ssl
= SSL_new(ctx
)))
613 #ifndef OPENSSL_NO_SRTP
614 /* This function returns 0 on success and 1 on error, and should fail. */
615 if (!TEST_true(SSL_set_tlsext_use_srtp(ssl
, "SRTP_AEAD_AES_128_GCM")))
619 /* Set TLSv1.3 ciphersuite list for the SSL_CTX. */
620 if (!TEST_true(SSL_set_ciphersuites(ssl
,
621 QUIC_CIPHERSUITES
":"
622 NON_QUIC_CIPHERSUITES
)))
625 /* Non-QUIC ciphersuites must not appear in supported ciphers list. */
626 if (!TEST_ptr(ciphers
= SSL_get1_supported_ciphers(ssl
))
627 || !TEST_true(ensure_valid_ciphers(ciphers
)))
632 sk_SSL_CIPHER_free(ciphers
);
638 static int test_quic_forbidden_options(void)
646 if (!TEST_ptr(ctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method())))
649 /* QUIC options restrictions do not affect SSL_CTX */
650 SSL_CTX_set_options(ctx
, UINT64_MAX
);
652 if (!TEST_uint64_t_eq(SSL_CTX_get_options(ctx
), UINT64_MAX
))
655 /* Set options on CTX which should not be inherited (tested below). */
656 SSL_CTX_set_read_ahead(ctx
, 1);
657 SSL_CTX_set_max_early_data(ctx
, 1);
658 SSL_CTX_set_recv_max_early_data(ctx
, 1);
659 SSL_CTX_set_quiet_shutdown(ctx
, 1);
661 if (!TEST_ptr(ssl
= SSL_new(ctx
)))
664 /* Only permitted options get transferred to SSL object */
665 if (!TEST_uint64_t_eq(SSL_get_options(ssl
), OSSL_QUIC_PERMITTED_OPTIONS
))
668 /* Try again using SSL_set_options */
669 SSL_set_options(ssl
, UINT64_MAX
);
671 if (!TEST_uint64_t_eq(SSL_get_options(ssl
), OSSL_QUIC_PERMITTED_OPTIONS
))
674 /* Clear everything */
675 SSL_clear_options(ssl
, UINT64_MAX
);
677 if (!TEST_uint64_t_eq(SSL_get_options(ssl
), 0))
681 if (!TEST_false(SSL_get_read_ahead(ssl
)))
684 SSL_set_read_ahead(ssl
, 1);
685 if (!TEST_false(SSL_get_read_ahead(ssl
)))
689 if (!TEST_true(SSL_set_block_padding(ssl
, 0))
690 || !TEST_true(SSL_set_block_padding(ssl
, 1))
691 || !TEST_false(SSL_set_block_padding(ssl
, 2)))
694 /* Max fragment length */
695 if (!TEST_true(SSL_set_tlsext_max_fragment_length(ssl
, TLSEXT_max_fragment_length_DISABLED
))
696 || !TEST_false(SSL_set_tlsext_max_fragment_length(ssl
, TLSEXT_max_fragment_length_512
)))
700 if (!TEST_false(SSL_set_recv_max_early_data(ssl
, 1))
701 || !TEST_false(SSL_set_max_early_data(ssl
, 1)))
705 if (!TEST_false(SSL_read_early_data(ssl
, buf
, sizeof(buf
), &len
))
706 || !TEST_false(SSL_write_early_data(ssl
, buf
, sizeof(buf
), &len
)))
709 /* Buffer Management */
710 if (!TEST_true(SSL_alloc_buffers(ssl
))
711 || !TEST_false(SSL_free_buffers(ssl
)))
715 if (!TEST_false(SSL_set_max_send_fragment(ssl
, 2))
716 || !TEST_false(SSL_set_split_send_fragment(ssl
, 2))
717 || !TEST_false(SSL_set_max_pipelines(ssl
, 2)))
721 if (!TEST_false(SSL_stateless(ssl
)))
725 if (!TEST_false(SSL_get_quiet_shutdown(ssl
)))
729 if (!TEST_ptr_null(SSL_dup(ssl
)))
