]>
Commit | Line | Data |
---|---|---|
e44795bd TM |
1 | /* |
2 | * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * | |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | #include <stdio.h> | |
11 | #include <string.h> | |
12 | ||
13 | #include <openssl/opensslconf.h> | |
14 | #include <openssl/quic.h> | |
15 | ||
16 | #include "helpers/ssltestlib.h" | |
0c593328 | 17 | #include "helpers/quictestlib.h" |
e44795bd TM |
18 | #include "testutil.h" |
19 | #include "testutil/output.h" | |
f0d9757c | 20 | #include "../ssl/ssl_local.h" |
e44795bd TM |
21 | |
22 | static OSSL_LIB_CTX *libctx = NULL; | |
23 | static OSSL_PROVIDER *defctxnull = NULL; | |
0c593328 MC |
24 | static char *certsdir = NULL; |
25 | static char *cert = NULL; | |
26 | static char *privkey = NULL; | |
2e1da969 | 27 | static char *datadir = NULL; |
e44795bd TM |
28 | |
29 | static int is_fips = 0; | |
30 | ||
31 | /* | |
32 | * Test that we read what we've written. | |
0c593328 MC |
33 | * Test 0: Non-blocking |
34 | * Test 1: Blocking | |
e44795bd | 35 | */ |
0c593328 | 36 | static int test_quic_write_read(int idx) |
e44795bd | 37 | { |
0c593328 MC |
38 | SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); |
39 | SSL *clientquic = NULL; | |
40 | QUIC_TSERVER *qtserv = NULL; | |
e44795bd | 41 | int j, ret = 0; |
0c593328 | 42 | unsigned char buf[20]; |
e44795bd TM |
43 | static char *msg = "A test message"; |
44 | size_t msglen = strlen(msg); | |
45 | size_t numbytes = 0; | |
0c593328 | 46 | int ssock = 0, csock = 0; |
b757beb5 | 47 | uint64_t sid = UINT64_MAX; |
0c593328 MC |
48 | |
49 | if (idx == 1 && !qtest_supports_blocking()) | |
50 | return TEST_skip("Blocking tests not supported in this build"); | |
e44795bd | 51 | |
0c593328 MC |
52 | if (!TEST_ptr(cctx) |
53 | || !TEST_true(qtest_create_quic_objects(libctx, cctx, cert, privkey, | |
54 | idx, &qtserv, &clientquic, | |
55 | NULL)) | |
56 | || !TEST_true(SSL_set_tlsext_host_name(clientquic, "localhost")) | |
57 | || !TEST_true(qtest_create_quic_connection(qtserv, clientquic))) | |
e44795bd TM |
58 | goto end; |
59 | ||
0c593328 MC |
60 | if (idx == 1) { |
61 | if (!TEST_true(BIO_get_fd(ossl_quic_tserver_get0_rbio(qtserv), &ssock))) | |
62 | goto end; | |
63 | if (!TEST_int_gt(csock = SSL_get_rfd(clientquic), 0)) | |
64 | goto end; | |
65 | } | |
66 | ||
13ac037d | 67 | sid = 0; /* client-initiated bidirectional stream */ |
b757beb5 | 68 | |
e44795bd TM |
69 | for (j = 0; j < 2; j++) { |
70 | /* Check that sending and receiving app data is ok */ | |
13ac037d HL |
71 | if (!TEST_true(SSL_write_ex(clientquic, msg, msglen, &numbytes)) |
72 | || !TEST_size_t_eq(numbytes, msglen)) | |
0c593328 | 73 | goto end; |
54b86b7f HL |
74 | if (idx == 1) { |
75 | do { | |
76 | if (!TEST_true(wait_until_sock_readable(ssock))) | |
77 | goto end; | |
78 | ||
79 | ossl_quic_tserver_tick(qtserv); | |
