1 /*
2 * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9 #include "internal/sockets.h"
10 #include <openssl/rand.h>
11
12 static const unsigned char alpn_ossltest[] = {
13 /* "\x08ossltest" (hex for EBCDIC resilience) */
14 0x08, 0x6f, 0x73, 0x73, 0x6c, 0x74, 0x65, 0x73, 0x74
15 };
16
DEF_FUNC(hf_unbind)17 DEF_FUNC(hf_unbind)
18 {
19 int ok = 0;
20 const char *name;
21
22 F_POP(name);
23 RADIX_PROCESS_set_obj(RP(), name, NULL);
24
25 ok = 1;
26 err:
27 return ok;
28 }
29
ssl_ctx_select_alpn(SSL * ssl,const unsigned char ** out,unsigned char * out_len,const unsigned char * in,unsigned int in_len,void * arg)30 static int ssl_ctx_select_alpn(SSL *ssl,
31 const unsigned char **out, unsigned char *out_len,
32 const unsigned char *in, unsigned int in_len,
33 void *arg)
34 {
35 if (SSL_select_next_proto((unsigned char **)out, out_len,
36 alpn_ossltest, sizeof(alpn_ossltest), in, in_len)
37 != OPENSSL_NPN_NEGOTIATED)
38 return SSL_TLSEXT_ERR_ALERT_FATAL;
39
40 return SSL_TLSEXT_ERR_OK;
41 }
42
keylog_cb(const SSL * ssl,const char * line)43 static void keylog_cb(const SSL *ssl, const char *line)
44 {
45 ossl_crypto_mutex_lock(RP()->gm);
46 BIO_printf(RP()->keylog_out, "%s", line);
47 (void)BIO_flush(RP()->keylog_out);
48 ossl_crypto_mutex_unlock(RP()->gm);
49 }
50
ssl_ctx_configure(SSL_CTX * ctx,int is_server)51 static int ssl_ctx_configure(SSL_CTX *ctx, int is_server)
52 {
53 if (!TEST_true(ossl_quic_set_diag_title(ctx, "quic_radix_test")))
54 return 0;
55
56 if (!is_server)
57 return 1;
58
59 if (RP()->keylog_out != NULL)
60 SSL_CTX_set_keylog_callback(ctx, keylog_cb);
61
62 if (!TEST_int_eq(SSL_CTX_use_certificate_file(ctx, cert_file,
63 SSL_FILETYPE_PEM), 1)
64 || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(ctx, key_file,
65 SSL_FILETYPE_PEM), 1))
66 return 0;
67
68 SSL_CTX_set_alpn_select_cb(ctx, ssl_ctx_select_alpn, NULL);
69 return 1;
70 }
71
ssl_create_bound_socket(uint16_t listen_port,int * p_fd,uint16_t * p_result_port)72 static int ssl_create_bound_socket(uint16_t listen_port,
73 int *p_fd, uint16_t *p_result_port)
74 {
75 int ok = 0;
76 int fd = -1;
77 BIO_ADDR *addr = NULL;
78 union BIO_sock_info_u info;
79 struct in_addr ina;
80
81 ina.s_addr = htonl(INADDR_LOOPBACK);
82
83 fd = BIO_socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP, 0);
84 if (!TEST_int_ge(fd, 0))
85 goto err;
86
87 if (!TEST_true(BIO_socket_nbio(fd, 1)))
88 goto err;
89
90 if (!TEST_ptr(addr = BIO_ADDR_new()))
91 goto err;
92
93 if (!TEST_true(BIO_ADDR_rawmake(addr, AF_INET,
94 &ina, sizeof(ina), 0)))
95 goto err;
96
97 if (!TEST_true(BIO_bind(fd, addr, 0)))
98 goto err;
99
100 info.addr = addr;
101 if (!TEST_true(BIO_sock_info(fd, BIO_SOCK_INFO_ADDRESS, &info)))
102 goto err;
103
104 if (!TEST_int_gt(BIO_ADDR_rawport(addr), 0))
105 goto err;
106
107 ok = 1;
108 err:
109 if (!ok && fd >= 0)
110 BIO_closesocket(fd);
111 else if (ok) {
112 *p_fd = fd;
113 if (p_result_port != NULL)
114 *p_result_port = BIO_ADDR_rawport(addr);
115 }
116 BIO_ADDR_free(addr);
117 return ok;
118 }
119
ssl_attach_bio_dgram(SSL * ssl,uint16_t local_port,uint16_t * actual_port)120 static int ssl_attach_bio_dgram(SSL *ssl,
121 uint16_t local_port, uint16_t *actual_port)
122 {
123 int s_fd = -1;
124 BIO *bio;
125
126 if (!TEST_true(ssl_create_bound_socket(local_port, &s_fd, actual_port)))
127 return 0;
128
129 if (!TEST_ptr(bio = BIO_new_dgram(s_fd, BIO_CLOSE))) {
130 BIO_closesocket(s_fd);
131 return 0;
132 }
133
134 SSL_set0_rbio(ssl, bio);
135 if (!TEST_true(BIO_up_ref(bio)))
136 return 0;
137
138 SSL_set0_wbio(ssl, bio);
139
140 return 1;
141 }
142
143 /*
144 * Test to make sure that SSL_accept_connection returns the same ssl object
145 * that is used in the various TLS callbacks
146 *
147 * Unlike TCP, QUIC processes new connections independently from their