733 if (!TEST_false(SSL_clear(ssl
)))
743 static int test_quic_set_fd(int idx
)
748 int fd
= -1, resfd
= -1;
751 if (!TEST_ptr(ctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method())))
754 if (!TEST_ptr(ssl
= SSL_new(ctx
)))
757 if (!TEST_int_ge(fd
= BIO_socket(AF_INET
, SOCK_DGRAM
, IPPROTO_UDP
, 0), 0))
761 if (!TEST_true(SSL_set_fd(ssl
, fd
)))
763 if (!TEST_ptr(bio
= SSL_get_rbio(ssl
)))
765 if (!TEST_ptr_eq(bio
, SSL_get_wbio(ssl
)))
767 } else if (idx
== 1) {
768 if (!TEST_true(SSL_set_rfd(ssl
, fd
)))
770 if (!TEST_ptr(bio
= SSL_get_rbio(ssl
)))
772 if (!TEST_ptr_null(SSL_get_wbio(ssl
)))
775 if (!TEST_true(SSL_set_wfd(ssl
, fd
)))
777 if (!TEST_ptr(bio
= SSL_get_wbio(ssl
)))
779 if (!TEST_ptr_null(SSL_get_rbio(ssl
)))
783 if (!TEST_int_eq(BIO_method_type(bio
), BIO_TYPE_DGRAM
))
786 if (!TEST_true(BIO_get_fd(bio
, &resfd
))
787 || !TEST_int_eq(resfd
, fd
))
799 #define MAXLOOPS 1000
801 static int test_bio_ssl(void)
804 * We just use OSSL_QUIC_client_method() rather than
805 * OSSL_QUIC_client_thread_method(). We will never leave the connection idle
806 * so we will always be implicitly handling time events anyway via other
809 SSL_CTX
*cctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method());
810 SSL
*clientquic
= NULL
, *stream
= NULL
;
811 QUIC_TSERVER
*qtserv
= NULL
;
813 BIO
*cbio
= NULL
, *strbio
= NULL
, *thisbio
;
814 const char *msg
= "Hello world";
815 int abortctr
= 0, err
, clienterr
= 0, servererr
= 0, retc
= 0, rets
= 0;
816 size_t written
, readbytes
, msglen
;
818 unsigned char buf
[80];
823 cbio
= BIO_new_ssl(cctx
, 1);
828 * We must configure the ALPN/peer address etc so we get the SSL object in
829 * order to pass it to qtest_create_quic_objects for configuration.
831 if (!TEST_int_eq(BIO_get_ssl(cbio
, &clientquic
), 1))
834 if (!TEST_true(qtest_create_quic_objects(libctx
, NULL
, NULL
, cert
, privkey
,
835 0, &qtserv
, &clientquic
, NULL
,
839 msglen
= strlen(msg
);
842 err
= BIO_FLAGS_WRITE
;
843 while (!clienterr
&& !retc
&& err
== BIO_FLAGS_WRITE
) {
844 retc
= BIO_write_ex(cbio
, msg
, msglen
, &written
);
846 if (BIO_should_retry(cbio
))
847 err
= BIO_retry_type(cbio
);
853 if (!clienterr
&& retc
<= 0 && err
!= BIO_FLAGS_READ
) {
854 TEST_info("BIO_write_ex() failed %d, %d", retc
, err
);
855 TEST_openssl_errors();
859 if (!servererr
&& rets
<= 0) {
860 ossl_quic_tserver_tick(qtserv
);
861 servererr
= ossl_quic_tserver_is_term_any(qtserv
);
863 rets
= ossl_quic_tserver_is_handshake_confirmed(qtserv
);
866 if (clienterr
&& servererr
)
869 if (++abortctr
== MAXLOOPS
) {
870 TEST_info("No progress made");
873 } while ((!retc
&& !clienterr
) || (rets
<= 0 && !servererr
));
876 * 2 loops: The first using the default stream, and the second using a new
877 * client initiated bidi stream.