80 | ||
b757beb5 | 81 | if (!TEST_true(ossl_quic_tserver_read(qtserv, sid, buf, sizeof(buf), |
54b86b7f HL |
82 | &numbytes))) |
83 | goto end; | |
84 | } while (numbytes == 0); | |
85 | ||
86 | if (!TEST_mem_eq(buf, numbytes, msg, msglen)) | |
87 | goto end; | |
88 | } | |
e44795bd | 89 | |
13ac037d | 90 | ossl_quic_tserver_tick(qtserv); |
b757beb5 | 91 | if (!TEST_true(ossl_quic_tserver_write(qtserv, sid, (unsigned char *)msg, |
0c593328 MC |
92 | msglen, &numbytes))) |
93 | goto end; | |
94 | ossl_quic_tserver_tick(qtserv); | |
6084e04b | 95 | SSL_handle_events(clientquic); |
0c593328 MC |
96 | /* |
97 | * In blocking mode the SSL_read_ex call will block until the socket is | |
98 | * readable and has our data. In non-blocking mode we're doing everything | |
99 | * in memory, so it should be immediately available | |
100 | */ | |
101 | if (!TEST_true(SSL_read_ex(clientquic, buf, 1, &numbytes)) | |
102 | || !TEST_size_t_eq(numbytes, 1) | |
103 | || !TEST_true(SSL_has_pending(clientquic)) | |
104 | || !TEST_int_eq(SSL_pending(clientquic), msglen - 1) | |
105 | || !TEST_true(SSL_read_ex(clientquic, buf + 1, sizeof(buf) - 1, &numbytes)) | |
106 | || !TEST_mem_eq(buf, numbytes + 1, msg, msglen)) | |
e44795bd TM |
107 | goto end; |
108 | } | |
109 | ||
0c593328 MC |
110 | if (!TEST_true(qtest_shutdown(qtserv, clientquic))) |
111 | goto end; | |
112 | ||
e44795bd TM |
113 | ret = 1; |
114 | ||
115 | end: | |
0c593328 | 116 | ossl_quic_tserver_free(qtserv); |
e44795bd | 117 | SSL_free(clientquic); |
e44795bd TM |
118 | SSL_CTX_free(cctx); |
119 | ||
120 | return ret; | |
121 | } | |
122 | ||
0c9646ec MC |
123 | /* Test that a vanilla QUIC SSL object has the expected ciphersuites available */ |
124 | static int test_ciphersuites(void) | |
125 | { | |
126 | SSL_CTX *ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); | |
127 | SSL *ssl; | |
128 | int testresult = 0; | |
129 | const STACK_OF(SSL_CIPHER) *ciphers = NULL; | |
130 | const SSL_CIPHER *cipher; | |
131 | /* We expect this exact list of ciphersuites by default */ | |
132 | int cipherids[] = { | |
133 | TLS1_3_CK_AES_256_GCM_SHA384, | |
134 | #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) | |
135 | TLS1_3_CK_CHACHA20_POLY1305_SHA256, | |
136 | #endif | |
137 | TLS1_3_CK_AES_128_GCM_SHA256 | |
138 | }; | |
139 | size_t i, j; | |
140 | ||
141 | if (!TEST_ptr(ctx)) | |
142 | return 0; | |
143 | ||
144 | ssl = SSL_new(ctx); | |
145 | if (!TEST_ptr(ssl)) | |
146 | goto err; | |
147 | ||
148 | ciphers = SSL_get_ciphers(ssl); | |
149 | ||
150 | for (i = 0, j = 0; i < OSSL_NELEM(cipherids); i++) { | |
151 | if (cipherids[i] == TLS1_3_CK_CHACHA20_POLY1305_SHA256 && is_fips) | |
152 | continue; | |
153 | cipher = sk_SSL_CIPHER_value(ciphers, j++); | |
154 | if (!TEST_ptr(cipher)) | |
155 | goto err; | |
