1 /*
2 * Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9 #include <openssl/ssl.h>
10 #include <openssl/quic.h>
11 #include <openssl/bio.h>
12 #include <openssl/lhash.h>
13 #include <openssl/rand.h>
14 #include "internal/quic_tserver.h"
15 #include "internal/quic_ssl.h"
16 #include "internal/quic_error.h"
17 #include "internal/quic_stream_map.h"
18 #include "internal/quic_engine.h"
19 #include "testutil.h"
20 #include "helpers/quictestlib.h"
21 #if defined(OPENSSL_THREADS)
22 # include "internal/thread_arch.h"
23 #endif
24 #include "internal/numbers.h" /* UINT64_C */
25
26 static const char *certfile, *keyfile;
27
28 #if defined(_AIX)
29 /*
30 * Some versions of AIX define macros for events and revents for use when
31 * accessing pollfd structures (see Github issue #24236). That interferes
32 * with our use of these names here. We simply undef them.
33 */
34 # undef revents
35 # undef events
36 #endif
37
38 #if defined(OPENSSL_THREADS)
39 struct child_thread_args {
40 struct helper *h;
41 const struct script_op *script;
42 const char *script_name;
43 int thread_idx;
44
45 CRYPTO_THREAD *t;
46 CRYPTO_MUTEX *m;
47 int testresult;
48 int done;
49 int s_checked_out;
50 };
51 #endif
52
53 typedef struct stream_info {
54 const char *name;
55 SSL *c_stream;
56 uint64_t s_stream_id;
57 } STREAM_INFO;
58
59 DEFINE_LHASH_OF_EX(STREAM_INFO);
60
61 struct helper {
62 int s_fd;
63 BIO *s_net_bio, *s_net_bio_own, *s_qtf_wbio, *s_qtf_wbio_own;
64 /* The BIO_ADDR used for BIO_bind() */
65 BIO_ADDR *s_net_bio_orig_addr;
66 /* The resulting address, which is the one to connect to */
67 BIO_ADDR *s_net_bio_addr;
68
69 /*
70 * When doing a blocking mode test run, s_priv always points to the TSERVER
71 * and s is NULL when the main thread should not be touching s_priv.
72 */
73 QUIC_TSERVER *s, *s_priv;
74 LHASH_OF(STREAM_INFO) *s_streams;
75
76 int c_fd;
77 BIO *c_net_bio, *c_net_bio_own;
78 SSL_CTX *c_ctx;
79 SSL *c_conn;
80 LHASH_OF(STREAM_INFO) *c_streams;
81
82 #if defined(OPENSSL_THREADS)
83 struct child_thread_args *threads;
84 size_t num_threads;
85 CRYPTO_MUTEX *misc_m;
86 CRYPTO_CONDVAR *misc_cv;
87 #endif
88
89 OSSL_TIME start_time;
90
91 /*
92 * This is a duration recording the amount of time we have skipped forwards
93 * for testing purposes relative to the real ossl_time_now() clock. We add
94 * a quantity of time to this every time we skip some time.
95 */
96 CRYPTO_RWLOCK *time_lock;
97 OSSL_TIME time_slip; /* protected by time_lock */
98
99 QTEST_FAULT *qtf;
100
101 int init, blocking, check_spin_again;
102 int free_order, need_injector;
103
104 int (*qtf_packet_plain_cb)(struct helper *h, QUIC_PKT_HDR *hdr,
105 unsigned char *buf, size_t buf_len);
106 int (*qtf_handshake_cb)(struct helper *h,
107 unsigned char *buf, size_t buf_len);
108 int (*qtf_datagram_cb)(struct helper *h,
109 BIO_MSG *m, size_t stride);
110 uint64_t inject_word0, inject_word1;
111 uint64_t scratch0, scratch1, fail_count;
112 #if defined(OPENSSL_THREADS)
113 struct {
114 CRYPTO_THREAD *t;
115 CRYPTO_MUTEX *m;
116 CRYPTO_CONDVAR *c;
117 int ready, stop;
118 } server_thread;
119 int s_checked_out;
120 #endif
121 };
122
123 struct helper_local {
124 struct helper *h;
125 LHASH_OF(STREAM_INFO) *c_streams;
126 int thread_idx;
127 const struct script_op *check_op;
128 int explicit_event_handling;
129 };
130
131 struct script_op {
132 uint32_t op;
133 const void *arg0;
134 size_t arg1;
135 int (*check_func)(struct helper *h, struct helper_local *hl);
136 const char *stream_name;
137 uint64_t arg2;
138 int (*qtf_packet_plain_cb)(struct helper *h, QUIC_PKT_HDR *hdr,
139 unsigned char *buf, size_t buf_len);
140 int (*qtf_handshake_cb)(struct helper *h,
141 unsigned char *buf, size_t buf_len);
142 int (*qtf_datagram_cb)(struct helper *h,
143 BIO_MSG *m, size_t stride);
144 };
145
146 #define OPK_END 0
147 #define OPK_CHECK 1
148 #define OPK_C_SET_ALPN 2
149 #define OPK_C_CONNECT_WAIT 3
150 #define OPK_C_WRITE 4
151 #define OPK_S_WRITE 5
152 #define OPK_C_READ_EXPECT 6
153 #define OPK_S_READ_EXPECT 7
154 #define OPK_C_EXPECT_FIN 8
155 #define OPK_S_EXPECT_FIN 9
156 #define OPK_C_CONCLUDE 10
157 #define OPK_S_CONCLUDE 11
158 #define OPK_C_DETACH 12
159 #define OPK_C_ATTACH 13
160 #define OPK_C_NEW_STREAM 14
161 #define OPK_S_NEW_STREAM 15
162 #define OPK_C_ACCEPT_STREAM_WAIT 16
163 #define OPK_C_ACCEPT_STREAM_NONE 17
164 #define OPK_C_FREE_STREAM 18
165 #define OPK_C_SET_DEFAULT_STREAM_MODE 19
166 #define OPK_C_SET_INCOMING_STREAM_POLICY 20
167 #define OPK_C_SHUTDOWN_WAIT 21
168 #define OPK_C_EXPECT_CONN_CLOSE_INFO 22
169 #define OPK_S_EXPECT_CONN_CLOSE_INFO 23
170 #define OPK_S_BIND_STREAM_ID 24
171 #define OPK_C_WAIT_FOR_DATA 25
172 #define OPK_C_WRITE_FAIL 26
173 #define OPK_S_WRITE_FAIL 27
174 #define OPK_C_READ_FAIL 28
175 #define OPK_C_STREAM_RESET 29
176 #define OPK_S_ACCEPT_STREAM_WAIT 30
177 #define OPK_NEW_THREAD 31
178 #define OPK_BEGIN_REPEAT 32
179 #define OPK_END_REPEAT 33
180 #define OPK_S_UNBIND_STREAM_ID 34
181 #define OPK_C_READ_FAIL_WAIT 35
182 #define OPK_C_CLOSE_SOCKET 36
183 #define OPK_C_EXPECT_SSL_ERR 37
184 #define OPK_EXPECT_ERR_REASON 38
185 #define OPK_EXPECT_ERR_LIB 39
186 #define OPK_SLEEP 40
187 #define OPK_S_READ_FAIL 41
188 #define OPK_S_SET_INJECT_PLAIN 42
189 #define OPK_SET_INJECT_WORD 43
190 #define OPK_C_INHIBIT_TICK 44
191 #define OPK_C_SET_WRITE_BUF_SIZE 45
192 #define OPK_S_SET_INJECT_HANDSHAKE 46
193 #define OPK_S_NEW_TICKET 47
194 #define OPK_C_SKIP_IF_UNBOUND 48
195 #define OPK_S_SET_INJECT_DATAGRAM 49
196 #define OPK_S_SHUTDOWN 50
197 #define OPK_POP_ERR 51
198 #define OPK_C_WRITE_EX2 52
199 #define OPK_SKIP_IF_BLOCKING 53
200 #define OPK_C_STREAM_RESET_FAIL 54
201
202 #define EXPECT_CONN_CLOSE_APP (1U << 0)
203 #define EXPECT_CONN_CLOSE_REMOTE (1U << 1)
204
205 /* OPK_C_NEW_STREAM */
206 #define ALLOW_FAIL (1U << 16)
207
208 #define C_BIDI_ID(ordinal) \
209 (((ordinal) << 2) | QUIC_STREAM_INITIATOR_CLIENT | QUIC_STREAM_DIR_BIDI)
210 #define S_BIDI_ID(ordinal) \
211 (((ordinal) << 2) | QUIC_STREAM_INITIATOR_SERVER | QUIC_STREAM_DIR_BIDI)
212 #define C_UNI_ID(ordinal) \
213 (((ordinal) << 2) | QUIC_STREAM_INITIATOR_CLIENT | QUIC_STREAM_DIR_UNI)
214 #define S_UNI_ID(ordinal) \
215 (((ordinal) << 2) | QUIC_STREAM_INITIATOR_SERVER | QUIC_STREAM_DIR_UNI)
216
217 #define ANY_ID UINT64_MAX
218
219 #define OP_END \
220 {OPK_END}
221 #define OP_CHECK(func, arg2) \
222 {OPK_CHECK, NULL, 0, (func), NULL, (arg2)},
223 #define OP_C_SET_ALPN(alpn) \
224 {OPK_C_SET_ALPN, (alpn), 0, NULL, NULL},
225 #define OP_C_CONNECT_WAIT() \
226 {OPK_C_CONNECT_WAIT, NULL, 0, NULL, NULL},
227 #define OP_C_CONNECT_WAIT_OR_FAIL() \
228 {OPK_C_CONNECT_WAIT, NULL, 1, NULL, NULL},
229 #define OP_C_WRITE(stream_name, buf, buf_len) \
230 {OPK_C_WRITE, (buf), (buf_len), NULL, #stream_name},
231 #define OP_S_WRITE(stream_name, buf, buf_len) \
232 {OPK_S_WRITE, (buf), (buf_len), NULL, #stream_name},
233 #define OP_C_READ_EXPECT(stream_name, buf, buf_len) \
234 {OPK_C_READ_EXPECT, (buf), (buf_len), NULL, #stream_name},
235 #define OP_S_READ_EXPECT(stream_name, buf, buf_len) \
236 {OPK_S_READ_EXPECT, (buf), (buf_len), NULL, #stream_name},
237 #define OP_C_EXPECT_FIN(stream_name) \
238 {OPK_C_EXPECT_FIN, NULL, 0, NULL, #stream_name},
239 #define OP_S_EXPECT_FIN(stream_name) \
240 {OPK_S_EXPECT_FIN, NULL, 0, NULL, #stream_name},
241 #define OP_C_CONCLUDE(stream_name) \
242 {OPK_C_CONCLUDE, NULL, 0, NULL, #stream_name},
243 #define OP_S_CONCLUDE(stream_name) \
244 {OPK_S_CONCLUDE, NULL, 0, NULL, #stream_name},
245 #define OP_C_DETACH(stream_name) \
246 {OPK_C_DETACH, NULL, 0, NULL, #stream_name},
247 #define OP_C_ATTACH(stream_name) \
248 {OPK_C_ATTACH, NULL, 0, NULL, #stream_name},
249 #define OP_C_NEW_STREAM_BIDI(stream_name, expect_id) \
250 {OPK_C_NEW_STREAM, NULL, 0, NULL, #stream_name, (expect_id)},
251 #define OP_C_NEW_STREAM_BIDI_EX(stream_name, expect_id, flags) \
252 {OPK_C_NEW_STREAM, NULL, (flags), NULL, #stream_name, (expect_id)},
253 #define OP_C_NEW_STREAM_UNI(stream_name, expect_id) \
254 {OPK_C_NEW_STREAM, NULL, SSL_STREAM_FLAG_UNI, \
255 NULL, #stream_name, (expect_id)},
256 #define OP_C_NEW_STREAM_UNI_EX(stream_name, expect_id, flags) \
257 {OPK_C_NEW_STREAM, NULL, (flags) | SSL_STREAM_FLAG_UNI, \
258 NULL, #stream_name, (expect_id)},
259 #define OP_S_NEW_STREAM_BIDI(stream_name, expect_id) \
260 {OPK_S_NEW_STREAM, NULL, 0, NULL, #stream_name, (expect_id)},
261 #define OP_S_NEW_STREAM_UNI(stream_name, expect_id) \
262 {OPK_S_NEW_STREAM, NULL, 1, NULL, #stream_name, (expect_id)},
263 #define OP_C_ACCEPT_STREAM_WAIT(stream_name) \
264 {OPK_C_ACCEPT_STREAM_WAIT, NULL, 0, NULL, #stream_name},
265 #define OP_C_ACCEPT_STREAM_NONE() \
266 {OPK_C_ACCEPT_STREAM_NONE, NULL, 0, NULL, NULL},
267 #define OP_C_FREE_STREAM(stream_name) \
268 {OPK_C_FREE_STREAM, NULL, 0, NULL, #stream_name},
269 #define OP_C_SET_DEFAULT_STREAM_MODE(mode) \
270 {OPK_C_SET_DEFAULT_STREAM_MODE, NULL, (mode), NULL, NULL},
271 #define OP_C_SET_INCOMING_STREAM_POLICY(policy) \
272 {OPK_C_SET_INCOMING_STREAM_POLICY, NULL, (policy), NULL, NULL},
273 #define OP_C_SHUTDOWN_WAIT(reason, flags) \
274 {OPK_C_SHUTDOWN_WAIT, (reason), (flags), NULL, NULL},
275 #define OP_C_EXPECT_CONN_CLOSE_INFO(ec, app, remote) \
276 {OPK_C_EXPECT_CONN_CLOSE_INFO, NULL, \
277 ((app) ? EXPECT_CONN_CLOSE_APP : 0) | \
278 ((remote) ? EXPECT_CONN_CLOSE_REMOTE : 0), \
279 NULL, NULL, (ec)},
280 #define OP_S_EXPECT_CONN_CLOSE_INFO(ec, app, remote) \
281 {OPK_S_EXPECT_CONN_CLOSE_INFO, NULL, \
282 ((app) ? EXPECT_CONN_CLOSE_APP : 0) | \
283 ((remote) ? EXPECT_CONN_CLOSE_REMOTE : 0), \
284 NULL, NULL, (ec)},
285 #define OP_S_BIND_STREAM_ID(stream_name, stream_id) \
286 {OPK_S_BIND_STREAM_ID, NULL, 0, NULL, #stream_name, (stream_id)},
287 #define OP_C_WAIT_FOR_DATA(stream_name) \
288 {OPK_C_WAIT_FOR_DATA, NULL, 0, NULL, #stream_name},
289 #define OP_C_WRITE_FAIL(stream_name) \
290 {OPK_C_WRITE_FAIL, NULL, 0, NULL, #stream_name},
291 #define OP_S_WRITE_FAIL(stream_name) \
292 {OPK_S_WRITE_FAIL, NULL, 0, NULL, #stream_name},
293 #define OP_C_READ_FAIL(stream_name) \
294 {OPK_C_READ_FAIL, NULL, 0, NULL, #stream_name},
295 #define OP_S_READ_FAIL(stream_name, allow_zero_len) \
296 {OPK_S_READ_FAIL, NULL, (allow_zero_len), NULL, #stream_name},
297 #define OP_C_STREAM_RESET(stream_name, aec) \
298 {OPK_C_STREAM_RESET, NULL, 0, NULL, #stream_name, (aec)},
299 #define OP_C_STREAM_RESET_FAIL(stream_name, aec) \
300 {OPK_C_STREAM_RESET_FAIL, NULL, 0, NULL, #stream_name, (aec)},
301 #define OP_S_ACCEPT_STREAM_WAIT(stream_name) \
302 {OPK_S_ACCEPT_STREAM_WAIT, NULL, 0, NULL, #stream_name},
303 #define OP_NEW_THREAD(num_threads, script) \
304 {OPK_NEW_THREAD, (script), (num_threads), NULL, NULL, 0 },
305 #define OP_BEGIN_REPEAT(n) \
306 {OPK_BEGIN_REPEAT, NULL, (n)},
307 #define OP_END_REPEAT() \
308 {OPK_END_REPEAT},
309 #define OP_S_UNBIND_STREAM_ID(stream_name) \
310 {OPK_S_UNBIND_STREAM_ID, NULL, 0, NULL, #stream_name},
311 #define OP_C_READ_FAIL_WAIT(stream_name) \
312 {OPK_C_READ_FAIL_WAIT, NULL, 0, NULL, #stream_name},
313 #define OP_C_CLOSE_SOCKET() \
314 {OPK_C_CLOSE_SOCKET},
315 #define OP_C_EXPECT_SSL_ERR(stream_name, err) \
316 {OPK_C_EXPECT_SSL_ERR, NULL, (err), NULL, #stream_name},
317 #define OP_EXPECT_ERR_REASON(err) \
318 {OPK_EXPECT_ERR_REASON, NULL, (err)},
319 #define OP_EXPECT_ERR_LIB(lib) \
320 {OPK_EXPECT_ERR_LIB, NULL, (lib)},
321 #define OP_SLEEP(ms) \
322 {OPK_SLEEP, NULL, 0, NULL, NULL, (ms)},
323 #define OP_S_SET_INJECT_PLAIN(f) \
324 {OPK_S_SET_INJECT_PLAIN, NULL, 0, NULL, NULL, 0, (f)},
325 #define OP_SET_INJECT_WORD(w0, w1) \
326 {OPK_SET_INJECT_WORD, NULL, (w0), NULL, NULL, (w1), NULL},
327 #define OP_C_INHIBIT_TICK(inhibit) \
328 {OPK_C_INHIBIT_TICK, NULL, (inhibit), NULL, NULL, 0, NULL},
329 #define OP_C_SET_WRITE_BUF_SIZE(stream_name, size) \
330 {OPK_C_SET_WRITE_BUF_SIZE, NULL, (size), NULL, #stream_name},
331 #define OP_S_SET_INJECT_HANDSHAKE(f) \
332 {OPK_S_SET_INJECT_HANDSHAKE, NULL, 0, NULL, NULL, 0, NULL, (f)},
333 #define OP_S_NEW_TICKET() \
334 {OPK_S_NEW_TICKET},
335 #define OP_C_SKIP_IF_UNBOUND(stream_name, n) \
336 {OPK_C_SKIP_IF_UNBOUND, NULL, (n), NULL, #stream_name},
337 #define OP_S_SET_INJECT_DATAGRAM(f) \
338 {OPK_S_SET_INJECT_DATAGRAM, NULL, 0, NULL, NULL, 0, NULL, NULL, (f)},
339 #define OP_S_SHUTDOWN(error_code) \
340 {OPK_S_SHUTDOWN, NULL, (error_code)},
341 #define OP_POP_ERR() \
342 {OPK_POP_ERR},
343 #define OP_C_WRITE_EX2(stream_name, buf, buf_len, flags) \
344 {OPK_C_WRITE_EX2, (buf), (buf_len), NULL, #stream_name, (flags)},
345 #define OP_CHECK2(func, arg1, arg2) \
346 {OPK_CHECK, NULL, (arg1), (func), NULL, (arg2)},
347 #define OP_SKIP_IF_BLOCKING(n) \
348 {OPK_SKIP_IF_BLOCKING, NULL, (n), NULL, 0},
349
get_time(void * arg)350 static OSSL_TIME get_time(void *arg)
351 {
352 struct helper *h = arg;
353 OSSL_TIME t;
354
355 if (!TEST_true(CRYPTO_THREAD_read_lock(h->time_lock)))
356 return ossl_time_zero();
357
358 t = ossl_time_add(ossl_time_now(), h->time_slip);
359
360 CRYPTO_THREAD_unlock(h->time_lock);
361 return t;
362 }
363
skip_time_ms(struct helper * h,struct helper_local * hl)364 static int skip_time_ms(struct helper *h, struct helper_local *hl)
365 {
366 if (!TEST_true(CRYPTO_THREAD_write_lock(h->time_lock)))
367 return 0;
368
369 h->time_slip = ossl_time_add(h->time_slip, ossl_ms2time(hl->check_op->arg2));
370
371 CRYPTO_THREAD_unlock(h->time_lock);
372 return 1;
373 }
374
375 static QUIC_TSERVER *s_lock(struct helper *h, struct helper_local *hl);
376 static void s_unlock(struct helper *h, struct helper_local *hl);
377
378 #define ACQUIRE_S() s_lock(h, hl)
379 #define ACQUIRE_S_NOHL() s_lock(h, NULL)
380
check_rejected(struct helper * h,struct helper_local * hl)381 static int check_rejected(struct helper *h, struct helper_local *hl)
382 {
383 uint64_t stream_id = hl->check_op->arg2;
384
385 if (!ossl_quic_tserver_stream_has_peer_stop_sending(ACQUIRE_S(), stream_id, NULL)
386 || !ossl_quic_tserver_stream_has_peer_reset_stream(ACQUIRE_S(), stream_id, NULL)) {
387 h->check_spin_again = 1;
388 return 0;
389 }
390
391 return 1;
392 }
393
check_stream_reset(struct helper * h,struct helper_local * hl)394 static int check_stream_reset(struct helper *h, struct helper_local *hl)
395 {
396 uint64_t stream_id = hl->check_op->arg2, aec = 0;
397
398 if (!ossl_quic_tserver_stream_has_peer_reset_stream(ACQUIRE_S(), stream_id, &aec)) {
399 h->check_spin_again = 1;
400 return 0;
401 }
402
403 return TEST_uint64_t_eq(aec, 42);
404 }
405
check_stream_stopped(struct helper * h,struct helper_local * hl)406 static int check_stream_stopped(struct helper *h, struct helper_local *hl)
407 {
408 uint64_t stream_id = hl->check_op->arg2;
409
410 if (!ossl_quic_tserver_stream_has_peer_stop_sending(ACQUIRE_S(), stream_id, NULL)) {
411 h->check_spin_again = 1;
412 return 0;
413 }
414
415 return 1;
416 }
417
override_key_update(struct helper * h,struct helper_local * hl)418 static int override_key_update(struct helper *h, struct helper_local *hl)
419 {
420 QUIC_CHANNEL *ch = ossl_quic_conn_get_channel(h->c_conn);
421
422 ossl_quic_channel_set_txku_threshold_override(ch, hl->check_op->arg2);
423 return 1;
424 }
425
trigger_key_update(struct helper * h,struct helper_local * hl)426 static int trigger_key_update(struct helper *h, struct helper_local *hl)
427 {
428 if (!TEST_true(SSL_key_update(h->c_conn, SSL_KEY_UPDATE_REQUESTED)))
429 return 0;
430
431 return 1;
432 }
433
check_key_update_ge(struct helper * h,struct helper_local * hl)434 static int check_key_update_ge(struct helper *h, struct helper_local *hl)
435 {
436 QUIC_CHANNEL *ch = ossl_quic_conn_get_channel(h->c_conn);
437 int64_t txke = (int64_t)ossl_quic_channel_get_tx_key_epoch(ch);
438 int64_t rxke = (int64_t)ossl_quic_channel_get_rx_key_epoch(ch);
439 int64_t diff = txke - rxke;
440
441 /*
442 * TXKE must always be equal to or ahead of RXKE.
443 * It can be ahead of RXKE by at most 1.
444 */
445 if (!TEST_int64_t_ge(diff, 0) || !TEST_int64_t_le(diff, 1))
446 return 0;
447
448 /* Caller specifies a minimum number of RXKEs which must have happened. */
449 if (!TEST_uint64_t_ge((uint64_t)rxke, hl->check_op->arg2))
450 return 0;
451
452 return 1;
453 }
454
check_key_update_lt(struct helper * h,struct helper_local * hl)455 static int check_key_update_lt(struct helper *h, struct helper_local *hl)
456 {
457 QUIC_CHANNEL *ch = ossl_quic_conn_get_channel(h->c_conn);
458 uint64_t txke = ossl_quic_channel_get_tx_key_epoch(ch);
459
460 /* Caller specifies a maximum number of TXKEs which must have happened. */
461 if (!TEST_uint64_t_lt(txke, hl->check_op->arg2))
462 return 0;
463
464 return 1;
465 }
466
stream_info_hash(const STREAM_INFO * info)467 static unsigned long stream_info_hash(const STREAM_INFO *info)
468 {
469 return OPENSSL_LH_strhash(info->name);
470 }
471
stream_info_cmp(const STREAM_INFO * a,const STREAM_INFO * b)472 static int stream_info_cmp(const STREAM_INFO *a, const STREAM_INFO *b)
473 {
474 return strcmp(a->name, b->name);
475 }
476
cleanup_stream(STREAM_INFO * info)477 static void cleanup_stream(STREAM_INFO *info)
478 {
479 SSL_free(info->c_stream);
480 OPENSSL_free(info);
481 }
482
helper_cleanup_streams(LHASH_OF (STREAM_INFO)** lh)483 static void helper_cleanup_streams(LHASH_OF(STREAM_INFO) **lh)
484 {
485 if (*lh == NULL)
486 return;
487
488 lh_STREAM_INFO_doall(*lh, cleanup_stream);
489 lh_STREAM_INFO_free(*lh);
490 *lh = NULL;
491 }
492
493 #if defined(OPENSSL_THREADS)
494 static CRYPTO_THREAD_RETVAL run_script_child_thread(void *arg);
495
join_threads(struct child_thread_args * threads,size_t num_threads)496 static int join_threads(struct child_thread_args *threads, size_t num_threads)
497 {
498 int ok = 1;
499 size_t i;
500 CRYPTO_THREAD_RETVAL rv;
501
502 for (i = 0; i < num_threads; ++i) {
503 if (threads[i].t != NULL) {
504 ossl_crypto_thread_native_join(threads[i].t, &rv);
505
506 if (!threads[i].testresult)
507 /* Do not log failure here, worker will do it. */
508 ok = 0;
509
510 ossl_crypto_thread_native_clean(threads[i].t);
511 threads[i].t = NULL;
512 }
513
514 ossl_crypto_mutex_free(&threads[i].m);
515 }
516
517 return ok;
518 }
519
join_server_thread(struct helper * h)520 static int join_server_thread(struct helper *h)
521 {
522 CRYPTO_THREAD_RETVAL rv;
523
524 if (h->server_thread.t == NULL)
525 return 1;
526
527 ossl_crypto_mutex_lock(h->server_thread.m);
528 h->server_thread.stop = 1;
529 ossl_crypto_condvar_signal(h->server_thread.c);
530 ossl_crypto_mutex_unlock(h->server_thread.m);
531
532 ossl_crypto_thread_native_join(h->server_thread.t, &rv);
533 ossl_crypto_thread_native_clean(h->server_thread.t);
534 h->server_thread.t = NULL;
535 return 1;
536 }
537
538 /* Ensure the server-state lock is currently held. Idempotent. */
s_checked_out_p(struct helper * h,int thread_idx)539 static int *s_checked_out_p(struct helper *h, int thread_idx)
540 {
541 return (thread_idx < 0) ? &h->s_checked_out
542 : &h->threads[thread_idx].s_checked_out;
543 }
544
s_lock(struct helper * h,struct helper_local * hl)545 static QUIC_TSERVER *s_lock(struct helper *h, struct helper_local *hl)
546 {
547 int *p_checked_out = s_checked_out_p(h, hl == NULL ? -1 : hl->thread_idx);
548
549 if (h->server_thread.m == NULL || *p_checked_out)
550 return h->s;
551
552 ossl_crypto_mutex_lock(h->server_thread.m);
553 h->s = h->s_priv;
554 *p_checked_out = 1;
555 return h->s;
556 }
557
558 /* Ensure the server-state lock is currently not held. Idempotent. */
s_unlock(struct helper * h,struct helper_local * hl)559 static void s_unlock(struct helper *h, struct helper_local *hl)
560 {
561 int *p_checked_out = s_checked_out_p(h, hl->thread_idx);
562
563 if (h->server_thread.m == NULL || !*p_checked_out)
564 return;
565
566 *p_checked_out = 0;
567 h->s = NULL;
568 ossl_crypto_mutex_unlock(h->server_thread.m);
569 }
570
server_helper_thread(void * arg)571 static unsigned int server_helper_thread(void *arg)
572 {
573 struct helper *h = arg;
574
575 ossl_crypto_mutex_lock(h->server_thread.m);
576
577 for (;;) {
578 int ready, stop;
579
580 ready = h->server_thread.ready;
581 stop = h->server_thread.stop;
582
583 if (stop)
584 break;
585
586 if (!ready) {
587 ossl_crypto_condvar_wait(h->server_thread.c, h->server_thread.m);
588 continue;
589 }
590
591 ossl_quic_tserver_tick(h->s_priv);
592 ossl_crypto_mutex_unlock(h->server_thread.m);
593 /*
594 * Give the main thread an opportunity to get the mutex, which is
595 * sometimes necessary in some script operations.
