summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--test/quicapitest.c115
-rw-r--r--test/recipes/75-test_quicapi.t7
-rw-r--r--test/recipes/75-test_quicapi_data/ssltraceref.txt294
3 files changed, 412 insertions, 4 deletions
diff --git a/test/quicapitest.c b/test/quicapitest.c
index c796a2aff2..25594ca061 100644
--- a/test/quicapitest.c
+++ b/test/quicapitest.c
@@ -23,6 +23,7 @@ static OSSL_PROVIDER *defctxnull = NULL;
static char *certsdir = NULL;
static char *cert = NULL;
static char *privkey = NULL;
+static char *datadir = NULL;
static int is_fips = 0;
@@ -206,7 +207,113 @@ static int test_version(void)
return testresult;
}
-OPT_TEST_DECLARE_USAGE("provider config\n")
+#if !defined(OPENSSL_NO_SSL_TRACE) && !defined(OPENSSL_NO_EC) && defined(OPENSSL_NO_ZLIB)
+static void strip_line_ends(char *str)
+{
+ size_t i;
+
+ for (i = strlen(str);
+ i > 0 && (str[i - 1] == '\n' || str[i - 1] == '\r');
+ i--);
+
+ str[i] = '\0';
+}
+
+static int compare_with_file(BIO *membio)
+{
+ BIO *file = NULL;
+ char buf1[512], buf2[512];
+ char *reffile;
+ int ret = 0;
+ size_t i;
+
+ reffile = test_mk_file_path(datadir, "ssltraceref.txt");
+ if (!TEST_ptr(reffile))
+ goto err;
+
+ file = BIO_new_file(reffile, "rb");
+ if (!TEST_ptr(file))
+ goto err;
+
+ while (BIO_gets(file, buf1, sizeof(buf1)) > 0) {
+ if (BIO_gets(membio, buf2, sizeof(buf2)) <= 0) {
+ TEST_error("Failed reading mem data");
+ goto err;
+ }
+ strip_line_ends(buf1);
+ strip_line_ends(buf2);
+ if (strlen(buf1) != strlen(buf2)) {
+ TEST_error("Actual and ref line data length mismatch");
+ TEST_info("%s", buf1);
+ TEST_info("%s", buf2);
+ goto err;
+ }
+ for (i = 0; i < strlen(buf1); i++) {
+ /* '?' is a wild card character in the reference text */
+ if (buf1[i] == '?')
+ buf2[i] = '?';
+ }
+ if (!TEST_str_eq(buf1, buf2))
+ goto err;
+ }
+ if (!TEST_true(BIO_eof(file))
+ || !TEST_true(BIO_eof(membio)))
+ goto err;
+
+ ret = 1;
+ err:
+ OPENSSL_free(reffile);
+ BIO_free(file);
+ return ret;
+}
+
+/*
+ * Tests that the SSL_trace() msg_callback works as expected with a QUIC
+ * connection. This also provides testing of the msg_callback at the same time.
+ */
+static int test_ssl_trace(void)
+{
+ SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
+ SSL *clientquic = NULL;
+ QUIC_TSERVER *qtserv = NULL;
+ int testresult = 0;
+ BIO *bio = BIO_new(BIO_s_mem());
+
+ /*
+ * Ensure we only configure ciphersuites that are available with both the
+ * default and fips providers to get the same output in both cases
+ */
+ if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_128_GCM_SHA256")))
+ goto err;
+
+ if (!TEST_ptr(cctx)
+ || !TEST_ptr(bio)
+ || !TEST_true(qtest_create_quic_objects(libctx, cctx, cert, privkey,
+ 0, &qtserv, &clientquic,
+ NULL)))
+ goto err;
+
+ SSL_set_msg_callback(clientquic, SSL_trace);
