2 files changed, 358 insertions, 0 deletions
diff --git a/src/regress/lib/libssl/quic/Makefile b/src/regress/lib/libssl/quic/Makefile
new file mode 100644
index 0000000000..72f1a04849
--- /dev/null
+++ b/src/regress/lib/libssl/quic/Makefile
@@ -0,0 +1,19 @@
+#       $OpenBSD: Makefile,v 1.1 2022/08/27 09:16:29 jsing Exp $
+PROG=   quictest
+LDADD=  ${SSL_INT} -lcrypto
+DPADD=  ${LIBSSL} ${LIBCRYPTO}
+WARNINGS=       Yes
+CFLAGS+=        -DLIBRESSL_INTERNAL -Werror
+REGRESS_TARGETS= \
+        regress-quictest
+regress-quictest: ${PROG}
+        ./quictest \
+            ${.CURDIR}/../../libssl/certs/server.pem \
+            ${.CURDIR}/../../libssl/certs/server.pem \
+            ${.CURDIR}/../../libssl/certs/ca.pem
+.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/quic/quictest.c b/src/regress/lib/libssl/quic/quictest.c
new file mode 100644
index 0000000000..cdd4b2387c
--- /dev/null
+++ b/src/regress/lib/libssl/quic/quictest.c
@@ -0,0 +1,339 @@
+/* $OpenBSD: quictest.c,v 1.1 2022/08/27 09:16:29 jsing Exp $ */
+/*
+ * Copyright (c) 2020, 2021, 2022 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include <err.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+const char *server_ca_file;
+const char *server_cert_file;
+const char *server_key_file;
+int debug = 0;
+static void
+hexdump(const unsigned char *buf, size_t len)
+{
+        size_t i;
+        for (i = 1; i <= len; i++)
+                fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n");
+        if (len % 8)
+                fprintf(stderr, "\n");
+}
+struct quic_data {
+        enum ssl_encryption_level_t rlevel;
+        enum ssl_encryption_level_t wlevel;
+        BIO *rbio;
+        BIO *wbio;
+};
+static int
+quic_set_read_secret(SSL *ssl, enum ssl_encryption_level_t level,
+    const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len)
+{
+        struct quic_data *qd = SSL_get_app_data(ssl);
+        qd->rlevel = level;
+        return 1;
+}
+static int
+quic_set_write_secret(SSL *ssl, enum ssl_encryption_level_t level,
+    const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len)
+{
+        struct quic_data *qd = SSL_get_app_data(ssl);
+        qd->wlevel = level;
+        return 1;
+}
+static int
+quic_read_handshake_data(SSL *ssl)
+{
+        struct quic_data *qd = SSL_get_app_data(ssl);
+        uint8_t buf[2048];
+        int ret;
+        if ((ret = BIO_read(qd->rbio, buf, sizeof(buf))) > 0) {
+                if (debug > 1) {
+                        fprintf(stderr, "== quic_read_handshake_data ==\n");
+                        hexdump(buf, ret);
+                }
+                if (!SSL_provide_quic_data(ssl, qd->rlevel, buf, ret))
+                        return -1;
+        }
+        return 1;
+}
+static int
+quic_add_handshake_data(SSL *ssl, enum ssl_encryption_level_t level,
+    const uint8_t *data, size_t len)
+{
+        struct quic_data *qd = SSL_get_app_data(ssl);
+        int ret;
+        if (debug > 1) {
+                fprintf(stderr, "== quic_add_handshake_data\n");
+                hexdump(data, len);
+        }
+        if ((ret = BIO_write(qd->wbio, data, len)) <= 0)
+                return 0;
+        return (size_t)ret == len;
+}
+static int
+quic_flush_flight(SSL *ssl)
+{
+        return 1;
+}
+static int
+quic_send_alert(SSL *ssl, enum ssl_encryption_level_t level, uint8_t alert)
+{
+        return 1;
+}
+const SSL_QUIC_METHOD quic_method = {
+        .set_read_secret = quic_set_read_secret,
+        .set_write_secret = quic_set_write_secret,
+        .add_handshake_data = quic_add_handshake_data,
+        .flush_flight = quic_flush_flight,
+        .send_alert = quic_send_alert,
+};
+static SSL *
+quic_client(struct quic_data *data)
+{
+        SSL_CTX *ssl_ctx = NULL;
