/*
- * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
SSL *clientquic = NULL;
QUIC_TSERVER *qtserv = NULL;
int j, k, ret = 0;
- unsigned char buf[20];
+ unsigned char buf[20], scratch[64];
static char *msg = "A test message";
size_t msglen = strlen(msg);
size_t numbytes = 0;
goto end;
}
+ /* Test that exporters work. */
+ if (!TEST_true(SSL_export_keying_material(clientquic, scratch,
+ sizeof(scratch), "test", 4, (unsigned char *)"ctx", 3,
+ 1)))
+ goto end;
+
if (sess == NULL) {
/* We didn't supply a session so we're not expecting resumption */
if (!TEST_false(SSL_session_reused(clientquic)))
{ TLS13_AES_256_GCM_SHA384_BYTES, 1 },
{ TLS13_CHACHA20_POLY1305_SHA256_BYTES, 1 },
{ TLS13_AES_128_CCM_SHA256_BYTES, 0 },
- { TLS13_AES_128_CCM_8_SHA256_BYTES, 0 }
+ { TLS13_AES_128_CCM_8_SHA256_BYTES, 0 },
+#if !defined(OPENSSL_NO_INTEGRITY_ONLY_CIPHERS)
+ { TLS13_SHA256_SHA256_BYTES, 0 },
+ { TLS13_SHA384_SHA384_BYTES, 0 }
+#endif
};
size_t i;
int testresult = 0;
*/
static int test_ssl_trace(void)
{
- SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
+ SSL_CTX *cctx = NULL;
SSL *clientquic = NULL;
QUIC_TSERVER *qtserv = NULL;
int testresult = 0;
- BIO *bio = BIO_new(BIO_s_mem());
-
- /*
- * Ensure we only configure ciphersuites that are available with both the
- * default and fips providers to get the same output in both cases
- */
- if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_128_GCM_SHA256")))
- goto err;
+ BIO *bio = NULL;
- if (!TEST_ptr(cctx)
- || !TEST_ptr(bio)
+ if (!TEST_ptr(cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()))
+ || !TEST_ptr(bio = BIO_new(BIO_s_mem()))
+ || !TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_128_GCM_SHA256"))
|| !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
privkey,
QTEST_FLAG_FAKE_TIME,
if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
goto err;
- if (!TEST_true(compare_with_file(bio)))
- goto err;
+ /* Skip the comparison of the trace when the fips provider is used. */
+ if (is_fips) {
+ /* Check whether there was something written. */
+ if (!TEST_int_gt(BIO_pending(bio), 0))
+ goto err;
+ } else {
+ if (!TEST_true(compare_with_file(bio)))
+ goto err;
+ }
testresult = 1;
err:
#define NON_QUIC_CIPHERSUITES \
"TLS_AES_128_CCM_SHA256:" \
"TLS_AES_256_CCM_SHA384:" \
- "TLS_AES_128_CCM_8_SHA256"
+ "TLS_AES_128_CCM_8_SHA256:" \
+ "TLS_SHA256_SHA256:" \
+ "TLS_SHA384_SHA384"
/* Set TLSv1.3 ciphersuite list for the SSL_CTX. */
if (!TEST_true(SSL_CTX_set_ciphersuites(ctx,
if (i == 1)
break;
+ if (!TEST_true(SSL_set_mode(clientquic, 0)))
+ goto err;
+
/*
* Now create a new stream and repeat. The bottom two bits of the stream
* id represents whether the stream is bidi and whether it is client
if (!TEST_ptr(stream))
goto err;
+ if (!TEST_true(SSL_set_mode(stream, 0)))
+ goto err;
+
thisbio = strbio = BIO_new(BIO_f_ssl());
if (!TEST_ptr(strbio))
goto err;
return testresult;
}
+/*
+ * Create a connection and send some big data using a transport with limited bandwidth.