148 * acceptance, and so we need to pre-allocate tls objects to return during
149 * connection acceptance via the user_ssl. This is just a quic test to validate
150 * that:
151 * 1) The new callback to inform the user of a new pending ssl acceptance works
152 * properly
153 * 2) That the object returned from SSL_accept_connection matches the one passed
154 * to various callbacks
155 *
156 * It would be better as its own test, but currently the tserver used in the
157 * other quic_tests doesn't actually accept connections (it pre-creates them
158 * and fixes them up in place), so testing there is not feasible at the moment
159 *
160 * For details on this issue see:
161 * https://github.com/openssl/project/issues/918
162 */
163 static SSL *pending_ssl_obj = NULL;
164 static SSL *client_hello_ssl_obj = NULL;
165 static int check_pending_match = 0;
166 static int pending_cb_called = 0;
167 static int hello_cb_called = 0;
new_pending_cb(SSL_CTX * ctx,SSL * new_ssl,void * arg)168 static int new_pending_cb(SSL_CTX *ctx, SSL *new_ssl, void *arg)
169 {
170 pending_ssl_obj = new_ssl;
171 pending_cb_called = 1;
172 return 1;
173 }
174
client_hello_cb(SSL * s,int * al,void * arg)175 static int client_hello_cb(SSL *s, int *al, void *arg)
176 {
177 client_hello_ssl_obj = s;
178 hello_cb_called = 1;
179 return 1;
180 }
181
DEF_FUNC(hf_new_ssl)182 DEF_FUNC(hf_new_ssl)
183 {
184 int ok = 0;
185 const char *name;
186 SSL_CTX *ctx = NULL;
187 const SSL_METHOD *method;
188 SSL *ssl;
189 uint64_t flags;
190 int is_server, is_domain;
191
192 F_POP2(name, flags);
193
194 is_domain = ((flags & 2) != 0);
195 is_server = ((flags & 1) != 0);
196
197 method = is_server ? OSSL_QUIC_server_method() : OSSL_QUIC_client_method();
198 if (!TEST_ptr(ctx = SSL_CTX_new(method)))
199 goto err;
200
201 #if defined(OPENSSL_THREADS)
202 if (!TEST_true(SSL_CTX_set_domain_flags(ctx,
203 SSL_DOMAIN_FLAG_MULTI_THREAD
204 | SSL_DOMAIN_FLAG_BLOCKING)))
205 goto err;
206 #endif
207
208 if (!TEST_true(ssl_ctx_configure(ctx, is_server)))
209 goto err;
210
211 if (is_domain) {
212 if (!TEST_ptr(ssl = SSL_new_domain(ctx, 0)))
213 goto err;
214
215 } else if (is_server) {
216 SSL_CTX_set_new_pending_conn_cb(ctx, new_pending_cb, NULL);
217 SSL_CTX_set_client_hello_cb(ctx, client_hello_cb, NULL);
218 check_pending_match = 1;
219 if (!TEST_ptr(ssl = SSL_new_listener(ctx, 0)))
220 goto err;
221 } else {
222 if (!TEST_ptr(ssl = SSL_new(ctx)))
223 goto err;
224 }
225
226 if (!is_domain && !TEST_true(ssl_attach_bio_dgram(ssl, 0, NULL)))
227 goto err;
228
229 if (!TEST_true(RADIX_PROCESS_set_ssl(RP(), name, ssl))) {
230 SSL_free(ssl);
231 goto err;
232 }
233
234 ok = 1;
235 err:
236 /* SSL object will hold ref, we don't need it */
237 SSL_CTX_free(ctx);
238 return ok;
239 }
240
DEF_FUNC(hf_new_ssl_listener_from)241 DEF_FUNC(hf_new_ssl_listener_from)
242 {
243 int ok = 0;
244 SSL *domain, *listener;
245 const char *listener_name;
246 uint64_t flags;
247
248 REQUIRE_SSL(domain);
249 F_POP2(listener_name, flags);
250
251 if (!TEST_ptr_null(RADIX_PROCESS_get_obj(RP(), listener_name)))
252 goto err;
253
254 if (!TEST_ptr(listener = SSL_new_listener_from(domain, flags)))
255 goto err;
256
257 if (!TEST_true(ssl_attach_bio_dgram(listener, 0, NULL)))
258 goto err;
259
260 if (!TEST_true(RADIX_PROCESS_set_ssl(RP(), listener_name, listener))) {
261 SSL_free(listener);
262 goto err;
263 }
264
265 radix_activate_slot(0);
266
267 ok = 1;
268 err:
269 return ok;
270 }
271
DEF_FUNC(hf_listen)272 DEF_FUNC(hf_listen)
273 {
274 int ok = 0, r;
275 SSL *ssl;
276
277 REQUIRE_SSL(ssl);
278
279 r = SSL_listen(ssl);
280 if (!TEST_true(r))
281 goto err;
282
283 if (SSL_get0_domain(ssl) == NULL)
284 radix_activate_slot(0);
285
286 ok = 1;
287 err:
288 return ok;
289 }
290
DEF_FUNC(hf_new_stream)291 DEF_FUNC(hf_new_stream)
292 {
293 int ok = 0;
294 const char *stream_name;
295 SSL *conn, *stream;
