2 * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
13 #include <openssl/opensslconf.h>
14 #include <openssl/quic.h>
16 #include "helpers/ssltestlib.h"
17 #include "helpers/quictestlib.h"
19 #include "testutil/output.h"
20 #include "../ssl/ssl_local.h"
22 static OSSL_LIB_CTX
*libctx
= NULL
;
23 static OSSL_PROVIDER
*defctxnull
= NULL
;
24 static char *certsdir
= NULL
;
25 static char *cert
= NULL
;
26 static char *privkey
= NULL
;
27 static char *datadir
= NULL
;
29 static int is_fips
= 0;
31 /* The ssltrace test assumes some options are switched on/off */
32 #if !defined(OPENSSL_NO_SSL_TRACE) && !defined(OPENSSL_NO_EC) \
33 && defined(OPENSSL_NO_ZLIB) && defined(OPENSSL_NO_BROTLI) \
34 && defined(OPENSSL_NO_ZSTD)
35 # define DO_SSL_TRACE_TEST
39 * Test that we read what we've written.
40 * Test 0: Non-blocking
43 static int test_quic_write_read(int idx
)
45 SSL_CTX
*cctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method());
46 SSL
*clientquic
= NULL
;
47 QUIC_TSERVER
*qtserv
= NULL
;
49 unsigned char buf
[20];
50 static char *msg
= "A test message";
51 size_t msglen
= strlen(msg
);
53 int ssock
= 0, csock
= 0;
54 uint64_t sid
= UINT64_MAX
;
56 if (idx
== 1 && !qtest_supports_blocking())
57 return TEST_skip("Blocking tests not supported in this build");
60 || !TEST_true(qtest_create_quic_objects(libctx
, cctx
, cert
, privkey
,
61 idx
== 1 ? QTEST_FLAG_BLOCK
: 0,
62 &qtserv
, &clientquic
, NULL
))
63 || !TEST_true(SSL_set_tlsext_host_name(clientquic
, "localhost"))
64 || !TEST_true(qtest_create_quic_connection(qtserv
, clientquic
)))
68 if (!TEST_true(BIO_get_fd(ossl_quic_tserver_get0_rbio(qtserv
), &ssock
)))
70 if (!TEST_int_gt(csock
= SSL_get_rfd(clientquic
), 0))
74 sid
= 0; /* client-initiated bidirectional stream */
76 for (j
= 0; j
< 2; j
++) {
77 /* Check that sending and receiving app data is ok */
78 if (!TEST_true(SSL_write_ex(clientquic
, msg
, msglen
, &numbytes
))
79 || !TEST_size_t_eq(numbytes
, msglen
))
83 if (!TEST_true(wait_until_sock_readable(ssock
)))
86 ossl_quic_tserver_tick(qtserv
);
88 if (!TEST_true(ossl_quic_tserver_read(qtserv
, sid
, buf
, sizeof(buf
),
91 } while (numbytes
== 0);
93 if (!TEST_mem_eq(buf
, numbytes
, msg
, msglen
))
97 ossl_quic_tserver_tick(qtserv
);
98 if (!TEST_true(ossl_quic_tserver_write(qtserv
, sid
, (unsigned char *)msg
,
101 ossl_quic_tserver_tick(qtserv
);
102 SSL_handle_events(clientquic
);
104 * In blocking mode the SSL_read_ex call will block until the socket is
105 * readable and has our data. In non-blocking mode we're doing everything
106 * in memory, so it should be immediately available
108 if (!TEST_true(SSL_read_ex(clientquic
, buf
, 1, &numbytes
))
109 || !TEST_size_t_eq(numbytes
, 1)
110 || !TEST_true(SSL_has_pending(clientquic
))
111 || !TEST_int_eq(SSL_pending(clientquic
), msglen
- 1)
112 || !TEST_true(SSL_read_ex(clientquic
, buf
+ 1, sizeof(buf
) - 1, &numbytes
))
113 || !TEST_mem_eq(buf
, numbytes
+ 1, msg
, msglen
))
117 if (!TEST_true(qtest_shutdown(qtserv
, clientquic
)))
123 ossl_quic_tserver_free(qtserv