596 */
597 OSSL_sleep(1);
598 ossl_crypto_mutex_lock(h->server_thread.m);
599 }
600
601 ossl_crypto_mutex_unlock(h->server_thread.m);
602 return 1;
603 }
604
605 #else
606
s_lock(struct helper * h,struct helper_local * hl)607 static QUIC_TSERVER *s_lock(struct helper *h, struct helper_local *hl)
608 {
609 return h->s;
610 }
611
s_unlock(struct helper * h,struct helper_local * hl)612 static void s_unlock(struct helper *h, struct helper_local *hl)
613 {}
614
615 #endif
616
helper_cleanup(struct helper * h)617 static void helper_cleanup(struct helper *h)
618 {
619 #if defined(OPENSSL_THREADS)
620 join_threads(h->threads, h->num_threads);
621 join_server_thread(h);
622 OPENSSL_free(h->threads);
623 h->threads = NULL;
624 h->num_threads = 0;
625 #endif
626
627 if (h->free_order == 0) {
628 /* order 0: streams, then conn */
629 helper_cleanup_streams(&h->c_streams);
630
631 SSL_free(h->c_conn);
632 h->c_conn = NULL;
633 } else {
634 /* order 1: conn, then streams */
635 SSL_free(h->c_conn);
636 h->c_conn = NULL;
637
638 helper_cleanup_streams(&h->c_streams);
639 }
640
641 helper_cleanup_streams(&h->s_streams);
642 ossl_quic_tserver_free(h->s_priv);
643 h->s_priv = h->s = NULL;
644
645 BIO_free(h->s_net_bio_own);
646 h->s_net_bio_own = NULL;
647
648 BIO_free(h->c_net_bio_own);
649 h->c_net_bio_own = NULL;
650
651 BIO_free(h->s_qtf_wbio_own);
652 h->s_qtf_wbio_own = NULL;
653
654 qtest_fault_free(h->qtf);
655 h->qtf = NULL;
656
657 if (h->s_fd >= 0) {
658 BIO_closesocket(h->s_fd);
659 h->s_fd = -1;
660 }
661
662 if (h->c_fd >= 0) {
663 BIO_closesocket(h->c_fd);
664 h->c_fd = -1;
665 }
666
667 BIO_ADDR_free(h->s_net_bio_addr);
668 h->s_net_bio_addr = NULL;
669 BIO_ADDR_free(h->s_net_bio_orig_addr);
670 h->s_net_bio_orig_addr = NULL;
671
672 SSL_CTX_free(h->c_ctx);
673 h->c_ctx = NULL;
674
675 CRYPTO_THREAD_lock_free(h->time_lock);
676 h->time_lock = NULL;
677
678 #if defined(OPENSSL_THREADS)
679 ossl_crypto_mutex_free(&h->misc_m);
680 ossl_crypto_condvar_free(&h->misc_cv);
681 ossl_crypto_mutex_free(&h->server_thread.m);
682 ossl_crypto_condvar_free(&h->server_thread.c);
683 #endif
684 }
685
helper_init(struct helper * h,const char * script_name,int free_order,int blocking,int need_injector)686 static int helper_init(struct helper *h, const char *script_name,
687 int free_order, int blocking,
688 int need_injector)
689 {
690 struct in_addr ina = {0};
691 QUIC_TSERVER_ARGS s_args = {0};
692 union BIO_sock_info_u info;
693 char title[128];
694 QTEST_DATA *bdata = NULL;
695
696 memset(h, 0, sizeof(*h));
697 h->c_fd = -1;
698 h->s_fd = -1;
699 h->free_order = free_order;
700 h->blocking = blocking;
701 h->need_injector = need_injector;
702 h->time_slip = ossl_time_zero();
703
704 bdata = OPENSSL_zalloc(sizeof(QTEST_DATA));
705 if (bdata == NULL)
706 goto err;
707
708 if (!TEST_ptr(h->time_lock = CRYPTO_THREAD_lock_new()))
709 goto err;
710
711 if (!TEST_ptr(h->s_streams = lh_STREAM_INFO_new(stream_info_hash,
712 stream_info_cmp)))
713 goto err;
714
715 if (!TEST_ptr(h->c_streams = lh_STREAM_INFO_new(stream_info_hash,
716 stream_info_cmp)))
717 goto err;
718
719 ina.s_addr = htonl(0x7f000001UL);
720
721 h->s_fd = BIO_socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP, 0);
722 if (!TEST_int_ge(h->s_fd, 0))
723 goto err;
724
725 if (!TEST_true(BIO_socket_nbio(h->s_fd, 1)))
726 goto err;
727
728 if (!TEST_ptr(h->s_net_bio_orig_addr = BIO_ADDR_new())
729 || !TEST_ptr(h->s_net_bio_addr = BIO_ADDR_new()))
730 goto err;
731
732 if (!TEST_true(BIO_ADDR_rawmake(h->s_net_bio_orig_addr, AF_INET,
733 &ina, sizeof(ina), 0)))
734 goto err;
735
736 if (!TEST_true(BIO_bind(h->s_fd, h->s_net_bio_orig_addr, 0)))
737 goto err;
738
739 info.addr = h->s_net_bio_addr;
740 if (!TEST_true(BIO_sock_info(h->s_fd, BIO_SOCK_INFO_ADDRESS, &info)))
741 goto err;
742
743 if (!TEST_int_gt(BIO_ADDR_rawport(h->s_net_bio_addr), 0))
744 goto err;
745
746 if (!TEST_ptr(h->s_net_bio = h->s_net_bio_own = BIO_new_dgram(h->s_fd, 0)))
747 goto err;
748
749 if (!BIO_up_ref(h->s_net_bio))
750 goto err;
751
752 if (need_injector) {
753 h->s_qtf_wbio = h->s_qtf_wbio_own = BIO_new(qtest_get_bio_method());
754 if (!TEST_ptr(h->s_qtf_wbio))
755 goto err;
756
757 if (!TEST_ptr(BIO_push(h->s_qtf_wbio, h->s_net_bio)))
758 goto err;
759
760 s_args.net_wbio = h->s_qtf_wbio;
761 } else {
762 s_args.net_wbio = h->s_net_bio;
763 }
764
765 s_args.net_rbio = h->s_net_bio;
766 s_args.alpn = NULL;
767 s_args.now_cb = get_time;
768 s_args.now_cb_arg = h;
769 s_args.ctx = NULL;
770
771 if (!TEST_ptr(h->s_priv = ossl_quic_tserver_new(&s_args, certfile, keyfile)))
772 goto err;
773
774 if (!blocking)
775 h->s = h->s_priv;
776
777 if (need_injector) {
778 h->qtf = qtest_create_injector(h->s_priv);
779 if (!TEST_ptr(h->qtf))
780 goto err;
781 bdata->fault = h->qtf;
782 BIO_set_data(h->s_qtf_wbio, bdata);
783 }
784
785 h->s_net_bio_own = NULL;
786 h->s_qtf_wbio_own = NULL;
787
788 h->c_fd = BIO_socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP, 0);
789 if (!TEST_int_ge(h->c_fd, 0))
790 goto err;
791
792 if (!TEST_true(BIO_socket_nbio(h->c_fd, 1)))
793 goto err;
794
795 if (!TEST_ptr(h->c_net_bio = h->c_net_bio_own = BIO_new_dgram(h->c_fd, 0)))
796 goto err;
797
798 if (!TEST_true(BIO_dgram_set_peer(h->c_net_bio, h->s_net_bio_addr)))
799 goto err;
800
801 if (!TEST_ptr(h->c_ctx = SSL_CTX_new(OSSL_QUIC_client_method())))
802 goto err;
803
804 /* Set title for qlog purposes. */
805 BIO_snprintf(title, sizeof(title), "quic_multistream_test: %s", script_name);
806 if (!TEST_true(ossl_quic_set_diag_title(h->c_ctx, title)))
807 goto err;
808
809 if (!TEST_ptr(h->c_conn = SSL_new(h->c_ctx)))
810 goto err;
811
812 /* Use custom time function for virtual time skip. */
813 if (!TEST_true(ossl_quic_set_override_now_cb(h->c_conn, get_time, h)))
814 goto err;
815
816 /* Takes ownership of our reference to the BIO. */
817 SSL_set0_rbio(h->c_conn, h->c_net_bio);
818 h->c_net_bio_own = NULL;
819
820 if (!TEST_true(BIO_up_ref(h->c_net_bio)))
821 goto err;
822
823 SSL_set0_wbio(h->c_conn, h->c_net_bio);
824
825 if (!TEST_true(SSL_set_blocking_mode(h->c_conn, h->blocking)))
826 goto err;
827
828 #if defined(OPENSSL_THREADS)
829 if (!TEST_ptr(h->misc_m = ossl_crypto_mutex_new()))
830 goto err;
831 if (!TEST_ptr(h->misc_cv = ossl_crypto_condvar_new()))
832 goto err;
833 #endif
834
835 if (h->blocking) {
836 #if defined(OPENSSL_THREADS)
837 if (!TEST_ptr(h->server_thread.m = ossl_crypto_mutex_new()))
838 goto err;
839
840 if (!TEST_ptr(h->server_thread.c = ossl_crypto_condvar_new()))
841 goto err;
842
843 h->server_thread.t
844 = ossl_crypto_thread_native_start(server_helper_thread, h, 1);
845 if (!TEST_ptr(h->server_thread.t))
846 goto err;
847 #else
848 TEST_error("cannot support blocking mode without threads");
849 goto err;
850 #endif
851 }
852
853 h->start_time = ossl_time_now();
854 h->init = 1;
855 return 1;
856
857 err:
858 helper_cleanup(h);
859 return 0;
860 }
861
helper_local_init(struct helper_local * hl,struct helper * h,int thread_idx)862 static int helper_local_init(struct helper_local *hl, struct helper *h,
863 int thread_idx)
864 {
865 hl->h = h;
866 hl->c_streams = NULL;
867 hl->thread_idx = thread_idx;
868 hl->explicit_event_handling = 0;
869
870 if (!TEST_ptr(h))
871 return 0;
872
873 if (thread_idx < 0) {
874 hl->c_streams = h->c_streams;
875 } else {
876 if (!TEST_ptr(hl->c_streams = lh_STREAM_INFO_new(stream_info_hash,
877 stream_info_cmp)))
878 return 0;
879 }
880
881 return 1;
882 }
883
helper_local_cleanup(struct helper_local * hl)884 static void helper_local_cleanup(struct helper_local *hl)
885 {
886 if (hl->h == NULL)
887 return;
888
889 if (hl->thread_idx >= 0)
890 helper_cleanup_streams(&hl->c_streams);
891
892 hl->h = NULL;
893 }
894
get_stream_info(LHASH_OF (STREAM_INFO)* lh,const char * stream_name)895 static STREAM_INFO *get_stream_info(LHASH_OF(STREAM_INFO) *lh,
896 const char *stream_name)
897 {
898 STREAM_INFO key, *info;
899
900 if (!TEST_ptr(stream_name))
901 return NULL;
902
903 if (!strcmp(stream_name, "DEFAULT"))
904 return NULL;
905
906 key.name = stream_name;
907 info = lh_STREAM_INFO_retrieve(lh, &key);
908 if (info == NULL) {
909 info = OPENSSL_zalloc(sizeof(*info));
910 if (info == NULL)
911 return NULL;
912
913 info->name = stream_name;
914 info->s_stream_id = UINT64_MAX;
915 lh_STREAM_INFO_insert(lh, info);
916 }
917
918 return info;
919 }
920
helper_local_set_c_stream(struct helper_local * hl,const char * stream_name,SSL * c_stream)921 static int helper_local_set_c_stream(struct helper_local *hl,
922 const char *stream_name,
923 SSL *c_stream)
924 {
925 STREAM_INFO *info = get_stream_info(hl->c_streams, stream_name);
926
927 if (info == NULL)
928 return 0;
929
930 info->c_stream = c_stream;
931 info->s_stream_id = UINT64_MAX;
932 return 1;
933 }
934
helper_local_get_c_stream(struct helper_local * hl,const char * stream_name)935 static SSL *helper_local_get_c_stream(struct helper_local *hl,
936 const char *stream_name)
937 {
938 STREAM_INFO *info;
939
940 if (!strcmp(stream_name, "DEFAULT"))
941 return hl->h->c_conn;
942
943 info = get_stream_info(hl->c_streams, stream_name);
944 if (info == NULL)
945 return NULL;
946
947 return info->c_stream;
948 }
949
950 static int
helper_set_s_stream(struct helper * h,const char * stream_name,uint64_t s_stream_id)951 helper_set_s_stream(struct helper *h, const char *stream_name,
952 uint64_t s_stream_id)
953 {
954 STREAM_INFO *info;
955
956 if (!strcmp(stream_name, "DEFAULT"))
957 return 0;
958
959 info = get_stream_info(h->s_streams, stream_name);
960 if (info == NULL)
961 return 0;
962
963 info->c_stream = NULL;
964 info->s_stream_id = s_stream_id;
965 return 1;
966 }
967
helper_get_s_stream(struct helper * h,const char * stream_name)968 static uint64_t helper_get_s_stream(struct helper *h, const char *stream_name)
969 {
970 STREAM_INFO *info;
971
972 if (!strcmp(stream_name, "DEFAULT"))
973 return UINT64_MAX;
974
975 info = get_stream_info(h->s_streams, stream_name);
976 if (info == NULL)
977 return UINT64_MAX;
978
979 return info->s_stream_id;
980 }
981
helper_packet_plain_listener(QTEST_FAULT * qtf,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t buf_len,void * arg)982 static int helper_packet_plain_listener(QTEST_FAULT *qtf, QUIC_PKT_HDR *hdr,
983 unsigned char *buf, size_t buf_len,
984 void *arg)
985 {
986 struct helper *h = arg;
987
988 return h->qtf_packet_plain_cb(h, hdr, buf, buf_len);
989 }
990
helper_handshake_listener(QTEST_FAULT * fault,unsigned char * buf,size_t buf_len,void * arg)991 static int helper_handshake_listener(QTEST_FAULT *fault,
992 unsigned char *buf, size_t buf_len,
993 void *arg)
994 {
995 struct helper *h = arg;
996
997 return h->qtf_handshake_cb(h, buf, buf_len);
998 }
999
helper_datagram_listener(QTEST_FAULT * fault,BIO_MSG * msg,size_t stride,void * arg)1000 static int helper_datagram_listener(QTEST_FAULT *fault,
1001 BIO_MSG *msg, size_t stride,
1002 void *arg)
1003 {
1004 struct helper *h = arg;
1005
1006 return h->qtf_datagram_cb(h, msg, stride);
1007 }
1008
is_want(SSL * s,int ret)1009 static int is_want(SSL *s, int ret)
1010 {
1011 int ec = SSL_get_error(s, ret);
1012
1013 return ec == SSL_ERROR_WANT_READ || ec == SSL_ERROR_WANT_WRITE;
1014 }
1015
check_consistent_want(SSL * s,int ret)1016 static int check_consistent_want(SSL *s, int ret)
1017 {
1018 int ec = SSL_get_error(s, ret);
1019 int w = SSL_want(s);
1020
1021 int ok = TEST_true(
1022 (ec == SSL_ERROR_NONE && w == SSL_NOTHING)
1023 || (ec == SSL_ERROR_ZERO_RETURN && w == SSL_NOTHING)
1024 || (ec == SSL_ERROR_SSL && w == SSL_NOTHING)
1025 || (ec == SSL_ERROR_SYSCALL && w == SSL_NOTHING)
1026 || (ec == SSL_ERROR_WANT_READ && w == SSL_READING)
1027 || (ec == SSL_ERROR_WANT_WRITE && w == SSL_WRITING)
1028 || (ec == SSL_ERROR_WANT_CLIENT_HELLO_CB && w == SSL_CLIENT_HELLO_CB)
1029 || (ec == SSL_ERROR_WANT_X509_LOOKUP && w == SSL_X509_LOOKUP)
1030 || (ec == SSL_ERROR_WANT_RETRY_VERIFY && w == SSL_RETRY_VERIFY)
1031 );
1032
1033 if (!ok)
1034 TEST_error("got error=%d, want=%d", ec, w);
1035
1036 return ok;
1037 }
1038
run_script_worker(struct helper * h,const struct script_op * script,const char * script_name,int thread_idx)1039 static int run_script_worker(struct helper *h, const struct script_op *script,
1040 const char *script_name,
1041 int thread_idx)
1042 {
1043 int testresult = 0;
1044 unsigned char *tmp_buf = NULL;
1045 int connect_started = 0;
1046 size_t offset = 0;
1047 size_t op_idx = 0;
1048 const struct script_op *op = NULL;
1049 int no_advance = 0, first = 1;
1050 #if defined(OPENSSL_THREADS)
1051 int end_wait_warning = 0;
1052 #endif
1053 OSSL_TIME op_start_time = ossl_time_zero(), op_deadline = ossl_time_zero();
1054 struct helper_local hl_, *hl = &hl_;
1055 #define REPEAT_SLOTS 8
1056 size_t repeat_stack_idx[REPEAT_SLOTS], repeat_stack_done[REPEAT_SLOTS];
1057 size_t repeat_stack_limit[REPEAT_SLOTS];
1058 size_t repeat_stack_len = 0;
1059
1060 if (!TEST_true(helper_local_init(hl, h, thread_idx)))
1061 goto out;
1062
1063 #define COMMON_SPIN_AGAIN() \
1064 { \
1065 no_advance = 1; \
1066 continue; \
1067 }
1068 #define S_SPIN_AGAIN() \
1069 { \
1070 s_lock(h, hl); \
1071 ossl_quic_tserver_tick(h->s); \
1072 COMMON_SPIN_AGAIN(); \
1073 }
1074 #define C_SPIN_AGAIN() \
1075 { \
1076 if (h->blocking) { \
1077 TEST_error("spin again in blocking mode"); \
1078 goto out; \
1079 } \
1080 COMMON_SPIN_AGAIN(); \
1081 }
1082
1083 for (;;) {
1084 SSL *c_tgt = h->c_conn;
1085 uint64_t s_stream_id = UINT64_MAX;
1086
1087 s_unlock(h, hl);
1088
1089 if (no_advance) {
1090 no_advance = 0;
1091 } else {
1092 if (!first)
1093 ++op_idx;
1094
1095 first = 0;
1096 offset = 0;
1097 op_start_time = ossl_time_now();
1098 op_deadline = ossl_time_add(op_start_time, ossl_ms2time(60000));
1099 }
1100
1101 if (!TEST_int_le(ossl_time_compare(ossl_time_now(), op_deadline), 0)) {
1102 TEST_error("op %zu timed out on thread %d", op_idx + 1, thread_idx);
1103 goto out;
1104 }
1105
1106 op = &script[op_idx];
1107
1108 if (op->stream_name != NULL) {
1109 c_tgt = helper_local_get_c_stream(hl, op->stream_name);
1110 if (thread_idx < 0)
1111 s_stream_id = helper_get_s_stream(h, op->stream_name);
1112 else
1113 s_stream_id = UINT64_MAX;
1114 }
1115
1116 if (thread_idx < 0) {
1117 if (!h->blocking) {
1118 ossl_quic_tserver_tick(h->s);
1119 }
1120 #if defined(OPENSSL_THREADS)
1121 else if (h->blocking && !h->server_thread.ready) {
1122 ossl_crypto_mutex_lock(h->server_thread.m);
1123 h->server_thread.ready = 1;
1124 ossl_crypto_condvar_signal(h->server_thread.c);
1125 ossl_crypto_mutex_unlock(h->server_thread.m);
1126 }
1127 if (h->blocking)
1128 assert(h->s == NULL);
1129 #endif
1130 }
1131
1132 if (!hl->explicit_event_handling
1133 && (thread_idx >= 0 || connect_started))
1134 SSL_handle_events(h->c_conn);
1135
1136 if (thread_idx >= 0) {
1137 /* Only allow certain opcodes on child threads. */
1138 switch (op->op) {
1139 case OPK_END:
1140 case OPK_CHECK:
1141 case OPK_C_ACCEPT_STREAM_WAIT:
1142 case OPK_C_NEW_STREAM:
1143 case OPK_C_READ_EXPECT:
1144 case OPK_C_EXPECT_FIN:
1145 case OPK_C_WRITE:
1146 case OPK_C_WRITE_EX2:
1147 case OPK_C_CONCLUDE:
1148 case OPK_C_FREE_STREAM:
1149 case OPK_BEGIN_REPEAT:
1150 case OPK_END_REPEAT:
1151 case OPK_C_READ_FAIL_WAIT:
1152 case OPK_C_EXPECT_SSL_ERR:
1153 case OPK_EXPECT_ERR_REASON:
1154 case OPK_EXPECT_ERR_LIB:
1155 case OPK_POP_ERR:
1156 case OPK_SLEEP:
1157 break;
1158
1159 default:
1160 TEST_error("opcode %lu not allowed on child thread",
1161 (unsigned long)op->op);
1162 goto out;
1163 }
1164 }
1165
1166 switch (op->op) {
1167 case OPK_END:
1168 if (!TEST_size_t_eq(repeat_stack_len, 0))
1169 goto out;
1170
1171 #if defined(OPENSSL_THREADS)
1172 if (thread_idx < 0) {
1173 int done;
1174 size_t i;
1175
1176 for (i = 0; i < h->num_threads; ++i) {
1177 if (h->threads[i].m == NULL)
1178 continue;
1179
1180 ossl_crypto_mutex_lock(h->threads[i].m);
1181 done = h->threads[i].done;
1182 ossl_crypto_mutex_unlock(h->threads[i].m);
1183
1184 if (!done) {
1185 if (!end_wait_warning) {
1186 TEST_info("still waiting for other threads to finish (%zu)", i);
1187 end_wait_warning = 1;
1188 }
1189
1190 S_SPIN_AGAIN();
1191 }
1192 }
1193 }
1194 #endif
1195
1196 TEST_info("script \"%s\" finished on thread %d", script_name, thread_idx);
1197 testresult = 1;
1198 goto out;
1199
1200 case OPK_BEGIN_REPEAT:
1201 if (!TEST_size_t_lt(repeat_stack_len, OSSL_NELEM(repeat_stack_idx)))
1202 goto out;
1203
1204 if (!TEST_size_t_gt(op->arg1, 0))
1205 goto out;
1206
1207 repeat_stack_idx[repeat_stack_len] = op_idx + 1;
1208 repeat_stack_done[repeat_stack_len] = 0;
1209 repeat_stack_limit[repeat_stack_len] = op->arg1;
1210 ++repeat_stack_len;
1211 break;
1212
1213 case OPK_C_SKIP_IF_UNBOUND:
1214 if (c_tgt != NULL)
1215 break;
1216
1217 op_idx += op->arg1;
1218 break;
1219
1220 case OPK_SKIP_IF_BLOCKING:
1221 if (!h->blocking)
1222 break;
1223
1224 op_idx += op->arg1;
1225 break;
1226
1227 case OPK_END_REPEAT:
1228 if (!TEST_size_t_gt(repeat_stack_len, 0))
1229 goto out;
1230
1231 if (++repeat_stack_done[repeat_stack_len - 1]
1232 == repeat_stack_limit[repeat_stack_len - 1]) {
1233 --repeat_stack_len;
1234 } else {
1235 op_idx = repeat_stack_idx[repeat_stack_len - 1];
1236 no_advance = 1;
1237 continue;
1238 }
1239
1240 break;
1241
1242 case OPK_CHECK:
1243 {
1244 int ok;
1245
1246 hl->check_op = op;
1247 ok = op->check_func(h, hl);
1248 hl->check_op = NULL;
1249
1250 if (thread_idx < 0 && h->check_spin_again) {
1251 h->check_spin_again = 0;
1252 S_SPIN_AGAIN();
1253 }
1254
1255 if (!TEST_true(ok))
1256 goto out;
1257 }
1258 break;
1259
1260 case OPK_C_SET_ALPN:
1261 {
1262 const char *alpn = op->arg0;
1263 size_t alpn_len = strlen(alpn);
1264
1265 if (!TEST_size_t_le(alpn_len, UINT8_MAX)
1266 || !TEST_ptr(tmp_buf = (unsigned char *)OPENSSL_malloc(alpn_len + 1)))
1267 goto out;
1268
1269 memcpy(tmp_buf + 1, alpn, alpn_len);
1270 tmp_buf[0] = (unsigned char)alpn_len;
1271
1272 /* 0 is the success case for SSL_set_alpn_protos(). */
1273 if (!TEST_false(SSL_set_alpn_protos(h->c_conn, tmp_buf,
1274 alpn_len + 1)))
1275 goto out;
1276
1277 OPENSSL_free(tmp_buf);
1278 tmp_buf = NULL;
1279 }
1280 break;
1281
1282 case OPK_C_CONNECT_WAIT:
1283 {
1284 int ret;
1285
1286 connect_started = 1;
1287
1288 ret = SSL_connect(h->c_conn);
1289 if (!check_consistent_want(c_tgt, ret))
1290 goto out;
1291 if (ret != 1) {
1292 if (!h->blocking && is_want(h->c_conn, ret))
1293 C_SPIN_AGAIN();
1294
1295 if (op->arg1 == 0 && !TEST_int_eq(ret, 1))
1296 goto out;
1297 }
1298 }
1299 break;
1300
1301 case OPK_C_WRITE:
1302 {
1303 size_t bytes_written = 0;
1304 int r;
1305
1306 if (!TEST_ptr(c_tgt))
1307 goto out;
1308
1309 r = SSL_write_ex(c_tgt, op->arg0, op->arg1, &bytes_written);
1310 if (!TEST_true(r)
1311 || !check_consistent_want(c_tgt, r)
1312 || !TEST_size_t_eq(bytes_written, op->arg1))
1313 goto out;
1314 }
1315 break;
1316
1317 case OPK_C_WRITE_EX2:
1318 {
1319 size_t bytes_written = 0;
1320 int r;
1321
1322 if (!TEST_ptr(c_tgt))
1323 goto out;
1324
1325 r = SSL_write_ex2(c_tgt, op->arg0, op->arg1, op->arg2,
1326 &bytes_written);
1327 if (!TEST_true(r)
1328 || !check_consistent_want(c_tgt, r)
1329 || !TEST_size_t_eq(bytes_written, op->arg1))
1330 goto out;
1331 }
1332 break;
1333
1334 case OPK_S_WRITE:
1335 {
1336 size_t bytes_written = 0;
1337
1338 if (!TEST_uint64_t_ne(s_stream_id, UINT64_MAX))
1339 goto out;
1340
1341 if (!TEST_true(ossl_quic_tserver_write(ACQUIRE_S(), s_stream_id,
1342 op->arg0, op->arg1,
1343 &bytes_written))
1344 || !TEST_size_t_eq(bytes_written, op->arg1))
1345 goto out;
1346 }
1347 break;
1348
1349 case OPK_C_CONCLUDE:
1350 {
1351 if (!TEST_true(SSL_stream_conclude(c_tgt, 0)))
1352 goto out;
1353 }
1354 break;
1355
1356 case OPK_S_CONCLUDE:
1357 {
1358 if (!TEST_uint64_t_ne(s_stream_id, UINT64_MAX))
1359 goto out;
1360
1361 ossl_quic_tserver_conclude(ACQUIRE_S(), s_stream_id);
1362 }
1363 break;
1364
1365 case OPK_C_WAIT_FOR_DATA:
1366 {
1367 char buf[1];
1368 size_t bytes_read = 0;
1369
1370 if (!TEST_ptr(c_tgt))
1371 goto out;
1372
1373 if (!SSL_peek_ex(c_tgt, buf, sizeof(buf), &bytes_read)
1374 || bytes_read == 0)
1375 C_SPIN_AGAIN();
1376 }
1377 break;
1378
1379 case OPK_C_READ_EXPECT:
1380 {
1381 size_t bytes_read = 0;
1382 int r;
1383
1384 if (op->arg1 > 0 && tmp_buf == NULL
1385 && !TEST_ptr(tmp_buf = OPENSSL_malloc(op->arg1)))
1386 goto out;
1387
1388 r = SSL_read_ex(c_tgt, tmp_buf + offset, op->arg1 - offset,
1389 &bytes_read);
1390 if (!check_consistent_want(c_tgt, r))
1391 goto out;
1392
1393 if (!r)
1394 C_SPIN_AGAIN();
1395
1396 if (bytes_read + offset != op->arg1) {
1397 offset += bytes_read;
