1 /*
2 * Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9 #include <openssl/ssl.h>
10 #include <openssl/quic.h>
11 #include <openssl/bio.h>
12 #include <openssl/lhash.h>
13 #include <openssl/rand.h>
14 #include "internal/quic_tserver.h"
15 #include "internal/quic_ssl.h"
16 #include "internal/quic_error.h"
17 #include "internal/quic_stream_map.h"
18 #include "internal/quic_engine.h"
19 #include "testutil.h"
20 #include "helpers/quictestlib.h"
21 #if defined(OPENSSL_THREADS)
22 #include "internal/thread_arch.h"
23 #endif
24 #include "internal/numbers.h" /* UINT64_C */
25
26 static const char *certfile, *keyfile;
27
28 #if defined(_AIX)
29 /*
30 * Some versions of AIX define macros for events and revents for use when
31 * accessing pollfd structures (see Github issue #24236). That interferes
32 * with our use of these names here. We simply undef them.
33 */
34 #undef revents
35 #undef events
36 #endif
37
38 #if defined(OPENSSL_THREADS)
39 struct child_thread_args {
40 struct helper *h;
41 const struct script_op *script;
42 const char *script_name;
43 int thread_idx;
44
45 CRYPTO_THREAD *t;
46 CRYPTO_MUTEX *m;
47 int testresult;
48 int done;
49 int s_checked_out;
50 };
51 #endif
52
53 typedef struct stream_info {
54 const char *name;
55 SSL *c_stream;
56 uint64_t s_stream_id;
57 } STREAM_INFO;
58
59 DEFINE_LHASH_OF_EX(STREAM_INFO);
60
61 struct helper {
62 int s_fd;
63 BIO *s_net_bio, *s_net_bio_own, *s_qtf_wbio, *s_qtf_wbio_own;
64 /* The BIO_ADDR used for BIO_bind() */
65 BIO_ADDR *s_net_bio_orig_addr;
66 /* The resulting address, which is the one to connect to */
67 BIO_ADDR *s_net_bio_addr;
68
69 /*
70 * When doing a blocking mode test run, s_priv always points to the TSERVER
71 * and s is NULL when the main thread should not be touching s_priv.
72 */
73 QUIC_TSERVER *s, *s_priv;
74 LHASH_OF(STREAM_INFO) *s_streams;
75
76 int c_fd;
77 BIO *c_net_bio, *c_net_bio_own;
78 SSL_CTX *c_ctx;
79 SSL *c_conn;
80 LHASH_OF(STREAM_INFO) *c_streams;
81
82 #if defined(OPENSSL_THREADS)
83 struct child_thread_args *threads;
84 size_t num_threads;
85 CRYPTO_MUTEX *misc_m;
86 CRYPTO_CONDVAR *misc_cv;
87 #endif
88
89 OSSL_TIME start_time;
90
91 /*
92 * This is a duration recording the amount of time we have skipped forwards
93 * for testing purposes relative to the real ossl_time_now() clock. We add
94 * a quantity of time to this every time we skip some time.
95 */
96 CRYPTO_RWLOCK *time_lock;
97 OSSL_TIME time_slip; /* protected by time_lock */
98
99 QTEST_FAULT *qtf;
100
101 int init, blocking, check_spin_again;
102 int free_order, need_injector;
103
104 int (*qtf_packet_plain_cb)(struct helper *h, QUIC_PKT_HDR *hdr,
105 unsigned char *buf, size_t buf_len);
106 int (*qtf_handshake_cb)(struct helper *h,
107 unsigned char *buf, size_t buf_len);
108 int (*qtf_datagram_cb)(struct helper *h,
109 BIO_MSG *m, size_t stride);
110 uint64_t inject_word0, inject_word1;
111 uint64_t scratch0, scratch1, fail_count;
112 #if defined(OPENSSL_THREADS)
113 struct {
114 CRYPTO_THREAD *t;
115 CRYPTO_MUTEX *m;
116 CRYPTO_CONDVAR *c;
117 int ready, stop;
118 } server_thread;
119 int s_checked_out;
120 #endif
121 };
122
123 struct helper_local {
124 struct helper *h;
125 LHASH_OF(STREAM_INFO) *c_streams;
126 int thread_idx;
127 const struct script_op *check_op;
128 int explicit_event_handling;
129 };
130
131 struct script_op {
132 uint32_t op;
133 const void *arg0;
134 size_t arg1;
135 int (*check_func)(struct helper *h, struct helper_local *hl);
136 const char *stream_name;
137 uint64_t arg2;
138 int (*qtf_packet_plain_cb)(struct helper *h, QUIC_PKT_HDR *hdr,
139 unsigned char *buf, size_t buf_len);
140 int (*qtf_handshake_cb)(struct helper *h,
141 unsigned char *buf, size_t buf_len);
142 int (*qtf_datagram_cb)(struct helper *h,
143 BIO_MSG *m, size_t stride);
144 };
145
146 #define OPK_END 0
147 #define OPK_CHECK 1
148 #define OPK_C_SET_ALPN 2
149 #define OPK_C_CONNECT_WAIT 3
150 #define OPK_C_WRITE 4
151 #define OPK_S_WRITE 5
152 #define OPK_C_READ_EXPECT 6
153 #define OPK_S_READ_EXPECT 7
154 #define OPK_C_EXPECT_FIN 8
155 #define OPK_S_EXPECT_FIN 9
156 #define OPK_C_CONCLUDE 10
157 #define OPK_S_CONCLUDE 11
158 #define OPK_C_DETACH 12
159 #define OPK_C_ATTACH 13
160 #define OPK_C_NEW_STREAM 14
161 #define OPK_S_NEW_STREAM 15
162 #define OPK_C_ACCEPT_STREAM_WAIT 16
163 #define OPK_C_ACCEPT_STREAM_NONE 17
164 #define OPK_C_FREE_STREAM 18
165 #define OPK_C_SET_DEFAULT_STREAM_MODE 19
166 #define OPK_C_SET_INCOMING_STREAM_POLICY 20
167 #define OPK_C_SHUTDOWN_WAIT 21
168 #define OPK_C_EXPECT_CONN_CLOSE_INFO 22
169 #define OPK_S_EXPECT_CONN_CLOSE_INFO 23
170 #define OPK_S_BIND_STREAM_ID 24
171 #define OPK_C_WAIT_FOR_DATA 25
172 #define OPK_C_WRITE_FAIL 26
173 #define OPK_S_WRITE_FAIL 27
174 #define OPK_C_READ_FAIL 28
175 #define OPK_C_STREAM_RESET 29
176 #define OPK_S_ACCEPT_STREAM_WAIT 30
177 #define OPK_NEW_THREAD 31
178 #define OPK_BEGIN_REPEAT 32
179 #define OPK_END_REPEAT 33
180 #define OPK_S_UNBIND_STREAM_ID 34
181 #define OPK_C_READ_FAIL_WAIT 35
182 #define OPK_C_CLOSE_SOCKET 36
183 #define OPK_C_EXPECT_SSL_ERR 37
184 #define OPK_EXPECT_ERR_REASON 38
185 #define OPK_EXPECT_ERR_LIB 39
186 #define OPK_SLEEP 40
187 #define OPK_S_READ_FAIL 41
188 #define OPK_S_SET_INJECT_PLAIN 42
189 #define OPK_SET_INJECT_WORD 43
190 #define OPK_C_INHIBIT_TICK 44
191 #define OPK_C_SET_WRITE_BUF_SIZE 45
192 #define OPK_S_SET_INJECT_HANDSHAKE 46
193 #define OPK_S_NEW_TICKET 47
194 #define OPK_C_SKIP_IF_UNBOUND 48
195 #define OPK_S_SET_INJECT_DATAGRAM 49
196 #define OPK_S_SHUTDOWN 50
197 #define OPK_POP_ERR 51
198 #define OPK_C_WRITE_EX2 52
199 #define OPK_SKIP_IF_BLOCKING 53
200 #define OPK_C_STREAM_RESET_FAIL 54
201
202 #define EXPECT_CONN_CLOSE_APP (1U << 0)
203 #define EXPECT_CONN_CLOSE_REMOTE (1U << 1)
204
205 /* OPK_C_NEW_STREAM */
206 #define ALLOW_FAIL (1U << 16)
207
208 #define C_BIDI_ID(ordinal) \
209 (((ordinal) << 2) | QUIC_STREAM_INITIATOR_CLIENT | QUIC_STREAM_DIR_BIDI)
210 #define S_BIDI_ID(ordinal) \
211 (((ordinal) << 2) | QUIC_STREAM_INITIATOR_SERVER | QUIC_STREAM_DIR_BIDI)
212 #define C_UNI_ID(ordinal) \
213 (((ordinal) << 2) | QUIC_STREAM_INITIATOR_CLIENT | QUIC_STREAM_DIR_UNI)
214 #define S_UNI_ID(ordinal) \
215 (((ordinal) << 2) | QUIC_STREAM_INITIATOR_SERVER | QUIC_STREAM_DIR_UNI)
216
217 #define ANY_ID UINT64_MAX
218
219 #define OP_END \
220 { OPK_END }
221 #define OP_CHECK(func, arg2) \
222 { OPK_CHECK, NULL, 0, (func), NULL, (arg2) },
223 #define OP_C_SET_ALPN(alpn) \
224 { OPK_C_SET_ALPN, (alpn), 0, NULL, NULL },
225 #define OP_C_CONNECT_WAIT() \
226 { OPK_C_CONNECT_WAIT, NULL, 0, NULL, NULL },
227 #define OP_C_CONNECT_WAIT_OR_FAIL() \
228 { OPK_C_CONNECT_WAIT, NULL, 1, NULL, NULL },
229 #define OP_C_WRITE(stream_name, buf, buf_len) \
230 { OPK_C_WRITE, (buf), (buf_len), NULL, #stream_name },
231 #define OP_S_WRITE(stream_name, buf, buf_len) \
232 { OPK_S_WRITE, (buf), (buf_len), NULL, #stream_name },
233 #define OP_C_READ_EXPECT(stream_name, buf, buf_len) \
234 { OPK_C_READ_EXPECT, (buf), (buf_len), NULL, #stream_name },
235 #define OP_S_READ_EXPECT(stream_name, buf, buf_len) \
236 { OPK_S_READ_EXPECT, (buf), (buf_len), NULL, #stream_name },
237 #define OP_C_EXPECT_FIN(stream_name) \
238 { OPK_C_EXPECT_FIN, NULL, 0, NULL, #stream_name },
239 #define OP_S_EXPECT_FIN(stream_name) \
240 { OPK_S_EXPECT_FIN, NULL, 0, NULL, #stream_name },
241 #define OP_C_CONCLUDE(stream_name) \
242 { OPK_C_CONCLUDE, NULL, 0, NULL, #stream_name },
243 #define OP_S_CONCLUDE(stream_name) \
244 { OPK_S_CONCLUDE, NULL, 0, NULL, #stream_name },
245 #define OP_C_DETACH(stream_name) \
246 { OPK_C_DETACH, NULL, 0, NULL, #stream_name },
247 #define OP_C_ATTACH(stream_name) \
248 { OPK_C_ATTACH, NULL, 0, NULL, #stream_name },
249 #define OP_C_NEW_STREAM_BIDI(stream_name, expect_id) \
250 { OPK_C_NEW_STREAM, NULL, 0, NULL, #stream_name, (expect_id) },
251 #define OP_C_NEW_STREAM_BIDI_EX(stream_name, expect_id, flags) \
252 { OPK_C_NEW_STREAM, NULL, (flags), NULL, #stream_name, (expect_id) },
253 #define OP_C_NEW_STREAM_UNI(stream_name, expect_id) \
254 { OPK_C_NEW_STREAM, NULL, SSL_STREAM_FLAG_UNI, \
255 NULL, #stream_name, (expect_id) },
256 #define OP_C_NEW_STREAM_UNI_EX(stream_name, expect_id, flags) \
257 { OPK_C_NEW_STREAM, NULL, (flags) | SSL_STREAM_FLAG_UNI, \
258 NULL, #stream_name, (expect_id) },
259 #define OP_S_NEW_STREAM_BIDI(stream_name, expect_id) \
260 { OPK_S_NEW_STREAM, NULL, 0, NULL, #stream_name, (expect_id) },
261 #define OP_S_NEW_STREAM_UNI(stream_name, expect_id) \
262 { OPK_S_NEW_STREAM, NULL, 1, NULL, #stream_name, (expect_id) },
263 #define OP_C_ACCEPT_STREAM_WAIT(stream_name) \
264 { OPK_C_ACCEPT_STREAM_WAIT, NULL, 0, NULL, #stream_name },
265 #define OP_C_ACCEPT_STREAM_NONE() \
266 { OPK_C_ACCEPT_STREAM_NONE, NULL, 0, NULL, NULL },
267 #define OP_C_FREE_STREAM(stream_name) \
268 { OPK_C_FREE_STREAM, NULL, 0, NULL, #stream_name },
269 #define OP_C_SET_DEFAULT_STREAM_MODE(mode) \
270 { OPK_C_SET_DEFAULT_STREAM_MODE, NULL, (mode), NULL, NULL },
271 #define OP_C_SET_INCOMING_STREAM_POLICY(policy) \
272 { OPK_C_SET_INCOMING_STREAM_POLICY, NULL, (policy), NULL, NULL },
273 #define OP_C_SHUTDOWN_WAIT(reason, flags) \
274 { OPK_C_SHUTDOWN_WAIT, (reason), (flags), NULL, NULL },
275 #define OP_C_EXPECT_CONN_CLOSE_INFO(ec, app, remote) \
276 { OPK_C_EXPECT_CONN_CLOSE_INFO, NULL, \
277 ((app) ? EXPECT_CONN_CLOSE_APP : 0) | ((remote) ? EXPECT_CONN_CLOSE_REMOTE : 0), \
278 NULL, NULL, (ec) },
279 #define OP_S_EXPECT_CONN_CLOSE_INFO(ec, app, remote) \
280 { OPK_S_EXPECT_CONN_CLOSE_INFO, NULL, \
281 ((app) ? EXPECT_CONN_CLOSE_APP : 0) | ((remote) ? EXPECT_CONN_CLOSE_REMOTE : 0), \
282 NULL, NULL, (ec) },
283 #define OP_S_BIND_STREAM_ID(stream_name, stream_id) \
284 { OPK_S_BIND_STREAM_ID, NULL, 0, NULL, #stream_name, (stream_id) },
285 #define OP_C_WAIT_FOR_DATA(stream_name) \
286 { OPK_C_WAIT_FOR_DATA, NULL, 0, NULL, #stream_name },
287 #define OP_C_WRITE_FAIL(stream_name) \
288 { OPK_C_WRITE_FAIL, NULL, 0, NULL, #stream_name },
289 #define OP_S_WRITE_FAIL(stream_name) \
290 { OPK_S_WRITE_FAIL, NULL, 0, NULL, #stream_name },
291 #define OP_C_READ_FAIL(stream_name) \
292 { OPK_C_READ_FAIL, NULL, 0, NULL, #stream_name },
293 #define OP_S_READ_FAIL(stream_name, allow_zero_len) \
294 { OPK_S_READ_FAIL, NULL, (allow_zero_len), NULL, #stream_name },
295 #define OP_C_STREAM_RESET(stream_name, aec) \
296 { OPK_C_STREAM_RESET, NULL, 0, NULL, #stream_name, (aec) },
297 #define OP_C_STREAM_RESET_FAIL(stream_name, aec) \
298 { OPK_C_STREAM_RESET_FAIL, NULL, 0, NULL, #stream_name, (aec) },
299 #define OP_S_ACCEPT_STREAM_WAIT(stream_name) \
300 { OPK_S_ACCEPT_STREAM_WAIT, NULL, 0, NULL, #stream_name },
301 #define OP_NEW_THREAD(num_threads, script) \
302 { OPK_NEW_THREAD, (script), (num_threads), NULL, NULL, 0 },
303 #define OP_BEGIN_REPEAT(n) \
304 { OPK_BEGIN_REPEAT, NULL, (n) },
305 #define OP_END_REPEAT() \
306 { OPK_END_REPEAT },
307 #define OP_S_UNBIND_STREAM_ID(stream_name) \
308 { OPK_S_UNBIND_STREAM_ID, NULL, 0, NULL, #stream_name },
309 #define OP_C_READ_FAIL_WAIT(stream_name) \
310 { OPK_C_READ_FAIL_WAIT, NULL, 0, NULL, #stream_name },
311 #define OP_C_CLOSE_SOCKET() \
312 { OPK_C_CLOSE_SOCKET },
313 #define OP_C_EXPECT_SSL_ERR(stream_name, err) \
314 { OPK_C_EXPECT_SSL_ERR, NULL, (err), NULL, #stream_name },
315 #define OP_EXPECT_ERR_REASON(err) \
316 { OPK_EXPECT_ERR_REASON, NULL, (err) },
317 #define OP_EXPECT_ERR_LIB(lib) \
318 { OPK_EXPECT_ERR_LIB, NULL, (lib) },
319 #define OP_SLEEP(ms) \
320 { OPK_SLEEP, NULL, 0, NULL, NULL, (ms) },
321 #define OP_S_SET_INJECT_PLAIN(f) \
322 { OPK_S_SET_INJECT_PLAIN, NULL, 0, NULL, NULL, 0, (f) },
323 #define OP_SET_INJECT_WORD(w0, w1) \
324 { OPK_SET_INJECT_WORD, NULL, (w0), NULL, NULL, (w1), NULL },
325 #define OP_C_INHIBIT_TICK(inhibit) \
326 { OPK_C_INHIBIT_TICK, NULL, (inhibit), NULL, NULL, 0, NULL },
327 #define OP_C_SET_WRITE_BUF_SIZE(stream_name, size) \
328 { OPK_C_SET_WRITE_BUF_SIZE, NULL, (size), NULL, #stream_name },
329 #define OP_S_SET_INJECT_HANDSHAKE(f) \
330 { OPK_S_SET_INJECT_HANDSHAKE, NULL, 0, NULL, NULL, 0, NULL, (f) },
331 #define OP_S_NEW_TICKET() \
332 { OPK_S_NEW_TICKET },
333 #define OP_C_SKIP_IF_UNBOUND(stream_name, n) \
334 { OPK_C_SKIP_IF_UNBOUND, NULL, (n), NULL, #stream_name },
335 #define OP_S_SET_INJECT_DATAGRAM(f) \
336 { OPK_S_SET_INJECT_DATAGRAM, NULL, 0, NULL, NULL, 0, NULL, NULL, (f) },
337 #define OP_S_SHUTDOWN(error_code) \
338 { OPK_S_SHUTDOWN, NULL, (error_code) },
339 #define OP_POP_ERR() \
340 { OPK_POP_ERR },
341 #define OP_C_WRITE_EX2(stream_name, buf, buf_len, flags) \
342 { OPK_C_WRITE_EX2, (buf), (buf_len), NULL, #stream_name, (flags) },
343 #define OP_CHECK2(func, arg1, arg2) \
344 { OPK_CHECK, NULL, (arg1), (func), NULL, (arg2) },
345 #define OP_SKIP_IF_BLOCKING(n) \
346 { OPK_SKIP_IF_BLOCKING, NULL, (n), NULL, 0 },
347
get_time(void * arg)348 static OSSL_TIME get_time(void *arg)
349 {
350 struct helper *h = arg;
351 OSSL_TIME t;
352
353 if (!TEST_true(CRYPTO_THREAD_read_lock(h->time_lock)))
354 return ossl_time_zero();
355
356 t = ossl_time_add(ossl_time_now(), h->time_slip);
357
358 CRYPTO_THREAD_unlock(h->time_lock);
359 return t;
360 }
361
skip_time_ms(struct helper * h,struct helper_local * hl)362 static int skip_time_ms(struct helper *h, struct helper_local *hl)
363 {
364 if (!TEST_true(CRYPTO_THREAD_write_lock(h->time_lock)))
365 return 0;
366
367 h->time_slip = ossl_time_add(h->time_slip, ossl_ms2time(hl->check_op->arg2));
368
369 CRYPTO_THREAD_unlock(h->time_lock);
370 return 1;
371 }
372
373 static QUIC_TSERVER *s_lock(struct helper *h, struct helper_local *hl);
374 static void s_unlock(struct helper *h, struct helper_local *hl);
375
376 #define ACQUIRE_S() s_lock(h, hl)
377 #define ACQUIRE_S_NOHL() s_lock(h, NULL)
378
check_rejected(struct helper * h,struct helper_local * hl)379 static int check_rejected(struct helper *h, struct helper_local *hl)
380 {
381 uint64_t stream_id = hl->check_op->arg2;
382
383 if (!ossl_quic_tserver_stream_has_peer_stop_sending(ACQUIRE_S(), stream_id, NULL)
384 || !ossl_quic_tserver_stream_has_peer_reset_stream(ACQUIRE_S(), stream_id, NULL)) {
385 h->check_spin_again = 1;
386 return 0;
387 }
388
389 return 1;
390 }
391
check_stream_reset(struct helper * h,struct helper_local * hl)392 static int check_stream_reset(struct helper *h, struct helper_local *hl)
393 {
394 uint64_t stream_id = hl->check_op->arg2, aec = 0;
395
396 if (!ossl_quic_tserver_stream_has_peer_reset_stream(ACQUIRE_S(), stream_id, &aec)) {
397 h->check_spin_again = 1;
398 return 0;
399 }
400
401 return TEST_uint64_t_eq(aec, 42);
402 }
403
check_stream_stopped(struct helper * h,struct helper_local * hl)404 static int check_stream_stopped(struct helper *h, struct helper_local *hl)
405 {
406 uint64_t stream_id = hl->check_op->arg2;
407
408 if (!ossl_quic_tserver_stream_has_peer_stop_sending(ACQUIRE_S(), stream_id, NULL)) {
409 h->check_spin_again = 1;
410 return 0;
411 }
412
413 return 1;
414 }
415
override_key_update(struct helper * h,struct helper_local * hl)416 static int override_key_update(struct helper *h, struct helper_local *hl)
417 {
418 QUIC_CHANNEL *ch = ossl_quic_conn_get_channel(h->c_conn);
419
420 ossl_quic_channel_set_txku_threshold_override(ch, hl->check_op->arg2);
421 return 1;
422 }
423
trigger_key_update(struct helper * h,struct helper_local * hl)424 static int trigger_key_update(struct helper *h, struct helper_local *hl)
425 {
426 if (!TEST_true(SSL_key_update(h->c_conn, SSL_KEY_UPDATE_REQUESTED)))
427 return 0;
428
429 return 1;
430 }
431
check_key_update_ge(struct helper * h,struct helper_local * hl)432 static int check_key_update_ge(struct helper *h, struct helper_local *hl)
433 {
434 QUIC_CHANNEL *ch = ossl_quic_conn_get_channel(h->c_conn);
435 int64_t txke = (int64_t)ossl_quic_channel_get_tx_key_epoch(ch);
436 int64_t rxke = (int64_t)ossl_quic_channel_get_rx_key_epoch(ch);
437 int64_t diff = txke - rxke;
438
439 /*
440 * TXKE must always be equal to or ahead of RXKE.
441 * It can be ahead of RXKE by at most 1.