);
124 SSL_free(clientquic
);
130 /* Test that a vanilla QUIC SSL object has the expected ciphersuites available */
131 static int test_ciphersuites(void)
133 SSL_CTX
*ctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method());
136 const STACK_OF(SSL_CIPHER
) *ciphers
= NULL
;
137 const SSL_CIPHER
*cipher
;
138 /* We expect this exact list of ciphersuites by default */
140 TLS1_3_CK_AES_256_GCM_SHA384
,
141 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
142 TLS1_3_CK_CHACHA20_POLY1305_SHA256
,
144 TLS1_3_CK_AES_128_GCM_SHA256
155 ciphers
= SSL_get_ciphers(ssl
);
157 for (i
= 0, j
= 0; i
< OSSL_NELEM(cipherids
); i
++) {
158 if (cipherids
[i
] == TLS1_3_CK_CHACHA20_POLY1305_SHA256
&& is_fips
)
160 cipher
= sk_SSL_CIPHER_value(ciphers
, j
++);
161 if (!TEST_ptr(cipher
))
163 if (!TEST_uint_eq(SSL_CIPHER_get_id(cipher
), cipherids
[i
]))
167 /* We should have checked all the ciphers in the stack */
168 if (!TEST_int_eq(sk_SSL_CIPHER_num(ciphers
), j
))
180 * Test that SSL_version, SSL_get_version, SSL_is_quic, SSL_is_tls and
181 * SSL_is_dtls return the expected results for a QUIC connection. Compare with
182 * test_version() in sslapitest.c which does the same thing for TLS/DTLS
185 static int test_version(void)
187 SSL_CTX
*cctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method());
188 SSL
*clientquic
= NULL
;
189 QUIC_TSERVER
*qtserv
= NULL
;
193 || !TEST_true(qtest_create_quic_objects(libctx
, cctx
, cert
, privkey
,
194 0, &qtserv
, &clientquic
,
196 || !TEST_true(qtest_create_quic_connection(qtserv
, clientquic
)))
199 if (!TEST_int_eq(SSL_version(clientquic
), OSSL_QUIC1_VERSION
)
200 || !TEST_str_eq(SSL_get_version(clientquic
), "QUICv1"))
203 if (!TEST_true(SSL_is_quic(clientquic
))
204 || !TEST_false(SSL_is_tls(clientquic
))
205 || !TEST_false(SSL_is_dtls(clientquic
)))
211 ossl_quic_tserver_free(qtserv
);
212 SSL_free(clientquic
);
218 #if defined(DO_SSL_TRACE_TEST)
219 static void strip_line_ends(char *str
)
223 for (i
= strlen(str
);
224 i
> 0 && (str
[i
- 1] == '\n' || str
[i
- 1] == '\r');
230 static int compare_with_file(BIO
*membio
)
233 char buf1
[512], buf2
[512];
238 reffile
= test_mk_file_path(datadir
, "ssltraceref.txt");
239 if (!TEST_ptr(reffile
))
242 file
= BIO_new_file(reffile
, "rb");
246 while (BIO_gets(file
, buf1
, sizeof(buf1
)) > 0) {
247 if (BIO_gets(membio
, buf2
, sizeof(buf2
)) <= 0) {
248 TEST_error("Failed reading mem data");
251 strip_line_ends(buf1
);
252 strip_line_ends(buf2
);
253 if (strlen(buf1
) != strlen(buf2
)) {
254 TEST_error("Actual and ref line data length mismatch");
255 TEST_info("%s", buf1
);
256 TEST_info("%s", buf2
);
259 for (i
= 0; i
< strlen(buf1
); i
++) {
260 /* '?' is a wild card character in the reference text */
264 if (!TEST_str_eq(buf1
, buf2
))
267 if (!TEST_true(BIO_eof(file
))
268 || !TEST_true(BIO_eof(membio
)))
273 OPENSSL_free(reffile
);
279 * Tests that the SSL_trace() msg_callback works as expected with a QUIC
280 * connection. This also provides testing of the msg_callback at the same time.