1398 C_SPIN_AGAIN();
1399 }
1400
1401 if (op->arg1 > 0
1402 && !TEST_mem_eq(tmp_buf, op->arg1, op->arg0, op->arg1))
1403 goto out;
1404
1405 OPENSSL_free(tmp_buf);
1406 tmp_buf = NULL;
1407 }
1408 break;
1409
1410 case OPK_S_READ_EXPECT:
1411 {
1412 size_t bytes_read = 0;
1413
1414 if (!TEST_uint64_t_ne(s_stream_id, UINT64_MAX))
1415 goto out;
1416
1417 if (op->arg1 > 0 && tmp_buf == NULL
1418 && !TEST_ptr(tmp_buf = OPENSSL_malloc(op->arg1)))
1419 goto out;
1420
1421 if (!TEST_true(ossl_quic_tserver_read(ACQUIRE_S(), s_stream_id,
1422 tmp_buf + offset,
1423 op->arg1 - offset,
1424 &bytes_read)))
1425 goto out;
1426
1427 if (bytes_read + offset != op->arg1) {
1428 offset += bytes_read;
1429 S_SPIN_AGAIN();
1430 }
1431
1432 if (op->arg1 > 0
1433 && !TEST_mem_eq(tmp_buf, op->arg1, op->arg0, op->arg1))
1434 goto out;
1435
1436 OPENSSL_free(tmp_buf);
1437 tmp_buf = NULL;
1438 }
1439 break;
1440
1441 case OPK_C_EXPECT_FIN:
1442 {
1443 char buf[1];
1444 size_t bytes_read = 0;
1445 int r;
1446
1447 r = SSL_read_ex(c_tgt, buf, sizeof(buf), &bytes_read);
1448 if (!check_consistent_want(c_tgt, r)
1449 || !TEST_false(r)
1450 || !TEST_size_t_eq(bytes_read, 0))
1451 goto out;
1452
1453 if (is_want(c_tgt, 0))
1454 C_SPIN_AGAIN();
1455
1456 if (!TEST_int_eq(SSL_get_error(c_tgt, 0),
1457 SSL_ERROR_ZERO_RETURN))
1458 goto out;
1459
1460 if (!TEST_int_eq(SSL_want(c_tgt), SSL_NOTHING))
1461 goto out;
1462 }
1463 break;
1464
1465 case OPK_S_EXPECT_FIN:
1466 {
1467 if (!TEST_uint64_t_ne(s_stream_id, UINT64_MAX))
1468 goto out;
1469
1470 if (!ossl_quic_tserver_has_read_ended(ACQUIRE_S(), s_stream_id))
1471 S_SPIN_AGAIN();
1472 }
1473 break;
1474
1475 case OPK_C_DETACH:
1476 {
1477 SSL *c_stream;
1478
1479 if (!TEST_ptr_null(c_tgt))
1480 goto out; /* don't overwrite existing stream with same name */
1481
1482 if (!TEST_ptr(op->stream_name))
1483 goto out;
1484
1485 if (!TEST_ptr(c_stream = ossl_quic_detach_stream(h->c_conn)))
1486 goto out;
1487
1488 if (!TEST_true(helper_local_set_c_stream(hl, op->stream_name, c_stream)))
1489 goto out;
1490 }
1491 break;
1492
1493 case OPK_C_ATTACH:
1494 {
1495 if (!TEST_ptr(c_tgt))
1496 goto out;
1497
1498 if (!TEST_ptr(op->stream_name))
1499 goto out;
1500
1501 if (!TEST_true(ossl_quic_attach_stream(h->c_conn, c_tgt)))
1502 goto out;
1503
1504 if (!TEST_true(helper_local_set_c_stream(hl, op->stream_name, NULL)))
1505 goto out;
1506 }
1507 break;
1508
1509 case OPK_C_NEW_STREAM:
1510 {
1511 SSL *c_stream;
1512 uint64_t flags = op->arg1;
1513 int allow_fail = ((flags & ALLOW_FAIL) != 0);
1514
1515 flags &= ~(uint64_t)ALLOW_FAIL;
1516
1517 if (!TEST_ptr_null(c_tgt))
1518 goto out; /* don't overwrite existing stream with same name */
1519
1520 if (!TEST_ptr(op->stream_name))
1521 goto out;
1522
1523 c_stream = SSL_new_stream(h->c_conn, flags);
1524 if (!allow_fail && !TEST_ptr(c_stream))
1525 goto out;
1526
1527 if (allow_fail && c_stream == NULL) {
1528 if (!TEST_size_t_eq(ERR_GET_REASON(ERR_get_error()),
1529 SSL_R_STREAM_COUNT_LIMITED))
1530 goto out;
1531
1532 ++h->fail_count;
1533 break;
1534 }
1535
1536 if (op->arg2 != UINT64_MAX
1537 && !TEST_uint64_t_eq(SSL_get_stream_id(c_stream),
1538 op->arg2))
1539 goto out;
1540
1541 if (!TEST_true(helper_local_set_c_stream(hl, op->stream_name, c_stream)))
1542 goto out;
1543 }
1544 break;
1545
1546 case OPK_S_NEW_STREAM:
1547 {
1548 uint64_t stream_id = UINT64_MAX;
1549
1550 if (!TEST_uint64_t_eq(s_stream_id, UINT64_MAX))
1551 goto out; /* don't overwrite existing stream with same name */
1552
1553 if (!TEST_ptr(op->stream_name))
1554 goto out;
1555
1556 if (!TEST_true(ossl_quic_tserver_stream_new(ACQUIRE_S(),
1557 op->arg1 > 0,
1558 &stream_id)))
1559 goto out;
1560
1561 if (op->arg2 != UINT64_MAX
1562 && !TEST_uint64_t_eq(stream_id, op->arg2))
1563 goto out;
1564
1565 if (!TEST_true(helper_set_s_stream(h, op->stream_name,
1566 stream_id)))
1567 goto out;
1568 }
1569 break;
1570
1571 case OPK_C_ACCEPT_STREAM_WAIT:
1572 {
1573 SSL *c_stream;
1574
1575 if (!TEST_ptr_null(c_tgt))
1576 goto out; /* don't overwrite existing stream with same name */
1577
1578 if (!TEST_ptr(op->stream_name))
1579 goto out;
1580
1581 if ((c_stream = SSL_accept_stream(h->c_conn, 0)) == NULL)
1582 C_SPIN_AGAIN();
1583
1584 if (!TEST_true(helper_local_set_c_stream(hl, op->stream_name,
1585 c_stream)))
1586 goto out;
1587 }
1588 break;
1589
1590 case OPK_S_ACCEPT_STREAM_WAIT:
1591 {
1592 uint64_t new_stream_id;
1593
1594 if (!TEST_uint64_t_eq(s_stream_id, UINT64_MAX))
1595 goto out;
1596
1597 if (!TEST_ptr(op->stream_name))
1598 goto out;
1599
1600 new_stream_id = ossl_quic_tserver_pop_incoming_stream(ACQUIRE_S());
1601 if (new_stream_id == UINT64_MAX)
1602 S_SPIN_AGAIN();
1603
1604 if (!TEST_true(helper_set_s_stream(h, op->stream_name, new_stream_id)))
1605 goto out;
1606 }
1607 break;
1608
1609 case OPK_C_ACCEPT_STREAM_NONE:
1610 {
1611 SSL *c_stream;
1612
1613 if (!TEST_ptr_null(c_stream = SSL_accept_stream(h->c_conn,
1614 SSL_ACCEPT_STREAM_NO_BLOCK))) {
1615 SSL_free(c_stream);
1616 goto out;
1617 }
1618 }
1619 break;
1620
1621 case OPK_C_FREE_STREAM:
1622 {
1623 if (!TEST_ptr(c_tgt)
1624 || !TEST_true(!SSL_is_connection(c_tgt)))
1625 goto out;
1626
1627 if (!TEST_ptr(op->stream_name))
1628 goto out;
1629
1630 if (!TEST_true(helper_local_set_c_stream(hl, op->stream_name, NULL)))
1631 goto out;
1632
1633 SSL_free(c_tgt);
1634 c_tgt = NULL;
1635 }
1636 break;
1637
1638 case OPK_C_SET_DEFAULT_STREAM_MODE:
1639 {
1640 if (!TEST_ptr(c_tgt))
1641 goto out;
1642
1643 if (!TEST_true(SSL_set_default_stream_mode(c_tgt, op->arg1)))
1644 goto out;
1645 }
1646 break;
1647
1648 case OPK_C_SET_INCOMING_STREAM_POLICY:
1649 {
1650 if (!TEST_ptr(c_tgt))
1651 goto out;
1652
1653 if (!TEST_true(SSL_set_incoming_stream_policy(c_tgt,
1654 op->arg1, 0)))
1655 goto out;
1656 }
1657 break;
1658
1659 case OPK_C_SHUTDOWN_WAIT:
1660 {
1661 int ret;
1662 QUIC_CHANNEL *ch = ossl_quic_conn_get_channel(h->c_conn);
1663 SSL_SHUTDOWN_EX_ARGS args = {0};
1664
1665 ossl_quic_engine_set_inhibit_tick(ossl_quic_channel_get0_engine(ch), 0);
1666
1667 if (!TEST_ptr(c_tgt))
1668 goto out;
1669
1670 args.quic_reason = (const char *)op->arg0;
1671
1672 ret = SSL_shutdown_ex(c_tgt, op->arg1, &args, sizeof(args));
1673 if (!TEST_int_ge(ret, 0))
1674 goto out;
1675
1676 if (ret == 0)
1677 C_SPIN_AGAIN();
1678 }
1679 break;
1680
1681 case OPK_S_SHUTDOWN:
1682 {
1683 ossl_quic_tserver_shutdown(ACQUIRE_S(), op->arg1);
1684 }
1685 break;
1686
1687 case OPK_C_EXPECT_CONN_CLOSE_INFO:
1688 {
1689 SSL_CONN_CLOSE_INFO cc_info = {0};
1690 int expect_app = (op->arg1 & EXPECT_CONN_CLOSE_APP) != 0;
1691 int expect_remote = (op->arg1 & EXPECT_CONN_CLOSE_REMOTE) != 0;
1692 uint64_t error_code = op->arg2;
1693
1694 if (!TEST_ptr(c_tgt))
1695 goto out;
1696
1697 if (h->blocking
1698 && !TEST_true(SSL_shutdown_ex(c_tgt,
1699 SSL_SHUTDOWN_FLAG_WAIT_PEER,
1700 NULL, 0)))
1701 goto out;
1702
1703 if (!SSL_get_conn_close_info(c_tgt, &cc_info, sizeof(cc_info)))
1704 C_SPIN_AGAIN();
1705
1706 if (!TEST_int_eq(expect_app,
1707 (cc_info.flags
1708 & SSL_CONN_CLOSE_FLAG_TRANSPORT) == 0)
1709 || !TEST_int_eq(expect_remote,
1710 (cc_info.flags
1711 & SSL_CONN_CLOSE_FLAG_LOCAL) == 0)
1712 || !TEST_uint64_t_eq(error_code, cc_info.error_code)) {
1713 TEST_info("Connection close reason: %s", cc_info.reason);
1714 goto out;
1715 }
1716 }
1717 break;
1718
1719 case OPK_S_EXPECT_CONN_CLOSE_INFO:
1720 {
1721 const QUIC_TERMINATE_CAUSE *tc;
1722 int expect_app = (op->arg1 & EXPECT_CONN_CLOSE_APP) != 0;
1723 int expect_remote = (op->arg1 & EXPECT_CONN_CLOSE_REMOTE) != 0;
1724 uint64_t error_code = op->arg2;
1725
1726 if (!ossl_quic_tserver_is_term_any(ACQUIRE_S())) {
1727 ossl_quic_tserver_ping(ACQUIRE_S());
1728 S_SPIN_AGAIN();
1729 }
1730
1731 if (!TEST_ptr(tc = ossl_quic_tserver_get_terminate_cause(ACQUIRE_S())))
1732 goto out;
1733
1734 if (!TEST_uint64_t_eq(error_code, tc->error_code)
1735 || !TEST_int_eq(expect_app, tc->app)
1736 || !TEST_int_eq(expect_remote, tc->remote))
1737 goto out;
1738 }
1739 break;
1740
1741 case OPK_S_BIND_STREAM_ID:
1742 {
1743 if (!TEST_uint64_t_eq(s_stream_id, UINT64_MAX))
1744 goto out;
1745
1746 if (!TEST_ptr(op->stream_name))
1747 goto out;
1748
1749 if (!TEST_true(helper_set_s_stream(h, op->stream_name, op->arg2)))
1750 goto out;
1751 }
1752 break;
1753
1754 case OPK_S_UNBIND_STREAM_ID:
1755 {
1756 if (!TEST_uint64_t_ne(s_stream_id, UINT64_MAX))
1757 goto out;
1758
1759 if (!TEST_ptr(op->stream_name))
1760 goto out;
1761
1762 if (!TEST_true(helper_set_s_stream(h, op->stream_name, UINT64_MAX)))
1763 goto out;
1764 }
1765 break;
1766
1767 case OPK_C_WRITE_FAIL:
1768 {
1769 size_t bytes_written = 0;
1770 int r;
1771
1772 if (!TEST_ptr(c_tgt))
1773 goto out;
1774
1775 r = SSL_write_ex(c_tgt, "apple", 5, &bytes_written);
1776 if (!TEST_false(r)
1777 || !check_consistent_want(c_tgt, r))
1778 goto out;
1779 }
1780 break;
1781
1782 case OPK_S_WRITE_FAIL:
1783 {
1784 size_t bytes_written = 0;
1785
1786 if (!TEST_uint64_t_ne(s_stream_id, UINT64_MAX))
1787 goto out;
1788
1789 if (!TEST_false(ossl_quic_tserver_write(ACQUIRE_S(), s_stream_id,
1790 (const unsigned char *)"apple", 5,
1791 &bytes_written)))
1792 goto out;
1793 }
1794 break;
1795
1796 case OPK_C_READ_FAIL:
1797 {
1798 size_t bytes_read = 0;
1799 char buf[1];
1800 int r;
1801
1802 if (!TEST_ptr(c_tgt))
1803 goto out;
1804
1805 r = SSL_read_ex(c_tgt, buf, sizeof(buf), &bytes_read);
1806 if (!TEST_false(r))
1807 goto out;
1808 if (!check_consistent_want(c_tgt, r))
1809 goto out;
1810 }
1811 break;
1812
1813 case OPK_C_READ_FAIL_WAIT:
1814 {
1815 size_t bytes_read = 0;
1816 char buf[1];
1817 int r;
1818
1819 if (!TEST_ptr(c_tgt))
1820 goto out;
1821
1822 r = SSL_read_ex(c_tgt, buf, sizeof(buf), &bytes_read);
1823 if (!TEST_false(r))
1824 goto out;
1825 if (!check_consistent_want(c_tgt, r))
1826 goto out;
1827
1828 if (is_want(c_tgt, 0))
1829 C_SPIN_AGAIN();
1830 }
1831 break;
1832
1833 case OPK_S_READ_FAIL:
1834 {
1835 int ret;
1836 size_t bytes_read = 0;
1837 unsigned char buf[1];
1838
1839 if (!TEST_uint64_t_ne(s_stream_id, UINT64_MAX))
1840 goto out;
1841
1842 ret = ossl_quic_tserver_read(ACQUIRE_S(), s_stream_id,
1843 buf, sizeof(buf),
1844 &bytes_read);
1845 if (!TEST_true(ret == 0 || (op->arg1 && bytes_read == 0)))
1846 goto out;
1847 }
1848 break;
1849
1850 case OPK_C_STREAM_RESET:
1851 case OPK_C_STREAM_RESET_FAIL:
1852 {
1853 SSL_STREAM_RESET_ARGS args = {0};
1854
1855 if (!TEST_ptr(c_tgt))
1856 goto out;
1857
1858 args.quic_error_code = op->arg2;
1859 if (op->op == OPK_C_STREAM_RESET) {
1860 if (!TEST_true(SSL_stream_reset(c_tgt, &args, sizeof(args))))
1861 goto out;
1862 } else {
1863 if (!TEST_false(SSL_stream_reset(c_tgt, &args, sizeof(args))))
1864 goto out;
1865 }
1866 }
1867 break;
1868
1869 case OPK_NEW_THREAD:
1870 {
1871 #if !defined(OPENSSL_THREADS)
1872 /*
1873 * If this test script requires threading and we do not have
1874 * support for it, skip the rest of it.
1875 */
1876 TEST_skip("threading not supported, skipping");
1877 testresult = 1;
1878 goto out;
1879 #else
1880 size_t i;
1881
1882 if (!TEST_ptr_null(h->threads)) {
1883 TEST_error("max one NEW_THREAD operation per script");
1884 goto out;
1885 }
1886
1887 h->threads = OPENSSL_zalloc(op->arg1 * sizeof(struct child_thread_args));
1888 if (!TEST_ptr(h->threads))
1889 goto out;
1890
1891 h->num_threads = op->arg1;
1892
1893 for (i = 0; i < op->arg1; ++i) {
1894 h->threads[i].h = h;
1895 h->threads[i].script = op->arg0;
1896 h->threads[i].script_name = script_name;
1897 h->threads[i].thread_idx = i;
1898
1899 h->threads[i].m = ossl_crypto_mutex_new();
1900 if (!TEST_ptr(h->threads[i].m))
1901 goto out;
1902
1903 h->threads[i].t
1904 = ossl_crypto_thread_native_start(run_script_child_thread,
1905 &h->threads[i], 1);
1906 if (!TEST_ptr(h->threads[i].t))
1907 goto out;
1908 }
1909 #endif
1910 }
1911 break;
1912
1913 case OPK_C_CLOSE_SOCKET:
1914 {
1915 BIO_closesocket(h->c_fd);
1916 h->c_fd = -1;
1917 }
1918 break;
1919
1920 case OPK_C_EXPECT_SSL_ERR:
1921 {
1922 if (!TEST_size_t_eq((size_t)SSL_get_error(c_tgt, 0), op->arg1))
1923 goto out;
1924 if (!TEST_int_eq(SSL_want(c_tgt), SSL_NOTHING))
1925 goto out;
1926 }
1927 break;
1928
1929 case OPK_EXPECT_ERR_REASON:
1930 {
1931 if (!TEST_size_t_eq((size_t)ERR_GET_REASON(ERR_peek_last_error()), op->arg1))
1932 goto out;
1933 }
1934 break;
1935
1936 case OPK_EXPECT_ERR_LIB:
1937 {
1938 if (!TEST_size_t_eq((size_t)ERR_GET_LIB(ERR_peek_last_error()), op->arg1))
1939 goto out;
1940 }
1941 break;
1942
1943 case OPK_POP_ERR:
1944 ERR_pop();
1945 break;
1946
1947 case OPK_SLEEP:
1948 {
1949 OSSL_sleep(op->arg2);
1950 }
1951 break;
1952
1953 case OPK_S_SET_INJECT_PLAIN:
1954 h->qtf_packet_plain_cb = op->qtf_packet_plain_cb;
1955
1956 if (!TEST_true(qtest_fault_set_packet_plain_listener(h->qtf,
1957 h->qtf_packet_plain_cb != NULL ?
1958 helper_packet_plain_listener : NULL,
1959 h)))
1960 goto out;
1961
1962 break;
1963
1964 case OPK_S_SET_INJECT_HANDSHAKE:
1965 h->qtf_handshake_cb = op->qtf_handshake_cb;
1966
1967 if (!TEST_true(qtest_fault_set_handshake_listener(h->qtf,
1968 h->qtf_handshake_cb != NULL ?
1969 helper_handshake_listener : NULL,
1970 h)))
1971 goto out;
1972
1973 break;
1974
1975 case OPK_S_SET_INJECT_DATAGRAM:
1976 h->qtf_datagram_cb = op->qtf_datagram_cb;
1977
1978 if (!TEST_true(qtest_fault_set_datagram_listener(h->qtf,
1979 h->qtf_datagram_cb != NULL ?
1980 helper_datagram_listener : NULL,
1981 h)))
1982 goto out;
1983
1984 break;
1985
1986 case OPK_SET_INJECT_WORD:
1987 /*
1988 * Must hold server tick lock - callbacks can be called from other
1989 * thread when running test in blocking mode (tsan).
1990 */
1991 ACQUIRE_S();
1992 h->inject_word0 = op->arg1;
1993 h->inject_word1 = op->arg2;
1994 break;
1995
1996 case OPK_C_INHIBIT_TICK:
1997 {
1998 QUIC_CHANNEL *ch = ossl_quic_conn_get_channel(h->c_conn);
1999
2000 ossl_quic_engine_set_inhibit_tick(ossl_quic_channel_get0_engine(ch),
2001 op->arg1);
2002 }
2003 break;
2004
2005 case OPK_C_SET_WRITE_BUF_SIZE:
2006 if (!TEST_ptr(c_tgt))
2007 goto out;
2008
2009 if (!TEST_true(ossl_quic_set_write_buffer_size(c_tgt, op->arg1)))
2010 goto out;
2011
2012 break;
2013
2014 case OPK_S_NEW_TICKET:
2015 if (!TEST_true(ossl_quic_tserver_new_ticket(ACQUIRE_S())))
2016 goto out;
2017 break;
2018
2019 default:
2020 TEST_error("unknown op");
2021 goto out;
2022 }
2023 }
2024
2025 out:
2026 s_unlock(h, hl); /* idempotent */
2027 if (!testresult) {
2028 size_t i;
2029 const QUIC_TERMINATE_CAUSE *tcause;
2030 const char *e_str, *f_str;
2031
2032 TEST_error("failed in script \"%s\" at op %zu, thread %d\n",
2033 script_name, op_idx + 1, thread_idx);
2034
2035 for (i = 0; i < repeat_stack_len; ++i)
2036 TEST_info("while repeating, iteration %zu of %zu, starting at script op %zu",
2037 repeat_stack_done[i],
2038 repeat_stack_limit[i],
2039 repeat_stack_idx[i]);
2040
2041 ERR_print_errors_fp(stderr);
2042
2043 if (h->c_conn != NULL) {
2044 SSL_CONN_CLOSE_INFO cc_info = {0};
2045
2046 if (SSL_get_conn_close_info(h->c_conn, &cc_info, sizeof(cc_info))) {
2047 e_str = ossl_quic_err_to_string(cc_info.error_code);
2048 f_str = ossl_quic_frame_type_to_string(cc_info.frame_type);
2049
2050 if (e_str == NULL)
2051 e_str = "?";
2052 if (f_str == NULL)
2053 f_str = "?";
2054
2055 TEST_info("client side is closed: %llu(%s)/%llu(%s), "
2056 "%s, %s, reason: \"%s\"",
2057 (unsigned long long)cc_info.error_code,
2058 e_str,
2059 (unsigned long long)cc_info.frame_type,
2060 f_str,
2061 (cc_info.flags & SSL_CONN_CLOSE_FLAG_LOCAL) != 0
2062 ? "local" : "remote",
2063 (cc_info.flags & SSL_CONN_CLOSE_FLAG_TRANSPORT) != 0
2064 ? "transport" : "app",
2065 cc_info.reason != NULL ? cc_info.reason : "-");
2066 }
2067 }
2068
2069 tcause = (h->s != NULL
2070 ? ossl_quic_tserver_get_terminate_cause(h->s) : NULL);
2071 if (tcause != NULL) {
2072 e_str = ossl_quic_err_to_string(tcause->error_code);
2073 f_str = ossl_quic_frame_type_to_string(tcause->frame_type);
2074
2075 if (e_str == NULL)
2076 e_str = "?";
2077 if (f_str == NULL)
2078 f_str = "?";
2079
2080 TEST_info("server side is closed: %llu(%s)/%llu(%s), "
2081 "%s, %s, reason: \"%s\"",
2082 (unsigned long long)tcause->error_code,
2083 e_str,
2084 (unsigned long long)tcause->frame_type,
2085 f_str,
2086 tcause->remote ? "remote" : "local",
2087 tcause->app ? "app" : "transport",
2088 tcause->reason != NULL ? tcause->reason : "-");
2089 }
2090 }
2091
2092 OPENSSL_free(tmp_buf);
2093 helper_local_cleanup(hl);
2094 return testresult;
2095 }
2096
run_script(const struct script_op * script,const char * script_name,int free_order,int blocking)2097 static int run_script(const struct script_op *script,
2098 const char *script_name,
2099 int free_order,
2100 int blocking)
2101 {
2102 int testresult = 0;
2103 struct helper h;
2104
2105 if (!TEST_true(helper_init(&h, script_name,
2106 free_order, blocking, 1)))
2107 goto out;
2108
2109 if (!TEST_true(run_script_worker(&h, script, script_name, -1)))
2110 goto out;
2111
2112 #if defined(OPENSSL_THREADS)
2113 if (!TEST_true(join_threads(h.threads, h.num_threads)))
2114 goto out;
2115 #endif
2116
2117 testresult = 1;
2118 out:
2119 helper_cleanup(&h);
2120 return testresult;
2121 }
2122
2123 #if defined(OPENSSL_THREADS)
run_script_child_thread(void * arg)2124 static CRYPTO_THREAD_RETVAL run_script_child_thread(void *arg)
2125 {
2126 int testresult;
2127 struct child_thread_args *args = arg;
2128
2129 testresult = run_script_worker(args->h, args->script,
2130 args->script_name,
2131 args->thread_idx);
2132
2133 ossl_crypto_mutex_lock(args->m);
2134 args->testresult = testresult;
2135 args->done = 1;
2136 ossl_crypto_mutex_unlock(args->m);
2137 return 1;
2138 }
2139 #endif
2140
2141 /* 1. Simple single-stream test */
2142 static const struct script_op script_1[] = {
2143 OP_C_SET_ALPN ("ossltest")
2144 OP_C_CONNECT_WAIT ()
2145 OP_C_WRITE (DEFAULT, "apple", 5)
2146 OP_C_CONCLUDE (DEFAULT)
2147 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
2148 OP_S_READ_EXPECT (a, "apple", 5)
2149 OP_S_EXPECT_FIN (a)
2150 OP_S_WRITE (a, "orange", 6)
2151 OP_S_CONCLUDE (a)
2152 OP_C_READ_EXPECT (DEFAULT, "orange", 6)
2153 OP_C_EXPECT_FIN (DEFAULT)
2154 OP_END
2155 };
2156
2157 /* 2. Multi-stream test */
2158 static const struct script_op script_2[] = {
2159 OP_C_SET_ALPN ("ossltest")
2160 OP_C_CONNECT_WAIT ()
2161 OP_C_SET_INCOMING_STREAM_POLICY(SSL_INCOMING_STREAM_POLICY_ACCEPT)
2162 OP_C_WRITE (DEFAULT, "apple", 5)
2163 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
2164 OP_S_READ_EXPECT (a, "apple", 5)
2165 OP_S_WRITE (a, "orange", 6)
2166 OP_C_READ_EXPECT (DEFAULT, "orange", 6)
2167
2168 OP_C_NEW_STREAM_BIDI (b, C_BIDI_ID(1))
2169 OP_C_WRITE (b, "flamingo", 8)
2170 OP_C_CONCLUDE (b)
2171 OP_S_BIND_STREAM_ID (b, C_BIDI_ID(1))
2172 OP_S_READ_EXPECT (b, "flamingo", 8)
2173 OP_S_EXPECT_FIN (b)
2174 OP_S_WRITE (b, "gargoyle", 8)
2175 OP_S_CONCLUDE (b)
2176 OP_C_READ_EXPECT (b, "gargoyle", 8)
2177 OP_C_EXPECT_FIN (b)
2178
2179 OP_C_NEW_STREAM_UNI (c, C_UNI_ID(0))
2180 OP_C_WRITE (c, "elephant", 8)
2181 OP_C_CONCLUDE (c)
2182 OP_S_BIND_STREAM_ID (c, C_UNI_ID(0))
2183 OP_S_READ_EXPECT (c, "elephant", 8)
2184 OP_S_EXPECT_FIN (c)
2185 OP_S_WRITE_FAIL (c)
2186
2187 OP_C_ACCEPT_STREAM_NONE ()
2188
2189 OP_S_NEW_STREAM_BIDI (d, S_BIDI_ID(0))
2190 OP_S_WRITE (d, "frog", 4)
2191 OP_S_CONCLUDE (d)
2192
2193 OP_C_ACCEPT_STREAM_WAIT (d)
2194 OP_C_ACCEPT_STREAM_NONE ()
2195 OP_C_READ_EXPECT (d, "frog", 4)
2196 OP_C_EXPECT_FIN (d)
2197
2198 OP_S_NEW_STREAM_BIDI (e, S_BIDI_ID(1))
2199 OP_S_WRITE (e, "mixture", 7)
2200 OP_S_CONCLUDE (e)
2201
2202 OP_C_ACCEPT_STREAM_WAIT (e)
2203 OP_C_READ_EXPECT (e, "mixture", 7)
2204 OP_C_EXPECT_FIN (e)
2205 OP_C_WRITE (e, "ramble", 6)
2206 OP_S_READ_EXPECT (e, "ramble", 6)
2207 OP_C_CONCLUDE (e)
2208 OP_S_EXPECT_FIN (e)
2209
2210 OP_S_NEW_STREAM_UNI (f, S_UNI_ID(0))
2211 OP_S_WRITE (f, "yonder", 6)
2212 OP_S_CONCLUDE (f)
2213
2214 OP_C_ACCEPT_STREAM_WAIT (f)
2215 OP_C_ACCEPT_STREAM_NONE ()
2216 OP_C_READ_EXPECT (f, "yonder", 6)
2217 OP_C_EXPECT_FIN (f)
2218 OP_C_WRITE_FAIL (f)
2219
2220 OP_C_SET_INCOMING_STREAM_POLICY(SSL_INCOMING_STREAM_POLICY_REJECT)
2221 OP_S_NEW_STREAM_BIDI (g, S_BIDI_ID(2))
2222 OP_S_WRITE (g, "unseen", 6)
2223 OP_S_CONCLUDE (g)
2224
2225 OP_C_ACCEPT_STREAM_NONE ()
2226
2227 OP_C_SET_INCOMING_STREAM_POLICY(SSL_INCOMING_STREAM_POLICY_AUTO)
2228 OP_S_NEW_STREAM_BIDI (h, S_BIDI_ID(3))
2229 OP_S_WRITE (h, "UNSEEN", 6)
2230 OP_S_CONCLUDE (h)
2231
2232 OP_C_ACCEPT_STREAM_NONE ()
2233
2234 /*
2235 * Streams g, h should have been rejected, so server should have got
2236 * STOP_SENDING/RESET_STREAM.