296 uint64_t flags, do_accept;
297
298 F_POP2(flags, do_accept);
299 F_POP(stream_name);
300 REQUIRE_SSL(conn);
301
302 if (!TEST_ptr_null(RADIX_PROCESS_get_obj(RP(), stream_name)))
303 goto err;
304
305 if (do_accept) {
306 stream = SSL_accept_stream(conn, flags);
307
308 if (stream == NULL)
309 F_SPIN_AGAIN();
310 } else {
311 stream = SSL_new_stream(conn, flags);
312 }
313
314 if (!TEST_ptr(stream))
315 goto err;
316
317 /* TODO(QUIC RADIX): Implement wait behaviour */
318
319 if (stream != NULL
320 && !TEST_true(RADIX_PROCESS_set_ssl(RP(), stream_name, stream))) {
321 SSL_free(stream);
322 goto err;
323 }
324
325 ok = 1;
326 err:
327 return ok;
328 }
329
DEF_FUNC(hf_accept_conn)330 DEF_FUNC(hf_accept_conn)
331 {
332 int ok = 0;
333 const char *conn_name;
334 uint64_t flags;
335 SSL *listener, *conn;
336
337 F_POP2(conn_name, flags);
338 REQUIRE_SSL(listener);
339
340 if (!TEST_ptr_null(RADIX_PROCESS_get_obj(RP(), conn_name)))
341 goto err;
342
343 conn = SSL_accept_connection(listener, flags);
344 if (conn == NULL)
345 F_SPIN_AGAIN();
346
347 if (!TEST_true(RADIX_PROCESS_set_ssl(RP(), conn_name, conn))) {
348 SSL_free(conn);
349 goto err;
350 }
351
352 if (check_pending_match) {
353 if (!pending_cb_called || !hello_cb_called) {
354 TEST_info("Callbacks not called, skipping user_ssl check\n");
355 } else {
356 if (!TEST_ptr_eq(pending_ssl_obj, client_hello_ssl_obj)) {
357 SSL_free(conn);
358 goto err;
359 }
360 if (!TEST_ptr_eq(pending_ssl_obj, conn)) {
361 SSL_free(conn);
362 goto err;
363 }
364 }
365 pending_ssl_obj = client_hello_ssl_obj = NULL;
366 check_pending_match = 0;
367 pending_cb_called = hello_cb_called = 0;
368 }
369 ok = 1;
370 err:
371 return ok;
372 }
373
DEF_FUNC(hf_accept_conn_none)374 DEF_FUNC(hf_accept_conn_none)
375 {
376 int ok = 0;
377 SSL *listener, *conn;
378
379 REQUIRE_SSL(listener);
380
381 conn = SSL_accept_connection(listener, SSL_ACCEPT_CONNECTION_NO_BLOCK);
382 if (!TEST_ptr_null(conn)) {
383 SSL_free(conn);
384 goto err;
385 }
386
387 ok = 1;
388 err:
389 return ok;
390 }
391
DEF_FUNC(hf_accept_stream_none)392 DEF_FUNC(hf_accept_stream_none)
393 {
394 int ok = 0;
395 const char *conn_name;
396 uint64_t flags;
397 SSL *conn, *stream;
398
399 F_POP2(conn_name, flags);
400
401 if (!TEST_ptr(conn = RADIX_PROCESS_get_ssl(RP(), conn_name)))
402 goto err;
403
404 stream = SSL_accept_stream(conn, flags);
405 if (!TEST_ptr_null(stream)) {
406 SSL_free(stream);
407 goto err;
408 }
409
410 ok = 1;
411 err:
412 return ok;
413 }
414
DEF_FUNC(hf_pop_err)415 DEF_FUNC(hf_pop_err)
416 {
417 ERR_pop();
418
419 return 1;
420 }
421
DEF_FUNC(hf_stream_reset)422 DEF_FUNC(hf_stream_reset)
423 {
424 int ok = 0;
425 const char *name;
426 SSL_STREAM_RESET_ARGS args = {0};
427 SSL *ssl;
428
429 F_POP2(name, args.quic_error_code);
430 REQUIRE_SSL(ssl);
431
432 if (!TEST_true(SSL_stream_reset(ssl, &args, sizeof(args))))
433 goto err;
434
435 ok = 1;
436 err:
437 return ok;
438 }
439
DEF_FUNC(hf_set_default_stream_mode)440 DEF_FUNC(hf_set_default_stream_mode)
441 {
442 int ok = 0;
443 uint64_t mode;
444 SSL *ssl;
445
446 F_POP(mode);
447 REQUIRE_SSL(ssl);
448
449 if (!TEST_true(SSL_set_default_stream_mode(ssl, (uint32_t)mode)))
450 goto err;
451
452 ok = 1;
453 err:
454 return ok;
455 }
456
DEF_FUNC(hf_set_incoming_stream_policy)457 DEF_FUNC(hf_set_incoming_stream_policy)
458 {
459 int ok = 0;
460 uint64_t policy, error_code;
461 SSL *ssl;
462
463 F_POP(error_code);
464 F_POP(policy);
465 REQUIRE_SSL(ssl);
466
467 if (!TEST_true(SSL_set_incoming_stream_policy(ssl, (int)policy, error_code)))
468 goto err;
469
470 ok = 1;
471 err:
472 return ok;
473 }
474
DEF_FUNC(hf_shutdown_wait)475 DEF_FUNC(hf_shutdown_wait)
476 {
477 int ok = 0, ret;
478 uint64_t flags;
479 SSL *ssl;
480 SSL_SHUTDOWN_EX_ARGS args = {0};
481 QUIC_CHANNEL *ch;
482
483 F_POP(args.quic_reason);