156 | if (!TEST_uint_eq(SSL_CIPHER_get_id(cipher), cipherids[i])) | |
157 | goto err; | |
158 | } | |
159 | ||
160 | /* We should have checked all the ciphers in the stack */ | |
161 | if (!TEST_int_eq(sk_SSL_CIPHER_num(ciphers), j)) | |
162 | goto err; | |
163 | ||
164 | testresult = 1; | |
165 | err: | |
166 | SSL_free(ssl); | |
167 | SSL_CTX_free(ctx); | |
168 | ||
169 | return testresult; | |
170 | } | |
171 | ||
843f6e27 MC |
172 | /* |
173 | * Test that SSL_version, SSL_get_version, SSL_is_quic, SSL_is_tls and | |
174 | * SSL_is_dtls return the expected results for a QUIC connection. Compare with | |
175 | * test_version() in sslapitest.c which does the same thing for TLS/DTLS | |
176 | * connections. | |
177 | */ | |
178 | static int test_version(void) | |
179 | { | |
180 | SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); | |
181 | SSL *clientquic = NULL; | |
182 | QUIC_TSERVER *qtserv = NULL; | |
183 | int testresult = 0; | |
184 | ||
185 | if (!TEST_ptr(cctx) | |
186 | || !TEST_true(qtest_create_quic_objects(libctx, cctx, cert, privkey, | |
187 | 0, &qtserv, &clientquic, | |
188 | NULL)) | |
189 | || !TEST_true(qtest_create_quic_connection(qtserv, clientquic))) | |
190 | goto err; | |
191 | ||
192 | if (!TEST_int_eq(SSL_version(clientquic), OSSL_QUIC1_VERSION) | |
193 | || !TEST_str_eq(SSL_get_version(clientquic), "QUICv1")) | |
194 | goto err; | |
195 | ||
196 | if (!TEST_true(SSL_is_quic(clientquic)) | |
197 | || !TEST_false(SSL_is_tls(clientquic)) | |
198 | || !TEST_false(SSL_is_dtls(clientquic))) | |
199 | goto err; | |
200 | ||
201 | ||
202 | testresult = 1; | |
203 | err: | |
204 | ossl_quic_tserver_free(qtserv); | |
205 | SSL_free(clientquic); | |
206 | SSL_CTX_free(cctx); | |
207 | ||
208 | return testresult; | |
209 | } | |
210 | ||
2e1da969 MC |
211 | #if !defined(OPENSSL_NO_SSL_TRACE) && !defined(OPENSSL_NO_EC) && defined(OPENSSL_NO_ZLIB) |
212 | static void strip_line_ends(char *str) | |
213 | { | |
214 | size_t i; | |
215 | ||
216 | for (i = strlen(str); | |
217 | i > 0 && (str[i - 1] == '\n' || str[i - 1] == '\r'); | |
218 | i--); | |
219 | ||
220 | str[i] = '\0'; | |
221 | } | |
222 | ||
223 | static int compare_with_file(BIO *membio) | |
224 | { | |
225 | BIO *file = NULL; | |
226 | char buf1[512], buf2[512]; | |
227 | char *reffile; | |
228 | int ret = 0; | |
229 | size_t i; | |
230 | ||
231 | reffile = test_mk_file_path(datadir, "ssltraceref.txt"); | |
232 | if (!TEST_ptr(reffile)) | |
233 | goto err; | |
234 | ||
235 | file = BIO_new_file(reffile, "rb"); | |
236 | if (!TEST_ptr(file)) | |
237 | goto err; | |
238 | ||
239 | while (BIO_gets(file, buf1, sizeof(buf1)) > 0) { | |
240 | if (BIO_gets(membio, buf2, sizeof(buf2)) <= 0) { | |
241 | TEST_error("Failed reading mem data"); | |
242 | goto err; | |
243 | } | |
244 | strip_line_ends(buf1); | |
245 | strip_line_ends(buf2); | |