2237 */
2238 OP_CHECK (check_rejected, S_BIDI_ID(2))
2239 OP_CHECK (check_rejected, S_BIDI_ID(3))
2240
2241 OP_END
2242 };
2243
2244 /* 3. Default stream detach/reattach test */
2245 static const struct script_op script_3[] = {
2246 OP_C_SET_ALPN ("ossltest")
2247 OP_C_CONNECT_WAIT ()
2248
2249 OP_C_WRITE (DEFAULT, "apple", 5)
2250 OP_C_DETACH (a) /* DEFAULT becomes stream 'a' */
2251 OP_C_WRITE_FAIL (DEFAULT)
2252
2253 OP_C_WRITE (a, "by", 2)
2254
2255 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
2256 OP_S_READ_EXPECT (a, "appleby", 7)
2257
2258 OP_S_WRITE (a, "hello", 5)
2259 OP_C_READ_EXPECT (a, "hello", 5)
2260
2261 OP_C_WRITE_FAIL (DEFAULT)
2262 OP_C_ATTACH (a)
2263 OP_C_WRITE (DEFAULT, "is here", 7)
2264 OP_S_READ_EXPECT (a, "is here", 7)
2265
2266 OP_C_DETACH (a)
2267 OP_C_CONCLUDE (a)
2268 OP_S_EXPECT_FIN (a)
2269
2270 OP_END
2271 };
2272
2273 /* 4. Default stream mode test */
2274 static const struct script_op script_4[] = {
2275 OP_C_SET_ALPN ("ossltest")
2276 OP_C_CONNECT_WAIT ()
2277
2278 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
2279 OP_C_WRITE_FAIL (DEFAULT)
2280
2281 OP_S_NEW_STREAM_BIDI (a, S_BIDI_ID(0))
2282 OP_S_WRITE (a, "apple", 5)
2283
2284 OP_C_READ_FAIL (DEFAULT)
2285
2286 OP_C_ACCEPT_STREAM_WAIT (a)
2287 OP_C_READ_EXPECT (a, "apple", 5)
2288
2289 OP_C_ATTACH (a)
2290 OP_C_WRITE (DEFAULT, "orange", 6)
2291 OP_S_READ_EXPECT (a, "orange", 6)
2292
2293 OP_END
2294 };
2295
2296 /* 5. Test stream reset functionality */
2297 static const struct script_op script_5[] = {
2298 OP_C_SET_ALPN ("ossltest")
2299 OP_C_CONNECT_WAIT ()
2300
2301 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
2302 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
2303 OP_C_NEW_STREAM_BIDI (b, C_BIDI_ID(1))
2304
2305 OP_C_WRITE (a, "apple", 5)
2306 OP_C_STREAM_RESET (a, 42)
2307
2308 OP_C_WRITE (b, "strawberry", 10)
2309
2310 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
2311 OP_S_BIND_STREAM_ID (b, C_BIDI_ID(1))
2312 OP_S_READ_EXPECT (b, "strawberry", 10)
2313 /* Reset disrupts read of already sent data */
2314 OP_S_READ_FAIL (a, 0)
2315 OP_CHECK (check_stream_reset, C_BIDI_ID(0))
2316
2317 OP_END
2318 };
2319
2320 /* 6. Test STOP_SENDING functionality */
2321 static const struct script_op script_6[] = {
2322 OP_C_SET_ALPN ("ossltest")
2323 OP_C_CONNECT_WAIT ()
2324
2325 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
2326 OP_S_NEW_STREAM_BIDI (a, S_BIDI_ID(0))
2327 OP_S_WRITE (a, "apple", 5)
2328
2329 OP_C_ACCEPT_STREAM_WAIT (a)
2330 OP_C_FREE_STREAM (a)
2331 OP_C_ACCEPT_STREAM_NONE ()
2332
2333 OP_CHECK (check_stream_stopped, S_BIDI_ID(0))
2334
2335 OP_END
2336 };
2337
2338 /* 7. Unidirectional default stream mode test (client sends first) */
2339 static const struct script_op script_7[] = {
2340 OP_C_SET_ALPN ("ossltest")
2341 OP_C_CONNECT_WAIT ()
2342
2343 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_AUTO_UNI)
2344 OP_C_WRITE (DEFAULT, "apple", 5)
2345
2346 OP_S_BIND_STREAM_ID (a, C_UNI_ID(0))
2347 OP_S_READ_EXPECT (a, "apple", 5)
2348 OP_S_WRITE_FAIL (a)
2349
2350 OP_END
2351 };
2352
2353 /* 8. Unidirectional default stream mode test (server sends first) */
2354 static const struct script_op script_8[] = {
2355 OP_C_SET_ALPN ("ossltest")
2356 OP_C_CONNECT_WAIT ()
2357
2358 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_AUTO_UNI)
2359 OP_S_NEW_STREAM_UNI (a, S_UNI_ID(0))
2360 OP_S_WRITE (a, "apple", 5)
2361 OP_C_READ_EXPECT (DEFAULT, "apple", 5)
2362 OP_C_WRITE_FAIL (DEFAULT)
2363
2364 OP_END
2365 };
2366
2367 /* 9. Unidirectional default stream mode test (server sends first on bidi) */
2368 static const struct script_op script_9[] = {
2369 OP_C_SET_ALPN ("ossltest")
2370 OP_C_CONNECT_WAIT ()
2371
2372 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_AUTO_UNI)
2373 OP_S_NEW_STREAM_BIDI (a, S_BIDI_ID(0))
2374 OP_S_WRITE (a, "apple", 5)
2375 OP_C_READ_EXPECT (DEFAULT, "apple", 5)
2376 OP_C_WRITE (DEFAULT, "orange", 6)
2377 OP_S_READ_EXPECT (a, "orange", 6)
2378
2379 OP_END
2380 };
2381
2382 /* 10. Shutdown */
2383 static const struct script_op script_10[] = {
2384 OP_C_SET_ALPN ("ossltest")
2385 OP_C_CONNECT_WAIT ()
2386
2387 OP_C_WRITE (DEFAULT, "apple", 5)
2388 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
2389 OP_S_READ_EXPECT (a, "apple", 5)
2390
2391 OP_C_SHUTDOWN_WAIT (NULL, 0)
2392 OP_C_EXPECT_CONN_CLOSE_INFO(0, 1, 0)
2393 OP_S_EXPECT_CONN_CLOSE_INFO(0, 1, 1)
2394
2395 OP_END
2396 };
2397
2398 /* 11. Many threads accepted on the same client connection */
2399 static const struct script_op script_11_child[] = {
2400 OP_C_ACCEPT_STREAM_WAIT (a)
2401 OP_C_READ_EXPECT (a, "foo", 3)
2402 OP_SLEEP (10)
2403 OP_C_EXPECT_FIN (a)
2404
2405 OP_END
2406 };
2407
2408 static const struct script_op script_11[] = {
2409 OP_C_SET_ALPN ("ossltest")
2410 OP_C_CONNECT_WAIT ()
2411 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
2412
2413 OP_NEW_THREAD (5, script_11_child)
2414
2415 OP_S_NEW_STREAM_BIDI (a, ANY_ID)
2416 OP_S_WRITE (a, "foo", 3)
2417 OP_S_CONCLUDE (a)
2418
2419 OP_S_NEW_STREAM_BIDI (b, ANY_ID)
2420 OP_S_WRITE (b, "foo", 3)
2421 OP_S_CONCLUDE (b)
2422
2423 OP_S_NEW_STREAM_BIDI (c, ANY_ID)
2424 OP_S_WRITE (c, "foo", 3)
2425 OP_S_CONCLUDE (c)
2426
2427 OP_S_NEW_STREAM_BIDI (d, ANY_ID)
2428 OP_S_WRITE (d, "foo", 3)
2429 OP_S_CONCLUDE (d)
2430
2431 OP_S_NEW_STREAM_BIDI (e, ANY_ID)
2432 OP_S_WRITE (e, "foo", 3)
2433 OP_S_CONCLUDE (e)
2434
2435 OP_END
2436 };
2437
2438 /* 12. Many threads initiated on the same client connection */
2439 static const struct script_op script_12_child[] = {
2440 OP_C_NEW_STREAM_BIDI (a, ANY_ID)
2441 OP_C_WRITE (a, "foo", 3)
2442 OP_C_CONCLUDE (a)
2443 OP_C_FREE_STREAM (a)
2444
2445 OP_END
2446 };
2447
2448 static const struct script_op script_12[] = {
2449 OP_C_SET_ALPN ("ossltest")
2450 OP_C_CONNECT_WAIT ()
2451 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
2452
2453 OP_NEW_THREAD (5, script_12_child)
2454
2455 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
2456 OP_S_READ_EXPECT (a, "foo", 3)
2457 OP_S_EXPECT_FIN (a)
2458 OP_S_BIND_STREAM_ID (b, C_BIDI_ID(1))
2459 OP_S_READ_EXPECT (b, "foo", 3)
2460 OP_S_EXPECT_FIN (b)
2461 OP_S_BIND_STREAM_ID (c, C_BIDI_ID(2))
2462 OP_S_READ_EXPECT (c, "foo", 3)
2463 OP_S_EXPECT_FIN (c)
2464 OP_S_BIND_STREAM_ID (d, C_BIDI_ID(3))
2465 OP_S_READ_EXPECT (d, "foo", 3)
2466 OP_S_EXPECT_FIN (d)
2467 OP_S_BIND_STREAM_ID (e, C_BIDI_ID(4))
2468 OP_S_READ_EXPECT (e, "foo", 3)
2469 OP_S_EXPECT_FIN (e)
2470
2471 OP_END
2472 };
2473
2474 /* 13. Many threads accepted on the same client connection (stress test) */
2475 static const struct script_op script_13_child[] = {
2476 OP_BEGIN_REPEAT (10)
2477
2478 OP_C_ACCEPT_STREAM_WAIT (a)
2479 OP_C_READ_EXPECT (a, "foo", 3)
2480 OP_C_EXPECT_FIN (a)
2481 OP_C_FREE_STREAM (a)
2482
2483 OP_END_REPEAT ()
2484
2485 OP_END
2486 };
2487
2488 static const struct script_op script_13[] = {
2489 OP_C_SET_ALPN ("ossltest")
2490 OP_C_CONNECT_WAIT ()
2491 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
2492
2493 OP_NEW_THREAD (5, script_13_child)
2494
2495 OP_BEGIN_REPEAT (50)
2496
2497 OP_S_NEW_STREAM_BIDI (a, ANY_ID)
2498 OP_S_WRITE (a, "foo", 3)
2499 OP_S_CONCLUDE (a)
2500 OP_S_UNBIND_STREAM_ID (a)
2501
2502 OP_END_REPEAT ()
2503
2504 OP_END
2505 };
2506
2507 /* 14. Many threads initiating on the same client connection (stress test) */
2508 static const struct script_op script_14_child[] = {
2509 OP_BEGIN_REPEAT (10)
2510
2511 OP_C_NEW_STREAM_BIDI (a, ANY_ID)
2512 OP_C_WRITE (a, "foo", 3)
2513 OP_C_CONCLUDE (a)
2514 OP_C_FREE_STREAM (a)
2515
2516 OP_END_REPEAT ()
2517
2518 OP_END
2519 };
2520
2521 static const struct script_op script_14[] = {
2522 OP_C_SET_ALPN ("ossltest")
2523 OP_C_CONNECT_WAIT ()
2524 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
2525
2526 OP_NEW_THREAD (5, script_14_child)
2527
2528 OP_BEGIN_REPEAT (50)
2529
2530 OP_S_ACCEPT_STREAM_WAIT (a)
2531 OP_S_READ_EXPECT (a, "foo", 3)
2532 OP_S_EXPECT_FIN (a)
2533 OP_S_UNBIND_STREAM_ID (a)
2534
2535 OP_END_REPEAT ()
2536
2537 OP_END
2538 };
2539
2540 /* 15. Client sending large number of streams, MAX_STREAMS test */
2541 static const struct script_op script_15[] = {
2542 OP_C_SET_ALPN ("ossltest")
2543 OP_C_CONNECT_WAIT ()
2544 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
2545
2546 /*
2547 * This will cause a protocol violation to be raised by the server if we are
2548 * not handling the stream limit correctly on the TX side.
2549 */
2550 OP_BEGIN_REPEAT (200)
2551
2552 OP_C_NEW_STREAM_BIDI_EX (a, ANY_ID, SSL_STREAM_FLAG_ADVANCE)
2553 OP_C_WRITE (a, "foo", 3)
2554 OP_C_CONCLUDE (a)
2555 OP_C_FREE_STREAM (a)
2556
2557 OP_END_REPEAT ()
2558
2559 /* Prove the connection is still good. */
2560 OP_S_NEW_STREAM_BIDI (a, S_BIDI_ID(0))
2561 OP_S_WRITE (a, "bar", 3)
2562 OP_S_CONCLUDE (a)
2563
2564 OP_C_ACCEPT_STREAM_WAIT (a)
2565 OP_C_READ_EXPECT (a, "bar", 3)
2566 OP_C_EXPECT_FIN (a)
2567
2568 /*
2569 * Drain the queue of incoming streams. We should be able to get all 200
2570 * even though only 100 can be initiated at a time.
2571 */
2572 OP_BEGIN_REPEAT (200)
2573
2574 OP_S_ACCEPT_STREAM_WAIT (b)
2575 OP_S_READ_EXPECT (b, "foo", 3)
2576 OP_S_EXPECT_FIN (b)
2577 OP_S_UNBIND_STREAM_ID (b)
2578
2579 OP_END_REPEAT ()
2580
2581 OP_END
2582 };
2583
2584 /* 16. Server sending large number of streams, MAX_STREAMS test */
2585 static const struct script_op script_16[] = {
2586 OP_C_SET_ALPN ("ossltest")
2587 OP_C_CONNECT_WAIT ()
2588 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
2589
2590 /*
2591 * This will cause a protocol violation to be raised by the client if we are
2592 * not handling the stream limit correctly on the TX side.
2593 */
2594 OP_BEGIN_REPEAT (200)
2595
2596 OP_S_NEW_STREAM_BIDI (a, ANY_ID)
2597 OP_S_WRITE (a, "foo", 3)
2598 OP_S_CONCLUDE (a)
2599 OP_S_UNBIND_STREAM_ID (a)
2600
2601 OP_END_REPEAT ()
2602
2603 /* Prove that the connection is still good. */
2604 OP_C_NEW_STREAM_BIDI (a, ANY_ID)
2605 OP_C_WRITE (a, "bar", 3)
2606 OP_C_CONCLUDE (a)
2607
2608 OP_S_ACCEPT_STREAM_WAIT (b)
2609 OP_S_READ_EXPECT (b, "bar", 3)
2610 OP_S_EXPECT_FIN (b)
2611
2612 /* Drain the queue of incoming streams. */
2613 OP_BEGIN_REPEAT (200)
2614
2615 OP_C_ACCEPT_STREAM_WAIT (b)
2616 OP_C_READ_EXPECT (b, "foo", 3)
2617 OP_C_EXPECT_FIN (b)
2618 OP_C_FREE_STREAM (b)
2619
2620 OP_END_REPEAT ()
2621
2622 OP_END
2623 };
2624
2625 /* 17. Key update test - unlimited */
2626 static const struct script_op script_17[] = {
2627 OP_C_SET_ALPN ("ossltest")
2628 OP_C_CONNECT_WAIT ()
2629
2630 OP_C_WRITE (DEFAULT, "apple", 5)
2631
2632 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
2633 OP_S_READ_EXPECT (a, "apple", 5)
2634
2635 OP_CHECK (override_key_update, 1)
2636
2637 OP_BEGIN_REPEAT (200)
2638
2639 OP_C_WRITE (DEFAULT, "apple", 5)
2640 OP_S_READ_EXPECT (a, "apple", 5)
2641
2642 /*
2643 * TXKU frequency is bounded by RTT because a previous TXKU needs to be
2644 * acknowledged by the peer first before another one can be begin. By
2645 * waiting this long, we eliminate any such concern and ensure as many key
2646 * updates as possible can occur for the purposes of this test.
2647 */
2648 OP_CHECK (skip_time_ms, 100)
2649
2650 OP_END_REPEAT ()
2651
2652 /* At least 5 RXKUs detected */
2653 OP_CHECK (check_key_update_ge, 5)
2654
2655 /*
2656 * Prove the connection is still healthy by sending something in both
2657 * directions.
2658 */
2659 OP_C_WRITE (DEFAULT, "xyzzy", 5)
2660 OP_S_READ_EXPECT (a, "xyzzy", 5)
2661
2662 OP_S_WRITE (a, "plugh", 5)
2663 OP_C_READ_EXPECT (DEFAULT, "plugh", 5)
2664
2665 OP_END
2666 };
2667
2668 /* 18. Key update test - RTT-bounded */
2669 static const struct script_op script_18[] = {
2670 OP_C_SET_ALPN ("ossltest")
2671 OP_C_CONNECT_WAIT ()
2672
2673 OP_C_WRITE (DEFAULT, "apple", 5)
2674
2675 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
2676 OP_S_READ_EXPECT (a, "apple", 5)
2677
2678 OP_CHECK (override_key_update, 1)
2679
2680 OP_BEGIN_REPEAT (200)
2681
2682 OP_C_WRITE (DEFAULT, "apple", 5)
2683 OP_S_READ_EXPECT (a, "apple", 5)
2684 OP_CHECK (skip_time_ms, 8)
2685
2686 OP_END_REPEAT ()
2687
2688 /*
2689 * This time we simulate far less time passing between writes, so there are
2690 * fewer opportunities to initiate TXKUs. Note that we ask for a TXKU every
2691 * 1 packet above, which is absurd; thus this ensures we only actually
2692 * generate TXKUs when we are allowed to.
2693 */
2694 OP_CHECK (check_key_update_lt, 240)
2695
2696 /*
2697 * Prove the connection is still healthy by sending something in both
2698 * directions.