+ */
+
+#define TEST_TRANSFER_DATA_SIZE (2*1024*1024) /* 2 MBytes */
+#define TEST_SINGLE_WRITE_SIZE (16*1024) /* 16 kBytes */
+#define TEST_BW_LIMIT 1000 /* 1000 Bytes/ms */
+static int test_bw_limit(void)
+{
+ SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
+ SSL *clientquic = NULL;
+ QUIC_TSERVER *qtserv = NULL;
+ int testresult = 0;
+ unsigned char *msg = NULL, *recvbuf = NULL;
+ size_t sendlen = TEST_TRANSFER_DATA_SIZE;
+ size_t recvlen = TEST_TRANSFER_DATA_SIZE;
+ size_t written, readbytes;
+ int flags = QTEST_FLAG_NOISE | QTEST_FLAG_FAKE_TIME;
+ QTEST_FAULT *fault = NULL;
+ uint64_t real_bw;
+
+ if (!TEST_ptr(cctx)
+ || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert,
+ privkey, flags,
+ &qtserv,
+ &clientquic, &fault, NULL)))
+ goto err;
+
+ if (!TEST_ptr(msg = OPENSSL_zalloc(TEST_SINGLE_WRITE_SIZE))
+ || !TEST_ptr(recvbuf = OPENSSL_zalloc(TEST_SINGLE_WRITE_SIZE)))
+ goto err;
+
+ /* Set BW to 1000 Bytes/ms -> 1MByte/s both ways */
+ if (!TEST_true(qtest_fault_set_bw_limit(fault, 1000, 1000, 0)))
+ goto err;
+
+ if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
+ goto err;
+
+ qtest_start_stopwatch();
+
+ while (recvlen > 0) {
+ qtest_add_time(1);
+
+ if (sendlen > 0) {
+ if (!SSL_write_ex(clientquic, msg,
+ sendlen > TEST_SINGLE_WRITE_SIZE ? TEST_SINGLE_WRITE_SIZE
+ : sendlen,
+ &written)) {
+ TEST_info("Retrying to send: %llu", (unsigned long long) sendlen);
+ if (!TEST_int_eq(SSL_get_error(clientquic, 0), SSL_ERROR_WANT_WRITE))
+ goto err;
+ } else {
+ sendlen -= written;
+ TEST_info("Remaining to send: %llu", (unsigned long long) sendlen);
+ }
+ } else {
+ SSL_handle_events(clientquic);
+ }
+
+ if (ossl_quic_tserver_read(qtserv, 0, recvbuf,
+ recvlen > TEST_SINGLE_WRITE_SIZE ? TEST_SINGLE_WRITE_SIZE
+ : recvlen,
+ &readbytes)
+ && readbytes > 1) {
+ recvlen -= readbytes;
+ TEST_info("Remaining to recv: %llu", (unsigned long long) recvlen);
+ } else {
+ TEST_info("No progress on recv: %llu", (unsigned long long) recvlen);
+ }
+ ossl_quic_tserver_tick(qtserv);
+ }
+ real_bw = TEST_TRANSFER_DATA_SIZE / qtest_get_stopwatch_time();
+
+ TEST_info("BW limit: %d Bytes/ms Real bandwidth reached: %llu Bytes/ms",
+ TEST_BW_LIMIT, (unsigned long long)real_bw);
+
+ if (!TEST_uint64_t_lt(real_bw, TEST_BW_LIMIT))
+ goto err;
+
+ testresult = 1;
+ err:
+ OPENSSL_free(msg);
+ OPENSSL_free(recvbuf);
+ ossl_quic_tserver_free(qtserv);
+ SSL_free(clientquic);
+ SSL_CTX_free(cctx);
+ qtest_fault_free(fault);
+
+ return testresult;
+}
+
enum {
TPARAM_OP_DUP,
TPARAM_OP_DROP,
goto err;
if (!TEST_true((info.flags & SSL_CONN_CLOSE_FLAG_TRANSPORT) != 0)
- || !TEST_uint64_t_eq(info.error_code, QUIC_ERR_TRANSPORT_PARAMETER_ERROR)
+ || !TEST_uint64_t_eq(info.error_code, OSSL_QUIC_ERR_TRANSPORT_PARAMETER_ERROR)
|| !TEST_ptr(strstr(info.reason, ctx.t->expect_fail))) {
TEST_error("expected connection closure information mismatch"
" during TPARAM test: flags=%llu ec=%llu reason='%s'",
ADD_ALL_TESTS(test_client_auth, 3);
ADD_ALL_TESTS(test_alpn, 2);
ADD_ALL_TESTS(test_noisy_dgram, 2);
+ ADD_TEST(test_bw_limit);
ADD_TEST(test_get_shutdown);
ADD_ALL_TESTS(test_tparam, OSSL_NELEM(tparam_tests));