+ SSL_set_msg_callback_arg(clientquic, bio);
+
+ if (!TEST_true(qtest_create_quic_connection(qtserv, clientquic)))
+ goto err;
+
+ if (!TEST_true(compare_with_file(bio)))
+ goto err;
+
+ testresult = 1;
+ err:
+ ossl_quic_tserver_free(qtserv);
+ SSL_free(clientquic);
+ SSL_CTX_free(cctx);
+ BIO_free(bio);
+
+ return testresult;
+}
+#endif
+
+OPT_TEST_DECLARE_USAGE("provider config certsdir datadir\n")
int setup_tests(void)
{
@@ -234,7 +341,8 @@ int setup_tests(void)
if (!TEST_ptr(modulename = test_get_argument(0))
|| !TEST_ptr(configfile = test_get_argument(1))
- || !TEST_ptr(certsdir = test_get_argument(2)))
+ || !TEST_ptr(certsdir = test_get_argument(2))
+ || !TEST_ptr(datadir = test_get_argument(3)))
goto err;
if (!TEST_true(OSSL_LIB_CTX_load_config(libctx, configfile)))
@@ -263,6 +371,9 @@ int setup_tests(void)
ADD_ALL_TESTS(test_quic_write_read, 2);
ADD_TEST(test_ciphersuites);
ADD_TEST(test_version);
+#if !defined(OPENSSL_NO_SSL_TRACE) && !defined(OPENSSL_NO_EC) && defined(OPENSSL_NO_ZLIB)
+ ADD_TEST(test_ssl_trace);
+#endif
return 1;
err:
diff --git a/test/recipes/75-test_quicapi.t b/test/recipes/75-test_quicapi.t
index 451fb4efd4..5f248a18f6 100644
--- a/test/recipes/75-test_quicapi.t
+++ b/test/recipes/75-test_quicapi.t
@@ -27,12 +27,15 @@ plan tests =>
+ 1; # quicapitest with default provider
ok(run(test(["quicapitest", "default",
- srctop_file("test", "default.cnf"), srctop_dir("test", "certs")])),
+ srctop_file("test", "default.cnf"),
+ srctop_dir("test", "certs"),
+ srctop_dir("test", "recipes", "75-test_quicapi_data")])),
"running quicapitest");
unless ($no_fips) {
ok(run(test(["quicapitest", "fips",
srctop_file("test", "fips-and-base.cnf"),
- srctop_dir("test", "certs")])),
+ srctop_dir("test", "certs"),
+ srctop_dir("test", "recipes", "75-test_quicapi_data")])),
"running quicapitest");
}
diff --git a/test/recipes/75-test_quicapi_data/ssltraceref.txt b/test/recipes/75-test_quicapi_data/ssltraceref.txt
new file mode 100644
index 0000000000..3d093af5c7
--- /dev/null
+++ b/test/recipes/75-test_quicapi_data/ssltraceref.txt
@@ -0,0 +1,294 @@
+Sent TLS Record
+Header:
+ Version = TLS 1.0 (0x301)
+ Content Type = Handshake (22)
+ Length = 254
+ ClientHello, Length=250
+ client_version=0x303 (TLS 1.2)
+ Random:
+ gmt_unix_time=0x????????
+ random_bytes (len=28): ????????????????????????????????????????????????????????
+ session_id (len=0):
+ cipher_suites (len=2)
+ {0x13, 0x01} TLS_AES_128_GCM_SHA256
+ compression_methods (len=1)
+ No Compression (0x00)
+ extensions, length = 207
+ extension_type=UNKNOWN(57), length=47
+ 0000 - 0c 00 0f 00 01 04 80 00-75 30 03 02 44 b0 0e ........u0..D..
+ 000f - 01 04 04 04 80 20 00 00-05 04 80 10 00 00 06 ..... .........
+ 001e - 04 80 10 00 00 07 04 80-10 00 00 08 01 00 09 ...............
+ 002d - 01 00 ..