2699 */
2700 OP_C_WRITE (DEFAULT, "xyzzy", 5)
2701 OP_S_READ_EXPECT (a, "xyzzy", 5)
2702
2703 OP_S_WRITE (a, "plugh", 5)
2704 OP_C_READ_EXPECT (DEFAULT, "plugh", 5)
2705
2706 OP_END
2707 };
2708
2709 /* 19. Key update test - artificially triggered */
2710 static const struct script_op script_19[] = {
2711 OP_C_SET_ALPN ("ossltest")
2712 OP_C_CONNECT_WAIT ()
2713
2714 OP_C_WRITE (DEFAULT, "apple", 5)
2715
2716 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
2717 OP_S_READ_EXPECT (a, "apple", 5)
2718
2719 OP_C_WRITE (DEFAULT, "orange", 6)
2720 OP_S_READ_EXPECT (a, "orange", 6)
2721
2722 OP_S_WRITE (a, "strawberry", 10)
2723 OP_C_READ_EXPECT (DEFAULT, "strawberry", 10)
2724
2725 OP_CHECK (check_key_update_lt, 1)
2726 OP_CHECK (trigger_key_update, 0)
2727
2728 OP_C_WRITE (DEFAULT, "orange", 6)
2729 OP_S_READ_EXPECT (a, "orange", 6)
2730 OP_S_WRITE (a, "ok", 2)
2731
2732 OP_C_READ_EXPECT (DEFAULT, "ok", 2)
2733 OP_CHECK (check_key_update_ge, 1)
2734
2735 OP_END
2736 };
2737
2738 /* 20. Multiple threads accept stream with socket forcibly closed (error test) */
script_20_trigger(struct helper * h,volatile uint64_t * counter)2739 static int script_20_trigger(struct helper *h, volatile uint64_t *counter)
2740 {
2741 #if defined(OPENSSL_THREADS)
2742 ossl_crypto_mutex_lock(h->misc_m);
2743 ++*counter;
2744 ossl_crypto_condvar_broadcast(h->misc_cv);
2745 ossl_crypto_mutex_unlock(h->misc_m);
2746 #endif
2747 return 1;
2748 }
2749
script_20_wait(struct helper * h,volatile uint64_t * counter,uint64_t threshold)2750 static int script_20_wait(struct helper *h, volatile uint64_t *counter, uint64_t threshold)
2751 {
2752 #if defined(OPENSSL_THREADS)
2753 int stop = 0;
2754
2755 ossl_crypto_mutex_lock(h->misc_m);
2756 while (!stop) {
2757 stop = (*counter >= threshold);
2758 if (stop)
2759 break;
2760
2761 ossl_crypto_condvar_wait(h->misc_cv, h->misc_m);
2762 }
2763
2764 ossl_crypto_mutex_unlock(h->misc_m);
2765 #endif
2766 return 1;
2767 }
2768
script_20_trigger1(struct helper * h,struct helper_local * hl)2769 static int script_20_trigger1(struct helper *h, struct helper_local *hl)
2770 {
2771 return script_20_trigger(h, &h->scratch0);
2772 }
2773
script_20_wait1(struct helper * h,struct helper_local * hl)2774 static int script_20_wait1(struct helper *h, struct helper_local *hl)
2775 {
2776 return script_20_wait(h, &h->scratch0, hl->check_op->arg2);
2777 }
2778
script_20_trigger2(struct helper * h,struct helper_local * hl)2779 static int script_20_trigger2(struct helper *h, struct helper_local *hl)
2780 {
2781 return script_20_trigger(h, &h->scratch1);
2782 }
2783
script_20_wait2(struct helper * h,struct helper_local * hl)2784 static int script_20_wait2(struct helper *h, struct helper_local *hl)
2785 {
2786 return script_20_wait(h, &h->scratch1, hl->check_op->arg2);
2787 }
2788
2789 static const struct script_op script_20_child[] = {
2790 OP_C_ACCEPT_STREAM_WAIT (a)
2791 OP_C_READ_EXPECT (a, "foo", 3)
2792
2793 OP_CHECK (script_20_trigger1, 0)
2794 OP_CHECK (script_20_wait2, 1)
2795
2796 OP_C_READ_FAIL_WAIT (a)
2797 OP_C_EXPECT_SSL_ERR (a, SSL_ERROR_SYSCALL)
2798
2799 OP_EXPECT_ERR_LIB (ERR_LIB_SSL)
2800 OP_EXPECT_ERR_REASON (SSL_R_PROTOCOL_IS_SHUTDOWN)
2801
2802 OP_POP_ERR ()
2803 OP_EXPECT_ERR_LIB (ERR_LIB_SSL)
2804 OP_EXPECT_ERR_REASON (SSL_R_QUIC_NETWORK_ERROR)
2805
2806 OP_C_FREE_STREAM (a)
2807
2808 OP_END
2809 };
2810
2811 static const struct script_op script_20[] = {
2812 OP_C_SET_ALPN ("ossltest")
2813 OP_C_CONNECT_WAIT ()
2814 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
2815
2816 OP_NEW_THREAD (5, script_20_child)
2817
2818 OP_BEGIN_REPEAT (5)
2819
2820 OP_S_NEW_STREAM_BIDI (a, ANY_ID)
2821 OP_S_WRITE (a, "foo", 3)
2822 OP_S_UNBIND_STREAM_ID (a)
2823
2824 OP_END_REPEAT ()
2825
2826 OP_CHECK (script_20_wait1, 5)
2827
2828 OP_C_CLOSE_SOCKET ()
2829 OP_CHECK (script_20_trigger2, 0)
2830
2831 OP_END
2832 };
2833
2834 /* 21. Fault injection - unknown frame in 1-RTT packet */
script_21_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)2835 static int script_21_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
2836 unsigned char *buf, size_t len)
2837 {
2838 int ok = 0;
2839 WPACKET wpkt;
2840 unsigned char frame_buf[21];
2841 size_t written;
2842
2843 if (h->inject_word0 == 0 || hdr->type != h->inject_word0)
2844 return 1;
2845
2846 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
2847 sizeof(frame_buf), 0)))
2848 return 0;
2849
2850 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word1)))
2851 goto err;
2852
2853 switch (h->inject_word1) {
2854 case OSSL_QUIC_FRAME_TYPE_PATH_CHALLENGE:
2855 case OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE:
2856 case OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID:
2857 /*
2858 * These cases to be formatted properly need a single uint64_t
2859 */
2860 if (!TEST_true(WPACKET_put_bytes_u64(&wpkt, (uint64_t)0)))
2861 goto err;
2862 break;
2863 case OSSL_QUIC_FRAME_TYPE_MAX_DATA:
2864 case OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_UNI:
2865 case OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_BIDI:
2866 case OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_BIDI:
2867 case OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_UNI:
2868 case OSSL_QUIC_FRAME_TYPE_DATA_BLOCKED:
2869 /*
2870 * These cases require a single vlint
2871 */
2872 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, (uint64_t)0)))
2873 goto err;
2874 break;
2875 case OSSL_QUIC_FRAME_TYPE_STOP_SENDING:
2876 case OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA:
2877 case OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED:
2878 /*
2879 * These cases require 2 variable integers
2880 */
2881 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, (uint64_t)0)))
2882 goto err;
2883 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, (uint64_t)0)))
2884 goto err;
2885 break;
2886 case OSSL_QUIC_FRAME_TYPE_STREAM:
2887 case OSSL_QUIC_FRAME_TYPE_RESET_STREAM:
2888 case OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_APP:
2889 /*
2890 * These cases require 3 variable integers
2891 */
2892 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, (uint64_t)0)))
2893 goto err;
2894 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, (uint64_t)0)))
2895 goto err;
2896 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, (uint64_t)0)))
2897 goto err;
2898 break;
2899 case OSSL_QUIC_FRAME_TYPE_NEW_TOKEN:
2900 /*
2901 * Special case for new token
2902 */
2903
2904 /* New token length, cannot be zero */
2905 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, (uint64_t)1)))
2906 goto err;
2907
2908 /* 1 bytes of token data, to match the above length */
2909 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, (uint8_t)0)))
2910 goto err;
2911 break;
2912 case OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID:
2913 /*
2914 * Special case for New Connection ids, has a combination
2915 * of vlints and fixed width values
2916 */
2917
2918 /* seq number */
2919 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, (uint64_t)0)))
2920 goto err;
2921
2922 /* retire prior to */
2923 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, (uint64_t)0)))
2924 goto err;
2925
2926 /* Connection id length, arbitrary at 1 bytes */
2927 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, (uint8_t)1)))
2928 goto err;
2929
2930 /* The connection id, to match the above length */
2931 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, (uint8_t)0)))
2932 goto err;
2933
2934 /* 16 bytes total for the SRT */
2935 if (!TEST_true(WPACKET_memset(&wpkt, 0, 16)))
2936 goto err;
2937
2938 break;
2939 }
2940
2941 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
2942 goto err;
2943
2944 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
2945 goto err;
2946
2947 ok = 1;
2948 err:
2949 if (ok)
2950 WPACKET_finish(&wpkt);
2951 else
2952 WPACKET_cleanup(&wpkt);
2953 return ok;
2954 }
2955
2956 static const struct script_op script_21[] = {
2957 OP_S_SET_INJECT_PLAIN (script_21_inject_plain)
2958 OP_C_SET_ALPN ("ossltest")
2959 OP_C_CONNECT_WAIT ()
2960
2961 OP_C_WRITE (DEFAULT, "apple", 5)
2962 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
2963 OP_S_READ_EXPECT (a, "apple", 5)
2964
2965 OP_SET_INJECT_WORD (QUIC_PKT_TYPE_1RTT, OSSL_QUIC_VLINT_MAX)
2966
2967 OP_S_WRITE (a, "orange", 6)
2968
2969 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0)
2970
2971 OP_END
2972 };
2973
2974 /* 22. Fault injection - non-zero packet header reserved bits */
script_22_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)2975 static int script_22_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
2976 unsigned char *buf, size_t len)
2977 {
2978 if (h->inject_word0 == 0)
2979 return 1;
2980
2981 hdr->reserved = 1;
2982 return 1;
2983 }
2984
2985 static const struct script_op script_22[] = {
2986 OP_S_SET_INJECT_PLAIN (script_22_inject_plain)
2987 OP_C_SET_ALPN ("ossltest")
2988 OP_C_CONNECT_WAIT ()
2989
2990 OP_C_WRITE (DEFAULT, "apple", 5)
2991 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
2992 OP_S_READ_EXPECT (a, "apple", 5)
2993
2994 OP_SET_INJECT_WORD (1, 0)
2995
2996 OP_S_WRITE (a, "orange", 6)
2997
2998 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_PROTOCOL_VIOLATION,0,0)
2999
3000 OP_END
3001 };
3002
3003 /* 23. Fault injection - empty NEW_TOKEN */
script_23_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)3004 static int script_23_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
3005 unsigned char *buf, size_t len)
3006 {
3007 int ok = 0;
3008 WPACKET wpkt;
3009 unsigned char frame_buf[16];
3010 size_t written;
3011
3012 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT)
3013 return 1;
3014
3015 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
3016 sizeof(frame_buf), 0)))
3017 return 0;
3018
3019 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_FRAME_TYPE_NEW_TOKEN))
3020 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, 0)))
3021 goto err;
3022
3023 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
3024 goto err;
3025
3026 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
3027 goto err;
3028
3029 ok = 1;
3030 err:
3031 if (ok)
3032 WPACKET_finish(&wpkt);
3033 else
3034 WPACKET_cleanup(&wpkt);
3035 return ok;
3036 }
3037
3038 static const struct script_op script_23[] = {
3039 OP_S_SET_INJECT_PLAIN (script_23_inject_plain)
3040 OP_C_SET_ALPN ("ossltest")
3041 OP_C_CONNECT_WAIT ()
3042
3043 OP_C_WRITE (DEFAULT, "apple", 5)
3044 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3045 OP_S_READ_EXPECT (a, "apple", 5)
3046
3047 OP_SET_INJECT_WORD (1, 0)
3048
3049 OP_S_WRITE (a, "orange", 6)
3050
3051 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0)
3052
3053 OP_END
3054 };
3055
3056 /* 24. Fault injection - excess value of MAX_STREAMS_BIDI */
script_24_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)3057 static int script_24_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
3058 unsigned char *buf, size_t len)
3059 {
3060 int ok = 0;
3061 WPACKET wpkt;
3062 unsigned char frame_buf[16];
3063 size_t written;
3064
3065 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT)
3066 return 1;
3067
3068 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
3069 sizeof(frame_buf), 0)))
3070 return 0;
3071
3072 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word1))
3073 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, (((uint64_t)1) << 60) + 1)))
3074 goto err;
3075
3076 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
3077 goto err;
3078
3079 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
3080 goto err;
3081
3082 ok = 1;
3083 err:
3084 if (ok)
3085 WPACKET_finish(&wpkt);
3086 else
3087 WPACKET_cleanup(&wpkt);
3088 return ok;
3089 }
3090
3091 static const struct script_op script_24[] = {
3092 OP_S_SET_INJECT_PLAIN (script_24_inject_plain)
3093 OP_C_SET_ALPN ("ossltest")
3094 OP_C_CONNECT_WAIT ()
3095
3096 OP_C_WRITE (DEFAULT, "apple", 5)
3097 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3098 OP_S_READ_EXPECT (a, "apple", 5)
3099
3100 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_BIDI)
3101
3102 OP_S_WRITE (a, "orange", 6)
3103
3104 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0)
3105
3106 OP_END
3107 };
3108
3109 /* 25. Fault injection - excess value of MAX_STREAMS_UNI */
3110 static const struct script_op script_25[] = {
3111 OP_S_SET_INJECT_PLAIN (script_24_inject_plain)
3112 OP_C_SET_ALPN ("ossltest")
3113 OP_C_CONNECT_WAIT ()
3114
3115 OP_C_WRITE (DEFAULT, "apple", 5)
3116 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3117 OP_S_READ_EXPECT (a, "apple", 5)
3118
3119 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_UNI)
3120
3121 OP_S_WRITE (a, "orange", 6)
3122
3123 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0)
3124
3125 OP_END
3126 };
3127
3128 /* 26. Fault injection - excess value of STREAMS_BLOCKED_BIDI */
3129 static const struct script_op script_26[] = {
3130 OP_S_SET_INJECT_PLAIN (script_24_inject_plain)
3131 OP_C_SET_ALPN ("ossltest")
3132 OP_C_CONNECT_WAIT ()
3133
3134 OP_C_WRITE (DEFAULT, "apple", 5)
3135 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3136 OP_S_READ_EXPECT (a, "apple", 5)
3137
3138 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_BIDI)
3139
3140 OP_S_WRITE (a, "orange", 6)
3141
3142 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_LIMIT_ERROR,0,0)
3143
3144 OP_END
3145 };
3146
3147 /* 27. Fault injection - excess value of STREAMS_BLOCKED_UNI */
3148 static const struct script_op script_27[] = {
3149 OP_S_SET_INJECT_PLAIN (script_24_inject_plain)
3150 OP_C_SET_ALPN ("ossltest")
3151 OP_C_CONNECT_WAIT ()
3152
3153 OP_C_WRITE (DEFAULT, "apple", 5)
3154 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3155 OP_S_READ_EXPECT (a, "apple", 5)
3156
3157 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_UNI)
3158
3159 OP_S_WRITE (a, "orange", 6)
3160
3161 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_LIMIT_ERROR,0,0)
3162
3163 OP_END
3164 };
3165
3166 /* 28. Fault injection - received RESET_STREAM for send-only stream */
script_28_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)3167 static int script_28_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
3168 unsigned char *buf, size_t len)
3169 {
3170 int ok = 0;
3171 WPACKET wpkt;
3172 unsigned char frame_buf[32];
3173 size_t written;
3174
3175 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT)
3176 return 1;
3177
3178 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
3179 sizeof(frame_buf), 0)))
3180 return 0;
3181
3182 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word1))
3183 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, /* stream ID */
3184 h->inject_word0 - 1))
3185 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, 123))
3186 || (h->inject_word1 == OSSL_QUIC_FRAME_TYPE_RESET_STREAM
3187 && !TEST_true(WPACKET_quic_write_vlint(&wpkt, 5)))) /* final size */
3188 goto err;
3189
3190 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
3191 goto err;
3192
3193 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
3194 goto err;
3195
3196 ok = 1;
3197 err:
3198 if (ok)
3199 WPACKET_finish(&wpkt);
3200 else
3201 WPACKET_cleanup(&wpkt);
3202 return ok;
3203 }
3204
3205 static const struct script_op script_28[] = {
3206 OP_S_SET_INJECT_PLAIN (script_28_inject_plain)
3207 OP_C_SET_ALPN ("ossltest")
3208 OP_C_CONNECT_WAIT ()
3209 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3210
3211 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
3212 OP_C_WRITE (a, "orange", 6)
3213
3214 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3215 OP_S_READ_EXPECT (a, "orange", 6)
3216
3217 OP_C_NEW_STREAM_UNI (b, C_UNI_ID(0))
3218 OP_C_WRITE (b, "apple", 5)
3219
3220 OP_S_BIND_STREAM_ID (b, C_UNI_ID(0))
3221 OP_S_READ_EXPECT (b, "apple", 5)
3222
3223 OP_SET_INJECT_WORD (C_UNI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_RESET_STREAM)
3224 OP_S_WRITE (a, "fruit", 5)
3225
3226 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR,0,0)
3227
3228 OP_END
3229 };
3230
3231 /* 29. Fault injection - received RESET_STREAM for nonexistent send-only stream */
3232 static const struct script_op script_29[] = {
3233 OP_S_SET_INJECT_PLAIN (script_28_inject_plain)
3234 OP_C_SET_ALPN ("ossltest")
3235 OP_C_CONNECT_WAIT ()
3236 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3237
3238 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
3239 OP_C_WRITE (a, "orange", 6)
3240
3241 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3242 OP_S_READ_EXPECT (a, "orange", 6)
3243
3244 OP_C_NEW_STREAM_UNI (b, C_UNI_ID(0))
3245 OP_C_WRITE (b, "apple", 5)
3246
3247 OP_S_BIND_STREAM_ID (b, C_UNI_ID(0))
3248 OP_S_READ_EXPECT (b, "apple", 5)
3249
3250 OP_SET_INJECT_WORD (C_UNI_ID(1) + 1, OSSL_QUIC_FRAME_TYPE_RESET_STREAM)
3251 OP_S_WRITE (a, "fruit", 5)
3252
3253 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR,0,0)
3254
3255 OP_END
3256 };
3257
3258 /* 30. Fault injection - received STOP_SENDING for receive-only stream */
3259 static const struct script_op script_30[] = {
3260 OP_S_SET_INJECT_PLAIN (script_28_inject_plain)
3261 OP_C_SET_ALPN ("ossltest")
3262 OP_C_CONNECT_WAIT ()
3263 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3264
3265 OP_S_NEW_STREAM_UNI (a, S_UNI_ID(0))
3266 OP_S_WRITE (a, "apple", 5)
3267
3268 OP_C_ACCEPT_STREAM_WAIT (a)
3269 OP_C_READ_EXPECT (a, "apple", 5)
3270
3271 OP_SET_INJECT_WORD (S_UNI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_STOP_SENDING)
3272 OP_S_WRITE (a, "orange", 6)
3273
3274 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR,0,0)
3275
3276 OP_END
3277 };
3278
3279 /* 31. Fault injection - received STOP_SENDING for nonexistent receive-only stream */
3280 static const struct script_op script_31[] = {
3281 OP_S_SET_INJECT_PLAIN (script_28_inject_plain)
3282 OP_C_SET_ALPN ("ossltest")
3283 OP_C_CONNECT_WAIT ()
3284 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3285
3286 OP_S_NEW_STREAM_UNI (a, S_UNI_ID(0))
3287 OP_S_WRITE (a, "apple", 5)
3288
3289 OP_C_ACCEPT_STREAM_WAIT (a)
3290 OP_C_READ_EXPECT (a, "apple", 5)
3291
3292 OP_SET_INJECT_WORD (C_UNI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_STOP_SENDING)
3293 OP_S_WRITE (a, "orange", 6)
3294
3295 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR,0,0)
3296
3297 OP_END
3298 };
3299
3300 /* 32. Fault injection - STREAM frame for nonexistent stream */
script_32_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)3301 static int script_32_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
3302 unsigned char *buf, size_t len)
3303 {
3304 int ok = 0;
3305 WPACKET wpkt;
3306 unsigned char frame_buf[64];
3307 size_t written;
3308 uint64_t type = OSSL_QUIC_FRAME_TYPE_STREAM_OFF_LEN, offset, flen, i;
3309
3310 if (hdr->type != QUIC_PKT_TYPE_1RTT)
3311 return 1;
3312
3313 switch (h->inject_word1) {
3314 default:
3315 return 0;
3316 case 0:
3317 return 1;
3318 case 1:
3319 offset = 0;
3320 flen = 0;
3321 break;
3322 case 2:
3323 offset = (((uint64_t)1)<<62) - 1;
3324 flen = 5;
3325 break;
3326 case 3:
3327 offset = 1 * 1024 * 1024 * 1024; /* 1G */
3328 flen = 5;
3329 break;
3330 case 4:
3331 offset = 0;
3332 flen = 1;
3333 break;
3334 }
3335
3336 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
3337 sizeof(frame_buf), 0)))
3338 return 0;
3339
3340 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, type))
3341 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, /* stream ID */
3342 h->inject_word0 - 1))
3343 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, offset))
3344 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, flen)))
3345 goto err;
3346
3347 for (i = 0; i < flen; ++i)
3348 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x42)))
3349 goto err;
3350
3351 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
3352 goto err;
3353
3354 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
3355 goto err;
3356
3357 ok = 1;
3358 err:
3359 if (ok)
3360 WPACKET_finish(&wpkt);
3361 else
3362 WPACKET_cleanup(&wpkt);
3363 return ok;
3364 }
3365
3366 static const struct script_op script_32[] = {
3367 OP_S_SET_INJECT_PLAIN (script_32_inject_plain)
3368 OP_C_SET_ALPN ("ossltest")
3369 OP_C_CONNECT_WAIT ()
3370 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3371
3372 OP_S_NEW_STREAM_UNI (a, S_UNI_ID(0))
3373 OP_S_WRITE (a, "apple", 5)
3374
3375 OP_C_ACCEPT_STREAM_WAIT (a)
3376 OP_C_READ_EXPECT (a, "apple", 5)
3377
3378 OP_SET_INJECT_WORD (C_UNI_ID(0) + 1, 1)
3379 OP_S_WRITE (a, "orange", 6)
3380
3381 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR,0,0)
3382
3383 OP_END
3384 };
3385
3386 /* 33. Fault injection - STREAM frame with illegal offset */
3387 static const struct script_op script_33[] = {
3388 OP_S_SET_INJECT_PLAIN (script_32_inject_plain)
3389 OP_C_SET_ALPN ("ossltest")
3390 OP_C_CONNECT_WAIT ()
3391 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3392
3393 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
3394 OP_C_WRITE (a, "apple", 5)
3395
3396 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3397 OP_S_READ_EXPECT (a, "apple", 5)
3398
3399 OP_SET_INJECT_WORD (C_BIDI_ID(0) + 1, 2)
3400 OP_S_WRITE (a, "orange", 6)
3401
3402 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0)
3403
3404 OP_END
3405 };
3406
3407 /* 34. Fault injection - STREAM frame which exceeds FC */
3408 static const struct script_op script_34[] = {
3409 OP_S_SET_INJECT_PLAIN (script_32_inject_plain)
3410 OP_C_SET_ALPN ("ossltest")
3411 OP_C_CONNECT_WAIT ()
3412 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3413
3414 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
3415 OP_C_WRITE (a, "apple", 5)
3416
3417 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3418 OP_S_READ_EXPECT (a, "apple", 5)
3419
3420 OP_SET_INJECT_WORD (C_BIDI_ID(0) + 1, 3)
3421 OP_S_WRITE (a, "orange", 6)
3422
3423 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FLOW_CONTROL_ERROR,0,0)
3424
3425 OP_END
3426 };
3427
3428 /* 35. Fault injection - MAX_STREAM_DATA for receive-only stream */
3429 static const struct script_op script_35[] = {
3430 OP_S_SET_INJECT_PLAIN (script_28_inject_plain)
3431 OP_C_SET_ALPN ("ossltest")
3432 OP_C_CONNECT_WAIT ()
3433 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3434
3435 OP_S_NEW_STREAM_UNI (a, S_UNI_ID(0))
3436 OP_S_WRITE (a, "apple", 5)
3437
3438 OP_C_ACCEPT_STREAM_WAIT (a)
3439 OP_C_READ_EXPECT (a, "apple", 5)
3440
3441 OP_SET_INJECT_WORD (S_UNI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA)
3442 OP_S_WRITE (a, "orange", 6)
3443
3444 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR,0,0)
3445
3446 OP_END
3447 };
3448
3449 /* 36. Fault injection - MAX_STREAM_DATA for nonexistent stream */
3450 static const struct script_op script_36[] = {
3451 OP_S_SET_INJECT_PLAIN (script_28_inject_plain)
3452 OP_C_SET_ALPN ("ossltest")
3453 OP_C_CONNECT_WAIT ()
3454 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3455
3456 OP_S_NEW_STREAM_UNI (a, S_UNI_ID(0))
3457 OP_S_WRITE (a, "apple", 5)
3458
3459 OP_C_ACCEPT_STREAM_WAIT (a)
3460 OP_C_READ_EXPECT (a, "apple", 5)
3461
3462 OP_SET_INJECT_WORD (C_BIDI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA)
3463 OP_S_WRITE (a, "orange", 6)
3464
3465 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR,0,0)
3466
3467 OP_END
3468 };
3469
3470 /* 37. Fault injection - STREAM_DATA_BLOCKED for send-only stream */
3471 static const struct script_op script_37[] = {
3472 OP_S_SET_INJECT_PLAIN (script_28_inject_plain)
3473 OP_C_SET_ALPN ("ossltest")
3474 OP_C_CONNECT_WAIT ()
3475 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3476
3477 OP_C_NEW_STREAM_UNI (a, C_UNI_ID(0))
3478 OP_C_WRITE (a, "apple", 5)
3479
3480 OP_S_BIND_STREAM_ID (a, C_UNI_ID(0))
3481 OP_S_READ_EXPECT (a, "apple", 5)
3482
3483 OP_S_NEW_STREAM_UNI (b, S_UNI_ID(0))
3484 OP_SET_INJECT_WORD (C_UNI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED)
3485 OP_S_WRITE (b, "orange", 5)
3486
3487 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR,0,0)
3488
3489 OP_END
3490 };
3491
3492 /* 38. Fault injection - STREAM_DATA_BLOCKED for non-existent stream */
3493 static const struct script_op script_38[] = {
3494 OP_S_SET_INJECT_PLAIN (script_28_inject_plain)
3495 OP_C_SET_ALPN ("ossltest")
3496 OP_C_CONNECT_WAIT ()
3497 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3498
3499 OP_C_NEW_STREAM_UNI (a, C_UNI_ID(0))
3500 OP_C_WRITE (a, "apple", 5)
3501
3502 OP_S_BIND_STREAM_ID (a, C_UNI_ID(0))
3503 OP_S_READ_EXPECT (a, "apple", 5)
3504
3505 OP_SET_INJECT_WORD (C_BIDI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED)
3506
3507 OP_S_NEW_STREAM_UNI (b, S_UNI_ID(0))
3508 OP_S_WRITE (b, "orange", 5)
3509
3510 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR,0,0)
3511
3512 OP_END
3513 };
3514
3515 /* 39. Fault injection - NEW_CONN_ID with zero-len CID */
script_39_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)3516 static int script_39_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
3517 unsigned char *buf, size_t len)
3518 {
3519 int ok = 0;
3520 WPACKET wpkt;
3521 unsigned char frame_buf[64];
3522 size_t i, written;
3523 uint64_t seq_no = 0, retire_prior_to = 0;
3524 QUIC_CONN_ID new_cid = {0};
3525 QUIC_CHANNEL *ch = ossl_quic_tserver_get_channel(h->s_priv);
3526
3527 if (hdr->type != QUIC_PKT_TYPE_1RTT)
3528 return 1;
3529
3530 switch (h->inject_word1) {
3531 case 0:
3532 return 1;
3533 case 1:
3534 new_cid.id_len = 0;
3535 break;
3536 case 2:
3537 new_cid.id_len = 21;
3538 break;
3539 case 3:
3540 new_cid.id_len = 1;
3541 new_cid.id[0] = 0x55;
3542
3543 seq_no = 0;
3544 retire_prior_to = 1;
3545 break;
3546 case 4:
3547 /* Use our actual CID so we don't break connectivity. */
3548 ossl_quic_channel_get_diag_local_cid(ch, &new_cid);
3549
3550 seq_no = 2;
3551 retire_prior_to = 2;
3552 break;
3553 case 5:
3554 /*
3555 * Use a bogus CID which will need to be ignored if connectivity is to
3556 * be continued.