879 for (i
= 0, thisbio
= cbio
; i
< 2; i
++) {
880 if (!TEST_true(ossl_quic_tserver_read(qtserv
, sid
, buf
, sizeof(buf
),
882 || !TEST_mem_eq(msg
, msglen
, buf
, readbytes
))
885 if (!TEST_true(ossl_quic_tserver_write(qtserv
, sid
, (unsigned char *)msg
,
888 ossl_quic_tserver_tick(qtserv
);
890 if (!TEST_true(BIO_read_ex(thisbio
, buf
, sizeof(buf
), &readbytes
))
891 || !TEST_mem_eq(msg
, msglen
, buf
, readbytes
))
898 * Now create a new stream and repeat. The bottom two bits of the stream
899 * id represents whether the stream is bidi and whether it is client
900 * initiated or not. For client initiated bidi they are both 0. So the
901 * first client initiated bidi stream is 0 and the next one is 4.
904 stream
= SSL_new_stream(clientquic
, 0);
905 if (!TEST_ptr(stream
))
908 thisbio
= strbio
= BIO_new(BIO_f_ssl());
909 if (!TEST_ptr(strbio
))
912 if (!TEST_int_eq(BIO_set_ssl(thisbio
, stream
, BIO_CLOSE
), 1))
916 if (!TEST_true(BIO_write_ex(thisbio
, msg
, msglen
, &written
)))
919 ossl_quic_tserver_tick(qtserv
);
925 BIO_free_all(strbio
);
927 ossl_quic_tserver_free(qtserv
);
933 #define BACK_PRESSURE_NUM_LOOPS 10000
935 * Test that sending data from the client to the server faster than the server
936 * can process it eventually results in back pressure on the client.
938 static int test_back_pressure(void)
940 SSL_CTX
*cctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method());
941 SSL
*clientquic
= NULL
;
942 QUIC_TSERVER
*qtserv
= NULL
;
944 unsigned char *msg
= NULL
;
945 const size_t msglen
= 1024;
946 unsigned char buf
[64];
947 size_t readbytes
, written
;
951 || !TEST_true(qtest_create_quic_objects(libctx
, cctx
, NULL
, cert
,
953 &clientquic
, NULL
, NULL
))
954 || !TEST_true(qtest_create_quic_connection(qtserv
, clientquic
)))
957 msg
= OPENSSL_malloc(msglen
);
960 if (!TEST_int_eq(RAND_bytes_ex(libctx
, msg
, msglen
, 0), 1))
964 * Limit to 10000 loops. If we've not seen any back pressure after that
965 * we're going to run out of memory, so abort.