+ extension_type=ec_point_formats(11), length=4
+ uncompressed (0)
+ ansiX962_compressed_prime (1)
+ ansiX962_compressed_char2 (2)
+ extension_type=supported_groups(10), length=22
+ ecdh_x25519 (29)
+ secp256r1 (P-256) (23)
+ ecdh_x448 (30)
+ secp521r1 (P-521) (25)
+ secp384r1 (P-384) (24)
+ ffdhe2048 (256)
+ ffdhe3072 (257)
+ ffdhe4096 (258)
+ ffdhe6144 (259)
+ ffdhe8192 (260)
+ extension_type=session_ticket(35), length=0
+ extension_type=application_layer_protocol_negotiation(16), length=11
+ ossltest
+ extension_type=encrypt_then_mac(22), length=0
+ extension_type=extended_master_secret(23), length=0
+ extension_type=signature_algorithms(13), length=36
+ ecdsa_secp256r1_sha256 (0x0403)
+ ecdsa_secp384r1_sha384 (0x0503)
+ ecdsa_secp521r1_sha512 (0x0603)
+ ed25519 (0x0807)
+ ed448 (0x0808)
+ ecdsa_brainpoolP256r1_sha256 (0x081a)
+ ecdsa_brainpoolP384r1_sha384 (0x081b)
+ ecdsa_brainpoolP512r1_sha512 (0x081c)
+ rsa_pss_pss_sha256 (0x0809)
+ rsa_pss_pss_sha384 (0x080a)
+ rsa_pss_pss_sha512 (0x080b)
+ rsa_pss_rsae_sha256 (0x0804)
+ rsa_pss_rsae_sha384 (0x0805)
+ rsa_pss_rsae_sha512 (0x0806)
+ rsa_pkcs1_sha256 (0x0401)
+ rsa_pkcs1_sha384 (0x0501)
+ rsa_pkcs1_sha512 (0x0601)
+ extension_type=supported_versions(43), length=3
+ TLS 1.3 (772)
+ extension_type=psk_key_exchange_modes(45), length=2
+ psk_dhe_ke (1)
+ extension_type=key_share(51), length=38
+ NamedGroup: ecdh_x25519 (29)
+ key_exchange: (len=32): ????????????????????????????????????????????????????????????????
+
+Sent Frame: Crypto
+ Offset: 0
+ Len: 254
+Sent Frame: Padding
+Sent Packet
+ Packet Type: Initial
+ Version: 0x00000001
+ Destination Conn Id: 0x????????????????
+ Source Conn Id: <zero length id>
+ Payload length: 1178
+ Token: <zerlo length token>
+ Packet Number: 0x00000000
+Sent Datagram
+ Length: 1200
+Received Datagram
+ Length: 1200
+Received Packet
+ Packet Type: Initial
+ Version: 0x00000001
+ Destination Conn Id: <zero length id>
+ Source Conn Id: 0x????????????????
+ Payload length: 115
+ Token: <zerlo length token>
+ Packet Number: 0x00000000
+Received Frame: Ack (without ECN)
+ Largest acked: 0
+ Ack delay (raw) 0
+ Ack range count: 0
+ First ack range: 0
+Received Frame: Crypto
+ Offset: 0
+ Len: 90
+Received TLS Record
+Header:
+ Version = TLS 1.2 (0x303)
+ Content Type = Handshake (22)
+ Length = 90
+ Inner Content Type = Handshake (22)
+ ServerHello, Length=86
+ server_version=0x303 (TLS 1.2)
+ Random:
+ gmt_unix_time=0x????????
+ random_bytes (len=28): ????????????????????????????????????????????????????????
+ session_id (len=0):
+ cipher_suite {0x13, 0x01} TLS_AES_128_GCM_SHA256
+ compression_method: No Compression (0x00)
+ extensions, length = 46
+ extension_type=supported_versions(43), length=2
+ TLS 1.3 (772)
+ extension_type=key_share(51), length=36
+ NamedGroup: ecdh_x25519 (29)
+ key_exchange: (len=32): ????????????????????????????????????????????????????????????????
+
+Received Packet
+ Packet Type: Handshake
+ Version: 0x00000001
+ Destination Conn Id: <zero length id>
+ Source Conn Id: 0x????????????????
+ Payload length: 1042
+ Packet Number: 0x00000000
+Received Frame: Crypto
+ Offset: 0
+ Len: 1022
+Received TLS Record
+Header:
+ Version = TLS 1.2 (0x303)
+ Content Type = ApplicationData (23)
+ Length = 1022
+ Inner Content Type = Handshake (22)
+ EncryptedExtensions, Length=86
+ extensions, length = 84
+ extension_type=UNKNOWN(57), length=65
+ 0000 - 0c 00 00 08 ?? ?? ?? ??-?? ?? ?? ?? 0f 08 ?? ....????????..?
+ 000f - ?? ?? ?? ?? ?? ?? ?? 01-04 80 00 75 30 03 02 ???????....u0..
+ 001e - 44 b0 0e 01 04 04 04 80-20 00 00 05 04 80 10 D....... ......
+ 002d - 00 00 06 04 80 10 00 00-07 04 80 10 00 00 08 ...............
+ 003c - 01 01 09 01 00 .....