246 | if (strlen(buf1) != strlen(buf2)) { | |
247 | TEST_error("Actual and ref line data length mismatch"); | |
248 | TEST_info("%s", buf1); | |
249 | TEST_info("%s", buf2); | |
250 | goto err; | |
251 | } | |
252 | for (i = 0; i < strlen(buf1); i++) { | |
253 | /* '?' is a wild card character in the reference text */ | |
254 | if (buf1[i] == '?') | |
255 | buf2[i] = '?'; | |
256 | } | |
257 | if (!TEST_str_eq(buf1, buf2)) | |
258 | goto err; | |
259 | } | |
260 | if (!TEST_true(BIO_eof(file)) | |
261 | || !TEST_true(BIO_eof(membio))) | |
262 | goto err; | |
263 | ||
264 | ret = 1; | |
265 | err: | |
266 | OPENSSL_free(reffile); | |
267 | BIO_free(file); | |
268 | return ret; | |
269 | } | |
270 | ||
271 | /* | |
272 | * Tests that the SSL_trace() msg_callback works as expected with a QUIC | |
273 | * connection. This also provides testing of the msg_callback at the same time. | |
274 | */ | |
275 | static int test_ssl_trace(void) | |
276 | { | |
277 | SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); | |
278 | SSL *clientquic = NULL; | |
279 | QUIC_TSERVER *qtserv = NULL; | |
280 | int testresult = 0; | |
281 | BIO *bio = BIO_new(BIO_s_mem()); | |
282 | ||
283 | /* | |
284 | * Ensure we only configure ciphersuites that are available with both the | |
285 | * default and fips providers to get the same output in both cases | |
286 | */ | |
287 | if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_128_GCM_SHA256"))) | |
288 | goto err; | |
289 | ||
290 | if (!TEST_ptr(cctx) | |
291 | || !TEST_ptr(bio) | |
292 | || !TEST_true(qtest_create_quic_objects(libctx, cctx, cert, privkey, | |
293 | 0, &qtserv, &clientquic, | |
294 | NULL))) | |
295 | goto err; | |
296 | ||
297 | SSL_set_msg_callback(clientquic, SSL_trace); | |
298 | SSL_set_msg_callback_arg(clientquic, bio); | |
299 | ||
300 | if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic))) | |
301 | goto err; | |
302 | ||
303 | if (!TEST_true(compare_with_file(bio))) | |
304 | goto err; | |
305 | ||
306 | testresult = 1; | |
307 | err: | |
308 | ossl_quic_tserver_free(qtserv); | |
309 | SSL_free(clientquic); | |
310 | SSL_CTX_free(cctx); | |
311 | BIO_free(bio); | |
312 | ||
313 | return testresult; | |
314 | } | |
315 | #endif | |
316 | ||
09d56d20 HL |
317 | static int ensure_valid_ciphers(const STACK_OF(SSL_CIPHER) *ciphers) |
318 | { | |
319 | size_t i; | |
320 | ||
321 | /* Ensure ciphersuite list is suitably subsetted. */ | |
322 | for (i = 0; i < (size_t)sk_SSL_CIPHER_num(ciphers); ++i) { | |
323 | const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(ciphers, i); | |
324 | switch (SSL_CIPHER_get_id(cipher)) { | |
325 | case TLS1_3_CK_AES_128_GCM_SHA256: | |
326 | case TLS1_3_CK_AES_256_GCM_SHA384: | |
327 | case TLS1_3_CK_CHACHA20_POLY1305_SHA256: | |
328 | break; | |
329 | default: | |
330 | TEST_error("forbidden cipher: %s", SSL_CIPHER_get_name(cipher)); | |