967 for (i
= 0; i
< BACK_PRESSURE_NUM_LOOPS
; i
++) {
968 /* Send data from the client */
969 if (!SSL_write_ex(clientquic
, msg
, msglen
, &written
)) {
970 /* Check if we are seeing back pressure */
971 if (SSL_get_error(clientquic
, 0) == SSL_ERROR_WANT_WRITE
)
973 TEST_error("Unexpected client failure");
977 /* Receive data at the server */
978 ossl_quic_tserver_tick(qtserv
);
979 if (!TEST_true(ossl_quic_tserver_read(qtserv
, 0, buf
, sizeof(buf
),
984 if (i
== BACK_PRESSURE_NUM_LOOPS
) {
985 TEST_error("No back pressure seen");
991 SSL_free(clientquic
);
992 ossl_quic_tserver_free(qtserv
);
1000 static int dgram_ctr
= 0;
1002 static void dgram_cb(int write_p
, int version
, int content_type
,
1003 const void *buf
, size_t msglen
, SSL
*ssl
, void *arg
)
1008 if (content_type
!= SSL3_RT_QUIC_DATAGRAM
)
1014 /* Test that we send multiple datagrams in one go when appropriate */
1015 static int test_multiple_dgrams(void)
1017 SSL_CTX
*cctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method());
1018 SSL
*clientquic
= NULL
;
1019 QUIC_TSERVER
*qtserv
= NULL
;
1022 const size_t buflen
= 1400;
1025 buf
= OPENSSL_zalloc(buflen
);
1029 || !TEST_true(qtest_create_quic_objects(libctx
, cctx
, NULL
, cert
,
1030 privkey
, 0, &qtserv
,
1031 &clientquic
, NULL
, NULL
))
1032 || !TEST_true(qtest_create_quic_connection(qtserv
, clientquic
)))
1036 SSL_set_msg_callback(clientquic
, dgram_cb
);
1037 if (!TEST_true(SSL_write_ex(clientquic
, buf
, buflen
, &written
))
1038 || !TEST_size_t_eq(written
, buflen
)
1039 /* We wrote enough data for 2 datagrams */
1040 || !TEST_int_eq(dgram_ctr
, 2))
1046 SSL_free(clientquic
);
1047 ossl_quic_tserver_free(qtserv
);
1053 static int non_io_retry_cert_verify_cb(X509_STORE_CTX
*ctx
, void *arg
)
1055 int idx
= SSL_get_ex_data_X509_STORE_CTX_idx();
1057 int *ctr
= (int *)arg
;
1059 /* this should not happen but check anyway */
1061 || (ssl
= X509_STORE_CTX_get_ex_data(ctx
, idx
)) == NULL
)
1064 /* If this is the first time we've been called then retry */
1065 if (((*ctr
)++) == 0)
1066 return SSL_set_retry_verify(ssl
);
1068 /* Otherwise do nothing - verification succeeds. Continue as normal */
1072 /* Test that we can handle a non-io related retry error
1073 * Test 0: Non-blocking
1076 static int test_non_io_retry(int idx
)
1079 SSL
*clientquic
= NULL
;
1080 QUIC_TSERVER
*qtserv
= NULL
;
1082 int flags
= 0, ctr
= 0;
1084 if (idx
>= 1 && !qtest_supports_blocking())
1085 return TEST_skip("Blocking tests not supported in this build");
1087 cctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method());
1088 if (!TEST_ptr(cctx
))
1091 SSL_CTX_set_cert_verify_callback(cctx
, non_io_retry_cert_verify_cb
, &ctr
);
1093 flags
= (idx
>= 1) ? QTEST_FLAG_BLOCK
: 0;
1094 if (!TEST_true(qtest_create_quic_objects(libctx
, cctx
, NULL
, cert
, privkey
,
1095 flags
, &qtserv
, &clientquic
, NULL
,
1097 || !TEST_true(qtest_create_quic_connection_ex(qtserv
, clientquic
,
1098 SSL_ERROR_WANT_RETRY_VERIFY
))
1099 || !TEST_int_eq(SSL_want(clientquic
), SSL_RETRY_VERIFY
)
1100 || !TEST_true(qtest_create_quic_connection(qtserv
, clientquic
)))
1105 SSL_free(clientquic
);
1106 ossl_quic_tserver_free(qtserv
);
1112 static int use_session_cb_cnt
= 0;
1113 static int find_session_cb_cnt
= 0;
1114 static const char *pskid
= "Identity";
1115 static SSL_SESSION