+        SSL *ssl = NULL;
+        if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL)
+                errx(1, "client context");
+        if (!SSL_CTX_set_quic_method(ssl_ctx, &quic_method)) {
+                fprintf(stderr, "FAIL: Failed to set QUIC method\n");
+                goto failure;
+        }
+        if ((ssl = SSL_new(ssl_ctx)) == NULL)
+                errx(1, "client ssl");
+        SSL_set_connect_state(ssl);
+        SSL_set_app_data(ssl, data);
+ failure:
+        SSL_CTX_free(ssl_ctx);
+        return ssl;
+}
+static SSL *
+quic_server(struct quic_data *data)
+{
+        SSL_CTX *ssl_ctx = NULL;
+        SSL *ssl = NULL;
+        if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL)
+                errx(1, "server context");
+        SSL_CTX_set_dh_auto(ssl_ctx, 2);
+        if (SSL_CTX_use_certificate_file(ssl_ctx, server_cert_file,
+            SSL_FILETYPE_PEM) != 1) {
+                fprintf(stderr, "FAIL: Failed to load server certificate\n");
+                goto failure;
+        }
+        if (SSL_CTX_use_PrivateKey_file(ssl_ctx, server_key_file,
+            SSL_FILETYPE_PEM) != 1) {
+                fprintf(stderr, "FAIL: Failed to load server private key\n");
+                goto failure;
+        }
+        if (!SSL_CTX_set_quic_method(ssl_ctx, &quic_method)) {
+                fprintf(stderr, "FAIL: Failed to set QUIC method\n");
+                goto failure;
+        }
+        if ((ssl = SSL_new(ssl_ctx)) == NULL)
+                errx(1, "server ssl");
+        SSL_set_accept_state(ssl);
+        SSL_set_app_data(ssl, data);
+ failure:
+        SSL_CTX_free(ssl_ctx);
+        return ssl;
+}
+static int
+ssl_error(SSL *ssl, const char *name, const char *desc, int ssl_ret)
+{
+        int ssl_err;
+        ssl_err = SSL_get_error(ssl, ssl_ret);
+        if (ssl_err == SSL_ERROR_WANT_READ) {
+                if (quic_read_handshake_data(ssl) < 0)
+                        return 0;
+                return 1;
+        } else if (ssl_err == SSL_ERROR_WANT_WRITE) {
+                return 1;
+        } else if (ssl_err == SSL_ERROR_SYSCALL && errno == 0) {
+                /* Yup, this is apparently a thing... */
+        } else {
+                fprintf(stderr, "FAIL: %s %s failed - ssl err = %d, errno = %d\n",
+                    name, desc, ssl_err, errno);
+                ERR_print_errors_fp(stderr);
+                return 0;
+        }
+        return 1;
+}
+static int
+do_handshake(SSL *ssl, const char *name, int *done)
+{
+        int ssl_ret;
+        if ((ssl_ret = SSL_do_handshake(ssl)) == 1) {
+                fprintf(stderr, "INFO: %s handshake done\n", name);
+                *done = 1;
+                return 1;
+        }
+        return ssl_error(ssl, name, "handshake", ssl_ret);
+}
+typedef int (*ssl_func)(SSL *ssl, const char *name, int *done);
+static int
+do_client_server_loop(SSL *client, ssl_func client_func, SSL *server,
+    ssl_func server_func)
+{
+        int client_done = 0, server_done = 0;
+        int i = 0;
+        do {
+                if (!client_done) {
+                        if (debug)
+                                fprintf(stderr, "DEBUG: client loop\n");
+                        if (!client_func(client, "client", &client_done))
+                                return 0;
+                }
+                if (!server_done) {
+                        if (debug)
+                                fprintf(stderr, "DEBUG: server loop\n");
+                        if (!server_func(server, "server", &server_done))
+                                return 0;
+                }
+        } while (i++ < 100 && (!client_done || !server_done));
+        if (!client_done || !server_done)
+                fprintf(stderr, "FAIL: gave up\n");