331 | return 0; | |
332 | } | |
333 | } | |
334 | ||
335 | return 1; | |
336 | } | |
337 | ||
f082205b HL |
338 | /* |
339 | * Test that handshake-layer APIs which shouldn't work don't work with QUIC. | |
340 | */ | |
09d56d20 | 341 | static int test_quic_forbidden_apis_ctx(void) |
f082205b HL |
342 | { |
343 | int testresult = 0; | |
344 | SSL_CTX *ctx = NULL; | |
f082205b HL |
345 | |
346 | if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()))) | |
347 | goto err; | |
348 | ||
349 | /* This function returns 0 on success and 1 on error, and should fail. */ | |
350 | if (!TEST_true(SSL_CTX_set_tlsext_use_srtp(ctx, "SRTP_AEAD_AES_128_GCM"))) | |
351 | goto err; | |
352 | ||
09d56d20 HL |
353 | /* |
354 | * List of ciphersuites we do and don't allow in QUIC. | |
355 | */ | |
356 | #define QUIC_CIPHERSUITES \ | |
357 | "TLS_AES_128_GCM_SHA256:" \ | |
358 | "TLS_AES_256_GCM_SHA384:" \ | |
359 | "TLS_CHACHA20_POLY1305_SHA256" | |
360 | ||
361 | #define NON_QUIC_CIPHERSUITES \ | |
362 | "TLS_AES_128_CCM_SHA256:" \ | |
363 | "TLS_AES_256_CCM_SHA384:" \ | |
364 | "TLS_AES_128_CCM_8_SHA256" | |
365 | ||
366 | /* Set TLSv1.3 ciphersuite list for the SSL_CTX. */ | |
367 | if (!TEST_true(SSL_CTX_set_ciphersuites(ctx, | |
368 | QUIC_CIPHERSUITES ":" | |
369 | NON_QUIC_CIPHERSUITES))) | |
370 | goto err; | |
371 | ||
372 | /* | |
373 | * Forbidden ciphersuites should show up in SSL_CTX accessors, they are only | |
374 | * filtered in SSL_get1_supported_ciphers, so we don't check for | |
375 | * non-inclusion here. | |
376 | */ | |
377 | ||
378 | testresult = 1; | |
379 | err: | |
380 | SSL_CTX_free(ctx); | |
381 | return testresult; | |
382 | } | |
383 | ||
384 | static int test_quic_forbidden_apis(void) | |
385 | { | |
386 | int testresult = 0; | |
387 | SSL_CTX *ctx = NULL; | |
388 | SSL *ssl = NULL; | |
389 | STACK_OF(SSL_CIPHER) *ciphers = NULL; | |
390 | ||
391 | if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()))) | |
392 | goto err; | |
393 | ||
f082205b HL |
394 | if (!TEST_ptr(ssl = SSL_new(ctx))) |
395 | goto err; | |
396 | ||
397 | /* This function returns 0 on success and 1 on error, and should fail. */ | |
398 | if (!TEST_true(SSL_set_tlsext_use_srtp(ssl, "SRTP_AEAD_AES_128_GCM"))) | |
399 | goto err; | |
400 | ||
09d56d20 HL |
401 | /* Set TLSv1.3 ciphersuite list for the SSL_CTX. */ |
402 | if (!TEST_true(SSL_set_ciphersuites(ssl, | |
403 | QUIC_CIPHERSUITES ":" | |
404 | NON_QUIC_CIPHERSUITES))) | |
405 | goto err; | |
406 | ||
407 | /* Non-QUIC ciphersuites must not appear in supported ciphers list. */ | |
408 | if (!TEST_ptr(ciphers = SSL_get1_supported_ciphers(ssl)) | |
409 | || !TEST_true(ensure_valid_ciphers(ciphers))) | |
410 | goto err; | |
411 | ||
f082205b HL |
412 | testresult = 1; |
413 | err: | |
09d56d20 | 414 | sk_SSL_CIPHER_free(ciphers); |
f082205b HL |