*serverpsk
= NULL
, *clientpsk
= NULL
;
1117 static int use_session_cb(SSL
*ssl
, const EVP_MD
*md
, const unsigned char **id
,
1118 size_t *idlen
, SSL_SESSION
**sess
)
1120 use_session_cb_cnt
++;
1122 if (clientpsk
== NULL
)
1125 SSL_SESSION_up_ref(clientpsk
);
1128 *id
= (const unsigned char *)pskid
;
1129 *idlen
= strlen(pskid
);
1134 static int find_session_cb(SSL
*ssl
, const unsigned char *identity
,
1135 size_t identity_len
, SSL_SESSION
**sess
)
1137 find_session_cb_cnt
++;
1139 if (serverpsk
== NULL
)
1142 /* Identity should match that set by the client */
1143 if (strlen(pskid
) != identity_len
1144 || strncmp(pskid
, (const char *)identity
, identity_len
) != 0)
1147 SSL_SESSION_up_ref(serverpsk
);
1153 static int test_quic_psk(void)
1155 SSL_CTX
*cctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method());
1156 SSL
*clientquic
= NULL
;
1157 QUIC_TSERVER
*qtserv
= NULL
;
1161 /* No cert or private key for the server, i.e. PSK only */
1162 || !TEST_true(qtest_create_quic_objects(libctx
, cctx
, NULL
, NULL
,
1164 &clientquic
, NULL
, NULL
)))
1167 SSL_set_psk_use_session_callback(clientquic
, use_session_cb
);
1168 ossl_quic_tserver_set_psk_find_session_cb(qtserv
, find_session_cb
);
1169 use_session_cb_cnt
= 0;
1170 find_session_cb_cnt
= 0;
1172 clientpsk
= serverpsk
= create_a_psk(clientquic
, SHA384_DIGEST_LENGTH
);
1173 if (!TEST_ptr(clientpsk
))
1175 /* We already had one ref. Add another one */
1176 SSL_SESSION_up_ref(clientpsk
);
1178 if (!TEST_true(qtest_create_quic_connection(qtserv
, clientquic
))
1179 || !TEST_int_eq(1, find_session_cb_cnt
)
1180 || !TEST_int_eq(1, use_session_cb_cnt
)
1181 /* Check that we actually used the PSK */
1182 || !TEST_true(SSL_session_reused(clientquic
)))
1188 SSL_free(clientquic
);
1189 ossl_quic_tserver_free(qtserv
);
1191 SSL_SESSION_free(clientpsk
);
1192 SSL_SESSION_free(serverpsk
);
1193 clientpsk
= serverpsk
= NULL
;
1198 static int test_client_auth(int idx
)
1200 SSL_CTX
*cctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method());
1201 SSL_CTX
*sctx
= SSL_CTX_new_ex(libctx
, NULL
, TLS_method());
1202 SSL
*clientquic
= NULL
;
1203 QUIC_TSERVER
*qtserv
= NULL
;
1205 unsigned char buf
[20];
1206 static char *msg
= "A test message";
1207 size_t msglen
= strlen(msg
);
1208 size_t numbytes
= 0;
1210 if (!TEST_ptr(cctx
) || !TEST_ptr(sctx
))
1213 SSL_CTX_set_verify(sctx
, SSL_VERIFY_PEER
| SSL_VERIFY_FAIL_IF_NO_PEER_CERT
1214 | SSL_VERIFY_CLIENT_ONCE
, NULL
);
1216 if (!TEST_true(SSL_CTX_load_verify_file(sctx
, cauthca
)))
1220 && (!TEST_true(SSL_CTX_use_certificate_chain_file(cctx
, ccert
))
1221 || !TEST_true(SSL_CTX_use_PrivateKey_file(cctx
, cprivkey
,
1222 SSL_FILETYPE_PEM
))))
1225 if (!TEST_true(qtest_create_quic_objects(libctx
, cctx
, sctx
, cert
,
1226 privkey
, 0, &qtserv
,
1227 &clientquic
, NULL
, NULL
)))
1231 if (!TEST_false(qtest_create_quic_connection(qtserv
, clientquic
)))
1234 /* negative test passed */
1239 if (!TEST_true(qtest_create_quic_connection(qtserv
, clientquic
)))
1242 /* Check that sending and receiving app data is ok */
1243 if (!TEST_true(SSL_write_ex(clientquic
, msg
, msglen
, &numbytes
))
1244 || !TEST_size_t_eq(numbytes
, msglen
))
1247 ossl_quic_tserver_tick(qtserv
);
1248 if (!TEST_true(ossl_quic_tserver_write(qtserv
, 0,
1249 (unsigned char *)msg
,
