1 1.1 christos /* 2 1.1 christos * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. 3 1.1 christos * 4 1.1 christos * Licensed under the Apache License 2.0 (the "License"). You may not use 5 1.1 christos * this file except in compliance with the License. You can obtain a copy 6 1.1 christos * in the file LICENSE in the source distribution or at 7 1.1 christos * https://www.openssl.org/source/license.html 8 1.1 christos */ 9 1.1 christos 10 1.1 christos #include <stdio.h> 11 1.1 christos #include <string.h> 12 1.1 christos 13 1.1 christos #include <openssl/opensslconf.h> 14 1.1 christos #include <openssl/quic.h> 15 1.1 christos #include <openssl/rand.h> 16 1.1 christos 17 1.1 christos #include "helpers/ssltestlib.h" 18 1.1 christos #include "helpers/quictestlib.h" 19 1.1 christos #include "testutil.h" 20 1.1 christos #include "testutil/output.h" 21 1.1 christos #include "../ssl/ssl_local.h" 22 1.1 christos #include "internal/quic_error.h" 23 1.1 christos 24 1.1 christos static OSSL_LIB_CTX *libctx = NULL; 25 1.1 christos static OSSL_PROVIDER *defctxnull = NULL; 26 1.1 christos static char *certsdir = NULL; 27 1.1 christos static char *cert = NULL; 28 1.1 christos static char *ccert = NULL; 29 1.1 christos static char *cauthca = NULL; 30 1.1 christos static char *privkey = NULL; 31 1.1 christos static char *cprivkey = NULL; 32 1.1 christos static char *datadir = NULL; 33 1.1 christos 34 1.1 christos static int is_fips = 0; 35 1.1 christos 36 1.1 christos /* The ssltrace test assumes some options are switched on/off */ 37 1.1.1.2 christos #if !defined(OPENSSL_NO_SSL_TRACE) \ 38 1.1 christos && defined(OPENSSL_NO_BROTLI) && defined(OPENSSL_NO_ZSTD) \ 39 1.1.1.2 christos && !defined(OPENSSL_NO_ECX) && !defined(OPENSSL_NO_DH) \ 40 1.1 christos && !defined(OPENSSL_NO_ML_DSA) && !defined(OPENSSL_NO_ML_KEM) 41 1.1.1.2 christos #define DO_SSL_TRACE_TEST 42 1.1 christos #endif 43 1.1 christos 44 1.1 christos /* 45 1.1 christos * Test that we read what we've written. 46 1.1 christos * Test 0: Non-blocking 47 1.1 christos * Test 1: Blocking 48 1.1 christos * Test 2: Blocking, introduce socket error, test error handling. 49 1.1 christos */ 50 1.1 christos static int test_quic_write_read(int idx) 51 1.1 christos { 52 1.1 christos SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); 53 1.1 christos SSL_CTX *sctx = NULL; 54 1.1 christos SSL *clientquic = NULL; 55 1.1 christos QUIC_TSERVER *qtserv = NULL; 56 1.1 christos int j, k, ret = 0; 57 1.1 christos unsigned char buf[20], scratch[64]; 58 1.1 christos static char *msg = "A test message"; 59 1.1 christos size_t msglen = strlen(msg); 60 1.1 christos size_t numbytes = 0; 61 1.1 christos int ssock = 0, csock = 0; 62 1.1 christos uint64_t sid = UINT64_MAX; 63 1.1 christos SSL_SESSION *sess = NULL; 64 1.1 christos 65 1.1 christos if (idx >= 1 && !qtest_supports_blocking()) 66 1.1 christos return TEST_skip("Blocking tests not supported in this build"); 67 1.1 christos 68 1.1 christos for (k = 0; k < 2; k++) { 69 1.1 christos if (!TEST_ptr(cctx) 70 1.1.1.2 christos || !TEST_true(qtest_create_quic_objects(libctx, cctx, sctx, 71 1.1.1.2 christos cert, privkey, 72 1.1.1.2 christos idx >= 1 73 1.1.1.2 christos ? QTEST_FLAG_BLOCK 74 1.1.1.2 christos : 0, 75 1.1.1.2 christos &qtserv, &clientquic, 76 1.1.1.2 christos NULL, NULL)) 77 1.1.1.2 christos || !TEST_true(SSL_set_tlsext_host_name(clientquic, "localhost"))) 78 1.1 christos goto end; 79 1.1 christos 80 1.1 christos if (sess != NULL && !TEST_true(SSL_set_session(clientquic, sess))) 81 1.1 christos goto end; 82 1.1 christos 83 1.1 christos if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic))) 84 1.1 christos goto end; 85 1.1 christos 86 1.1 christos if (idx >= 1) { 87 1.1 christos if (!TEST_true(BIO_get_fd(ossl_quic_tserver_get0_rbio(qtserv), 88 1.1.1.2 christos &ssock))) 89 1.1 christos goto end; 90 1.1 christos if (!TEST_int_gt(csock = SSL_get_rfd(clientquic), 0)) 91 1.1 christos goto end; 92 1.1 christos } 93 1.1 christos 94 1.1 christos sid = 0; /* client-initiated bidirectional stream */ 95 1.1 christos 96 1.1 christos for (j = 0; j < 2; j++) { 97 1.1 christos /* Check that sending and receiving app data is ok */ 98 1.1 christos if (!TEST_true(SSL_write_ex(clientquic, msg, msglen, &numbytes)) 99 1.1 christos || !TEST_size_t_eq(numbytes, msglen)) 100 1.1 christos goto end; 101 1.1 christos if (idx >= 1) { 102 1.1 christos do { 103 1.1 christos if (!TEST_true(wait_until_sock_readable(ssock))) 104 1.1 christos goto end; 105 1.1 christos 106 1.1 christos ossl_quic_tserver_tick(qtserv); 107 1.1 christos 108 1.1 christos if (!TEST_true(ossl_quic_tserver_read(qtserv, sid, buf, 109 1.1.1.2 christos sizeof(buf), 110 1.1.1.2 christos &numbytes))) 111 1.1 christos goto end; 112 1.1 christos } while (numbytes == 0); 113 1.1 christos 114 1.1 christos if (!TEST_mem_eq(buf, numbytes, msg, msglen)) 115 1.1 christos goto end; 116 1.1 christos } 117 1.1 christos 118 1.1 christos if (idx >= 2 && j > 0) 119 1.1 christos /* Introduce permanent socket error */ 120 1.1 christos BIO_closesocket(csock); 121 1.1 christos 122 1.1 christos ossl_quic_tserver_tick(qtserv); 123 1.1 christos if (!TEST_true(ossl_quic_tserver_write(qtserv, sid, 124 1.1.1.2 christos (unsigned char *)msg, 125 1.1.1.2 christos msglen, &numbytes))) 126 1.1 christos goto end; 127 1.1 christos ossl_quic_tserver_tick(qtserv); 128 1.1 christos SSL_handle_events(clientquic); 129 1.1 christos 130 1.1 christos if (idx >= 2 && j > 0) { 131 1.1 christos if (!TEST_false(SSL_read_ex(clientquic, buf, 1, &numbytes)) 132 1.1.1.2 christos || !TEST_int_eq(SSL_get_error(clientquic, 0), 133 1.1.1.2 christos SSL_ERROR_SYSCALL) 134 1.1.1.2 christos || !TEST_false(SSL_write_ex(clientquic, msg, msglen, 135 1.1.1.2 christos &numbytes)) 136 1.1.1.2 christos || !TEST_int_eq(SSL_get_error(clientquic, 0), 137 1.1.1.2 christos SSL_ERROR_SYSCALL)) 138 1.1 christos goto end; 139 1.1 christos break; 140 1.1 christos } 141 1.1 christos 142 1.1 christos /* 143 1.1.1.2 christos * In blocking mode the SSL_read_ex call will block until the socket 144 1.1.1.2 christos * is readable and has our data. In non-blocking mode we're doing 145 1.1.1.2 christos * everything in memory, so it should be immediately available 146 1.1.1.2 christos */ 147 1.1 christos if (!TEST_true(SSL_read_ex(clientquic, buf, 1, &numbytes)) 148 1.1.1.2 christos || !TEST_size_t_eq(numbytes, 1) 149 1.1.1.2 christos || !TEST_true(SSL_has_pending(clientquic)) 150 1.1.1.2 christos || !TEST_int_eq(SSL_pending(clientquic), msglen - 1) 151 1.1.1.2 christos || !TEST_true(SSL_read_ex(clientquic, buf + 1, 152 1.1.1.2 christos sizeof(buf) - 1, &numbytes)) 153 1.1.1.2 christos || !TEST_mem_eq(buf, numbytes + 1, msg, msglen)) 154 1.1 christos goto end; 155 1.1 christos } 156 1.1 christos 157 1.1 christos /* Test that exporters work. */ 158 1.1 christos if (!TEST_true(SSL_export_keying_material(clientquic, scratch, 159 1.1.1.2 christos sizeof(scratch), "test", 4, (unsigned char *)"ctx", 3, 160 1.1.1.2 christos 1))) 161 1.1 christos goto end; 162 1.1 christos 163 1.1 christos if (sess == NULL) { 164 1.1 christos /* We didn't supply a session so we're not expecting resumption */ 165 1.1 christos if (!TEST_false(SSL_session_reused(clientquic))) 166 1.1 christos goto end; 167 1.1 christos /* We should have a session ticket by now */ 168 1.1 christos sess = SSL_get1_session(clientquic); 169 1.1 christos if (!TEST_ptr(sess)) 170 1.1 christos goto end; 171 1.1 christos } else { 172 1.1 christos /* We supplied a session so we should have resumed */ 173 1.1 christos if (!TEST_true(SSL_session_reused(clientquic))) 174 1.1 christos goto end; 175 1.1 christos } 176 1.1 christos 177 1.1 christos if (!TEST_true(qtest_shutdown(qtserv, clientquic))) 178 1.1 christos goto end; 179 1.1 christos 180 1.1 christos if (sctx == NULL) { 181 1.1 christos sctx = ossl_quic_tserver_get0_ssl_ctx(qtserv); 182 1.1 christos if (!TEST_true(SSL_CTX_up_ref(sctx))) { 183 1.1 christos sctx = NULL; 184 1.1 christos goto end; 185 1.1 christos } 186 1.1 christos } 187 1.1 christos ossl_quic_tserver_free(qtserv); 188 1.1 christos qtserv = NULL; 189 1.1 christos SSL_free(clientquic); 190 1.1 christos clientquic = NULL; 191 1.1 christos 192 1.1 christos if (idx >= 2) 193 1.1 christos break; 194 1.1 christos } 195 1.1 christos 196 1.1 christos ret = 1; 197 1.1 christos 198 1.1.1.2 christos end: 199 1.1 christos SSL_SESSION_free(sess); 200 1.1 christos ossl_quic_tserver_free(qtserv); 201 1.1 christos SSL_free(clientquic); 202 1.1 christos SSL_CTX_free(cctx); 203 1.1 christos SSL_CTX_free(sctx); 204 1.1 christos 205 1.1 christos return ret; 206 1.1 christos } 207 1.1 christos 208 1.1 christos /* 209 1.1 christos * Test that sending FIN with no data to a client blocking in SSL_read_ex() will 210 1.1 christos * wake up the client. 211 1.1 christos */ 212 1.1 christos static int test_fin_only_blocking(void) 213 1.1 christos { 214 1.1 christos SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); 215 1.1 christos SSL_CTX *sctx = NULL; 216 1.1 christos SSL *clientquic = NULL; 217 1.1 christos QUIC_TSERVER *qtserv = NULL; 218 1.1 christos const char *msg = "Hello World"; 219 1.1 christos uint64_t sid; 220 1.1 christos size_t numbytes; 221 1.1 christos unsigned char buf[32]; 222 1.1 christos int ret = 0; 223 1.1 christos OSSL_TIME timer, timediff; 224 1.1 christos 225 1.1 christos if (!qtest_supports_blocking()) 226 1.1 christos return TEST_skip("Blocking tests not supported in this build"); 227 1.1 christos 228 1.1 christos if (!TEST_ptr(cctx) 229 1.1.1.2 christos || !TEST_true(qtest_create_quic_objects(libctx, cctx, sctx, 230 1.1.1.2 christos cert, privkey, 231 1.1.1.2 christos QTEST_FLAG_BLOCK, 232 1.1.1.2 christos &qtserv, &clientquic, 233 1.1.1.2 christos NULL, NULL)) 234 1.1.1.2 christos || !TEST_true(SSL_set_tlsext_host_name(clientquic, "localhost"))) 235 1.1 christos goto end; 236 1.1 christos 237 1.1 christos if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic))) 238 1.1 christos goto end; 239 1.1 christos 240 1.1 christos if (!TEST_true(ossl_quic_tserver_stream_new(qtserv, 0, &sid)) 241 1.1.1.2 christos || !TEST_true(ossl_quic_tserver_write(qtserv, sid, 242 1.1.1.2 christos (unsigned char *)msg, 243 1.1.1.2 christos strlen(msg), &numbytes)) 244 1.1.1.2 christos || !TEST_size_t_eq(strlen(msg), numbytes)) 245 1.1 christos goto end; 246 1.1 christos 247 1.1 christos ossl_quic_tserver_tick(qtserv); 248 1.1 christos 249 1.1 christos if (!TEST_true(SSL_read_ex(clientquic, buf, sizeof(buf), &numbytes)) 250 1.1.1.2 christos || !TEST_mem_eq(msg, strlen(msg), buf, numbytes)) 251 1.1 christos 252 1.1 christos goto end; 253 1.1 christos 254 1.1 christos if (!TEST_true(ossl_quic_tserver_conclude(qtserv, sid))) 255 1.1 christos goto end; 256 1.1 christos 257 1.1 christos timer = ossl_time_now(); 258 1.1 christos if (!TEST_false(SSL_read_ex(clientquic, buf, sizeof(buf), &numbytes))) 259 1.1 christos goto end; 260 1.1 christos timediff = ossl_time_subtract(ossl_time_now(), timer); 261 1.1 christos 262 1.1 christos if (!TEST_int_eq(SSL_get_error(clientquic, 0), SSL_ERROR_ZERO_RETURN) 263 1.1.1.2 christos /* 264 1.1.1.2 christos * We expect the SSL_read_ex to not have blocked so this should 265 1.1.1.2 christos * be very fast. 40ms should be plenty. 266 1.1.1.2 christos */ 267 1.1.1.2 christos || !TEST_uint64_t_le(ossl_time2ms(timediff), 40)) 268 1.1 christos goto end; 269 1.1 christos 270 1.1 christos if (!TEST_true(qtest_shutdown(qtserv, clientquic))) 271 1.1 christos goto end; 272 1.1 christos 273 1.1 christos ret = 1; 274 1.1 christos 275 1.1.1.2 christos end: 276 1.1 christos ossl_quic_tserver_free(qtserv); 277 1.1 christos SSL_free(clientquic); 278 1.1 christos SSL_CTX_free(cctx); 279 1.1 christos SSL_CTX_free(sctx); 280 1.1 christos 281 1.1 christos return ret; 282 1.1 christos } 283 1.1 christos 284 1.1 christos /* Test that a vanilla QUIC SSL object has the expected ciphersuites available */ 285 1.1 christos static int test_ciphersuites(void) 286 1.1 christos { 287 1.1 christos SSL_CTX *ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); 288 1.1 christos SSL *ssl = NULL; 289 1.1 christos int testresult = 0; 290 1.1 christos const STACK_OF(SSL_CIPHER) *ciphers = NULL; 291 1.1 christos const SSL_CIPHER *cipher; 292 1.1 christos /* We expect this exact list of ciphersuites by default */ 293 1.1 christos int cipherids[] = { 294 1.1 christos TLS1_3_CK_AES_256_GCM_SHA384, 295 1.1 christos #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) 296 1.1 christos TLS1_3_CK_CHACHA20_POLY1305_SHA256, 297 1.1 christos #endif 298 1.1 christos TLS1_3_CK_AES_128_GCM_SHA256 299 1.1 christos }; 300 1.1 christos size_t i, j; 301 1.1 christos 302 1.1 christos if (!TEST_ptr(ctx)) 303 1.1 christos return 0; 304 1.1 christos 305 1.1 christos /* 306 1.1 christos * Attempting to set TLSv1.2 ciphersuites should succeed, even though they 307 1.1 christos * aren't used in QUIC. 308 1.1 christos */ 309 1.1 christos if (!TEST_true(SSL_CTX_set_cipher_list(ctx, "DEFAULT"))) 310 1.1 christos goto err; 311 1.1 christos 312 1.1 christos ssl = SSL_new(ctx); 313 1.1 christos if (!TEST_ptr(ssl)) 314 1.1 christos goto err; 315 1.1 christos 316 1.1 christos if (!TEST_true(SSL_set_cipher_list(ssl, "DEFAULT"))) 317 1.1 christos goto err; 318 1.1 christos 319 1.1 christos ciphers = SSL_get_ciphers(ssl); 320 1.1 christos 321 1.1 christos for (i = 0, j = 0; i < OSSL_NELEM(cipherids); i++) { 322 1.1 christos if (cipherids[i] == TLS1_3_CK_CHACHA20_POLY1305_SHA256 && is_fips) 323 1.1 christos continue; 324 1.1 christos cipher = sk_SSL_CIPHER_value(ciphers, j++); 325 1.1 christos if (!TEST_ptr(cipher)) 326 1.1 christos goto err; 327 1.1 christos if (!TEST_uint_eq(SSL_CIPHER_get_id(cipher), cipherids[i])) 328 1.1 christos goto err; 329 1.1 christos } 330 1.1 christos 331 1.1 christos /* We should have checked all the ciphers in the stack */ 332 1.1 christos if (!TEST_int_eq(sk_SSL_CIPHER_num(ciphers), j)) 333 1.1 christos goto err; 334 1.1 christos 335 1.1 christos testresult = 1; 336 1.1.1.2 christos err: 337 1.1 christos SSL_free(ssl); 338 1.1 christos SSL_CTX_free(ctx); 339 1.1 christos 340 1.1 christos return testresult; 341 1.1 christos } 342 1.1 christos 343 1.1 christos static int test_cipher_find(void) 344 1.1 christos { 345 1.1 christos SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); 346 1.1 christos SSL *clientquic = NULL; 347 1.1 christos struct { 348 1.1 christos const unsigned char *cipherbytes; 349 1.1 christos int ok; 350 1.1.1.2 christos } testciphers[] = { 351 1.1 christos { TLS13_AES_128_GCM_SHA256_BYTES, 1 }, 352 1.1 christos { TLS13_AES_256_GCM_SHA384_BYTES, 1 }, 353 1.1 christos { TLS13_CHACHA20_POLY1305_SHA256_BYTES, 1 }, 354 1.1 christos { TLS13_AES_128_CCM_SHA256_BYTES, 0 }, 355 1.1 christos { TLS13_AES_128_CCM_8_SHA256_BYTES, 0 }, 356 1.1 christos #if !defined(OPENSSL_NO_INTEGRITY_ONLY_CIPHERS) 357 1.1 christos { TLS13_SHA256_SHA256_BYTES, 0 }, 358 1.1 christos { TLS13_SHA384_SHA384_BYTES, 0 } 359 1.1 christos #endif 360 1.1 christos }; 361 1.1 christos size_t i; 362 1.1 christos int testresult = 0; 363 1.1 christos 364 1.1 christos if (!TEST_ptr(cctx)) 365 1.1 christos goto err; 366 1.1 christos 367 1.1 christos clientquic = SSL_new(cctx); 368 1.1 christos if (!TEST_ptr(clientquic)) 369 1.1 christos goto err; 370 1.1 christos 371 1.1 christos for (i = 0; i < OSSL_NELEM(testciphers); i++) 372 1.1 christos if (testciphers[i].ok) { 373 1.1 christos if (!TEST_ptr(SSL_CIPHER_find(clientquic, 374 1.1.1.2 christos testciphers[i].cipherbytes))) 375 1.1 christos goto err; 376 1.1 christos } else { 377 1.1 christos if (!TEST_ptr_null(SSL_CIPHER_find(clientquic, 378 1.1.1.2 christos testciphers[i].cipherbytes))) 379 1.1 christos goto err; 380 1.1 christos } 381 1.1 christos 382 1.1 christos testresult = 1; 383 1.1.1.2 christos err: 384 1.1 christos SSL_free(clientquic); 385 1.1 christos SSL_CTX_free(cctx); 386 1.1 christos 387 1.1 christos return testresult; 388 1.1 christos } 389 1.1 christos 390 1.1 christos /* 391 1.1 christos * Test that SSL_version, SSL_get_version, SSL_is_quic, SSL_is_tls and 392 1.1 christos * SSL_is_dtls return the expected results for a QUIC connection. Compare with 393 1.1 christos * test_version() in sslapitest.c which does the same thing for TLS/DTLS 394 1.1 christos * connections. 