3557 */
3558 new_cid.id_len = 8;
3559 new_cid.id[0] = 0x55;
3560
3561 seq_no = 1;
3562 retire_prior_to = 1;
3563 break;
3564 }
3565
3566 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
3567 sizeof(frame_buf), 0)))
3568 return 0;
3569
3570 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID))
3571 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, seq_no)) /* seq no */
3572 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, retire_prior_to)) /* retire prior to */
3573 || !TEST_true(WPACKET_put_bytes_u8(&wpkt, new_cid.id_len))) /* len */
3574 goto err;
3575
3576 for (i = 0; i < new_cid.id_len && i < OSSL_NELEM(new_cid.id); ++i)
3577 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, new_cid.id[i])))
3578 goto err;
3579
3580 for (; i < new_cid.id_len; ++i)
3581 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x55)))
3582 goto err;
3583
3584 for (i = 0; i < QUIC_STATELESS_RESET_TOKEN_LEN; ++i)
3585 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x42)))
3586 goto err;
3587
3588 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
3589 goto err;
3590
3591 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
3592 goto err;
3593
3594 ok = 1;
3595 err:
3596 if (ok)
3597 WPACKET_finish(&wpkt);
3598 else
3599 WPACKET_cleanup(&wpkt);
3600 return ok;
3601 }
3602
3603 static const struct script_op script_39[] = {
3604 OP_S_SET_INJECT_PLAIN (script_39_inject_plain)
3605 OP_C_SET_ALPN ("ossltest")
3606 OP_C_CONNECT_WAIT ()
3607 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3608
3609 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
3610 OP_C_WRITE (a, "apple", 5)
3611 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3612 OP_S_READ_EXPECT (a, "apple", 5)
3613
3614 OP_SET_INJECT_WORD (0, 1)
3615 OP_S_WRITE (a, "orange", 5)
3616
3617 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0)
3618
3619 OP_END
3620 };
3621
3622 /* 40. Shutdown flush test */
3623 static const unsigned char script_40_data[1024] = "strawberry";
3624
3625 static const struct script_op script_40[] = {
3626 OP_C_SET_ALPN ("ossltest")
3627 OP_C_CONNECT_WAIT ()
3628 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3629
3630 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
3631 OP_C_WRITE (a, "apple", 5)
3632
3633 OP_C_INHIBIT_TICK (1)
3634 OP_C_SET_WRITE_BUF_SIZE (a, 1024 * 100 * 3)
3635
3636 OP_BEGIN_REPEAT (100)
3637
3638 OP_C_WRITE (a, script_40_data, sizeof(script_40_data))
3639
3640 OP_END_REPEAT ()
3641
3642 OP_C_CONCLUDE (a)
3643 OP_C_SHUTDOWN_WAIT (NULL, 0) /* disengages tick inhibition */
3644
3645 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3646 OP_S_READ_EXPECT (a, "apple", 5)
3647
3648 OP_BEGIN_REPEAT (100)
3649
3650 OP_S_READ_EXPECT (a, script_40_data, sizeof(script_40_data))
3651
3652 OP_END_REPEAT ()
3653
3654 OP_S_EXPECT_FIN (a)
3655
3656 OP_C_EXPECT_CONN_CLOSE_INFO(0, 1, 0)
3657 OP_S_EXPECT_CONN_CLOSE_INFO(0, 1, 1)
3658
3659 OP_END
3660 };
3661
3662 /* 41. Fault injection - PATH_CHALLENGE yields PATH_RESPONSE */
3663 static const uint64_t path_challenge = UINT64_C(0xbdeb9451169c83aa);
3664
script_41_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)3665 static int script_41_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
3666 unsigned char *buf, size_t len)
3667 {
3668 int ok = 0;
3669 WPACKET wpkt;
3670 unsigned char frame_buf[16];
3671 size_t written;
3672
3673 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT)
3674 return 1;
3675
3676 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
3677 sizeof(frame_buf), 0)))
3678 return 0;
3679
3680 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word1))
3681 || !TEST_true(WPACKET_put_bytes_u64(&wpkt, path_challenge)))
3682 goto err;
3683
3684 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written))
3685 || !TEST_size_t_eq(written, 9))
3686 goto err;
3687
3688 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
3689 goto err;
3690
3691 --h->inject_word0;
3692 ok = 1;
3693 err:
3694 if (ok)
3695 WPACKET_finish(&wpkt);
3696 else
3697 WPACKET_cleanup(&wpkt);
3698 return ok;
3699 }
3700
script_41_trace(int write_p,int version,int content_type,const void * buf,size_t len,SSL * ssl,void * arg)3701 static void script_41_trace(int write_p, int version, int content_type,
3702 const void *buf, size_t len, SSL *ssl, void *arg)
3703 {
3704 uint64_t frame_type, frame_data;
3705 int was_minimal;
3706 struct helper *h = arg;
3707 PACKET pkt;
3708
3709 if (version != OSSL_QUIC1_VERSION
3710 || content_type != SSL3_RT_QUIC_FRAME_FULL
3711 || len < 1)
3712 return;
3713
3714 if (!TEST_true(PACKET_buf_init(&pkt, buf, len))) {
3715 ++h->scratch1;
3716 return;
3717 }
3718
3719 if (!TEST_true(ossl_quic_wire_peek_frame_header(&pkt, &frame_type,
3720 &was_minimal))) {
3721 ++h->scratch1;
3722 return;
3723 }
3724
3725 if (frame_type != OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE)
3726 return;
3727
3728 if (!TEST_true(ossl_quic_wire_decode_frame_path_response(&pkt, &frame_data))
3729 || !TEST_uint64_t_eq(frame_data, path_challenge)) {
3730 ++h->scratch1;
3731 return;
3732 }
3733
3734 ++h->scratch0;
3735 }
3736
script_41_setup(struct helper * h,struct helper_local * hl)3737 static int script_41_setup(struct helper *h, struct helper_local *hl)
3738 {
3739 ossl_quic_tserver_set_msg_callback(ACQUIRE_S(), script_41_trace, h);
3740 return 1;
3741 }
3742
script_41_check(struct helper * h,struct helper_local * hl)3743 static int script_41_check(struct helper *h, struct helper_local *hl)
3744 {
3745 /* At least one valid challenge/response echo? */
3746 if (!TEST_uint64_t_gt(h->scratch0, 0))
3747 return 0;
3748
3749 /* No failed tests? */
3750 if (!TEST_uint64_t_eq(h->scratch1, 0))
3751 return 0;
3752
3753 return 1;
3754 }
3755
3756 static const struct script_op script_41[] = {
3757 OP_S_SET_INJECT_PLAIN (script_41_inject_plain)
3758 OP_C_SET_ALPN ("ossltest")
3759 OP_C_CONNECT_WAIT ()
3760 OP_CHECK (script_41_setup, 0)
3761
3762 OP_C_WRITE (DEFAULT, "apple", 5)
3763 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3764 OP_S_READ_EXPECT (a, "apple", 5)
3765
3766 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_PATH_CHALLENGE)
3767
3768 OP_S_WRITE (a, "orange", 6)
3769 OP_C_READ_EXPECT (DEFAULT, "orange", 6)
3770
3771 OP_C_WRITE (DEFAULT, "strawberry", 10)
3772 OP_S_READ_EXPECT (a, "strawberry", 10)
3773
3774 OP_CHECK (script_41_check, 0)
3775 OP_END
3776 };
3777
3778 /* 42. Fault injection - CRYPTO frame with illegal offset */
script_42_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)3779 static int script_42_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
3780 unsigned char *buf, size_t len)
3781 {
3782 int ok = 0;
3783 unsigned char frame_buf[64];
3784 size_t written;
3785 WPACKET wpkt;
3786
3787 if (h->inject_word0 == 0)
3788 return 1;
3789
3790 --h->inject_word0;
3791
3792 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
3793 sizeof(frame_buf), 0)))
3794 return 0;
3795
3796 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_FRAME_TYPE_CRYPTO))
3797 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word1))
3798 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, 1))
3799 || !TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x42)))
3800 goto err;
3801
3802 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
3803 goto err;
3804
3805 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
3806 goto err;
3807
3808 ok = 1;
3809 err:
3810 if (ok)
3811 WPACKET_finish(&wpkt);
3812 else
3813 WPACKET_cleanup(&wpkt);
3814 return ok;
3815 }
3816
3817 static const struct script_op script_42[] = {
3818 OP_S_SET_INJECT_PLAIN (script_42_inject_plain)
3819 OP_C_SET_ALPN ("ossltest")
3820 OP_C_CONNECT_WAIT ()
3821 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3822
3823 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
3824 OP_C_WRITE (a, "apple", 5)
3825
3826 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3827 OP_S_READ_EXPECT (a, "apple", 5)
3828
3829 OP_SET_INJECT_WORD (1, (((uint64_t)1) << 62) - 1)
3830 OP_S_WRITE (a, "orange", 6)
3831
3832 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0)
3833
3834 OP_END
3835 };
3836
3837 /* 43. Fault injection - CRYPTO frame exceeding FC */
3838 static const struct script_op script_43[] = {
3839 OP_S_SET_INJECT_PLAIN (script_42_inject_plain)
3840 OP_C_SET_ALPN ("ossltest")
3841 OP_C_CONNECT_WAIT ()
3842 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3843
3844 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
3845 OP_C_WRITE (a, "apple", 5)
3846
3847 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3848 OP_S_READ_EXPECT (a, "apple", 5)
3849
3850 OP_SET_INJECT_WORD (1, 0x100000 /* 1 MiB */)
3851 OP_S_WRITE (a, "orange", 6)
3852
3853 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_CRYPTO_BUFFER_EXCEEDED,0,0)
3854
3855 OP_END
3856 };
3857
3858 /* 44. Fault injection - PADDING */
script_44_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)3859 static int script_44_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
3860 unsigned char *buf, size_t len)
3861 {
3862 int ok = 0;
3863 WPACKET wpkt;
3864 unsigned char frame_buf[16];
3865 size_t written;
3866
3867 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT)
3868 return 1;
3869
3870 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
3871 sizeof(frame_buf), 0)))
3872 return 0;
3873
3874 if (!TEST_true(ossl_quic_wire_encode_padding(&wpkt, 1)))
3875 goto err;
3876
3877 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
3878 goto err;
3879
3880 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
3881 goto err;
3882
3883 ok = 1;
3884 err:
3885 if (ok)
3886 WPACKET_finish(&wpkt);
3887 else
3888 WPACKET_cleanup(&wpkt);
3889 return ok;
3890 }
3891
3892 static const struct script_op script_44[] = {
3893 OP_S_SET_INJECT_PLAIN (script_44_inject_plain)
3894 OP_C_SET_ALPN ("ossltest")
3895 OP_C_CONNECT_WAIT ()
3896
3897 OP_C_WRITE (DEFAULT, "apple", 5)
3898 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3899 OP_S_READ_EXPECT (a, "apple", 5)
3900
3901 OP_SET_INJECT_WORD (1, 0)
3902
3903 OP_S_WRITE (a, "Strawberry", 10)
3904 OP_C_READ_EXPECT (DEFAULT, "Strawberry", 10)
3905
3906 OP_END
3907 };
3908
3909 /* 45. PING must generate ACK */
force_ping(struct helper * h,struct helper_local * hl)3910 static int force_ping(struct helper *h, struct helper_local *hl)
3911 {
3912 QUIC_CHANNEL *ch = ossl_quic_tserver_get_channel(ACQUIRE_S());
3913
3914 h->scratch0 = ossl_quic_channel_get_diag_num_rx_ack(ch);
3915
3916 if (!TEST_true(ossl_quic_tserver_ping(ACQUIRE_S())))
3917 return 0;
3918
3919 return 1;
3920 }
3921
wait_incoming_acks_increased(struct helper * h,struct helper_local * hl)3922 static int wait_incoming_acks_increased(struct helper *h, struct helper_local *hl)
3923 {
3924 QUIC_CHANNEL *ch = ossl_quic_tserver_get_channel(ACQUIRE_S());
3925 uint16_t count;
3926
3927 count = ossl_quic_channel_get_diag_num_rx_ack(ch);
3928
3929 if (count == h->scratch0) {
3930 h->check_spin_again = 1;
3931 return 0;
3932 }
3933
3934 return 1;
3935 }
3936
3937 static const struct script_op script_45[] = {
3938 OP_C_SET_ALPN ("ossltest")
3939 OP_C_CONNECT_WAIT ()
3940
3941 OP_C_WRITE (DEFAULT, "apple", 5)
3942 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3943 OP_S_READ_EXPECT (a, "apple", 5)
3944
3945 OP_BEGIN_REPEAT (2)
3946
3947 OP_CHECK (force_ping, 0)
3948 OP_CHECK (wait_incoming_acks_increased, 0)
3949
3950 OP_END_REPEAT ()
3951
3952 OP_S_WRITE (a, "Strawberry", 10)
3953 OP_C_READ_EXPECT (DEFAULT, "Strawberry", 10)
3954
3955 OP_END
3956 };
3957
3958 /* 46. Fault injection - ACK - malformed initial range */
script_46_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)3959 static int script_46_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
3960 unsigned char *buf, size_t len)
3961 {
3962 int ok = 0;
3963 WPACKET wpkt;
3964 unsigned char frame_buf[16];
3965 size_t written;
3966 uint64_t type = 0, largest_acked = 0, first_range = 0, range_count = 0;
3967 uint64_t agap = 0, alen = 0;
3968 uint64_t ect0 = 0, ect1 = 0, ecnce = 0;
3969
3970 if (h->inject_word0 == 0)
3971 return 1;
3972
3973 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
3974 sizeof(frame_buf), 0)))
3975 return 0;
3976
3977 type = OSSL_QUIC_FRAME_TYPE_ACK_WITHOUT_ECN;
3978
3979 switch (h->inject_word0) {
3980 case 1:
3981 largest_acked = 100;
3982 first_range = 101;
3983 range_count = 0;
3984 break;
3985 case 2:
3986 largest_acked = 100;
3987 first_range = 80;
3988 /* [20..100]; [0..18] */
3989 range_count = 1;
3990 agap = 0;
3991 alen = 19;
3992 break;
3993 case 3:
3994 largest_acked = 100;
3995 first_range = 80;
3996 range_count = 1;
3997 agap = 18;
3998 alen = 1;
3999 break;
4000 case 4:
4001 type = OSSL_QUIC_FRAME_TYPE_ACK_WITH_ECN;
4002 largest_acked = 100;
4003 first_range = 1;
4004 range_count = 0;
4005 break;
4006 case 5:
4007 type = OSSL_QUIC_FRAME_TYPE_ACK_WITH_ECN;
4008 largest_acked = 0;
4009 first_range = 0;
4010 range_count = 0;
4011 ect0 = 0;
4012 ect1 = 50;
4013 ecnce = 200;
4014 break;
4015 }
4016
4017 h->inject_word0 = 0;
4018
4019 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, type))
4020 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, largest_acked))
4021 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, /*ack_delay=*/0))
4022 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, /*ack_range_count=*/range_count))
4023 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, /*first_ack_range=*/first_range)))
4024 goto err;
4025
4026 if (range_count > 0)
4027 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, /*range[0].gap=*/agap))
4028 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, /*range[0].len=*/alen)))
4029 goto err;
4030
4031 if (type == OSSL_QUIC_FRAME_TYPE_ACK_WITH_ECN)
4032 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, ect0))
4033 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, ect1))
4034 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, ecnce)))
4035 goto err;
4036
4037 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
4038 goto err;
4039
4040 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
4041 goto err;
4042
4043 ok = 1;
4044 err:
4045 if (ok)
4046 WPACKET_finish(&wpkt);
4047 else
4048 WPACKET_cleanup(&wpkt);
4049 return ok;
4050 }
4051
4052 static const struct script_op script_46[] = {
4053 OP_S_SET_INJECT_PLAIN (script_46_inject_plain)
4054 OP_C_SET_ALPN ("ossltest")
4055 OP_C_CONNECT_WAIT ()
4056
4057 OP_C_WRITE (DEFAULT, "apple", 5)
4058 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4059 OP_S_READ_EXPECT (a, "apple", 5)
4060
4061 OP_SET_INJECT_WORD (1, 0)
4062
4063 OP_S_WRITE (a, "Strawberry", 10)
4064
4065 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0)
4066
4067 OP_END
4068 };
4069
4070 /* 47. Fault injection - ACK - malformed subsequent range */
4071 static const struct script_op script_47[] = {
4072 OP_S_SET_INJECT_PLAIN (script_46_inject_plain)
4073 OP_C_SET_ALPN ("ossltest")
4074 OP_C_CONNECT_WAIT ()
4075
4076 OP_C_WRITE (DEFAULT, "apple", 5)
4077 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4078 OP_S_READ_EXPECT (a, "apple", 5)
4079
4080 OP_SET_INJECT_WORD (2, 0)
4081
4082 OP_S_WRITE (a, "Strawberry", 10)
4083
4084 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0)
4085
4086 OP_END
4087 };
4088
4089 /* 48. Fault injection - ACK - malformed subsequent range */
4090 static const struct script_op script_48[] = {
4091 OP_S_SET_INJECT_PLAIN (script_46_inject_plain)
4092 OP_C_SET_ALPN ("ossltest")
4093 OP_C_CONNECT_WAIT ()
4094
4095 OP_C_WRITE (DEFAULT, "apple", 5)
4096 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4097 OP_S_READ_EXPECT (a, "apple", 5)
4098
4099 OP_SET_INJECT_WORD (3, 0)
4100
4101 OP_S_WRITE (a, "Strawberry", 10)
4102
4103 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0)
4104
4105 OP_END
4106 };
4107
4108 /* 49. Fault injection - ACK - fictional PN */
4109 static const struct script_op script_49[] = {
4110 OP_S_SET_INJECT_PLAIN (script_46_inject_plain)
4111 OP_C_SET_ALPN ("ossltest")
4112 OP_C_CONNECT_WAIT ()
4113
4114 OP_C_WRITE (DEFAULT, "apple", 5)
4115 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4116 OP_S_READ_EXPECT (a, "apple", 5)
4117
4118 OP_SET_INJECT_WORD (4, 0)
4119
4120 OP_S_WRITE (a, "Strawberry", 10)
4121 OP_C_READ_EXPECT (DEFAULT, "Strawberry", 10)
4122
4123 OP_END
4124 };
4125
4126 /* 50. Fault injection - ACK - duplicate PN */
4127 static const struct script_op script_50[] = {
4128 OP_S_SET_INJECT_PLAIN (script_46_inject_plain)
4129 OP_C_SET_ALPN ("ossltest")
4130 OP_C_CONNECT_WAIT ()
4131
4132 OP_C_WRITE (DEFAULT, "apple", 5)
4133 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4134 OP_S_READ_EXPECT (a, "apple", 5)
4135
4136 OP_BEGIN_REPEAT (2)
4137
4138 OP_SET_INJECT_WORD (5, 0)
4139
4140 OP_S_WRITE (a, "Strawberry", 10)
4141 OP_C_READ_EXPECT (DEFAULT, "Strawberry", 10)
4142
4143 OP_END_REPEAT ()
4144
4145 OP_END
4146 };
4147
4148 /* 51. Fault injection - PATH_RESPONSE is ignored */
4149 static const struct script_op script_51[] = {
4150 OP_S_SET_INJECT_PLAIN (script_41_inject_plain)
4151 OP_C_SET_ALPN ("ossltest")
4152 OP_C_CONNECT_WAIT ()
4153
4154 OP_C_WRITE (DEFAULT, "apple", 5)
4155 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4156 OP_S_READ_EXPECT (a, "apple", 5)
4157
4158 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE)
4159
4160 OP_S_WRITE (a, "orange", 6)
4161 OP_C_READ_EXPECT (DEFAULT, "orange", 6)
4162
4163 OP_C_WRITE (DEFAULT, "Strawberry", 10)
4164 OP_S_READ_EXPECT (a, "Strawberry", 10)
4165
4166 OP_END
4167 };
4168
4169 /* 52. Fault injection - ignore BLOCKED frames with bogus values */
script_52_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)4170 static int script_52_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
4171 unsigned char *buf, size_t len)
4172 {
4173 int ok = 0;
4174 unsigned char frame_buf[64];
4175 size_t written;
4176 WPACKET wpkt;
4177 uint64_t type = h->inject_word1;
4178
4179 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT)
4180 return 1;
4181
4182 --h->inject_word0;
4183
4184 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
4185 sizeof(frame_buf), 0)))
4186 return 0;
4187
4188 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, type)))
4189 goto err;
4190
4191 if (type == OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED)
4192 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, C_BIDI_ID(0))))
4193 goto err;
4194
4195 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, 0xFFFFFF)))
4196 goto err;
4197
4198 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
4199 goto err;
4200
4201 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
4202 goto err;
4203
4204 ok = 1;
4205 err:
4206 if (ok)
4207 WPACKET_finish(&wpkt);
4208 else
4209 WPACKET_cleanup(&wpkt);
4210 return ok;
4211 }
4212
4213 static const struct script_op script_52[] = {
4214 OP_S_SET_INJECT_PLAIN (script_52_inject_plain)
4215 OP_C_SET_ALPN ("ossltest")
4216 OP_C_CONNECT_WAIT ()
4217
4218 OP_C_WRITE (DEFAULT, "apple", 5)
4219 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4220 OP_S_READ_EXPECT (a, "apple", 5)
4221
4222 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_DATA_BLOCKED)
4223
4224 OP_S_WRITE (a, "orange", 6)
4225 OP_C_READ_EXPECT (DEFAULT, "orange", 6)
4226
4227 OP_C_WRITE (DEFAULT, "Strawberry", 10)
4228 OP_S_READ_EXPECT (a, "Strawberry", 10)
4229
4230 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED)
4231
4232 OP_S_WRITE (a, "orange", 6)
4233 OP_C_READ_EXPECT (DEFAULT, "orange", 6)
4234
4235 OP_C_WRITE (DEFAULT, "Strawberry", 10)
4236 OP_S_READ_EXPECT (a, "Strawberry", 10)
4237
4238 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_UNI)
4239
4240 OP_S_WRITE (a, "orange", 6)
4241 OP_C_READ_EXPECT (DEFAULT, "orange", 6)
4242
4243 OP_C_WRITE (DEFAULT, "Strawberry", 10)
4244 OP_S_READ_EXPECT (a, "Strawberry", 10)
4245
4246 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_BIDI)
4247
4248 OP_S_WRITE (a, "orange", 6)
4249 OP_C_READ_EXPECT (DEFAULT, "orange", 6)
4250
4251 OP_C_WRITE (DEFAULT, "Strawberry", 10)
4252 OP_S_READ_EXPECT (a, "Strawberry", 10)
4253
4254 OP_END
4255 };
4256
4257 /* 53. Fault injection - excess CRYPTO buffer size */
script_53_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)4258 static int script_53_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
4259 unsigned char *buf, size_t len)
4260 {
4261 int ok = 0;
4262 size_t written;
4263 WPACKET wpkt;
4264 uint64_t offset = 0, data_len = 100;
4265 unsigned char *frame_buf = NULL;
4266 size_t frame_len, i;
4267
4268 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT)
4269 return 1;
4270
4271 h->inject_word0 = 0;
4272
4273 switch (h->inject_word1) {
4274 case 0:
4275 /*
4276 * Far out offset which will not have been reached during handshake.
4277 * This will not be delivered to the QUIC_TLS instance since it will be
4278 * waiting for in-order delivery of previous bytes. This tests our flow
4279 * control on CRYPTO stream buffering.
4280 */
4281 offset = 100000;
4282 data_len = 1;
4283 break;
4284 }
4285
4286 frame_len = 1 + 8 + 8 + (size_t)data_len;
4287 if (!TEST_ptr(frame_buf = OPENSSL_malloc(frame_len)))
4288 return 0;
4289
4290 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf, frame_len, 0)))
4291 goto err;
4292
4293 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_FRAME_TYPE_CRYPTO))
4294 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, offset))
4295 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, data_len)))
4296 goto err;
4297
4298 for (i = 0; i < data_len; ++i)
4299 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x42)))
4300 goto err;
4301
4302 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
4303 goto err;
4304
4305 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
4306 goto err;
4307
4308 ok = 1;
4309 err:
4310 if (ok)
4311 WPACKET_finish(&wpkt);
4312 else
4313 WPACKET_cleanup(&wpkt);
4314 OPENSSL_free(frame_buf);
4315 return ok;
4316 }
4317
4318 static const struct script_op script_53[] = {
4319 OP_S_SET_INJECT_PLAIN (script_53_inject_plain)
4320 OP_C_SET_ALPN ("ossltest")
4321 OP_C_CONNECT_WAIT ()
4322
4323 OP_C_WRITE (DEFAULT, "apple", 5)
4324 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4325 OP_S_READ_EXPECT (a, "apple", 5)
4326
4327 OP_SET_INJECT_WORD (1, 0)
4328 OP_S_WRITE (a, "Strawberry", 10)
4329
4330 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_CRYPTO_BUFFER_EXCEEDED,0,0)
4331
4332 OP_END
4333 };
4334
4335 /* 54. Fault injection - corrupted crypto stream data */
script_54_inject_handshake(struct helper * h,unsigned char * buf,size_t buf_len)4336 static int script_54_inject_handshake(struct helper *h,
4337 unsigned char *buf, size_t buf_len)
4338 {
4339 size_t i;
4340
4341 for (i = 0; i < buf_len; ++i)
4342 buf[i] ^= 0xff;
4343
4344 return 1;
4345 }
4346
4347 static const struct script_op script_54[] = {
4348 OP_S_SET_INJECT_HANDSHAKE(script_54_inject_handshake)
4349 OP_C_SET_ALPN ("ossltest")
4350 OP_C_CONNECT_WAIT_OR_FAIL()
4351
4352 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_CRYPTO_UNEXPECTED_MESSAGE,0,0)
4353
4354 OP_END
4355 };
4356
4357 /* 55. Fault injection - NEW_CONN_ID with >20 byte CID */
4358 static const struct script_op script_55[] = {
4359 OP_S_SET_INJECT_PLAIN (script_39_inject_plain)
4360 OP_C_SET_ALPN ("ossltest")
4361 OP_C_CONNECT_WAIT ()
4362 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4363
4364 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
4365 OP_C_WRITE (a, "apple", 5)
4366 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4367 OP_S_READ_EXPECT (a, "apple", 5)
4368
4369 OP_SET_INJECT_WORD (0, 2)
4370 OP_S_WRITE (a, "orange", 5)
4371
4372 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0)
4373
4374 OP_END
4375 };
4376
4377 /* 56. Fault injection - NEW_CONN_ID with seq no < retire prior to */
4378 static const struct script_op script_56[] = {
4379 OP_S_SET_INJECT_PLAIN (script_39_inject_plain)
4380 OP_C_SET_ALPN ("ossltest")
4381 OP_C_CONNECT_WAIT ()
4382 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4383
4384 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
4385 OP_C_WRITE (a, "apple", 5)
4386 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4387 OP_S_READ_EXPECT (a, "apple", 5)
4388
4389 OP_SET_INJECT_WORD (0, 3)
4390 OP_S_WRITE (a, "orange", 5)
4391
4392 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0)
4393
4394 OP_END
4395 };
4396
4397 /* 57. Fault injection - NEW_CONN_ID with lower seq so ignored */
4398 static const struct script_op script_57[] = {
4399 OP_S_SET_INJECT_PLAIN (script_39_inject_plain)
4400 OP_C_SET_ALPN ("ossltest")
4401 OP_C_CONNECT_WAIT ()
4402 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4403
4404 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
4405 OP_C_WRITE (a, "apple", 5)
4406 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4407 OP_S_READ_EXPECT (a, "apple", 5)
4408
4409 OP_SET_INJECT_WORD (0, 4)
4410 OP_S_WRITE (a, "orange", 5)
4411 OP_C_READ_EXPECT (a, "orange", 5)
4412
4413 OP_C_WRITE (a, "Strawberry", 10)
4414 OP_S_READ_EXPECT (a, "Strawberry", 10)
4415
4416 /*
4417 * Now we send a NEW_CONN_ID with a bogus CID. However the sequence number
4418 * is old so it should be ignored and we should still be able to
4419 * communicate.