1250 msglen
, &numbytes
)))
1253 ossl_quic_tserver_tick(qtserv
);
1254 SSL_handle_events(clientquic
);
1256 if (!TEST_true(SSL_read_ex(clientquic
, buf
, sizeof(buf
), &numbytes
))
1257 || !TEST_size_t_eq(numbytes
, msglen
)
1258 || !TEST_mem_eq(buf
, numbytes
, msg
, msglen
))
1261 if (!TEST_true(qtest_shutdown(qtserv
, clientquic
)))
1267 SSL_free(clientquic
);
1268 ossl_quic_tserver_free(qtserv
);
1276 * Test that we correctly handle ALPN supplied by the application
1277 * Test 0: ALPN is provided
1278 * Test 1: No ALPN is provided
1280 static int test_alpn(int idx
)
1282 SSL_CTX
*cctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method());
1283 SSL
*clientquic
= NULL
;
1284 QUIC_TSERVER
*qtserv
= NULL
;
1289 * Ensure we only configure ciphersuites that are available with both the
1290 * default and fips providers to get the same output in both cases
1292 if (!TEST_true(SSL_CTX_set_ciphersuites(cctx
, "TLS_AES_128_GCM_SHA256")))
1296 || !TEST_true(qtest_create_quic_objects(libctx
, cctx
, NULL
, cert
,
1298 QTEST_FLAG_FAKE_TIME
,
1300 &clientquic
, NULL
, NULL
)))
1305 * Clear the ALPN we set in qtest_create_quic_objects. We use TEST_false
1306 * because SSL_set_alpn_protos returns 0 for success.
1308 if (!TEST_false(SSL_set_alpn_protos(clientquic
, NULL
, 0)))
1312 ret
= SSL_connect(clientquic
);
1313 if (!TEST_int_le(ret
, 0))
1316 /* We expect an immediate error due to lack of ALPN */
1317 if (!TEST_int_eq(SSL_get_error(clientquic
, ret
), SSL_ERROR_SSL
))
1320 /* ALPN was provided so we expect the connection to succeed */
1321 if (!TEST_int_eq(SSL_get_error(clientquic
, ret
), SSL_ERROR_WANT_READ
)
1322 || !TEST_true(qtest_create_quic_connection(qtserv
, clientquic
)))
1328 ossl_quic_tserver_free(qtserv
);
1329 SSL_free(clientquic
);
1335 #define MAX_LOOPS 2000
1338 * Keep retrying SSL_read_ex until it succeeds or we give up. Accept a stream
1339 * if we don't already have one
1341 static int unreliable_client_read(SSL
*clientquic
, SSL
**stream
, void *buf
,
1342 size_t buflen
, size_t *readbytes
,
1343 QUIC_TSERVER
*qtserv
)
1347 /* We just do this in a loop with a sleep for simplicity */
1348 for (abortctr
= 0; abortctr
< MAX_LOOPS
; abortctr
++) {
1349 if (*stream
== NULL
) {
1350 SSL_handle_events(clientquic
);
1351 *stream
= SSL_accept_stream(clientquic
, 0);
1354 if (*stream
!= NULL
) {
1355 if (SSL_read_ex(*stream
, buf
, buflen
, readbytes
))
1357 if (!TEST_int_eq(SSL_get_error(*stream
, 0), SSL_ERROR_WANT_READ
))
1360 ossl_quic_tserver_tick(qtserv
);
1362 qtest_wait_for_timeout(clientquic
, qtserv
);
1365 TEST_error("No progress made");
1369 /* Keep retrying ossl_quic_tserver_read until it succeeds or we give up */
1370 static int unreliable_server_read(QUIC_TSERVER
*qtserv
, uint64_t sid
,
1371 void *buf
, size_t buflen
, size_t *readbytes
,
1376 /* We just do this in a loop with a sleep for simplicity */
1377 for (abortctr
= 0; abortctr
< MAX_LOOPS
; abortctr
++) {
1378 if (ossl_quic_tserver_read(qtserv
, sid
, buf
, buflen
, readbytes
)
1381 ossl_quic_tserver_tick(qtserv
);
1382 SSL_handle_events(clientquic
);
1384 qtest_wait_for_timeout(clientquic
, qtserv
);
1387 TEST_error("No progress made");
1392 * Create a connection and send data using an unreliable transport. We introduce
1393 * random noise to drop, delay and duplicate datagrams.