442 */
443 if (!TEST_int64_t_ge(diff, 0) || !TEST_int64_t_le(diff, 1))
444 return 0;
445
446 /* Caller specifies a minimum number of RXKEs which must have happened. */
447 if (!TEST_uint64_t_ge((uint64_t)rxke, hl->check_op->arg2))
448 return 0;
449
450 return 1;
451 }
452
check_key_update_lt(struct helper * h,struct helper_local * hl)453 static int check_key_update_lt(struct helper *h, struct helper_local *hl)
454 {
455 QUIC_CHANNEL *ch = ossl_quic_conn_get_channel(h->c_conn);
456 uint64_t txke = ossl_quic_channel_get_tx_key_epoch(ch);
457
458 /* Caller specifies a maximum number of TXKEs which must have happened. */
459 if (!TEST_uint64_t_lt(txke, hl->check_op->arg2))
460 return 0;
461
462 return 1;
463 }
464
stream_info_hash(const STREAM_INFO * info)465 static unsigned long stream_info_hash(const STREAM_INFO *info)
466 {
467 return OPENSSL_LH_strhash(info->name);
468 }
469
stream_info_cmp(const STREAM_INFO * a,const STREAM_INFO * b)470 static int stream_info_cmp(const STREAM_INFO *a, const STREAM_INFO *b)
471 {
472 return strcmp(a->name, b->name);
473 }
474
cleanup_stream(STREAM_INFO * info)475 static void cleanup_stream(STREAM_INFO *info)
476 {
477 SSL_free(info->c_stream);
478 OPENSSL_free(info);
479 }
480
helper_cleanup_streams(LHASH_OF (STREAM_INFO)** lh)481 static void helper_cleanup_streams(LHASH_OF(STREAM_INFO) **lh)
482 {
483 if (*lh == NULL)
484 return;
485
486 lh_STREAM_INFO_doall(*lh, cleanup_stream);
487 lh_STREAM_INFO_free(*lh);
488 *lh = NULL;
489 }
490
491 #if defined(OPENSSL_THREADS)
492 static CRYPTO_THREAD_RETVAL run_script_child_thread(void *arg);
493
join_threads(struct child_thread_args * threads,size_t num_threads)494 static int join_threads(struct child_thread_args *threads, size_t num_threads)
495 {
496 int ok = 1;
497 size_t i;
498 CRYPTO_THREAD_RETVAL rv;
499
500 for (i = 0; i < num_threads; ++i) {
501 if (threads[i].t != NULL) {
502 ossl_crypto_thread_native_join(threads[i].t, &rv);
503
504 if (!threads[i].testresult)
505 /* Do not log failure here, worker will do it. */
506 ok = 0;
507
508 ossl_crypto_thread_native_clean(threads[i].t);
509 threads[i].t = NULL;
510 }
511
512 ossl_crypto_mutex_free(&threads[i].m);
513 }
514
515 return ok;
516 }
517
join_server_thread(struct helper * h)518 static int join_server_thread(struct helper *h)
519 {
520 CRYPTO_THREAD_RETVAL rv;
521
522 if (h->server_thread.t == NULL)
523 return 1;
524
525 ossl_crypto_mutex_lock(h->server_thread.m);
526 h->server_thread.stop = 1;
527 ossl_crypto_condvar_signal(h->server_thread.c);
528 ossl_crypto_mutex_unlock(h->server_thread.m);
529
530 ossl_crypto_thread_native_join(h->server_thread.t, &rv);
531 ossl_crypto_thread_native_clean(h->server_thread.t);
532 h->server_thread.t = NULL;
533 return 1;
534 }
535
536 /* Ensure the server-state lock is currently held. Idempotent. */
s_checked_out_p(struct helper * h,int thread_idx)537 static int *s_checked_out_p(struct helper *h, int thread_idx)
538 {
539 return (thread_idx < 0) ? &h->s_checked_out
540 : &h->threads[thread_idx].s_checked_out;
541 }
542
s_lock(struct helper * h,struct helper_local * hl)543 static QUIC_TSERVER *s_lock(struct helper *h, struct helper_local *hl)
544 {
545 int *p_checked_out = s_checked_out_p(h, hl == NULL ? -1 : hl->thread_idx);
546
547 if (h->server_thread.m == NULL || *p_checked_out)
548 return h->s;
549
550 ossl_crypto_mutex_lock(h->server_thread.m);
551 h->s = h->s_priv;
552 *p_checked_out = 1;
553 return h->s;
554 }
555
556 /* Ensure the server-state lock is currently not held. Idempotent. */
s_unlock(struct helper * h,struct helper_local * hl)557 static void s_unlock(struct helper *h, struct helper_local *hl)
558 {
559 int *p_checked_out = s_checked_out_p(h, hl->thread_idx);
560
561 if (h->server_thread.m == NULL || !*p_checked_out)
562 return;
563
564 *p_checked_out = 0;
565 h->s = NULL;
566 ossl_crypto_mutex_unlock(h->server_thread.m);
567 }
568
server_helper_thread(void * arg)569 static unsigned int server_helper_thread(void *arg)
570 {
571 struct helper *h = arg;
572
573 ossl_crypto_mutex_lock(h->server_thread.m);
574
575 for (;;) {
576 int ready, stop;
577
578 ready = h->server_thread.ready;
579 stop = h->server_thread.stop;
580
581 if (stop)
582 break;
583
584 if (!ready) {
585 ossl_crypto_condvar_wait(h->server_thread.c, h->server_thread.m);
586 continue;
587 }
588
589 ossl_quic_tserver_tick(h->s_priv);
590 ossl_crypto_mutex_unlock(h->server_thread.m);
591 /*
592 * Give the main thread an opportunity to get the mutex, which is
593 * sometimes necessary in some script operations.
594 */
595 OSSL_sleep(1);
596 ossl_crypto_mutex_lock(h->server_thread.m);
597 }
598
599 ossl_crypto_mutex_unlock(h->server_thread.m);
600 return 1;
601 }
602
603 #else
604
s_lock(struct helper * h,struct helper_local * hl)605 static QUIC_TSERVER *s_lock(struct helper *h, struct helper_local *hl)
606 {
607 return h->s;
608 }
609
s_unlock(struct helper * h,struct helper_local * hl)610 static void s_unlock(struct helper *h, struct helper_local *hl)
611 {
612 }
613
614 #endif
615
helper_cleanup(struct helper * h)616 static void helper_cleanup(struct helper *h)
617 {
618 #if defined(OPENSSL_THREADS)
619 join_threads(h->threads, h->num_threads);
620 join_server_thread(h);
621 OPENSSL_free(h->threads);
622 h->threads = NULL;
623 h->num_threads = 0;
624 #endif
625
626 if (h->free_order == 0) {
627 /* order 0: streams, then conn */
628 helper_cleanup_streams(&h->c_streams);
629
630 SSL_free(h->c_conn);
631 h->c_conn = NULL;
632 } else {
633 /* order 1: conn, then streams */
634 SSL_free(h->c_conn);
635 h->c_conn = NULL;
636
637 helper_cleanup_streams(&h->c_streams);
638 }
639
640 helper_cleanup_streams(&h->s_streams);
641 ossl_quic_tserver_free(h->s_priv);
642 h->s_priv = h->s = NULL;
643
644 BIO_free(h->s_net_bio_own);
645 h->s_net_bio_own = NULL;
646
647 BIO_free(h->c_net_bio_own);
648 h->c_net_bio_own = NULL;
649
650 BIO_free(h->s_qtf_wbio_own);
651 h->s_qtf_wbio_own = NULL;
652
653 qtest_fault_free(h->qtf);
654 h->qtf = NULL;
655
656 if (h->s_fd >= 0) {
657 BIO_closesocket(h->s_fd);
658 h->s_fd = -1;
659 }
660
661 if (h->c_fd >= 0) {
662 BIO_closesocket(h->c_fd);
663 h->c_fd = -1;
664 }
665
666 BIO_ADDR_free(h->s_net_bio_addr);
667 h->s_net_bio_addr = NULL;
668 BIO_ADDR_free(h->s_net_bio_orig_addr);
669 h->s_net_bio_orig_addr = NULL;
670
671 SSL_CTX_free(h->c_ctx);
672 h->c_ctx = NULL;
673
674 CRYPTO_THREAD_lock_free(h->time_lock);
675 h->time_lock = NULL;
676
677 #if defined(OPENSSL_THREADS)
678 ossl_crypto_mutex_free(&h->misc_m);
679 ossl_crypto_condvar_free(&h->misc_cv);
680 ossl_crypto_mutex_free(&h->server_thread.m);
681 ossl_crypto_condvar_free(&h->server_thread.c);
682 #endif
683 }
684
helper_init(struct helper * h,const char * script_name,int free_order,int blocking,int need_injector)685 static int helper_init(struct helper *h, const char *script_name,
686 int free_order, int blocking,
687 int need_injector)
688 {
689 struct in_addr ina = { 0 };
690 QUIC_TSERVER_ARGS s_args = { 0 };
691 union BIO_sock_info_u info;
692 char title[128];
693 QTEST_DATA *bdata = NULL;
694
695 memset(h, 0, sizeof(*h));
696 h->c_fd = -1;
697 h->s_fd = -1;
698 h->free_order = free_order;
699 h->blocking = blocking;
700 h->need_injector = need_injector;
701 h->time_slip = ossl_time_zero();
702
703 bdata = OPENSSL_zalloc(sizeof(QTEST_DATA));
704 if (bdata == NULL)
705 goto err;
706
707 if (!TEST_ptr(h->time_lock = CRYPTO_THREAD_lock_new()))
708 goto err;
709
710 if (!TEST_ptr(h->s_streams = lh_STREAM_INFO_new(stream_info_hash,
711 stream_info_cmp)))
712 goto err;
713
714 if (!TEST_ptr(h->c_streams = lh_STREAM_INFO_new(stream_info_hash,
715 stream_info_cmp)))
716 goto err;
717
718 ina.s_addr = htonl(0x7f000001UL);
719
720 h->s_fd = BIO_socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP, 0);
721 if (!TEST_int_ge(h->s_fd, 0))
722 goto err;
723
724 if (!TEST_true(BIO_socket_nbio(h->s_fd, 1)))
725 goto err;
726
727 if (!TEST_ptr(h->s_net_bio_orig_addr = BIO_ADDR_new())
728 || !TEST_ptr(h->s_net_bio_addr = BIO_ADDR_new()))
729 goto err;
730
731 if (!TEST_true(BIO_ADDR_rawmake(h->s_net_bio_orig_addr, AF_INET,
732 &ina, sizeof(ina), 0)))
733 goto err;
734
735 if (!TEST_true(BIO_bind(h->s_fd, h->s_net_bio_orig_addr, 0)))
736 goto err;
737
738 info.addr = h->s_net_bio_addr;
739 if (!TEST_true(BIO_sock_info(h->s_fd, BIO_SOCK_INFO_ADDRESS, &info)))
740 goto err;
741
742 if (!TEST_int_gt(BIO_ADDR_rawport(h->s_net_bio_addr), 0))
743 goto err;
744
745 if (!TEST_ptr(h->s_net_bio = h->s_net_bio_own = BIO_new_dgram(h->s_fd, 0)))
746 goto err;
747
748 if (!BIO_up_ref(h->s_net_bio))
749 goto err;
750
751 if (need_injector) {
752 h->s_qtf_wbio = h->s_qtf_wbio_own = BIO_new(qtest_get_bio_method());
753 if (!TEST_ptr(h->s_qtf_wbio))
754 goto err;
755
756 if (!TEST_ptr(BIO_push(h->s_qtf_wbio, h->s_net_bio)))
757 goto err;
758
759 s_args.net_wbio = h->s_qtf_wbio;
760 } else {
761 s_args.net_wbio = h->s_net_bio;
762 }
763
764 s_args.net_rbio = h->s_net_bio;
765 s_args.alpn = NULL;
766 s_args.now_cb = get_time;
767 s_args.now_cb_arg = h;
768 s_args.ctx = NULL;
769
770 if (!TEST_ptr(h->s_priv = ossl_quic_tserver_new(&s_args, certfile, keyfile)))
771 goto err;
772
773 if (!blocking)
774 h->s = h->s_priv;
775
776 if (need_injector) {
777 h->qtf = qtest_create_injector(h->s_priv);
778 if (!TEST_ptr(h->qtf))
779 goto err;
780 bdata->fault = h->qtf;
781 BIO_set_data(h->s_qtf_wbio, bdata);
782 }
783
784 h->s_net_bio_own = NULL;
785 h->s_qtf_wbio_own = NULL;
786
787 h->c_fd = BIO_socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP, 0);
788 if (!TEST_int_ge(h->c_fd, 0))
789 goto err;
790
791 if (!TEST_true(BIO_socket_nbio(h->c_fd, 1)))
792 goto err;
793
794 if (!TEST_ptr(h->c_net_bio = h->c_net_bio_own = BIO_new_dgram(h->c_fd, 0)))
795 goto err;
796
797 if (!TEST_true(BIO_dgram_set_peer(h->c_net_bio, h->s_net_bio_addr)))
798 goto err;
799
800 if (!TEST_ptr(h->c_ctx = SSL_CTX_new(OSSL_QUIC_client_method())))
801 goto err;
802
803 /* Set title for qlog purposes. */
804 BIO_snprintf(title, sizeof(title), "quic_multistream_test: %s", script_name);
805 if (!TEST_true(ossl_quic_set_diag_title(h->c_ctx, title)))
806 goto err;
807
808 if (!TEST_ptr(h->c_conn = SSL_new(h->c_ctx)))
809 goto err;
810
811 /* Use custom time function for virtual time skip. */
812 if (!TEST_true(ossl_quic_set_override_now_cb(h->c_conn, get_time, h)))
813 goto err;
814
815 /* Takes ownership of our reference to the BIO. */
816 SSL_set0_rbio(h->c_conn, h->c_net_bio);
817 h->c_net_bio_own = NULL;
818
819 if (!TEST_true(BIO_up_ref(h->c_net_bio)))
820 goto err;
821
822 SSL_set0_wbio(h->c_conn, h->c_net_bio);
823
824 if (!TEST_true(SSL_set_blocking_mode(h->c_conn, h->blocking)))
825 goto err;
826
827 #if defined(OPENSSL_THREADS)
828 if (!TEST_ptr(h->misc_m = ossl_crypto_mutex_new()))
829 goto err;
830 if (!TEST_ptr(h->misc_cv = ossl_crypto_condvar_new()))
831 goto err;
832 #endif
833
834 if (h->blocking) {
835 #if defined(OPENSSL_THREADS)
836 if (!TEST_ptr(h->server_thread.m = ossl_crypto_mutex_new()))
837 goto err;
838
839 if (!TEST_ptr(h->server_thread.c = ossl_crypto_condvar_new()))
840 goto err;
841
842 h->server_thread.t
843 = ossl_crypto_thread_native_start(server_helper_thread, h, 1);
844 if (!TEST_ptr(h->server_thread.t))
845 goto err;
846 #else
847 TEST_error("cannot support blocking mode without threads");
848 goto err;
849 #endif
850 }
851
852 h->start_time = ossl_time_now();
853 h->init = 1;
854 return 1;
855
856 err:
857 helper_cleanup(h);
858 return 0;
859 }
860
helper_local_init(struct helper_local * hl,struct helper * h,int thread_idx)861 static int helper_local_init(struct helper_local *hl, struct helper *h,
862 int thread_idx)
863 {
864 hl->h = h;
865 hl->c_streams = NULL;
866 hl->thread_idx = thread_idx;
867 hl->explicit_event_handling = 0;
868
869 if (!TEST_ptr(h))
870 return 0;
871
872 if (thread_idx < 0) {
873 hl->c_streams = h->c_streams;
874 } else {
875 if (!TEST_ptr(hl->c_streams = lh_STREAM_INFO_new(stream_info_hash,
876 stream_info_cmp)))
877 return 0;
878 }
879
880 return 1;
881 }
882
helper_local_cleanup(struct helper_local * hl)883 static void helper_local_cleanup(struct helper_local *hl)
884 {
885 if (hl->h == NULL)
886 return;
887
888 if (hl->thread_idx >= 0)
889 helper_cleanup_streams(&hl->c_streams);
890
891 hl->h = NULL;
892 }
893
get_stream_info(LHASH_OF (STREAM_INFO)* lh,const char * stream_name)894 static STREAM_INFO *get_stream_info(LHASH_OF(STREAM_INFO) *lh,
895 const char *stream_name)
896 {
897 STREAM_INFO key, *info;
898
899 if (!TEST_ptr(stream_name))
900 return NULL;
901
902 if (!strcmp(stream_name, "DEFAULT"))
903 return NULL;
904
905 key.name = stream_name;
906 info = lh_STREAM_INFO_retrieve(lh, &key);
907 if (info == NULL) {
908 info = OPENSSL_zalloc(sizeof(*info));
909 if (info == NULL)
910 return NULL;
911
912 info->name = stream_name;
913 info->s_stream_id = UINT64_MAX;
914 lh_STREAM_INFO_insert(lh, info);
915 }
916
917 return info;
918 }
919
helper_local_set_c_stream(struct helper_local * hl,const char * stream_name,SSL * c_stream)920 static int helper_local_set_c_stream(struct helper_local *hl,
921 const char *stream_name,
922 SSL *c_stream)
923 {
924 STREAM_INFO *info = get_stream_info(hl->c_streams, stream_name);
925
926 if (info == NULL)
927 return 0;
928
929 info->c_stream = c_stream;
930 info->s_stream_id = UINT64_MAX;
931 return 1;
932 }
933
helper_local_get_c_stream(struct helper_local * hl,const char * stream_name)934 static SSL *helper_local_get_c_stream(struct helper_local *hl,
935 const char *stream_name)
936 {
937 STREAM_INFO *info;
938
939 if (!strcmp(stream_name, "DEFAULT"))
940 return hl->h->c_conn;
941
942 info = get_stream_info(hl->c_streams, stream_name);
943 if (info == NULL)
944 return NULL;
945
946 return info->c_stream;
947 }
948
949 static int
helper_set_s_stream(struct helper * h,const char * stream_name,uint64_t s_stream_id)950 helper_set_s_stream(struct helper *h, const char *stream_name,
951 uint64_t s_stream_id)
952 {
953 STREAM_INFO *info;
954
955 if (!strcmp(stream_name, "DEFAULT"))
956 return 0;
957
958 info = get_stream_info(h->s_streams, stream_name);
959 if (info == NULL)
960 return 0;
961
962 info->c_stream = NULL;
963 info->s_stream_id = s_stream_id;
964 return 1;
965 }
966
helper_get_s_stream(struct helper * h,const char * stream_name)967 static uint64_t helper_get_s_stream(struct helper *h, const char *stream_name)
968 {
969 STREAM_INFO *info;
970
971 if (!strcmp(stream_name, "DEFAULT"))
972 return UINT64_MAX;
973
974 info = get_stream_info(h->s_streams, stream_name);
975 if (info == NULL)
976 return UINT64_MAX;
977
978 return info->s_stream_id;
979 }
980
helper_packet_plain_listener(QTEST_FAULT * qtf,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t buf_len,void * arg)981 static int helper_packet_plain_listener(QTEST_FAULT *qtf, QUIC_PKT_HDR *hdr,
982 unsigned char *buf, size_t buf_len,
983 void *arg)
984 {
985 struct helper *h = arg;
986
987 return h->qtf_packet_plain_cb(h, hdr, buf, buf_len);
988 }
989
helper_handshake_listener(QTEST_FAULT * fault,unsigned char * buf,size_t buf_len,void * arg)990 static int helper_handshake_listener(QTEST_FAULT *fault,
991 unsigned char *buf, size_t buf_len,
992 void *arg)
993 {
994 struct helper *h = arg;
995
996 return h->qtf_handshake_cb(h, buf, buf_len);
997 }
998
helper_datagram_listener(QTEST_FAULT * fault,BIO_MSG * msg,size_t stride,void * arg)999 static int helper_datagram_listener(QTEST_FAULT *fault,
1000 BIO_MSG *msg, size_t stride,
1001 void *arg)
1002 {
1003 struct helper *h = arg;
1004
1005 return h->qtf_datagram_cb(h, msg, stride);
1006 }
1007
is_want(SSL * s,int ret)1008 static int is_want(SSL *s, int ret)
1009 {
1010 int ec = SSL_get_error(s, ret);
1011
1012 return ec == SSL_ERROR_WANT_READ || ec == SSL_ERROR_WANT_WRITE;
1013 }
1014
check_consistent_want(SSL * s,int ret)1015 static int check_consistent_want(SSL *s, int ret)
1016 {
1017 int ec = SSL_get_error(s, ret);
1018 int w = SSL_want(s);
1019
1020 int ok = TEST_true(
1021 (ec == SSL_ERROR_NONE && w == SSL_NOTHING)
1022 || (ec == SSL_ERROR_ZERO_RETURN && w == SSL_NOTHING)
1023 || (ec == SSL_ERROR_SSL && w == SSL_NOTHING)
1024 || (ec == SSL_ERROR_SYSCALL && w == SSL_NOTHING)
1025 || (ec == SSL_ERROR_WANT_READ && w == SSL_READING)
1026 || (ec == SSL_ERROR_WANT_WRITE && w == SSL_WRITING)
1027 || (ec == SSL_ERROR_WANT_CLIENT_HELLO_CB && w == SSL_CLIENT_HELLO_CB)
1028 || (ec == SSL_ERROR_WANT_X509_LOOKUP && w == SSL_X509_LOOKUP)
1029 || (ec == SSL_ERROR_WANT_RETRY_VERIFY && w == SSL_RETRY_VERIFY));
1030
1031 if (!ok)
1032 TEST_error("got error=%d, want=%d", ec, w);
1033
1034 return ok;
1035 }
1036
run_script_worker(struct helper * h,const struct script_op * script,const char * script_name,int thread_idx)1037 static int run_script_worker(struct helper *h, const struct script_op *script,
1038 const char *script_name,
1039 int thread_idx)
1040 {
1041 int testresult = 0;
1042 unsigned char *tmp_buf = NULL;
1043 int connect_started = 0;
1044 size_t offset = 0;
1045 size_t op_idx = 0;
1046 const struct script_op *op = NULL;
1047 int no_advance = 0, first = 1;
1048 #if defined(OPENSSL_THREADS)
1049 int end_wait_warning = 0;
1050 #endif
1051 OSSL_TIME op_start_time = ossl_time_zero(), op_deadline = ossl_time_zero();
1052 struct helper_local hl_, *hl = &hl_;
1053 #define REPEAT_SLOTS 8
1054 size_t repeat_stack_idx[REPEAT_SLOTS], repeat_stack_done[REPEAT_SLOTS];
1055 size_t repeat_stack_limit[REPEAT_SLOTS];
1056 size_t repeat_stack_len = 0;
1057
1058 if (!TEST_true(helper_local_init(hl, h, thread_idx)))
1059 goto out;
1060
1061 #define COMMON_SPIN_AGAIN() \
1062 { \
1063 no_advance = 1; \
1064 continue; \
1065 }
1066 #define S_SPIN_AGAIN() \
1067 { \
1068 s_lock(h, hl); \
1069 ossl_quic_tserver_tick(h->s); \
1070 COMMON_SPIN_AGAIN(); \
1071 }
1072 #define C_SPIN_AGAIN() \
1073 { \
1074 if (h->blocking) { \
1075 TEST_error("spin again in blocking mode"); \