+        return client_done && server_done;
+}
+static int
+quictest(void)
+{
+        struct quic_data *client_data = NULL, *server_data = NULL;
+        BIO *client_wbio = NULL, *server_wbio = NULL;
+        SSL *client = NULL, *server = NULL;
+        int failed = 1;
+        if ((client_wbio = BIO_new(BIO_s_mem())) == NULL)
+                goto failure;
+        if (BIO_set_mem_eof_return(client_wbio, -1) <= 0)
+                goto failure;
+        if ((server_wbio = BIO_new(BIO_s_mem())) == NULL)
+                goto failure;
+        if (BIO_set_mem_eof_return(server_wbio, -1) <= 0)
+                goto failure;
+        if ((client_data = calloc(1, sizeof(*client_data))) == NULL)
+                goto failure;
+        client_data->rbio = server_wbio;
+        client_data->wbio = client_wbio;
+        if ((client = quic_client(client_data)) == NULL)
+                goto failure;
+        if ((server_data = calloc(1, sizeof(*server_data))) == NULL)
+                goto failure;
+        server_data->rbio = client_wbio;
+        server_data->wbio = server_wbio;
+        if ((server = quic_server(server_data)) == NULL)
+                goto failure;
+        if (!do_client_server_loop(client, do_handshake, server, do_handshake)) {
+                fprintf(stderr, "FAIL: client and server handshake failed\n");
+                ERR_print_errors_fp(stderr);
+                goto failure;
+        }
+        fprintf(stderr, "INFO: Done!\n");
+        failed = 0;
+ failure:
+        BIO_free(client_wbio);
+        BIO_free(server_wbio);
+        free(client_data);
+        free(server_data);
+        SSL_free(client);
+        SSL_free(server);
+        return failed;
+}
+int
+main(int argc, char **argv)
+{
+        int failed = 0;
+        if (argc != 4) {
+                fprintf(stderr, "usage: %s keyfile certfile cafile\n",
+                    argv[0]);
+                exit(1);
+        }
+        server_key_file = argv[1];
+        server_cert_file = argv[2];
+        server_ca_file = argv[3];
+        failed |= quictest();
+        return failed;
+}

diff --git a/src/regress/lib/libssl/quic/Makefile b/src/regress/lib/libssl/quic/Makefile new file mode 100644 index 0000000000..72f1a04849 --- /dev/null +++ b/src/regress/lib/libssl/quic/Makefile
@@ -0,0 +1,19 @@
	1	# $OpenBSD: Makefile,v 1.1 2022/08/27 09:16:29 jsing Exp $
	2
	3	PROG= quictest
	4	LDADD= ${SSL_INT} -lcrypto
	5	DPADD= ${LIBSSL} ${LIBCRYPTO}
	6
	7	WARNINGS= Yes
	8	CFLAGS+= -DLIBRESSL_INTERNAL -Werror
	9
	10	REGRESS_TARGETS= \
	11	regress-quictest
	12
	13	regress-quictest: ${PROG}
	14	./quictest \
	15	${.CURDIR}/../../libssl/certs/server.pem \
	16	${.CURDIR}/../../libssl/certs/server.pem \
	17	${.CURDIR}/../../libssl/certs/ca.pem
	18
	19	.include <bsd.regress.mk>


diff --git a/src/regress/lib/libssl/quic/quictest.c b/src/regress/lib/libssl/quic/quictest.c new file mode 100644 index 0000000000..cdd4b2387c --- /dev/null +++ b/src/regress/lib/libssl/quic/quictest.c
@@ -0,0 +1,339 @@
	1	/* $OpenBSD: quictest.c,v 1.1 2022/08/27 09:16:29 jsing Exp $ */
	2	/*
	3	* Copyright (c) 2020, 2021, 2022 Joel Sing <jsing@openbsd.org>
	4	*
	5	* Permission to use, copy, modify, and distribute this software for any
	6	* purpose with or without fee is hereby granted, provided that the above
	7	* copyright notice and this permission notice appear in all copies.
	8	*
	9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
	12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	16	*/
	17
	18	#include <err.h>
	19
	20	#include <openssl/bio.h>
	21	#include <openssl/err.h>
	22	#include <openssl/ssl.h>
	23
	24	const char *server_ca_file;
	25	const char *server_cert_file;
	26	const char *server_key_file;
	27
	28	int debug = 0;
	29