395 1.1 christos */ 396 1.1 christos static int test_version(void) 397 1.1 christos { 398 1.1 christos SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); 399 1.1 christos SSL *clientquic = NULL; 400 1.1 christos QUIC_TSERVER *qtserv = NULL; 401 1.1 christos int testresult = 0; 402 1.1 christos 403 1.1 christos if (!TEST_ptr(cctx) 404 1.1.1.2 christos || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert, 405 1.1.1.2 christos privkey, 0, &qtserv, 406 1.1.1.2 christos &clientquic, NULL, NULL)) 407 1.1.1.2 christos || !TEST_true(qtest_create_quic_connection(qtserv, clientquic))) 408 1.1 christos goto err; 409 1.1 christos 410 1.1 christos if (!TEST_int_eq(SSL_version(clientquic), OSSL_QUIC1_VERSION) 411 1.1.1.2 christos || !TEST_str_eq(SSL_get_version(clientquic), "QUICv1")) 412 1.1 christos goto err; 413 1.1 christos 414 1.1 christos if (!TEST_true(SSL_is_quic(clientquic)) 415 1.1.1.2 christos || !TEST_false(SSL_is_tls(clientquic)) 416 1.1.1.2 christos || !TEST_false(SSL_is_dtls(clientquic))) 417 1.1 christos goto err; 418 1.1 christos 419 1.1 christos testresult = 1; 420 1.1.1.2 christos err: 421 1.1 christos ossl_quic_tserver_free(qtserv); 422 1.1 christos SSL_free(clientquic); 423 1.1 christos SSL_CTX_free(cctx); 424 1.1 christos 425 1.1 christos return testresult; 426 1.1 christos } 427 1.1 christos 428 1.1 christos #if defined(DO_SSL_TRACE_TEST) 429 1.1 christos /* 430 1.1 christos * Tests that the SSL_trace() msg_callback works as expected with a QUIC 431 1.1 christos * connection. This also provides testing of the msg_callback at the same time. 432 1.1 christos */ 433 1.1 christos static int test_ssl_trace(void) 434 1.1 christos { 435 1.1 christos SSL_CTX *cctx = NULL; 436 1.1 christos SSL *clientquic = NULL; 437 1.1 christos QUIC_TSERVER *qtserv = NULL; 438 1.1 christos int testresult = 0; 439 1.1 christos BIO *bio = NULL; 440 1.1.1.2 christos char *reffile = NULL; 441 1.1 christos 442 1.1 christos if (!TEST_ptr(cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())) 443 1.1.1.2 christos || !TEST_ptr(bio = BIO_new(BIO_s_mem())) 444 1.1.1.2 christos || !TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_128_GCM_SHA256")) 445 1.1.1.2 christos || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert, 446 1.1.1.2 christos privkey, 447 1.1.1.2 christos QTEST_FLAG_FAKE_TIME, 448 1.1.1.2 christos &qtserv, 449 1.1.1.2 christos &clientquic, NULL, NULL))) 450 1.1 christos goto err; 451 1.1 christos 452 1.1 christos SSL_set_msg_callback(clientquic, SSL_trace); 453 1.1 christos SSL_set_msg_callback_arg(clientquic, bio); 454 1.1 christos 455 1.1 christos if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic))) 456 1.1 christos goto err; 457 1.1 christos 458 1.1 christos /* Skip the comparison of the trace when the fips provider is used. */ 459 1.1 christos if (is_fips) { 460 1.1 christos /* Check whether there was something written. */ 461 1.1 christos if (!TEST_int_gt(BIO_pending(bio), 0)) 462 1.1 christos goto err; 463 1.1 christos } else { 464 1.1.1.2 christos 465 1.1.1.2 christos #ifdef OPENSSL_NO_ZLIB 466 1.1.1.2 christos reffile = test_mk_file_path(datadir, "ssltraceref.txt"); 467 1.1.1.2 christos #else 468 1.1.1.2 christos reffile = test_mk_file_path(datadir, "ssltraceref-zlib.txt"); 469 1.1.1.2 christos #endif 470 1.1.1.2 christos if (!TEST_true(compare_with_reference_file(bio, reffile))) 471 1.1 christos goto err; 472 1.1 christos } 473 1.1 christos 474 1.1 christos testresult = 1; 475 1.1.1.2 christos err: 476 1.1 christos ossl_quic_tserver_free(qtserv); 477 1.1 christos SSL_free(clientquic); 478 1.1 christos SSL_CTX_free(cctx); 479 1.1 christos BIO_free(bio); 480 1.1.1.2 christos OPENSSL_free(reffile); 481 1.1 christos 482 1.1 christos return testresult; 483 1.1 christos } 484 1.1 christos #endif 485 1.1 christos 486 1.1 christos #ifndef OPENSSL_NO_SSL_TRACE 487 1.1 christos enum { 488 1.1 christos INITIAL = 0, 489 1.1 christos GATHER_TOKEN = 1, 490 1.1 christos CHECK_TOKEN = 2, 491 1.1 christos SUCCESS = 3, 492 1.1 christos FAILED = 4 493 1.1 christos }; 494 1.1 christos 495 1.1 christos static int find_new_token_data(BIO *membio) 496 1.1 christos { 497 1.1 christos char buf[1024]; 498 1.1 christos int state = INITIAL; 499 1.1 christos char *tmpstring; 500 1.1 christos char *tokenval = NULL; 501 1.1 christos /* 502 1.1 christos * This is a state machine, in which we traverse the ssl trace 503 1.1 christos * looking for a sequence of items 504 1.1 christos * The states are: 505 1.1 christos * +---Current State---|----------Action-------------|---Next State---+ 506 1.1 christos * | INITIAL | "Received Frame: New token" | GATHER_TOKEN | 507 1.1 christos * | | !"Received Frame: New token"| INITIAL | 508 1.1 christos * |-------------------|-----------------------------|----------------| 509 1.1 christos * | GATHER_TOKEN | "Token: <TOKENVAL>" | CHECK_TOKEN | 510 1.1 christos * | | !"Token: <TOKENVAL>" | FAILED | 511 1.1 christos * |-------------------|-----------------------------|----------------| 512 1.1 christos * | CHECK_TOKEN | "Token: <TOKENVAL>" | SUCCESS | 513 1.1 christos * | | EOF | FAILED | 514 1.1 christos * +-------------------|-----------------------------|----------------| 515 1.1 christos */ 516 1.1 christos 517 1.1 christos while (state != SUCCESS 518 1.1.1.2 christos && state != FAILED 519 1.1.1.2 christos && BIO_gets(membio, buf, sizeof(buf)) > 0) { 520 1.1 christos switch (state) { 521 1.1 christos case INITIAL: 522 1.1 christos if (strstr(buf, "Received Frame: New token")) 523 1.1 christos state = GATHER_TOKEN; 524 1.1 christos break; 525 1.1 christos case GATHER_TOKEN: 526 1.1 christos TEST_info("Found New Token Marker\n"); 527 1.1 christos tmpstring = strstr(buf, "Token: "); 528 1.1 christos if (tmpstring == NULL) { 529 1.1 christos TEST_info("Next line did not contain a new token\n"); 530 1.1 christos state = FAILED; 531 1.1 christos } else { 532 1.1 christos if (!TEST_ptr(tokenval = OPENSSL_strdup(tmpstring))) 533 1.1 christos return 0; 534 1.1 christos state = CHECK_TOKEN; 535 1.1 christos TEST_info("Recorded Token %s\n", tokenval); 536 1.1 christos } 537 1.1 christos break; 538 1.1 christos case CHECK_TOKEN: 539 1.1 christos tmpstring = strstr(buf, "Token: "); 540 1.1 christos if (tmpstring != NULL 541 1.1 christos && !strcmp(tmpstring, tokenval)) { 542 1.1 christos state = SUCCESS; 543 1.1 christos TEST_info("Matched next connection token %s\n", tmpstring); 544 1.1 christos } 545 1.1 christos default: 546 1.1 christos break; 547 1.1 christos } 548 1.1 christos } 549 1.1 christos 550 1.1 christos OPENSSL_free(tokenval); 551 1.1 christos return (state == SUCCESS); 552 1.1 christos } 553 1.1 christos 554 1.1 christos static int test_new_token(void) 555 1.1 christos { 556 1.1 christos SSL_CTX *cctx = NULL; 557 1.1 christos SSL *clientquic = NULL; 558 1.1 christos SSL *clientquic2 = NULL; 559 1.1 christos QUIC_TSERVER *qtserv = NULL; 560 1.1 christos QUIC_TSERVER *qtserv2 = NULL; 561 1.1 christos int testresult = 0; 562 1.1 christos BIO *bio = NULL; 563 1.1 christos char msg[] = "The Quic Brown Fox"; 564 1.1 christos size_t written; 565 1.1 christos 566 1.1 christos if (!TEST_ptr(cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())) 567 1.1 christos || !TEST_ptr(bio = BIO_new(BIO_s_mem())) 568 1.1 christos || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert, 569 1.1.1.2 christos privkey, 570 1.1.1.2 christos QTEST_FLAG_FAKE_TIME, 571 1.1.1.2 christos &qtserv, 572 1.1.1.2 christos &clientquic, NULL, NULL))) 573 1.1 christos 574 1.1 christos goto err; 575 1.1 christos 576 1.1 christos SSL_set_msg_callback(clientquic, SSL_trace); 577 1.1 christos SSL_set_msg_callback_arg(clientquic, bio); 578 1.1 christos 579 1.1 christos if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic))) 580 1.1 christos goto err; 581 1.1 christos 582 1.1 christos /* Send data from the client */ 583 1.1 christos if (!SSL_write_ex(clientquic, msg, sizeof(msg), &written)) 584 1.1 christos goto err; 585 1.1 christos 586 1.1 christos if (written != sizeof(msg)) 587 1.1 christos goto err; 588 1.1 christos 589 1.1 christos /* Receive data at the server */ 590 1.1 christos ossl_quic_tserver_tick(qtserv); 591 1.1 christos 592 1.1 christos if (!TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert, 593 1.1.1.2 christos privkey, 594 1.1.1.2 christos QTEST_FLAG_FAKE_TIME, 595 1.1.1.2 christos &qtserv2, 596 1.1.1.2 christos &clientquic2, NULL, NULL))) 597 1.1 christos goto err; 598 1.1 christos 599 1.1 christos SSL_set_msg_callback(clientquic2, SSL_trace); 600 1.1 christos SSL_set_msg_callback_arg(clientquic2, bio); 601 1.1 christos 602 1.1 christos /* once we have our new token, create the subsequent connection */ 603 1.1 christos if (!TEST_true(qtest_create_quic_connection(qtserv2, clientquic2))) 604 1.1 christos goto err; 605 1.1 christos 606 1.1 christos /* Skip the comparison of the trace when the fips provider is used. */ 607 1.1 christos if (!TEST_true(find_new_token_data(bio))) 608 1.1 christos goto err; 609 1.1 christos 610 1.1 christos testresult = 1; 611 1.1.1.2 christos err: 612 1.1 christos ossl_quic_tserver_free(qtserv); 613 1.1 christos ossl_quic_tserver_free(qtserv2); 614 1.1 christos SSL_free(clientquic); 615 1.1 christos SSL_free(clientquic2); 616 1.1 christos SSL_CTX_free(cctx); 617 1.1 christos BIO_free(bio); 618 1.1 christos 619 1.1 christos return testresult; 620 1.1 christos } 621 1.1 christos #endif 622 1.1 christos 623 1.1 christos static int ensure_valid_ciphers(const STACK_OF(SSL_CIPHER) *ciphers) 624 1.1 christos { 625 1.1 christos size_t i; 626 1.1 christos 627 1.1 christos /* Ensure ciphersuite list is suitably subsetted. */ 628 1.1 christos for (i = 0; i < (size_t)sk_SSL_CIPHER_num(ciphers); ++i) { 629 1.1 christos const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(ciphers, i); 630 1.1 christos switch (SSL_CIPHER_get_id(cipher)) { 631 1.1.1.2 christos case TLS1_3_CK_AES_128_GCM_SHA256: 632 1.1.1.2 christos case TLS1_3_CK_AES_256_GCM_SHA384: 633 1.1.1.2 christos case TLS1_3_CK_CHACHA20_POLY1305_SHA256: 634 1.1.1.2 christos break; 635 1.1.1.2 christos default: 636 1.1.1.2 christos TEST_error("forbidden cipher: %s", SSL_CIPHER_get_name(cipher)); 637 1.1.1.2 christos return 0; 638 1.1 christos } 639 1.1 christos } 640 1.1 christos 641 1.1 christos return 1; 642 1.1 christos } 643 1.1 christos 644 1.1 christos /* 645 1.1 christos * Test that handshake-layer APIs which shouldn't work don't work with QUIC. 646 1.1 christos */ 647 1.1 christos static int test_quic_forbidden_apis_ctx(void) 648 1.1 christos { 649 1.1 christos int testresult = 0; 650 1.1 christos SSL_CTX *ctx = NULL; 651 1.1 christos 652 1.1 christos if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()))) 653 1.1 christos goto err; 654 1.1 christos 655 1.1 christos #ifndef OPENSSL_NO_SRTP 656 1.1 christos /* This function returns 0 on success and 1 on error, and should fail. */ 657 1.1 christos if (!TEST_true(SSL_CTX_set_tlsext_use_srtp(ctx, "SRTP_AEAD_AES_128_GCM"))) 658 1.1 christos goto err; 659 1.1 christos #endif 660 1.1 christos 661 1.1 christos /* 662 1.1 christos * List of ciphersuites we do and don't allow in QUIC. 663 1.1 christos */ 664 1.1.1.2 christos #define QUIC_CIPHERSUITES \ 665 1.1.1.2 christos "TLS_AES_128_GCM_SHA256:" \ 666 1.1.1.2 christos "TLS_AES_256_GCM_SHA384:" \ 667 1.1 christos "TLS_CHACHA20_POLY1305_SHA256" 668 1.1 christos 669 1.1.1.2 christos #define NON_QUIC_CIPHERSUITES \ 670 1.1.1.2 christos "TLS_AES_128_CCM_SHA256:" \ 671 1.1.1.2 christos "TLS_AES_256_CCM_SHA384:" \ 672 1.1.1.2 christos "TLS_AES_128_CCM_8_SHA256:" \ 673 1.1.1.2 christos "TLS_SHA256_SHA256:" \ 674 1.1 christos "TLS_SHA384_SHA384" 675 1.1 christos 676 1.1 christos /* Set TLSv1.3 ciphersuite list for the SSL_CTX. */ 677 1.1 christos if (!TEST_true(SSL_CTX_set_ciphersuites(ctx, 678 1.1.1.2 christos QUIC_CIPHERSUITES ":" NON_QUIC_CIPHERSUITES))) 679 1.1 christos goto err; 680 1.1 christos 681 1.1 christos /* 682 1.1 christos * Forbidden ciphersuites should show up in SSL_CTX accessors, they are only 683 1.1 christos * filtered in SSL_get1_supported_ciphers, so we don't check for 684 1.1 christos * non-inclusion here. 685 1.1 christos */ 686 1.1 christos 687 1.1 christos testresult = 1; 688 1.1 christos err: 689 1.1 christos SSL_CTX_free(ctx); 690 1.1 christos return testresult; 691 1.1 christos } 692 1.1 christos 693 1.1 christos static int test_quic_forbidden_apis(void) 694 1.1 christos { 695 1.1 christos int testresult = 0; 696 1.1 christos SSL_CTX *ctx = NULL; 697 1.1 christos SSL *ssl = NULL; 698 1.1 christos STACK_OF(SSL_CIPHER) *ciphers = NULL; 699 1.1 christos 700 1.1 christos if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()))) 701 1.1 christos goto err; 702 1.1 christos 703 1.1 christos if (!TEST_ptr(ssl = SSL_new(ctx))) 704 1.1 christos goto err; 705 1.1 christos 706 1.1 christos #ifndef OPENSSL_NO_SRTP 707 1.1 christos /* This function returns 0 on success and 1 on error, and should fail. */ 708 1.1 christos if (!TEST_true(SSL_set_tlsext_use_srtp(ssl, "SRTP_AEAD_AES_128_GCM"))) 709 1.1 christos goto err; 710 1.1 christos #endif 711 1.1 christos 712 1.1 christos /* Set TLSv1.3 ciphersuite list for the SSL_CTX. */ 713 1.1 christos if (!TEST_true(SSL_set_ciphersuites(ssl, 714 1.1.1.2 christos QUIC_CIPHERSUITES ":" NON_QUIC_CIPHERSUITES))) 715 1.1 christos goto err; 716 1.1 christos 717 1.1 christos /* Non-QUIC ciphersuites must not appear in supported ciphers list. */ 718 1.1 christos if (!TEST_ptr(ciphers = SSL_get1_supported_ciphers(ssl)) 719 1.1 christos || !TEST_true(ensure_valid_ciphers(ciphers))) 720 1.1 christos goto err; 721 1.1 christos 722 1.1 christos testresult = 1; 723 1.1 christos err: 724 1.1 christos sk_SSL_CIPHER_free(ciphers); 725 1.1 christos SSL_free(ssl); 726 1.1 christos SSL_CTX_free(ctx); 727 1.1 christos return testresult; 728 1.1 christos } 729 1.1 christos 730 1.1 christos static int test_quic_forbidden_options(void) 731 1.1 christos { 732 1.1 christos int testresult = 0; 733 1.1 christos SSL_CTX *ctx = NULL; 734 1.1 christos SSL *ssl = NULL; 735 1.1 christos char buf[16]; 736 1.1 christos size_t len; 737 1.1 christos 738 1.1 christos if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()))) 739 1.1 christos goto err; 740 1.1 christos 741 1.1 christos /* QUIC options restrictions do not affect SSL_CTX */ 742 1.1 christos SSL_CTX_set_options(ctx, UINT64_MAX); 743 1.1 christos 744 1.1 christos if (!TEST_uint64_t_eq(SSL_CTX_get_options(ctx), UINT64_MAX)) 745 1.1 christos goto err; 746 1.1 christos 747 1.1 christos /* Set options on CTX which should not be inherited (tested below). */ 748 1.1 christos SSL_CTX_set_read_ahead(ctx, 1); 749 1.1 christos SSL_CTX_set_max_early_data(ctx, 1); 750 1.1 christos SSL_CTX_set_recv_max_early_data(ctx, 1); 751 1.1 christos SSL_CTX_set_quiet_shutdown(ctx, 1); 752 1.1 christos 753 1.1 christos if (!TEST_ptr(ssl = SSL_new(ctx))) 754 1.1 christos goto err; 755 1.1 christos 756 1.1 christos /* Only permitted options get transferred to SSL object */ 757 1.1 christos if (!TEST_uint64_t_eq(SSL_get_options(ssl), OSSL_QUIC_PERMITTED_OPTIONS)) 758 1.1 christos goto err; 759 1.1 christos 760 1.1 christos /* Try again using SSL_set_options */ 761 1.1 christos SSL_set_options(ssl, UINT64_MAX); 762 1.1 christos 763 1.1 christos if (!TEST_uint64_t_eq(SSL_get_options(ssl), OSSL_QUIC_PERMITTED_OPTIONS)) 764 1.1 christos goto err; 765 1.1 christos 766 1.1 christos /* Clear everything */ 767 1.1 christos SSL_clear_options(ssl, UINT64_MAX); 768 1.1 christos 769 1.1 christos if (!TEST_uint64_t_eq(SSL_get_options(ssl), 0)) 770 1.1 christos goto err; 771 1.1 christos 772 1.1 christos /* Readahead */ 773 1.1 christos if (!TEST_false(SSL_get_read_ahead(ssl))) 774 1.1 christos goto err; 775 1.1 christos 776 1.1 christos SSL_set_read_ahead(ssl, 1); 777 1.1 christos if (!TEST_false(SSL_get_read_ahead(ssl))) 778 1.1 christos goto err; 779 1.1 christos 780 1.1 christos /* Block padding */ 781 1.1 christos if (!TEST_true(SSL_set_block_padding(ssl, 0)) 782 1.1 christos || !TEST_true(SSL_set_block_padding(ssl, 1)) 783 1.1 christos || !TEST_false(SSL_set_block_padding(ssl, 2))) 784 1.1 christos goto err; 785 1.1 christos 786 1.1 christos /* Max fragment length */ 787 1.1 christos if (!TEST_true(SSL_set_tlsext_max_fragment_length(ssl, TLSEXT_max_fragment_length_DISABLED)) 788 1.1 christos || !TEST_false(SSL_set_tlsext_max_fragment_length(ssl, TLSEXT_max_fragment_length_512))) 789 1.1 christos goto err; 790 1.1 christos 791 1.1 christos /* Max early data */ 792 1.1 christos if (!TEST_false(SSL_set_recv_max_early_data(ssl, 1)) 793 1.1 christos || !TEST_false(SSL_set_max_early_data(ssl, 1))) 794 1.1 christos goto err; 795 1.1 christos 796 1.1 christos /* Read/Write */ 797 1.1 christos if (!TEST_false(SSL_read_early_data(ssl, buf, sizeof(buf), &len)) 798 1.1 christos || !TEST_false(SSL_write_early_data(ssl, buf, sizeof(buf), &len))) 799 1.1 christos goto err; 800 1.1 christos 801 1.1 christos /* Buffer Management */ 802 1.1 christos if (!TEST_true(SSL_alloc_buffers(ssl)) 803 1.1 christos || !TEST_false(SSL_free_buffers(ssl))) 804 1.1 christos goto err; 805 1.1 christos 806 1.1 christos /* Pipelining */ 807 1.1 christos if (!TEST_false(SSL_set_max_send_fragment(ssl, 2)) 808 1.1 christos || !TEST_false(SSL_set_split_send_fragment(ssl, 2)) 809 1.1 christos || !TEST_false(SSL_set_max_pipelines(ssl, 2))) 810 1.1 christos goto err; 811 1.1 christos 812 1.1 christos /* HRR */ 813 1.1.1.2 christos if (!TEST_false(SSL_stateless(ssl))) 814 1.1 christos goto err; 815 1.1 christos 816 1.1 christos /* Quiet Shutdown */ 817 1.1 christos if (!TEST_false(SSL_get_quiet_shutdown(ssl))) 818 1.1 christos goto err; 819 1.1 christos 820 1.1 christos /* No duplication */ 821 1.1 christos if (!TEST_ptr_null(SSL_dup(ssl))) 822 1.1 christos goto err; 823 1.1 christos 824 1.1 christos /* No clear */ 825 1.1 christos if (!TEST_false(SSL_clear(ssl))) 826 1.1 christos goto err; 827 1.1 christos 828 1.1 christos testresult = 1; 829 1.1 christos err: 830 1.1 christos SSL_free(ssl); 831 1.1 christos SSL_CTX_free(ctx); 832 1.1 christos return testresult; 833 1.1 christos } 834 1.1 christos 835 1.1 christos static int test_quic_set_fd(int idx) 836 1.1 christos { 837 1.1 christos int testresult = 0; 838 1.1 christos SSL_CTX *ctx = NULL; 839 1.1 christos SSL *ssl = NULL; 840 1.1 christos int fd = -1, resfd = -1; 841 1.1 christos BIO *bio = NULL; 842 1.1 christos 843 1.1 christos if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()))) 844 1.1 christos goto err; 845 1.1 christos 846 1.1 christos if (!TEST_ptr(ssl = SSL_new(ctx))) 847 1.1 christos goto err; 848 1.1 christos 849 1.1 christos if (!TEST_int_ge(fd = BIO_socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP, 0), 0)) 850 1.1 christos goto err; 851 1.1 christos 852 1.1 christos if (idx == 0) { 853 1.1 christos if (!TEST_true(SSL_set_fd(ssl, fd))) 854 1.1 christos goto err; 855 1.1 christos if (!TEST_ptr(bio = SSL_get_rbio(ssl))) 856 1.1 christos goto err; 857 1.1 christos if (!TEST_ptr_eq(bio, SSL_get_wbio(ssl))) 858 1.1 christos goto err; 859 1.1 christos } else if (idx == 1) { 860 1.1 christos if (!TEST_true(SSL_set_rfd(ssl, fd))) 861 1.1 christos goto err; 862 1.1 christos if (!TEST_ptr(bio = SSL_get_rbio(ssl))) 863 1.1 christos goto err; 864 1.1 christos if (!TEST_ptr_null(SSL_get_wbio(ssl))) 865 1.1 christos goto err; 866 1.1 christos } else { 867 1.1 christos if (!TEST_true(SSL_set_wfd(ssl, fd))) 868 1.1 christos goto err; 869 1.1 christos if (!TEST_ptr(bio = SSL_get_wbio(ssl))) 870 1.1 christos goto err; 871 1.1 christos if (!TEST_ptr_null(SSL_get_rbio(ssl))) 872 1.1 christos goto err; 873 1.1 christos } 874 1.1 christos 875 1.1 christos if (!TEST_int_eq(BIO_method_type(bio), BIO_TYPE_DGRAM)) 876 1.1 christos goto err; 877 1.1 christos 878 1.1 christos if (!TEST_true(BIO_get_fd(bio, &resfd)) 879 1.1 christos || !TEST_int_eq(resfd, fd)) 880 1.1 christos goto err; 881 1.1 christos 882 1.1 christos testresult = 1; 883 1.1 christos err: 884 1.1 christos SSL_free(ssl); 885 1.1 christos SSL_CTX_free(ctx); 886 1.1 christos if (fd >= 0) 887 1.1 christos BIO_closesocket(fd); 888 1.1 christos return testresult; 889 1.1 christos } 890 1.1 christos 891 1.1.1.2 christos #define MAXLOOPS 1000 892 1.1 christos 893 1.1 christos static int test_bio_ssl(void) 894 1.1 christos { 895 1.1 christos /* 896 1.1 christos * We just use OSSL_QUIC_client_method() rather than 897 1.1 christos * OSSL_QUIC_client_thread_method(). We will never leave the connection idle 898 1.1 christos * so we will always be implicitly handling time events anyway via other 899 1.1 christos * IO calls. 900 1.1 christos */ 901 1.1 christos SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); 902 1.1 christos SSL *clientquic = NULL, *stream = NULL; 903 1.1 christos QUIC_TSERVER *qtserv = NULL; 904 1.1 christos int testresult = 0; 905 1.1 christos BIO *cbio = NULL, *strbio = NULL, *thisbio; 906 1.1 christos const char *msg = "Hello world"; 907 1.1 christos int abortctr = 0, err, clienterr = 0, servererr = 0, retc = 0, rets = 0; 908 1.1 christos size_t written, readbytes, msglen; 909 1.1 christos int sid = 0, i; 910 1.1 christos unsigned char buf[80]; 911 1.1 christos 912 1.1 christos if (!TEST_ptr(cctx)) 913 1.1 christos goto err; 914 1.1 christos 915 1.1 christos cbio = BIO_new_ssl(cctx, 1); 916 1.1 christos if (!TEST_ptr(cbio)) 917 1.1 christos goto err; 918 1.1 christos 919 1.1 christos /* 920 1.1 christos * We must configure the ALPN/peer address etc so we get the SSL object in 921 1.1 christos * order to pass it to qtest_create_quic_objects for configuration. 922 1.1 christos */ 923 1.1 christos if (!TEST_int_eq(BIO_get_ssl(cbio, &clientquic), 1)) 924 1.1 christos goto err; 925 1.1 christos 926 1.1 christos if (!TEST_true(qtest_create_quic_objects(libctx, NULL, NULL, cert, privkey, 927 1.1.1.2 christos QTEST_FLAG_FAKE_TIME, &qtserv, 928 1.1.1.2 christos &clientquic, NULL, NULL))) 929 1.1 christos goto err; 930 1.1 christos 931 1.1 christos msglen = strlen(msg); 932 1.1 christos 933 1.1 christos do { 934 1.1 christos err = BIO_FLAGS_WRITE; 935 1.1 christos while (!clienterr && !retc && err == BIO_FLAGS_WRITE) { 936 1.1 christos retc = BIO_write_ex(cbio, msg, msglen, &written); 937 1.1 christos if (!retc) { 938 1.1 christos if (BIO_should_retry(cbio)) 939 1.1 christos err = BIO_retry_type(cbio); 940 1.1 christos else 941 1.1 christos err = 0; 942 1.1 christos } 943 1.1 christos } 944 1.1 christos 945 1.1 christos if (!clienterr && retc <= 0 && err != BIO_FLAGS_READ) { 946 1.1 christos TEST_info("BIO_write_ex() failed %d, %d", retc, err); 947 1.1 christos TEST_openssl_errors(); 948 1.1 christos clienterr = 1; 949 1.1 christos } 950 1.1 christos 951 1.1 christos if (!servererr && rets <= 0) { 952 1.1 christos ossl_quic_tserver_tick(qtserv); 953 1.1 christos qtest_add_time(100); 954 1.1 christos servererr = ossl_quic_tserver_is_term_any(qtserv); 955 1.1 christos if (!servererr) 956 1.1 christos rets = ossl_quic_tserver_is_handshake_confirmed(qtserv); 957 1.1 christos } 958 1.1 christos 959 1.1 christos if (clienterr && servererr) 960 1.1 christos goto err; 961 1.1 christos 962 1.1 christos if (++abortctr == MAXLOOPS) { 963 1.1 christos TEST_info("No progress made"); 964 1.1 christos goto err; 965 1.1 christos } 966 1.1 christos } while ((!retc && !clienterr) || (rets <= 0 && !servererr)); 967 1.1 christos 968 1.1 christos /* 969 1.1 christos * 2 loops: The first using the default stream, and the second using a new 970 1.1 christos * client initiated bidi stream. 971 1.1 christos */ 972 1.1 christos for (i = 0, thisbio = cbio; i < 2; i++) { 973 1.1 christos if (!TEST_true(ossl_quic_tserver_read(qtserv, sid, buf, sizeof(buf), 974 1.1.1.2 christos &readbytes)) 975 1.1.1.2 christos || !TEST_mem_eq(msg, msglen, buf, readbytes)) 976 1.1 christos goto err; 977 1.1 christos 978 1.1 christos if (!TEST_true(ossl_quic_tserver_write(qtserv, sid, (unsigned char *)msg, 979 1.1.1.2 christos msglen, &written))) 980 1.1 christos goto err; 981 1.1 christos ossl_quic_tserver_tick(qtserv); 982 1.1 christos 983 1.1 christos if (!TEST_true(BIO_read_ex(thisbio, buf, sizeof(buf), &readbytes)) 984 1.1.1.2 christos || !TEST_mem_eq(msg, msglen, buf, readbytes)) 985 1.1 christos goto err; 986 1.1 christos 987 1.1 christos if (i == 1) 988 1.1 christos break; 989 1.1 christos 990 1.1 christos if (!TEST_true(SSL_set_mode(clientquic, 0))) 991 1.1 christos goto err; 992 1.1 christos 993 1.1 christos /* 994 1.1 christos * Now create a new stream and repeat. The bottom two bits of the stream 995 1.1 christos * id represents whether the stream is bidi and whether it is client 996 1.1 christos * initiated or not. For client initiated bidi they are both 0. So the 997 1.1 christos * first client initiated bidi stream is 0 and the next one is 4. 998 1.1 christos */ 999 1.1 christos sid = 4; 1000 1.1 christos stream = SSL_new_stream(clientquic, 0); 1001 1.1 christos if (!TEST_ptr(stream)) 1002 1.1 christos goto err; 1003 1.1 christos 1004 1.1 christos if (!TEST_true(SSL_set_mode(stream, 0))) 1005 1.1 christos goto err; 1006 1.1 christos 1007 1.1 christos thisbio = strbio = BIO_new(BIO_f_ssl()); 1008 1.1 christos if (!TEST_ptr(strbio)) 1009 1.1 christos goto err; 1010 1.1 christos 1011 1.1 christos if (!TEST_int_eq(BIO_set_ssl(thisbio, stream, BIO_CLOSE), 1)) 1012 1.1 christos goto err; 1013 1.1 christos stream = NULL; 1014 1.1 christos 1015 1.1 christos if (!TEST_true(BIO_write_ex(thisbio, msg, msglen, &written))) 1016 1.1 christos goto err; 1017 1.1 christos 1018 1.1 christos ossl_quic_tserver_tick(qtserv); 1019 1.1 christos } 1020 1.1 christos 1021 1.1 christos testresult = 1; 1022 1.1.1.2 christos err: 1023 1.1 christos BIO_free_all(cbio); 1024 1.1 christos BIO_free_all(strbio); 1025 1.1 christos SSL_free(stream); 1026 1.1 christos ossl_quic_tserver_free(qtserv); 1027 1.1 christos SSL_CTX_free(cctx); 1028 1.1 christos 1029 1.1 christos return testresult; 1030 1.1 christos } 1031 1.1 christos 1032 1.1 christos #define BACK_PRESSURE_NUM_LOOPS 10000 1033 1.1 christos /* 1034 1.1 christos * Test that sending data from the client to the server faster than the server 1035 1.1 christos * can process it eventually results in back pressure on the client. 1036 1.1 christos */ 1037 1.1 christos static int test_back_pressure(void) 1038 1.1 christos { 1039 1.1 christos SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); 1040 1.1 christos SSL *clientquic = NULL; 1041 1.1 christos QUIC_TSERVER *qtserv = NULL; 1042 1.1 christos int testresult = 0; 1043 1.1 christos unsigned char *msg = NULL; 1044 1.1 christos const size_t msglen = 1024; 1045 1.1 christos unsigned char buf[64]; 1046 1.1 christos size_t readbytes, written; 1047 1.1 christos int i; 1048 1.1 christos 1049 1.1 christos if (!TEST_ptr(cctx) 1050 1.1.1.2 christos || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert, 1051 1.1.1.2 christos privkey, 0, &qtserv, 1052 1.1.1.2 christos &clientquic, NULL, NULL)) 1053 1.1.1.2 christos || !TEST_true(qtest_create_quic_connection(qtserv, clientquic))) 1054 1.1 christos goto err; 1055 1.1 christos 1056 1.1 christos msg = OPENSSL_malloc(msglen); 1057 1.1 christos if (!TEST_ptr(msg)) 1058 1.1 christos goto err; 1059 1.1 christos if (!TEST_int_eq(RAND_bytes_ex(libctx, msg, msglen, 0), 1)) 1060 1.1 christos goto err; 1061 1.1 christos 1062 1.1 christos /* 1063 1.1 christos * Limit to 10000 loops. If we've not seen any back pressure after that 1064 1.1 christos * we're going to run out of memory, so abort. 1065 1.1 christos */ 1066 1.1 christos for (i = 0; i < BACK_PRESSURE_NUM_LOOPS; i++) { 1067 1.1 christos /* Send data from the client */ 1068 1.1 christos if (!SSL_write_ex(clientquic, msg, msglen, &written)) { 1069 1.1 christos /* Check if we are seeing back pressure */ 1070 1.1 christos if (SSL_get_error(clientquic, 0) == SSL_ERROR_WANT_WRITE) 1071 1.1 christos break; 1072 1.1 christos TEST_error("Unexpected client failure"); 1073 1.1 christos goto err; 1074 1.1 christos } 1075 1.1 christos 1076 1.1 christos /* Receive data at the server */ 1077 1.1 christos ossl_quic_tserver_tick(qtserv); 1078 1.1 christos if (!TEST_true(ossl_quic_tserver_read(qtserv, 0, buf, sizeof(buf), 1079 1.1.1.2 christos &readbytes))) 1080 1.1 christos goto err; 1081 1.1 christos } 1082 1.1 christos 1083 1.1 christos if (i == BACK_PRESSURE_NUM_LOOPS) { 1084 1.1 christos TEST_error("No back pressure seen"); 1085 1.1 christos goto err; 1086 1.1 christos } 1087 1.1 christos 1088 1.1 christos testresult = 1; 1089 1.1.1.2 christos err: 1090 1.1 christos SSL_free(clientquic); 1091 1.1 christos ossl_quic_tserver_free(qtserv); 1092 1.1 christos SSL_CTX_free(cctx); 1093 1.1 christos OPENSSL_free(msg); 1094 1.1 christos 1095 1.1 christos return testresult; 1096 1.1 christos } 1097 1.1 christos 1098 1.1 christos static int dgram_ctr = 0; 1099 1.1 christos 1100 1.1 christos static void dgram_cb(int write_p, int version, int content_type, 1101 1.1.1.2 christos const void *buf, size_t msglen, SSL *ssl, void *arg) 1102 1.1 christos { 1103 1.1 christos if (!write_p) 1104 1.1 christos return; 1105 1.1 christos 1106 1.1 christos if (content_type != SSL3_RT_QUIC_DATAGRAM) 1107 1.1 christos return; 1108 1.1 christos 1109 1.1 christos dgram_ctr++; 1110 1.1 christos } 1111 1.1 christos 1112 1.1 christos /* Test that we send multiple datagrams in one go when appropriate */ 1113 1.1 christos static int test_multiple_dgrams(void) 1114 1.1 christos { 1115 1.1 christos SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); 1116 1.1 christos SSL *clientquic = NULL; 1117 1.1 christos QUIC_TSERVER *qtserv = NULL; 1118 1.1 christos int testresult = 0; 1119 1.1 christos unsigned char *buf; 1120 1.1 christos const size_t buflen = 1400; 1121 1.1 christos size_t written; 1122 1.1 christos 1123 1.1 christos buf = OPENSSL_zalloc(buflen); 1124 1.1 christos 1125 1.1 christos if (!TEST_ptr(cctx) 1126 1.1.1.2 christos || !TEST_ptr(buf) 1127 1.1.1.2 christos || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert, 1128 1.1.1.2 christos privkey, 0, &qtserv, 1129 1.1.1.2 christos &clientquic, NULL, NULL)) 1130 1.1.1.2 christos || !TEST_true(qtest_create_quic_connection(qtserv, clientquic))) 1131 1.1 christos goto err; 1132 1.1 christos 1133 1.1 christos dgram_ctr = 0; 1134 1.1 christos SSL_set_msg_callback(clientquic, dgram_cb); 1135 1.1 christos if (!TEST_true(SSL_write_ex(clientquic, buf, buflen, &written)) 1136 1.1.1.2 christos || !TEST_size_t_eq(written, buflen) 1137 1.1.1.2 christos /* We wrote enough data for 2 datagrams */ 1138 1.1.1.2 christos || !TEST_int_eq(dgram_ctr, 2)) 1139 1.1 christos goto err; 1140 1.1 christos 1141 1.1 christos testresult = 1; 1142 1.1.1.2 christos err: 1143 1.1 christos OPENSSL_free(buf); 1144 1.1 christos SSL_free(clientquic); 1145 1.1 christos ossl_quic_tserver_free(qtserv); 1146 1.1 christos SSL_CTX_free(cctx); 1147 1.1 christos 1148 1.1 christos return testresult; 1149 1.1 christos } 1150 1.1 christos 1151 1.1 christos static int non_io_retry_cert_verify_cb(X509_STORE_CTX *ctx, void *arg) 1152 1.1 christos { 1153 1.1 christos int idx = SSL_get_ex_data_X509_STORE_CTX_idx(); 1154 1.1 christos SSL *ssl; 1155 1.1 christos const int *allow = (int *)arg; 1156 1.1 christos 1157 1.1 christos /* this should not happen but check anyway */ 1158 1.1 christos if (idx < 0 1159 1.1 christos || (ssl = X509_STORE_CTX_get_ex_data(ctx, idx)) == NULL) 1160 1.1 christos return 0; 1161 1.1 christos 1162 1.1 christos /* If this is our first attempt then retry */ 1163 1.1 christos if (*allow == 0) 1164 1.1 christos return SSL_set_retry_verify(ssl); 1165 1.1 christos 1166 1.1 christos /* Otherwise do nothing - verification succeeds. Continue as normal */ 1167 1.1 christos return 1; 1168 1.1 christos } 1169 1.1 christos 1170 1.1 christos /* Test that we can handle a non-io related retry error 1171 1.1 christos * Test 0: Non-blocking 1172 1.1 christos * Test 1: Blocking 1173 1.1 christos */ 1174 1.1 christos static int test_non_io_retry(int idx) 1175 1.1 christos { 1176 1.1 christos SSL_CTX *cctx; 1177 1.1 christos SSL *clientquic = NULL; 1178 1.1 christos QUIC_TSERVER *qtserv = NULL; 