1076 goto out; \
1077 } \
1078 COMMON_SPIN_AGAIN(); \
1079 }
1080
1081 for (;;) {
1082 SSL *c_tgt = h->c_conn;
1083 uint64_t s_stream_id = UINT64_MAX;
1084
1085 s_unlock(h, hl);
1086
1087 if (no_advance) {
1088 no_advance = 0;
1089 } else {
1090 if (!first)
1091 ++op_idx;
1092
1093 first = 0;
1094 offset = 0;
1095 op_start_time = ossl_time_now();
1096 op_deadline = ossl_time_add(op_start_time, ossl_ms2time(60000));
1097 }
1098
1099 if (!TEST_int_le(ossl_time_compare(ossl_time_now(), op_deadline), 0)) {
1100 TEST_error("op %zu timed out on thread %d", op_idx + 1, thread_idx);
1101 goto out;
1102 }
1103
1104 op = &script[op_idx];
1105
1106 if (op->stream_name != NULL) {
1107 c_tgt = helper_local_get_c_stream(hl, op->stream_name);
1108 if (thread_idx < 0)
1109 s_stream_id = helper_get_s_stream(h, op->stream_name);
1110 else
1111 s_stream_id = UINT64_MAX;
1112 }
1113
1114 if (thread_idx < 0) {
1115 if (!h->blocking) {
1116 ossl_quic_tserver_tick(h->s);
1117 }
1118 #if defined(OPENSSL_THREADS)
1119 else if (h->blocking && !h->server_thread.ready) {
1120 ossl_crypto_mutex_lock(h->server_thread.m);
1121 h->server_thread.ready = 1;
1122 ossl_crypto_condvar_signal(h->server_thread.c);
1123 ossl_crypto_mutex_unlock(h->server_thread.m);
1124 }
1125 if (h->blocking)
1126 assert(h->s == NULL);
1127 #endif
1128 }
1129
1130 if (!hl->explicit_event_handling
1131 && (thread_idx >= 0 || connect_started))
1132 SSL_handle_events(h->c_conn);
1133
1134 if (thread_idx >= 0) {
1135 /* Only allow certain opcodes on child threads. */
1136 switch (op->op) {
1137 case OPK_END:
1138 case OPK_CHECK:
1139 case OPK_C_ACCEPT_STREAM_WAIT:
1140 case OPK_C_NEW_STREAM:
1141 case OPK_C_READ_EXPECT:
1142 case OPK_C_EXPECT_FIN:
1143 case OPK_C_WRITE:
1144 case OPK_C_WRITE_EX2:
1145 case OPK_C_CONCLUDE:
1146 case OPK_C_FREE_STREAM:
1147 case OPK_BEGIN_REPEAT:
1148 case OPK_END_REPEAT:
1149 case OPK_C_READ_FAIL_WAIT:
1150 case OPK_C_EXPECT_SSL_ERR:
1151 case OPK_EXPECT_ERR_REASON:
1152 case OPK_EXPECT_ERR_LIB:
1153 case OPK_POP_ERR:
1154 case OPK_SLEEP:
1155 break;
1156
1157 default:
1158 TEST_error("opcode %lu not allowed on child thread",
1159 (unsigned long)op->op);
1160 goto out;
1161 }
1162 }
1163
1164 switch (op->op) {
1165 case OPK_END:
1166 if (!TEST_size_t_eq(repeat_stack_len, 0))
1167 goto out;
1168
1169 #if defined(OPENSSL_THREADS)
1170 if (thread_idx < 0) {
1171 int done;
1172 size_t i;
1173
1174 for (i = 0; i < h->num_threads; ++i) {
1175 if (h->threads[i].m == NULL)
1176 continue;
1177
1178 ossl_crypto_mutex_lock(h->threads[i].m);
1179 done = h->threads[i].done;
1180 ossl_crypto_mutex_unlock(h->threads[i].m);
1181
1182 if (!done) {
1183 if (!end_wait_warning) {
1184 TEST_info("still waiting for other threads to finish (%zu)", i);
1185 end_wait_warning = 1;
1186 }
1187
1188 S_SPIN_AGAIN();
1189 }
1190 }
1191 }
1192 #endif
1193
1194 TEST_info("script \"%s\" finished on thread %d", script_name, thread_idx);
1195 testresult = 1;
1196 goto out;
1197
1198 case OPK_BEGIN_REPEAT:
1199 if (!TEST_size_t_lt(repeat_stack_len, OSSL_NELEM(repeat_stack_idx)))
1200 goto out;
1201
1202 if (!TEST_size_t_gt(op->arg1, 0))
1203 goto out;
1204
1205 repeat_stack_idx[repeat_stack_len] = op_idx + 1;
1206 repeat_stack_done[repeat_stack_len] = 0;
1207 repeat_stack_limit[repeat_stack_len] = op->arg1;
1208 ++repeat_stack_len;
1209 break;
1210
1211 case OPK_C_SKIP_IF_UNBOUND:
1212 if (c_tgt != NULL)
1213 break;
1214
1215 op_idx += op->arg1;
1216 break;
1217
1218 case OPK_SKIP_IF_BLOCKING:
1219 if (!h->blocking)
1220 break;
1221
1222 op_idx += op->arg1;
1223 break;
1224
1225 case OPK_END_REPEAT:
1226 if (!TEST_size_t_gt(repeat_stack_len, 0))
1227 goto out;
1228
1229 if (++repeat_stack_done[repeat_stack_len - 1]
1230 == repeat_stack_limit[repeat_stack_len - 1]) {
1231 --repeat_stack_len;
1232 } else {
1233 op_idx = repeat_stack_idx[repeat_stack_len - 1];
1234 no_advance = 1;
1235 continue;
1236 }
1237
1238 break;
1239
1240 case OPK_CHECK: {
1241 int ok;
1242
1243 hl->check_op = op;
1244 ok = op->check_func(h, hl);
1245 hl->check_op = NULL;
1246
1247 if (thread_idx < 0 && h->check_spin_again) {
1248 h->check_spin_again = 0;
1249 S_SPIN_AGAIN();
1250 }
1251
1252 if (!TEST_true(ok))
1253 goto out;
1254 } break;
1255
1256 case OPK_C_SET_ALPN: {
1257 const char *alpn = op->arg0;
1258 size_t alpn_len = strlen(alpn);
1259
1260 if (!TEST_size_t_le(alpn_len, UINT8_MAX)
1261 || !TEST_ptr(tmp_buf = (unsigned char *)OPENSSL_malloc(alpn_len + 1)))
1262 goto out;
1263
1264 memcpy(tmp_buf + 1, alpn, alpn_len);
1265 tmp_buf[0] = (unsigned char)alpn_len;
1266
1267 /* 0 is the success case for SSL_set_alpn_protos(). */
1268 if (!TEST_false(SSL_set_alpn_protos(h->c_conn, tmp_buf,
1269 alpn_len + 1)))
1270 goto out;
1271
1272 OPENSSL_free(tmp_buf);
1273 tmp_buf = NULL;
1274 } break;
1275
1276 case OPK_C_CONNECT_WAIT: {
1277 int ret;
1278
1279 connect_started = 1;
1280
1281 ret = SSL_connect(h->c_conn);
1282 if (!check_consistent_want(c_tgt, ret))
1283 goto out;
1284 if (ret != 1) {
1285 if (!h->blocking && is_want(h->c_conn, ret))
1286 C_SPIN_AGAIN();
1287
1288 if (op->arg1 == 0 && !TEST_int_eq(ret, 1))
1289 goto out;
1290 }
1291 } break;
1292
1293 case OPK_C_WRITE: {
1294 size_t bytes_written = 0;
1295 int r;
1296
1297 if (!TEST_ptr(c_tgt))
1298 goto out;
1299
1300 r = SSL_write_ex(c_tgt, op->arg0, op->arg1, &bytes_written);
1301 if (!TEST_true(r)
1302 || !check_consistent_want(c_tgt, r)
1303 || !TEST_size_t_eq(bytes_written, op->arg1))
1304 goto out;
1305 } break;
1306
1307 case OPK_C_WRITE_EX2: {
1308 size_t bytes_written = 0;
1309 int r;
1310
1311 if (!TEST_ptr(c_tgt))
1312 goto out;
1313
1314 r = SSL_write_ex2(c_tgt, op->arg0, op->arg1, op->arg2,
1315 &bytes_written);
1316 if (!TEST_true(r)
1317 || !check_consistent_want(c_tgt, r)
1318 || !TEST_size_t_eq(bytes_written, op->arg1))
1319 goto out;
1320 } break;
1321
1322 case OPK_S_WRITE: {
1323 size_t bytes_written = 0;
1324
1325 if (!TEST_uint64_t_ne(s_stream_id, UINT64_MAX))
1326 goto out;
1327
1328 if (!TEST_true(ossl_quic_tserver_write(ACQUIRE_S(), s_stream_id,
1329 op->arg0, op->arg1,
1330 &bytes_written))
1331 || !TEST_size_t_eq(bytes_written, op->arg1))
1332 goto out;
1333 } break;
1334
1335 case OPK_C_CONCLUDE: {
1336 if (!TEST_true(SSL_stream_conclude(c_tgt, 0)))
1337 goto out;
1338 } break;
1339
1340 case OPK_S_CONCLUDE: {
1341 if (!TEST_uint64_t_ne(s_stream_id, UINT64_MAX))
1342 goto out;
1343
1344 ossl_quic_tserver_conclude(ACQUIRE_S(), s_stream_id);
1345 } break;
1346
1347 case OPK_C_WAIT_FOR_DATA: {
1348 char buf[1];
1349 size_t bytes_read = 0;
1350
1351 if (!TEST_ptr(c_tgt))
1352 goto out;
1353
1354 if (!SSL_peek_ex(c_tgt, buf, sizeof(buf), &bytes_read)
1355 || bytes_read == 0)
1356 C_SPIN_AGAIN();
1357 } break;
1358
1359 case OPK_C_READ_EXPECT: {
1360 size_t bytes_read = 0;
1361 int r;
1362
1363 if (op->arg1 > 0 && tmp_buf == NULL
1364 && !TEST_ptr(tmp_buf = OPENSSL_malloc(op->arg1)))
1365 goto out;
1366
1367 r = SSL_read_ex(c_tgt, tmp_buf + offset, op->arg1 - offset,
1368 &bytes_read);
1369 if (!check_consistent_want(c_tgt, r))
1370 goto out;
1371
1372 if (!r)
1373 C_SPIN_AGAIN();
1374
1375 if (bytes_read + offset != op->arg1) {
1376 offset += bytes_read;
1377 C_SPIN_AGAIN();
1378 }
1379
1380 if (op->arg1 > 0
1381 && !TEST_mem_eq(tmp_buf, op->arg1, op->arg0, op->arg1))
1382 goto out;
1383
1384 OPENSSL_free(tmp_buf);
1385 tmp_buf = NULL;
1386 } break;
1387
1388 case OPK_S_READ_EXPECT: {
1389 size_t bytes_read = 0;
1390
1391 if (!TEST_uint64_t_ne(s_stream_id, UINT64_MAX))
1392 goto out;
1393
1394 if (op->arg1 > 0 && tmp_buf == NULL
1395 && !TEST_ptr(tmp_buf = OPENSSL_malloc(op->arg1)))
1396 goto out;
1397
1398 if (!TEST_true(ossl_quic_tserver_read(ACQUIRE_S(), s_stream_id,
1399 tmp_buf + offset,
1400 op->arg1 - offset,
1401 &bytes_read)))
1402 goto out;
1403
1404 if (bytes_read + offset != op->arg1) {
1405 offset += bytes_read;
1406 S_SPIN_AGAIN();
1407 }
1408
1409 if (op->arg1 > 0
1410 && !TEST_mem_eq(tmp_buf, op->arg1, op->arg0, op->arg1))
1411 goto out;
1412
1413 OPENSSL_free(tmp_buf);
1414 tmp_buf = NULL;
1415 } break;
1416
1417 case OPK_C_EXPECT_FIN: {
1418 char buf[1];
1419 size_t bytes_read = 0;
1420 int r;
1421
1422 r = SSL_read_ex(c_tgt, buf, sizeof(buf), &bytes_read);
1423 if (!check_consistent_want(c_tgt, r)
1424 || !TEST_false(r)
1425 || !TEST_size_t_eq(bytes_read, 0))
1426 goto out;
1427
1428 if (is_want(c_tgt, 0))
1429 C_SPIN_AGAIN();
1430
1431 if (!TEST_int_eq(SSL_get_error(c_tgt, 0),
1432 SSL_ERROR_ZERO_RETURN))
1433 goto out;
1434
1435 if (!TEST_int_eq(SSL_want(c_tgt), SSL_NOTHING))
1436 goto out;
1437 } break;
1438
1439 case OPK_S_EXPECT_FIN: {
1440 if (!TEST_uint64_t_ne(s_stream_id, UINT64_MAX))
1441 goto out;
1442
1443 if (!ossl_quic_tserver_has_read_ended(ACQUIRE_S(), s_stream_id))
1444 S_SPIN_AGAIN();
1445 } break;
1446
1447 case OPK_C_DETACH: {
1448 SSL *c_stream;
1449
1450 if (!TEST_ptr_null(c_tgt))
1451 goto out; /* don't overwrite existing stream with same name */
1452
1453 if (!TEST_ptr(op->stream_name))
1454 goto out;
1455
1456 if (!TEST_ptr(c_stream = ossl_quic_detach_stream(h->c_conn)))
1457 goto out;
1458
1459 if (!TEST_true(helper_local_set_c_stream(hl, op->stream_name, c_stream)))
1460 goto out;
1461 } break;
1462
1463 case OPK_C_ATTACH: {
1464 if (!TEST_ptr(c_tgt))
1465 goto out;
1466
1467 if (!TEST_ptr(op->stream_name))
1468 goto out;
1469
1470 if (!TEST_true(ossl_quic_attach_stream(h->c_conn, c_tgt)))
1471 goto out;
1472
1473 if (!TEST_true(helper_local_set_c_stream(hl, op->stream_name, NULL)))
1474 goto out;
1475 } break;
1476
1477 case OPK_C_NEW_STREAM: {
1478 SSL *c_stream;
1479 uint64_t flags = op->arg1;
1480 int allow_fail = ((flags & ALLOW_FAIL) != 0);
1481
1482 flags &= ~(uint64_t)ALLOW_FAIL;
1483
1484 if (!TEST_ptr_null(c_tgt))
1485 goto out; /* don't overwrite existing stream with same name */
1486
1487 if (!TEST_ptr(op->stream_name))
1488 goto out;
1489
1490 c_stream = SSL_new_stream(h->c_conn, flags);
1491 if (!allow_fail && !TEST_ptr(c_stream))
1492 goto out;
1493
1494 if (allow_fail && c_stream == NULL) {
1495 if (!TEST_size_t_eq(ERR_GET_REASON(ERR_get_error()),
1496 SSL_R_STREAM_COUNT_LIMITED))
1497 goto out;
1498
1499 ++h->fail_count;
1500 break;
1501 }
1502
1503 if (op->arg2 != UINT64_MAX
1504 && !TEST_uint64_t_eq(SSL_get_stream_id(c_stream),
1505 op->arg2))
1506 goto out;
1507
1508 if (!TEST_true(helper_local_set_c_stream(hl, op->stream_name, c_stream)))
1509 goto out;
1510 } break;
1511
1512 case OPK_S_NEW_STREAM: {
1513 uint64_t stream_id = UINT64_MAX;
1514
1515 if (!TEST_uint64_t_eq(s_stream_id, UINT64_MAX))
1516 goto out; /* don't overwrite existing stream with same name */
1517
1518 if (!TEST_ptr(op->stream_name))
1519 goto out;
1520
1521 if (!TEST_true(ossl_quic_tserver_stream_new(ACQUIRE_S(),
1522 op->arg1 > 0,
1523 &stream_id)))
1524 goto out;
1525
1526 if (op->arg2 != UINT64_MAX
1527 && !TEST_uint64_t_eq(stream_id, op->arg2))
1528 goto out;
1529
1530 if (!TEST_true(helper_set_s_stream(h, op->stream_name,
1531 stream_id)))
1532 goto out;
1533 } break;
1534
1535 case OPK_C_ACCEPT_STREAM_WAIT: {
1536 SSL *c_stream;
1537
1538 if (!TEST_ptr_null(c_tgt))
1539 goto out; /* don't overwrite existing stream with same name */
1540
1541 if (!TEST_ptr(op->stream_name))
1542 goto out;
1543
1544 if ((c_stream = SSL_accept_stream(h->c_conn, 0)) == NULL)
1545 C_SPIN_AGAIN();
1546
1547 if (!TEST_true(helper_local_set_c_stream(hl, op->stream_name,
1548 c_stream)))
1549 goto out;
1550 } break;
1551
1552 case OPK_S_ACCEPT_STREAM_WAIT: {
1553 uint64_t new_stream_id;
1554
1555 if (!TEST_uint64_t_eq(s_stream_id, UINT64_MAX))
1556 goto out;
1557
1558 if (!TEST_ptr(op->stream_name))
1559 goto out;
1560
1561 new_stream_id = ossl_quic_tserver_pop_incoming_stream(ACQUIRE_S());
1562 if (new_stream_id == UINT64_MAX)
1563 S_SPIN_AGAIN();
1564
1565 if (!TEST_true(helper_set_s_stream(h, op->stream_name, new_stream_id)))
1566 goto out;
1567 } break;
1568
1569 case OPK_C_ACCEPT_STREAM_NONE: {
1570 SSL *c_stream;
1571
1572 if (!TEST_ptr_null(c_stream = SSL_accept_stream(h->c_conn,
1573 SSL_ACCEPT_STREAM_NO_BLOCK))) {
1574 SSL_free(c_stream);
1575 goto out;
1576 }
1577 } break;
1578
1579 case OPK_C_FREE_STREAM: {
1580 if (!TEST_ptr(c_tgt)
1581 || !TEST_true(!SSL_is_connection(c_tgt)))
1582 goto out;
1583
1584 if (!TEST_ptr(op->stream_name))
1585 goto out;
1586
1587 if (!TEST_true(helper_local_set_c_stream(hl, op->stream_name, NULL)))
1588 goto out;
1589
1590 SSL_free(c_tgt);
1591 c_tgt = NULL;
1592 } break;
1593
1594 case OPK_C_SET_DEFAULT_STREAM_MODE: {
1595 if (!TEST_ptr(c_tgt))
1596 goto out;
1597
1598 if (!TEST_true(SSL_set_default_stream_mode(c_tgt, op->arg1)))
1599 goto out;
1600 } break;
1601
1602 case OPK_C_SET_INCOMING_STREAM_POLICY: {
1603 if (!TEST_ptr(c_tgt))
1604 goto out;
1605
1606 if (!TEST_true(SSL_set_incoming_stream_policy(c_tgt,
1607 op->arg1, 0)))
1608 goto out;
1609 } break;
1610
1611 case OPK_C_SHUTDOWN_WAIT: {
1612 int ret;
1613 QUIC_CHANNEL *ch = ossl_quic_conn_get_channel(h->c_conn);
1614 SSL_SHUTDOWN_EX_ARGS args = { 0 };
1615
1616 ossl_quic_engine_set_inhibit_tick(ossl_quic_channel_get0_engine(ch), 0);
1617
1618 if (!TEST_ptr(c_tgt))
1619 goto out;
1620
1621 args.quic_reason = (const char *)op->arg0;
1622
1623 ret = SSL_shutdown_ex(c_tgt, op->arg1, &args, sizeof(args));
1624 if (!TEST_int_ge(ret, 0))
1625 goto out;
1626
1627 if (ret == 0)
1628 C_SPIN_AGAIN();
1629 } break;
1630
1631 case OPK_S_SHUTDOWN: {
1632 ossl_quic_tserver_shutdown(ACQUIRE_S(), op->arg1);
1633 } break;
1634
1635 case OPK_C_EXPECT_CONN_CLOSE_INFO: {
1636 SSL_CONN_CLOSE_INFO cc_info = { 0 };
1637 int expect_app = (op->arg1 & EXPECT_CONN_CLOSE_APP) != 0;
1638 int expect_remote = (op->arg1 & EXPECT_CONN_CLOSE_REMOTE) != 0;
1639 uint64_t error_code = op->arg2;
1640
1641 if (!TEST_ptr(c_tgt))
1642 goto out;
1643
1644 if (h->blocking
1645 && !TEST_true(SSL_shutdown_ex(c_tgt,
1646 SSL_SHUTDOWN_FLAG_WAIT_PEER,
1647 NULL, 0)))
1648 goto out;
1649
1650 if (!SSL_get_conn_close_info(c_tgt, &cc_info, sizeof(cc_info)))
1651 C_SPIN_AGAIN();
1652
1653 if (!TEST_int_eq(expect_app,
1654 (cc_info.flags
1655 & SSL_CONN_CLOSE_FLAG_TRANSPORT)
1656 == 0)
1657 || !TEST_int_eq(expect_remote,
1658 (cc_info.flags
1659 & SSL_CONN_CLOSE_FLAG_LOCAL)
1660 == 0)
1661 || !TEST_uint64_t_eq(error_code, cc_info.error_code)) {
1662 TEST_info("Connection close reason: %s", cc_info.reason);
1663 goto out;
1664 }
1665 } break;
1666
1667 case OPK_S_EXPECT_CONN_CLOSE_INFO: {
1668 const QUIC_TERMINATE_CAUSE *tc;
1669 int expect_app = (op->arg1 & EXPECT_CONN_CLOSE_APP) != 0;
1670 int expect_remote = (op->arg1 & EXPECT_CONN_CLOSE_REMOTE) != 0;
1671 uint64_t error_code = op->arg2;
1672
1673 if (!ossl_quic_tserver_is_term_any(ACQUIRE_S())) {
1674 ossl_quic_tserver_ping(ACQUIRE_S());
1675 S_SPIN_AGAIN();
1676 }
1677
1678 if (!TEST_ptr(tc = ossl_quic_tserver_get_terminate_cause(ACQUIRE_S())))
1679 goto out;
1680
1681 if (!TEST_uint64_t_eq(error_code, tc->error_code)
1682 || !TEST_int_eq(expect_app, tc->app)
1683 || !TEST_int_eq(expect_remote, tc->remote))
1684 goto out;
1685 } break;
1686
1687 case OPK_S_BIND_STREAM_ID: {
1688 if (!TEST_uint64_t_eq(s_stream_id, UINT64_MAX))
1689 goto out;
1690
1691 if (!TEST_ptr(op->stream_name))
1692 goto out;
1693
1694 if (!TEST_true(helper_set_s_stream(h, op->stream_name, op->arg2)))
1695 goto out;
1696 } break;
1697
1698 case OPK_S_UNBIND_STREAM_ID: {
1699 if (!TEST_uint64_t_ne(s_stream_id, UINT64_MAX))
1700 goto out;
1701
1702 if (!TEST_ptr(op->stream_name))
1703 goto out;
1704
1705 if (!TEST_true(helper_set_s_stream(h, op->stream_name, UINT64_MAX)))
1706 goto out;
1707 } break;
1708
1709 case OPK_C_WRITE_FAIL: {
1710 size_t bytes_written = 0;
1711 int r;
1712
1713 if (!TEST_ptr(c_tgt))
1714 goto out;
1715
1716 r = SSL_write_ex(c_tgt, "apple", 5, &bytes_written);
1717 if (!TEST_false(r)
1718 || !check_consistent_want(c_tgt, r))
1719 goto out;
1720 } break;
1721
1722 case OPK_S_WRITE_FAIL: {
1723 size_t bytes_written = 0;
1724
1725 if (!TEST_uint64_t_ne(s_stream_id, UINT64_MAX))
1726 goto out;
1727
1728 if (!TEST_false(ossl_quic_tserver_write(ACQUIRE_S(), s_stream_id,
1729 (const unsigned char *)"apple", 5,
1730 &bytes_written)))
1731 goto out;
1732 } break;
1733
1734 case OPK_C_READ_FAIL: {
1735 size_t bytes_read = 0;
1736 char buf[1];
1737 int r;
1738
1739 if (!TEST_ptr(c_tgt))
1740 goto out;
1741
1742 r = SSL_read_ex(c_tgt, buf, sizeof(buf), &bytes_read);
1743 if (!TEST_false(r))
1744 goto out;
1745 if (!check_consistent_want(c_tgt, r))
1746 goto out;
1747 } break;
1748
1749 case OPK_C_READ_FAIL_WAIT: {
1750 size_t bytes_read = 0;
1751 char buf[1];
1752 int r;
1753
1754 if (!TEST_ptr(c_tgt))
1755 goto out;
1756
1757 r = SSL_read_ex(c_tgt, buf, sizeof(buf), &bytes_read);
1758 if (!TEST_false(r))
1759 goto out;
1760 if (!check_consistent_want(c_tgt, r))
1761 goto out;
1762
1763 if (is_want(c_tgt, 0))
1764 C_SPIN_AGAIN();
1765 } break;
1766
1767 case OPK_S_READ_FAIL: {
1768 int ret;
1769 size_t bytes_read = 0;
1770 unsigned char buf[1];
1771
1772 if (!TEST_uint64_t_ne(s_stream_id, UINT64_MAX))
1773 goto out;
1774
1775 ret = ossl_quic_tserver_read(ACQUIRE_S(), s_stream_id,
1776 buf, sizeof(buf),
1777 &bytes_read);
1778 if (!TEST_true(ret == 0 || (op->arg1 && bytes_read == 0)))
1779 goto out;
1780 } break;
1781
1782 case OPK_C_STREAM_RESET:
1783 case OPK_C_STREAM_RESET_FAIL: {
1784 SSL_STREAM_RESET_ARGS args = { 0 };
1785
1786 if (!TEST_ptr(c_tgt))
1787 goto out;
1788
1789 args.quic_error_code = op->arg2;
1790 if (op->op == OPK_C_STREAM_RESET) {
1791 if (!TEST_true(SSL_stream_reset(c_tgt, &args, sizeof(args))))
1792 goto out;
1793 } else {
1794 if (!TEST_false(SSL_stream_reset(c_tgt, &args, sizeof(args))))
1795 goto out;
1796 }
1797 } break;
1798
1799 case OPK_NEW_THREAD: {
1800 #if !defined(OPENSSL_THREADS)
1801 /*
1802 * If this test script requires threading and we do not have
1803 * support for it, skip the rest of it.