+ extension_type=application_layer_protocol_negotiation(16), length=11
+ ossltest
+
+ Certificate, Length=818
+ context (len=0):
+ certificate_list, length=814
+ ASN.1Cert, length=809
+------details-----
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 2 (0x2)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN = Root CA
+ Validity
+ Not Before: Jan 14 22:29:46 2016 GMT
+ Not After : Jan 15 22:29:46 2116 GMT
+ Subject: CN = server.example
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:d5:5d:60:6a:df:fc:61:ee:48:aa:8c:11:48:43:
+ a5:6d:b6:52:5d:aa:98:49:b1:61:92:35:b1:fc:3a:
+ 04:25:0c:6d:79:ff:b4:d5:c9:e9:5c:1c:3b:e0:ab:
+ b3:b8:7d:a3:de:6d:bd:e0:dd:d7:5a:bf:14:47:11:
+ 42:5e:a6:82:d0:61:c1:7f:dd:13:46:e6:09:85:07:
+ 0e:f2:d4:fc:1a:64:d2:0a:ad:20:ab:20:6b:96:f0:
+ ad:cc:c4:19:53:55:dc:01:1d:a4:b3:ef:8a:b4:49:
+ 53:5d:8a:05:1c:f1:dc:e1:44:bf:c5:d7:e2:77:19:
+ 57:5c:97:0b:75:ee:88:43:71:0f:ca:6c:c1:b4:b2:
+ 50:a7:77:46:6c:58:0f:11:bf:f1:76:24:5a:ae:39:
+ 42:b7:51:67:29:e1:d0:55:30:6f:17:e4:91:ea:ad:
+ f8:28:c2:43:6f:a2:64:a9:fb:9d:98:92:62:48:3e:
+ eb:0d:4f:82:4a:8a:ff:3f:72:ee:96:b5:ae:a1:c1:
+ 98:ba:ef:7d:90:75:6d:ff:5a:52:9e:ab:f5:c0:7e:
+ d0:87:43:db:85:07:07:0f:7d:38:7a:fd:d1:d3:ee:
+ 65:1d:d3:ea:39:6a:87:37:ee:4a:d3:e0:0d:6e:f5:
+ 70:ac:c2:bd:f1:6e:f3:92:95:5e:a9:f0:a1:65:95:
+ 93:8d
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ C0:E7:84:BF:E8:59:27:33:10:B0:52:4F:51:52:2F:06:D6:C0:7A:CD
+ X509v3 Authority Key Identifier:
+ 70:7F:2E:AE:83:68:59:98:04:23:2A:CD:EB:3E:17:CD:24:DD:01:49
+ X509v3 Basic Constraints:
+ CA:FALSE
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication
+ X509v3 Subject Alternative Name:
+ DNS:server.example
+ Signature Algorithm: sha256WithRSAEncryption
+ Signature Value:
+ 7b:d3:04:43:75:8a:0f:11:ae:c4:fb:d7:a1:a2:9e:fe:20:18:
+ d5:f4:2f:31:88:46:b6:75:8c:ee:e5:9b:97:a6:b9:a3:cd:60:
+ 9a:46:c3:48:97:e5:97:68:f7:5a:86:35:73:d9:69:9e:f9:5f:
+ 74:b9:e6:94:13:01:cb:6a:dc:e3:c4:04:e9:65:da:9c:a4:8b:
+ 28:f3:f9:9a:7f:bf:97:1f:45:92:e5:05:b1:56:e6:0b:f6:47:
+ de:1e:89:b6:2b:e1:4d:df:4a:7e:01:d3:23:dc:97:8c:47:fe:
+ 5f:c7:cc:98:46:0e:c4:83:5b:ca:8a:f1:52:09:be:6b:ec:3f:
+ 09:8b:d0:93:02:bf:e1:51:e7:d1:7e:34:56:19:74:d0:ff:28:
+ 25:de:b7:9f:56:52:91:7d:20:29:85:0a:80:44:5f:71:32:25:
+ 71:0f:c2:16:e2:5f:6b:1d:3f:32:5b:0a:3c:74:1c:b9:62:f1:
+ ed:07:50:a3:6d:b4:b4:31:0a:c0:53:44:6a:3a:88:84:8b:2d:
+ a9:b0:37:8e:e6:18:36:bd:9a:20:40:0f:01:92:8b:3d:aa:61:
+ e7:ae:2c:ed:36:cd:3a:07:86:74:3a:29:b3:d7:3a:b4:00:a9:
+ c2:f5:92:78:0e:e2:0f:a3:fe:bb:be:e0:06:53:84:59:1d:90:
+ 69:e5:b6:f9
+-----BEGIN CERTIFICATE-----
+MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDExNDIyMjk0NloYDzIxMTYwMTE1MjIyOTQ2WjAZMRcwFQYDVQQD