415 | SSL_free(ssl); |
416 | SSL_CTX_free(ctx); | |
417 | return testresult; | |
418 | } | |
419 | ||
f0d9757c HL |
420 | static int test_quic_forbidden_options(void) |
421 | { | |
422 | int testresult = 0; | |
423 | SSL_CTX *ctx = NULL; | |
424 | SSL *ssl = NULL; | |
82a2beca HL |
425 | char buf[16]; |
426 | size_t len; | |
f0d9757c HL |
427 | |
428 | if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()))) | |
429 | goto err; | |
430 | ||
431 | /* QUIC options restrictions do not affect SSL_CTX */ | |
432 | SSL_CTX_set_options(ctx, UINT64_MAX); | |
433 | ||
434 | if (!TEST_uint64_t_eq(SSL_CTX_get_options(ctx), UINT64_MAX)) | |
435 | goto err; | |
436 | ||
82a2beca HL |
437 | /* Set options on CTX which should not be inherited (tested below). */ |
438 | SSL_CTX_set_read_ahead(ctx, 1); | |
439 | SSL_CTX_set_max_early_data(ctx, 1); | |
440 | SSL_CTX_set_recv_max_early_data(ctx, 1); | |
f66f0d3c | 441 | SSL_CTX_set_quiet_shutdown(ctx, 1); |
82a2beca | 442 | |
f0d9757c HL |
443 | if (!TEST_ptr(ssl = SSL_new(ctx))) |
444 | goto err; | |
445 | ||
446 | /* Only permitted options get transferred to SSL object */ | |
447 | if (!TEST_uint64_t_eq(SSL_get_options(ssl), OSSL_QUIC_PERMITTED_OPTIONS)) | |
448 | goto err; | |
449 | ||
450 | /* Try again using SSL_set_options */ | |
451 | SSL_set_options(ssl, UINT64_MAX); | |
452 | ||
453 | if (!TEST_uint64_t_eq(SSL_get_options(ssl), OSSL_QUIC_PERMITTED_OPTIONS)) | |
454 | goto err; | |
455 | ||
456 | /* Clear everything */ | |
457 | SSL_clear_options(ssl, UINT64_MAX); | |
458 | ||
459 | if (!TEST_uint64_t_eq(SSL_get_options(ssl), 0)) | |
460 | goto err; | |
461 | ||
d0638fd5 | 462 | /* Readahead */ |
82a2beca HL |
463 | if (!TEST_false(SSL_get_read_ahead(ssl))) |
464 | goto err; | |
465 | ||
d0638fd5 HL |
466 | SSL_set_read_ahead(ssl, 1); |
467 | if (!TEST_false(SSL_get_read_ahead(ssl))) | |
468 | goto err; | |
469 | ||
470 | /* Block padding */ | |
471 | if (!TEST_true(SSL_set_block_padding(ssl, 0)) | |
472 | || !TEST_true(SSL_set_block_padding(ssl, 1)) | |
473 | || !TEST_false(SSL_set_block_padding(ssl, 2))) | |
474 | goto err; | |
475 | ||
476 | /* Max fragment length */ | |
477 | if (!TEST_true(SSL_set_tlsext_max_fragment_length(ssl, TLSEXT_max_fragment_length_DISABLED)) | |
478 | || !TEST_false(SSL_set_tlsext_max_fragment_length(ssl, TLSEXT_max_fragment_length_512))) | |
479 | goto err; | |
480 | ||
82a2beca HL |
481 | /* Max early data */ |
482 | if (!TEST_false(SSL_get_recv_max_early_data(ssl)) | |
483 | || !TEST_false(SSL_get_max_early_data(ssl)) | |
484 | || !TEST_false(SSL_set_recv_max_early_data(ssl, 1)) | |
485 | || !TEST_false(SSL_set_max_early_data(ssl, 1))) | |
486 | goto err; | |
487 | ||
488 | /* Read/Write */ | |
489 | if (!TEST_false(SSL_read_early_data(ssl, buf, sizeof(buf), &len)) | |
490 | || !TEST_false(SSL_write_early_data(ssl, buf, sizeof(buf), &len))) | |