1804 */
1805 TEST_skip("threading not supported, skipping");
1806 testresult = 1;
1807 goto out;
1808 #else
1809 size_t i;
1810
1811 if (!TEST_ptr_null(h->threads)) {
1812 TEST_error("max one NEW_THREAD operation per script");
1813 goto out;
1814 }
1815
1816 h->threads = OPENSSL_zalloc(op->arg1 * sizeof(struct child_thread_args));
1817 if (!TEST_ptr(h->threads))
1818 goto out;
1819
1820 h->num_threads = op->arg1;
1821
1822 for (i = 0; i < op->arg1; ++i) {
1823 h->threads[i].h = h;
1824 h->threads[i].script = op->arg0;
1825 h->threads[i].script_name = script_name;
1826 h->threads[i].thread_idx = i;
1827
1828 h->threads[i].m = ossl_crypto_mutex_new();
1829 if (!TEST_ptr(h->threads[i].m))
1830 goto out;
1831
1832 h->threads[i].t
1833 = ossl_crypto_thread_native_start(run_script_child_thread,
1834 &h->threads[i], 1);
1835 if (!TEST_ptr(h->threads[i].t))
1836 goto out;
1837 }
1838 #endif
1839 } break;
1840
1841 case OPK_C_CLOSE_SOCKET: {
1842 BIO_closesocket(h->c_fd);
1843 h->c_fd = -1;
1844 } break;
1845
1846 case OPK_C_EXPECT_SSL_ERR: {
1847 if (!TEST_size_t_eq((size_t)SSL_get_error(c_tgt, 0), op->arg1))
1848 goto out;
1849 if (!TEST_int_eq(SSL_want(c_tgt), SSL_NOTHING))
1850 goto out;
1851 } break;
1852
1853 case OPK_EXPECT_ERR_REASON: {
1854 if (!TEST_size_t_eq((size_t)ERR_GET_REASON(ERR_peek_last_error()), op->arg1))
1855 goto out;
1856 } break;
1857
1858 case OPK_EXPECT_ERR_LIB: {
1859 if (!TEST_size_t_eq((size_t)ERR_GET_LIB(ERR_peek_last_error()), op->arg1))
1860 goto out;
1861 } break;
1862
1863 case OPK_POP_ERR:
1864 ERR_pop();
1865 break;
1866
1867 case OPK_SLEEP: {
1868 OSSL_sleep(op->arg2);
1869 } break;
1870
1871 case OPK_S_SET_INJECT_PLAIN:
1872 h->qtf_packet_plain_cb = op->qtf_packet_plain_cb;
1873
1874 if (!TEST_true(qtest_fault_set_packet_plain_listener(h->qtf,
1875 h->qtf_packet_plain_cb != NULL ? helper_packet_plain_listener : NULL,
1876 h)))
1877 goto out;
1878
1879 break;
1880
1881 case OPK_S_SET_INJECT_HANDSHAKE:
1882 h->qtf_handshake_cb = op->qtf_handshake_cb;
1883
1884 if (!TEST_true(qtest_fault_set_handshake_listener(h->qtf,
1885 h->qtf_handshake_cb != NULL ? helper_handshake_listener : NULL,
1886 h)))
1887 goto out;
1888
1889 break;
1890
1891 case OPK_S_SET_INJECT_DATAGRAM:
1892 h->qtf_datagram_cb = op->qtf_datagram_cb;
1893
1894 if (!TEST_true(qtest_fault_set_datagram_listener(h->qtf,
1895 h->qtf_datagram_cb != NULL ? helper_datagram_listener : NULL,
1896 h)))
1897 goto out;
1898
1899 break;
1900
1901 case OPK_SET_INJECT_WORD:
1902 /*
1903 * Must hold server tick lock - callbacks can be called from other
1904 * thread when running test in blocking mode (tsan).
1905 */
1906 ACQUIRE_S();
1907 h->inject_word0 = op->arg1;
1908 h->inject_word1 = op->arg2;
1909 break;
1910
1911 case OPK_C_INHIBIT_TICK: {
1912 QUIC_CHANNEL *ch = ossl_quic_conn_get_channel(h->c_conn);
1913
1914 ossl_quic_engine_set_inhibit_tick(ossl_quic_channel_get0_engine(ch),
1915 op->arg1);
1916 } break;
1917
1918 case OPK_C_SET_WRITE_BUF_SIZE:
1919 if (!TEST_ptr(c_tgt))
1920 goto out;
1921
1922 if (!TEST_true(ossl_quic_set_write_buffer_size(c_tgt, op->arg1)))
1923 goto out;
1924
1925 break;
1926
1927 case OPK_S_NEW_TICKET:
1928 if (!TEST_true(ossl_quic_tserver_new_ticket(ACQUIRE_S())))
1929 goto out;
1930 break;
1931
1932 default:
1933 TEST_error("unknown op");
1934 goto out;
1935 }
1936 }
1937
1938 out:
1939 s_unlock(h, hl); /* idempotent */
1940 if (!testresult) {
1941 size_t i;
1942 const QUIC_TERMINATE_CAUSE *tcause;
1943 const char *e_str, *f_str;
1944
1945 TEST_error("failed in script \"%s\" at op %zu, thread %d\n",
1946 script_name, op_idx + 1, thread_idx);
1947
1948 for (i = 0; i < repeat_stack_len; ++i)
1949 TEST_info("while repeating, iteration %zu of %zu, starting at script op %zu",
1950 repeat_stack_done[i],
1951 repeat_stack_limit[i],
1952 repeat_stack_idx[i]);
1953
1954 ERR_print_errors_fp(stderr);
1955
1956 if (h->c_conn != NULL) {
1957 SSL_CONN_CLOSE_INFO cc_info = { 0 };
1958
1959 if (SSL_get_conn_close_info(h->c_conn, &cc_info, sizeof(cc_info))) {
1960 e_str = ossl_quic_err_to_string(cc_info.error_code);
1961 f_str = ossl_quic_frame_type_to_string(cc_info.frame_type);
1962
1963 if (e_str == NULL)
1964 e_str = "?";
1965 if (f_str == NULL)
1966 f_str = "?";
1967
1968 TEST_info("client side is closed: %llu(%s)/%llu(%s), "
1969 "%s, %s, reason: \"%s\"",
1970 (unsigned long long)cc_info.error_code,
1971 e_str,
1972 (unsigned long long)cc_info.frame_type,
1973 f_str,
1974 (cc_info.flags & SSL_CONN_CLOSE_FLAG_LOCAL) != 0
1975 ? "local"
1976 : "remote",
1977 (cc_info.flags & SSL_CONN_CLOSE_FLAG_TRANSPORT) != 0
1978 ? "transport"
1979 : "app",
1980 cc_info.reason != NULL ? cc_info.reason : "-");
1981 }
1982 }
1983
1984 tcause = (h->s != NULL
1985 ? ossl_quic_tserver_get_terminate_cause(h->s)
1986 : NULL);
1987 if (tcause != NULL) {
1988 e_str = ossl_quic_err_to_string(tcause->error_code);
1989 f_str = ossl_quic_frame_type_to_string(tcause->frame_type);
1990
1991 if (e_str == NULL)
1992 e_str = "?";
1993 if (f_str == NULL)
1994 f_str = "?";
1995
1996 TEST_info("server side is closed: %llu(%s)/%llu(%s), "
1997 "%s, %s, reason: \"%s\"",
1998 (unsigned long long)tcause->error_code,
1999 e_str,
2000 (unsigned long long)tcause->frame_type,
2001 f_str,
2002 tcause->remote ? "remote" : "local",
2003 tcause->app ? "app" : "transport",
2004 tcause->reason != NULL ? tcause->reason : "-");
2005 }
2006 }
2007
2008 OPENSSL_free(tmp_buf);
2009 helper_local_cleanup(hl);
2010 return testresult;
2011 }
2012
run_script(const struct script_op * script,const char * script_name,int free_order,int blocking)2013 static int run_script(const struct script_op *script,
2014 const char *script_name,
2015 int free_order,
2016 int blocking)
2017 {
2018 int testresult = 0;
2019 struct helper h;
2020
2021 if (!TEST_true(helper_init(&h, script_name,
2022 free_order, blocking, 1)))
2023 goto out;
2024
2025 if (!TEST_true(run_script_worker(&h, script, script_name, -1)))
2026 goto out;
2027
2028 #if defined(OPENSSL_THREADS)
2029 if (!TEST_true(join_threads(h.threads, h.num_threads)))
2030 goto out;
2031 #endif
2032
2033 testresult = 1;
2034 out:
2035 helper_cleanup(&h);
2036 return testresult;
2037 }
2038
2039 #if defined(OPENSSL_THREADS)
run_script_child_thread(void * arg)2040 static CRYPTO_THREAD_RETVAL run_script_child_thread(void *arg)
2041 {
2042 int testresult;
2043 struct child_thread_args *args = arg;
2044
2045 testresult = run_script_worker(args->h, args->script,
2046 args->script_name,
2047 args->thread_idx);
2048
2049 ossl_crypto_mutex_lock(args->m);
2050 args->testresult = testresult;
2051 args->done = 1;
2052 ossl_crypto_mutex_unlock(args->m);
2053 return 1;
2054 }
2055 #endif
2056
2057 /* 1. Simple single-stream test */
2058 static const struct script_op script_1[] = {
2059 OP_C_SET_ALPN("ossltest")
2060 OP_C_CONNECT_WAIT()
2061 OP_C_WRITE(DEFAULT, "apple", 5)
2062 OP_C_CONCLUDE(DEFAULT)
2063 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
2064 OP_S_READ_EXPECT(a, "apple", 5)
2065 OP_S_EXPECT_FIN(a)
2066 OP_S_WRITE(a, "orange", 6)
2067 OP_S_CONCLUDE(a)
2068 OP_C_READ_EXPECT(DEFAULT, "orange", 6)
2069 OP_C_EXPECT_FIN(DEFAULT)
2070 OP_END
2071 };
2072
2073 /* 2. Multi-stream test */
2074 static const struct script_op script_2[] = {
2075 OP_C_SET_ALPN("ossltest")
2076 OP_C_CONNECT_WAIT()
2077 OP_C_SET_INCOMING_STREAM_POLICY(SSL_INCOMING_STREAM_POLICY_ACCEPT)
2078 OP_C_WRITE(DEFAULT, "apple", 5)
2079 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
2080 OP_S_READ_EXPECT(a, "apple", 5)
2081 OP_S_WRITE(a, "orange", 6)
2082 OP_C_READ_EXPECT(DEFAULT, "orange", 6)
2083
2084 OP_C_NEW_STREAM_BIDI(b, C_BIDI_ID(1))
2085 OP_C_WRITE(b, "flamingo", 8)
2086 OP_C_CONCLUDE(b)
2087 OP_S_BIND_STREAM_ID(b, C_BIDI_ID(1))
2088 OP_S_READ_EXPECT(b, "flamingo", 8)
2089 OP_S_EXPECT_FIN(b)
2090 OP_S_WRITE(b, "gargoyle", 8)
2091 OP_S_CONCLUDE(b)
2092 OP_C_READ_EXPECT(b, "gargoyle", 8)
2093 OP_C_EXPECT_FIN(b)
2094
2095 OP_C_NEW_STREAM_UNI(c, C_UNI_ID(0))
2096 OP_C_WRITE(c, "elephant", 8)
2097 OP_C_CONCLUDE(c)
2098 OP_S_BIND_STREAM_ID(c, C_UNI_ID(0))
2099 OP_S_READ_EXPECT(c, "elephant", 8)
2100 OP_S_EXPECT_FIN(c)
2101 OP_S_WRITE_FAIL(c)
2102
2103 OP_C_ACCEPT_STREAM_NONE()
2104
2105 OP_S_NEW_STREAM_BIDI(d, S_BIDI_ID(0))
2106 OP_S_WRITE(d, "frog", 4)
2107 OP_S_CONCLUDE(d)
2108
2109 OP_C_ACCEPT_STREAM_WAIT(d)
2110 OP_C_ACCEPT_STREAM_NONE()
2111 OP_C_READ_EXPECT(d, "frog", 4)
2112 OP_C_EXPECT_FIN(d)
2113
2114 OP_S_NEW_STREAM_BIDI(e, S_BIDI_ID(1))
2115 OP_S_WRITE(e, "mixture", 7)
2116 OP_S_CONCLUDE(e)
2117
2118 OP_C_ACCEPT_STREAM_WAIT(e)
2119 OP_C_READ_EXPECT(e, "mixture", 7)
2120 OP_C_EXPECT_FIN(e)
2121 OP_C_WRITE(e, "ramble", 6)
2122 OP_S_READ_EXPECT(e, "ramble", 6)
2123 OP_C_CONCLUDE(e)
2124 OP_S_EXPECT_FIN(e)
2125
2126 OP_S_NEW_STREAM_UNI(f, S_UNI_ID(0))
2127 OP_S_WRITE(f, "yonder", 6)
2128 OP_S_CONCLUDE(f)
2129
2130 OP_C_ACCEPT_STREAM_WAIT(f)
2131 OP_C_ACCEPT_STREAM_NONE()
2132 OP_C_READ_EXPECT(f, "yonder", 6)
2133 OP_C_EXPECT_FIN(f)
2134 OP_C_WRITE_FAIL(f)
2135
2136 OP_C_SET_INCOMING_STREAM_POLICY(SSL_INCOMING_STREAM_POLICY_REJECT)
2137 OP_S_NEW_STREAM_BIDI(g, S_BIDI_ID(2))
2138 OP_S_WRITE(g, "unseen", 6)
2139 OP_S_CONCLUDE(g)
2140
2141 OP_C_ACCEPT_STREAM_NONE()
2142
2143 OP_C_SET_INCOMING_STREAM_POLICY(SSL_INCOMING_STREAM_POLICY_AUTO)
2144 OP_S_NEW_STREAM_BIDI(h, S_BIDI_ID(3))
2145 OP_S_WRITE(h, "UNSEEN", 6)
2146 OP_S_CONCLUDE(h)
2147
2148 OP_C_ACCEPT_STREAM_NONE()
2149
2150 /*
2151 * Streams g, h should have been rejected, so server should have got
2152 * STOP_SENDING/RESET_STREAM.
2153 */
2154 OP_CHECK(check_rejected, S_BIDI_ID(2))
2155 OP_CHECK(check_rejected, S_BIDI_ID(3))
2156
2157 OP_END
2158 };
2159
2160 /* 3. Default stream detach/reattach test */
2161 static const struct script_op script_3[] = {
2162 OP_C_SET_ALPN("ossltest")
2163 OP_C_CONNECT_WAIT()
2164
2165 OP_C_WRITE(DEFAULT, "apple", 5)
2166 OP_C_DETACH(a) /* DEFAULT becomes stream 'a' */
2167 OP_C_WRITE_FAIL(DEFAULT)
2168
2169 OP_C_WRITE(a, "by", 2)
2170
2171 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
2172 OP_S_READ_EXPECT(a, "appleby", 7)
2173
2174 OP_S_WRITE(a, "hello", 5)
2175 OP_C_READ_EXPECT(a, "hello", 5)
2176
2177 OP_C_WRITE_FAIL(DEFAULT)
2178 OP_C_ATTACH(a)
2179 OP_C_WRITE(DEFAULT, "is here", 7)
2180 OP_S_READ_EXPECT(a, "is here", 7)
2181
2182 OP_C_DETACH(a)
2183 OP_C_CONCLUDE(a)
2184 OP_S_EXPECT_FIN(a)
2185
2186 OP_END
2187 };
2188
2189 /* 4. Default stream mode test */
2190 static const struct script_op script_4[] = {
2191 OP_C_SET_ALPN("ossltest")
2192 OP_C_CONNECT_WAIT()
2193
2194 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
2195 OP_C_WRITE_FAIL(DEFAULT)
2196
2197 OP_S_NEW_STREAM_BIDI(a, S_BIDI_ID(0))
2198 OP_S_WRITE(a, "apple", 5)
2199
2200 OP_C_READ_FAIL(DEFAULT)
2201
2202 OP_C_ACCEPT_STREAM_WAIT(a)
2203 OP_C_READ_EXPECT(a, "apple", 5)
2204
2205 OP_C_ATTACH(a)
2206 OP_C_WRITE(DEFAULT, "orange", 6)
2207 OP_S_READ_EXPECT(a, "orange", 6)
2208
2209 OP_END
2210 };
2211
2212 /* 5. Test stream reset functionality */
2213 static const struct script_op script_5[] = {
2214 OP_C_SET_ALPN("ossltest")
2215 OP_C_CONNECT_WAIT()
2216
2217 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
2218 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0))
2219 OP_C_NEW_STREAM_BIDI(b, C_BIDI_ID(1))
2220
2221 OP_C_WRITE(a, "apple", 5)
2222 OP_C_STREAM_RESET(a, 42)
2223
2224 OP_C_WRITE(b, "strawberry", 10)
2225
2226 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
2227 OP_S_BIND_STREAM_ID(b, C_BIDI_ID(1))
2228 OP_S_READ_EXPECT(b, "strawberry", 10)
2229 /* Reset disrupts read of already sent data */
2230 OP_S_READ_FAIL(a, 0)
2231 OP_CHECK(check_stream_reset, C_BIDI_ID(0))
2232
2233 OP_END
2234 };
2235
2236 /* 6. Test STOP_SENDING functionality */
2237 static const struct script_op script_6[] = {
2238 OP_C_SET_ALPN("ossltest")
2239 OP_C_CONNECT_WAIT()
2240
2241 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
2242 OP_S_NEW_STREAM_BIDI(a, S_BIDI_ID(0))
2243 OP_S_WRITE(a, "apple", 5)
2244
2245 OP_C_ACCEPT_STREAM_WAIT(a)
2246 OP_C_FREE_STREAM(a)
2247 OP_C_ACCEPT_STREAM_NONE()
2248
2249 OP_CHECK(check_stream_stopped, S_BIDI_ID(0))
2250
2251 OP_END
2252 };
2253
2254 /* 7. Unidirectional default stream mode test (client sends first) */
2255 static const struct script_op script_7[] = {
2256 OP_C_SET_ALPN("ossltest")
2257 OP_C_CONNECT_WAIT()
2258
2259 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_AUTO_UNI)
2260 OP_C_WRITE(DEFAULT, "apple", 5)
2261
2262 OP_S_BIND_STREAM_ID(a, C_UNI_ID(0))
2263 OP_S_READ_EXPECT(a, "apple", 5)
2264 OP_S_WRITE_FAIL(a)
2265
2266 OP_END
2267 };
2268
2269 /* 8. Unidirectional default stream mode test (server sends first) */
2270 static const struct script_op script_8[] = {
2271 OP_C_SET_ALPN("ossltest")
2272 OP_C_CONNECT_WAIT()
2273
2274 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_AUTO_UNI)
2275 OP_S_NEW_STREAM_UNI(a, S_UNI_ID(0))
2276 OP_S_WRITE(a, "apple", 5)
2277 OP_C_READ_EXPECT(DEFAULT, "apple", 5)
2278 OP_C_WRITE_FAIL(DEFAULT)
2279
2280 OP_END
2281 };
2282
2283 /* 9. Unidirectional default stream mode test (server sends first on bidi) */
2284 static const struct script_op script_9[] = {
2285 OP_C_SET_ALPN("ossltest")
2286 OP_C_CONNECT_WAIT()
2287
2288 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_AUTO_UNI)
2289 OP_S_NEW_STREAM_BIDI(a, S_BIDI_ID(0))
2290 OP_S_WRITE(a, "apple", 5)
2291 OP_C_READ_EXPECT(DEFAULT, "apple", 5)
2292 OP_C_WRITE(DEFAULT, "orange", 6)
2293 OP_S_READ_EXPECT(a, "orange", 6)
2294
2295 OP_END
2296 };
2297
2298 /* 10. Shutdown */
2299 static const struct script_op script_10[] = {
2300 OP_C_SET_ALPN("ossltest")
2301 OP_C_CONNECT_WAIT()
2302
2303 OP_C_WRITE(DEFAULT, "apple", 5)
2304 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
2305 OP_S_READ_EXPECT(a, "apple", 5)
2306
2307 OP_C_SHUTDOWN_WAIT(NULL, 0)
2308 OP_C_EXPECT_CONN_CLOSE_INFO(0, 1, 0)
2309 OP_S_EXPECT_CONN_CLOSE_INFO(0, 1, 1)
2310
2311 OP_END
2312 };
2313
2314 /* 11. Many threads accepted on the same client connection */
2315 static const struct script_op script_11_child[] = {
2316 OP_C_ACCEPT_STREAM_WAIT(a)
2317 OP_C_READ_EXPECT(a, "foo", 3)
2318 OP_SLEEP(10)
2319 OP_C_EXPECT_FIN(a)
2320
2321 OP_END
2322 };
2323
2324 static const struct script_op script_11[] = {
2325 OP_C_SET_ALPN("ossltest")
2326 OP_C_CONNECT_WAIT()
2327 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
2328
2329 OP_NEW_THREAD(5, script_11_child)
2330
2331 OP_S_NEW_STREAM_BIDI(a, ANY_ID)
2332 OP_S_WRITE(a, "foo", 3)
2333 OP_S_CONCLUDE(a)
2334
2335 OP_S_NEW_STREAM_BIDI(b, ANY_ID)
2336 OP_S_WRITE(b, "foo", 3)
2337 OP_S_CONCLUDE(b)
2338
2339 OP_S_NEW_STREAM_BIDI(c, ANY_ID)
2340 OP_S_WRITE(c, "foo", 3)
2341 OP_S_CONCLUDE(c)
2342
2343 OP_S_NEW_STREAM_BIDI(d, ANY_ID)
2344 OP_S_WRITE(d, "foo", 3)
2345 OP_S_CONCLUDE(d)
2346
2347 OP_S_NEW_STREAM_BIDI(e, ANY_ID)
2348 OP_S_WRITE(e, "foo", 3)
2349 OP_S_CONCLUDE(e)
2350
2351 OP_END
2352 };
2353
2354 /* 12. Many threads initiated on the same client connection */
2355 static const struct script_op script_12_child[] = {
2356 OP_C_NEW_STREAM_BIDI(a, ANY_ID)
2357 OP_C_WRITE(a, "foo", 3)
2358 OP_C_CONCLUDE(a)
2359 OP_C_FREE_STREAM(a)
2360
2361 OP_END
2362 };
2363
2364 static const struct script_op script_12[] = {
2365 OP_C_SET_ALPN("ossltest")
2366 OP_C_CONNECT_WAIT()
2367 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
2368
2369 OP_NEW_THREAD(5, script_12_child)
2370
2371 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
2372 OP_S_READ_EXPECT(a, "foo", 3)
2373 OP_S_EXPECT_FIN(a)
2374 OP_S_BIND_STREAM_ID(b, C_BIDI_ID(1))
2375 OP_S_READ_EXPECT(b, "foo", 3)
2376 OP_S_EXPECT_FIN(b)
2377 OP_S_BIND_STREAM_ID(c, C_BIDI_ID(2))
2378 OP_S_READ_EXPECT(c, "foo", 3)
2379 OP_S_EXPECT_FIN(c)
2380 OP_S_BIND_STREAM_ID(d, C_BIDI_ID(3))
2381 OP_S_READ_EXPECT(d, "foo", 3)
2382 OP_S_EXPECT_FIN(d)
2383 OP_S_BIND_STREAM_ID(e, C_BIDI_ID(4))
2384 OP_S_READ_EXPECT(e, "foo", 3)
2385 OP_S_EXPECT_FIN(e)
2386
2387 OP_END
2388 };
2389
2390 /* 13. Many threads accepted on the same client connection (stress test) */
2391 static const struct script_op script_13_child[] = {
2392 OP_BEGIN_REPEAT(10)
2393
2394 OP_C_ACCEPT_STREAM_WAIT(a)
2395 OP_C_READ_EXPECT(a, "foo", 3)
2396 OP_C_EXPECT_FIN(a)
2397 OP_C_FREE_STREAM(a)
2398
2399 OP_END_REPEAT()
2400
2401 OP_END
2402 };
2403
2404 static const struct script_op script_13[] = {
2405 OP_C_SET_ALPN("ossltest")
2406 OP_C_CONNECT_WAIT()
2407 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
2408
2409 OP_NEW_THREAD(5, script_13_child)
2410
2411 OP_BEGIN_REPEAT(50)
2412
2413 OP_S_NEW_STREAM_BIDI(a, ANY_ID)
2414 OP_S_WRITE(a, "foo", 3)
2415 OP_S_CONCLUDE(a)
2416 OP_S_UNBIND_STREAM_ID(a)
2417
2418 OP_END_REPEAT()
2419
2420 OP_END
2421 };
2422
2423 /* 14. Many threads initiating on the same client connection (stress test) */
2424 static const struct script_op script_14_child[] = {
2425 OP_BEGIN_REPEAT(10)
2426
2427 OP_C_NEW_STREAM_BIDI(a, ANY_ID)
2428 OP_C_WRITE(a, "foo", 3)
2429 OP_C_CONCLUDE(a)
2430 OP_C_FREE_STREAM(a)
2431
2432 OP_END_REPEAT()
2433
2434 OP_END
2435 };
2436
2437 static const struct script_op script_14[] = {
2438 OP_C_SET_ALPN("ossltest")
2439 OP_C_CONNECT_WAIT()
2440 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
2441
2442 OP_NEW_THREAD(5, script_14_child)
2443
2444 OP_BEGIN_REPEAT(50)
2445
2446 OP_S_ACCEPT_STREAM_WAIT(a)
2447 OP_S_READ_EXPECT(a, "foo", 3)
2448 OP_S_EXPECT_FIN(a)
2449 OP_S_UNBIND_STREAM_ID(a)
2450
2451 OP_END_REPEAT()
2452
2453 OP_END
2454 };
2455
2456 /* 15. Client sending large number of streams, MAX_STREAMS test */
2457 static const struct script_op script_15[] = {
2458 OP_C_SET_ALPN("ossltest")
2459 OP_C_CONNECT_WAIT()
2460 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
2461
2462 /*
2463 * This will cause a protocol violation to be raised by the server if we are
2464 * not handling the stream limit correctly on the TX side.
