2 * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
13 #include <openssl/opensslconf.h>
14 #include <openssl/quic.h>
16 #include "helpers/ssltestlib.h"
17 #include "helpers/quictestlib.h"
19 #include "testutil/output.h"
21 static OSSL_LIB_CTX
*libctx
= NULL
;
22 static OSSL_PROVIDER
*defctxnull
= NULL
;
23 static char *certsdir
= NULL
;
24 static char *cert
= NULL
;
25 static char *privkey
= NULL
;
27 static int is_fips
= 0;
30 * Test that we read what we've written.
31 * Test 0: Non-blocking
34 static int test_quic_write_read(int idx
)
36 SSL_CTX
*cctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method());
37 SSL
*clientquic
= NULL
;
38 QUIC_TSERVER
*qtserv
= NULL
;
40 unsigned char buf
[20];
41 static char *msg
= "A test message";
42 size_t msglen
= strlen(msg
);
44 int ssock
= 0, csock
= 0;
45 uint64_t sid
= UINT64_MAX
;
47 if (idx
== 1 && !qtest_supports_blocking())
48 return TEST_skip("Blocking tests not supported in this build");
51 || !TEST_true(qtest_create_quic_objects(libctx
, cctx
, cert
, privkey
,
52 idx
, &qtserv
, &clientquic
,
54 || !TEST_true(SSL_set_tlsext_host_name(clientquic
, "localhost"))
55 || !TEST_true(qtest_create_quic_connection(qtserv
, clientquic
)))
59 if (!TEST_true(BIO_get_fd(ossl_quic_tserver_get0_rbio(qtserv
), &ssock
)))
61 if (!TEST_int_gt(csock
= SSL_get_rfd(clientquic
), 0))
65 sid
= 0; /* client-initiated bidirectional stream */
67 for (j
= 0; j
< 2; j
++) {
68 /* Check that sending and receiving app data is ok */
69 if (!TEST_true(SSL_write_ex(clientquic
, msg
, msglen
, &numbytes
))
70 || !TEST_size_t_eq(numbytes
, msglen
))
74 if (!TEST_true(wait_until_sock_readable(ssock
)))
77 ossl_quic_tserver_tick(qtserv
);
79 if (!TEST_true(ossl_quic_tserver_read(qtserv
, sid
, buf
, sizeof(buf
),
82 } while (numbytes
== 0);
84 if (!TEST_mem_eq(buf
, numbytes
, msg
, msglen
))
88 ossl_quic_tserver_tick(qtserv
);
89 if (!TEST_true(ossl_quic_tserver_write(qtserv
, sid
, (unsigned char *)msg
,
92 ossl_quic_tserver_tick(qtserv
);
95 * In blocking mode the SSL_read_ex call will block until the socket is
96 * readable and has our data. In non-blocking mode we're doing everything
97 * in memory, so it should be immediately available
99 if (!TEST_true(SSL_read_ex(clientquic
, buf
, 1, &numbytes
))
100 || !TEST_size_t_eq(numbytes
, 1)
101 || !TEST_true(SSL_has_pending(clientquic
))
102 || !TEST_int_eq(SSL_pending(clientquic
), msglen
- 1)
103 || !TEST_true(SSL_read_ex(clientquic
, buf
+ 1, sizeof(buf
) - 1, &numbytes
))
104 || !TEST_mem_eq(buf
, numbytes
+ 1, msg
, msglen
))
108 if (!TEST_true(qtest_shutdown(qtserv
, clientquic
)))
114 ossl_quic_tserver_free(qtserv
);
115 SSL_free(clientquic
);
121 /* Test that a vanilla QUIC SSL object has the expected ciphersuites available */
122 static int test_ciphersuites(void)
124 SSL_CTX
*ctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method());
127 const STACK_OF(SSL_CIPHER
) *ciphers
= NULL
;
128 const SSL_CIPHER
*cipher
;