1179 1.1 christos int testresult = 0; 1180 1.1 christos int flags = 0, allow = 0; 1181 1.1 christos 1182 1.1 christos if (idx >= 1 && !qtest_supports_blocking()) 1183 1.1 christos return TEST_skip("Blocking tests not supported in this build"); 1184 1.1 christos 1185 1.1 christos cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); 1186 1.1 christos if (!TEST_ptr(cctx)) 1187 1.1 christos goto err; 1188 1.1 christos 1189 1.1 christos SSL_CTX_set_cert_verify_callback(cctx, non_io_retry_cert_verify_cb, &allow); 1190 1.1 christos 1191 1.1 christos flags = (idx >= 1) ? QTEST_FLAG_BLOCK : 0; 1192 1.1 christos if (!TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert, privkey, 1193 1.1.1.2 christos flags, &qtserv, &clientquic, NULL, 1194 1.1.1.2 christos NULL)) 1195 1.1.1.2 christos || !TEST_true(qtest_create_quic_connection_ex(qtserv, clientquic, 1196 1.1.1.2 christos SSL_ERROR_WANT_RETRY_VERIFY)) 1197 1.1.1.2 christos || !TEST_int_eq(SSL_want(clientquic), SSL_RETRY_VERIFY)) 1198 1.1 christos goto err; 1199 1.1 christos 1200 1.1 christos allow = 1; 1201 1.1 christos if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic))) 1202 1.1 christos goto err; 1203 1.1 christos 1204 1.1 christos testresult = 1; 1205 1.1.1.2 christos err: 1206 1.1 christos SSL_free(clientquic); 1207 1.1 christos ossl_quic_tserver_free(qtserv); 1208 1.1 christos SSL_CTX_free(cctx); 1209 1.1 christos 1210 1.1 christos return testresult; 1211 1.1 christos } 1212 1.1 christos 1213 1.1 christos static int use_session_cb_cnt = 0; 1214 1.1 christos static int find_session_cb_cnt = 0; 1215 1.1 christos static const char *pskid = "Identity"; 1216 1.1 christos static SSL_SESSION *serverpsk = NULL, *clientpsk = NULL; 1217 1.1 christos 1218 1.1 christos static int use_session_cb(SSL *ssl, const EVP_MD *md, const unsigned char **id, 1219 1.1.1.2 christos size_t *idlen, SSL_SESSION **sess) 1220 1.1 christos { 1221 1.1 christos use_session_cb_cnt++; 1222 1.1 christos 1223 1.1 christos if (clientpsk == NULL || !SSL_SESSION_up_ref(clientpsk)) 1224 1.1 christos return 0; 1225 1.1 christos 1226 1.1 christos *sess = clientpsk; 1227 1.1 christos *id = (const unsigned char *)pskid; 1228 1.1 christos *idlen = strlen(pskid); 1229 1.1 christos 1230 1.1 christos return 1; 1231 1.1 christos } 1232 1.1 christos 1233 1.1 christos static int find_session_cb(SSL *ssl, const unsigned char *identity, 1234 1.1.1.2 christos size_t identity_len, SSL_SESSION **sess) 1235 1.1 christos { 1236 1.1 christos find_session_cb_cnt++; 1237 1.1 christos 1238 1.1 christos if (serverpsk == NULL || !SSL_SESSION_up_ref(serverpsk)) 1239 1.1 christos return 0; 1240 1.1 christos 1241 1.1 christos /* Identity should match that set by the client */ 1242 1.1 christos if (strlen(pskid) != identity_len 1243 1.1.1.2 christos || strncmp(pskid, (const char *)identity, identity_len) != 0) { 1244 1.1 christos SSL_SESSION_free(serverpsk); 1245 1.1 christos return 0; 1246 1.1 christos } 1247 1.1 christos 1248 1.1 christos *sess = serverpsk; 1249 1.1 christos 1250 1.1 christos return 1; 1251 1.1 christos } 1252 1.1 christos 1253 1.1 christos static int test_quic_psk(void) 1254 1.1 christos { 1255 1.1 christos SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); 1256 1.1 christos SSL *clientquic = NULL; 1257 1.1 christos QUIC_TSERVER *qtserv = NULL; 1258 1.1 christos int testresult = 0; 1259 1.1 christos 1260 1.1 christos if (!TEST_ptr(cctx) 1261 1.1.1.2 christos /* No cert or private key for the server, i.e. PSK only */ 1262 1.1.1.2 christos || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, NULL, 1263 1.1.1.2 christos NULL, 0, &qtserv, 1264 1.1.1.2 christos &clientquic, NULL, NULL))) 1265 1.1 christos goto end; 1266 1.1 christos 1267 1.1 christos SSL_set_psk_use_session_callback(clientquic, use_session_cb); 1268 1.1 christos ossl_quic_tserver_set_psk_find_session_cb(qtserv, find_session_cb); 1269 1.1 christos use_session_cb_cnt = 0; 1270 1.1 christos find_session_cb_cnt = 0; 1271 1.1 christos 1272 1.1 christos clientpsk = serverpsk = create_a_psk(clientquic, SHA384_DIGEST_LENGTH); 1273 1.1 christos /* We already had one ref. Add another one */ 1274 1.1 christos if (!TEST_ptr(clientpsk) || !TEST_true(SSL_SESSION_up_ref(clientpsk))) 1275 1.1 christos goto end; 1276 1.1 christos 1277 1.1 christos if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)) 1278 1.1.1.2 christos || !TEST_int_eq(1, find_session_cb_cnt) 1279 1.1.1.2 christos || !TEST_int_eq(1, use_session_cb_cnt) 1280 1.1.1.2 christos /* Check that we actually used the PSK */ 1281 1.1.1.2 christos || !TEST_true(SSL_session_reused(clientquic))) 1282 1.1 christos goto end; 1283 1.1 christos 1284 1.1 christos testresult = 1; 1285 1.1 christos 1286 1.1.1.2 christos end: 1287 1.1 christos SSL_free(clientquic); 1288 1.1 christos ossl_quic_tserver_free(qtserv); 1289 1.1 christos SSL_CTX_free(cctx); 1290 1.1 christos SSL_SESSION_free(clientpsk); 1291 1.1 christos SSL_SESSION_free(serverpsk); 1292 1.1 christos clientpsk = serverpsk = NULL; 1293 1.1 christos 1294 1.1 christos return testresult; 1295 1.1 christos } 1296 1.1 christos 1297 1.1 christos static int test_client_auth(int idx) 1298 1.1 christos { 1299 1.1 christos SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); 1300 1.1 christos SSL_CTX *sctx = SSL_CTX_new_ex(libctx, NULL, TLS_method()); 1301 1.1 christos SSL *clientquic = NULL; 1302 1.1 christos QUIC_TSERVER *qtserv = NULL; 1303 1.1 christos int testresult = 0; 1304 1.1 christos unsigned char buf[20]; 1305 1.1 christos static char *msg = "A test message"; 1306 1.1 christos size_t msglen = strlen(msg); 1307 1.1 christos size_t numbytes = 0; 1308 1.1 christos 1309 1.1 christos if (!TEST_ptr(cctx) || !TEST_ptr(sctx)) 1310 1.1 christos goto err; 1311 1.1 christos 1312 1.1.1.2 christos SSL_CTX_set_verify(sctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_CLIENT_ONCE, NULL); 1313 1.1 christos 1314 1.1 christos if (!TEST_true(SSL_CTX_load_verify_file(sctx, cauthca))) 1315 1.1 christos goto err; 1316 1.1 christos 1317 1.1 christos if (idx > 0 1318 1.1 christos && (!TEST_true(SSL_CTX_use_certificate_chain_file(cctx, ccert)) 1319 1.1 christos || !TEST_true(SSL_CTX_use_PrivateKey_file(cctx, cprivkey, 1320 1.1.1.2 christos SSL_FILETYPE_PEM)))) 1321 1.1.1.2 christos goto err; 1322 1.1 christos 1323 1.1 christos if (!TEST_true(qtest_create_quic_objects(libctx, cctx, sctx, cert, 1324 1.1.1.2 christos privkey, 0, &qtserv, 1325 1.1.1.2 christos &clientquic, NULL, NULL))) 1326 1.1 christos goto err; 1327 1.1 christos 1328 1.1 christos if (idx > 1) { 1329 1.1 christos if (!TEST_true(ssl_ctx_add_large_cert_chain(libctx, cctx, ccert)) 1330 1.1 christos || !TEST_true(ssl_ctx_add_large_cert_chain(libctx, sctx, cert))) 1331 1.1 christos goto err; 1332 1.1 christos } 1333 1.1 christos 1334 1.1 christos if (idx == 0) { 1335 1.1 christos if (!TEST_false(qtest_create_quic_connection(qtserv, clientquic))) 1336 1.1 christos goto err; 1337 1.1 christos 1338 1.1 christos /* negative test passed */ 1339 1.1 christos testresult = 1; 1340 1.1 christos goto err; 1341 1.1 christos } 1342 1.1 christos 1343 1.1 christos if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic))) 1344 1.1 christos goto err; 1345 1.1 christos 1346 1.1 christos /* Check that sending and receiving app data is ok */ 1347 1.1 christos if (!TEST_true(SSL_write_ex(clientquic, msg, msglen, &numbytes)) 1348 1.1 christos || !TEST_size_t_eq(numbytes, msglen)) 1349 1.1 christos goto err; 1350 1.1 christos 1351 1.1 christos ossl_quic_tserver_tick(qtserv); 1352 1.1 christos if (!TEST_true(ossl_quic_tserver_write(qtserv, 0, 1353 1.1.1.2 christos (unsigned char *)msg, 1354 1.1.1.2 christos msglen, &numbytes))) 1355 1.1 christos goto err; 1356 1.1 christos 1357 1.1 christos ossl_quic_tserver_tick(qtserv); 1358 1.1 christos SSL_handle_events(clientquic); 1359 1.1 christos 1360 1.1 christos if (!TEST_true(SSL_read_ex(clientquic, buf, sizeof(buf), &numbytes)) 1361 1.1.1.2 christos || !TEST_size_t_eq(numbytes, msglen) 1362 1.1.1.2 christos || !TEST_mem_eq(buf, numbytes, msg, msglen)) 1363 1.1 christos goto err; 1364 1.1 christos 1365 1.1 christos if (!TEST_true(qtest_shutdown(qtserv, clientquic))) 1366 1.1 christos goto err; 1367 1.1 christos 1368 1.1 christos testresult = 1; 1369 1.1 christos 1370 1.1.1.2 christos err: 1371 1.1 christos SSL_free(clientquic); 1372 1.1 christos ossl_quic_tserver_free(qtserv); 1373 1.1 christos SSL_CTX_free(sctx); 1374 1.1 christos SSL_CTX_free(cctx); 1375 1.1 christos 1376 1.1 christos return testresult; 1377 1.1 christos } 1378 1.1 christos 1379 1.1 christos /* 1380 1.1 christos * Test that we correctly handle ALPN supplied by the application 1381 1.1 christos * Test 0: ALPN is provided 1382 1.1 christos * Test 1: No ALPN is provided 1383 1.1 christos */ 1384 1.1 christos static int test_alpn(int idx) 1385 1.1 christos { 1386 1.1 christos SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); 1387 1.1 christos SSL *clientquic = NULL; 1388 1.1 christos QUIC_TSERVER *qtserv = NULL; 1389 1.1 christos int testresult = 0; 1390 1.1 christos int ret; 1391 1.1 christos 1392 1.1 christos /* 1393 1.1 christos * Ensure we only configure ciphersuites that are available with both the 1394 1.1 christos * default and fips providers to get the same output in both cases 1395 1.1 christos */ 1396 1.1 christos if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_128_GCM_SHA256"))) 1397 1.1 christos goto err; 1398 1.1 christos 1399 1.1 christos if (!TEST_ptr(cctx) 1400 1.1.1.2 christos || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert, 1401 1.1.1.2 christos privkey, 1402 1.1.1.2 christos QTEST_FLAG_FAKE_TIME, 1403 1.1.1.2 christos &qtserv, 1404 1.1.1.2 christos &clientquic, NULL, NULL))) 1405 1.1 christos goto err; 1406 1.1 christos 1407 1.1 christos if (idx == 0) { 1408 1.1 christos /* 1409 1.1.1.2 christos * Clear the ALPN we set in qtest_create_quic_objects. We use TEST_false 1410 1.1.1.2 christos * because SSL_set_alpn_protos returns 0 for success. 1411 1.1.1.2 christos */ 1412 1.1 christos if (!TEST_false(SSL_set_alpn_protos(clientquic, NULL, 0))) 1413 1.1 christos goto err; 1414 1.1 christos } 1415 1.1 christos 1416 1.1 christos ret = SSL_connect(clientquic); 1417 1.1 christos if (!TEST_int_le(ret, 0)) 1418 1.1 christos goto err; 1419 1.1 christos if (idx == 0) { 1420 1.1 christos /* We expect an immediate error due to lack of ALPN */ 1421 1.1 christos if (!TEST_int_eq(SSL_get_error(clientquic, ret), SSL_ERROR_SSL)) 1422 1.1 christos goto err; 1423 1.1 christos } else { 1424 1.1 christos /* ALPN was provided so we expect the connection to succeed */ 1425 1.1 christos if (!TEST_int_eq(SSL_get_error(clientquic, ret), SSL_ERROR_WANT_READ) 1426 1.1.1.2 christos || !TEST_true(qtest_create_quic_connection(qtserv, clientquic))) 1427 1.1 christos goto err; 1428 1.1 christos } 1429 1.1 christos 1430 1.1 christos testresult = 1; 1431 1.1.1.2 christos err: 1432 1.1 christos ossl_quic_tserver_free(qtserv); 1433 1.1 christos SSL_free(clientquic); 1434 1.1 christos SSL_CTX_free(cctx); 1435 1.1 christos 1436 1.1 christos return testresult; 1437 1.1 christos } 1438 1.1 christos 1439 1.1 christos /* 1440 1.1 christos * Test SSL_get_shutdown() behavior. 1441 1.1 christos */ 1442 1.1 christos static int test_get_shutdown(void) 1443 1.1 christos { 1444 1.1 christos SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); 1445 1.1 christos SSL *clientquic = NULL; 1446 1.1 christos QUIC_TSERVER *qtserv = NULL; 1447 1.1 christos int testresult = 0; 1448 1.1 christos 1449 1.1 christos if (!TEST_ptr(cctx) 1450 1.1.1.2 christos || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert, 1451 1.1.1.2 christos privkey, 1452 1.1.1.2 christos QTEST_FLAG_FAKE_TIME, 1453 1.1.1.2 christos &qtserv, &clientquic, 1454 1.1.1.2 christos NULL, NULL)) 1455 1.1.1.2 christos || !TEST_true(qtest_create_quic_connection(qtserv, clientquic))) 1456 1.1 christos goto err; 1457 1.1 christos 1458 1.1 christos if (!TEST_int_eq(SSL_get_shutdown(clientquic), 0)) 1459 1.1 christos goto err; 1460 1.1 christos 1461 1.1 christos if (!TEST_int_eq(SSL_shutdown(clientquic), 0)) 1462 1.1 christos goto err; 1463 1.1 christos 1464 1.1 christos if (!TEST_int_eq(SSL_get_shutdown(clientquic), SSL_SENT_SHUTDOWN)) 1465 1.1 christos goto err; 1466 1.1 christos 1467 1.1 christos do { 1468 1.1 christos ossl_quic_tserver_tick(qtserv); 1469 1.1 christos qtest_add_time(100); 1470 1.1 christos } while (SSL_shutdown(clientquic) == 0); 1471 1.1 christos 1472 1.1 christos if (!TEST_int_eq(SSL_get_shutdown(clientquic), 1473 1.1.1.2 christos SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) 1474 1.1 christos goto err; 1475 1.1 christos 1476 1.1 christos testresult = 1; 1477 1.1.1.2 christos err: 1478 1.1 christos ossl_quic_tserver_free(qtserv); 1479 1.1 christos SSL_free(clientquic); 1480 1.1 christos SSL_CTX_free(cctx); 1481 1.1 christos 1482 1.1 christos return testresult; 1483 1.1 christos } 1484 1.1 christos 1485 1.1.1.2 christos #define MAX_LOOPS 2000 1486 1.1 christos 1487 1.1 christos /* 1488 1.1 christos * Keep retrying SSL_read_ex until it succeeds or we give up. Accept a stream 1489 1.1 christos * if we don't already have one 1490 1.1 christos */ 1491 1.1 christos static int unreliable_client_read(SSL *clientquic, SSL **stream, void *buf, 1492 1.1.1.2 christos size_t buflen, size_t *readbytes, 1493 1.1.1.2 christos QUIC_TSERVER *qtserv) 1494 1.1 christos { 1495 1.1 christos int abortctr; 1496 1.1 christos 1497 1.1 christos /* We just do this in a loop with a sleep for simplicity */ 1498 1.1 christos for (abortctr = 0; abortctr < MAX_LOOPS; abortctr++) { 1499 1.1 christos if (*stream == NULL) { 1500 1.1 christos SSL_handle_events(clientquic); 1501 1.1 christos *stream = SSL_accept_stream(clientquic, 0); 1502 1.1 christos } 1503 1.1 christos 1504 1.1 christos if (*stream != NULL) { 1505 1.1 christos if (SSL_read_ex(*stream, buf, buflen, readbytes)) 1506 1.1 christos return 1; 1507 1.1 christos if (!TEST_int_eq(SSL_get_error(*stream, 0), SSL_ERROR_WANT_READ)) 1508 1.1 christos return 0; 1509 1.1 christos } 1510 1.1 christos ossl_quic_tserver_tick(qtserv); 1511 1.1 christos qtest_add_time(1); 1512 1.1 christos qtest_wait_for_timeout(clientquic, qtserv); 1513 1.1 christos } 1514 1.1 christos 1515 1.1 christos TEST_error("No progress made"); 1516 1.1 christos return 0; 1517 1.1 christos } 1518 1.1 christos 1519 1.1 christos /* Keep retrying ossl_quic_tserver_read until it succeeds or we give up */ 1520 1.1 christos static int unreliable_server_read(QUIC_TSERVER *qtserv, uint64_t sid, 1521 1.1.1.2 christos void *buf, size_t buflen, size_t *readbytes, 1522 1.1.1.2 christos SSL *clientquic) 1523 1.1 christos { 1524 1.1 christos int abortctr; 1525 1.1 christos 1526 1.1 christos /* We just do this in a loop with a sleep for simplicity */ 1527 1.1 christos for (abortctr = 0; abortctr < MAX_LOOPS; abortctr++) { 1528 1.1 christos if (ossl_quic_tserver_read(qtserv, sid, buf, buflen, readbytes) 1529 1.1.1.2 christos && *readbytes > 1) 1530 1.1 christos return 1; 1531 1.1 christos ossl_quic_tserver_tick(qtserv); 1532 1.1 christos SSL_handle_events(clientquic); 1533 1.1 christos qtest_add_time(1); 1534 1.1 christos qtest_wait_for_timeout(clientquic, qtserv); 1535 1.1 christos } 1536 1.1 christos 1537 1.1 christos TEST_error("No progress made"); 1538 1.1 christos return 0; 1539 1.1 christos } 1540 1.1 christos 1541 1.1 christos /* 1542 1.1 christos * Create a connection and send data using an unreliable transport. We introduce 1543 1.1 christos * random noise to drop, delay and duplicate datagrams. 1544 1.1 christos * Test 0: Introduce random noise to datagrams 1545 1.1 christos * Test 1: As with test 0 but also split datagrams containing multiple packets 1546 1.1 christos * into individual datagrams so that individual packets can be affected 1547 1.1 christos * by noise - not just a whole datagram. 