282 static int test_ssl_trace(void)
284 SSL_CTX
*cctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method());
285 SSL
*clientquic
= NULL
;
286 QUIC_TSERVER
*qtserv
= NULL
;
288 BIO
*bio
= BIO_new(BIO_s_mem());
291 * Ensure we only configure ciphersuites that are available with both the
292 * default and fips providers to get the same output in both cases
294 if (!TEST_true(SSL_CTX_set_ciphersuites(cctx
, "TLS_AES_128_GCM_SHA256")))
299 || !TEST_true(qtest_create_quic_objects(libctx
, cctx
, cert
, privkey
,
300 0, &qtserv
, &clientquic
,
304 SSL_set_msg_callback(clientquic
, SSL_trace
);
305 SSL_set_msg_callback_arg(clientquic
, bio
);
307 if (!TEST_true(qtest_create_quic_connection(qtserv
, clientquic
)))
310 if (!TEST_true(compare_with_file(bio
)))
315 ossl_quic_tserver_free(qtserv
);
316 SSL_free(clientquic
);
324 static int ensure_valid_ciphers(const STACK_OF(SSL_CIPHER
) *ciphers
)
328 /* Ensure ciphersuite list is suitably subsetted. */
329 for (i
= 0; i
< (size_t)sk_SSL_CIPHER_num(ciphers
); ++i
) {
330 const SSL_CIPHER
*cipher
= sk_SSL_CIPHER_value(ciphers
, i
);
331 switch (SSL_CIPHER_get_id(cipher
)) {
332 case TLS1_3_CK_AES_128_GCM_SHA256
:
333 case TLS1_3_CK_AES_256_GCM_SHA384
:
334 case TLS1_3_CK_CHACHA20_POLY1305_SHA256
:
337 TEST_error("forbidden cipher: %s", SSL_CIPHER_get_name(cipher
));
346 * Test that handshake-layer APIs which shouldn't work don't work with QUIC.
348 static int test_quic_forbidden_apis_ctx(void)
353 if (!TEST_ptr(ctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method())))
356 /* This function returns 0 on success and 1 on error, and should fail. */
357 if (!TEST_true(SSL_CTX_set_tlsext_use_srtp(ctx
, "SRTP_AEAD_AES_128_GCM")))
361 * List of ciphersuites we do and don't allow in QUIC.
363 #define QUIC_CIPHERSUITES \
364 "TLS_AES_128_GCM_SHA256:" \
365 "TLS_AES_256_GCM_SHA384:" \
366 "TLS_CHACHA20_POLY1305_SHA256"
368 #define NON_QUIC_CIPHERSUITES \
369 "TLS_AES_128_CCM_SHA256:" \
370 "TLS_AES_256_CCM_SHA384:" \
371 "TLS_AES_128_CCM_8_SHA256"
373 /* Set TLSv1.3 ciphersuite list for the SSL_CTX. */
374 if (!TEST_true(SSL_CTX_set_ciphersuites(ctx
,
375 QUIC_CIPHERSUITES
":"
376 NON_QUIC_CIPHERSUITES
)))
380 * Forbidden ciphersuites should show up in SSL_CTX accessors, they are only
381 * filtered in SSL_get1_supported_ciphers, so we don't check for
382 * non-inclusion here.