129 /* We expect this exact list of ciphersuites by default */
131 TLS1_3_CK_AES_256_GCM_SHA384
,
132 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
133 TLS1_3_CK_CHACHA20_POLY1305_SHA256
,
135 TLS1_3_CK_AES_128_GCM_SHA256
146 ciphers
= SSL_get_ciphers(ssl
);
148 for (i
= 0, j
= 0; i
< OSSL_NELEM(cipherids
); i
++) {
149 if (cipherids
[i
] == TLS1_3_CK_CHACHA20_POLY1305_SHA256
&& is_fips
)
151 cipher
= sk_SSL_CIPHER_value(ciphers
, j
++);
152 if (!TEST_ptr(cipher
))
154 if (!TEST_uint_eq(SSL_CIPHER_get_id(cipher
), cipherids
[i
]))
158 /* We should have checked all the ciphers in the stack */
159 if (!TEST_int_eq(sk_SSL_CIPHER_num(ciphers
), j
))
171 * Test that SSL_version, SSL_get_version, SSL_is_quic, SSL_is_tls and
172 * SSL_is_dtls return the expected results for a QUIC connection. Compare with
173 * test_version() in sslapitest.c which does the same thing for TLS/DTLS
176 static int test_version(void)
178 SSL_CTX
*cctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method());
179 SSL
*clientquic
= NULL
;
180 QUIC_TSERVER
*qtserv
= NULL
;
184 || !TEST_true(qtest_create_quic_objects(libctx
, cctx
, cert
, privkey
,
185 0, &qtserv
, &clientquic
,
187 || !TEST_true(qtest_create_quic_connection(qtserv
, clientquic
)))
190 if (!TEST_int_eq(SSL_version(clientquic
), OSSL_QUIC1_VERSION
)
191 || !TEST_str_eq(SSL_get_version(clientquic
), "QUICv1"))
194 if (!TEST_true(SSL_is_quic(clientquic
))
195 || !TEST_false(SSL_is_tls(clientquic
))
196 || !TEST_false(SSL_is_dtls(clientquic
)))
202 ossl_quic_tserver_free(qtserv
);
203 SSL_free(clientquic
);
209 OPT_TEST_DECLARE_USAGE("provider config\n")
211 int setup_tests(void)
216 libctx
= OSSL_LIB_CTX_new();
217 if (!TEST_ptr(libctx
))
220 defctxnull
= OSSL_PROVIDER_load(NULL
, "null");
223 * Verify that the default and fips providers in the default libctx are not
226 if (!TEST_false(OSSL_PROVIDER_available(NULL
, "default"))
227 || !TEST_false(OSSL_PROVIDER_available(NULL
, "fips")))
230 if (!test_skip_common_options()) {
231 TEST_error("Error parsing test options\n");
235 if (!TEST_ptr(modulename
= test_get_argument(0))
236 || !TEST_ptr(configfile
= test_get_argument(1))
237 || !TEST_ptr(certsdir
= test_get_argument(2)))
240 if (!TEST_true(OSSL_LIB_CTX_load_config(libctx
, configfile
)))
243 /* Check we have the expected provider available */
244 if (!TEST_true(OSSL_PROVIDER_available(libctx
, modulename
)))
247 /* Check the default provider is not available */
248 if (strcmp(modulename
, "default") != 0
249 && !TEST_false(OSSL_PROVIDER_available(libctx
, "default")))
252 if (strcmp(modulename
, "fips") == 0)
255 cert
= test_mk_file_path(certsdir
, "servercert.pem");
259 privkey
= test_mk_file_path(certsdir
, "serverkey.pem");
263 ADD_ALL_TESTS(test_quic_write_read
, 2);
264 ADD_TEST(test_ciphersuites
);
265 ADD_TEST(test_version
);
273 void cleanup_tests(void)
276 OPENSSL_free(privkey
);
277 OSSL_PROVIDER_unload(defctxnull
);
278 OSSL_LIB_CTX_free(libctx
);