1548 1.1 christos */ 1549 1.1 christos static int test_noisy_dgram(int idx) 1550 1.1 christos { 1551 1.1 christos SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); 1552 1.1 christos SSL *clientquic = NULL, *stream[2] = { NULL, NULL }; 1553 1.1 christos QUIC_TSERVER *qtserv = NULL; 1554 1.1 christos int testresult = 0; 1555 1.1 christos uint64_t sid = 0; 1556 1.1 christos char *msg = "Hello world!"; 1557 1.1 christos size_t msglen = strlen(msg), written, readbytes, i, j; 1558 1.1 christos unsigned char buf[80]; 1559 1.1 christos int flags = QTEST_FLAG_NOISE | QTEST_FLAG_FAKE_TIME; 1560 1.1 christos QTEST_FAULT *fault = NULL; 1561 1.1 christos 1562 1.1 christos if (idx == 1) 1563 1.1 christos flags |= QTEST_FLAG_PACKET_SPLIT; 1564 1.1 christos 1565 1.1 christos if (!TEST_ptr(cctx) 1566 1.1.1.2 christos || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert, 1567 1.1.1.2 christos privkey, flags, 1568 1.1.1.2 christos &qtserv, 1569 1.1.1.2 christos &clientquic, &fault, NULL))) 1570 1.1 christos goto err; 1571 1.1 christos 1572 1.1 christos if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic))) 1573 1.1.1.2 christos goto err; 1574 1.1 christos 1575 1.1 christos if (!TEST_true(SSL_set_incoming_stream_policy(clientquic, 1576 1.1.1.2 christos SSL_INCOMING_STREAM_POLICY_ACCEPT, 1577 1.1.1.2 christos 0)) 1578 1.1.1.2 christos || !TEST_true(SSL_set_default_stream_mode(clientquic, 1579 1.1.1.2 christos SSL_DEFAULT_STREAM_MODE_NONE))) 1580 1.1 christos goto err; 1581 1.1 christos 1582 1.1 christos for (j = 0; j < 2; j++) { 1583 1.1 christos if (!TEST_true(ossl_quic_tserver_stream_new(qtserv, 0, &sid))) 1584 1.1 christos goto err; 1585 1.1 christos ossl_quic_tserver_tick(qtserv); 1586 1.1 christos qtest_add_time(1); 1587 1.1 christos 1588 1.1 christos /* 1589 1.1 christos * Send data from the server to the client. Some datagrams may get 1590 1.1 christos * lost, modified, dropped or re-ordered. We repeat 20 times to ensure 1591 1.1 christos * we are sending enough datagrams for problems to be noticed. 1592 1.1 christos */ 1593 1.1 christos for (i = 0; i < 20; i++) { 1594 1.1 christos if (!TEST_true(ossl_quic_tserver_write(qtserv, sid, 1595 1.1.1.2 christos (unsigned char *)msg, msglen, 1596 1.1.1.2 christos &written)) 1597 1.1.1.2 christos || !TEST_size_t_eq(msglen, written)) 1598 1.1 christos goto err; 1599 1.1 christos ossl_quic_tserver_tick(qtserv); 1600 1.1 christos qtest_add_time(1); 1601 1.1 christos 1602 1.1 christos /* 1603 1.1 christos * Since the underlying BIO is now noisy we may get failures that 1604 1.1 christos * need to be retried - so we use unreliable_client_read() to 1605 1.1 christos * handle that 1606 1.1 christos */ 1607 1.1 christos if (!TEST_true(unreliable_client_read(clientquic, &stream[j], buf, 1608 1.1.1.2 christos sizeof(buf), &readbytes, 1609 1.1.1.2 christos qtserv)) 1610 1.1.1.2 christos || !TEST_mem_eq(msg, msglen, buf, readbytes)) 1611 1.1 christos goto err; 1612 1.1 christos } 1613 1.1 christos 1614 1.1 christos /* Send data from the client to the server */ 1615 1.1 christos for (i = 0; i < 20; i++) { 1616 1.1 christos if (!TEST_true(SSL_write_ex(stream[j], (unsigned char *)msg, 1617 1.1.1.2 christos msglen, &written)) 1618 1.1.1.2 christos || !TEST_size_t_eq(msglen, written)) 1619 1.1 christos goto err; 1620 1.1 christos 1621 1.1 christos ossl_quic_tserver_tick(qtserv); 1622 1.1 christos qtest_add_time(1); 1623 1.1 christos 1624 1.1 christos /* 1625 1.1 christos * Since the underlying BIO is now noisy we may get failures that 1626 1.1 christos * need to be retried - so we use unreliable_server_read() to 1627 1.1 christos * handle that 1628 1.1 christos */ 1629 1.1 christos if (!TEST_true(unreliable_server_read(qtserv, sid, buf, sizeof(buf), 1630 1.1.1.2 christos &readbytes, clientquic)) 1631 1.1.1.2 christos || !TEST_mem_eq(msg, msglen, buf, readbytes)) 1632 1.1 christos goto err; 1633 1.1 christos } 1634 1.1 christos } 1635 1.1 christos 1636 1.1 christos testresult = 1; 1637 1.1.1.2 christos err: 1638 1.1 christos ossl_quic_tserver_free(qtserv); 1639 1.1 christos SSL_free(stream[0]); 1640 1.1 christos SSL_free(stream[1]); 1641 1.1 christos SSL_free(clientquic); 1642 1.1 christos SSL_CTX_free(cctx); 1643 1.1 christos qtest_fault_free(fault); 1644 1.1 christos 1645 1.1 christos return testresult; 1646 1.1 christos } 1647 1.1 christos 1648 1.1 christos /* 1649 1.1 christos * Create a connection and send some big data using a transport with limited bandwidth. 1650 1.1 christos */ 1651 1.1 christos 1652 1.1.1.2 christos #define TEST_TRANSFER_DATA_SIZE (2 * 1024 * 1024) /* 2 MBytes */ 1653 1.1.1.2 christos #define TEST_SINGLE_WRITE_SIZE (16 * 1024) /* 16 kBytes */ 1654 1.1.1.2 christos #define TEST_BW_LIMIT 1000 /* 1000 Bytes/ms */ 1655 1.1 christos static int test_bw_limit(void) 1656 1.1 christos { 1657 1.1 christos SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); 1658 1.1 christos SSL *clientquic = NULL; 1659 1.1 christos QUIC_TSERVER *qtserv = NULL; 1660 1.1 christos int testresult = 0; 1661 1.1 christos unsigned char *msg = NULL, *recvbuf = NULL; 1662 1.1 christos size_t sendlen = TEST_TRANSFER_DATA_SIZE; 1663 1.1 christos size_t recvlen = TEST_TRANSFER_DATA_SIZE; 1664 1.1 christos size_t written, readbytes; 1665 1.1 christos int flags = QTEST_FLAG_NOISE | QTEST_FLAG_FAKE_TIME; 1666 1.1 christos QTEST_FAULT *fault = NULL; 1667 1.1 christos uint64_t real_bw; 1668 1.1 christos 1669 1.1 christos if (!TEST_ptr(cctx) 1670 1.1.1.2 christos || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert, 1671 1.1.1.2 christos privkey, flags, 1672 1.1.1.2 christos &qtserv, 1673 1.1.1.2 christos &clientquic, &fault, NULL))) 1674 1.1 christos goto err; 1675 1.1 christos 1676 1.1 christos if (!TEST_ptr(msg = OPENSSL_zalloc(TEST_SINGLE_WRITE_SIZE)) 1677 1.1 christos || !TEST_ptr(recvbuf = OPENSSL_zalloc(TEST_SINGLE_WRITE_SIZE))) 1678 1.1 christos goto err; 1679 1.1 christos 1680 1.1 christos /* Set BW to 1000 Bytes/ms -> 1MByte/s both ways */ 1681 1.1 christos if (!TEST_true(qtest_fault_set_bw_limit(fault, 1000, 1000, 0))) 1682 1.1 christos goto err; 1683 1.1 christos 1684 1.1 christos if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic))) 1685 1.1.1.2 christos goto err; 1686 1.1 christos 1687 1.1 christos qtest_start_stopwatch(); 1688 1.1 christos 1689 1.1 christos while (recvlen > 0) { 1690 1.1 christos qtest_add_time(1); 1691 1.1 christos 1692 1.1 christos if (sendlen > 0) { 1693 1.1 christos if (!SSL_write_ex(clientquic, msg, 1694 1.1.1.2 christos sendlen > TEST_SINGLE_WRITE_SIZE ? TEST_SINGLE_WRITE_SIZE 1695 1.1.1.2 christos : sendlen, 1696 1.1.1.2 christos &written)) { 1697 1.1.1.2 christos TEST_info("Retrying to send: %llu", (unsigned long long)sendlen); 1698 1.1 christos if (!TEST_int_eq(SSL_get_error(clientquic, 0), SSL_ERROR_WANT_WRITE)) 1699 1.1 christos goto err; 1700 1.1 christos } else { 1701 1.1 christos sendlen -= written; 1702 1.1.1.2 christos TEST_info("Remaining to send: %llu", (unsigned long long)sendlen); 1703 1.1 christos } 1704 1.1 christos } else { 1705 1.1 christos SSL_handle_events(clientquic); 1706 1.1 christos } 1707 1.1 christos 1708 1.1 christos if (ossl_quic_tserver_read(qtserv, 0, recvbuf, 1709 1.1.1.2 christos recvlen > TEST_SINGLE_WRITE_SIZE ? TEST_SINGLE_WRITE_SIZE 1710 1.1.1.2 christos : recvlen, 1711 1.1.1.2 christos &readbytes) 1712 1.1 christos && readbytes > 1) { 1713 1.1 christos recvlen -= readbytes; 1714 1.1.1.2 christos TEST_info("Remaining to recv: %llu", (unsigned long long)recvlen); 1715 1.1 christos } else { 1716 1.1.1.2 christos TEST_info("No progress on recv: %llu", (unsigned long long)recvlen); 1717 1.1 christos } 1718 1.1 christos ossl_quic_tserver_tick(qtserv); 1719 1.1 christos } 1720 1.1 christos real_bw = TEST_TRANSFER_DATA_SIZE / qtest_get_stopwatch_time(); 1721 1.1 christos 1722 1.1 christos TEST_info("BW limit: %d Bytes/ms Real bandwidth reached: %llu Bytes/ms", 1723 1.1.1.2 christos TEST_BW_LIMIT, (unsigned long long)real_bw); 1724 1.1 christos 1725 1.1 christos if (!TEST_uint64_t_lt(real_bw, TEST_BW_LIMIT)) 1726 1.1 christos goto err; 1727 1.1 christos 1728 1.1 christos testresult = 1; 1729 1.1.1.2 christos err: 1730 1.1 christos OPENSSL_free(msg); 1731 1.1 christos OPENSSL_free(recvbuf); 1732 1.1 christos ossl_quic_tserver_free(qtserv); 1733 1.1 christos SSL_free(clientquic); 1734 1.1 christos SSL_CTX_free(cctx); 1735 1.1 christos qtest_fault_free(fault); 1736 1.1 christos 1737 1.1 christos return testresult; 1738 1.1 christos } 1739 1.1 christos 1740 1.1 christos enum { 1741 1.1 christos TPARAM_OP_DUP, 1742 1.1 christos TPARAM_OP_DROP, 1743 1.1 christos TPARAM_OP_INJECT, 1744 1.1 christos TPARAM_OP_INJECT_TWICE, 1745 1.1 christos TPARAM_OP_INJECT_RAW, 1746 1.1 christos TPARAM_OP_DROP_INJECT, 1747 1.1 christos TPARAM_OP_MUTATE 1748 1.1 christos }; 1749 1.1 christos 1750 1.1 christos #define TPARAM_CHECK_DUP(name, reason) \ 1751 1.1 christos { QUIC_TPARAM_##name, TPARAM_OP_DUP, (reason) }, 1752 1.1 christos #define TPARAM_CHECK_DROP(name, reason) \ 1753 1.1 christos { QUIC_TPARAM_##name, TPARAM_OP_DROP, (reason) }, 1754 1.1 christos #define TPARAM_CHECK_INJECT(name, buf, buf_len, reason) \ 1755 1.1.1.2 christos { QUIC_TPARAM_##name, TPARAM_OP_INJECT, (reason), \ 1756 1.1.1.2 christos (buf), (buf_len) }, 1757 1.1 christos #define TPARAM_CHECK_INJECT_A(name, buf, reason) \ 1758 1.1 christos TPARAM_CHECK_INJECT(name, buf, sizeof(buf), reason) 1759 1.1 christos #define TPARAM_CHECK_DROP_INJECT(name, buf, buf_len, reason) \ 1760 1.1.1.2 christos { QUIC_TPARAM_##name, TPARAM_OP_DROP_INJECT, (reason), \ 1761 1.1.1.2 christos (buf), (buf_len) }, 1762 1.1 christos #define TPARAM_CHECK_DROP_INJECT_A(name, buf, reason) \ 1763 1.1 christos TPARAM_CHECK_DROP_INJECT(name, buf, sizeof(buf), reason) 1764 1.1 christos #define TPARAM_CHECK_INJECT_TWICE(name, buf, buf_len, reason) \ 1765 1.1.1.2 christos { QUIC_TPARAM_##name, TPARAM_OP_INJECT_TWICE, (reason), \ 1766 1.1.1.2 christos (buf), (buf_len) }, 1767 1.1 christos #define TPARAM_CHECK_INJECT_TWICE_A(name, buf, reason) \ 1768 1.1 christos TPARAM_CHECK_INJECT_TWICE(name, buf, sizeof(buf), reason) 1769 1.1 christos #define TPARAM_CHECK_INJECT_RAW(buf, buf_len, reason) \ 1770 1.1.1.2 christos { 0, TPARAM_OP_INJECT_RAW, (reason), \ 1771 1.1.1.2 christos (buf), (buf_len) }, 1772 1.1 christos #define TPARAM_CHECK_INJECT_RAW_A(buf, reason) \ 1773 1.1 christos TPARAM_CHECK_INJECT_RAW(buf, sizeof(buf), reason) 1774 1.1 christos #define TPARAM_CHECK_MUTATE(name, reason) \ 1775 1.1 christos { QUIC_TPARAM_##name, TPARAM_OP_MUTATE, (reason) }, 1776 1.1.1.2 christos #define TPARAM_CHECK_INT(name, reason) \ 1777 1.1.1.2 christos TPARAM_CHECK_DROP_INJECT(name, NULL, 0, reason) \ 1778 1.1 christos TPARAM_CHECK_DROP_INJECT_A(name, bogus_int, reason) \ 1779 1.1 christos TPARAM_CHECK_DROP_INJECT_A(name, int_with_trailer, reason) 1780 1.1 christos 1781 1.1 christos struct tparam_test { 1782 1.1.1.2 christos uint64_t id; 1783 1.1.1.2 christos int op; 1784 1.1.1.2 christos const char *expect_fail; /* substring to expect in reason */ 1785 1.1.1.2 christos const void *buf; 1786 1.1.1.2 christos size_t buf_len; 1787 1.1 christos }; 1788 1.1 christos 1789 1.1 christos static const unsigned char disable_active_migration_1[] = { 1790 1.1 christos 0x00 1791 1.1 christos }; 1792 1.1 christos 1793 1.1 christos static const unsigned char malformed_stateless_reset_token_1[] = { 1794 1.1 christos 0x02, 0xff 1795 1.1 christos }; 1796 1.1 christos 1797 1.1 christos static const unsigned char malformed_stateless_reset_token_2[] = { 1798 1.1 christos 0x01 1799 1.1 christos }; 1800 1.1 christos 1801 1.1 christos static const unsigned char malformed_stateless_reset_token_3[15] = { 0 }; 1802 1.1 christos 1803 1.1 christos static const unsigned char malformed_stateless_reset_token_4[17] = { 0 }; 1804 1.1 christos 1805 1.1 christos static const unsigned char malformed_preferred_addr_1[] = { 1806 1.1 christos 0x0d, 0xff 1807 1.1 christos }; 1808 1.1 christos 1809 1.1 christos static const unsigned char malformed_preferred_addr_2[42] = { 1810 1.1.1.2 christos 0x0d, 1811 1.1.1.2 christos 0x28, /* too short */ 1812 1.1 christos }; 1813 1.1 christos 1814 1.1 christos static const unsigned char malformed_preferred_addr_3[64] = { 1815 1.1.1.2 christos 0x0d, 1816 1.1.1.2 christos 0x3e, /* too long */ 1817 1.1 christos }; 1818 1.1 christos 1819 1.1 christos static const unsigned char malformed_preferred_addr_4[] = { 1820 1.1 christos /* TPARAM too short for CID length indicated */ 1821 1.1.1.2 christos 0x0d, 1822 1.1.1.2 christos 0x29, 1823 1.1.1.2 christos 0x00, 1824 1.1.1.2 christos 0x00, 1825 1.1.1.2 christos 0x00, 1826 1.1.1.2 christos 0x00, 1827 1.1.1.2 christos 0x00, 1828 1.1.1.2 christos 0x00, 1829 1.1.1.2 christos 0x00, 1830 1.1.1.2 christos 0x00, 1831 1.1.1.2 christos 0x00, 1832 1.1.1.2 christos 0x00, 1833 1.1.1.2 christos 0x00, 1834 1.1.1.2 christos 0x00, 1835 1.1.1.2 christos 0x00, 1836 1.1.1.2 christos 0x00, 1837 1.1.1.2 christos 0x00, 1838 1.1.1.2 christos 0x00, 1839 1.1.1.2 christos 0x00, 1840 1.1.1.2 christos 0x00, 1841 1.1.1.2 christos 0x00, 1842 1.1.1.2 christos 0x00, 1843 1.1.1.2 christos 0x00, 1844 1.1.1.2 christos 0x00, 1845 1.1.1.2 christos 0x00, 1846 1.1.1.2 christos 0x00, 1847 1.1.1.2 christos 0x01, 1848 1.1.1.2 christos 0x55, 1849 1.1.1.2 christos 0x00, 1850 1.1.1.2 christos 0x00, 1851 1.1.1.2 christos 0x00, 1852 1.1.1.2 christos 0x00, 1853 1.1.1.2 christos 0x00, 1854 1.1.1.2 christos 0x00, 1855 1.1.1.2 christos 0x00, 1856 1.1.1.2 christos 0x00, 1857 1.1.1.2 christos 0x00, 1858 1.1.1.2 christos 0x00, 1859 1.1.1.2 christos 0x00, 1860 1.1.1.2 christos 0x00, 1861 1.1.1.2 christos 0x00, 1862 1.1.1.2 christos 0x00, 1863 1.1.1.2 christos 0x00, 1864 1.1.1.2 christos 0x00, 1865 1.1 christos }; 1866 1.1 christos 1867 1.1 christos static const unsigned char malformed_unknown_1[] = { 1868 1.1 christos 0xff 1869 1.1 christos }; 1870 1.1 christos 1871 1.1 christos static const unsigned char malformed_unknown_2[] = { 1872 1.1.1.2 christos 0x55, 1873 1.1.1.2 christos 0x55, 1874 1.1 christos }; 1875 1.1 christos 1876 1.1 christos static const unsigned char malformed_unknown_3[] = { 1877 1.1.1.2 christos 0x55, 1878 1.1.1.2 christos 0x55, 1879 1.1.1.2 christos 0x01, 1880 1.1 christos }; 1881 1.1 christos 1882 1.1 christos static const unsigned char ack_delay_exp[] = { 1883 1.1 christos 0x03 1884 1.1 christos }; 1885 1.1 christos 1886 1.1 christos static const unsigned char stateless_reset_token[16] = { 0x42 }; 1887 1.1 christos 1888 1.1 christos static const unsigned char preferred_addr[] = { 1889 1.1.1.2 christos 0x44, 1890 1.1.1.2 christos 0x44, 1891 1.1.1.2 christos 0x44, 1892 1.1.1.2 christos 0x44, 1893 1.1.1.2 christos 0x55, 1894 1.1.1.2 christos 0x55, 1895 1.1.1.2 christos 0x66, 1896 1.1.1.2 christos 0x66, 1897 1.1.1.2 christos 0x66, 1898 1.1.1.2 christos 0x66, 1899 1.1.1.2 christos 0x66, 1900 1.1.1.2 christos 0x66, 1901 1.1.1.2 christos 0x66, 1902 1.1.1.2 christos 0x66, 1903 1.1.1.2 christos 0x66, 1904 1.1.1.2 christos 0x66, 1905 1.1.1.2 christos 0x66, 1906 1.1.1.2 christos 0x66, 1907 1.1.1.2 christos 0x66, 1908 1.1.1.2 christos 0x66, 1909 1.1.1.2 christos 0x66, 1910 1.1.1.2 christos 0x66, 1911 1.1.1.2 christos 0x77, 1912 1.1.1.2 christos 0x77, 1913 1.1.1.2 christos 0x02, 1914 1.1.1.2 christos 0xAA, 1915 1.1.1.2 christos 0xBB, 1916 1.1.1.2 christos 0x99, 1917 1.1.1.2 christos 0x99, 1918 1.1.1.2 christos 0x99, 1919 1.1.1.2 christos 0x99, 1920 1.1.1.2 christos 0x99, 1921 1.1.1.2 christos 0x99, 1922 1.1.1.2 christos 0x99, 1923 1.1.1.2 christos 0x99, 1924 1.1.1.2 christos 0x99, 1925 1.1.1.2 christos 0x99, 1926 1.1.1.2 christos 0x99, 1927 1.1.1.2 christos 0x99, 1928 1.1.1.2 christos 0x99, 1929 1.1.1.2 christos 0x99, 1930 1.1.1.2 christos 0x99, 1931 1.1.1.2 christos 0x99, 1932 1.1 christos }; 1933 1.1 christos 1934 1.1 christos static const unsigned char long_cid[21] = { 0x42 }; 1935 1.1 christos 1936 1.1 christos static const unsigned char excess_ack_delay_exp[] = { 1937 1.1 christos 0x15, 1938 1.1 christos }; 1939 1.1 christos 1940 1.1 christos static const unsigned char excess_max_ack_delay[] = { 1941 1.1.1.2 christos 0xC0, 1942 1.1.1.2 christos 0x00, 1943 1.1.1.2 christos 0x00, 1944 1.1.1.2 christos 0x00, 1945 1.1.1.2 christos 0x00, 1946 1.1.1.2 christos 0x00, 1947 1.1.1.2 christos 0x40, 1948 1.1.1.2 christos 0x00, 1949 1.1 christos }; 1950 1.1 christos 1951 1.1 christos static const unsigned char excess_initial_max_streams[] = { 1952 1.1.1.2 