2465 */
2466 OP_BEGIN_REPEAT(200)
2467
2468 OP_C_NEW_STREAM_BIDI_EX(a, ANY_ID, SSL_STREAM_FLAG_ADVANCE)
2469 OP_C_WRITE(a, "foo", 3)
2470 OP_C_CONCLUDE(a)
2471 OP_C_FREE_STREAM(a)
2472
2473 OP_END_REPEAT()
2474
2475 /* Prove the connection is still good. */
2476 OP_S_NEW_STREAM_BIDI(a, S_BIDI_ID(0))
2477 OP_S_WRITE(a, "bar", 3)
2478 OP_S_CONCLUDE(a)
2479
2480 OP_C_ACCEPT_STREAM_WAIT(a)
2481 OP_C_READ_EXPECT(a, "bar", 3)
2482 OP_C_EXPECT_FIN(a)
2483
2484 /*
2485 * Drain the queue of incoming streams. We should be able to get all 200
2486 * even though only 100 can be initiated at a time.
2487 */
2488 OP_BEGIN_REPEAT(200)
2489
2490 OP_S_ACCEPT_STREAM_WAIT(b)
2491 OP_S_READ_EXPECT(b, "foo", 3)
2492 OP_S_EXPECT_FIN(b)
2493 OP_S_UNBIND_STREAM_ID(b)
2494
2495 OP_END_REPEAT()
2496
2497 OP_END
2498 };
2499
2500 /* 16. Server sending large number of streams, MAX_STREAMS test */
2501 static const struct script_op script_16[] = {
2502 OP_C_SET_ALPN("ossltest")
2503 OP_C_CONNECT_WAIT()
2504 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
2505
2506 /*
2507 * This will cause a protocol violation to be raised by the client if we are
2508 * not handling the stream limit correctly on the TX side.
2509 */
2510 OP_BEGIN_REPEAT(200)
2511
2512 OP_S_NEW_STREAM_BIDI(a, ANY_ID)
2513 OP_S_WRITE(a, "foo", 3)
2514 OP_S_CONCLUDE(a)
2515 OP_S_UNBIND_STREAM_ID(a)
2516
2517 OP_END_REPEAT()
2518
2519 /* Prove that the connection is still good. */
2520 OP_C_NEW_STREAM_BIDI(a, ANY_ID)
2521 OP_C_WRITE(a, "bar", 3)
2522 OP_C_CONCLUDE(a)
2523
2524 OP_S_ACCEPT_STREAM_WAIT(b)
2525 OP_S_READ_EXPECT(b, "bar", 3)
2526 OP_S_EXPECT_FIN(b)
2527
2528 /* Drain the queue of incoming streams. */
2529 OP_BEGIN_REPEAT(200)
2530
2531 OP_C_ACCEPT_STREAM_WAIT(b)
2532 OP_C_READ_EXPECT(b, "foo", 3)
2533 OP_C_EXPECT_FIN(b)
2534 OP_C_FREE_STREAM(b)
2535
2536 OP_END_REPEAT()
2537
2538 OP_END
2539 };
2540
2541 /* 17. Key update test - unlimited */
2542 static const struct script_op script_17[] = {
2543 OP_C_SET_ALPN("ossltest")
2544 OP_C_CONNECT_WAIT()
2545
2546 OP_C_WRITE(DEFAULT, "apple", 5)
2547
2548 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
2549 OP_S_READ_EXPECT(a, "apple", 5)
2550
2551 OP_CHECK(override_key_update, 1)
2552
2553 OP_BEGIN_REPEAT(200)
2554
2555 OP_C_WRITE(DEFAULT, "apple", 5)
2556 OP_S_READ_EXPECT(a, "apple", 5)
2557
2558 /*
2559 * TXKU frequency is bounded by RTT because a previous TXKU needs to be
2560 * acknowledged by the peer first before another one can be begin. By
2561 * waiting this long, we eliminate any such concern and ensure as many key
2562 * updates as possible can occur for the purposes of this test.
2563 */
2564 OP_CHECK(skip_time_ms, 100)
2565
2566 OP_END_REPEAT()
2567
2568 /* At least 5 RXKUs detected */
2569 OP_CHECK(check_key_update_ge, 5)
2570
2571 /*
2572 * Prove the connection is still healthy by sending something in both
2573 * directions.
2574 */
2575 OP_C_WRITE(DEFAULT, "xyzzy", 5)
2576 OP_S_READ_EXPECT(a, "xyzzy", 5)
2577
2578 OP_S_WRITE(a, "plugh", 5)
2579 OP_C_READ_EXPECT(DEFAULT, "plugh", 5)
2580
2581 OP_END
2582 };
2583
2584 /* 18. Key update test - RTT-bounded */
2585 static const struct script_op script_18[] = {
2586 OP_C_SET_ALPN("ossltest")
2587 OP_C_CONNECT_WAIT()
2588
2589 OP_C_WRITE(DEFAULT, "apple", 5)
2590
2591 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
2592 OP_S_READ_EXPECT(a, "apple", 5)
2593
2594 OP_CHECK(override_key_update, 1)
2595
2596 OP_BEGIN_REPEAT(200)
2597
2598 OP_C_WRITE(DEFAULT, "apple", 5)
2599 OP_S_READ_EXPECT(a, "apple", 5)
2600 OP_CHECK(skip_time_ms, 8)
2601
2602 OP_END_REPEAT()
2603
2604 /*
2605 * This time we simulate far less time passing between writes, so there are
2606 * fewer opportunities to initiate TXKUs. Note that we ask for a TXKU every
2607 * 1 packet above, which is absurd; thus this ensures we only actually
2608 * generate TXKUs when we are allowed to.
2609 */
2610 OP_CHECK(check_key_update_lt, 240)
2611
2612 /*
2613 * Prove the connection is still healthy by sending something in both
2614 * directions.
2615 */
2616 OP_C_WRITE(DEFAULT, "xyzzy", 5)
2617 OP_S_READ_EXPECT(a, "xyzzy", 5)
2618
2619 OP_S_WRITE(a, "plugh", 5)
2620 OP_C_READ_EXPECT(DEFAULT, "plugh", 5)
2621
2622 OP_END
2623 };
2624
2625 /* 19. Key update test - artificially triggered */
2626 static const struct script_op script_19[] = {
2627 OP_C_SET_ALPN("ossltest")
2628 OP_C_CONNECT_WAIT()
2629
2630 OP_C_WRITE(DEFAULT, "apple", 5)
2631
2632 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
2633 OP_S_READ_EXPECT(a, "apple", 5)
2634
2635 OP_C_WRITE(DEFAULT, "orange", 6)
2636 OP_S_READ_EXPECT(a, "orange", 6)
2637
2638 OP_S_WRITE(a, "strawberry", 10)
2639 OP_C_READ_EXPECT(DEFAULT, "strawberry", 10)
2640
2641 OP_CHECK(check_key_update_lt, 1)
2642 OP_CHECK(trigger_key_update, 0)
2643
2644 OP_C_WRITE(DEFAULT, "orange", 6)
2645 OP_S_READ_EXPECT(a, "orange", 6)
2646 OP_S_WRITE(a, "ok", 2)
2647
2648 OP_C_READ_EXPECT(DEFAULT, "ok", 2)
2649 OP_CHECK(check_key_update_ge, 1)
2650
2651 OP_END
2652 };
2653
2654 /* 20. Multiple threads accept stream with socket forcibly closed (error test) */
script_20_trigger(struct helper * h,volatile uint64_t * counter)2655 static int script_20_trigger(struct helper *h, volatile uint64_t *counter)
2656 {
2657 #if defined(OPENSSL_THREADS)
2658 ossl_crypto_mutex_lock(h->misc_m);
2659 ++*counter;
2660 ossl_crypto_condvar_broadcast(h->misc_cv);
2661 ossl_crypto_mutex_unlock(h->misc_m);
2662 #endif
2663 return 1;
2664 }
2665
script_20_wait(struct helper * h,volatile uint64_t * counter,uint64_t threshold)2666 static int script_20_wait(struct helper *h, volatile uint64_t *counter, uint64_t threshold)
2667 {
2668 #if defined(OPENSSL_THREADS)
2669 int stop = 0;
2670
2671 ossl_crypto_mutex_lock(h->misc_m);
2672 while (!stop) {
2673 stop = (*counter >= threshold);
2674 if (stop)
2675 break;
2676
2677 ossl_crypto_condvar_wait(h->misc_cv, h->misc_m);
2678 }
2679
2680 ossl_crypto_mutex_unlock(h->misc_m);
2681 #endif
2682 return 1;
2683 }
2684
script_20_trigger1(struct helper * h,struct helper_local * hl)2685 static int script_20_trigger1(struct helper *h, struct helper_local *hl)
2686 {
2687 return script_20_trigger(h, &h->scratch0);
2688 }
2689
script_20_wait1(struct helper * h,struct helper_local * hl)2690 static int script_20_wait1(struct helper *h, struct helper_local *hl)
2691 {
2692 return script_20_wait(h, &h->scratch0, hl->check_op->arg2);
2693 }
2694
script_20_trigger2(struct helper * h,struct helper_local * hl)2695 static int script_20_trigger2(struct helper *h, struct helper_local *hl)
2696 {
2697 return script_20_trigger(h, &h->scratch1);
2698 }
2699
script_20_wait2(struct helper * h,struct helper_local * hl)2700 static int script_20_wait2(struct helper *h, struct helper_local *hl)
2701 {
2702 return script_20_wait(h, &h->scratch1, hl->check_op->arg2);
2703 }
2704
2705 static const struct script_op script_20_child[] = {
2706 OP_C_ACCEPT_STREAM_WAIT(a)
2707 OP_C_READ_EXPECT(a, "foo", 3)
2708
2709 OP_CHECK(script_20_trigger1, 0)
2710 OP_CHECK(script_20_wait2, 1)
2711
2712 OP_C_READ_FAIL_WAIT(a)
2713 OP_C_EXPECT_SSL_ERR(a, SSL_ERROR_SYSCALL)
2714
2715 OP_EXPECT_ERR_LIB(ERR_LIB_SSL)
2716 OP_EXPECT_ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN)
2717
2718 OP_POP_ERR()
2719 OP_EXPECT_ERR_LIB(ERR_LIB_SSL)
2720 OP_EXPECT_ERR_REASON(SSL_R_QUIC_NETWORK_ERROR)
2721
2722 OP_C_FREE_STREAM(a)
2723
2724 OP_END
2725 };
2726
2727 static const struct script_op script_20[] = {
2728 OP_C_SET_ALPN("ossltest")
2729 OP_C_CONNECT_WAIT()
2730 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
2731
2732 OP_NEW_THREAD(5, script_20_child)
2733
2734 OP_BEGIN_REPEAT(5)
2735
2736 OP_S_NEW_STREAM_BIDI(a, ANY_ID)
2737 OP_S_WRITE(a, "foo", 3)
2738 OP_S_UNBIND_STREAM_ID(a)
2739
2740 OP_END_REPEAT()
2741
2742 OP_CHECK(script_20_wait1, 5)
2743
2744 OP_C_CLOSE_SOCKET()
2745 OP_CHECK(script_20_trigger2, 0)
2746
2747 OP_END
2748 };
2749
2750 /* 21. Fault injection - unknown frame in 1-RTT packet */
script_21_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)2751 static int script_21_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
2752 unsigned char *buf, size_t len)
2753 {
2754 int ok = 0;
2755 WPACKET wpkt;
2756 unsigned char frame_buf[21];
2757 size_t written;
2758
2759 if (h->inject_word0 == 0 || hdr->type != h->inject_word0)
2760 return 1;
2761
2762 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
2763 sizeof(frame_buf), 0)))
2764 return 0;
2765
2766 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word1)))
2767 goto err;
2768
2769 switch (h->inject_word1) {
2770 case OSSL_QUIC_FRAME_TYPE_PATH_CHALLENGE:
2771 case OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE:
2772 case OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID:
2773 /*
2774 * These cases to be formatted properly need a single uint64_t
2775 */
2776 if (!TEST_true(WPACKET_put_bytes_u64(&wpkt, (uint64_t)0)))
2777 goto err;
2778 break;
2779 case OSSL_QUIC_FRAME_TYPE_MAX_DATA:
2780 case OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_UNI:
2781 case OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_BIDI:
2782 case OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_BIDI:
2783 case OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_UNI:
2784 case OSSL_QUIC_FRAME_TYPE_DATA_BLOCKED:
2785 /*
2786 * These cases require a single vlint
2787 */
2788 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, (uint64_t)0)))
2789 goto err;
2790 break;
2791 case OSSL_QUIC_FRAME_TYPE_STOP_SENDING:
2792 case OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA:
2793 case OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED:
2794 /*
2795 * These cases require 2 variable integers
2796 */
2797 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, (uint64_t)0)))
2798 goto err;
2799 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, (uint64_t)0)))
2800 goto err;
2801 break;
2802 case OSSL_QUIC_FRAME_TYPE_STREAM:
2803 case OSSL_QUIC_FRAME_TYPE_RESET_STREAM:
2804 case OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_APP:
2805 /*
2806 * These cases require 3 variable integers
2807 */
2808 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, (uint64_t)0)))
2809 goto err;
2810 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, (uint64_t)0)))
2811 goto err;
2812 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, (uint64_t)0)))
2813 goto err;
2814 break;
2815 case OSSL_QUIC_FRAME_TYPE_NEW_TOKEN:
2816 /*
2817 * Special case for new token
2818 */
2819
2820 /* New token length, cannot be zero */
2821 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, (uint64_t)1)))
2822 goto err;
2823
2824 /* 1 bytes of token data, to match the above length */
2825 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, (uint8_t)0)))
2826 goto err;
2827 break;
2828 case OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID:
2829 /*
2830 * Special case for New Connection ids, has a combination
2831 * of vlints and fixed width values
2832 */
2833
2834 /* seq number */
2835 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, (uint64_t)0)))
2836 goto err;
2837
2838 /* retire prior to */
2839 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, (uint64_t)0)))
2840 goto err;
2841
2842 /* Connection id length, arbitrary at 1 bytes */
2843 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, (uint8_t)1)))
2844 goto err;
2845
2846 /* The connection id, to match the above length */
2847 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, (uint8_t)0)))
2848 goto err;
2849
2850 /* 16 bytes total for the SRT */
2851 if (!TEST_true(WPACKET_memset(&wpkt, 0, 16)))
2852 goto err;
2853
2854 break;
2855 }
2856
2857 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
2858 goto err;
2859
2860 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
2861 goto err;
2862
2863 ok = 1;
2864 err:
2865 if (ok)
2866 WPACKET_finish(&wpkt);
2867 else
2868 WPACKET_cleanup(&wpkt);
2869 return ok;
2870 }
2871
2872 static const struct script_op script_21[] = {
2873 OP_S_SET_INJECT_PLAIN(script_21_inject_plain)
2874 OP_C_SET_ALPN("ossltest")
2875 OP_C_CONNECT_WAIT()
2876
2877 OP_C_WRITE(DEFAULT, "apple", 5)
2878 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
2879 OP_S_READ_EXPECT(a, "apple", 5)
2880
2881 OP_SET_INJECT_WORD(QUIC_PKT_TYPE_1RTT, OSSL_QUIC_VLINT_MAX)
2882
2883 OP_S_WRITE(a, "orange", 6)
2884
2885 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR, 0, 0)
2886
2887 OP_END
2888 };
2889
2890 /* 22. Fault injection - non-zero packet header reserved bits */
script_22_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)2891 static int script_22_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
2892 unsigned char *buf, size_t len)
2893 {
2894 if (h->inject_word0 == 0)
2895 return 1;
2896
2897 hdr->reserved = 1;
2898 return 1;
2899 }
2900
2901 static const struct script_op script_22[] = {
2902 OP_S_SET_INJECT_PLAIN(script_22_inject_plain)
2903 OP_C_SET_ALPN("ossltest")
2904 OP_C_CONNECT_WAIT()
2905
2906 OP_C_WRITE(DEFAULT, "apple", 5)
2907 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
2908 OP_S_READ_EXPECT(a, "apple", 5)
2909
2910 OP_SET_INJECT_WORD(1, 0)
2911
2912 OP_S_WRITE(a, "orange", 6)
2913
2914 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_PROTOCOL_VIOLATION, 0, 0)
2915
2916 OP_END
2917 };
2918
2919 /* 23. Fault injection - empty NEW_TOKEN */
script_23_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)2920 static int script_23_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
2921 unsigned char *buf, size_t len)
2922 {
2923 int ok = 0;
2924 WPACKET wpkt;
2925 unsigned char frame_buf[16];
2926 size_t written;
2927
2928 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT)
2929 return 1;
2930
2931 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
2932 sizeof(frame_buf), 0)))
2933 return 0;
2934
2935 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_FRAME_TYPE_NEW_TOKEN))
2936 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, 0)))
2937 goto err;
2938
2939 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
2940 goto err;
2941
2942 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
2943 goto err;
2944
2945 ok = 1;
2946 err:
2947 if (ok)
2948 WPACKET_finish(&wpkt);
2949 else
2950 WPACKET_cleanup(&wpkt);
2951 return ok;
2952 }
2953
2954 static const struct script_op script_23[] = {
2955 OP_S_SET_INJECT_PLAIN(script_23_inject_plain)
2956 OP_C_SET_ALPN("ossltest")
2957 OP_C_CONNECT_WAIT()
2958
2959 OP_C_WRITE(DEFAULT, "apple", 5)
2960 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
2961 OP_S_READ_EXPECT(a, "apple", 5)
2962
2963 OP_SET_INJECT_WORD(1, 0)
2964
2965 OP_S_WRITE(a, "orange", 6)
2966
2967 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR, 0, 0)
2968
2969 OP_END
2970 };
2971
2972 /* 24. Fault injection - excess value of MAX_STREAMS_BIDI */
script_24_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)2973 static int script_24_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