1394 * Test 0: Introduce random noise to datagrams
1395 * Test 1: As with test 0 but also split datagrams containing multiple packets
1396 * into individual datagrams so that individual packets can be affected
1397 * by noise - not just a whole datagram.
1399 static int test_noisy_dgram(int idx
)
1401 SSL_CTX
*cctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method());
1402 SSL
*clientquic
= NULL
, *stream
[2] = { NULL
, NULL
};
1403 QUIC_TSERVER
*qtserv
= NULL
;
1406 char *msg
= "Hello world!";
1407 size_t msglen
= strlen(msg
), written
, readbytes
, i
, j
;
1408 unsigned char buf
[80];
1409 int flags
= QTEST_FLAG_NOISE
| QTEST_FLAG_FAKE_TIME
;
1412 flags
|= QTEST_FLAG_PACKET_SPLIT
;
1415 || !TEST_true(qtest_create_quic_objects(libctx
, cctx
, NULL
, cert
,
1418 &clientquic
, NULL
, NULL
)))
1421 if (!TEST_true(qtest_create_quic_connection(qtserv
, clientquic
)))
1424 if (!TEST_true(SSL_set_incoming_stream_policy(clientquic
,
1425 SSL_INCOMING_STREAM_POLICY_ACCEPT
,
1427 || !TEST_true(SSL_set_default_stream_mode(clientquic
,
1428 SSL_DEFAULT_STREAM_MODE_NONE
)))
1431 for (j
= 0; j
< 2; j
++) {
1432 if (!TEST_true(ossl_quic_tserver_stream_new(qtserv
, 0, &sid
)))
1434 ossl_quic_tserver_tick(qtserv
);
1438 * Send data from the server to the client. Some datagrams may get lost,
1439 * dropped or re-ordered. We repeat 10 times to ensure we are sending
1440 * enough datagrams for problems to be noticed.
1442 for (i
= 0; i
< 10; i
++) {
1443 if (!TEST_true(ossl_quic_tserver_write(qtserv
, sid
,
1444 (unsigned char *)msg
, msglen
,
1446 || !TEST_size_t_eq(msglen
, written
))
1448 ossl_quic_tserver_tick(qtserv
);
1452 * Since the underlying BIO is now noisy we may get failures that
1453 * need to be retried - so we use unreliable_client_read() to handle
1456 if (!TEST_true(unreliable_client_read(clientquic
, &stream
[j
], buf
,
1457 sizeof(buf
), &readbytes
,
1459 || !TEST_mem_eq(msg
, msglen
, buf
, readbytes
))
1463 /* Send data from the client to the server */
1464 for (i
= 0; i
< 10; i
++) {
1465 if (!TEST_true(SSL_write_ex(stream
[j
], (unsigned char *)msg
,
1467 || !TEST_size_t_eq(msglen
, written
))
1470 ossl_quic_tserver_tick(qtserv
);
1474 * Since the underlying BIO is now noisy we may get failures that
1475 * need to be retried - so we use unreliable_server_read() to handle
1478 if (!TEST_true(unreliable_server_read(qtserv
, sid
, buf
, sizeof(buf
),
1479 &readbytes
, clientquic
))
1480 || !TEST_mem_eq(msg
, msglen
, buf
, readbytes
))
1487 ossl_quic_tserver_free(qtserv
);
1488 SSL_free(stream
[0]);
1489 SSL_free(stream