christos 0xD0, 1953 1.1.1.2 christos 0x00, 1954 1.1.1.2 christos 0x00, 1955 1.1.1.2 christos 0x00, 1956 1.1.1.2 christos 0x00, 1957 1.1.1.2 christos 0x00, 1958 1.1.1.2 christos 0x00, 1959 1.1.1.2 christos 0x01, 1960 1.1 christos }; 1961 1.1 christos 1962 1.1 christos static const unsigned char undersize_udp_payload_size[] = { 1963 1.1.1.2 christos 0xC0, 1964 1.1.1.2 christos 0x00, 1965 1.1.1.2 christos 0x00, 1966 1.1.1.2 christos 0x00, 1967 1.1.1.2 christos 0x00, 1968 1.1.1.2 christos 0x00, 1969 1.1.1.2 christos 0x04, 1970 1.1.1.2 christos 0xaf, 1971 1.1 christos }; 1972 1.1 christos 1973 1.1 christos static const unsigned char undersize_active_conn_id_limit[] = { 1974 1.1.1.2 christos 0xC0, 1975 1.1.1.2 christos 0x00, 1976 1.1.1.2 christos 0x00, 1977 1.1.1.2 christos 0x00, 1978 1.1.1.2 christos 0x00, 1979 1.1.1.2 christos 0x00, 1980 1.1.1.2 christos 0x00, 1981 1.1.1.2 christos 0x01, 1982 1.1 christos }; 1983 1.1 christos 1984 1.1 christos static const unsigned char bogus_int[9] = { 0 }; 1985 1.1 christos 1986 1.1 christos static const unsigned char int_with_trailer[2] = { 0x01 }; 1987 1.1 christos 1988 1.1.1.2 christos #define QUIC_TPARAM_UNKNOWN_1 0xf1f1 1989 1.1 christos 1990 1.1 christos static const struct tparam_test tparam_tests[] = { 1991 1.1 christos TPARAM_CHECK_DUP(ORIG_DCID, 1992 1.1.1.2 christos "ORIG_DCID appears multiple times") 1993 1.1.1.2 christos TPARAM_CHECK_DUP(INITIAL_SCID, 1994 1.1.1.2 christos "INITIAL_SCID appears multiple times") 1995 1.1.1.2 christos TPARAM_CHECK_DUP(INITIAL_MAX_DATA, 1996 1.1.1.2 christos "INITIAL_MAX_DATA appears multiple times") 1997 1.1.1.2 christos TPARAM_CHECK_DUP(INITIAL_MAX_STREAM_DATA_BIDI_LOCAL, 1998 1.1.1.2 christos "INITIAL_MAX_STREAM_DATA_BIDI_LOCAL appears multiple times") 1999 1.1.1.2 christos TPARAM_CHECK_DUP(INITIAL_MAX_STREAM_DATA_BIDI_REMOTE, 2000 1.1.1.2 christos "INITIAL_MAX_STREAM_DATA_BIDI_REMOTE appears multiple times") 2001 1.1.1.2 christos TPARAM_CHECK_DUP(INITIAL_MAX_STREAM_DATA_UNI, 2002 1.1.1.2 christos "INITIAL_MAX_STREAM_DATA_UNI appears multiple times") 2003 1.1.1.2 christos TPARAM_CHECK_DUP(INITIAL_MAX_STREAMS_BIDI, 2004 1.1.1.2 christos "INITIAL_MAX_STREAMS_BIDI appears multiple times") 2005 1.1.1.2 christos TPARAM_CHECK_DUP(INITIAL_MAX_STREAMS_UNI, 2006 1.1.1.2 christos "INITIAL_MAX_STREAMS_UNI appears multiple times") 2007 1.1.1.2 christos TPARAM_CHECK_DUP(MAX_IDLE_TIMEOUT, 2008 1.1.1.2 christos "MAX_IDLE_TIMEOUT appears multiple times") 2009 1.1.1.2 christos TPARAM_CHECK_DUP(MAX_UDP_PAYLOAD_SIZE, 2010 1.1.1.2 christos "MAX_UDP_PAYLOAD_SIZE appears multiple times") 2011 1.1.1.2 christos TPARAM_CHECK_DUP(ACTIVE_CONN_ID_LIMIT, 2012 1.1.1.2 christos "ACTIVE_CONN_ID_LIMIT appears multiple times") 2013 1.1.1.2 christos TPARAM_CHECK_DUP(DISABLE_ACTIVE_MIGRATION, 2014 1.1.1.2 christos "DISABLE_ACTIVE_MIGRATION appears multiple times") 2015 1.1.1.2 christos 2016 1.1.1.2 christos TPARAM_CHECK_DROP(INITIAL_SCID, 2017 1.1.1.2 christos "INITIAL_SCID was not sent but is required") 2018 1.1.1.2 christos TPARAM_CHECK_DROP(ORIG_DCID, 2019 1.1.1.2 christos "ORIG_DCID was not sent but is required") 2020 1.1.1.2 christos 2021 1.1.1.2 christos TPARAM_CHECK_DROP_INJECT_A(DISABLE_ACTIVE_MIGRATION, disable_active_migration_1, 2022 1.1.1.2 christos "DISABLE_ACTIVE_MIGRATION is malformed") 2023 1.1.1.2 christos TPARAM_CHECK_INJECT(UNKNOWN_1, NULL, 0, 2024 1.1.1.2 christos NULL) 2025 1.1.1.2 christos TPARAM_CHECK_INJECT_RAW_A(malformed_stateless_reset_token_1, 2026 1.1.1.2 christos "STATELESS_RESET_TOKEN is malformed") 2027 1.1.1.2 christos TPARAM_CHECK_INJECT_A(STATELESS_RESET_TOKEN, 2028 1.1.1.2 christos malformed_stateless_reset_token_2, 2029 1.1.1.2 christos "STATELESS_RESET_TOKEN is malformed") 2030 1.1.1.2 christos TPARAM_CHECK_INJECT_A(STATELESS_RESET_TOKEN, 2031 1.1.1.2 christos malformed_stateless_reset_token_3, 2032 1.1.1.2 christos "STATELESS_RESET_TOKEN is malformed") 2033 1.1.1.2 christos TPARAM_CHECK_INJECT_A(STATELESS_RESET_TOKEN, 2034 1.1.1.2 christos malformed_stateless_reset_token_4, 2035 1.1.1.2 christos "STATELESS_RESET_TOKEN is malformed") 2036 1.1.1.2 christos TPARAM_CHECK_INJECT(STATELESS_RESET_TOKEN, 2037 1.1.1.2 christos NULL, 0, 2038 1.1.1.2 christos "STATELESS_RESET_TOKEN is malformed") 2039 1.1.1.2 christos TPARAM_CHECK_INJECT_RAW_A(malformed_preferred_addr_1, 2040 1.1.1.2 christos "PREFERRED_ADDR is malformed") 2041 1.1.1.2 christos TPARAM_CHECK_INJECT_RAW_A(malformed_preferred_addr_2, 2042 1.1.1.2 christos "PREFERRED_ADDR is malformed") 2043 1.1.1.2 christos TPARAM_CHECK_INJECT_RAW_A(malformed_preferred_addr_3, 2044 1.1.1.2 christos "PREFERRED_ADDR is malformed") 2045 1.1.1.2 christos TPARAM_CHECK_INJECT_RAW_A(malformed_preferred_addr_4, 2046 1.1.1.2 christos "PREFERRED_ADDR is malformed") 2047 1.1.1.2 christos TPARAM_CHECK_INJECT_RAW_A(malformed_unknown_1, 2048 1.1.1.2 christos "bad transport parameter") 2049 1.1.1.2 christos TPARAM_CHECK_INJECT_RAW_A(malformed_unknown_2, 2050 1.1.1.2 christos "bad transport parameter") 2051 1.1.1.2 christos TPARAM_CHECK_INJECT_RAW_A(malformed_unknown_3, 2052 1.1.1.2 christos "bad transport parameter") 2053 1.1.1.2 christos 2054 1.1.1.2 christos TPARAM_CHECK_INJECT_A(ACK_DELAY_EXP, excess_ack_delay_exp, 2055 1.1.1.2 christos "ACK_DELAY_EXP is malformed") 2056 1.1.1.2 christos TPARAM_CHECK_INJECT_A(MAX_ACK_DELAY, excess_max_ack_delay, 2057 1.1.1.2 christos "MAX_ACK_DELAY is malformed") 2058 1.1.1.2 christos TPARAM_CHECK_DROP_INJECT_A(INITIAL_MAX_STREAMS_BIDI, excess_initial_max_streams, 2059 1.1.1.2 christos "INITIAL_MAX_STREAMS_BIDI is malformed") 2060 1.1.1.2 christos TPARAM_CHECK_DROP_INJECT_A(INITIAL_MAX_STREAMS_UNI, excess_initial_max_streams, 2061 1.1.1.2 christos "INITIAL_MAX_STREAMS_UNI is malformed") 2062 1.1.1.2 christos 2063 1.1.1.2 christos TPARAM_CHECK_DROP_INJECT_A(MAX_UDP_PAYLOAD_SIZE, undersize_udp_payload_size, 2064 1.1.1.2 christos "MAX_UDP_PAYLOAD_SIZE is malformed") 2065 1.1.1.2 christos TPARAM_CHECK_DROP_INJECT_A(ACTIVE_CONN_ID_LIMIT, undersize_active_conn_id_limit, 2066 1.1.1.2 christos "ACTIVE_CONN_ID_LIMIT is malformed") 2067 1.1.1.2 christos 2068 1.1.1.2 christos TPARAM_CHECK_INJECT_TWICE_A(ACK_DELAY_EXP, ack_delay_exp, 2069 1.1.1.2 christos "ACK_DELAY_EXP appears multiple times") 2070 1.1.1.2 christos TPARAM_CHECK_INJECT_TWICE_A(MAX_ACK_DELAY, ack_delay_exp, 2071 1.1.1.2 christos "MAX_ACK_DELAY appears multiple times") 2072 1.1.1.2 christos TPARAM_CHECK_INJECT_TWICE_A(STATELESS_RESET_TOKEN, stateless_reset_token, 2073 1.1.1.2 christos "STATELESS_RESET_TOKEN appears multiple times") 2074 1.1.1.2 christos TPARAM_CHECK_INJECT_TWICE_A(PREFERRED_ADDR, preferred_addr, 2075 1.1.1.2 christos "PREFERRED_ADDR appears multiple times") 2076 1.1.1.2 christos 2077 1.1.1.2 christos TPARAM_CHECK_MUTATE(ORIG_DCID, 2078 1.1.1.2 christos "ORIG_DCID does not match expected value") 2079 1.1.1.2 christos TPARAM_CHECK_MUTATE(INITIAL_SCID, 2080 1.1.1.2 christos "INITIAL_SCID does not match expected value") 2081 1.1.1.2 christos 2082 1.1.1.2 christos TPARAM_CHECK_DROP_INJECT_A(ORIG_DCID, long_cid, 2083 1.1.1.2 christos "ORIG_DCID is malformed") 2084 1.1.1.2 christos TPARAM_CHECK_DROP_INJECT_A(INITIAL_SCID, long_cid, 2085 1.1.1.2 christos "INITIAL_SCID is malformed") 2086 1.1.1.2 christos 2087 1.1.1.2 christos TPARAM_CHECK_INT(INITIAL_MAX_DATA, 2088 1.1.1.2 christos "INITIAL_MAX_DATA is malformed") 2089 1.1.1.2 christos TPARAM_CHECK_INT(INITIAL_MAX_STREAM_DATA_BIDI_LOCAL, 2090 1.1.1.2 christos "INITIAL_MAX_STREAM_DATA_BIDI_LOCAL is malformed") 2091 1.1.1.2 christos TPARAM_CHECK_INT(INITIAL_MAX_STREAM_DATA_BIDI_REMOTE, 2092 1.1.1.2 christos "INITIAL_MAX_STREAM_DATA_BIDI_REMOTE is malformed") 2093 1.1.1.2 christos TPARAM_CHECK_INT(INITIAL_MAX_STREAM_DATA_UNI, 2094 1.1.1.2 christos "INITIAL_MAX_STREAM_DATA_UNI is malformed") 2095 1.1.1.2 christos TPARAM_CHECK_INT(ACK_DELAY_EXP, 2096 1.1.1.2 christos "ACK_DELAY_EXP is malformed") 2097 1.1.1.2 christos TPARAM_CHECK_INT(MAX_ACK_DELAY, 2098 1.1.1.2 christos "MAX_ACK_DELAY is malformed") 2099 1.1.1.2 christos TPARAM_CHECK_INT(INITIAL_MAX_STREAMS_BIDI, 2100 1.1.1.2 christos "INITIAL_MAX_STREAMS_BIDI is malformed") 2101 1.1.1.2 christos TPARAM_CHECK_INT(INITIAL_MAX_STREAMS_UNI, 2102 1.1.1.2 christos "INITIAL_MAX_STREAMS_UNI is malformed") 2103 1.1.1.2 christos TPARAM_CHECK_INT(MAX_IDLE_TIMEOUT, 2104 1.1.1.2 christos "MAX_IDLE_TIMEOUT is malformed") 2105 1.1.1.2 christos TPARAM_CHECK_INT(MAX_UDP_PAYLOAD_SIZE, 2106 1.1.1.2 christos "MAX_UDP_PAYLOAD_SIZE is malformed") 2107 1.1.1.2 christos TPARAM_CHECK_INT(ACTIVE_CONN_ID_LIMIT, 2108 1.1.1.2 christos "ACTIVE_CONN_ID_LIMIT is malformed") 2109 1.1 christos }; 2110 1.1 christos 2111 1.1 christos struct tparam_ctx { 2112 1.1 christos const struct tparam_test *t; 2113 1.1 christos }; 2114 1.1 christos 2115 1.1 christos static int tparam_handle(struct tparam_ctx *ctx, 2116 1.1.1.2 christos uint64_t id, unsigned char *data, 2117 1.1.1.2 christos size_t data_len, 2118 1.1.1.2 christos WPACKET *wpkt) 2119 1.1 christos { 2120 1.1 christos const struct tparam_test *t = ctx->t; 2121 1.1 christos 2122 1.1 christos switch (t->op) { 2123 1.1 christos case TPARAM_OP_DUP: 2124 1.1 christos if (!TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(wpkt, id, 2125 1.1.1.2 christos data, data_len))) 2126 1.1 christos return 0; 2127 1.1 christos 2128 1.1 christos /* 2129 1.1 christos * If this is the matching ID, write it again, duplicating the TPARAM. 2130 1.1 christos */ 2131 1.1 christos if (id == t->id 2132 1.1 christos && !TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(wpkt, id, 2133 1.1.1.2 christos data, data_len))) 2134 1.1 christos return 0; 2135 1.1 christos 2136 1.1 christos return 1; 2137 1.1 christos 2138 1.1 christos case TPARAM_OP_DROP: 2139 1.1 christos case TPARAM_OP_DROP_INJECT: 2140 1.1 christos /* Pass through unless ID matches. */ 2141 1.1 christos if (id != t->id 2142 1.1 christos && !TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(wpkt, id, 2143 1.1.1.2 christos data, data_len))) 2144 1.1 christos return 0; 2145 1.1 christos 2146 1.1 christos return 1; 2147 1.1 christos 2148 1.1 christos case TPARAM_OP_INJECT: 2149 1.1 christos case TPARAM_OP_INJECT_TWICE: 2150 1.1 christos case TPARAM_OP_INJECT_RAW: 2151 1.1 christos /* Always pass through. */ 2152 1.1 christos if (!TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(wpkt, id, 2153 1.1.1.2 christos data, data_len))) 2154 1.1 christos return 0; 2155 1.1 christos 2156 1.1 christos return 1; 2157 1.1 christos 2158 1.1 christos case TPARAM_OP_MUTATE: 2159 1.1 christos if (id == t->id) { 2160 1.1 christos if (!TEST_size_t_gt(data_len, 0)) 2161 1.1 christos return 0; 2162 1.1 christos 2163 1.1 christos data[0] ^= 1; 2164 1.1 christos } 2165 1.1 christos 2166 1.1 christos if (!TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(wpkt, id, 2167 1.1.1.2 christos data, data_len))) 2168 1.1 christos return 0; 2169 1.1 christos 2170 1.1 christos if (id == t->id) 2171 1.1 christos data[0] ^= 1; 2172 1.1 christos 2173 1.1 christos return 1; 2174 1.1 christos 2175 1.1 christos default: 2176 1.1 christos return 0; 2177 1.1 christos } 2178 1.1 christos } 2179 1.1 christos 2180 1.1 christos static int tparam_on_enc_ext(QTEST_FAULT *qtf, QTEST_ENCRYPTED_EXTENSIONS *ee, 2181 1.1.1.2 christos size_t ee_len, void *arg) 2182 1.1 christos { 2183 1.1 christos int rc = 0; 2184 1.1 christos struct tparam_ctx *ctx = arg; 2185 1.1.1.2 christos PACKET pkt = { 0 }; 2186 1.1 christos WPACKET wpkt; 2187 1.1 christos int have_wpkt = 0; 2188 1.1 christos BUF_MEM *old_bufm = NULL, *new_bufm = NULL; 2189 1.1 christos unsigned char *tp_p; 2190 1.1 christos size_t tp_len, written, old_len, eb_len; 2191 1.1 christos uint64_t id; 2192 1.1 christos 2193 1.1 christos if (!TEST_ptr(old_bufm = BUF_MEM_new())) 2194 1.1 christos goto err; 2195 1.1 christos 2196 1.1 christos /* 2197 1.1 christos * Delete transport parameters TLS extension and capture the contents of the 2198 1.1 christos * extension which was removed. 2199 1.1 christos */ 2200 1.1 christos if (!TEST_true(qtest_fault_delete_extension(qtf, TLSEXT_TYPE_quic_transport_parameters, 2201 1.1.1.2 christos ee->extensions, &ee->extensionslen, 2202 1.1.1.2 christos old_bufm))) 2203 1.1 christos goto err; 2204 1.1 christos 2205 1.1 christos if (!TEST_true(PACKET_buf_init(&pkt, (unsigned char *)old_bufm->data, old_bufm->length)) 2206 1.1 christos || !TEST_ptr(new_bufm = BUF_MEM_new()) 2207 1.1 christos || !TEST_true(WPACKET_init(&wpkt, new_bufm))) 2208 1.1 christos goto err; 2209 1.1 christos 2210 1.1 christos have_wpkt = 1; 2211 1.1 christos 2212 1.1 christos /* 2213 1.1 christos * Open transport parameters TLS extension: 2214 1.1 christos * 2215 1.1 christos * u16 Extension ID (quic_transport_parameters) 2216 1.1 christos * u16 Extension Data Length 2217 1.1 christos * ... Extension Data 2218 1.1 christos * 2219 1.1 christos */ 2220 1.1 christos if (!TEST_true(WPACKET_put_bytes_u16(&wpkt, 2221 1.1.1.2 christos TLSEXT_TYPE_quic_transport_parameters)) 2222 1.1 christos || !TEST_true(WPACKET_start_sub_packet_u16(&wpkt))) 2223 1.1 christos goto err; 2224 1.1 christos 2225 1.1.1.2 christos for (; PACKET_remaining(&pkt) > 0;) { 2226 1.1 christos tp_p = (unsigned char *)ossl_quic_wire_decode_transport_param_bytes(&pkt, 2227 1.1.1.2 christos &id, 2228 1.1.1.2 christos &tp_len); 2229 1.1 christos if (!TEST_ptr(tp_p)) { 2230 1.1 christos TEST_mem_eq(PACKET_data(&pkt), PACKET_remaining(&pkt), NULL, 0); 2231 1.1 christos goto err; 2232 1.1 christos } 2233 1.1 christos 2234 1.1 christos if (!TEST_true(tparam_handle(ctx, id, tp_p, tp_len, &wpkt))) 2235 1.1 christos goto err; 2236 1.1 christos } 2237 1.1 christos 2238 1.1 christos if (ctx->t->op == TPARAM_OP_INJECT || ctx->t->op == TPARAM_OP_DROP_INJECT 2239 1.1 christos || ctx->t->op == TPARAM_OP_INJECT_TWICE) { 2240 1.1 christos if (!TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(&wpkt, ctx->t->id, 2241 1.1.1.2 christos ctx->t->buf, 2242 1.1.1.2 christos ctx->t->buf_len))) 2243 1.1 christos goto err; 2244 1.1 christos 2245 1.1 christos if (ctx->t->op == TPARAM_OP_INJECT_TWICE 2246 1.1 christos && !TEST_ptr(ossl_quic_wire_encode_transport_param_bytes(&wpkt, ctx->t->id, 2247 1.1.1.2 christos ctx->t->buf, 2248 1.1.1.2 christos ctx->t->buf_len))) 2249 1.1 christos goto err; 2250 1.1 christos } else if (ctx->t->op == TPARAM_OP_INJECT_RAW) { 2251 1.1 christos if (!TEST_true(WPACKET_memcpy(&wpkt, ctx->t->buf, ctx->t->buf_len))) 2252 1.1 christos goto err; 2253 1.1 christos } 2254 1.1 christos 2255 1.1 christos if (!TEST_true(WPACKET_close(&wpkt))) /* end extension data, set length */ 2256 1.1 christos goto err; 2257 1.1 christos 2258 1.1 christos if (!TEST_true(WPACKET_get_total_written(&wpkt, &written))) 2259 1.1 christos goto err; 2260 1.1 christos 2261 1.1 christos WPACKET_finish(&wpkt); 2262 1.1 christos have_wpkt = 0; 2263 1.1 christos 2264 1.1 christos /* 2265 1.1 christos * Append the constructed extension blob to the extension block. 