	30	static void
	31	hexdump(const unsigned char *buf, size_t len)
	32	{
	33	size_t i;
	34
	35	for (i = 1; i <= len; i++)
	36	fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n");
	37
	38	if (len % 8)
	39	fprintf(stderr, "\n");
	40	}
	41
	42	struct quic_data {
	43	enum ssl_encryption_level_t rlevel;
	44	enum ssl_encryption_level_t wlevel;
	45	BIO *rbio;
	46	BIO *wbio;
	47	};
	48
	49	static int
	50	quic_set_read_secret(SSL *ssl, enum ssl_encryption_level_t level,
	51	const SSL_CIPHER cipher, const uint8_t secret, size_t secret_len)
	52	{
	53	struct quic_data *qd = SSL_get_app_data(ssl);
	54
	55	qd->rlevel = level;
	56
	57	return 1;
	58	}
	59
	60	static int
	61	quic_set_write_secret(SSL *ssl, enum ssl_encryption_level_t level,
	62	const SSL_CIPHER cipher, const uint8_t secret, size_t secret_len)
	63	{
	64	struct quic_data *qd = SSL_get_app_data(ssl);
	65
	66	qd->wlevel = level;
	67
	68	return 1;
	69	}
	70
	71	static int
	72	quic_read_handshake_data(SSL *ssl)
	73	{
	74	struct quic_data *qd = SSL_get_app_data(ssl);
	75	uint8_t buf[2048];
	76	int ret;
	77
	78	if ((ret = BIO_read(qd->rbio, buf, sizeof(buf))) > 0) {
	79	if (debug > 1) {
	80	fprintf(stderr, "== quic_read_handshake_data ==\n");
	81	hexdump(buf, ret);
	82	}
	83	if (!SSL_provide_quic_data(ssl, qd->rlevel, buf, ret))
	84	return -1;
	85	}
	86
	87	return 1;
	88	}
	89
	90	static int
	91	quic_add_handshake_data(SSL *ssl, enum ssl_encryption_level_t level,
	92	const uint8_t *data, size_t len)
	93	{
	94	struct quic_data *qd = SSL_get_app_data(ssl);
	95	int ret;
	96
	97	if (debug > 1) {
	98	fprintf(stderr, "== quic_add_handshake_data\n");
	99	hexdump(data, len);
	100	}
	101
	102	if ((ret = BIO_write(qd->wbio, data, len)) <= 0)
	103	return 0;
	104
	105	return (size_t)ret == len;
	106	}
	107
	108	static int
	109	quic_flush_flight(SSL *ssl)
	110	{
	111	return 1;
	112	}
	113
	114	static int
	115	quic_send_alert(SSL *ssl, enum ssl_encryption_level_t level, uint8_t alert)
	116	{
	117	return 1;
	118	}
	119
	120	const SSL_QUIC_METHOD quic_method = {
	121	.set_read_secret = quic_set_read_secret,
	122	.set_write_secret = quic_set_write_secret,
	123	.add_handshake_data = quic_add_handshake_data,
	124	.flush_flight = quic_flush_flight,
	125	.send_alert = quic_send_alert,
	126	};
	127
	128	static SSL *
	129	quic_client(struct quic_data *data)
	130	{
	131	SSL_CTX *ssl_ctx = NULL;
	132	SSL *ssl = NULL;
	133
	134	if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL)
	135	errx(1, "client context");
	136
	137	if (!SSL_CTX_set_quic_method(ssl_ctx, &quic_method)) {
	138	fprintf(stderr, "FAIL: Failed to set QUIC method\n");
	139	goto failure;
	140	}
	141
	142	if ((ssl = SSL_new(ssl_ctx)) == NULL)
	143	errx(1, "client ssl");
	144
	145	SSL_set_connect_state(ssl);
	146	SSL_set_app_data(ssl, data);
	147
	148	failure:
	149	SSL_CTX_free(ssl_ctx);
	150
	151	return ssl;
	152	}
	153
	154	static SSL *
	155	quic_server(struct quic_data *data)
	156	{
	157	SSL_CTX *ssl_ctx = NULL;
	158	SSL *ssl = NULL;
	159
	160	if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL)
	161	errx(1, "server context");
	162
	163	SSL_CTX_set_dh_auto(ssl_ctx, 2);
	164
	165	if (SSL_CTX_use_certificate_file(ssl_ctx, server_cert_file,
	166	SSL_FILETYPE_PEM) != 1) {
	167	fprintf(stderr, "FAIL: Failed to load server certificate\n");
	168	goto failure;
	169	}
	170	if (SSL_CTX_use_PrivateKey_file(ssl_ctx, server_key_file,
	171	SSL_FILETYPE_PEM) != 1) {
	172	fprintf(stderr, "FAIL: Failed to load server private key\n");
	173	goto failure;
	174	}
	175
	176	if (!SSL_CTX_set_quic_method(ssl_ctx, &quic_method)) {
	177	fprintf(stderr, "FAIL: Failed to set QUIC method\n");
	178	goto failure;
	179	}
	180
	181	if ((ssl = SSL_new(ssl_ctx)) == NULL)
	182	errx(1, "server ssl");
	183
	184	SSL_set_accept_state(ssl);