2974 unsigned char *buf, size_t len)
2975 {
2976 int ok = 0;
2977 WPACKET wpkt;
2978 unsigned char frame_buf[16];
2979 size_t written;
2980
2981 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT)
2982 return 1;
2983
2984 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
2985 sizeof(frame_buf), 0)))
2986 return 0;
2987
2988 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word1))
2989 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, (((uint64_t)1) << 60) + 1)))
2990 goto err;
2991
2992 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
2993 goto err;
2994
2995 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
2996 goto err;
2997
2998 ok = 1;
2999 err:
3000 if (ok)
3001 WPACKET_finish(&wpkt);
3002 else
3003 WPACKET_cleanup(&wpkt);
3004 return ok;
3005 }
3006
3007 static const struct script_op script_24[] = {
3008 OP_S_SET_INJECT_PLAIN(script_24_inject_plain)
3009 OP_C_SET_ALPN("ossltest")
3010 OP_C_CONNECT_WAIT()
3011
3012 OP_C_WRITE(DEFAULT, "apple", 5)
3013 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
3014 OP_S_READ_EXPECT(a, "apple", 5)
3015
3016 OP_SET_INJECT_WORD(1, OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_BIDI)
3017
3018 OP_S_WRITE(a, "orange", 6)
3019
3020 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR, 0, 0)
3021
3022 OP_END
3023 };
3024
3025 /* 25. Fault injection - excess value of MAX_STREAMS_UNI */
3026 static const struct script_op script_25[] = {
3027 OP_S_SET_INJECT_PLAIN(script_24_inject_plain)
3028 OP_C_SET_ALPN("ossltest")
3029 OP_C_CONNECT_WAIT()
3030
3031 OP_C_WRITE(DEFAULT, "apple", 5)
3032 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
3033 OP_S_READ_EXPECT(a, "apple", 5)
3034
3035 OP_SET_INJECT_WORD(1, OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_UNI)
3036
3037 OP_S_WRITE(a, "orange", 6)
3038
3039 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR, 0, 0)
3040
3041 OP_END
3042 };
3043
3044 /* 26. Fault injection - excess value of STREAMS_BLOCKED_BIDI */
3045 static const struct script_op script_26[] = {
3046 OP_S_SET_INJECT_PLAIN(script_24_inject_plain)
3047 OP_C_SET_ALPN("ossltest")
3048 OP_C_CONNECT_WAIT()
3049
3050 OP_C_WRITE(DEFAULT, "apple", 5)
3051 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
3052 OP_S_READ_EXPECT(a, "apple", 5)
3053
3054 OP_SET_INJECT_WORD(1, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_BIDI)
3055
3056 OP_S_WRITE(a, "orange", 6)
3057
3058 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_LIMIT_ERROR, 0, 0)
3059
3060 OP_END
3061 };
3062
3063 /* 27. Fault injection - excess value of STREAMS_BLOCKED_UNI */
3064 static const struct script_op script_27[] = {
3065 OP_S_SET_INJECT_PLAIN(script_24_inject_plain)
3066 OP_C_SET_ALPN("ossltest")
3067 OP_C_CONNECT_WAIT()
3068
3069 OP_C_WRITE(DEFAULT, "apple", 5)
3070 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
3071 OP_S_READ_EXPECT(a, "apple", 5)
3072
3073 OP_SET_INJECT_WORD(1, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_UNI)
3074
3075 OP_S_WRITE(a, "orange", 6)
3076
3077 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_LIMIT_ERROR, 0, 0)
3078
3079 OP_END
3080 };
3081
3082 /* 28. Fault injection - received RESET_STREAM for send-only stream */
script_28_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)3083 static int script_28_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
3084 unsigned char *buf, size_t len)
3085 {
3086 int ok = 0;
3087 WPACKET wpkt;
3088 unsigned char frame_buf[32];
3089 size_t written;
3090
3091 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT)
3092 return 1;
3093
3094 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
3095 sizeof(frame_buf), 0)))
3096 return 0;
3097
3098 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word1))
3099 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, /* stream ID */
3100 h->inject_word0 - 1))
3101 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, 123))
3102 || (h->inject_word1 == OSSL_QUIC_FRAME_TYPE_RESET_STREAM
3103 && !TEST_true(WPACKET_quic_write_vlint(&wpkt, 5)))) /* final size */
3104 goto err;
3105
3106 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
3107 goto err;
3108
3109 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
3110 goto err;
3111
3112 ok = 1;
3113 err:
3114 if (ok)
3115 WPACKET_finish(&wpkt);
3116 else
3117 WPACKET_cleanup(&wpkt);
3118 return ok;
3119 }
3120
3121 static const struct script_op script_28[] = {
3122 OP_S_SET_INJECT_PLAIN(script_28_inject_plain)
3123 OP_C_SET_ALPN("ossltest")
3124 OP_C_CONNECT_WAIT()
3125 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3126
3127 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0))
3128 OP_C_WRITE(a, "orange", 6)
3129
3130 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
3131 OP_S_READ_EXPECT(a, "orange", 6)
3132
3133 OP_C_NEW_STREAM_UNI(b, C_UNI_ID(0))
3134 OP_C_WRITE(b, "apple", 5)
3135
3136 OP_S_BIND_STREAM_ID(b, C_UNI_ID(0))
3137 OP_S_READ_EXPECT(b, "apple", 5)
3138
3139 OP_SET_INJECT_WORD(C_UNI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_RESET_STREAM)
3140 OP_S_WRITE(a, "fruit", 5)
3141
3142 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR, 0, 0)
3143
3144 OP_END
3145 };
3146
3147 /* 29. Fault injection - received RESET_STREAM for nonexistent send-only stream */
3148 static const struct script_op script_29[] = {
3149 OP_S_SET_INJECT_PLAIN(script_28_inject_plain)
3150 OP_C_SET_ALPN("ossltest")
3151 OP_C_CONNECT_WAIT()
3152 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3153
3154 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0))
3155 OP_C_WRITE(a, "orange", 6)
3156
3157 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
3158 OP_S_READ_EXPECT(a, "orange", 6)
3159
3160 OP_C_NEW_STREAM_UNI(b, C_UNI_ID(0))
3161 OP_C_WRITE(b, "apple", 5)
3162
3163 OP_S_BIND_STREAM_ID(b, C_UNI_ID(0))
3164 OP_S_READ_EXPECT(b, "apple", 5)
3165
3166 OP_SET_INJECT_WORD(C_UNI_ID(1) + 1, OSSL_QUIC_FRAME_TYPE_RESET_STREAM)
3167 OP_S_WRITE(a, "fruit", 5)
3168
3169 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR, 0, 0)
3170
3171 OP_END
3172 };
3173
3174 /* 30. Fault injection - received STOP_SENDING for receive-only stream */
3175 static const struct script_op script_30[] = {
3176 OP_S_SET_INJECT_PLAIN(script_28_inject_plain)
3177 OP_C_SET_ALPN("ossltest")
3178 OP_C_CONNECT_WAIT()
3179 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3180
3181 OP_S_NEW_STREAM_UNI(a, S_UNI_ID(0))
3182 OP_S_WRITE(a, "apple", 5)
3183
3184 OP_C_ACCEPT_STREAM_WAIT(a)
3185 OP_C_READ_EXPECT(a, "apple", 5)
3186
3187 OP_SET_INJECT_WORD(S_UNI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_STOP_SENDING)
3188 OP_S_WRITE(a, "orange", 6)
3189
3190 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR, 0, 0)
3191
3192 OP_END
3193 };
3194
3195 /* 31. Fault injection - received STOP_SENDING for nonexistent receive-only stream */
3196 static const struct script_op script_31[] = {
3197 OP_S_SET_INJECT_PLAIN(script_28_inject_plain)
3198 OP_C_SET_ALPN("ossltest")
3199 OP_C_CONNECT_WAIT()
3200 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3201
3202 OP_S_NEW_STREAM_UNI(a, S_UNI_ID(0))
3203 OP_S_WRITE(a, "apple", 5)
3204
3205 OP_C_ACCEPT_STREAM_WAIT(a)
3206 OP_C_READ_EXPECT(a, "apple", 5)
3207
3208 OP_SET_INJECT_WORD(C_UNI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_STOP_SENDING)
3209 OP_S_WRITE(a, "orange", 6)
3210
3211 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR, 0, 0)
3212
3213 OP_END
3214 };
3215
3216 /* 32. Fault injection - STREAM frame for nonexistent stream */
script_32_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)3217 static int script_32_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
3218 unsigned char *buf, size_t len)
3219 {
3220 int ok = 0;
3221 WPACKET wpkt;
3222 unsigned char frame_buf[64];
3223 size_t written;
3224 uint64_t type = OSSL_QUIC_FRAME_TYPE_STREAM_OFF_LEN, offset, flen, i;
3225
3226 if (hdr->type != QUIC_PKT_TYPE_1RTT)
3227 return 1;
3228
3229 switch (h->inject_word1) {
3230 default:
3231 return 0;
3232 case 0:
3233 return 1;
3234 case 1:
3235 offset = 0;
3236 flen = 0;
3237 break;
3238 case 2:
3239 offset = (((uint64_t)1) << 62) - 1;
3240 flen = 5;
3241 break;
3242 case 3:
3243 offset = 1 * 1024 * 1024 * 1024; /* 1G */
3244 flen = 5;
3245 break;
3246 case 4:
3247 offset = 0;
3248 flen = 1;
3249 break;
3250 }
3251
3252 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
3253 sizeof(frame_buf), 0)))
3254 return 0;
3255
3256 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, type))
3257 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, /* stream ID */
3258 h->inject_word0 - 1))
3259 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, offset))
3260 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, flen)))
3261 goto err;
3262
3263 for (i = 0; i < flen; ++i)
3264 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x42)))
3265 goto err;
3266
3267 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
3268 goto err;
3269
3270 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
3271 goto err;
3272
3273 ok = 1;
3274 err:
3275 if (ok)
3276 WPACKET_finish(&wpkt);
3277 else
3278 WPACKET_cleanup(&wpkt);
3279 return ok;
3280 }
3281
3282 static const struct script_op script_32[] = {
3283 OP_S_SET_INJECT_PLAIN(script_32_inject_plain)
3284 OP_C_SET_ALPN("ossltest")
3285 OP_C_CONNECT_WAIT()
3286 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3287
3288 OP_S_NEW_STREAM_UNI(a, S_UNI_ID(0))
3289 OP_S_WRITE(a, "apple", 5)
3290
3291 OP_C_ACCEPT_STREAM_WAIT(a)
3292 OP_C_READ_EXPECT(a, "apple", 5)
3293
3294 OP_SET_INJECT_WORD(C_UNI_ID(0) + 1, 1)
3295 OP_S_WRITE(a, "orange", 6)
3296
3297 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR, 0, 0)
3298
3299 OP_END
3300 };
3301
3302 /* 33. Fault injection - STREAM frame with illegal offset */
3303 static const struct script_op script_33[] = {
3304 OP_S_SET_INJECT_PLAIN(script_32_inject_plain)
3305 OP_C_SET_ALPN("ossltest")
3306 OP_C_CONNECT_WAIT()
3307 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3308
3309 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0))
3310 OP_C_WRITE(a, "apple", 5)
3311
3312 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
3313 OP_S_READ_EXPECT(a, "apple", 5)
3314
3315 OP_SET_INJECT_WORD(C_BIDI_ID(0) + 1, 2)
3316 OP_S_WRITE(a, "orange", 6)
3317
3318 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR, 0, 0)
3319
3320 OP_END
3321 };
3322
3323 /* 34. Fault injection - STREAM frame which exceeds FC */
3324 static const struct script_op script_34[] = {
3325 OP_S_SET_INJECT_PLAIN(script_32_inject_plain)
3326 OP_C_SET_ALPN("ossltest")
3327 OP_C_CONNECT_WAIT()
3328 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3329
3330 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0))
3331 OP_C_WRITE(a, "apple", 5)
3332
3333 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
3334 OP_S_READ_EXPECT(a, "apple", 5)
3335
3336 OP_SET_INJECT_WORD(C_BIDI_ID(0) + 1, 3)
3337 OP_S_WRITE(a, "orange", 6)
3338
3339 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FLOW_CONTROL_ERROR, 0, 0)
3340
3341 OP_END
3342 };
3343
3344 /* 35. Fault injection - MAX_STREAM_DATA for receive-only stream */
3345 static const struct script_op script_35[] = {
3346 OP_S_SET_INJECT_PLAIN(script_28_inject_plain)
3347 OP_C_SET_ALPN("ossltest")
3348 OP_C_CONNECT_WAIT()
3349 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3350
3351 OP_S_NEW_STREAM_UNI(a, S_UNI_ID(0))
3352 OP_S_WRITE(a, "apple", 5)
3353
3354 OP_C_ACCEPT_STREAM_WAIT(a)
3355 OP_C_READ_EXPECT(a, "apple", 5)
3356
3357 OP_SET_INJECT_WORD(S_UNI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA)
3358 OP_S_WRITE(a, "orange", 6)
3359
3360 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR, 0, 0)
3361
3362 OP_END
3363 };
3364
3365 /* 36. Fault injection - MAX_STREAM_DATA for nonexistent stream */
3366 static const struct script_op script_36[] = {
3367 OP_S_SET_INJECT_PLAIN(script_28_inject_plain)
3368 OP_C_SET_ALPN("ossltest")
3369 OP_C_CONNECT_WAIT()
3370 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3371
3372 OP_S_NEW_STREAM_UNI(a, S_UNI_ID(0))
3373 OP_S_WRITE(a, "apple", 5)
3374
3375 OP_C_ACCEPT_STREAM_WAIT(a)
3376 OP_C_READ_EXPECT(a, "apple", 5)
3377
3378 OP_SET_INJECT_WORD(C_BIDI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA)
3379 OP_S_WRITE(a, "orange", 6)
3380
3381 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR, 0, 0)
3382
3383 OP_END
3384 };
3385
3386 /* 37. Fault injection - STREAM_DATA_BLOCKED for send-only stream */
3387 static const struct script_op script_37[] = {
3388 OP_S_SET_INJECT_PLAIN(script_28_inject_plain)
3389 OP_C_SET_ALPN("ossltest")
3390 OP_C_CONNECT_WAIT()
3391 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3392
3393 OP_C_NEW_STREAM_UNI(a, C_UNI_ID(0))
3394 OP_C_WRITE(a, "apple", 5)
3395
3396 OP_S_BIND_STREAM_ID(a, C_UNI_ID(0))
3397 OP_S_READ_EXPECT(a, "apple", 5)
3398
3399 OP_S_NEW_STREAM_UNI(b, S_UNI_ID(0))
3400 OP_SET_INJECT_WORD(C_UNI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED)
3401 OP_S_WRITE(b, "orange", 5)
3402
3403 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR, 0, 0)
3404
3405 OP_END
3406 };
3407
3408 /* 38. Fault injection - STREAM_DATA_BLOCKED for non-existent stream */
3409 static const struct script_op script_38[] = {
3410 OP_S_SET_INJECT_PLAIN(script_28_inject_plain)
3411 OP_C_SET_ALPN("ossltest")
3412 OP_C_CONNECT_WAIT()
3413 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3414
3415 OP_C_NEW_STREAM_UNI(a, C_UNI_ID(0))
3416 OP_C_WRITE(a, "apple", 5)
3417
3418 OP_S_BIND_STREAM_ID(a, C_UNI_ID(0))
3419 OP_S_READ_EXPECT(a, "apple", 5)
3420
3421 OP_SET_INJECT_WORD(C_BIDI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED)
3422
3423 OP_S_NEW_STREAM_UNI(b, S_UNI_ID(0))
3424 OP_S_WRITE(b, "orange", 5)
3425
3426 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR, 0, 0)
3427
3428 OP_END
3429 };
3430
3431 /* 39. Fault injection - NEW_CONN_ID with zero-len CID */
script_39_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)3432 static int script_39_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
3433 unsigned char *buf, size_t len)
3434 {
3435 int ok = 0;
3436 WPACKET wpkt;
3437 unsigned char frame_buf[64];
3438 size_t i, written;
3439 uint64_t seq_no = 0, retire_prior_to = 0;
3440 QUIC_CONN_ID new_cid = { 0 };
3441 QUIC_CHANNEL *ch = ossl_quic_tserver_get_channel(h->s_priv);
3442
3443 if (hdr->type != QUIC_PKT_TYPE_1RTT)
3444 return 1;
3445
3446 switch (h->inject_word1) {
3447 case 0:
3448 return 1;
3449 case 1:
3450 new_cid.id_len = 0;
3451 break;
3452 case 2:
3453 new_cid.id_len = 21;
3454 break;
3455 case 3:
3456 new_cid.id_len = 1;
3457 new_cid.id[0] = 0x55;
3458
3459 seq_no = 0;
3460 retire_prior_to = 1;
3461 break;
3462 case 4:
3463 /* Use our actual CID so we don't break connectivity. */
3464 ossl_quic_channel_get_diag_local_cid(ch, &new_cid);
3465
3466 seq_no = 2;
3467 retire_prior_to = 2;
3468 break;
3469 case 5:
3470 /*
3471 * Use a bogus CID which will need to be ignored if connectivity is to
3472 * be continued.