[1]);
1490 SSL_free(clientquic
);
1497 OPT_TEST_DECLARE_USAGE("provider config certsdir datadir\n")
1499 int setup_tests(void)
1504 libctx
= OSSL_LIB_CTX_new();
1505 if (!TEST_ptr(libctx
))
1508 defctxnull
= OSSL_PROVIDER_load(NULL
, "null");
1511 * Verify that the default and fips providers in the default libctx are not
1514 if (!TEST_false(OSSL_PROVIDER_available(NULL
, "default"))
1515 || !TEST_false(OSSL_PROVIDER_available(NULL
, "fips")))
1518 if (!test_skip_common_options()) {
1519 TEST_error("Error parsing test options\n");
1523 if (!TEST_ptr(modulename
= test_get_argument(0))
1524 || !TEST_ptr(configfile
= test_get_argument(1))
1525 || !TEST_ptr(certsdir
= test_get_argument(2))
1526 || !TEST_ptr(datadir
= test_get_argument(3)))
1529 if (!TEST_true(OSSL_LIB_CTX_load_config(libctx
, configfile
)))
1532 /* Check we have the expected provider available */
1533 if (!TEST_true(OSSL_PROVIDER_available(libctx
, modulename
)))
1536 /* Check the default provider is not available */
1537 if (strcmp(modulename
, "default") != 0
1538 && !TEST_false(OSSL_PROVIDER_available(libctx
, "default")))
1541 if (strcmp(modulename
, "fips") == 0)
1544 cert
= test_mk_file_path(certsdir
, "servercert.pem");
1548 ccert
= test_mk_file_path(certsdir
, "ee-client-chain.pem");
1552 cauthca
= test_mk_file_path(certsdir
, "root-cert.pem");
1553 if (cauthca
== NULL
)
1556 privkey
= test_mk_file_path(certsdir
, "serverkey.pem");
1557 if (privkey
== NULL
)
1560 cprivkey
= test_mk_file_path(certsdir
, "ee-key.pem");
1561 if (privkey
== NULL
)
1564 ADD_ALL_TESTS(test_quic_write_read
, 3);
1565 ADD_TEST(test_fin_only_blocking
);
1566 ADD_TEST(test_ciphersuites
);
1567 ADD_TEST(test_cipher_find
);
1568 ADD_TEST(test_version
);
1569 #if defined(DO_SSL_TRACE_TEST)
1570 ADD_TEST(test_ssl_trace
);
1572 ADD_TEST(test_quic_forbidden_apis_ctx
);
1573 ADD_TEST(test_quic_forbidden_apis
);
1574 ADD_TEST(test_quic_forbidden_options
);
1575 ADD_ALL_TESTS(test_quic_set_fd
, 3);
1576 ADD_TEST(test_bio_ssl
);
1577 ADD_TEST(test_back_pressure
);
1578 ADD_TEST(test_multiple_dgrams
);
1579 ADD_ALL_TESTS(test_non_io_retry
, 2);
1580 ADD_TEST(test_quic_psk
);
1581 ADD_ALL_TESTS(test_client_auth
, 2);
1582 ADD_ALL_TESTS(test_alpn
, 2);
1583 ADD_ALL_TESTS(test_noisy_dgram
, 2);
1591 void cleanup_tests(void)
1593 bio_f_noisy_dgram_filter_free();
1594 bio_f_pkt_split_dgram_filter_free();
1596 OPENSSL_free(privkey
);
1597 OPENSSL_free(ccert
);
1598 OPENSSL_free(cauthca
);
1599 OPENSSL_free(cprivkey
);
1600 OSSL_PROVIDER_unload(defctxnull
);
1601 OSSL_LIB_CTX_free(libctx
);