391 static int test_quic_forbidden_apis(void)
396 STACK_OF(SSL_CIPHER
) *ciphers
= NULL
;
398 if (!TEST_ptr(ctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method())))
401 if (!TEST_ptr(ssl
= SSL_new(ctx
)))
404 /* This function returns 0 on success and 1 on error, and should fail. */
405 if (!TEST_true(SSL_set_tlsext_use_srtp(ssl
, "SRTP_AEAD_AES_128_GCM")))
408 /* Set TLSv1.3 ciphersuite list for the SSL_CTX. */
409 if (!TEST_true(SSL_set_ciphersuites(ssl
,
410 QUIC_CIPHERSUITES
":"
411 NON_QUIC_CIPHERSUITES
)))
414 /* Non-QUIC ciphersuites must not appear in supported ciphers list. */
415 if (!TEST_ptr(ciphers
= SSL_get1_supported_ciphers(ssl
))
416 || !TEST_true(ensure_valid_ciphers(ciphers
)))
421 sk_SSL_CIPHER_free(ciphers
);
427 static int test_quic_forbidden_options(void)
435 if (!TEST_ptr(ctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method())))
438 /* QUIC options restrictions do not affect SSL_CTX */
439 SSL_CTX_set_options(ctx
, UINT64_MAX
);
441 if (!TEST_uint64_t_eq(SSL_CTX_get_options(ctx
), UINT64_MAX
))
444 /* Set options on CTX which should not be inherited (tested below). */
445 SSL_CTX_set_read_ahead(ctx
, 1);
446 SSL_CTX_set_max_early_data(ctx
, 1);
447 SSL_CTX_set_recv_max_early_data(ctx
, 1);
448 SSL_CTX_set_quiet_shutdown(ctx
, 1);
450 if (!TEST_ptr(ssl
= SSL_new(ctx
)))
453 /* Only permitted options get transferred to SSL object */
454 if (!TEST_uint64_t_eq(SSL_get_options(ssl
), OSSL_QUIC_PERMITTED_OPTIONS
))
457 /* Try again using SSL_set_options */
458 SSL_set_options(ssl
, UINT64_MAX
);
460 if (!TEST_uint64_t_eq(SSL_get_options(ssl
), OSSL_QUIC_PERMITTED_OPTIONS
))
463 /* Clear everything */
464 SSL_clear_options(ssl
, UINT64_MAX
);
466 if (!TEST_uint64_t_eq(SSL_get_options(ssl
), 0))
470 if (!TEST_false(SSL_get_read_ahead(ssl
)))
473 SSL_set_read_ahead(ssl
, 1);
474 if (!TEST_false(SSL_get_read_ahead(ssl
)))
478 if (!TEST_true(SSL_set_block_padding(ssl
, 0))
479 || !TEST_true(SSL_set_block_padding(ssl
, 1))
480 || !TEST_false(SSL_set_block_padding(ssl
, 2)))
483 /* Max fragment length */
484 if (!TEST_true(SSL_set_tlsext_max_fragment_length(ssl
, TLSEXT_max_fragment_length_DISABLED
))
485 || !TEST_false(SSL_set_tlsext_max_fragment_length(ssl
, TLSEXT_max_fragment_length_512
)))
489 if (!TEST_false(SSL_set_recv_max_early_data(ssl
, 1))
490 || !TEST_false(SSL_set_max_early_data(ssl
, 1)))
494 if (!TEST_false(SSL_read_early_data(ssl
, buf
, sizeof(buf
), &len
))
495 || !TEST_false(SSL_write_early_data(ssl
, buf
, sizeof(buf
), &len
)))
498 /* Buffer Management */
499 if (!TEST_true(SSL_alloc_buffers(ssl
))
500 || !TEST_false(SSL_free_buffers(ssl
)))
504 if (!TEST_false(SSL_set_max_send_fragment(ssl
, 2))
505 || !TEST_false(SSL_set_split_send_fragment(ssl
, 2))