2266 1.1 christos */ 2267 1.1 christos old_len = ee->extensionslen; 2268 1.1 christos 2269 1.1 christos if (!qtest_fault_resize_message(qtf, ee->extensionslen + written)) 2270 1.1 christos goto err; 2271 1.1 christos 2272 1.1 christos memcpy(ee->extensions + old_len, new_bufm->data, written); 2273 1.1 christos 2274 1.1 christos /* Fixup the extension block header (u16 length of entire block). */ 2275 1.1 christos eb_len = (((uint16_t)ee->extensions[0]) << 8) + (uint16_t)ee->extensions[1]; 2276 1.1 christos eb_len += written; 2277 1.1 christos ee->extensions[0] = (unsigned char)((eb_len >> 8) & 0xFF); 2278 1.1.1.2 christos ee->extensions[1] = (unsigned char)(eb_len & 0xFF); 2279 1.1 christos 2280 1.1 christos rc = 1; 2281 1.1 christos err: 2282 1.1 christos if (have_wpkt) 2283 1.1 christos WPACKET_cleanup(&wpkt); 2284 1.1 christos BUF_MEM_free(old_bufm); 2285 1.1 christos BUF_MEM_free(new_bufm); 2286 1.1 christos return rc; 2287 1.1 christos } 2288 1.1 christos 2289 1.1 christos static int test_tparam(int idx) 2290 1.1 christos { 2291 1.1 christos int testresult = 0; 2292 1.1 christos SSL_CTX *c_ctx = NULL; 2293 1.1 christos SSL *c_ssl = NULL; 2294 1.1 christos QUIC_TSERVER *s = NULL; 2295 1.1 christos QTEST_FAULT *qtf = NULL; 2296 1.1.1.2 christos struct tparam_ctx ctx = { 0 }; 2297 1.1 christos 2298 1.1 christos ctx.t = &tparam_tests[idx]; 2299 1.1 christos 2300 1.1 christos if (!TEST_ptr(c_ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()))) 2301 1.1 christos goto err; 2302 1.1 christos 2303 1.1 christos if (!TEST_true(qtest_create_quic_objects(libctx, c_ctx, NULL, cert, 2304 1.1.1.2 christos privkey, 0, &s, 2305 1.1.1.2 christos &c_ssl, &qtf, NULL))) 2306 1.1 christos goto err; 2307 1.1 christos 2308 1.1 christos if (!TEST_true(qtest_fault_set_hand_enc_ext_listener(qtf, tparam_on_enc_ext, 2309 1.1.1.2 christos &ctx))) 2310 1.1 christos goto err; 2311 1.1 christos 2312 1.1 christos if (!TEST_true(qtest_create_quic_connection_ex(s, c_ssl, 2313 1.1.1.2 christos ctx.t->expect_fail != NULL))) 2314 1.1 christos goto err; 2315 1.1 christos 2316 1.1 christos if (ctx.t->expect_fail != NULL) { 2317 1.1.1.2 christos SSL_CONN_CLOSE_INFO info = { 0 }; 2318 1.1 christos 2319 1.1 christos if (!TEST_true(SSL_get_conn_close_info(c_ssl, &info, sizeof(info)))) 2320 1.1 christos goto err; 2321 1.1 christos 2322 1.1 christos if (!TEST_true((info.flags & SSL_CONN_CLOSE_FLAG_TRANSPORT) != 0) 2323 1.1 christos || !TEST_uint64_t_eq(info.error_code, OSSL_QUIC_ERR_TRANSPORT_PARAMETER_ERROR) 2324 1.1 christos || !TEST_ptr(strstr(info.reason, ctx.t->expect_fail))) { 2325 1.1 christos TEST_error("expected connection closure information mismatch" 2326 1.1 christos " during TPARAM test: flags=%llu ec=%llu reason='%s'", 2327 1.1.1.2 christos (unsigned long long)info.flags, 2328 1.1.1.2 christos (unsigned long long)info.error_code, 2329 1.1.1.2 christos info.reason); 2330 1.1 christos goto err; 2331 1.1 christos } 2332 1.1 christos } 2333 1.1 christos 2334 1.1 christos testresult = 1; 2335 1.1 christos err: 2336 1.1 christos if (!testresult) { 2337 1.1 christos if (ctx.t->expect_fail != NULL) 2338 1.1 christos TEST_info("failed during test for id=%llu, op=%d, bl=%zu, " 2339 1.1.1.2 christos "expected failure='%s'", 2340 1.1.1.2 christos (unsigned long long)ctx.t->id, 2341 1.1.1.2 christos ctx.t->op, ctx.t->buf_len, ctx.t->expect_fail); 2342 1.1 christos else 2343 1.1 christos TEST_info("failed during test for id=%llu, op=%d, bl=%zu", 2344 1.1.1.2 christos (unsigned long long)ctx.t->id, ctx.t->op, ctx.t->buf_len); 2345 1.1 christos } 2346 1.1 christos 2347 1.1 christos ossl_quic_tserver_free(s); 2348 1.1 christos SSL_free(c_ssl); 2349 1.1 christos SSL_CTX_free(c_ctx); 2350 1.1 christos qtest_fault_free(qtf); 2351 1.1 christos return testresult; 2352 1.1 christos } 2353 1.1 christos 2354 1.1 christos static int new_called = 0; 2355 1.1 christos static SSL *cbssl = NULL; 2356 1.1 christos 2357 1.1 christos static int new_session_cb(SSL *ssl, SSL_SESSION *sess) 2358 1.1 christos { 2359 1.1 christos new_called++; 2360 1.1 christos /* 2361 1.1 christos * Remember the SSL ref we were called with. No need to up-ref this. It 2362 1.1 christos * should remain valid for the duration of the test. 2363 1.1 christos */ 2364 1.1 christos cbssl = ssl; 2365 1.1 christos /* 2366 1.1 christos * sess has been up-refed for us, but we don't actually need it so free it 2367 1.1 christos * immediately. 2368 1.1 christos */ 2369 1.1 christos SSL_SESSION_free(sess); 2370 1.1 christos return 1; 2371 1.1 christos } 2372 1.1 christos 2373 1.1 christos /* Test using a new_session_cb with a QUIC SSL object works as expected */ 2374 1.1 christos static int test_session_cb(void) 2375 1.1 christos { 2376 1.1 christos SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); 2377 1.1 christos SSL *clientquic = NULL; 2378 1.1 christos QUIC_TSERVER *qtserv = NULL; 2379 1.1 christos int testresult = 0; 2380 1.1 christos 2381 1.1 christos if (!TEST_ptr(cctx)) 2382 1.1 christos goto err; 2383 1.1 christos 2384 1.1 christos new_called = 0; 2385 1.1 christos cbssl = NULL; 2386 1.1 christos SSL_CTX_sess_set_new_cb(cctx, new_session_cb); 2387 1.1 christos SSL_CTX_set_session_cache_mode(cctx, SSL_SESS_CACHE_CLIENT); 2388 1.1 christos 2389 1.1 christos if (!TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert, 2390 1.1.1.2 christos privkey, 2391 1.1.1.2 christos QTEST_FLAG_FAKE_TIME, 2392 1.1.1.2 christos &qtserv, &clientquic, 2393 1.1.1.2 christos NULL, NULL))) 2394 1.1 christos goto err; 2395 1.1 christos 2396 1.1 christos if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic))) 2397 1.1 christos goto err; 2398 1.1 christos 2399 1.1 christos /* Process the pending NewSessionTickets */ 2400 1.1 christos if (!TEST_true(SSL_handle_events(clientquic))) 2401 1.1 christos goto err; 2402 1.1 christos 2403 1.1 christos if (!TEST_int_eq(SSL_shutdown(clientquic), 0)) 2404 1.1 christos goto err; 2405 1.1 christos 2406 1.1 christos /* 2407 1.1 christos * Check the callback was called twice (we expect 2 tickets), and with the 2408 1.1 christos * correct SSL reference 2409 1.1 christos */ 2410 1.1 christos if (!TEST_int_eq(new_called, 2) 2411 1.1.1.2 christos || !TEST_ptr_eq(clientquic, cbssl)) 2412 1.1 christos goto err; 2413 1.1 christos 2414 1.1 christos testresult = 1; 2415 1.1.1.2 christos err: 2416 1.1 christos cbssl = NULL; 2417 1.1 christos ossl_quic_tserver_free(qtserv); 2418 1.1 christos SSL_free(clientquic); 2419 1.1 christos SSL_CTX_free(cctx); 2420 1.1 christos 2421 1.1 christos return testresult; 2422 1.1 christos } 2423 1.1 christos 2424 1.1 christos static int test_domain_flags(void) 2425 1.1 christos { 2426 1.1 christos int testresult = 0; 2427 1.1 christos SSL_CTX *ctx = NULL; 2428 1.1 christos SSL *domain = NULL, *listener = NULL, *other_conn = NULL; 2429 1.1 christos uint64_t domain_flags = 0; 2430 1.1 christos 2431 1.1 christos if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())) 2432 1.1 christos || !TEST_true(SSL_CTX_get_domain_flags(ctx, &domain_flags)) 2433 1.1 christos || !TEST_uint64_t_ne(domain_flags, 0) 2434 1.1.1.2 christos || !TEST_uint64_t_ne(domain_flags & (SSL_DOMAIN_FLAG_SINGLE_THREAD | SSL_DOMAIN_FLAG_MULTI_THREAD), 0) 2435 1.1 christos || !TEST_uint64_t_ne(domain_flags & SSL_DOMAIN_FLAG_LEGACY_BLOCKING, 0) 2436 1.1 christos || !TEST_true(SSL_CTX_set_domain_flags(ctx, SSL_DOMAIN_FLAG_SINGLE_THREAD)) 2437 1.1 christos || !TEST_true(SSL_CTX_get_domain_flags(ctx, &domain_flags)) 2438 1.1 christos || !TEST_uint64_t_eq(domain_flags, SSL_DOMAIN_FLAG_SINGLE_THREAD) 2439 1.1 christos || !TEST_ptr(domain = SSL_new_domain(ctx, 0)) 2440 1.1 christos || !TEST_true(SSL_get_domain_flags(domain, &domain_flags)) 2441 1.1 christos || !TEST_uint64_t_eq(domain_flags, SSL_DOMAIN_FLAG_SINGLE_THREAD) 2442 1.1 christos || !TEST_true(other_conn = SSL_new(ctx)) 2443 1.1 christos || !TEST_true(SSL_get_domain_flags(other_conn, &domain_flags)) 2444 1.1 christos || !TEST_uint64_t_eq(domain_flags, SSL_DOMAIN_FLAG_SINGLE_THREAD) 2445 1.1 christos || !TEST_true(SSL_is_domain(domain)) 2446 1.1 christos || !TEST_false(SSL_is_domain(other_conn)) 2447 1.1 christos || !TEST_ptr_eq(SSL_get0_domain(domain), domain) 2448 1.1 christos || !TEST_ptr_null(SSL_get0_domain(other_conn)) 2449 1.1 christos || !TEST_ptr(listener = SSL_new_listener_from(domain, 0)) 2450 1.1 christos || !TEST_true(SSL_is_listener(listener)) 2451 1.1 christos || !TEST_false(SSL_is_domain(listener)) 2452 1.1 christos || !TEST_ptr_eq(SSL_get0_domain(listener), domain) 2453 1.1 christos || !TEST_ptr_eq(SSL_get0_listener(listener), listener)) 2454 1.1 christos goto err; 2455 1.1 christos 2456 1.1 christos testresult = 1; 2457 1.1 christos err: 2458 1.1 christos SSL_free(domain); 2459 1.1 christos SSL_free(listener); 2460 1.1 christos SSL_free(other_conn); 2461 1.1 christos SSL_CTX_free(ctx); 2462 1.1 christos return testresult; 2463 1.1 christos } 2464 1.1 christos 2465 1.1 christos /* 2466 1.1 christos * Test that calling SSL_handle_events() early behaves as expected 2467 1.1 christos */ 2468 1.1 christos static int test_early_ticks(void) 2469 1.1 christos { 2470 1.1 christos SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()); 2471 1.1 christos SSL *clientquic = NULL; 2472 1.1 christos QUIC_TSERVER *qtserv = NULL; 2473 1.1 christos int testresult = 0; 2474 1.1 christos struct timeval tv; 2475 1.1 christos int inf = 0; 2476 1.1 christos 2477 1.1 christos if (!TEST_ptr(cctx) 2478 1.1.1.2 christos || !TEST_true(qtest_create_quic_objects(libctx, cctx, NULL, cert, 2479 1.1.1.2 christos privkey, QTEST_FLAG_FAKE_TIME, 2480 1.1.1.2 christos &qtserv, 2481 1.1.1.2 christos &clientquic, NULL, NULL))) 2482 1.1 christos goto err; 2483 1.1 christos 2484 1.1 christos if (!TEST_true(SSL_in_before(clientquic))) 2485 1.1 christos goto err; 2486 1.1 christos 2487 1.1 christos if (!TEST_true(SSL_handle_events(clientquic))) 2488 1.1 christos goto err; 2489 1.1 christos 2490 1.1 christos if (!TEST_true(SSL_get_event_timeout(clientquic, &tv, &inf)) 2491 1.1.1.2 christos || !TEST_true(inf)) 2492 1.1 christos goto err; 2493 1.1 christos 2494 1.1 christos if (!TEST_false(SSL_has_pending(clientquic)) 2495 1.1.1.2 christos || !TEST_int_eq(SSL_pending(clientquic), 0)) 2496 1.1 christos goto err; 2497 1.1 christos 2498 1.1 christos if (!TEST_true(SSL_in_before(clientquic))) 2499 1.1 christos goto err; 2500 1.1 christos 2501 1.1 christos if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic))) 2502 1.1 christos goto err; 2503 1.1 christos 2504 1.1 christos if (!TEST_false(SSL_in_before(clientquic))) 2505 1.1 christos goto err; 2506 1.1 christos 2507 1.1 christos testresult = 1; 2508 1.1.1.2 christos err: 2509 1.1 christos SSL_free(clientquic); 2510 1.1 christos SSL_CTX_free(cctx); 2511 1.1 christos ossl_quic_tserver_free(qtserv); 2512 1.1 christos return testresult; 2513 1.1 christos } 2514 1.1 christos 2515 1.1 christos static int select_alpn(SSL *ssl, const unsigned char **out, 2516 1.1.1.2 christos unsigned char *out_len, const unsigned char *in, 2517 1.1.1.2 christos unsigned int in_len, void *arg) 2518 1.1 christos { 2519 1.1 christos static unsigned char alpn[] = { 8, 'o', 's', 's', 'l', 't', 'e', 's', 't' }; 2520 1.1 christos 2521 1.1 christos if (SSL_select_next_proto((unsigned char **)out, out_len, alpn, sizeof(alpn), 2522 1.1.1.2 christos in, in_len) 2523 1.1.1.2 christos == OPENSSL_NPN_NEGOTIATED) 2524 1.1 christos return SSL_TLSEXT_ERR_OK; 2525 1.1 christos return SSL_TLSEXT_ERR_ALERT_FATAL; 2526 1.1 christos } 2527 1.1 christos 2528 1.1 christos static SSL_CTX *create_client_ctx(void) 2529 1.1 christos { 2530 1.1 christos SSL_CTX *ssl_ctx; 2531 1.1 christos 2532 1.1 christos if (!TEST_ptr(ssl_ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()))) { 2533 1.1 christos SSL_CTX_free(ssl_ctx); 2534 1.1 christos ssl_ctx = NULL; 2535 1.1 christos } 2536 1.1 christos 2537 1.1 christos return ssl_ctx; 2538 1.1 christos } 2539 1.1 christos 2540 1.1 christos static SSL_CTX *create_server_ctx(void) 2541 1.1 christos { 2542 1.1 christos SSL_CTX *ssl_ctx; 2543 1.1 christos 2544 1.1 christos if (!TEST_ptr(ssl_ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_server_method())) 2545 1.1 christos || !TEST_true(SSL_CTX_use_certificate_file(ssl_ctx, cert, SSL_FILETYPE_PEM)) 2546 1.1 christos || !TEST_true(SSL_CTX_use_PrivateKey_file(ssl_ctx, privkey, SSL_FILETYPE_PEM))) { 2547 1.1 christos SSL_CTX_free(ssl_ctx); 2548 1.1 christos ssl_ctx = NULL; 2549 1.1 christos } else { 2550 1.1 christos SSL_CTX_set_alpn_select_cb(ssl_ctx, select_alpn, NULL); 2551 1.1 christos SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_NONE, NULL); 2552 1.1 christos } 2553 1.1 christos 2554 1.1 christos return ssl_ctx; 2555 1.1 christos } 2556 1.1 christos 2557 1.1 christos static BIO_ADDR *create_addr(struct in_addr *ina, short int port) 2558 1.1 christos { 2559 1.1 christos BIO_ADDR *addr = NULL; 2560 1.1 christos 2561 1.1 christos if (!TEST_ptr(addr = BIO_ADDR_new())) 2562 1.1 christos return NULL; 2563 1.1 christos 2564 1.1 christos if (!TEST_true(BIO_ADDR_rawmake(addr, AF_INET, ina, sizeof(struct in_addr), 2565 1.1.1.2 christos htons(port)))) { 2566 1.1 christos BIO_ADDR_free(addr); 2567 1.1 christos return NULL; 2568 1.1 christos } 2569 1.1 christos 2570 1.1 christos return addr; 2571 1.1 christos } 2572 1.1 christos 2573 1.1 christos static int bio_addr_bind(BIO *bio, BIO_ADDR *addr) 2574 1.1 christos { 2575 1.1 christos int bio_caps = BIO_DGRAM_CAP_HANDLES_DST_ADDR | BIO_DGRAM_CAP_HANDLES_SRC_ADDR; 2576 1.1 christos 2577 1.1 christos if (!TEST_true(BIO_dgram_set_caps(bio, bio_caps))) 2578 1.1 christos return 0; 2579 1.1 christos 2580 1.1 christos if (!TEST_int_eq(BIO_dgram_set0_local_addr(bio, addr), 1)) 2581 1.1 christos return 0; 2582 1.1 christos 2583 1.1 christos return 1; 2584 1.1 christos } 2585 1.1 christos 2586 1.1 christos static SSL *ql_create(SSL_CTX *ssl_ctx, BIO *bio) 2587 1.1 christos { 2588 1.1 christos SSL *qserver; 2589 1.1 christos 2590 1.1 christos if (!TEST_ptr(qserver = SSL_new_listener(ssl_ctx, 0))) { 2591 1.1 christos BIO_free(bio); 2592 1.1 christos return NULL; 2593 1.1 christos } 2594 1.1 christos 2595 1.1 christos SSL_set_bio(qserver, bio, bio); 2596 1.1 christos 2597 1.1 christos if (!TEST_true(SSL_listen(qserver))) { 2598 1.1 christos SSL_free(qserver); 2599 1.1 christos return NULL; 2600 1.1 christos } 2601 1.1 christos 2602 1.1 christos return qserver; 2603 1.1 christos } 2604 1.1 christos 2605 1.1 christos static int qc_init(SSL *qconn, BIO_ADDR *dst_addr) 2606 1.1 christos { 2607 1.1 christos static unsigned char alpn[] = { 8, 'o', 's', 's', 'l', 't', 'e', 's', 't' }; 2608 1.1 christos 2609 1.1 christos if (!TEST_true(SSL_set1_initial_peer_addr(qconn, dst_addr))) 2610 1.1 christos return 0; 2611 1.1 christos 2612 1.1 christos if (!TEST_false(SSL_set_alpn_protos(qconn, alpn, sizeof(alpn)))) 2613 1.1 christos return 0; 2614 1.1 christos 2615 1.1 christos return 1; 2616 1.1 christos } 2617 1.1 christos 2618 1.1 christos static int test_ssl_new_from_listener(void) 2619 1.1 christos { 2620 1.1 christos SSL_CTX *lctx = NULL, *sctx = NULL; 2621 1.1 christos SSL *qlistener = NULL, *qserver = NULL, *qconn = 0; 2622 1.1 christos int testresult = 0; 2623 1.1 christos int chk; 2624 1.1 christos BIO *lbio = NULL, *sbio = NULL; 2625 1.1 christos BIO_ADDR *addr = NULL; 2626 1.1 christos struct in_addr ina; 2627 1.1 christos 2628 1.1 christos ina.s_addr = htonl(0x1f000001); 2629 1.1 christos if (!TEST_ptr(lctx = create_server_ctx()) 2630 1.1 christos || !TEST_ptr(sctx = create_server_ctx()) 2631 1.1 christos || !TEST_true(BIO_new_bio_dgram_pair(&lbio, 0, &sbio, 0))) 2632 1.1 christos goto err; 2633 1.1 christos 2634 1.1 christos if (!TEST_ptr(addr = create_addr(&ina, 8040))) 2635 1.1 christos goto err; 2636 1.1 christos 2637 1.1 christos if (!TEST_true(bio_addr_bind(lbio, addr))) 2638 1.1 christos goto err; 2639 1.1 christos addr = NULL; 2640 1.1 christos 2641 1.1 christos if (!TEST_ptr(addr = create_addr(&ina, 4080))) 2642 1.1 christos goto err; 2643 1.1 christos 2644 1.1 christos if (!TEST_true(bio_addr_bind(sbio, addr))) 2645 1.1 christos goto err; 2646 1.1 christos addr = NULL; 2647 1.1 christos 2648 1.1 christos qlistener = ql_create(lctx, lbio); 2649 1.1 christos lbio = NULL; 2650 1.1 christos if (!TEST_ptr(qlistener)) 2651 1.1 christos goto err; 2652 1.1 christos 2653 1.1 christos qserver = ql_create(sctx, sbio); 2654 1.1 christos sbio = NULL; 2655 1.1 christos if (!TEST_ptr(qserver)) 2656 1.1 christos goto err; 2657 1.1 christos 2658 1.1 christos if (!TEST_ptr(qconn = SSL_new_from_listener(qlistener, 0))) 2659 1.1 christos goto err; 2660 1.1 christos 2661 1.1 christos if (!TEST_ptr(addr = create_addr(&ina, 4080))) 2662 1.1 christos goto err; 2663 1.1 christos 2664 1.1 christos chk = qc_init(qconn, addr); 2665 1.1 christos if (!TEST_true(chk)) 2666 1.1 christos goto err; 2667 1.1 christos 2668 1.1 christos while ((chk = SSL_do_handshake(qconn)) == -1) { 2669 1.1 christos SSL_handle_events(qserver); 2670 1.1 christos SSL_handle_events(qlistener); 2671 1.1 christos } 2672 1.1 christos 2673 1.1 christos if (!TEST_int_gt(chk, 0)) { 2674 1.1 christos TEST_info("SSL_do_handshake() failed\n"); 2675 1.1 christos goto err; 2676 1.1 christos } 2677 1.1 christos 2678 1.1 christos testresult = 1; 2679 1.1.1.2 christos err: 2680 1.1 christos SSL_free(qconn); 