4420 */
4421 OP_SET_INJECT_WORD (0, 5)
4422 OP_S_WRITE (a, "raspberry", 9)
4423 OP_C_READ_EXPECT (a, "raspberry", 9)
4424
4425 OP_C_WRITE (a, "peach", 5)
4426 OP_S_READ_EXPECT (a, "peach", 5)
4427
4428 OP_END
4429 };
4430
4431 /* 58. Fault injection - repeated HANDSHAKE_DONE */
script_58_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)4432 static int script_58_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
4433 unsigned char *buf, size_t len)
4434 {
4435 int ok = 0;
4436 unsigned char frame_buf[64];
4437 size_t written;
4438 WPACKET wpkt;
4439
4440 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT)
4441 return 1;
4442
4443 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
4444 sizeof(frame_buf), 0)))
4445 return 0;
4446
4447 if (h->inject_word0 == 1) {
4448 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_FRAME_TYPE_HANDSHAKE_DONE)))
4449 goto err;
4450 } else {
4451 /* Needless multi-byte encoding */
4452 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x40))
4453 || !TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x1E)))
4454 goto err;
4455 }
4456
4457 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
4458 goto err;
4459
4460 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
4461 goto err;
4462
4463 ok = 1;
4464 err:
4465 if (ok)
4466 WPACKET_finish(&wpkt);
4467 else
4468 WPACKET_cleanup(&wpkt);
4469 return ok;
4470 }
4471
4472 static const struct script_op script_58[] = {
4473 OP_S_SET_INJECT_PLAIN (script_58_inject_plain)
4474 OP_C_SET_ALPN ("ossltest")
4475 OP_C_CONNECT_WAIT ()
4476
4477 OP_C_WRITE (DEFAULT, "apple", 5)
4478 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4479 OP_S_READ_EXPECT (a, "apple", 5)
4480
4481 OP_SET_INJECT_WORD (1, 0)
4482
4483 OP_S_WRITE (a, "orange", 6)
4484 OP_C_READ_EXPECT (DEFAULT, "orange", 6)
4485
4486 OP_C_WRITE (DEFAULT, "Strawberry", 10)
4487 OP_S_READ_EXPECT (a, "Strawberry", 10)
4488
4489 OP_END
4490 };
4491
4492 /* 59. Fault injection - multi-byte frame encoding */
4493 static const struct script_op script_59[] = {
4494 OP_S_SET_INJECT_PLAIN (script_58_inject_plain)
4495 OP_C_SET_ALPN ("ossltest")
4496 OP_C_CONNECT_WAIT ()
4497
4498 OP_C_WRITE (DEFAULT, "apple", 5)
4499 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4500 OP_S_READ_EXPECT (a, "apple", 5)
4501
4502 OP_SET_INJECT_WORD (2, 0)
4503
4504 OP_S_WRITE (a, "orange", 6)
4505
4506 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_PROTOCOL_VIOLATION,0,0)
4507
4508 OP_END
4509 };
4510
4511 /* 60. Connection close reason truncation */
4512 static char long_reason[2048];
4513
init_reason(struct helper * h,struct helper_local * hl)4514 static int init_reason(struct helper *h, struct helper_local *hl)
4515 {
4516 memset(long_reason, '~', sizeof(long_reason));
4517 memcpy(long_reason, "This is a long reason string.", 29);
4518 long_reason[OSSL_NELEM(long_reason) - 1] = '\0';
4519 return 1;
4520 }
4521
check_shutdown_reason(struct helper * h,struct helper_local * hl)4522 static int check_shutdown_reason(struct helper *h, struct helper_local *hl)
4523 {
4524 const QUIC_TERMINATE_CAUSE *tc = ossl_quic_tserver_get_terminate_cause(ACQUIRE_S());
4525
4526 if (tc == NULL) {
4527 h->check_spin_again = 1;
4528 return 0;
4529 }
4530
4531 if (!TEST_size_t_ge(tc->reason_len, 50)
4532 || !TEST_mem_eq(long_reason, tc->reason_len,
4533 tc->reason, tc->reason_len))
4534 return 0;
4535
4536 return 1;
4537 }
4538
4539 static const struct script_op script_60[] = {
4540 OP_C_SET_ALPN ("ossltest")
4541 OP_C_CONNECT_WAIT ()
4542
4543 OP_C_WRITE (DEFAULT, "apple", 5)
4544 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4545 OP_S_READ_EXPECT (a, "apple", 5)
4546
4547 OP_CHECK (init_reason, 0)
4548 OP_C_SHUTDOWN_WAIT (long_reason, 0)
4549 OP_CHECK (check_shutdown_reason, 0)
4550
4551 OP_END
4552 };
4553
4554 /* 61. Fault injection - RESET_STREAM exceeding stream count FC */
script_61_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)4555 static int script_61_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
4556 unsigned char *buf, size_t len)
4557 {
4558 int ok = 0;
4559 WPACKET wpkt;
4560 unsigned char frame_buf[32];
4561 size_t written;
4562
4563 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT)
4564 return 1;
4565
4566 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
4567 sizeof(frame_buf), 0)))
4568 return 0;
4569
4570 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word0))
4571 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, /* stream ID */
4572 h->inject_word1))
4573 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, 123))
4574 || (h->inject_word0 == OSSL_QUIC_FRAME_TYPE_RESET_STREAM
4575 && !TEST_true(WPACKET_quic_write_vlint(&wpkt, 0)))) /* final size */
4576 goto err;
4577
4578 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
4579 goto err;
4580
4581 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
4582 goto err;
4583
4584 ok = 1;
4585 err:
4586 if (ok)
4587 WPACKET_finish(&wpkt);
4588 else
4589 WPACKET_cleanup(&wpkt);
4590 return ok;
4591 }
4592
4593 static const struct script_op script_61[] = {
4594 OP_S_SET_INJECT_PLAIN (script_61_inject_plain)
4595 OP_C_SET_ALPN ("ossltest")
4596 OP_C_CONNECT_WAIT ()
4597 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4598
4599 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
4600 OP_C_WRITE (a, "orange", 6)
4601
4602 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4603 OP_S_READ_EXPECT (a, "orange", 6)
4604
4605 OP_SET_INJECT_WORD (OSSL_QUIC_FRAME_TYPE_RESET_STREAM,
4606 S_BIDI_ID(OSSL_QUIC_VLINT_MAX / 4))
4607 OP_S_WRITE (a, "fruit", 5)
4608
4609 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_LIMIT_ERROR,0,0)
4610
4611 OP_END
4612 };
4613
4614 /* 62. Fault injection - STOP_SENDING with high ID */
4615 static const struct script_op script_62[] = {
4616 OP_S_SET_INJECT_PLAIN (script_61_inject_plain)
4617 OP_C_SET_ALPN ("ossltest")
4618 OP_C_CONNECT_WAIT ()
4619 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4620
4621 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
4622 OP_C_WRITE (a, "orange", 6)
4623
4624 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4625 OP_S_READ_EXPECT (a, "orange", 6)
4626
4627 OP_SET_INJECT_WORD (OSSL_QUIC_FRAME_TYPE_STOP_SENDING,
4628 C_BIDI_ID(OSSL_QUIC_VLINT_MAX / 4))
4629 OP_S_WRITE (a, "fruit", 5)
4630
4631 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR,0,0)
4632
4633 OP_END
4634 };
4635
4636 /* 63. Fault injection - STREAM frame exceeding stream limit */
4637 static const struct script_op script_63[] = {
4638 OP_S_SET_INJECT_PLAIN (script_32_inject_plain)
4639 OP_C_SET_ALPN ("ossltest")
4640 OP_C_CONNECT_WAIT ()
4641 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4642
4643 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
4644 OP_C_WRITE (a, "apple", 5)
4645
4646 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4647 OP_S_READ_EXPECT (a, "apple", 5)
4648
4649 OP_SET_INJECT_WORD (S_BIDI_ID(5000) + 1, 4)
4650 OP_S_WRITE (a, "orange", 6)
4651
4652 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_LIMIT_ERROR,0,0)
4653
4654 OP_END
4655 };
4656
4657 /* 64. Fault injection - STREAM - zero-length no-FIN is accepted */
4658 static const struct script_op script_64[] = {
4659 OP_S_SET_INJECT_PLAIN (script_32_inject_plain)
4660 OP_C_SET_ALPN ("ossltest")
4661 OP_C_CONNECT_WAIT ()
4662 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4663
4664 OP_S_NEW_STREAM_UNI (a, S_UNI_ID(0))
4665 OP_S_WRITE (a, "apple", 5)
4666
4667 OP_C_ACCEPT_STREAM_WAIT (a)
4668 OP_C_READ_EXPECT (a, "apple", 5)
4669
4670 OP_SET_INJECT_WORD (S_BIDI_ID(20) + 1, 1)
4671 OP_S_WRITE (a, "orange", 6)
4672 OP_C_READ_EXPECT (a, "orange", 6)
4673
4674 OP_END
4675 };
4676
4677 /* 65. Fault injection - CRYPTO - zero-length is accepted */
script_65_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)4678 static int script_65_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
4679 unsigned char *buf, size_t len)
4680 {
4681 int ok = 0;
4682 unsigned char frame_buf[64];
4683 size_t written;
4684 WPACKET wpkt;
4685
4686 if (h->inject_word0 == 0)
4687 return 1;
4688
4689 --h->inject_word0;
4690
4691 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
4692 sizeof(frame_buf), 0)))
4693 return 0;
4694
4695 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_FRAME_TYPE_CRYPTO))
4696 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, 0))
4697 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, 0)))
4698 goto err;
4699
4700 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
4701 goto err;
4702
4703 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
4704 goto err;
4705
4706 ok = 1;
4707 err:
4708 if (ok)
4709 WPACKET_finish(&wpkt);
4710 else
4711 WPACKET_cleanup(&wpkt);
4712 return ok;
4713 }
4714
4715 static const struct script_op script_65[] = {
4716 OP_S_SET_INJECT_PLAIN (script_65_inject_plain)
4717 OP_C_SET_ALPN ("ossltest")
4718 OP_C_CONNECT_WAIT ()
4719 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4720
4721 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
4722 OP_C_WRITE (a, "apple", 5)
4723
4724 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4725 OP_S_READ_EXPECT (a, "apple", 5)
4726
4727 OP_SET_INJECT_WORD (1, 0)
4728 OP_S_WRITE (a, "orange", 6)
4729 OP_C_READ_EXPECT (a, "orange", 6)
4730
4731 OP_END
4732 };
4733
4734 /* 66. Fault injection - large MAX_STREAM_DATA */
script_66_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)4735 static int script_66_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
4736 unsigned char *buf, size_t len)
4737 {
4738 int ok = 0;
4739 WPACKET wpkt;
4740 unsigned char frame_buf[64];
4741 size_t written;
4742
4743 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT)
4744 return 1;
4745
4746 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
4747 sizeof(frame_buf), 0)))
4748 return 0;
4749
4750 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word1)))
4751 goto err;
4752
4753 if (h->inject_word1 == OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA)
4754 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, /* stream ID */
4755 h->inject_word0 - 1)))
4756 goto err;
4757
4758 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_VLINT_MAX)))
4759 goto err;
4760
4761 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
4762 goto err;
4763
4764 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
4765 goto err;
4766
4767 ok = 1;
4768 err:
4769 if (ok)
4770 WPACKET_finish(&wpkt);
4771 else
4772 WPACKET_cleanup(&wpkt);
4773 return ok;
4774 }
4775
4776 static const struct script_op script_66[] = {
4777 OP_S_SET_INJECT_PLAIN (script_66_inject_plain)
4778 OP_C_SET_ALPN ("ossltest")
4779 OP_C_CONNECT_WAIT ()
4780 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4781
4782 OP_S_NEW_STREAM_BIDI (a, S_BIDI_ID(0))
4783 OP_S_WRITE (a, "apple", 5)
4784
4785 OP_C_ACCEPT_STREAM_WAIT (a)
4786 OP_C_READ_EXPECT (a, "apple", 5)
4787
4788 OP_SET_INJECT_WORD (S_BIDI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA)
4789 OP_S_WRITE (a, "orange", 6)
4790 OP_C_READ_EXPECT (a, "orange", 6)
4791 OP_C_WRITE (a, "Strawberry", 10)
4792 OP_S_READ_EXPECT (a, "Strawberry", 10)
4793
4794 OP_END
4795 };
4796
4797 /* 67. Fault injection - large MAX_DATA */
4798 static const struct script_op script_67[] = {
4799 OP_S_SET_INJECT_PLAIN (script_66_inject_plain)
4800 OP_C_SET_ALPN ("ossltest")
4801 OP_C_CONNECT_WAIT ()
4802 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4803
4804 OP_S_NEW_STREAM_BIDI (a, S_BIDI_ID(0))
4805 OP_S_WRITE (a, "apple", 5)
4806
4807 OP_C_ACCEPT_STREAM_WAIT (a)
4808 OP_C_READ_EXPECT (a, "apple", 5)
4809
4810 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_MAX_DATA)
4811 OP_S_WRITE (a, "orange", 6)
4812 OP_C_READ_EXPECT (a, "orange", 6)
4813 OP_C_WRITE (a, "Strawberry", 10)
4814 OP_S_READ_EXPECT (a, "Strawberry", 10)
4815
4816 OP_END
4817 };
4818
4819 /* 68. Fault injection - Unexpected TLS messages */
script_68_inject_handshake(struct helper * h,unsigned char * msg,size_t msglen)4820 static int script_68_inject_handshake(struct helper *h, unsigned char *msg,
4821 size_t msglen)
4822 {
4823 const unsigned char *data;
4824 size_t datalen;
4825 const unsigned char certreq[] = {
4826 SSL3_MT_CERTIFICATE_REQUEST, /* CertificateRequest message */
4827 0, 0, 12, /* Length of message */
4828 1, 1, /* certificate_request_context */
4829 0, 8, /* Extensions block length */
4830 0, TLSEXT_TYPE_signature_algorithms, /* sig_algs extension*/
4831 0, 4, /* 4 bytes of sig algs extension*/
4832 0, 2, /* sigalgs list is 2 bytes long */
4833 8, 4 /* rsa_pss_rsae_sha256 */
4834 };
4835 const unsigned char keyupdate[] = {
4836 SSL3_MT_KEY_UPDATE, /* KeyUpdate message */
4837 0, 0, 1, /* Length of message */
4838 SSL_KEY_UPDATE_NOT_REQUESTED /* update_not_requested */
4839 };
4840
4841 /* We transform the NewSessionTicket message into something else */
4842 switch(h->inject_word0) {
4843 case 0:
4844 return 1;
4845
4846 case 1:
4847 /* CertificateRequest message */
4848 data = certreq;
4849 datalen = sizeof(certreq);
4850 break;
4851
4852 case 2:
4853 /* KeyUpdate message */
4854 data = keyupdate;
4855 datalen = sizeof(keyupdate);
4856 break;
4857
4858 default:
4859 return 0;
4860 }
4861
4862 if (!TEST_true(qtest_fault_resize_message(h->qtf,
4863 datalen - SSL3_HM_HEADER_LENGTH)))
4864 return 0;
4865
4866 memcpy(msg, data, datalen);
4867
4868 return 1;
4869 }
4870
4871 /* Send a CerticateRequest message post-handshake */
4872 static const struct script_op script_68[] = {
4873 OP_S_SET_INJECT_HANDSHAKE(script_68_inject_handshake)
4874 OP_C_SET_ALPN ("ossltest")
4875 OP_C_CONNECT_WAIT ()
4876 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4877
4878 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
4879 OP_C_WRITE (a, "apple", 5)
4880 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4881 OP_S_READ_EXPECT (a, "apple", 5)
4882
4883 OP_SET_INJECT_WORD (1, 0)
4884 OP_S_NEW_TICKET ()
4885 OP_S_WRITE (a, "orange", 6)
4886
4887 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_PROTOCOL_VIOLATION, 0, 0)
4888
4889 OP_END
4890 };
4891
4892 /* 69. Send a TLS KeyUpdate message post-handshake */
4893 static const struct script_op script_69[] = {
4894 OP_S_SET_INJECT_HANDSHAKE(script_68_inject_handshake)
4895 OP_C_SET_ALPN ("ossltest")
4896 OP_C_CONNECT_WAIT ()
4897 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4898
4899 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
4900 OP_C_WRITE (a, "apple", 5)
4901 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4902 OP_S_READ_EXPECT (a, "apple", 5)
4903
4904 OP_SET_INJECT_WORD (2, 0)
4905 OP_S_NEW_TICKET ()
4906 OP_S_WRITE (a, "orange", 6)
4907
4908 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_CRYPTO_ERR_BEGIN
4909 + SSL_AD_UNEXPECTED_MESSAGE, 0, 0)
4910
4911 OP_END
4912 };
4913
set_max_early_data(struct helper * h,struct helper_local * hl)4914 static int set_max_early_data(struct helper *h, struct helper_local *hl)
4915 {
4916
4917 if (!TEST_true(ossl_quic_tserver_set_max_early_data(ACQUIRE_S(),
4918 (uint32_t)hl->check_op->arg2)))
4919 return 0;
4920
4921 return 1;
4922 }
4923
4924 /* 70. Send a TLS NewSessionTicket message with invalid max_early_data */
4925 static const struct script_op script_70[] = {
4926 OP_C_SET_ALPN ("ossltest")
4927 OP_C_CONNECT_WAIT ()
4928 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4929
4930 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
4931 OP_C_WRITE (a, "apple", 5)
4932 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4933 OP_S_READ_EXPECT (a, "apple", 5)
4934
4935 OP_CHECK (set_max_early_data, 0xfffffffe)
4936 OP_S_NEW_TICKET ()
4937 OP_S_WRITE (a, "orange", 6)
4938
4939 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_PROTOCOL_VIOLATION, 0, 0)
4940
4941 OP_END
4942 };
4943
4944 /* 71. Send a TLS NewSessionTicket message with valid max_early_data */
4945 static const struct script_op script_71[] = {
4946 OP_C_SET_ALPN ("ossltest")
4947 OP_C_CONNECT_WAIT ()
4948 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4949
4950 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
4951 OP_C_WRITE (a, "apple", 5)
4952 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4953 OP_S_READ_EXPECT (a, "apple", 5)
4954
4955 OP_CHECK (set_max_early_data, 0xffffffff)
4956 OP_S_NEW_TICKET ()
4957 OP_S_WRITE (a, "orange", 6)
4958 OP_C_READ_EXPECT (a, "orange", 6)
4959
4960 OP_END
4961 };
4962
4963 /* 72. Test that APL stops handing out streams after limit reached (bidi) */
script_72_check(struct helper * h,struct helper_local * hl)4964 static int script_72_check(struct helper *h, struct helper_local *hl)
4965 {
4966 if (!TEST_uint64_t_ge(h->fail_count, 50))
4967 return 0;
4968
4969 return 1;
4970 }
4971
4972 static const struct script_op script_72[] = {
4973 OP_C_SET_ALPN ("ossltest")
4974 OP_C_CONNECT_WAIT ()
4975 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4976
4977 /*
4978 * Request more streams than a server will initially hand out and test that
4979 * they fail properly.
4980 */
4981 OP_BEGIN_REPEAT (200)
4982
4983 OP_C_NEW_STREAM_BIDI_EX (a, ANY_ID, ALLOW_FAIL | SSL_STREAM_FLAG_NO_BLOCK)
4984 OP_C_SKIP_IF_UNBOUND (a, 2)
4985 OP_C_WRITE (a, "apple", 5)
4986 OP_C_FREE_STREAM (a)
4987
4988 OP_END_REPEAT ()
4989
4990 OP_CHECK (script_72_check, 0)
4991
4992 OP_END
4993 };
4994
4995 /* 73. Test that APL stops handing out streams after limit reached (uni) */
4996 static const struct script_op script_73[] = {
4997 OP_C_SET_ALPN ("ossltest")
4998 OP_C_CONNECT_WAIT ()
4999 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
5000
5001 /*
5002 * Request more streams than a server will initially hand out and test that
5003 * they fail properly.
5004 */
5005 OP_BEGIN_REPEAT (200)
5006
5007 OP_C_NEW_STREAM_UNI_EX (a, ANY_ID, ALLOW_FAIL | SSL_STREAM_FLAG_NO_BLOCK)
5008 OP_C_SKIP_IF_UNBOUND (a, 2)
5009 OP_C_WRITE (a, "apple", 5)
5010 OP_C_FREE_STREAM (a)
5011
5012 OP_END_REPEAT ()
5013
5014 OP_CHECK (script_72_check, 0)
5015
5016 OP_END
5017 };
5018
5019 /* 74. Version negotiation: QUIC_VERSION_1 ignored */
generate_version_neg(WPACKET * wpkt,uint32_t version)5020 static int generate_version_neg(WPACKET *wpkt, uint32_t version)
5021 {
5022 QUIC_PKT_HDR hdr = {0};
5023
5024 hdr.type = QUIC_PKT_TYPE_VERSION_NEG;
5025 hdr.version = 0;
5026 hdr.fixed = 1;
5027 hdr.dst_conn_id.id_len = 0;
5028 hdr.src_conn_id.id_len = 8;
5029 memset(hdr.src_conn_id.id, 0x55, 8);
5030
5031 if (!TEST_true(ossl_quic_wire_encode_pkt_hdr(wpkt, 0, &hdr, NULL)))
5032 return 0;
5033
5034 if (!TEST_true(WPACKET_put_bytes_u32(wpkt, version)))
5035 return 0;
5036
5037 return 1;
5038 }
5039
server_gen_version_neg(struct helper * h,BIO_MSG * msg,size_t stride)5040 static int server_gen_version_neg(struct helper *h, BIO_MSG *msg, size_t stride)
5041 {
5042 int rc = 0, have_wpkt = 0;
5043 size_t l;
5044 WPACKET wpkt;
5045 BUF_MEM *buf = NULL;
5046 uint32_t version;
5047
5048 switch (h->inject_word0) {
5049 case 0:
5050 return 1;
5051 case 1:
5052 version = QUIC_VERSION_1;
5053 break;
5054 default:
5055 version = 0x5432abcd;
5056 break;
5057 }
5058
5059 if (!TEST_ptr(buf = BUF_MEM_new()))
5060 goto err;
5061
5062 if (!TEST_true(WPACKET_init(&wpkt, buf)))
5063 goto err;
5064
5065 have_wpkt = 1;
5066
5067 generate_version_neg(&wpkt, version);
5068
5069 if (!TEST_true(WPACKET_get_total_written(&wpkt, &l)))
5070 goto err;
5071
5072 if (!TEST_true(qtest_fault_resize_datagram(h->qtf, l)))
5073 return 0;
5074
5075 memcpy(msg->data, buf->data, l);
5076 h->inject_word0 = 0;
5077
5078 rc = 1;
5079 err:
5080 if (have_wpkt)
5081 WPACKET_finish(&wpkt);
5082
5083 BUF_MEM_free(buf);
5084 return rc;
5085 }
5086
5087 static int do_mutation = 0;
5088 static QUIC_PKT_HDR *hdr_to_free = NULL;
5089
5090 /*
5091 * Check packets to transmit, if we have an initial packet
5092 * Modify the version number to something incorrect
5093 * so that we trigger a version negotiation
5094 * Note, this is a use once function, it will only modify the
5095 * first INITIAL packet it sees, after which it needs to be
5096 * armed again
5097 */
script_74_alter_version(const QUIC_PKT_HDR * hdrin,const OSSL_QTX_IOVEC * iovecin,size_t numin,QUIC_PKT_HDR ** hdrout,const OSSL_QTX_IOVEC ** iovecout,size_t * numout,void * arg)5098 static int script_74_alter_version(const QUIC_PKT_HDR *hdrin,
5099 const OSSL_QTX_IOVEC *iovecin, size_t numin,
5100 QUIC_PKT_HDR **hdrout,
5101 const OSSL_QTX_IOVEC **iovecout,
5102 size_t *numout,
5103 void *arg)
5104 {
5105 *hdrout = OPENSSL_memdup(hdrin, sizeof(QUIC_PKT_HDR));
5106 *iovecout = iovecin;
5107 *numout = numin;
5108 hdr_to_free = *hdrout;
5109
5110 if (do_mutation == 0)
5111 return 1;
5112 do_mutation = 0;
5113
5114 if (hdrin->type == QUIC_PKT_TYPE_INITIAL)
5115 (*hdrout)->version = 0xdeadbeef;
5116 return 1;
5117 }
5118
script_74_finish_mutation(void * arg)5119 static void script_74_finish_mutation(void *arg)
5120 {
5121 OPENSSL_free(hdr_to_free);
5122 }
5123
5124 /*
5125 * Enable the packet mutator for the client channel
5126 * So that when we send a Initial packet
5127 * We modify the version to be something invalid
5128 * to force a version negotiation
5129 */
script_74_arm_packet_mutator(struct helper * h,struct helper_local * hl)5130 static int script_74_arm_packet_mutator(struct helper *h,
5131 struct helper_local *hl)
5132 {
5133 QUIC_CHANNEL *ch = ossl_quic_conn_get_channel(h->c_conn);
5134
5135 do_mutation = 1;
5136 if (!ossl_quic_channel_set_mutator(ch, script_74_alter_version,
5137 script_74_finish_mutation,
5138 NULL))
5139 return 0;
5140 return 1;
5141 }
5142
5143 static const struct script_op script_74[] = {
5144 OP_CHECK (script_74_arm_packet_mutator, 0)
5145 OP_C_SET_ALPN ("ossltest")
5146 OP_C_CONNECT_WAIT ()
5147
5148 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
5149
5150 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
5151 OP_C_WRITE (a, "apple", 5)
5152 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
5153 OP_S_READ_EXPECT (a, "apple", 5)
5154
5155 OP_END
5156 };
5157
5158 /* 75. Version negotiation: Unknown version causes connection abort */
5159 static const struct script_op script_75[] = {
5160 OP_S_SET_INJECT_DATAGRAM (server_gen_version_neg)
5161 OP_SET_INJECT_WORD (2, 0)
5162
5163 OP_C_SET_ALPN ("ossltest")
5164 OP_C_CONNECT_WAIT_OR_FAIL()
5165
5166 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_CONNECTION_REFUSED,0,0)
5167
5168 OP_END
5169 };
5170
5171 /* 76. Test peer-initiated shutdown wait */
script_76_check(struct helper * h,struct helper_local * hl)5172 static int script_76_check(struct helper *h, struct helper_local *hl)
5173 {
5174 if (!TEST_false(SSL_shutdown_ex(h->c_conn,
5175 SSL_SHUTDOWN_FLAG_WAIT_PEER
5176 | SSL_SHUTDOWN_FLAG_NO_BLOCK,
5177 NULL, 0)))
5178 return 0;
5179
5180 return 1;
5181 }
5182
5183 static const struct script_op script_76[] = {
5184 OP_C_SET_ALPN ("ossltest")
5185 OP_C_CONNECT_WAIT ()
5186 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
5187
5188 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
5189 OP_C_WRITE (a, "apple", 5)
5190
5191 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
5192 OP_S_READ_EXPECT (a, "apple", 5)
5193
5194 /* Check a WAIT_PEER call doesn't succeed yet. */
5195 OP_CHECK (script_76_check, 0)
5196 OP_S_SHUTDOWN (42)
5197
5198 OP_C_SHUTDOWN_WAIT (NULL, SSL_SHUTDOWN_FLAG_WAIT_PEER)
5199 OP_C_EXPECT_CONN_CLOSE_INFO(42, 1, 1)
5200
5201 OP_END
5202 };
5203
5204 /* 77. Ensure default stream popping operates correctly */
5205 static const struct script_op script_77[] = {
5206 OP_C_SET_ALPN ("ossltest")
5207 OP_C_CONNECT_WAIT ()
5208
5209 OP_C_SET_INCOMING_STREAM_POLICY(SSL_INCOMING_STREAM_POLICY_ACCEPT)
5210
5211 OP_S_NEW_STREAM_BIDI (a, S_BIDI_ID(0))
5212 OP_S_WRITE (a, "Strawberry", 10)
5213
5214 OP_C_READ_EXPECT (DEFAULT, "Strawberry", 10)
5215
5216 OP_S_NEW_STREAM_BIDI (b, S_BIDI_ID(1))
5217 OP_S_WRITE (b, "xyz", 3)
5218
5219 OP_C_ACCEPT_STREAM_WAIT (b)
5220 OP_C_READ_EXPECT (b, "xyz", 3)
5221
5222 OP_END
5223 };
5224
5225 /* 78. Post-connection session ticket handling */
5226 static size_t new_session_count;
5227
on_new_session(SSL * s,SSL_SESSION * sess)5228 static int on_new_session(SSL *s, SSL_SESSION *sess)
5229 {
5230 ++new_session_count;
5231 return 0; /* do not ref session, we aren't keeping it */
5232 }
5233
setup_session(struct helper * h,struct helper_local * hl)5234 static int setup_session(struct helper *h, struct helper_local *hl)
5235 {
5236 SSL_CTX_set_session_cache_mode(h->c_ctx, SSL_SESS_CACHE_BOTH);
5237 SSL_CTX_sess_set_new_cb(h->c_ctx, on_new_session);
5238 return 1;
5239 }
5240
trigger_late_session_ticket(struct helper * h,struct helper_local * hl)5241 static int trigger_late_session_ticket(struct helper *h, struct helper_local *hl)
5242 {
5243 new_session_count = 0;
5244
5245 if (!TEST_true(ossl_quic_tserver_new_ticket(ACQUIRE_S())))
5246 return 0;
5247
5248 return 1;
5249 }
5250
check_got_session_ticket(struct helper * h,struct helper_local * hl)5251 static int check_got_session_ticket(struct helper *h, struct helper_local *hl)
5252 {
5253 if (!TEST_size_t_gt(new_session_count, 0))
5254 return 0;
5255
5256 return 1;
5257 }
5258
5259 static int check_idle_timeout(struct helper *h, struct helper_local *hl);
5260
5261 static const struct script_op script_78[] = {
5262 OP_C_SET_ALPN ("ossltest")
5263 OP_CHECK (setup_session, 0)
5264 OP_C_CONNECT_WAIT ()
5265
5266 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
5267
5268 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
5269 OP_C_WRITE (a, "apple", 5)
5270
5271 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
5272 OP_S_READ_EXPECT (a, "apple", 5)
5273
5274 OP_S_WRITE (a, "orange", 6)
5275 OP_C_READ_EXPECT (a, "orange", 6)
5276
5277 OP_CHECK (trigger_late_session_ticket, 0)
5278
5279 OP_S_WRITE (a, "Strawberry", 10)
5280 OP_C_READ_EXPECT (a, "Strawberry", 10)
5281
5282 OP_CHECK (check_got_session_ticket, 0)
5283 OP_CHECK2 (check_idle_timeout,
5284 SSL_VALUE_CLASS_FEATURE_NEGOTIATED, 30000)
5285
5286 OP_END
5287 };
5288
5289 /* 79. Optimised FIN test */
5290 static const struct script_op script_79[] = {
5291 OP_C_SET_ALPN ("ossltest")
5292 OP_C_CONNECT_WAIT ()
5293 OP_C_WRITE_EX2 (DEFAULT, "apple", 5, SSL_WRITE_FLAG_CONCLUDE)
5294 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
5295 OP_S_READ_EXPECT (a, "apple", 5)
5296 OP_S_EXPECT_FIN (a)
5297 OP_S_WRITE (a, "orange", 6)
5298 OP_S_CONCLUDE (a)
5299 OP_C_READ_EXPECT (DEFAULT, "orange", 6)
5300 OP_C_EXPECT_FIN (DEFAULT)
5301 OP_END
5302 };
5303
5304 /* 80. Stateless reset detection test */
5305 static QUIC_STATELESS_RESET_TOKEN test_reset_token = {
5306 { 0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef,
5307 0xde, 0xad, 0xbe, 0xef }};
5308
5309 /*
5310 * Generate a packet in the following format:
5311 * https://www.rfc-editor.org/rfc/rfc9000.html#name-stateless-reset
5312 * Stateless Reset {
5313 * Fixed Bits (2): 1
5314 * Unpredictable bits (38..)