3473 */
3474 new_cid.id_len = 8;
3475 new_cid.id[0] = 0x55;
3476
3477 seq_no = 1;
3478 retire_prior_to = 1;
3479 break;
3480 }
3481
3482 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
3483 sizeof(frame_buf), 0)))
3484 return 0;
3485
3486 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID))
3487 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, seq_no)) /* seq no */
3488 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, retire_prior_to)) /* retire prior to */
3489 || !TEST_true(WPACKET_put_bytes_u8(&wpkt, new_cid.id_len))) /* len */
3490 goto err;
3491
3492 for (i = 0; i < new_cid.id_len && i < OSSL_NELEM(new_cid.id); ++i)
3493 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, new_cid.id[i])))
3494 goto err;
3495
3496 for (; i < new_cid.id_len; ++i)
3497 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x55)))
3498 goto err;
3499
3500 for (i = 0; i < QUIC_STATELESS_RESET_TOKEN_LEN; ++i)
3501 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x42)))
3502 goto err;
3503
3504 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
3505 goto err;
3506
3507 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
3508 goto err;
3509
3510 ok = 1;
3511 err:
3512 if (ok)
3513 WPACKET_finish(&wpkt);
3514 else
3515 WPACKET_cleanup(&wpkt);
3516 return ok;
3517 }
3518
3519 static const struct script_op script_39[] = {
3520 OP_S_SET_INJECT_PLAIN(script_39_inject_plain)
3521 OP_C_SET_ALPN("ossltest")
3522 OP_C_CONNECT_WAIT()
3523 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3524
3525 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0))
3526 OP_C_WRITE(a, "apple", 5)
3527 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
3528 OP_S_READ_EXPECT(a, "apple", 5)
3529
3530 OP_SET_INJECT_WORD(0, 1)
3531 OP_S_WRITE(a, "orange", 5)
3532
3533 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR, 0, 0)
3534
3535 OP_END
3536 };
3537
3538 /* 40. Shutdown flush test */
3539 static const unsigned char script_40_data[1024] = "strawberry";
3540
3541 static const struct script_op script_40[] = {
3542 OP_C_SET_ALPN("ossltest")
3543 OP_C_CONNECT_WAIT()
3544 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3545
3546 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0))
3547 OP_C_WRITE(a, "apple", 5)
3548
3549 OP_C_INHIBIT_TICK(1)
3550 OP_C_SET_WRITE_BUF_SIZE(a, 1024 * 100 * 3)
3551
3552 OP_BEGIN_REPEAT(100)
3553
3554 OP_C_WRITE(a, script_40_data, sizeof(script_40_data))
3555
3556 OP_END_REPEAT()
3557
3558 OP_C_CONCLUDE(a)
3559 OP_C_SHUTDOWN_WAIT(NULL, 0) /* disengages tick inhibition */
3560
3561 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
3562 OP_S_READ_EXPECT(a, "apple", 5)
3563
3564 OP_BEGIN_REPEAT(100)
3565
3566 OP_S_READ_EXPECT(a, script_40_data, sizeof(script_40_data))
3567
3568 OP_END_REPEAT()
3569
3570 OP_S_EXPECT_FIN(a)
3571
3572 OP_C_EXPECT_CONN_CLOSE_INFO(0, 1, 0)
3573 OP_S_EXPECT_CONN_CLOSE_INFO(0, 1, 1)
3574
3575 OP_END
3576 };
3577
3578 /* 41. Fault injection - PATH_CHALLENGE yields PATH_RESPONSE */
3579 static const uint64_t path_challenge = UINT64_C(0xbdeb9451169c83aa);
3580
script_41_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)3581 static int script_41_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
3582 unsigned char *buf, size_t len)
3583 {
3584 int ok = 0;
3585 WPACKET wpkt;
3586 unsigned char frame_buf[16];
3587 size_t written;
3588
3589 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT)
3590 return 1;
3591
3592 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
3593 sizeof(frame_buf), 0)))
3594 return 0;
3595
3596 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word1))
3597 || !TEST_true(WPACKET_put_bytes_u64(&wpkt, path_challenge)))
3598 goto err;
3599
3600 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written))
3601 || !TEST_size_t_eq(written, 9))
3602 goto err;
3603
3604 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
3605 goto err;
3606
3607 --h->inject_word0;
3608 ok = 1;
3609 err:
3610 if (ok)
3611 WPACKET_finish(&wpkt);
3612 else
3613 WPACKET_cleanup(&wpkt);
3614 return ok;
3615 }
3616
script_41_trace(int write_p,int version,int content_type,const void * buf,size_t len,SSL * ssl,void * arg)3617 static void script_41_trace(int write_p, int version, int content_type,
3618 const void *buf, size_t len, SSL *ssl, void *arg)
3619 {
3620 uint64_t frame_type, frame_data;
3621 int was_minimal;
3622 struct helper *h = arg;
3623 PACKET pkt;
3624
3625 if (version != OSSL_QUIC1_VERSION
3626 || content_type != SSL3_RT_QUIC_FRAME_FULL
3627 || len < 1)
3628 return;
3629
3630 if (!TEST_true(PACKET_buf_init(&pkt, buf, len))) {
3631 ++h->scratch1;
3632 return;
3633 }
3634
3635 if (!TEST_true(ossl_quic_wire_peek_frame_header(&pkt, &frame_type,
3636 &was_minimal))) {
3637 ++h->scratch1;
3638 return;
3639 }
3640
3641 if (frame_type != OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE)
3642 return;
3643
3644 if (!TEST_true(ossl_quic_wire_decode_frame_path_response(&pkt, &frame_data))
3645 || !TEST_uint64_t_eq(frame_data, path_challenge)) {
3646 ++h->scratch1;
3647 return;
3648 }
3649
3650 ++h->scratch0;
3651 }
3652
script_41_setup(struct helper * h,struct helper_local * hl)3653 static int script_41_setup(struct helper *h, struct helper_local *hl)
3654 {
3655 ossl_quic_tserver_set_msg_callback(ACQUIRE_S(), script_41_trace, h);
3656 return 1;
3657 }
3658
script_41_check(struct helper * h,struct helper_local * hl)3659 static int script_41_check(struct helper *h, struct helper_local *hl)
3660 {
3661 /* At least one valid challenge/response echo? */
3662 if (!TEST_uint64_t_gt(h->scratch0, 0))
3663 return 0;
3664
3665 /* No failed tests? */
3666 if (!TEST_uint64_t_eq(h->scratch1, 0))
3667 return 0;
3668
3669 return 1;
3670 }
3671
3672 static const struct script_op script_41[] = {
3673 OP_S_SET_INJECT_PLAIN(script_41_inject_plain)
3674 OP_C_SET_ALPN("ossltest")
3675 OP_C_CONNECT_WAIT()
3676 OP_CHECK(script_41_setup, 0)
3677
3678 OP_C_WRITE(DEFAULT, "apple", 5)
3679 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
3680 OP_S_READ_EXPECT(a, "apple", 5)
3681
3682 OP_SET_INJECT_WORD(1, OSSL_QUIC_FRAME_TYPE_PATH_CHALLENGE)
3683
3684 OP_S_WRITE(a, "orange", 6)
3685 OP_C_READ_EXPECT(DEFAULT, "orange", 6)
3686
3687 OP_C_WRITE(DEFAULT, "strawberry", 10)
3688 OP_S_READ_EXPECT(a, "strawberry", 10)
3689
3690 OP_CHECK(script_41_check, 0)
3691 OP_END
3692 };
3693
3694 /* 42. Fault injection - CRYPTO frame with illegal offset */
script_42_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)3695 static int script_42_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
3696 unsigned char *buf, size_t len)
3697 {
3698 int ok = 0;
3699 unsigned char frame_buf[64];
3700 size_t written;
3701 WPACKET wpkt;
3702
3703 if (h->inject_word0 == 0)
3704 return 1;
3705
3706 --h->inject_word0;
3707
3708 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
3709 sizeof(frame_buf), 0)))
3710 return 0;
3711
3712 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_FRAME_TYPE_CRYPTO))
3713 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word1))
3714 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, 1))
3715 || !TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x42)))
3716 goto err;
3717
3718 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
3719 goto err;
3720
3721 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
3722 goto err;
3723
3724 ok = 1;
3725 err:
3726 if (ok)
3727 WPACKET_finish(&wpkt);
3728 else
3729 WPACKET_cleanup(&wpkt);
3730 return ok;
3731 }
3732
3733 static const struct script_op script_42[] = {
3734 OP_S_SET_INJECT_PLAIN(script_42_inject_plain)
3735 OP_C_SET_ALPN("ossltest")
3736 OP_C_CONNECT_WAIT()
3737 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3738
3739 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0))
3740 OP_C_WRITE(a, "apple", 5)
3741
3742 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
3743 OP_S_READ_EXPECT(a, "apple", 5)
3744
3745 OP_SET_INJECT_WORD(1, (((uint64_t)1) << 62) - 1)
3746 OP_S_WRITE(a, "orange", 6)
3747
3748 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR, 0, 0)
3749
3750 OP_END
3751 };
3752
3753 /* 43. Fault injection - CRYPTO frame exceeding FC */
3754 static const struct script_op script_43[] = {
3755 OP_S_SET_INJECT_PLAIN(script_42_inject_plain)
3756 OP_C_SET_ALPN("ossltest")
3757 OP_C_CONNECT_WAIT()
3758 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3759
3760 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0))
3761 OP_C_WRITE(a, "apple", 5)
3762
3763 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
3764 OP_S_READ_EXPECT(a, "apple", 5)
3765
3766 OP_SET_INJECT_WORD(1, 0x100000 /* 1 MiB */)
3767 OP_S_WRITE(a, "orange", 6)
3768
3769 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_CRYPTO_BUFFER_EXCEEDED, 0, 0)
3770
3771 OP_END
3772 };
3773
3774 /* 44. Fault injection - PADDING */
script_44_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)3775 static int script_44_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
3776 unsigned char *buf, size_t len)
3777 {
3778 int ok = 0;
3779 WPACKET wpkt;
3780 unsigned char frame_buf[16];
3781 size_t written;
3782
3783 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT)
3784 return 1;
3785
3786 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
3787 sizeof(frame_buf), 0)))
3788 return 0;
3789
3790 if (!TEST_true(ossl_quic_wire_encode_padding(&wpkt, 1)))
3791 goto err;
3792
3793 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
3794 goto err;
3795
3796 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
3797 goto err;
3798
3799 ok = 1;
3800 err:
3801 if (ok)
3802 WPACKET_finish(&wpkt);
3803 else
3804 WPACKET_cleanup(&wpkt);
3805 return ok;
3806 }
3807
3808 static const struct script_op script_44[] = {
3809 OP_S_SET_INJECT_PLAIN(script_44_inject_plain)
3810 OP_C_SET_ALPN("ossltest")
3811 OP_C_CONNECT_WAIT()
3812
3813 OP_C_WRITE(DEFAULT, "apple", 5)
3814 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
3815 OP_S_READ_EXPECT(a, "apple", 5)
3816
3817 OP_SET_INJECT_WORD(1, 0)
3818
3819 OP_S_WRITE(a, "Strawberry", 10)
3820 OP_C_READ_EXPECT(DEFAULT, "Strawberry", 10)
3821
3822 OP_END
3823 };
3824
3825 /* 45. PING must generate ACK */
force_ping(struct helper * h,struct helper_local * hl)3826 static int force_ping(struct helper *h, struct helper_local *hl)
3827 {
3828 QUIC_CHANNEL *ch = ossl_quic_tserver_get_channel(ACQUIRE_S());
3829
3830 h->scratch0 = ossl_quic_channel_get_diag_num_rx_ack(ch);
3831
3832 if (!TEST_true(ossl_quic_tserver_ping(ACQUIRE_S())))
3833 return 0;
3834
3835 return 1;
3836 }
3837
wait_incoming_acks_increased(struct helper * h,struct helper_local * hl)3838 static int wait_incoming_acks_increased(struct helper *h, struct helper_local *hl)
3839 {
3840 QUIC_CHANNEL *ch = ossl_quic_tserver_get_channel(ACQUIRE_S());
3841 uint16_t count;
3842
3843 count = ossl_quic_channel_get_diag_num_rx_ack(ch);
3844
3845 if (count == h->scratch0) {
3846 h->check_spin_again = 1;
3847 return 0;
3848 }
3849
3850 return 1;
3851 }
3852
3853 static const struct script_op script_45[] = {
3854 OP_C_SET_ALPN("ossltest")
3855 OP_C_CONNECT_WAIT()
3856
3857 OP_C_WRITE(DEFAULT, "apple", 5)
3858 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
3859 OP_S_READ_EXPECT(a, "apple", 5)
3860
3861 OP_BEGIN_REPEAT(2)
3862
3863 OP_CHECK(force_ping, 0)
3864 OP_CHECK(wait_incoming_acks_increased, 0)
3865
3866 OP_END_REPEAT()
3867
3868 OP_S_WRITE(a, "Strawberry", 10)
3869 OP_C_READ_EXPECT(DEFAULT, "Strawberry", 10)
3870
3871 OP_END
3872 };
3873
3874 /* 46. Fault injection - ACK - malformed initial range */
script_46_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)3875 static int script_46_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
3876 unsigned char *buf, size_t len)
3877 {
3878 int ok = 0;
3879 WPACKET wpkt;
3880 unsigned char frame_buf[16];
3881 size_t written;
3882 uint64_t type = 0, largest_acked = 0, first_range = 0, range_count = 0;
3883 uint64_t agap = 0, alen = 0;
3884 uint64_t ect0 = 0, ect1 = 0, ecnce = 0;
3885
3886 if (h->inject_word0 == 0)
3887 return 1;
3888
3889 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
3890 sizeof(frame_buf), 0)))
3891 return 0;
3892
3893 type = OSSL_QUIC_FRAME_TYPE_ACK_WITHOUT_ECN;
3894
3895 switch (h->inject_word0) {
3896 case 1:
3897 largest_acked = 100;
3898 first_range = 101;
3899 range_count = 0;
3900 break;
3901 case 2:
3902 largest_acked = 100;
3903 first_range = 80;
3904 /* [20..100]; [0..18] */
3905 range_count = 1;
3906 agap = 0;
3907 alen = 19;
3908 break;
3909 case 3:
3910 largest_acked = 100;
3911 first_range = 80;
3912 range_count = 1;
3913 agap = 18;
3914 alen = 1;
3915 break;
3916 case 4:
3917 type = OSSL_QUIC_FRAME_TYPE_ACK_WITH_ECN;
3918 largest_acked = 100;
3919 first_range = 1;
3920 range_count = 0;
3921 break;
3922 case 5:
3923 type = OSSL_QUIC_FRAME_TYPE_ACK_WITH_ECN;
3924 largest_acked = 0;
3925 first_range = 0;
3926 range_count = 0;
3927 ect0 = 0;
3928 ect1 = 50;
3929 ecnce = 200;
3930 break;
3931 }
3932
3933 h->inject_word0 = 0;
3934
3935 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, type))
3936 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, largest_acked))
3937 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, /*ack_delay=*/0))
3938 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, /*ack_range_count=*/range_count))
3939 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, /*first_ack_range=*/first_range)))
3940 goto err;
3941
3942 if (range_count > 0)
3943 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, /*range[0].gap=*/agap))
3944 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, /*range[0].len=*/alen)))
3945 goto err;
3946
3947 if (type == OSSL_QUIC_FRAME_TYPE_ACK_WITH_ECN)
3948 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, ect0))
3949 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, ect1))
3950 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, ecnce)))
3951 goto err;
3952
3953 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
3954 goto err;
3955
3956 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
3957 goto err;
3958
3959 ok = 1;
3960 err:
3961 if (ok)
3962 WPACKET_finish(&wpkt);
3963 else
3964 WPACKET_cleanup(&wpkt);
3965 return ok;
3966 }
3967
3968 static const struct script_op script_46[] = {
3969 OP_S_SET_INJECT_PLAIN(script_46_inject_plain)
3970 OP_C_SET_ALPN("ossltest")
3971 OP_C_CONNECT_WAIT()
3972
3973 OP_C_WRITE(DEFAULT, "apple", 5)
3974 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
3975 OP_S_READ_EXPECT(a, "apple", 5)
3976
3977 OP_SET_INJECT_WORD(1, 0)
3978
3979 OP_S_WRITE(a, "Strawberry", 10)
3980
3981 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR, 0, 0)
3982
3983 OP_END
3984 };
3985
3986 /* 47. Fault injection - ACK - malformed subsequent range */
3987 static const struct script_op script_47[] = {
3988 OP_S_SET_INJECT_PLAIN(script_46_inject_plain)
3989 OP_C_SET_ALPN("ossltest")
3990 OP_C_CONNECT_WAIT()
3991
3992 OP_C_WRITE(DEFAULT, "apple", 5)
3993 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
3994 OP_S_READ_EXPECT(a, "apple", 5)
3995
3996 OP_SET_INJECT_WORD(2, 0)
3997
3998 OP_S_WRITE(a, "Strawberry", 10)
3999
4000 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR, 0, 0)
4001
4002 OP_END
4003 };
4004
4005 /* 48. Fault injection - ACK - malformed subsequent range */
4006 static const struct script_op script_48[] = {
4007 OP_S_SET_INJECT_PLAIN(script_46_inject_plain)
4008 OP_C_SET_ALPN("ossltest")
4009 OP_C_CONNECT_WAIT()
4010
4011 OP_C_WRITE(DEFAULT, "apple", 5)
4012 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
4013 OP_S_READ_EXPECT(a, "apple", 5)
4014
4015 OP_SET_INJECT_WORD(3, 0)
4016
4017 OP_S_WRITE(a, "Strawberry", 10)
4018
4019 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR, 0, 0)
4020
4021 OP_END
4022 };
4023
4024 /* 49. Fault injection - ACK - fictional PN */
4025 static const struct script_op script_49[] = {
4026 OP_S_SET_INJECT_PLAIN(script_46_inject_plain)
4027 OP_C_SET_ALPN("ossltest")
4028 OP_C_CONNECT_WAIT()
4029
4030 OP_C_WRITE(DEFAULT, "apple", 5)
4031 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
4032 OP_S_READ_EXPECT(a, "apple", 5)
4033
4034 OP_SET_INJECT_WORD(4, 0)
4035
4036 OP_S_WRITE(a, "Strawberry", 10)
4037 OP_C_READ_EXPECT(DEFAULT, "Strawberry", 10)
4038
4039 OP_END
4040 };
4041
4042 /* 50. Fault injection - ACK - duplicate PN */
4043 static const struct script_op script_50[] = {
4044 OP_S_SET_INJECT_PLAIN(script_46_inject_plain)
4045 OP_C_SET_ALPN("ossltest")
4046 OP_C_CONNECT_WAIT()
4047
4048 OP_C_WRITE(DEFAULT, "apple", 5)
4049 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
4050 OP_S_READ_EXPECT(a, "apple", 5)
4051
4052 OP_BEGIN_REPEAT(2)
4053
4054 OP_SET_INJECT_WORD(5, 0)
4055
4056 OP_S_WRITE(a, "Strawberry", 10)
4057 OP_C_READ_EXPECT(DEFAULT, "Strawberry", 10)
4058
4059 OP_END_REPEAT()
4060
4061 OP_END
4062 };
4063
4064 /* 51. Fault injection - PATH_RESPONSE is ignored */
4065 static const struct script_op script_51[] = {
4066 OP_S_SET_INJECT_PLAIN(script_41_inject_plain)
4067 OP_C_SET_ALPN("ossltest")
4068 OP_C_CONNECT_WAIT()
4069
4070 OP_C_WRITE(DEFAULT, "apple", 5)
4071 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
4072 OP_S_READ_EXPECT(a, "apple", 5)
4073
4074 OP_SET_INJECT_WORD(1, OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE)
4075
4076 OP_S_WRITE(a, "orange", 6)
4077 OP_C_READ_EXPECT(DEFAULT, "orange", 6)
4078
4079 OP_C_WRITE(DEFAULT, "Strawberry", 10)
4080 OP_S_READ_EXPECT(a, "Strawberry", 10)
4081
4082 OP_END
4083 };
4084
4085 /* 52. Fault injection - ignore BLOCKED frames with bogus values */
script_52_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)4086 static int script_52_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
4087 unsigned char *buf, size_t len)
4088 {
4089 int ok = 0;
4090 unsigned char frame_buf[64];
4091 size_t written;
4092 WPACKET wpkt;
4093 uint64_t type = h->inject_word1;
4094
4095 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT)
4096 return 1;
4097
4098 --h->inject_word0;
4099
4100 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
4101 sizeof(frame_buf), 0)))
4102 return 0;
4103
4104 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, type)))
4105 goto err;
4106
4107 if (type == OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED)
4108 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, C_BIDI_ID(0))))
4109 goto err;
4110
4111 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, 0xFFFFFF)))
4112 goto err;
4113
4114 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
4115 goto err;
4116
4117 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
4118 goto err;
4119
4120 ok = 1;
4121 err:
4122 if (ok)
4123 WPACKET_finish(&wpkt);
4124 else
4125 WPACKET_cleanup(&wpkt);
4126 return ok;
4127 }
4128
4129 static const struct script_op script_52[] = {
4130 OP_S_SET_INJECT_PLAIN(script_52_inject_plain)
4131 OP_C_SET_ALPN("ossltest")
4132 OP_C_CONNECT_WAIT()
4133
4134 OP_C_WRITE(DEFAULT, "apple", 5)
4135 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
4136 OP_S_READ_EXPECT(a, "apple", 5)
4137
4138 OP_SET_INJECT_WORD(1, OSSL_QUIC_FRAME_TYPE_DATA_BLOCKED)
4139
4140 OP_S_WRITE(a, "orange", 6)
4141 OP_C_READ_EXPECT(DEFAULT, "orange", 6)
4142
4143 OP_C_WRITE(DEFAULT, "Strawberry", 10)
4144 OP_S_READ_EXPECT(a, "Strawberry", 10)
4145
4146 OP_SET_INJECT_WORD(1, OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED)
4147
4148 OP_S_WRITE(a, "orange", 6)
4149 OP_C_READ_EXPECT(DEFAULT, "orange", 6)
4150
4151 OP_C_WRITE(DEFAULT, "Strawberry", 10)
4152 OP_S_READ_EXPECT(a, "Strawberry", 10)
4153
4154 OP_SET_INJECT_WORD(1, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_UNI)
4155
4156 OP_S_WRITE(a, "orange", 6)
4157 OP_C_READ_EXPECT(DEFAULT, "orange", 6)
4158
4159 OP_C_WRITE(DEFAULT, "Strawberry", 10)
4160 OP_S_READ_EXPECT(a, "Strawberry", 10)
4161
4162 OP_SET_INJECT_WORD(1, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_BIDI)
4163
4164 OP_S_WRITE(a, "orange", 6)
4165 OP_C_READ_EXPECT(DEFAULT, "orange", 6)
4166
4167 OP_C_WRITE(DEFAULT, "Strawberry", 10)
4168 OP_S_READ_EXPECT(a, "Strawberry", 10)
4169
4170 OP_END
4171 };
4172
4173 /* 53. Fault injection - excess CRYPTO buffer size */
script_53_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)4174 static int script_53_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
4175 unsigned char *buf, size_t len)
4176 {
4177 int ok = 0;
4178 size_t written;
4179 WPACKET wpkt;
4180 uint64_t offset = 0, data_len = 100;
4181 unsigned char *frame_buf = NULL;
4182 size_t frame_len, i;
4183
4184 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT)
4185 return 1;
4186
4187 h->inject_word0 = 0;
4188
4189 switch (h->inject_word1) {
4190 case 0:
4191 /*
4192 * Far out offset which will not have been reached during handshake.
4193 * This will not be delivered to the QUIC_TLS instance since it will be
4194 * waiting for in-order delivery of previous bytes. This tests our flow
4195 * control on CRYPTO stream buffering.
4196 */
4197 offset = 100000;
4198 data_len = 1;
4199 break;
4200 }
4201
4202 frame_len = 1 + 8 + 8 + (size_t)data_len;
4203 if (!TEST_ptr(frame_buf = OPENSSL_malloc(frame_len)))
4204 return 0;
4205
4206 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf, frame_len, 0)))
4207 goto err;
4208
4209 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_FRAME_TYPE_CRYPTO))
4210 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, offset))
4211 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, data_len)))
4212 goto err;
4213
4214 for (i = 0; i < data_len; ++i)
4215 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x42)))
4216 goto err;
4217
4218 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
4219 goto err;
4220
4221 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
4222 goto err;
4223
4224 ok = 1;
4225 err:
4226 if (ok)
4227 WPACKET_finish(&wpkt);
4228 else
4229 WPACKET_cleanup(&wpkt);
4230 OPENSSL_free(frame_buf);
4231 return ok;
4232 }
4233
4234 static const struct script_op script_53[] = {
4235 OP_S_SET_INJECT_PLAIN(script_53_inject_plain)
4236 OP_C_SET_ALPN("ossltest")
4237 OP_C_CONNECT_WAIT()
4238
4239 OP_C_WRITE(DEFAULT, "apple", 5)
4240 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
4241 OP_S_READ_EXPECT(a, "apple", 5)
4242
4243 OP_SET_INJECT_WORD(1, 0)
4244 OP_S_WRITE(a, "Strawberry", 10)
4245
4246 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_CRYPTO_BUFFER_EXCEEDED, 0, 0)
4247
4248 OP_END
4249 };
4250
4251 /* 54. Fault injection - corrupted crypto stream data */
script_54_inject_handshake(struct helper * h,unsigned char * buf,size_t buf_len)4252 static int script_54_inject_handshake(struct helper *h,
4253 unsigned char *buf, size_t buf_len)
4254 {
4255 size_t i;
4256
4257 for (i = 0; i < buf_len; ++i)
4258 buf[i] ^= 0xff;
4259
4260 return 1;
4261 }
4262
4263 static const struct script_op script_54[] = {
4264 OP_S_SET_INJECT_HANDSHAKE(script_54_inject_handshake)
4265 OP_C_SET_ALPN("ossltest")
4266 OP_C_CONNECT_WAIT_OR_FAIL()
4267
4268 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_CRYPTO_UNEXPECTED_MESSAGE, 0, 0)
4269
4270 OP_END
4271 };
4272
4273 /* 55. Fault injection - NEW_CONN_ID with >20 byte CID */
4274 static const struct script_op script_55[] = {
4275 OP_S_SET_INJECT_PLAIN(script_39_inject_plain)
4276 OP_C_SET_ALPN("ossltest")
4277 OP_C_CONNECT_WAIT()
4278 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4279
4280 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0))
4281 OP_C_WRITE(a, "apple", 5)
4282 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
4283 OP_S_READ_EXPECT(a, "apple", 5)
4284
4285 OP_SET_INJECT_WORD(0, 2)
4286 OP_S_WRITE(a, "orange", 5)
4287
4288 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR, 0, 0)
4289
4290 OP_END
4291 };
4292
4293 /* 56. Fault injection - NEW_CONN_ID with seq no < retire prior to */
4294 static const struct script_op script_56[] = {
4295 OP_S_SET_INJECT_PLAIN(script_39_inject_plain)
4296 OP_C_SET_ALPN("ossltest")
4297 OP_C_CONNECT_WAIT()
4298 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4299
4300 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0))
4301 OP_C_WRITE(a, "apple", 5)
4302 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
4303 OP_S_READ_EXPECT(a, "apple", 5)
4304
4305 OP_SET_INJECT_WORD(0, 3)
4306 OP_S_WRITE(a, "orange", 5)
4307
4308 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR, 0, 0)
4309
4310 OP_END
4311 };
4312
4313 /* 57. Fault injection - NEW_CONN_ID with lower seq so ignored */
4314 static const struct script_op script_57[] = {
4315 OP_S_SET_INJECT_PLAIN(script_39_inject_plain)
4316 OP_C_SET_ALPN("ossltest")
4317 OP_C_CONNECT_WAIT()
4318 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4319
4320 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0))
4321 OP_C_WRITE(a, "apple", 5)
4322 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
4323 OP_S_READ_EXPECT(a, "apple", 5)
4324
4325 OP_SET_INJECT_WORD(0, 4)
4326 OP_S_WRITE(a, "orange", 5)
4327 OP_C_READ_EXPECT(a, "orange", 5)
4328
4329 OP_C_WRITE(a, "Strawberry", 10)
4330 OP_S_READ_EXPECT(a, "Strawberry", 10)
4331
4332 /*
4333 * Now we send a NEW_CONN_ID with a bogus CID. However the sequence number
4334 * is old so it should be ignored and we should still be able to
4335 * communicate.