491 | goto err; | |
492 | ||
fe33e2c8 | 493 | /* Buffer Management */ |
a1c56bbe | 494 | if (!TEST_true(SSL_alloc_buffers(ssl)) |
fe33e2c8 HL |
495 | || !TEST_false(SSL_free_buffers(ssl))) |
496 | goto err; | |
497 | ||
38c0ff1f HL |
498 | /* Pipelining */ |
499 | if (!TEST_false(SSL_set_max_send_fragment(ssl, 2)) | |
500 | || !TEST_false(SSL_set_split_send_fragment(ssl, 2)) | |
501 | || !TEST_false(SSL_set_max_pipelines(ssl, 2))) | |
502 | goto err; | |
503 | ||
a1c56bbe HL |
504 | /* HRR */ |
505 | if (!TEST_false(SSL_stateless(ssl))) | |
506 | goto err; | |
507 | ||
f66f0d3c HL |
508 | /* Quiet Shutdown */ |
509 | if (!TEST_false(SSL_get_quiet_shutdown(ssl))) | |
510 | goto err; | |
511 | ||
764817c4 HL |
512 | /* No duplication */ |
513 | if (!TEST_ptr_null(SSL_dup(ssl))) | |
514 | goto err; | |
515 | ||
5f69db39 HL |
516 | /* No clear */ |
517 | if (!TEST_false(SSL_clear(ssl))) | |
518 | goto err; | |
519 | ||
f0d9757c HL |
520 | testresult = 1; |
521 | err: | |
522 | SSL_free(ssl); | |
523 | SSL_CTX_free(ctx); | |
524 | return testresult; | |
525 | } | |
526 | ||
5e6015af HL |
527 | static int test_quic_set_fd(int idx) |
528 | { | |
529 | int testresult = 0; | |
530 | SSL_CTX *ctx = NULL; | |
531 | SSL *ssl = NULL; | |
532 | int fd = -1, resfd = -1; | |
533 | BIO *bio = NULL; | |
534 | ||
535 | if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()))) | |
536 | goto err; | |
537 | ||
538 | if (!TEST_ptr(ssl = SSL_new(ctx))) | |
539 | goto err; | |
540 | ||
541 | if (!TEST_int_ge(fd = BIO_socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP, 0), 0)) | |
542 | goto err; | |
543 | ||
544 | if (idx == 0) { | |
545 | if (!TEST_true(SSL_set_fd(ssl, fd))) | |
546 | goto err; | |
547 | if (!TEST_ptr(bio = SSL_get_rbio(ssl))) | |
548 | goto err; | |
549 | if (!TEST_ptr_eq(bio, SSL_get_wbio(ssl))) | |
550 | goto err; | |
551 | } else if (idx == 1) { | |
552 | if (!TEST_true(SSL_set_rfd(ssl, fd))) | |
553 | goto err; | |
554 | if (!TEST_ptr(bio = SSL_get_rbio(ssl))) | |
555 | goto err; | |
556 | if (!TEST_ptr_null(SSL_get_wbio(ssl))) | |
557 | goto err; | |
558 | } else { | |
559 | if (!TEST_true(SSL_set_wfd(ssl, fd))) | |
560 | goto err; | |
561 | if (!TEST_ptr(bio = SSL_get_wbio(ssl))) | |
562 | goto err; | |
563 | if (!TEST_ptr_null(SSL_get_rbio(ssl))) | |
564 | goto err; | |
565 | } | |
566 | ||
567 | if (!TEST_int_eq(BIO_method_type(bio), BIO_TYPE_DGRAM)) | |
568 | goto err; | |
569 | ||
570 | if (!TEST_true(BIO_get_fd(bio, &resfd)) | |
571 | || !TEST_int_eq(resfd, fd)) | |
572 | goto err; | |
573 | ||
574 | testresult = 1; | |
575 | err: | |
576 | SSL_free(ssl); | |
577 | SSL_CTX_free(ctx); | |
578 | if (fd >= 0) | |
579 | BIO_closesocket(fd); | |
580 | return testresult; | |
581 | } | |
582 | ||
2e1da969 | 583 | OPT_TEST_DECLARE_USAGE("provider config certsdir datadir\n") |