5315 * Stateless reset token (128)
5316 * }
5317 */
script_80_send_stateless_reset(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)5318 static int script_80_send_stateless_reset(struct helper *h, QUIC_PKT_HDR *hdr,
5319 unsigned char *buf, size_t len)
5320 {
5321 unsigned char databuf[64];
5322
5323 if (h->inject_word1 == 0)
5324 return 1;
5325
5326 h->inject_word1 = 0;
5327
5328 fprintf(stderr, "Sending stateless reset\n");
5329
5330 RAND_bytes(databuf, 64);
5331 databuf[0] = 0x40;
5332 memcpy(&databuf[48], test_reset_token.token,
5333 sizeof(test_reset_token.token));
5334
5335 if (!TEST_int_eq(SSL_inject_net_dgram(h->c_conn, databuf, sizeof(databuf),
5336 NULL, h->s_net_bio_addr), 1))
5337 return 0;
5338
5339 return 1;
5340 }
5341
script_80_gen_new_conn_id(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)5342 static int script_80_gen_new_conn_id(struct helper *h, QUIC_PKT_HDR *hdr,
5343 unsigned char *buf, size_t len)
5344 {
5345 int rc = 0;
5346 size_t l;
5347 unsigned char frame_buf[64];
5348 WPACKET wpkt;
5349 QUIC_CONN_ID new_cid = {0};
5350 OSSL_QUIC_FRAME_NEW_CONN_ID ncid = {0};
5351 QUIC_CHANNEL *ch = ossl_quic_tserver_get_channel(ACQUIRE_S_NOHL());
5352
5353 if (h->inject_word0 == 0)
5354 return 1;
5355
5356 h->inject_word0 = 0;
5357
5358 fprintf(stderr, "sending new conn id\n");
5359 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
5360 sizeof(frame_buf), 0)))
5361 return 0;
5362
5363 ossl_quic_channel_get_diag_local_cid(ch, &new_cid);
5364
5365 ncid.seq_num = 2;
5366 ncid.retire_prior_to = 2;
5367 ncid.conn_id = new_cid;
5368 memcpy(ncid.stateless_reset.token, test_reset_token.token,
5369 sizeof(test_reset_token.token));
5370
5371 if (!TEST_true(ossl_quic_wire_encode_frame_new_conn_id(&wpkt, &ncid)))
5372 goto err;
5373
5374 if (!TEST_true(WPACKET_get_total_written(&wpkt, &l)))
5375 goto err;
5376
5377 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, l))
5378 goto err;
5379
5380 rc = 1;
5381 err:
5382 if (rc)
5383 WPACKET_finish(&wpkt);
5384 else
5385 WPACKET_cleanup(&wpkt);
5386
5387 return rc;
5388 }
5389
script_80_inject_pkt(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)5390 static int script_80_inject_pkt(struct helper *h, QUIC_PKT_HDR *hdr,
5391 unsigned char *buf, size_t len)
5392 {
5393 if (h->inject_word1 == 1)
5394 return script_80_send_stateless_reset(h, hdr, buf, len);
5395 else if (h->inject_word0 == 1)
5396 return script_80_gen_new_conn_id(h, hdr, buf, len);
5397
5398 return 1;
5399 }
5400
5401 static const struct script_op script_80[] = {
5402 OP_S_SET_INJECT_PLAIN (script_80_inject_pkt)
5403 OP_C_SET_ALPN ("ossltest")
5404 OP_C_CONNECT_WAIT ()
5405 OP_C_WRITE (DEFAULT, "apple", 5)
5406 OP_C_CONCLUDE (DEFAULT)
5407 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
5408 OP_S_READ_EXPECT (a, "apple", 5)
5409 OP_SET_INJECT_WORD (1, 0)
5410 OP_S_WRITE (a, "apple", 5)
5411 OP_C_READ_EXPECT (DEFAULT, "apple", 5)
5412 OP_SET_INJECT_WORD (0, 1)
5413 OP_S_WRITE (a, "apple", 5)
5414 OP_C_EXPECT_CONN_CLOSE_INFO (0, 0, 1)
5415 OP_END
5416 };
5417
5418 /* 81. Idle timeout configuration */
modify_idle_timeout(struct helper * h,struct helper_local * hl)5419 static int modify_idle_timeout(struct helper *h, struct helper_local *hl)
5420 {
5421 uint64_t v = 0;
5422
5423 /* Test bad value is rejected. */
5424 if (!TEST_false(SSL_set_feature_request_uint(h->c_conn,
5425 SSL_VALUE_QUIC_IDLE_TIMEOUT,
5426 (1ULL << 62))))
5427 return 0;
5428
5429 /* Set value. */
5430 if (!TEST_true(SSL_set_feature_request_uint(h->c_conn,
5431 SSL_VALUE_QUIC_IDLE_TIMEOUT,
5432 hl->check_op->arg2)))
5433 return 0;
5434
5435 if (!TEST_true(SSL_get_feature_request_uint(h->c_conn,
5436 SSL_VALUE_QUIC_IDLE_TIMEOUT,
5437 &v)))
5438 return 0;
5439
5440 if (!TEST_uint64_t_eq(v, hl->check_op->arg2))
5441 return 0;
5442
5443 return 1;
5444 }
5445
check_idle_timeout(struct helper * h,struct helper_local * hl)5446 static int check_idle_timeout(struct helper *h, struct helper_local *hl)
5447 {
5448 uint64_t v = 0;
5449
5450 if (!TEST_true(SSL_get_value_uint(h->c_conn, hl->check_op->arg1,
5451 SSL_VALUE_QUIC_IDLE_TIMEOUT,
5452 &v)))
5453 return 0;
5454
5455 if (!TEST_uint64_t_eq(v, hl->check_op->arg2))
5456 return 0;
5457
5458 return 1;
5459 }
5460
5461 static const struct script_op script_81[] = {
5462 OP_C_SET_ALPN ("ossltest")
5463 OP_CHECK (modify_idle_timeout, 25000)
5464 OP_C_CONNECT_WAIT ()
5465
5466 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
5467
5468 OP_CHECK2 (check_idle_timeout,
5469 SSL_VALUE_CLASS_FEATURE_PEER_REQUEST, 30000)
5470 OP_CHECK2 (check_idle_timeout,
5471 SSL_VALUE_CLASS_FEATURE_NEGOTIATED, 25000)
5472
5473 OP_END
5474 };
5475
5476 /* 82. Negotiated default idle timeout if not configured */
5477 static const struct script_op script_82[] = {
5478 OP_C_SET_ALPN ("ossltest")
5479 OP_C_CONNECT_WAIT ()
5480
5481 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
5482
5483 OP_CHECK2 (check_idle_timeout,
5484 SSL_VALUE_CLASS_FEATURE_PEER_REQUEST, 30000)
5485 OP_CHECK2 (check_idle_timeout,
5486 SSL_VALUE_CLASS_FEATURE_NEGOTIATED, 30000)
5487
5488 OP_END
5489 };
5490
5491 /* 83. No late changes to idle timeout */
cannot_change_idle_timeout(struct helper * h,struct helper_local * hl)5492 static int cannot_change_idle_timeout(struct helper *h, struct helper_local *hl)
5493 {
5494 uint64_t v = 0;
5495
5496 if (!TEST_true(SSL_get_feature_request_uint(h->c_conn,
5497 SSL_VALUE_QUIC_IDLE_TIMEOUT,
5498 &v)))
5499 return 0;
5500
5501 if (!TEST_uint64_t_eq(v, 30000))
5502 return 0;
5503
5504 if (!TEST_false(SSL_set_feature_request_uint(h->c_conn,
5505 SSL_VALUE_QUIC_IDLE_TIMEOUT,
5506 5000)))
5507 return 0;
5508
5509 return 1;
5510 }
5511
5512 static const struct script_op script_83[] = {
5513 OP_C_SET_ALPN ("ossltest")
5514 OP_C_CONNECT_WAIT ()
5515
5516 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
5517
5518 OP_CHECK (cannot_change_idle_timeout, 0)
5519 OP_CHECK2 (check_idle_timeout,
5520 SSL_VALUE_CLASS_FEATURE_PEER_REQUEST, 30000)
5521 OP_CHECK2 (check_idle_timeout,
5522 SSL_VALUE_CLASS_FEATURE_NEGOTIATED, 30000)
5523
5524 OP_END
5525 };
5526
5527 /* 84. Test query of available streams */
check_avail_streams(struct helper * h,struct helper_local * hl)5528 static int check_avail_streams(struct helper *h, struct helper_local *hl)
5529 {
5530 uint64_t v = 0;
5531
5532 switch (hl->check_op->arg1) {
5533 case 0:
5534 if (!TEST_true(SSL_get_quic_stream_bidi_local_avail(h->c_conn, &v)))
5535 return 0;
5536 break;
5537 case 1:
5538 if (!TEST_true(SSL_get_quic_stream_bidi_remote_avail(h->c_conn, &v)))
5539 return 0;
5540 break;
5541 case 2:
5542 if (!TEST_true(SSL_get_quic_stream_uni_local_avail(h->c_conn, &v)))
5543 return 0;
5544 break;
5545 case 3:
5546 if (!TEST_true(SSL_get_quic_stream_uni_remote_avail(h->c_conn, &v)))
5547 return 0;
5548 break;
5549 default:
5550 return 0;
5551 }
5552
5553 if (!TEST_uint64_t_eq(v, hl->check_op->arg2))
5554 return 0;
5555
5556 return 1;
5557 }
5558
5559 static int set_event_handling_mode_conn(struct helper *h, struct helper_local *hl);
5560 static int reenable_test_event_handling(struct helper *h, struct helper_local *hl);
5561
check_write_buf_stat(struct helper * h,struct helper_local * hl)5562 static int check_write_buf_stat(struct helper *h, struct helper_local *hl)
5563 {
5564 SSL *c_a;
5565 uint64_t size, used, avail;
5566
5567 if (!TEST_ptr(c_a = helper_local_get_c_stream(hl, "a")))
5568 return 0;
5569
5570 if (!TEST_true(SSL_get_stream_write_buf_size(c_a, &size))
5571 || !TEST_true(SSL_get_stream_write_buf_used(c_a, &used))
5572 || !TEST_true(SSL_get_stream_write_buf_avail(c_a, &avail))
5573 || !TEST_uint64_t_ge(size, avail)
5574 || !TEST_uint64_t_ge(size, used)
5575 || !TEST_uint64_t_eq(avail + used, size))
5576 return 0;
5577
5578 if (!TEST_uint64_t_eq(used, hl->check_op->arg1))
5579 return 0;
5580
5581 return 1;
5582 }
5583
5584 static const struct script_op script_84[] = {
5585 OP_C_SET_ALPN ("ossltest")
5586 OP_C_CONNECT_WAIT ()
5587
5588 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
5589
5590 OP_CHECK2 (check_avail_streams, 0, 100)
5591 OP_CHECK2 (check_avail_streams, 1, 100)
5592 OP_CHECK2 (check_avail_streams, 2, 100)
5593 OP_CHECK2 (check_avail_streams, 3, 100)
5594
5595 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
5596
5597 OP_CHECK2 (check_avail_streams, 0, 99)
5598 OP_CHECK2 (check_avail_streams, 1, 100)
5599 OP_CHECK2 (check_avail_streams, 2, 100)
5600 OP_CHECK2 (check_avail_streams, 3, 100)
5601
5602 OP_C_NEW_STREAM_UNI (b, C_UNI_ID(0))
5603
5604 OP_CHECK2 (check_avail_streams, 0, 99)
5605 OP_CHECK2 (check_avail_streams, 1, 100)
5606 OP_CHECK2 (check_avail_streams, 2, 99)
5607 OP_CHECK2 (check_avail_streams, 3, 100)
5608
5609 OP_S_NEW_STREAM_BIDI (c, S_BIDI_ID(0))
5610 OP_S_WRITE (c, "x", 1)
5611
5612 OP_C_ACCEPT_STREAM_WAIT (c)
5613 OP_C_READ_EXPECT (c, "x", 1)
5614
5615 OP_CHECK2 (check_avail_streams, 0, 99)
5616 OP_CHECK2 (check_avail_streams, 1, 99)
5617 OP_CHECK2 (check_avail_streams, 2, 99)
5618 OP_CHECK2 (check_avail_streams, 3, 100)
5619
5620 OP_S_NEW_STREAM_UNI (d, S_UNI_ID(0))
5621 OP_S_WRITE (d, "x", 1)
5622
5623 OP_C_ACCEPT_STREAM_WAIT (d)
5624 OP_C_READ_EXPECT (d, "x", 1)
5625
5626 OP_CHECK2 (check_avail_streams, 0, 99)
5627 OP_CHECK2 (check_avail_streams, 1, 99)
5628 OP_CHECK2 (check_avail_streams, 2, 99)
5629 OP_CHECK2 (check_avail_streams, 3, 99)
5630
5631 OP_CHECK2 (check_write_buf_stat, 0, 0)
5632 OP_CHECK (set_event_handling_mode_conn,
5633 SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT)
5634 OP_C_WRITE (a, "apple", 5)
5635 OP_CHECK2 (check_write_buf_stat, 5, 0)
5636
5637 OP_CHECK (reenable_test_event_handling, 0)
5638
5639 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
5640 OP_S_READ_EXPECT (a, "apple", 5)
5641 OP_S_WRITE (a, "orange", 6)
5642 OP_C_READ_EXPECT (a, "orange", 6)
5643
5644 OP_END
5645 };
5646
5647 /* 85. Test SSL_poll (lite, non-blocking) */
script_85_poll(struct helper * h,struct helper_local * hl)5648 ossl_unused static int script_85_poll(struct helper *h, struct helper_local *hl)
5649 {
5650 int ok = 1, ret, expected_ret = 1;
5651 static const struct timeval timeout = {0};
5652 size_t result_count, expected_result_count = 0;
5653 SSL_POLL_ITEM items[5] = {0}, *item = items;
5654 SSL *c_a, *c_b, *c_c, *c_d;
5655 size_t i;
5656 uint64_t mode, expected_revents[5] = {0};
5657
5658 if (!TEST_ptr(c_a = helper_local_get_c_stream(hl, "a"))
5659 || !TEST_ptr(c_b = helper_local_get_c_stream(hl, "b"))
5660 || !TEST_ptr(c_c = helper_local_get_c_stream(hl, "c"))
5661 || !TEST_ptr(c_d = helper_local_get_c_stream(hl, "d")))
5662 return 0;
5663
5664 item->desc = SSL_as_poll_descriptor(c_a);
5665 item->events = UINT64_MAX;
5666 item->revents = UINT64_MAX;
5667 ++item;
5668
5669 item->desc = SSL_as_poll_descriptor(c_b);
5670 item->events = UINT64_MAX;
5671 item->revents = UINT64_MAX;
5672 ++item;
5673
5674 item->desc = SSL_as_poll_descriptor(c_c);
5675 item->events = UINT64_MAX;
5676 item->revents = UINT64_MAX;
5677 ++item;
5678
5679 item->desc = SSL_as_poll_descriptor(c_d);
5680 item->events = UINT64_MAX;
5681 item->revents = UINT64_MAX;
5682 ++item;
5683
5684 item->desc = SSL_as_poll_descriptor(h->c_conn);
5685 item->events = UINT64_MAX;
5686 item->revents = UINT64_MAX;
5687 ++item;
5688
5689 result_count = SIZE_MAX;
5690 ret = SSL_poll(items, OSSL_NELEM(items), sizeof(SSL_POLL_ITEM),
5691 &timeout, 0,
5692 &result_count);
5693
5694 mode = hl->check_op->arg2;
5695 switch (mode) {
5696 case 0:
5697 /* No incoming data yet */
5698 expected_revents[0] = SSL_POLL_EVENT_W;
5699 expected_revents[1] = SSL_POLL_EVENT_W;
5700 expected_revents[2] = SSL_POLL_EVENT_W;
5701 expected_revents[3] = SSL_POLL_EVENT_W;
5702 expected_revents[4] = SSL_POLL_EVENT_OS;
5703 expected_result_count = 5;
5704 break;
5705 case 1:
5706 /* Expect more events */
5707 expected_revents[0] = SSL_POLL_EVENT_W | SSL_POLL_EVENT_R;
5708 expected_revents[1] = SSL_POLL_EVENT_W | SSL_POLL_EVENT_ER;
5709 expected_revents[2] = SSL_POLL_EVENT_EW;
5710 expected_revents[3] = SSL_POLL_EVENT_W;
5711 expected_revents[4] = SSL_POLL_EVENT_OS | SSL_POLL_EVENT_ISB;
5712 expected_result_count = 5;
5713 break;
5714 default:
5715 return 0;
5716 }
5717
5718 if (!TEST_int_eq(ret, expected_ret)
5719 || !TEST_size_t_eq(result_count, expected_result_count))
5720 ok = 0;
5721
5722 for (i = 0; i < OSSL_NELEM(items); ++i)
5723 if (!TEST_uint64_t_eq(items[i].revents, expected_revents[i])) {
5724 TEST_error("mismatch at index %zu in poll results, mode %d",
5725 i, (int)mode);
5726 ok = 0;
5727 }
5728
5729 return ok;
5730 }
5731
5732 static const struct script_op script_85[] = {
5733 OP_C_SET_ALPN ("ossltest")
5734 OP_C_CONNECT_WAIT ()
5735
5736 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
5737
5738 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
5739 OP_C_WRITE (a, "flamingo", 8)
5740
5741 OP_C_NEW_STREAM_BIDI (b, C_BIDI_ID(1))
5742 OP_C_WRITE (b, "orange", 6)
5743
5744 OP_C_NEW_STREAM_BIDI (c, C_BIDI_ID(2))
5745 OP_C_WRITE (c, "Strawberry", 10)
5746
5747 OP_C_NEW_STREAM_BIDI (d, C_BIDI_ID(3))
5748 OP_C_WRITE (d, "sync", 4)
5749
5750 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
5751 OP_S_BIND_STREAM_ID (b, C_BIDI_ID(1))
5752 OP_S_BIND_STREAM_ID (c, C_BIDI_ID(2))
5753 OP_S_BIND_STREAM_ID (d, C_BIDI_ID(3))
5754
5755 /* Check nothing readable yet. */
5756 OP_CHECK (script_85_poll, 0)
5757
5758 /* Send something that will make client sockets readable. */
5759 OP_S_READ_EXPECT (a, "flamingo", 8)
5760 OP_S_WRITE (a, "herringbone", 11)
5761
5762 /* Send something that will make 'b' reset. */
5763 OP_S_SET_INJECT_PLAIN (script_28_inject_plain)
5764 OP_SET_INJECT_WORD (C_BIDI_ID(1) + 1, OSSL_QUIC_FRAME_TYPE_RESET_STREAM)
5765
5766 /* Ensure sync. */
5767 OP_S_READ_EXPECT (d, "sync", 4)
5768 OP_S_WRITE (d, "x", 1)
5769 OP_C_READ_EXPECT (d, "x", 1)
5770
5771 /* Send something that will make 'c' reset. */
5772 OP_S_SET_INJECT_PLAIN (script_28_inject_plain)
5773 OP_SET_INJECT_WORD (C_BIDI_ID(2) + 1, OSSL_QUIC_FRAME_TYPE_STOP_SENDING)
5774
5775 OP_S_NEW_STREAM_BIDI (z, S_BIDI_ID(0))
5776 OP_S_WRITE (z, "z", 1)
5777
5778 /* Ensure sync. */
5779 OP_S_WRITE (d, "x", 1)
5780 OP_C_READ_EXPECT (d, "x", 1)
5781
5782 /* Check a is now readable. */
5783 OP_CHECK (script_85_poll, 1)
5784
5785 OP_END
5786 };
5787
5788 /* 86. Event Handling Mode Configuration */
set_event_handling_mode_conn(struct helper * h,struct helper_local * hl)5789 static int set_event_handling_mode_conn(struct helper *h, struct helper_local *hl)
5790 {
5791 hl->explicit_event_handling = 1;
5792 return SSL_set_event_handling_mode(h->c_conn, hl->check_op->arg2);
5793 }
5794
reenable_test_event_handling(struct helper * h,struct helper_local * hl)5795 static int reenable_test_event_handling(struct helper *h, struct helper_local *hl)
5796 {
5797 hl->explicit_event_handling = 0;
5798 return 1;
5799 }
5800
set_event_handling_mode_stream(struct helper * h,struct helper_local * hl)5801 static ossl_unused int set_event_handling_mode_stream(struct helper *h, struct helper_local *hl)
5802 {
5803 SSL *ssl = helper_local_get_c_stream(hl, "a");
5804
5805 if (!TEST_ptr(ssl))
5806 return 0;
5807
5808 return SSL_set_event_handling_mode(ssl, hl->check_op->arg2);
5809 }
5810
5811 static const struct script_op script_86[] = {
5812 OP_SKIP_IF_BLOCKING (23)
5813
5814 OP_C_SET_ALPN ("ossltest")
5815 OP_C_CONNECT_WAIT ()
5816
5817 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
5818
5819 /* Turn on explicit handling mode. */
5820 OP_CHECK (set_event_handling_mode_conn,
5821 SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT)
5822
5823 /*
5824 * Create a new stream and write data. This won't get sent
5825 * to the network net because we are in explicit mode
5826 * and we haven't called SSL_handle_events().
5827 */
5828 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
5829 OP_C_WRITE (a, "apple", 5)
5830
5831 /* Put connection back into implicit handling mode. */
5832 OP_CHECK (set_event_handling_mode_conn,
5833 SSL_VALUE_EVENT_HANDLING_MODE_IMPLICIT)
5834
5835 /* Override at stream level. */
5836 OP_CHECK (set_event_handling_mode_stream,
5837 SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT)
5838 OP_C_WRITE (a, "orange", 6)
5839 OP_C_CONCLUDE (a)
5840
5841 /*
5842 * Confirm the data isn't going to arrive. OP_SLEEP is always undesirable
5843 * but we have no reasonable way to synchronise on something not arriving
5844 * given all network traffic is essentially stopped and there are no other
5845 * signals arriving from the peer which could be used for synchronisation.
5846 * Slow OSes will pass this anyway (fail-open).
5847 */
5848 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
5849
5850 OP_BEGIN_REPEAT (20)
5851 OP_S_READ_FAIL (a, 1)
5852 OP_SLEEP (10)
5853 OP_END_REPEAT ()
5854
5855 /* Now let the data arrive and confirm it arrives. */
5856 OP_CHECK (reenable_test_event_handling, 0)
5857 OP_S_READ_EXPECT (a, "appleorange", 11)
5858 OP_S_EXPECT_FIN (a)
5859
5860 /* Back into explicit mode. */
5861 OP_CHECK (set_event_handling_mode_conn,
5862 SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT)
5863 OP_S_WRITE (a, "ok", 2)
5864 OP_C_READ_FAIL (a)
5865
5866 /* Works once event handling is done. */
5867 OP_CHECK (reenable_test_event_handling, 0)
5868 OP_C_READ_EXPECT (a, "ok", 2)
5869
5870 OP_END
5871 };
5872
5873
5874 /* 87. Test stream reset functionality */
5875 static const struct script_op script_87[] = {
5876 OP_C_SET_ALPN ("ossltest")
5877 OP_C_CONNECT_WAIT ()
5878 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
5879 OP_C_WRITE (a, "apple", 5)
5880 OP_C_CONCLUDE (a)
5881 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
5882 OP_S_READ_EXPECT (a, "apple", 5)
5883 OP_S_EXPECT_FIN (a)
5884 OP_S_WRITE (a, "orange", 6)
5885 OP_C_READ_EXPECT (a, "orange", 6)
5886 OP_S_CONCLUDE (a)
5887 OP_C_EXPECT_FIN (a)
5888 OP_SLEEP (1000)
5889 OP_C_STREAM_RESET_FAIL (a, 42)
5890 OP_END
5891 };
5892
5893 static const struct script_op *const scripts[] = {
5894 script_1,
5895 script_2,
5896 script_3,
5897 script_4,
5898 script_5,
5899 script_6,
5900 script_7,
5901 script_8,
5902 script_9,
5903 script_10,
5904 script_11,
5905 script_12,
5906 script_13,
5907 script_14,
5908 script_15,
5909 script_16,
5910 script_17,
5911 script_18,
5912 script_19,
5913 script_20,
5914 script_21,
5915 script_22,
5916 script_23,
5917 script_24,
5918 script_25,
5919 script_26,
5920 script_27,
5921 script_28,
5922 script_29,
5923 script_30,
5924 script_31,
5925 script_32,
5926 script_33,
5927 script_34,
5928 script_35,
5929 script_36,
5930 script_37,
5931 script_38,
5932 script_39,
5933 script_40,
5934 script_41,
5935 script_42,
5936 script_43,
5937 script_44,
5938 script_45,
5939 script_46,
5940 script_47,
5941 script_48,
5942 script_49,
5943 script_50,
5944 script_51,
5945 script_52,
5946 script_53,
5947 script_54,
5948 script_55,
5949 script_56,
5950 script_57,
5951 script_58,
5952 script_59,
5953 script_60,
5954 script_61,
5955 script_62,
5956 script_63,
5957 script_64,
5958 script_65,
5959 script_66,
5960 script_67,
5961 script_68,
5962 script_69,
5963 script_70,
5964 script_71,
5965 script_72,
5966 script_73,
5967 script_74,
5968 script_75,
5969 script_76,
5970 script_77,
5971 script_78,
5972 script_79,
5973 script_80,
5974 script_81,
5975 script_82,
5976 script_83,
5977 script_84,
5978 script_85,
5979 script_86,
5980 script_87
5981 };
5982
test_script(int idx)5983 static int test_script(int idx)
5984 {
5985 int script_idx, free_order, blocking;
5986 char script_name[64];
5987
5988 free_order = idx % 2;
5989 idx /= 2;
5990
5991 blocking = idx % 2;
5992 idx /= 2;
5993
5994 script_idx = idx;
5995
5996 if (blocking && free_order)
5997 return 1; /* don't need to test free_order twice */
5998
5999 #if !defined(OPENSSL_THREADS)
6000 if (blocking) {
6001 TEST_skip("cannot test in blocking mode without threads");
6002 return 1;
6003 }
6004 #endif
6005
6006 BIO_snprintf(script_name, sizeof(script_name), "script %d", script_idx + 1);
6007
6008 TEST_info("Running script %d (order=%d, blocking=%d)", script_idx + 1,
6009 free_order, blocking);
6010 return run_script(scripts[script_idx], script_name, free_order, blocking);
6011 }
6012
6013 /* Dynamically generated tests. */
6014 static struct script_op dyn_frame_types_script[] = {
6015 OP_S_SET_INJECT_PLAIN (script_21_inject_plain)
6016 OP_SET_INJECT_WORD (0, 0) /* dynamic */
6017
6018 OP_C_SET_ALPN ("ossltest")
6019 OP_C_CONNECT_WAIT_OR_FAIL()
6020
6021 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0)
6022
6023 OP_END
6024 };
6025
6026 struct forbidden_frame_type {
6027 uint64_t pkt_type, frame_type, expected_err;
6028 };
6029
6030 static const struct forbidden_frame_type forbidden_frame_types[] = {
6031 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_VLINT_MAX, OSSL_QUIC_ERR_FRAME_ENCODING_ERROR },
6032 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_VLINT_MAX, OSSL_QUIC_ERR_FRAME_ENCODING_ERROR },
6033 { QUIC_PKT_TYPE_1RTT, OSSL_QUIC_VLINT_MAX, OSSL_QUIC_ERR_FRAME_ENCODING_ERROR },
6034
6035 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_STREAM, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
6036 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_RESET_STREAM, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
6037 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_STOP_SENDING, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
6038 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_NEW_TOKEN, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
6039 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_MAX_DATA, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
6040 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
6041 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_BIDI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
6042 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_UNI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
6043 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_DATA_BLOCKED, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
6044 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
6045 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_BIDI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
6046 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_UNI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
6047 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
6048 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
6049 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_PATH_CHALLENGE, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
6050 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
6051 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_APP, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
6052 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_HANDSHAKE_DONE, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
6053
6054 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_STREAM, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
6055 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_RESET_STREAM, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
6056 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_STOP_SENDING, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
6057 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_NEW_TOKEN, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
6058 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_MAX_DATA, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
6059 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
6060 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_BIDI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
6061 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_UNI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
6062 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_DATA_BLOCKED, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
6063 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
6064 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_BIDI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
6065 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_UNI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
6066 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
6067 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
6068 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_PATH_CHALLENGE, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
6069 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
6070 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_APP, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
6071 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_HANDSHAKE_DONE, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
6072
6073 /* Client uses a zero-length CID so this is not allowed. */
6074 { QUIC_PKT_TYPE_1RTT, OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
6075 };
6076
test_dyn_frame_types(int idx)6077 static ossl_unused int test_dyn_frame_types(int idx)
6078 {
6079 size_t i;
6080 char script_name[64];
6081 struct script_op *s = dyn_frame_types_script;
6082
6083 for (i = 0; i < OSSL_NELEM(dyn_frame_types_script); ++i)
6084 if (s[i].op == OPK_SET_INJECT_WORD) {
6085 s[i].arg1 = (size_t)forbidden_frame_types[idx].pkt_type;
6086 s[i].arg2 = forbidden_frame_types[idx].frame_type;
6087 } else if (s[i].op == OPK_C_EXPECT_CONN_CLOSE_INFO) {
6088 s[i].arg2 = forbidden_frame_types[idx].expected_err;
6089 }
6090
6091 BIO_snprintf(script_name, sizeof(script_name),
6092 "dyn script %d", idx);
6093
6094 return run_script(dyn_frame_types_script, script_name, 0, 0);
6095 }
6096
6097 OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n")
6098
setup_tests(void)6099 int setup_tests(void)
6100 {
6101 #if defined (_PUT_MODEL_)
6102 return TEST_skip("QUIC is not supported by this build");
6103 #endif
6104
6105 if (!test_skip_common_options()) {
6106 TEST_error("Error parsing test options\n");
6107 return 0;
6108 }
6109
6110 if (!TEST_ptr(certfile = test_get_argument(0))
6111 || !TEST_ptr(keyfile = test_get_argument(1)))
6112 return 0;
6113
6114 ADD_ALL_TESTS(test_dyn_frame_types, OSSL_NELEM(forbidden_frame_types));
6115 ADD_ALL_TESTS(test_script, OSSL_NELEM(scripts) * 2 * 2);
6116 return 1;
6117 }
6118