	185	SSL_set_app_data(ssl, data);
	186
	187	failure:
	188	SSL_CTX_free(ssl_ctx);
	189
	190	return ssl;
	191	}
	192
	193	static int
	194	ssl_error(SSL ssl, const char name, const char *desc, int ssl_ret)
	195	{
	196	int ssl_err;
	197
	198	ssl_err = SSL_get_error(ssl, ssl_ret);
	199
	200	if (ssl_err == SSL_ERROR_WANT_READ) {
	201	if (quic_read_handshake_data(ssl) < 0)
	202	return 0;
	203	return 1;
	204	} else if (ssl_err == SSL_ERROR_WANT_WRITE) {
	205	return 1;
	206	} else if (ssl_err == SSL_ERROR_SYSCALL && errno == 0) {
	207	/* Yup, this is apparently a thing... */
	208	} else {
	209	fprintf(stderr, "FAIL: %s %s failed - ssl err = %d, errno = %d\n",
	210	name, desc, ssl_err, errno);
	211	ERR_print_errors_fp(stderr);
	212	return 0;
	213	}
	214
	215	return 1;
	216	}
	217
	218	static int
	219	do_handshake(SSL ssl, const char name, int *done)
	220	{
	221	int ssl_ret;
	222
	223	if ((ssl_ret = SSL_do_handshake(ssl)) == 1) {
	224	fprintf(stderr, "INFO: %s handshake done\n", name);
	225	*done = 1;
	226	return 1;
	227	}
	228
	229	return ssl_error(ssl, name, "handshake", ssl_ret);
	230	}
	231
	232	typedef int (ssl_func)(SSL ssl, const char name, int done);
	233
	234	static int
	235	do_client_server_loop(SSL client, ssl_func client_func, SSL server,
	236	ssl_func server_func)
	237	{
	238	int client_done = 0, server_done = 0;
	239	int i = 0;
	240
	241	do {
	242	if (!client_done) {
	243	if (debug)
	244	fprintf(stderr, "DEBUG: client loop\n");
	245	if (!client_func(client, "client", &client_done))
	246	return 0;
	247	}
	248	if (!server_done) {
	249	if (debug)
	250	fprintf(stderr, "DEBUG: server loop\n");
	251	if (!server_func(server, "server", &server_done))
	252	return 0;
	253	}
	254	} while (i++ < 100 && (!client_done \|\| !server_done));
	255
	256	if (!client_done \|\| !server_done)
	257	fprintf(stderr, "FAIL: gave up\n");
	258
	259	return client_done && server_done;
	260	}
	261
	262	static int
	263	quictest(void)
	264	{
	265	struct quic_data client_data = NULL, server_data = NULL;
	266	BIO client_wbio = NULL, server_wbio = NULL;
	267	SSL client = NULL, server = NULL;
	268	int failed = 1;
	269
	270	if ((client_wbio = BIO_new(BIO_s_mem())) == NULL)
	271	goto failure;
	272	if (BIO_set_mem_eof_return(client_wbio, -1) <= 0)
	273	goto failure;
	274
	275	if ((server_wbio = BIO_new(BIO_s_mem())) == NULL)
	276	goto failure;
	277	if (BIO_set_mem_eof_return(server_wbio, -1) <= 0)
	278	goto failure;
	279
	280	if ((client_data = calloc(1, sizeof(*client_data))) == NULL)
	281	goto failure;
	282
	283	client_data->rbio = server_wbio;
	284	client_data->wbio = client_wbio;
	285
	286	if ((client = quic_client(client_data)) == NULL)
	287	goto failure;
	288
	289	if ((server_data = calloc(1, sizeof(*server_data))) == NULL)
	290	goto failure;
	291
	292	server_data->rbio = client_wbio;
	293	server_data->wbio = server_wbio;
	294
	295	if ((server = quic_server(server_data)) == NULL)
	296	goto failure;
	297
	298	if (!do_client_server_loop(client, do_handshake, server, do_handshake)) {
	299	fprintf(stderr, "FAIL: client and server handshake failed\n");
	300	ERR_print_errors_fp(stderr);
	301	goto failure;
	302	}
	303
	304	fprintf(stderr, "INFO: Done!\n");
	305
	306	failed = 0;
	307
	308	failure:
	309	BIO_free(client_wbio);
	310	BIO_free(server_wbio);
	311
	312	free(client_data);
	313	free(server_data);
	314
	315	SSL_free(client);
	316	SSL_free(server);
	317
	318	return failed;
	319	}
	320
	321	int
	322	main(int argc, char **argv)
	323	{
	324	int failed = 0;
	325
	326	if (argc != 4) {
	327	fprintf(stderr, "usage: %s keyfile certfile cafile\n",
	328	argv[0]);
	329	exit(1);
	330	}
	331
	332	server_key_file = argv[1];
	333	server_cert_file = argv[2];
	334	server_ca_file = argv[3];
	335
	336	failed \|= quictest();
	337
	338	return failed;
	339	}