484 F_POP(args.quic_error_code);
485 F_POP(flags);
486 REQUIRE_SSL(ssl);
487
488 ch = ossl_quic_conn_get_channel(ssl);
489 ossl_quic_engine_set_inhibit_tick(ossl_quic_channel_get0_engine(ch), 0);
490
491 ret = SSL_shutdown_ex(ssl, flags, &args, sizeof(args));
492 if (!TEST_int_ge(ret, 0))
493 goto err;
494
495 if (ret == 0)
496 F_SPIN_AGAIN();
497
498 ok = 1;
499 err:
500 return ok;
501 }
502
DEF_FUNC(hf_conclude)503 DEF_FUNC(hf_conclude)
504 {
505 int ok = 0;
506 SSL *ssl;
507
508 REQUIRE_SSL(ssl);
509
510 if (!TEST_true(SSL_stream_conclude(ssl, 0)))
511 goto err;
512
513 ok = 1;
514 err:
515 return ok;
516 }
517
is_want(SSL * s,int ret)518 static int is_want(SSL *s, int ret)
519 {
520 int ec = SSL_get_error(s, ret);
521
522 return ec == SSL_ERROR_WANT_READ || ec == SSL_ERROR_WANT_WRITE;
523 }
524
check_consistent_want(SSL * s,int ret)525 static int check_consistent_want(SSL *s, int ret)
526 {
527 int ec = SSL_get_error(s, ret);
528 int w = SSL_want(s);
529
530 int ok = TEST_true(
531 (ec == SSL_ERROR_NONE && w == SSL_NOTHING)
532 || (ec == SSL_ERROR_ZERO_RETURN && w == SSL_NOTHING)
533 || (ec == SSL_ERROR_SSL && w == SSL_NOTHING)
534 || (ec == SSL_ERROR_SYSCALL && w == SSL_NOTHING)
535 || (ec == SSL_ERROR_WANT_READ && w == SSL_READING)
536 || (ec == SSL_ERROR_WANT_WRITE && w == SSL_WRITING)
537 || (ec == SSL_ERROR_WANT_CLIENT_HELLO_CB && w == SSL_CLIENT_HELLO_CB)
538 || (ec == SSL_ERROR_WANT_X509_LOOKUP && w == SSL_X509_LOOKUP)
539 || (ec == SSL_ERROR_WANT_RETRY_VERIFY && w == SSL_RETRY_VERIFY)
540 );
541
542 if (!ok)
543 TEST_error("got error=%d, want=%d", ec, w);
544
545 return ok;
546 }
547
DEF_FUNC(hf_write)548 DEF_FUNC(hf_write)
549 {
550 int ok = 0, r;
551 SSL *ssl;
552 const void *buf;
553 size_t buf_len, bytes_written = 0;
554
555 F_POP2(buf, buf_len);
556 REQUIRE_SSL(ssl);
557
558 r = SSL_write_ex(ssl, buf, buf_len, &bytes_written);
559 if (!TEST_true(r)
560 || !check_consistent_want(ssl, r)
561 || !TEST_size_t_eq(bytes_written, buf_len))
562 goto err;
563
564 ok = 1;
565 err:
566 return ok;
567 }
568
DEF_FUNC(hf_write_rand)569 DEF_FUNC(hf_write_rand)
570 {
571 int ok = 0, r;
572 SSL *ssl;
573 void *buf = NULL;
574 size_t buf_len, bytes_written = 0;
575
576 F_POP(buf_len);
577 REQUIRE_SSL(ssl);
578
579 while (buf_len > 0) {
580 size_t thislen = buf_len > 1024 ? 1024 : buf_len;
581
582 if (buf == NULL)
583 buf = OPENSSL_malloc(thislen);
584 if (!TEST_ptr(buf))
585 goto err;
586 if (!TEST_int_eq(RAND_bytes(buf, thislen), 1))
587 goto err;
588 r = SSL_write_ex(ssl, buf, thislen, &bytes_written);
589 if (!TEST_true(r)
590 || !check_consistent_want(ssl, r)
591 || !TEST_size_t_eq(bytes_written, thislen))
592 goto err;
593
594 buf_len -= thislen;
595 }
596
597 ok = 1;
598 err:
599 OPENSSL_free(buf);
600 return ok;
601 }
602
DEF_FUNC(hf_write_ex2)603 DEF_FUNC(hf_write_ex2)
604 {
605 int ok = 0, r;
606 SSL *ssl;
607 const void *buf;
608 size_t buf_len, bytes_written = 0;
609 uint64_t flags;
610
611 F_POP(flags);
612 F_POP2(buf, buf_len);
613 REQUIRE_SSL(ssl);
614
615 r = SSL_write_ex2(ssl, buf, buf_len, flags, &bytes_written);
616 if (!TEST_true(r)
617 || !check_consistent_want(ssl, r)
618 || !TEST_size_t_eq(bytes_written, buf_len))
619 goto err;
620
621 ok = 1;
622 err:
623 return ok;
624 }
625
DEF_FUNC(hf_write_fail)626 DEF_FUNC(hf_write_fail)
627 {
628 int ok = 0, ret;
629 SSL *ssl;
630 size_t bytes_written = 0;
631
632 REQUIRE_SSL(ssl);
633
634 ret = SSL_write_ex(ssl, "apple", 5, &bytes_written);
635 if (!TEST_false(ret)
636 || !TEST_true(check_consistent_want(ssl, ret))
637 || !TEST_size_t_eq(bytes_written, 0))
638 goto err;
639
640 ok = 1;
641 err:
642 return ok;
643 }
644
DEF_FUNC(hf_read_expect)645 DEF_FUNC(hf_read_expect)
646 {
647 int ok = 0, r;
648 SSL *ssl;
649 const void *buf;
650 size_t buf_len, bytes_read = 0;
651
652 F_POP2(buf, buf_len);