+DA5zZXJ2ZXIuZXhhbXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ANVdYGrf/GHuSKqMEUhDpW22Ul2qmEmxYZI1sfw6BCUMbXn/tNXJ6VwcO+Crs7h9
+o95tveDd11q/FEcRQl6mgtBhwX/dE0bmCYUHDvLU/Bpk0gqtIKsga5bwrczEGVNV
+3AEdpLPvirRJU12KBRzx3OFEv8XX4ncZV1yXC3XuiENxD8pswbSyUKd3RmxYDxG/
+8XYkWq45QrdRZynh0FUwbxfkkeqt+CjCQ2+iZKn7nZiSYkg+6w1PgkqK/z9y7pa1
+rqHBmLrvfZB1bf9aUp6r9cB+0IdD24UHBw99OHr90dPuZR3T6jlqhzfuStPgDW71
+cKzCvfFu85KVXqnwoWWVk40CAwEAAaN9MHswHQYDVR0OBBYEFMDnhL/oWSczELBS
+T1FSLwbWwHrNMB8GA1UdIwQYMBaAFHB/Lq6DaFmYBCMqzes+F80k3QFJMAkGA1Ud
+EwQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGQYDVR0RBBIwEIIOc2VydmVyLmV4
+YW1wbGUwDQYJKoZIhvcNAQELBQADggEBAHvTBEN1ig8RrsT716Ginv4gGNX0LzGI
+RrZ1jO7lm5emuaPNYJpGw0iX5Zdo91qGNXPZaZ75X3S55pQTActq3OPEBOll2pyk
+iyjz+Zp/v5cfRZLlBbFW5gv2R94eibYr4U3fSn4B0yPcl4xH/l/HzJhGDsSDW8qK
+8VIJvmvsPwmL0JMCv+FR59F+NFYZdND/KCXet59WUpF9ICmFCoBEX3EyJXEPwhbi
+X2sdPzJbCjx0HLli8e0HUKNttLQxCsBTRGo6iISLLamwN47mGDa9miBADwGSiz2q
+YeeuLO02zToHhnQ6KbPXOrQAqcL1kngO4g+j/ru+4AZThFkdkGnltvk=
+-----END CERTIFICATE-----
+------------------
+ No extensions
+
+Received Datagram
+ Length: 254
+Received Packet
+ Packet Type: Handshake
+ Version: 0x00000001
+ Destination Conn Id: <zero length id>
+ Source Conn Id: 0x????????????????
+ Payload length: 211
+ Packet Number: 0x00000001
+Received Frame: Crypto
+ Offset: 1022
+ Len: 190
+Received TLS Record
+Header:
+ Version = TLS 1.2 (0x303)
+ Content Type = ApplicationData (23)
+ Length = 190
+ Inner Content Type = Handshake (22)
+ CertificateVerify, Length=260
+ Signature Algorithm: rsa_pss_rsae_sha256 (0x0804)
+ Signature (len=256): ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
+
+ Finished, Length=32
+ verify_data (len=32): ????????????????????????????????????????????????????????????????
+
+Sent TLS Record
+Header:
+ Version = TLS 1.2 (0x303)
+ Content Type = ApplicationData (23)
+ Length = 36
+ Inner Content Type = Handshake (22)
+ Finished, Length=32
+ verify_data (len=32): ????????????????????????????????????????????????????????????????
+
+
+Received Frame: Ping
+Sent Frame: Ack (without ECN)
+ Largest acked: 1
+ Ack delay (raw) 0
+ Ack range count: 0
+ First ack range: 1
+Sent Frame: Crypto
+ Offset: 0
+ Len: 36
+Sent Packet
+ Packet Type: Handshake
+ Version: 0x00000001
+ Destination Conn Id: 0x????????????????
+ Source Conn Id: <zero length id>
+ Payload length: 60
+ Packet Number: 0x00000000
+Sent Frame: Ack (without ECN)
+ Largest acked: 0
+ Ack delay (raw) 0
+ Ack range count: 0
+ First ack range: 0
+
+Sent Datagram
+ Length: 115
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-19 08:00:05 +0100