2681 1.1 christos SSL_free(qlistener); 2682 1.1 christos SSL_free(qserver); 2683 1.1 christos BIO_free(lbio); 2684 1.1 christos BIO_free(sbio); 2685 1.1 christos SSL_CTX_free(sctx); 2686 1.1 christos SSL_CTX_free(lctx); 2687 1.1 christos BIO_ADDR_free(addr); 2688 1.1 christos 2689 1.1 christos return testresult; 2690 1.1 christos } 2691 1.1 christos 2692 1.1 christos static int test_server_method_with_ssl_new(void) 2693 1.1 christos { 2694 1.1 christos SSL_CTX *ctx = NULL; 2695 1.1 christos SSL *ssl = NULL; 2696 1.1 christos int ret = 0; 2697 1.1 christos unsigned long err; 2698 1.1 christos 2699 1.1 christos /* Create a new SSL_CTX using the QUIC server method */ 2700 1.1 christos ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_server_method()); 2701 1.1 christos if (!TEST_ptr(ctx)) 2702 1.1 christos goto end; 2703 1.1 christos 2704 1.1 christos /* Try to create a new SSL object - this should fail */ 2705 1.1 christos ssl = SSL_new(ctx); 2706 1.1 christos 2707 1.1 christos /* Check that SSL_new() returned NULL */ 2708 1.1 christos if (!TEST_ptr_null(ssl)) 2709 1.1 christos goto end; 2710 1.1 christos 2711 1.1 christos /* Check for the expected error */ 2712 1.1 christos err = ERR_peek_error(); 2713 1.1.1.2 christos if (!TEST_true(ERR_GET_LIB(err) == ERR_LIB_SSL && ERR_GET_REASON(err) == ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED)) 2714 1.1 christos goto end; 2715 1.1 christos 2716 1.1 christos ret = 1; 2717 1.1 christos 2718 1.1 christos end: 2719 1.1 christos SSL_free(ssl); 2720 1.1 christos SSL_CTX_free(ctx); 2721 1.1 christos return ret; 2722 1.1 christos } 2723 1.1 christos 2724 1.1 christos static int create_quic_ssl_objects(SSL_CTX *sctx, SSL_CTX *cctx, 2725 1.1.1.2 christos SSL **lssl, SSL **cssl) 2726 1.1 christos { 2727 1.1 christos BIO_ADDR *addr = NULL; 2728 1.1 christos struct in_addr ina; 2729 1.1 christos BIO *cbio = NULL, *sbio = NULL; 2730 1.1 christos int ret = 0; 2731 1.1 christos 2732 1.1 christos *cssl = *lssl = NULL; 2733 1.1 christos ina.s_addr = htonl(0x1f000001); 2734 1.1 christos 2735 1.1 christos if (!TEST_true(BIO_new_bio_dgram_pair(&cbio, 0, &sbio, 0))) 2736 1.1 christos goto err; 2737 1.1 christos 2738 1.1 christos if (!TEST_ptr(addr = create_addr(&ina, 8040))) 2739 1.1 christos goto err; 2740 1.1 christos 2741 1.1 christos if (!TEST_true(bio_addr_bind(sbio, addr))) 2742 1.1 christos goto err; 2743 1.1 christos addr = NULL; 2744 1.1 christos 2745 1.1 christos *lssl = ql_create(sctx, sbio); 2746 1.1 christos sbio = NULL; 2747 1.1 christos if (!TEST_ptr(*lssl)) 2748 1.1 christos goto err; 2749 1.1 christos 2750 1.1 christos if (!TEST_ptr(*cssl = SSL_new(cctx))) 2751 1.1 christos goto err; 2752 1.1 christos 2753 1.1 christos if (!TEST_ptr(addr = create_addr(&ina, 8040))) 2754 1.1 christos goto err; 2755 1.1 christos if (!TEST_true(bio_addr_bind(cbio, addr))) 2756 1.1 christos goto err; 2757 1.1 christos 2758 1.1 christos if (!TEST_true(qc_init(*cssl, addr))) { 2759 1.1 christos addr = NULL; 2760 1.1 christos goto err; 2761 1.1 christos } 2762 1.1 christos addr = NULL; 2763 1.1 christos SSL_set_bio(*cssl, cbio, cbio); 2764 1.1 christos cbio = NULL; 2765 1.1 christos 2766 1.1 christos ret = 1; 2767 1.1 christos 2768 1.1.1.2 christos err: 2769 1.1 christos if (!ret) { 2770 1.1 christos SSL_free(*cssl); 2771 1.1 christos SSL_free(*lssl); 2772 1.1 christos *cssl = *lssl = NULL; 2773 1.1 christos } 2774 1.1 christos BIO_free(cbio); 2775 1.1 christos BIO_free(sbio); 2776 1.1 christos BIO_ADDR_free(addr); 2777 1.1 christos 2778 1.1 christos return ret; 2779 1.1 christos } 2780 1.1 christos 2781 1.1 christos static int test_ssl_accept_connection(void) 2782 1.1 christos { 2783 1.1 christos SSL_CTX *cctx = NULL, *sctx = NULL; 2784 1.1 christos SSL *clientssl = NULL, *serverssl = NULL, *qlistener = NULL; 2785 1.1 christos int testresult = 0; 2786 1.1 christos int ret, i; 2787 1.1 christos 2788 1.1 christos if (!TEST_ptr(sctx = create_server_ctx()) 2789 1.1 christos || !TEST_ptr(cctx = create_client_ctx())) 2790 1.1 christos goto err; 2791 1.1 christos 2792 1.1 christos if (!create_quic_ssl_objects(sctx, cctx, &qlistener, &clientssl)) 2793 1.1 christos goto err; 2794 1.1 christos 2795 1.1 christos /* Calling SSL_accept() on a listener is expected to fail */ 2796 1.1 christos ret = SSL_accept(qlistener); 2797 1.1 christos if (!TEST_int_le(ret, 0) 2798 1.1 christos || !TEST_int_eq(SSL_get_error(qlistener, ret), SSL_ERROR_SSL)) 2799 1.1 christos goto err; 2800 1.1 christos 2801 1.1 christos /* Send ClientHello and server retry */ 2802 1.1 christos for (i = 0; i < 2; i++) { 2803 1.1 christos ret = SSL_connect(clientssl); 2804 1.1 christos if (!TEST_int_le(ret, 0) 2805 1.1 christos || !TEST_int_eq(SSL_get_error(clientssl, ret), SSL_ERROR_WANT_READ)) 2806 1.1 christos goto err; 2807 1.1 christos SSL_handle_events(qlistener); 2808 1.1 christos } 2809 1.1 christos 2810 1.1 christos /* We expect a server SSL object which has not yet completed its handshake */ 2811 1.1 christos serverssl = SSL_accept_connection(qlistener, 0); 2812 1.1 christos if (!TEST_ptr(serverssl) || !TEST_false(SSL_is_init_finished(serverssl))) 2813 1.1 christos goto err; 2814 1.1 christos 2815 1.1 christos /* Call SSL_accept() and SSL_connect() until we are connected */ 2816 1.1 christos if (!TEST_true(create_bare_ssl_connection(serverssl, clientssl, 2817 1.1.1.2 christos SSL_ERROR_NONE, 0, 0))) 2818 1.1 christos goto err; 2819 1.1 christos 2820 1.1 christos testresult = 1; 2821 1.1 christos 2822 1.1.1.2 christos err: 2823 1.1 christos SSL_free(serverssl); 2824 1.1 christos SSL_free(clientssl); 2825 1.1 christos SSL_free(qlistener); 2826 1.1 christos SSL_CTX_free(sctx); 2827 1.1 christos SSL_CTX_free(cctx); 2828 1.1 christos 2829 1.1 christos return testresult; 2830 1.1 christos } 2831 1.1 christos 2832 1.1 christos static SSL *quic_verify_ssl = NULL; 2833 1.1 christos 2834 1.1 christos static int quic_verify_cb(int ok, X509_STORE_CTX *ctx) 2835 1.1 christos { 2836 1.1 christos SSL *cssl = (SSL *)X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); 2837 1.1 christos 2838 1.1 christos /* Confirm we got the SSL object we were expecting */ 2839 1.1 christos return TEST_ptr_eq(cssl, quic_verify_ssl); 2840 1.1 christos } 2841 1.1 christos 2842 1.1 christos static int test_ssl_set_verify(void) 2843 1.1 christos { 2844 1.1 christos SSL_CTX *cctx = NULL, *sctx = NULL; 2845 1.1 christos SSL *clientssl = NULL, *serverssl = NULL, *qlistener = NULL; 2846 1.1 christos int testresult = 0; 2847 1.1 christos int ret, i; 2848 1.1 christos 2849 1.1 christos if (!TEST_ptr(sctx = create_server_ctx()) 2850 1.1 christos || !TEST_ptr(cctx = create_client_ctx())) 2851 1.1 christos goto err; 2852 1.1 christos 2853 1.1 christos if (!create_quic_ssl_objects(sctx, cctx, &qlistener, &clientssl)) 2854 1.1 christos goto err; 2855 1.1 christos 2856 1.1 christos quic_verify_ssl = clientssl; 2857 1.1 christos SSL_set_verify(clientssl, SSL_VERIFY_PEER, quic_verify_cb); 2858 1.1 christos 2859 1.1 christos /* Send ClientHello and server retry */ 2860 1.1 christos for (i = 0; i < 2; i++) { 2861 1.1 christos ret = SSL_connect(clientssl); 2862 1.1 christos if (!TEST_int_le(ret, 0) 2863 1.1 christos || !TEST_int_eq(SSL_get_error(clientssl, ret), SSL_ERROR_WANT_READ)) 2864 1.1 christos goto err; 2865 1.1 christos SSL_handle_events(qlistener); 2866 1.1 christos } 2867 1.1 christos 2868 1.1 christos /* We expect a server SSL object which has not yet completed its handshake */ 2869 1.1 christos serverssl = SSL_accept_connection(qlistener, 0); 2870 1.1 christos 2871 1.1 christos /* Call SSL_accept() and SSL_connect() until we are connected */ 2872 1.1 christos if (!TEST_true(create_bare_ssl_connection(serverssl, clientssl, 2873 1.1.1.2 christos SSL_ERROR_NONE, 0, 0))) 2874 1.1 christos goto err; 2875 1.1 christos 2876 1.1 christos testresult = 1; 2877 1.1 christos 2878 1.1.1.2 christos err: 2879 1.1 christos SSL_free(serverssl); 2880 1.1 christos SSL_free(clientssl); 2881 1.1 christos SSL_free(qlistener); 2882 1.1 christos SSL_CTX_free(sctx); 2883 1.1 christos SSL_CTX_free(cctx); 2884 1.1 christos 2885 1.1 christos return testresult; 2886 1.1 christos } 2887 1.1 christos 2888 1.1.1.2 christos /* 2889 1.1.1.2 christos * When the server has a different primary group than the client, the server 2890 1.1.1.2 christos * should not fail on the client hello retry. 2891 1.1.1.2 christos */ 2892 1.1.1.2 christos static int test_client_hello_retry(void) 2893 1.1.1.2 christos { 2894 1.1.1.2 christos #if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECX) 2895 1.1.1.2 christos SSL_CTX *cctx = NULL, *sctx = NULL; 2896 1.1.1.2 christos SSL *clientssl = NULL, *serverssl = NULL, *qlistener = NULL; 2897 1.1.1.2 christos int testresult = 0, i = 0, ret = 0; 2898 1.1.1.2 christos 2899 1.1.1.2 christos if (!TEST_ptr(sctx = create_server_ctx()) 2900 1.1.1.2 christos || !TEST_ptr(cctx = create_client_ctx())) 2901 1.1.1.2 christos goto err; 2902 1.1.1.2 christos /* 2903 1.1.1.2 christos * set the specific groups for the test 2904 1.1.1.2 christos */ 2905 1.1.1.2 christos if (!TEST_true(SSL_CTX_set1_groups_list(cctx, "secp384r1:secp256r1"))) 2906 1.1.1.2 christos goto err; 2907 1.1.1.2 christos if (!TEST_true(SSL_CTX_set1_groups_list(sctx, "secp256r1"))) 2908 1.1.1.2 christos goto err; 2909 1.1.1.2 christos 2910 1.1.1.2 christos if (!create_quic_ssl_objects(sctx, cctx, &qlistener, &clientssl)) 2911 1.1.1.2 christos goto err; 2912 1.1.1.2 christos 2913 1.1.1.2 christos /* Send ClientHello and server retry */ 2914 1.1.1.2 christos for (i = 0; i < 2; i++) { 2915 1.1.1.2 christos ret = SSL_connect(clientssl); 2916 1.1.1.2 christos if (!TEST_int_le(ret, 0) 2917 1.1.1.2 christos || !TEST_int_eq(SSL_get_error(clientssl, ret), SSL_ERROR_WANT_READ)) 2918 1.1.1.2 christos goto err; 2919 1.1.1.2 christos SSL_handle_events(qlistener); 2920 1.1.1.2 christos } 2921 1.1.1.2 christos 2922 1.1.1.2 christos /* We expect a server SSL object which has not yet completed its handshake */ 2923 1.1.1.2 christos serverssl = SSL_accept_connection(qlistener, 0); 2924 1.1.1.2 christos 2925 1.1.1.2 christos /* Call SSL_accept() and SSL_connect() until we are connected */ 2926 1.1.1.2 christos if (!TEST_true(create_bare_ssl_connection(serverssl, clientssl, 2927 1.1.1.2 christos SSL_ERROR_NONE, 0, 0))) 2928 1.1.1.2 christos goto err; 2929 1.1.1.2 christos 2930 1.1.1.2 christos testresult = 1; 2931 1.1.1.2 christos 2932 1.1.1.2 christos err: 2933 1.1.1.2 christos SSL_CTX_free(cctx); 2934 1.1.1.2 christos SSL_CTX_free(sctx); 2935 1.1.1.2 christos SSL_free(clientssl); 2936 1.1.1.2 christos SSL_free(serverssl); 2937 1.1.1.2 christos SSL_free(qlistener); 2938 1.1.1.2 christos 2939 1.1.1.2 christos return testresult; 2940 1.1.1.2 christos #else 2941 1.1.1.2 christos return TEST_skip("EC(X) keys are not supported in this build"); 2942 1.1.1.2 christos #endif 2943 1.1.1.2 christos } 2944 1.1 christos /***********************************************************************************/ 2945 1.1 christos OPT_TEST_DECLARE_USAGE("provider config certsdir datadir\n") 2946 1.1 christos 2947 1.1 christos int setup_tests(void) 2948 1.1 christos { 2949 1.1 christos char *modulename; 2950 1.1 christos char *configfile; 2951 1.1 christos 2952 1.1 christos libctx = OSSL_LIB_CTX_new(); 2953 1.1 christos if (!TEST_ptr(libctx)) 2954 1.1 christos return 0; 2955 1.1 christos 2956 1.1 christos defctxnull = OSSL_PROVIDER_load(NULL, "null"); 2957 1.1 christos 2958 1.1 christos /* 2959 1.1 christos * Verify that the default and fips providers in the default libctx are not 2960 1.1 christos * available 2961 1.1 christos */ 2962 1.1 christos if (!TEST_false(OSSL_PROVIDER_available(NULL, "default")) 2963 1.1.1.2 christos || !TEST_false(OSSL_PROVIDER_available(NULL, "fips"))) 2964 1.1 christos goto err; 2965 1.1 christos 2966 1.1 christos if (!test_skip_common_options()) { 2967 1.1 christos TEST_error("Error parsing test options\n"); 2968 1.1 christos goto err; 2969 1.1 christos } 2970 1.1 christos 2971 1.1 christos if (!TEST_ptr(modulename = test_get_argument(0)) 2972 1.1.1.2 christos || !TEST_ptr(configfile = test_get_argument(1)) 2973 1.1.1.2 christos || !TEST_ptr(certsdir = test_get_argument(2)) 2974 1.1.1.2 christos || !TEST_ptr(datadir = test_get_argument(3))) 2975 1.1 christos goto err; 2976 1.1 christos 2977 1.1 christos if (!TEST_true(OSSL_LIB_CTX_load_config(libctx, configfile))) 2978 1.1 christos goto err; 2979 1.1 christos 2980 1.1 christos /* Check we have the expected provider available */ 2981 1.1 christos if (!TEST_true(OSSL_PROVIDER_available(libctx, modulename))) 2982 1.1 christos goto err; 2983 1.1 christos 2984 1.1 christos /* Check the default provider is not available */ 2985 1.1 christos if (strcmp(modulename, "default") != 0 2986 1.1.1.2 christos && !TEST_false(OSSL_PROVIDER_available(libctx, "default"))) 2987 1.1 christos goto err; 2988 1.1 christos 2989 1.1 christos if (strcmp(modulename, "fips") == 0) 2990 1.1 christos is_fips = 1; 2991 1.1 christos 2992 1.1 christos cert = test_mk_file_path(certsdir, "servercert.pem"); 2993 1.1 christos if (cert == NULL) 2994 1.1 christos goto err; 2995 1.1 christos 2996 1.1 christos ccert = test_mk_file_path(certsdir, "ee-client-chain.pem"); 2997 1.1 christos if (ccert == NULL) 2998 1.1 christos goto err; 2999 1.1 christos 3000 1.1 christos cauthca = test_mk_file_path(certsdir, "root-cert.pem"); 3001 1.1 christos if (cauthca == NULL) 3002 1.1 christos goto err; 3003 1.1 christos 3004 1.1 christos privkey = test_mk_file_path(certsdir, "serverkey.pem"); 3005 1.1 christos if (privkey == NULL) 3006 1.1 christos goto err; 3007 1.1 christos 3008 1.1 christos cprivkey = test_mk_file_path(certsdir, "ee-key.pem"); 3009 1.1 christos if (privkey == NULL) 3010 1.1 christos goto err; 3011 1.1 christos 3012 1.1 christos ADD_ALL_TESTS(test_quic_write_read, 3); 3013 1.1 christos ADD_TEST(test_fin_only_blocking); 3014 1.1 christos ADD_TEST(test_ciphersuites); 3015 1.1 christos ADD_TEST(test_cipher_find); 3016 1.1 christos ADD_TEST(test_version); 3017 1.1 christos #if defined(DO_SSL_TRACE_TEST) 3018 1.1 christos ADD_TEST(test_ssl_trace); 3019 1.1 christos #endif 3020 1.1 christos ADD_TEST(test_quic_forbidden_apis_ctx); 3021 1.1 christos ADD_TEST(test_quic_forbidden_apis); 3022 1.1 christos ADD_TEST(test_quic_forbidden_options); 3023 1.1 christos ADD_ALL_TESTS(test_quic_set_fd, 3); 3024 1.1 christos ADD_TEST(test_bio_ssl); 3025 1.1 christos ADD_TEST(test_back_pressure); 3026 1.1 christos ADD_TEST(test_multiple_dgrams); 3027 1.1 christos ADD_ALL_TESTS(test_non_io_retry, 2); 3028 1.1 christos ADD_TEST(test_quic_psk); 3029 1.1 christos ADD_ALL_TESTS(test_client_auth, 3); 3030 1.1 christos ADD_ALL_TESTS(test_alpn, 2); 3031 1.1 christos ADD_ALL_TESTS(test_noisy_dgram, 2); 3032 1.1 christos ADD_TEST(test_bw_limit); 3033 1.1 christos ADD_TEST(test_get_shutdown); 3034 1.1 christos ADD_ALL_TESTS(test_tparam, OSSL_NELEM(tparam_tests)); 3035 1.1 christos ADD_TEST(test_session_cb); 3036 1.1 christos ADD_TEST(test_domain_flags); 3037 1.1 christos ADD_TEST(test_early_ticks); 3038 1.1 christos ADD_TEST(test_ssl_new_from_listener); 3039 1.1 christos #ifndef OPENSSL_NO_SSL_TRACE 3040 1.1 christos ADD_TEST(test_new_token); 3041 1.1 christos #endif 3042 1.1 christos ADD_TEST(test_server_method_with_ssl_new); 3043 1.1 christos ADD_TEST(test_ssl_accept_connection); 3044 1.1 christos ADD_TEST(test_ssl_set_verify); 3045 1.1.1.2 christos ADD_TEST(test_client_hello_retry); 3046 1.1 christos return 1; 3047 1.1.1.2 christos err: 3048 1.1 christos cleanup_tests(); 3049 1.1 christos return 0; 3050 1.1 christos } 3051 1.1 christos 3052 1.1 christos void cleanup_tests(void) 3053 1.1 christos { 3054 1.1 christos bio_f_noisy_dgram_filter_free(); 3055 1.1 christos bio_f_pkt_split_dgram_filter_free(); 3056 1.1 christos OPENSSL_free(cert); 3057 1.1 christos OPENSSL_free(privkey); 3058 1.1 christos OPENSSL_free(ccert); 3059 1.1 christos OPENSSL_free(cauthca); 3060 1.1 christos OPENSSL_free(cprivkey); 3061 1.1 christos OSSL_PROVIDER_unload(defctxnull); 3062 1.1 christos OSSL_LIB_CTX_free(libctx); 3063 1.1 christos } 3064
Indexes created Sat Feb 28 05:31:39 UTC 2026