653 REQUIRE_SSL(ssl);
654
655 if (buf_len > 0 && RT()->tmp_buf == NULL
656 && !TEST_ptr(RT()->tmp_buf = OPENSSL_malloc(buf_len)))
657 goto err;
658
659 r = SSL_read_ex(ssl, RT()->tmp_buf + RT()->tmp_buf_offset,
660 buf_len - RT()->tmp_buf_offset,
661 &bytes_read);
662 if (!TEST_true(check_consistent_want(ssl, r)))
663 goto err;
664
665 if (!r)
666 F_SPIN_AGAIN();
667
668 if (bytes_read + RT()->tmp_buf_offset != buf_len) {
669 RT()->tmp_buf_offset += bytes_read;
670 F_SPIN_AGAIN();
671 }
672
673 if (buf_len > 0
674 && !TEST_mem_eq(RT()->tmp_buf, buf_len, buf, buf_len))
675 goto err;
676
677 OPENSSL_free(RT()->tmp_buf);
678 RT()->tmp_buf = NULL;
679 RT()->tmp_buf_offset = 0;
680
681 ok = 1;
682 err:
683 return ok;
684 }
685
DEF_FUNC(hf_read_fail)686 DEF_FUNC(hf_read_fail)
687 {
688 int ok = 0, r;
689 SSL *ssl;
690 char buf[1] = {0};
691 size_t bytes_read = 0;
692 uint64_t do_wait;
693
694 F_POP(do_wait);
695 REQUIRE_SSL(ssl);
696
697 r = SSL_read_ex(ssl, buf, sizeof(buf), &bytes_read);
698 if (!TEST_false(r)
699 || !TEST_true(check_consistent_want(ssl, r))
700 || !TEST_size_t_eq(bytes_read, 0))
701 goto err;
702
703 if (do_wait && is_want(ssl, 0))
704 F_SPIN_AGAIN();
705
706 ok = 1;
707 err:
708 return ok;
709 }
710
DEF_FUNC(hf_connect_wait)711 DEF_FUNC(hf_connect_wait)
712 {
713 int ok = 0, ret;
714 SSL *ssl;
715
716 REQUIRE_SSL(ssl);
717
718 /* if not started */
719 if (RT()->scratch0 == 0) {
720 if (!TEST_true(SSL_set_blocking_mode(ssl, 0)))
721 return 0;
722
723 /* 0 is the success case for SSL_set_alpn_protos(). */
724 if (!TEST_false(SSL_set_alpn_protos(ssl, alpn_ossltest,
725 sizeof(alpn_ossltest))))
726 goto err;
727 }
728
729 RT()->scratch0 = 1; /* connect started */
730 ret = SSL_connect(ssl);
731 radix_activate_slot(0);
732 if (!TEST_true(check_consistent_want(ssl, ret)))
733 goto err;
734
735 if (ret != 1) {
736 if (is_want(ssl, ret))
737 F_SPIN_AGAIN();
738
739 if (!TEST_int_eq(ret, 1))
740 goto err;
741 }
742
743 ok = 1;
744 err:
745 RT()->scratch0 = 0;
746 return ok;
747 }
748
DEF_FUNC(hf_detach)749 DEF_FUNC(hf_detach)
750 {
751 int ok = 0;
752 const char *conn_name, *stream_name;
753 SSL *conn, *stream;
754
755 F_POP2(conn_name, stream_name);
756 if (!TEST_ptr(conn = RADIX_PROCESS_get_ssl(RP(), conn_name)))
757 goto err;
758
759 if (!TEST_ptr(stream = ossl_quic_detach_stream(conn)))
760 goto err;
761
762 if (!TEST_true(RADIX_PROCESS_set_ssl(RP(), stream_name, stream))) {
763 SSL_free(stream);
764 goto err;
765 }
766
767 ok = 1;
768 err:
769 return ok;
770 }
771
DEF_FUNC(hf_attach)772 DEF_FUNC(hf_attach)
773 {
774 int ok = 0;
775 const char *conn_name, *stream_name;
776 SSL *conn, *stream;
777
778 F_POP2(conn_name, stream_name);
779
780 if (!TEST_ptr(conn = RADIX_PROCESS_get_ssl(RP(), conn_name)))
781 goto err;
782
783 if (!TEST_ptr(stream = RADIX_PROCESS_get_ssl(RP(), stream_name)))
784 goto err;
785
786 if (!TEST_true(ossl_quic_attach_stream(conn, stream)))
787 goto err;
788
789 if (!TEST_true(RADIX_PROCESS_set_ssl(RP(), stream_name, NULL)))
790 goto err;
791
792 ok = 1;
793 err:
794 return ok;
795 }
796
DEF_FUNC(hf_expect_fin)797 DEF_FUNC(hf_expect_fin)
798 {
799 int ok = 0, ret;
800 SSL *ssl;
801 char buf[1];
802 size_t bytes_read = 0;
803
804 REQUIRE_SSL(ssl);
805
806 ret = SSL_read_ex(ssl, buf, sizeof(buf), &bytes_read);
807 if (!TEST_true(check_consistent_want(ssl, ret))
808 || !TEST_false(ret)
809 || !TEST_size_t_eq(bytes_read, 0))
810 goto err;
811
812 if (is_want(ssl, 0))
813 F_SPIN_AGAIN();
814
815 if (!TEST_int_eq(SSL_get_error(ssl, 0),
816 SSL_ERROR_ZERO_RETURN))
817 goto err;
818
819 if (!TEST_int_eq(SSL_want(ssl), SSL_NOTHING))
820 goto err;
821
822 ok = 1;
823 err:
824 return ok;
825 }
826
DEF_FUNC(hf_expect_conn_close_info)827 DEF_FUNC(hf_expect_conn_close_info)
828 {
829 int ok = 0;
830 SSL *ssl;
831 SSL_CONN_CLOSE_INFO cc_info = {0};