506 || !TEST_false(SSL_set_max_pipelines(ssl
, 2)))
510 if (!TEST_false(SSL_stateless(ssl
)))
514 if (!TEST_false(SSL_get_quiet_shutdown(ssl
)))
518 if (!TEST_ptr_null(SSL_dup(ssl
)))
522 if (!TEST_false(SSL_clear(ssl
)))
532 static int test_quic_set_fd(int idx
)
537 int fd
= -1, resfd
= -1;
540 if (!TEST_ptr(ctx
= SSL_CTX_new_ex(libctx
, NULL
, OSSL_QUIC_client_method())))
543 if (!TEST_ptr(ssl
= SSL_new(ctx
)))
546 if (!TEST_int_ge(fd
= BIO_socket(AF_INET
, SOCK_DGRAM
, IPPROTO_UDP
, 0), 0))
550 if (!TEST_true(SSL_set_fd(ssl
, fd
)))
552 if (!TEST_ptr(bio
= SSL_get_rbio(ssl
)))
554 if (!TEST_ptr_eq(bio
, SSL_get_wbio(ssl
)))
556 } else if (idx
== 1) {
557 if (!TEST_true(SSL_set_rfd(ssl
, fd
)))
559 if (!TEST_ptr(bio
= SSL_get_rbio(ssl
)))
561 if (!TEST_ptr_null(SSL_get_wbio(ssl
)))
564 if (!TEST_true(SSL_set_wfd(ssl
, fd
)))
566 if (!TEST_ptr(bio
= SSL_get_wbio(ssl
)))
568 if (!TEST_ptr_null(SSL_get_rbio(ssl
)))
572 if (!TEST_int_eq(BIO_method_type(bio
), BIO_TYPE_DGRAM
))
575 if (!TEST_true(BIO_get_fd(bio
, &resfd
))
576 || !TEST_int_eq(resfd
, fd
))
588 OPT_TEST_DECLARE_USAGE("provider config certsdir datadir\n")
590 int setup_tests(void)
595 libctx
= OSSL_LIB_CTX_new();
596 if (!TEST_ptr(libctx
))
599 defctxnull
= OSSL_PROVIDER_load(NULL
, "null");
602 * Verify that the default and fips providers in the default libctx are not
605 if (!TEST_false(OSSL_PROVIDER_available(NULL
, "default"))
606 || !TEST_false(OSSL_PROVIDER_available(NULL
, "fips")))
609 if (!test_skip_common_options()) {
610 TEST_error("Error parsing test options\n");
614 if (!TEST_ptr(modulename
= test_get_argument(0))
615 || !TEST_ptr(configfile
= test_get_argument(1))
616 || !TEST_ptr(certsdir
= test_get_argument(2))
617 || !TEST_ptr(datadir
= test_get_argument(3)))
620 if (!TEST_true(OSSL_LIB_CTX_load_config(libctx
, configfile
)))
623 /* Check we have the expected provider available */
624 if (!TEST_true(OSSL_PROVIDER_available(libctx
, modulename
)))
627 /* Check the default provider is not available */
628 if (strcmp(modulename
, "default") != 0
629 && !TEST_false(OSSL_PROVIDER_available(libctx
, "default")))
632 if (strcmp(modulename
, "fips") == 0)
635 cert
= test_mk_file_path(certsdir
, "servercert.pem");
639 privkey
= test_mk_file_path(certsdir
, "serverkey.pem");
643 ADD_ALL_TESTS(test_quic_write_read
, 2);
644 ADD_TEST(test_ciphersuites
);
645 ADD_TEST(test_version
);
646 #if defined(DO_SSL_TRACE_TEST)
647 ADD_TEST(test_ssl_trace
);
649 ADD_TEST(test_quic_forbidden_apis_ctx
);
650 ADD_TEST(test_quic_forbidden_apis
);
651 ADD_TEST(test_quic_forbidden_options
);
652 ADD_ALL_TESTS(test_quic_set_fd
, 3);
659 void cleanup_tests(void)
662 OPENSSL_free(privkey
);
663 OSSL_PROVIDER_unload(defctxnull
);
664 OSSL_LIB_CTX_free(libctx
);