e44795bd TM |
584 | |
585 | int setup_tests(void) | |
586 | { | |
587 | char *modulename; | |
588 | char *configfile; | |
589 | ||
590 | libctx = OSSL_LIB_CTX_new(); | |
591 | if (!TEST_ptr(libctx)) | |
592 | return 0; | |
593 | ||
594 | defctxnull = OSSL_PROVIDER_load(NULL, "null"); | |
595 | ||
596 | /* | |
597 | * Verify that the default and fips providers in the default libctx are not | |
598 | * available | |
599 | */ | |
600 | if (!TEST_false(OSSL_PROVIDER_available(NULL, "default")) | |
601 | || !TEST_false(OSSL_PROVIDER_available(NULL, "fips"))) | |
0c593328 | 602 | goto err; |
e44795bd TM |
603 | |
604 | if (!test_skip_common_options()) { | |
605 | TEST_error("Error parsing test options\n"); | |
0c593328 | 606 | goto err; |
e44795bd TM |
607 | } |
608 | ||
609 | if (!TEST_ptr(modulename = test_get_argument(0)) | |
0c593328 | 610 | || !TEST_ptr(configfile = test_get_argument(1)) |
2e1da969 MC |
611 | || !TEST_ptr(certsdir = test_get_argument(2)) |
612 | || !TEST_ptr(datadir = test_get_argument(3))) | |
0c593328 | 613 | goto err; |
e44795bd TM |
614 | |
615 | if (!TEST_true(OSSL_LIB_CTX_load_config(libctx, configfile))) | |
0c593328 | 616 | goto err; |
e44795bd TM |
617 | |
618 | /* Check we have the expected provider available */ | |
619 | if (!TEST_true(OSSL_PROVIDER_available(libctx, modulename))) | |
0c593328 | 620 | goto err; |
e44795bd TM |
621 | |
622 | /* Check the default provider is not available */ | |
623 | if (strcmp(modulename, "default") != 0 | |
624 | && !TEST_false(OSSL_PROVIDER_available(libctx, "default"))) | |
0c593328 | 625 | goto err; |
e44795bd TM |
626 | |
627 | if (strcmp(modulename, "fips") == 0) | |
628 | is_fips = 1; | |
629 | ||
0c593328 MC |
630 | cert = test_mk_file_path(certsdir, "servercert.pem"); |
631 | if (cert == NULL) | |
632 | goto err; | |
633 | ||
634 | privkey = test_mk_file_path(certsdir, "serverkey.pem"); | |
635 | if (privkey == NULL) | |
636 | goto err; | |
637 | ||
638 | ADD_ALL_TESTS(test_quic_write_read, 2); | |
0c9646ec | 639 | ADD_TEST(test_ciphersuites); |
843f6e27 | 640 | ADD_TEST(test_version); |
2e1da969 MC |
641 | #if !defined(OPENSSL_NO_SSL_TRACE) && !defined(OPENSSL_NO_EC) && defined(OPENSSL_NO_ZLIB) |
642 | ADD_TEST(test_ssl_trace); | |
643 | #endif | |
09d56d20 | 644 | ADD_TEST(test_quic_forbidden_apis_ctx); |
f082205b | 645 | ADD_TEST(test_quic_forbidden_apis); |
f0d9757c | 646 | ADD_TEST(test_quic_forbidden_options); |
5e6015af | 647 | ADD_ALL_TESTS(test_quic_set_fd, 3); |
e44795bd | 648 | return 1; |
0c593328 MC |
649 | err: |
650 | cleanup_tests(); | |
651 | return 0; | |
e44795bd TM |
652 | } |
653 | ||
654 | void cleanup_tests(void) | |
655 | { | |
0c593328 MC |
656 | OPENSSL_free(cert); |
657 | OPENSSL_free(privkey); | |
e44795bd TM |
658 | OSSL_PROVIDER_unload(defctxnull); |
659 | OSSL_LIB_CTX_free(libctx); | |
660 | } |