832 uint64_t error_code, expect_app, expect_remote;
833
834 F_POP(error_code);
835 F_POP2(expect_app, expect_remote);
836 REQUIRE_SSL(ssl);
837
838 /* TODO BLOCKING */
839
840 if (!SSL_get_conn_close_info(ssl, &cc_info, sizeof(cc_info)))
841 F_SPIN_AGAIN();
842
843 if (!TEST_int_eq((int)expect_app,
844 (cc_info.flags & SSL_CONN_CLOSE_FLAG_TRANSPORT) == 0)
845 || !TEST_int_eq((int)expect_remote,
846 (cc_info.flags & SSL_CONN_CLOSE_FLAG_LOCAL) == 0)
847 || !TEST_uint64_t_eq(error_code, cc_info.error_code)) {
848 TEST_info("connection close reason: %s", cc_info.reason);
849 goto err;
850 }
851
852 ok = 1;
853 err:
854 return ok;
855 }
856
DEF_FUNC(hf_wait_for_data)857 DEF_FUNC(hf_wait_for_data)
858 {
859 int ok = 0;
860 SSL *ssl;
861 char buf[1];
862 size_t bytes_read = 0;
863
864 REQUIRE_SSL(ssl);
865
866 if (!SSL_peek_ex(ssl, buf, sizeof(buf), &bytes_read)
867 || bytes_read == 0)
868 F_SPIN_AGAIN();
869
870 ok = 1;
871 err:
872 return ok;
873 }
874
DEF_FUNC(hf_expect_err)875 DEF_FUNC(hf_expect_err)
876 {
877 int ok = 0;
878 uint64_t lib, reason;
879
880 F_POP2(lib, reason);
881 if (!TEST_size_t_eq((size_t)ERR_GET_LIB(ERR_peek_last_error()),
882 (size_t)lib)
883 || !TEST_size_t_eq((size_t)ERR_GET_REASON(ERR_peek_last_error()),
884 (size_t)reason))
885 goto err;
886
887 ok = 1;
888 err:
889 return ok;
890 }
891
DEF_FUNC(hf_expect_ssl_err)892 DEF_FUNC(hf_expect_ssl_err)
893 {
894 int ok = 0;
895 uint64_t expected;
896 SSL *ssl;
897
898 F_POP(expected);
899 REQUIRE_SSL(ssl);
900
901 if (!TEST_size_t_eq((size_t)SSL_get_error(ssl, 0), (size_t)expected)
902 || !TEST_int_eq(SSL_want(ssl), SSL_NOTHING))
903 goto err;
904
905 ok = 1;
906 err:
907 return ok;
908 }
909
DEF_FUNC(hf_expect_stream_id)910 DEF_FUNC(hf_expect_stream_id)
911 {
912 int ok = 0;
913 SSL *ssl;
914 uint64_t expected, actual;
915
916 F_POP(expected);
917 REQUIRE_SSL(ssl);
918
919 actual = SSL_get_stream_id(ssl);
920 if (!TEST_uint64_t_eq(actual, expected))
921 goto err;
922
923 ok = 1;
924 err:
925 return ok;
926 }
927
DEF_FUNC(hf_select_ssl)928 DEF_FUNC(hf_select_ssl)
929 {
930 int ok = 0;
931 uint64_t slot;
932 const char *name;
933 RADIX_OBJ *obj;
934
935 F_POP2(slot, name);
936 if (!TEST_ptr(obj = RADIX_PROCESS_get_obj(RP(), name)))
937 goto err;
938
939 if (!TEST_uint64_t_lt(slot, NUM_SLOTS))
940 goto err;
941
942 RT()->slot[slot] = obj;
943 RT()->ssl[slot] = obj->ssl;
944 ok = 1;
945 err:
946 return ok;
947 }
948
DEF_FUNC(hf_clear_slot)949 DEF_FUNC(hf_clear_slot)
950 {
951 int ok = 0;
952 uint64_t slot;
953
954 F_POP(slot);
955 if (!TEST_uint64_t_lt(slot, NUM_SLOTS))
956 goto err;
957
958 RT()->slot[slot] = NULL;
959 RT()->ssl[slot] = NULL;
960 ok = 1;
961 err:
962 return ok;
963 }
964
DEF_FUNC(hf_skip_time)965 DEF_FUNC(hf_skip_time)
966 {
967 int ok = 0;
968 uint64_t ms;
969
970 F_POP(ms);
971
972 radix_skip_time(ossl_ms2time(ms));
973 ok = 1;
974 err:
975 return ok;
976 }
977
DEF_FUNC(hf_set_peer_addr_from)978 DEF_FUNC(hf_set_peer_addr_from)
979 {
980 int ok = 0;
981 SSL *dst_ssl, *src_ssl;
982 BIO *dst_bio, *src_bio;
983 int src_fd = -1;
984 union BIO_sock_info_u src_info;
985 BIO_ADDR *src_addr = NULL;
986
987 REQUIRE_SSL_N(0, dst_ssl);
988 REQUIRE_SSL_N(1, src_ssl);
989 dst_bio = SSL_get_rbio(dst_ssl);
990 src_bio = SSL_get_rbio(src_ssl);
991 if (!TEST_ptr(dst_bio) || !TEST_ptr(src_bio))
992 goto err;
993
994 if (!TEST_ptr(src_addr = BIO_ADDR_new()))
995 goto err;
996
997 if (!TEST_true(BIO_get_fd(src_bio, &src_fd))
998 || !TEST_int_ge(src_fd, 0))
999 goto err;
1000
1001 src_info.addr = src_addr;
1002 if (!TEST_true(BIO_sock_info(src_fd, BIO_SOCK_INFO_ADDRESS, &src_info))
1003 || !TEST_int_ge(ntohs(BIO_ADDR_rawport(src_addr)), 0))
1004 goto err;
1005
1006 /*
1007 * Could use SSL_set_initial_peer_addr here, but set it on the
1008 * BIO_s_datagram instead and make sure we pick it up automatically.
1009 */
1010 if (!TEST_true(BIO_dgram_set_peer(dst_bio, src_addr)))
1011 goto err;
1012
1013 ok = 1;
1014 err:
1015 BIO_ADDR_free(src_addr);
1016 return ok;
1017 }
1018
DEF_FUNC(hf_sleep)1019 DEF_FUNC(hf_sleep)
1020 {
1021 int ok = 0;
1022 uint64_t ms;
1023
1024 F_POP(ms);
1025
1026 OSSL_sleep(ms);
1027
1028 ok = 1;
1029 err:
1030 return ok;
1031 }
1032
1033 #define OP_UNBIND(name) \
1034 (OP_PUSH_PZ(#name), \
1035 OP_FUNC(hf_unbind))
1036
1037 #define OP_SELECT_SSL(slot, name) \
1038 (OP_PUSH_U64(slot), \
1039 OP_PUSH_PZ(#name), \
1040 OP_FUNC(hf_select_ssl))
1041
1042 #define OP_CLEAR_SLOT(slot) \
1043 (OP_PUSH_U64(slot), \
1044 OP_FUNC(hf_clear_slot))
1045
1046 #define OP_CONNECT_WAIT(name) \
1047 (OP_SELECT_SSL(0, name), \
1048 OP_FUNC(hf_connect_wait))
1049
1050 #define OP_LISTEN(name) \
1051 (OP_SELECT_SSL(0, name), \
1052 OP_FUNC(hf_listen))
1053
1054 #define OP_NEW_SSL_C(name) \
1055 (OP_PUSH_PZ(#name), \
1056 OP_PUSH_U64(0), \
1057 OP_FUNC(hf_new_ssl))
1058
1059 #define OP_NEW_SSL_L(name) \
1060 (OP_PUSH_PZ(#name), \
1061 OP_PUSH_U64(1), \
1062 OP_FUNC(hf_new_ssl))
1063
1064 #define OP_NEW_SSL_D(name) \
1065 (OP_PUSH_PZ(#name), \
1066 OP_PUSH_U64(3), \
1067 OP_FUNC(hf_new_ssl))
1068
1069 #define OP_NEW_SSL_L_LISTEN(name) \
1070 (OP_NEW_SSL_L(name), \
1071 OP_LISTEN(name))
1072
1073 #define OP_NEW_SSL_L_FROM(domain_name, listener_name, flags) \
1074 (OP_SELECT_SSL(0, domain_name), \
1075 OP_PUSH_PZ(#listener_name), \
1076 OP_PUSH_U64(flags), \
1077 OP_FUNC(hf_new_ssl_listener_from))
1078
1079 #define OP_NEW_SSL_L_FROM_LISTEN(domain_name, listener_name, flags) \
1080 (OP_NEW_SSL_L_FROM(domain_name, listener_name, flags), \
1081 OP_LISTEN(listener_name))
1082
1083 #define OP_SET_PEER_ADDR_FROM(dst_name, src_name) \
1084 (OP_SELECT_SSL(0, dst_name), \
1085 OP_SELECT_SSL(1, src_name), \
1086 OP_FUNC(hf_set_peer_addr_from))
1087
1088 #define OP_SIMPLE_PAIR_CONN() \
1089 (OP_NEW_SSL_L_LISTEN(L), \
1090 OP_NEW_SSL_C(C), \
1091 OP_SET_PEER_ADDR_FROM(C, L), \
1092 OP_CONNECT_WAIT(C))
1093
1094 #define OP_SIMPLE_PAIR_CONN_D() \
1095 (OP_NEW_SSL_D(Ds), \
1096 OP_NEW_SSL_L_FROM_LISTEN(Ds, L, 0), \
1097 OP_NEW_SSL_C(C), \
1098 OP_SET_PEER_ADDR_FROM(C, L), \
1099 OP_CONNECT_WAIT(C))
1100
1101 #define OP_SIMPLE_PAIR_CONN_ND() \
1102 (OP_SIMPLE_PAIR_CONN(), \
1103 OP_SET_DEFAULT_STREAM_MODE(C, SSL_DEFAULT_STREAM_MODE_NONE))
1104
1105 #define OP_NEW_STREAM(conn_name, stream_name, flags) \
1106 (OP_SELECT_SSL(0, conn_name), \
1107 OP_PUSH_PZ(#stream_name), \
1108 OP_PUSH_U64(flags), \
1109 OP_PUSH_U64(0), \
1110 OP_FUNC(hf_new_stream))
1111
1112 #define OP_ACCEPT_STREAM_WAIT(conn_name, stream_name, flags) \
1113 (OP_SELECT_SSL(0, conn_name), \
1114 OP_PUSH_PZ(#stream_name), \
1115 OP_PUSH_U64(flags), \
1116 OP_PUSH_U64(1), \
1117 OP_FUNC(hf_new_stream))
1118
1119 #define OP_ACCEPT_STREAM_NONE(conn_name) \
1120 (OP_SELECT_SSL(0, conn_name), \
1121 OP_FUNC(hf_accept_stream_none))
1122
1123 #define OP_ACCEPT_CONN_WAIT(listener_name, conn_name, flags) \
1124 (OP_SELECT_SSL(0, listener_name), \
1125 OP_PUSH_PZ(#conn_name), \
1126 OP_PUSH_U64(flags), \
1127 OP_FUNC(hf_accept_conn))
1128
1129 #define OP_ACCEPT_CONN_WAIT_ND(listener_name, conn_name, flags) \
1130 (OP_ACCEPT_CONN_WAIT(listener_name, conn_name, flags), \
1131 OP_SET_DEFAULT_STREAM_MODE(conn_name, SSL_DEFAULT_STREAM_MODE_NONE))
1132
1133 #define OP_ACCEPT_CONN_NONE(listener_name) \
1134 (OP_SELECT_SSL(0, listener_name), \
1135 OP_FUNC(hf_accept_conn_none))
1136
1137 #define OP_ACCEPT_CONN_WAIT1(listener_name, conn_name, flags) \
1138 (OP_ACCEPT_CONN_WAIT(listener_name, conn_name, flags), \
1139 OP_ACCEPT_CONN_NONE(listener_name))
1140
1141 #define OP_ACCEPT_CONN_WAIT1_ND(listener_name, conn_name, flags) \
1142 (OP_ACCEPT_CONN_WAIT_ND(listener_name, conn_name, flags), \
1143 OP_ACCEPT_CONN_NONE(listener_name))
1144
1145 #define OP_WRITE(name, buf, buf_len) \
1146 (OP_SELECT_SSL(0, name), \
1147 OP_PUSH_BUFP(buf, buf_len), \
1148 OP_FUNC(hf_write))
1149
1150 #define OP_WRITE_RAND(name, buf_len) \
1151 (OP_SELECT_SSL(0, name), \
1152 OP_PUSH_SIZE(buf_len), \
1153 OP_FUNC(hf_write_rand))
1154
1155 #define OP_WRITE_B(name, buf) \
1156 OP_WRITE(name, (buf), sizeof(buf))
1157
1158 #define OP_WRITE_EX2(name, buf, buf_len, flags) \
1159 (OP_SELECT_SSL(0, name), \
1160 OP_PUSH_BUFP(buf, buf_len), \
1161 OP_PUSH_U64(flags), \
1162 OP_FUNC(hf_write_ex2))
1163
1164 #define OP_WRITE_FAIL(name) \
1165 (OP_SELECT_SSL(0, name), \
1166 OP_FUNC(hf_write_fail))
1167
1168 #define OP_CONCLUDE(name) \
1169 (OP_SELECT_SSL(0, name), \
1170 OP_FUNC(hf_conclude))
1171
1172 #define OP_READ_EXPECT(name, buf, buf_len) \
1173 (OP_SELECT_SSL(0, name), \
1174 OP_PUSH_BUFP(buf, buf_len), \
1175 OP_FUNC(hf_read_expect))
1176
1177 #define OP_READ_EXPECT_B(name, buf) \
1178 OP_READ_EXPECT(name, (buf), sizeof(buf))
1179
1180 #define OP_READ_FAIL() \
1181 (OP_SELECT_SSL(0, name), \
1182 OP_PUSH_U64(0), \
1183 OP_FUNC(hf_read_fail))
1184
1185 #define OP_READ_FAIL_WAIT(name) \
1186 (OP_SELECT_SSL(0, name), \
1187 OP_PUSH_U64(1), \
1188 OP_FUNC(hf_read_fail)
1189
1190 #define OP_POP_ERR() \
1191 OP_FUNC(hf_pop_err)
1192
1193 #define OP_SET_DEFAULT_STREAM_MODE(name, mode) \
1194 (OP_SELECT_SSL(0, name), \
1195 OP_PUSH_U64(mode), \
1196 OP_FUNC(hf_set_default_stream_mode))
1197
1198 #define OP_SET_INCOMING_STREAM_POLICY(name, policy, error_code) \
1199 (OP_SELECT_SSL(0, name), \
1200 OP_PUSH_U64(policy), \
1201 OP_PUSH_U64(error_code), \
1202 OP_FUNC(hf_set_incoming_stream_policy))
1203
1204 #define OP_STREAM_RESET(name, error_code) \
1205 (OP_SELECT_SSL(0, name), \
1206 OP_PUSH_U64(flags), \
1207 OP_PUSH_U64(error_code), \
1208 OP_FUNC(hf_stream_reset)) \
1209
1210 #define OP_SHUTDOWN_WAIT(name, flags, error_code, reason) \
1211 (OP_SELECT_SSL(0, name), \
1212 OP_PUSH_U64(flags), \
1213 OP_PUSH_U64(error_code), \
1214 OP_PUSH_PZ(reason), \
1215 OP_FUNC(hf_shutdown_wait))
1216
1217 #define OP_DETACH(conn_name, stream_name) \
1218 (OP_SELECT_SSL(0, conn_name), \
1219 OP_PUSH_PZ(#stream_name), \
1220 OP_FUNC(hf_detach))
1221
1222 #define OP_ATTACH(conn_name, stream_name) \
1223 (OP_SELECT_SSL(0, conn_name), \
1224 OP_PUSH_PZ(stream_name), \
1225 OP_FUNC(hf_attach))
1226
1227 #define OP_EXPECT_FIN(name) \
1228 (OP_SELECT_SSL(0, name), \
1229 OP_FUNC(hf_expect_fin))
1230
1231 #define OP_EXPECT_CONN_CLOSE_INFO(name, error_code, expect_app, expect_remote) \
1232 (OP_SELECT_SSL(0, name), \
1233 OP_PUSH_U64(expect_app), \
1234 OP_PUSH_U64(expect_remote), \
1235 OP_PUSH_U64(error_code), \
1236 OP_FUNC(hf_expect_conn_close_info))
1237
1238 #define OP_WAIT_FOR_DATA(name) \
1239 (OP_SELECT_SSL(0, name), \
1240 OP_FUNC(hf_wait_for_data))
1241
1242 #define OP_EXPECT_ERR(lib, reason) \
1243 (OP_PUSH_U64(lib), \
1244 OP_PUSH_U64(reason), \
1245 OP_FUNC(hf_expect_err))
1246
1247 #define OP_EXPECT_SSL_ERR(name, expected) \
1248 (OP_SELECT_SSL(0, name), \
1249 OP_PUSH_U64(expected), \
1250 OP_FUNC(hf_expect_ssl_err))
1251
1252 #define OP_EXPECT_STREAM_ID(expected) \
1253 (OP_PUSH_U64(expected), \
1254 OP_FUNC(hf_expect_stream_id))
1255
1256 #define OP_SKIP_TIME(ms) \
1257 (OP_PUSH_U64(ms), \
1258 OP_FUNC(hf_skip_time))
1259
1260 #define OP_SLEEP(ms) \
1261 (OP_PUSH_U64(ms), \
1262 OP_FUNC(hf_sleep))
1263