4336 */
4337 OP_SET_INJECT_WORD(0, 5)
4338 OP_S_WRITE(a, "raspberry", 9)
4339 OP_C_READ_EXPECT(a, "raspberry", 9)
4340
4341 OP_C_WRITE(a, "peach", 5)
4342 OP_S_READ_EXPECT(a, "peach", 5)
4343
4344 OP_END
4345 };
4346
4347 /* 58. Fault injection - repeated HANDSHAKE_DONE */
script_58_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)4348 static int script_58_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
4349 unsigned char *buf, size_t len)
4350 {
4351 int ok = 0;
4352 unsigned char frame_buf[64];
4353 size_t written;
4354 WPACKET wpkt;
4355
4356 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT)
4357 return 1;
4358
4359 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
4360 sizeof(frame_buf), 0)))
4361 return 0;
4362
4363 if (h->inject_word0 == 1) {
4364 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_FRAME_TYPE_HANDSHAKE_DONE)))
4365 goto err;
4366 } else {
4367 /* Needless multi-byte encoding */
4368 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x40))
4369 || !TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x1E)))
4370 goto err;
4371 }
4372
4373 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
4374 goto err;
4375
4376 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
4377 goto err;
4378
4379 ok = 1;
4380 err:
4381 if (ok)
4382 WPACKET_finish(&wpkt);
4383 else
4384 WPACKET_cleanup(&wpkt);
4385 return ok;
4386 }
4387
4388 static const struct script_op script_58[] = {
4389 OP_S_SET_INJECT_PLAIN(script_58_inject_plain)
4390 OP_C_SET_ALPN("ossltest")
4391 OP_C_CONNECT_WAIT()
4392
4393 OP_C_WRITE(DEFAULT, "apple", 5)
4394 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
4395 OP_S_READ_EXPECT(a, "apple", 5)
4396
4397 OP_SET_INJECT_WORD(1, 0)
4398
4399 OP_S_WRITE(a, "orange", 6)
4400 OP_C_READ_EXPECT(DEFAULT, "orange", 6)
4401
4402 OP_C_WRITE(DEFAULT, "Strawberry", 10)
4403 OP_S_READ_EXPECT(a, "Strawberry", 10)
4404
4405 OP_END
4406 };
4407
4408 /* 59. Fault injection - multi-byte frame encoding */
4409 static const struct script_op script_59[] = {
4410 OP_S_SET_INJECT_PLAIN(script_58_inject_plain)
4411 OP_C_SET_ALPN("ossltest")
4412 OP_C_CONNECT_WAIT()
4413
4414 OP_C_WRITE(DEFAULT, "apple", 5)
4415 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
4416 OP_S_READ_EXPECT(a, "apple", 5)
4417
4418 OP_SET_INJECT_WORD(2, 0)
4419
4420 OP_S_WRITE(a, "orange", 6)
4421
4422 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_PROTOCOL_VIOLATION, 0, 0)
4423
4424 OP_END
4425 };
4426
4427 /* 60. Connection close reason truncation */
4428 static char long_reason[2048];
4429
init_reason(struct helper * h,struct helper_local * hl)4430 static int init_reason(struct helper *h, struct helper_local *hl)
4431 {
4432 memset(long_reason, '~', sizeof(long_reason));
4433 memcpy(long_reason, "This is a long reason string.", 29);
4434 long_reason[OSSL_NELEM(long_reason) - 1] = '\0';
4435 return 1;
4436 }
4437
check_shutdown_reason(struct helper * h,struct helper_local * hl)4438 static int check_shutdown_reason(struct helper *h, struct helper_local *hl)
4439 {
4440 const QUIC_TERMINATE_CAUSE *tc = ossl_quic_tserver_get_terminate_cause(ACQUIRE_S());
4441
4442 if (tc == NULL) {
4443 h->check_spin_again = 1;
4444 return 0;
4445 }
4446
4447 if (!TEST_size_t_ge(tc->reason_len, 50)
4448 || !TEST_mem_eq(long_reason, tc->reason_len,
4449 tc->reason, tc->reason_len))
4450 return 0;
4451
4452 return 1;
4453 }
4454
4455 static const struct script_op script_60[] = {
4456 OP_C_SET_ALPN("ossltest")
4457 OP_C_CONNECT_WAIT()
4458
4459 OP_C_WRITE(DEFAULT, "apple", 5)
4460 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
4461 OP_S_READ_EXPECT(a, "apple", 5)
4462
4463 OP_CHECK(init_reason, 0)
4464 OP_C_SHUTDOWN_WAIT(long_reason, 0)
4465 OP_CHECK(check_shutdown_reason, 0)
4466
4467 OP_END
4468 };
4469
4470 /* 61. Fault injection - RESET_STREAM exceeding stream count FC */
script_61_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)4471 static int script_61_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
4472 unsigned char *buf, size_t len)
4473 {
4474 int ok = 0;
4475 WPACKET wpkt;
4476 unsigned char frame_buf[32];
4477 size_t written;
4478
4479 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT)
4480 return 1;
4481
4482 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
4483 sizeof(frame_buf), 0)))
4484 return 0;
4485
4486 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word0))
4487 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, /* stream ID */
4488 h->inject_word1))
4489 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, 123))
4490 || (h->inject_word0 == OSSL_QUIC_FRAME_TYPE_RESET_STREAM
4491 && !TEST_true(WPACKET_quic_write_vlint(&wpkt, 0)))) /* final size */
4492 goto err;
4493
4494 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
4495 goto err;
4496
4497 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
4498 goto err;
4499
4500 ok = 1;
4501 err:
4502 if (ok)
4503 WPACKET_finish(&wpkt);
4504 else
4505 WPACKET_cleanup(&wpkt);
4506 return ok;
4507 }
4508
4509 static const struct script_op script_61[] = {
4510 OP_S_SET_INJECT_PLAIN(script_61_inject_plain)
4511 OP_C_SET_ALPN("ossltest")
4512 OP_C_CONNECT_WAIT()
4513 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4514
4515 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0))
4516 OP_C_WRITE(a, "orange", 6)
4517
4518 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
4519 OP_S_READ_EXPECT(a, "orange", 6)
4520
4521 OP_SET_INJECT_WORD(OSSL_QUIC_FRAME_TYPE_RESET_STREAM,
4522 S_BIDI_ID(OSSL_QUIC_VLINT_MAX / 4))
4523 OP_S_WRITE(a, "fruit", 5)
4524
4525 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_LIMIT_ERROR, 0, 0)
4526
4527 OP_END
4528 };
4529
4530 /* 62. Fault injection - STOP_SENDING with high ID */
4531 static const struct script_op script_62[] = {
4532 OP_S_SET_INJECT_PLAIN(script_61_inject_plain)
4533 OP_C_SET_ALPN("ossltest")
4534 OP_C_CONNECT_WAIT()
4535 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4536
4537 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0))
4538 OP_C_WRITE(a, "orange", 6)
4539
4540 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
4541 OP_S_READ_EXPECT(a, "orange", 6)
4542
4543 OP_SET_INJECT_WORD(OSSL_QUIC_FRAME_TYPE_STOP_SENDING,
4544 C_BIDI_ID(OSSL_QUIC_VLINT_MAX / 4))
4545 OP_S_WRITE(a, "fruit", 5)
4546
4547 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR, 0, 0)
4548
4549 OP_END
4550 };
4551
4552 /* 63. Fault injection - STREAM frame exceeding stream limit */
4553 static const struct script_op script_63[] = {
4554 OP_S_SET_INJECT_PLAIN(script_32_inject_plain)
4555 OP_C_SET_ALPN("ossltest")
4556 OP_C_CONNECT_WAIT()
4557 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4558
4559 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0))
4560 OP_C_WRITE(a, "apple", 5)
4561
4562 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
4563 OP_S_READ_EXPECT(a, "apple", 5)
4564
4565 OP_SET_INJECT_WORD(S_BIDI_ID(5000) + 1, 4)
4566 OP_S_WRITE(a, "orange", 6)
4567
4568 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_LIMIT_ERROR, 0, 0)
4569
4570 OP_END
4571 };
4572
4573 /* 64. Fault injection - STREAM - zero-length no-FIN is accepted */
4574 static const struct script_op script_64[] = {
4575 OP_S_SET_INJECT_PLAIN(script_32_inject_plain)
4576 OP_C_SET_ALPN("ossltest")
4577 OP_C_CONNECT_WAIT()
4578 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4579
4580 OP_S_NEW_STREAM_UNI(a, S_UNI_ID(0))
4581 OP_S_WRITE(a, "apple", 5)
4582
4583 OP_C_ACCEPT_STREAM_WAIT(a)
4584 OP_C_READ_EXPECT(a, "apple", 5)
4585
4586 OP_SET_INJECT_WORD(S_BIDI_ID(20) + 1, 1)
4587 OP_S_WRITE(a, "orange", 6)
4588 OP_C_READ_EXPECT(a, "orange", 6)
4589
4590 OP_END
4591 };
4592
4593 /* 65. Fault injection - CRYPTO - zero-length is accepted */
script_65_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)4594 static int script_65_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
4595 unsigned char *buf, size_t len)
4596 {
4597 int ok = 0;
4598 unsigned char frame_buf[64];
4599 size_t written;
4600 WPACKET wpkt;
4601
4602 if (h->inject_word0 == 0)
4603 return 1;
4604
4605 --h->inject_word0;
4606
4607 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
4608 sizeof(frame_buf), 0)))
4609 return 0;
4610
4611 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_FRAME_TYPE_CRYPTO))
4612 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, 0))
4613 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, 0)))
4614 goto err;
4615
4616 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
4617 goto err;
4618
4619 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
4620 goto err;
4621
4622 ok = 1;
4623 err:
4624 if (ok)
4625 WPACKET_finish(&wpkt);
4626 else
4627 WPACKET_cleanup(&wpkt);
4628 return ok;
4629 }
4630
4631 static const struct script_op script_65[] = {
4632 OP_S_SET_INJECT_PLAIN(script_65_inject_plain)
4633 OP_C_SET_ALPN("ossltest")
4634 OP_C_CONNECT_WAIT()
4635 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4636
4637 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0))
4638 OP_C_WRITE(a, "apple", 5)
4639
4640 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
4641 OP_S_READ_EXPECT(a, "apple", 5)
4642
4643 OP_SET_INJECT_WORD(1, 0)
4644 OP_S_WRITE(a, "orange", 6)
4645 OP_C_READ_EXPECT(a, "orange", 6)
4646
4647 OP_END
4648 };
4649
4650 /* 66. Fault injection - large MAX_STREAM_DATA */
script_66_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)4651 static int script_66_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
4652 unsigned char *buf, size_t len)
4653 {
4654 int ok = 0;
4655 WPACKET wpkt;
4656 unsigned char frame_buf[64];
4657 size_t written;
4658
4659 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT)
4660 return 1;
4661
4662 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
4663 sizeof(frame_buf), 0)))
4664 return 0;
4665
4666 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word1)))
4667 goto err;
4668
4669 if (h->inject_word1 == OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA)
4670 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, /* stream ID */
4671 h->inject_word0 - 1)))
4672 goto err;
4673
4674 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_VLINT_MAX)))
4675 goto err;
4676
4677 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
4678 goto err;
4679
4680 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
4681 goto err;
4682
4683 ok = 1;
4684 err:
4685 if (ok)
4686 WPACKET_finish(&wpkt);
4687 else
4688 WPACKET_cleanup(&wpkt);
4689 return ok;
4690 }
4691
4692 static const struct script_op script_66[] = {
4693 OP_S_SET_INJECT_PLAIN(script_66_inject_plain)
4694 OP_C_SET_ALPN("ossltest")
4695 OP_C_CONNECT_WAIT()
4696 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4697
4698 OP_S_NEW_STREAM_BIDI(a, S_BIDI_ID(0))
4699 OP_S_WRITE(a, "apple", 5)
4700
4701 OP_C_ACCEPT_STREAM_WAIT(a)
4702 OP_C_READ_EXPECT(a, "apple", 5)
4703
4704 OP_SET_INJECT_WORD(S_BIDI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA)
4705 OP_S_WRITE(a, "orange", 6)
4706 OP_C_READ_EXPECT(a, "orange", 6)
4707 OP_C_WRITE(a, "Strawberry", 10)
4708 OP_S_READ_EXPECT(a, "Strawberry", 10)
4709
4710 OP_END
4711 };
4712
4713 /* 67. Fault injection - large MAX_DATA */
4714 static const struct script_op script_67[] = {
4715 OP_S_SET_INJECT_PLAIN(script_66_inject_plain)
4716 OP_C_SET_ALPN("ossltest")
4717 OP_C_CONNECT_WAIT()
4718 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4719
4720 OP_S_NEW_STREAM_BIDI(a, S_BIDI_ID(0))
4721 OP_S_WRITE(a, "apple", 5)
4722
4723 OP_C_ACCEPT_STREAM_WAIT(a)
4724 OP_C_READ_EXPECT(a, "apple", 5)
4725
4726 OP_SET_INJECT_WORD(1, OSSL_QUIC_FRAME_TYPE_MAX_DATA)
4727 OP_S_WRITE(a, "orange", 6)
4728 OP_C_READ_EXPECT(a, "orange", 6)
4729 OP_C_WRITE(a, "Strawberry", 10)
4730 OP_S_READ_EXPECT(a, "Strawberry", 10)
4731
4732 OP_END
4733 };
4734
4735 /* 68. Fault injection - Unexpected TLS messages */
script_68_inject_handshake(struct helper * h,unsigned char * msg,size_t msglen)4736 static int script_68_inject_handshake(struct helper *h, unsigned char *msg,
4737 size_t msglen)
4738 {
4739 const unsigned char *data;
4740 size_t datalen;
4741 const unsigned char certreq[] = {
4742 SSL3_MT_CERTIFICATE_REQUEST, /* CertificateRequest message */
4743 0, 0, 12, /* Length of message */
4744 1, 1, /* certificate_request_context */
4745 0, 8, /* Extensions block length */
4746 0, TLSEXT_TYPE_signature_algorithms, /* sig_algs extension*/
4747 0, 4, /* 4 bytes of sig algs extension*/
4748 0, 2, /* sigalgs list is 2 bytes long */
4749 8, 4 /* rsa_pss_rsae_sha256 */
4750 };
4751 const unsigned char keyupdate[] = {
4752 SSL3_MT_KEY_UPDATE, /* KeyUpdate message */
4753 0, 0, 1, /* Length of message */
4754 SSL_KEY_UPDATE_NOT_REQUESTED /* update_not_requested */
4755 };
4756
4757 /* We transform the NewSessionTicket message into something else */
4758 switch (h->inject_word0) {
4759 case 0:
4760 return 1;
4761
4762 case 1:
4763 /* CertificateRequest message */
4764 data = certreq;
4765 datalen = sizeof(certreq);
4766 break;
4767
4768 case 2:
4769 /* KeyUpdate message */
4770 data = keyupdate;
4771 datalen = sizeof(keyupdate);
4772 break;
4773
4774 default:
4775 return 0;
4776 }
4777
4778 if (!TEST_true(qtest_fault_resize_message(h->qtf,
4779 datalen - SSL3_HM_HEADER_LENGTH)))
4780 return 0;
4781
4782 memcpy(msg, data, datalen);
4783
4784 return 1;
4785 }
4786
4787 /* Send a CerticateRequest message post-handshake */
4788 static const struct script_op script_68[] = {
4789 OP_S_SET_INJECT_HANDSHAKE(script_68_inject_handshake)
4790 OP_C_SET_ALPN("ossltest")
4791 OP_C_CONNECT_WAIT()
4792 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4793
4794 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0))
4795 OP_C_WRITE(a, "apple", 5)
4796 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
4797 OP_S_READ_EXPECT(a, "apple", 5)
4798
4799 OP_SET_INJECT_WORD(1, 0)
4800 OP_S_NEW_TICKET()
4801 OP_S_WRITE(a, "orange", 6)
4802
4803 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_PROTOCOL_VIOLATION, 0, 0)
4804
4805 OP_END
4806 };
4807
4808 /* 69. Send a TLS KeyUpdate message post-handshake */
4809 static const struct script_op script_69[] = {
4810 OP_S_SET_INJECT_HANDSHAKE(script_68_inject_handshake)
4811 OP_C_SET_ALPN("ossltest")
4812 OP_C_CONNECT_WAIT()
4813 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4814
4815 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0))
4816 OP_C_WRITE(a, "apple", 5)
4817 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
4818 OP_S_READ_EXPECT(a, "apple", 5)
4819
4820 OP_SET_INJECT_WORD(2, 0)
4821 OP_S_NEW_TICKET()
4822 OP_S_WRITE(a, "orange", 6)
4823
4824 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_CRYPTO_ERR_BEGIN
4825 + SSL_AD_UNEXPECTED_MESSAGE,
4826 0, 0)
4827
4828 OP_END
4829 };
4830
set_max_early_data(struct helper * h,struct helper_local * hl)4831 static int set_max_early_data(struct helper *h, struct helper_local *hl)
4832 {
4833
4834 if (!TEST_true(ossl_quic_tserver_set_max_early_data(ACQUIRE_S(),
4835 (uint32_t)hl->check_op->arg2)))
4836 return 0;
4837
4838 return 1;
4839 }
4840
4841 /* 70. Send a TLS NewSessionTicket message with invalid max_early_data */
4842 static const struct script_op script_70[] = {
4843 OP_C_SET_ALPN("ossltest")
4844 OP_C_CONNECT_WAIT()
4845 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4846
4847 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0))
4848 OP_C_WRITE(a, "apple", 5)
4849 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
4850 OP_S_READ_EXPECT(a, "apple", 5)
4851
4852 OP_CHECK(set_max_early_data, 0xfffffffe)
4853 OP_S_NEW_TICKET()
4854 OP_S_WRITE(a, "orange", 6)
4855
4856 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_PROTOCOL_VIOLATION, 0, 0)
4857
4858 OP_END
4859 };
4860
4861 /* 71. Send a TLS NewSessionTicket message with valid max_early_data */
4862 static const struct script_op script_71[] = {
4863 OP_C_SET_ALPN("ossltest")
4864 OP_C_CONNECT_WAIT()
4865 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4866
4867 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0))
4868 OP_C_WRITE(a, "apple", 5)
4869 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
4870 OP_S_READ_EXPECT(a, "apple", 5)
4871
4872 OP_CHECK(set_max_early_data, 0xffffffff)
4873 OP_S_NEW_TICKET()
4874 OP_S_WRITE(a, "orange", 6)
4875 OP_C_READ_EXPECT(a, "orange", 6)
4876
4877 OP_END
4878 };
4879
4880 /* 72. Test that APL stops handing out streams after limit reached (bidi) */
script_72_check(struct helper * h,struct helper_local * hl)4881 static int script_72_check(struct helper *h, struct helper_local *hl)
4882 {
4883 if (!TEST_uint64_t_ge(h->fail_count, 50))
4884 return 0;
4885
4886 return 1;
4887 }
4888
4889 static const struct script_op script_72[] = {
4890 OP_C_SET_ALPN("ossltest")
4891 OP_C_CONNECT_WAIT()
4892 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4893
4894 /*
4895 * Request more streams than a server will initially hand out and test that
4896 * they fail properly.
4897 */
4898 OP_BEGIN_REPEAT(200)
4899
4900 OP_C_NEW_STREAM_BIDI_EX(a, ANY_ID, ALLOW_FAIL | SSL_STREAM_FLAG_NO_BLOCK)
4901 OP_C_SKIP_IF_UNBOUND(a, 2)
4902 OP_C_WRITE(a, "apple", 5)
4903 OP_C_FREE_STREAM(a)
4904
4905 OP_END_REPEAT()
4906
4907 OP_CHECK(script_72_check, 0)
4908
4909 OP_END
4910 };
4911
4912 /* 73. Test that APL stops handing out streams after limit reached (uni) */
4913 static const struct script_op script_73[] = {
4914 OP_C_SET_ALPN("ossltest")
4915 OP_C_CONNECT_WAIT()
4916 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4917
4918 /*
4919 * Request more streams than a server will initially hand out and test that
4920 * they fail properly.
4921 */
4922 OP_BEGIN_REPEAT(200)
4923
4924 OP_C_NEW_STREAM_UNI_EX(a, ANY_ID, ALLOW_FAIL | SSL_STREAM_FLAG_NO_BLOCK)
4925 OP_C_SKIP_IF_UNBOUND(a, 2)
4926 OP_C_WRITE(a, "apple", 5)
4927 OP_C_FREE_STREAM(a)
4928
4929 OP_END_REPEAT()
4930
4931 OP_CHECK(script_72_check, 0)
4932
4933 OP_END
4934 };
4935
4936 /* 74. Version negotiation: QUIC_VERSION_1 ignored */
generate_version_neg(WPACKET * wpkt,uint32_t version)4937 static int generate_version_neg(WPACKET *wpkt, uint32_t version)
4938 {
4939 QUIC_PKT_HDR hdr = { 0 };
4940
4941 hdr.type = QUIC_PKT_TYPE_VERSION_NEG;
4942 hdr.version = 0;
4943 hdr.fixed = 1;
4944 hdr.dst_conn_id.id_len = 0;
4945 hdr.src_conn_id.id_len = 8;
4946 memset(hdr.src_conn_id.id, 0x55, 8);
4947
4948 if (!TEST_true(ossl_quic_wire_encode_pkt_hdr(wpkt, 0, &hdr, NULL)))
4949 return 0;
4950
4951 if (!TEST_true(WPACKET_put_bytes_u32(wpkt, version)))
4952 return 0;
4953
4954 return 1;
4955 }
4956
server_gen_version_neg(struct helper * h,BIO_MSG * msg,size_t stride)4957 static int server_gen_version_neg(struct helper *h, BIO_MSG *msg, size_t stride)
4958 {
4959 int rc = 0, have_wpkt = 0;
4960 size_t l;
4961 WPACKET wpkt;
4962 BUF_MEM *buf = NULL;
4963 uint32_t version;
4964
4965 switch (h->inject_word0) {
4966 case 0:
4967 return 1;
4968 case 1:
4969 version = QUIC_VERSION_1;
4970 break;
4971 default:
4972 version = 0x5432abcd;
4973 break;
4974 }
4975
4976 if (!TEST_ptr(buf = BUF_MEM_new()))
4977 goto err;
4978
4979 if (!TEST_true(WPACKET_init(&wpkt, buf)))
4980 goto err;
4981
4982 have_wpkt = 1;
4983
4984 generate_version_neg(&wpkt, version);
4985
4986 if (!TEST_true(WPACKET_get_total_written(&wpkt, &l)))
4987 goto err;
4988
4989 if (!TEST_true(qtest_fault_resize_datagram(h->qtf, l)))
4990 return 0;
4991
4992 memcpy(msg->data, buf->data, l);
4993 h->inject_word0 = 0;
4994
4995 rc = 1;
4996 err:
4997 if (have_wpkt)
4998 WPACKET_finish(&wpkt);
4999
5000 BUF_MEM_free(buf);
5001 return rc;
5002 }
5003
5004 static int do_mutation = 0;
5005 static QUIC_PKT_HDR *hdr_to_free = NULL;
5006
5007 /*
5008 * Check packets to transmit, if we have an initial packet
5009 * Modify the version number to something incorrect
5010 * so that we trigger a version negotiation
5011 * Note, this is a use once function, it will only modify the
5012 * first INITIAL packet it sees, after which it needs to be
5013 * armed again
5014 */
script_74_alter_version(const QUIC_PKT_HDR * hdrin,const OSSL_QTX_IOVEC * iovecin,size_t numin,QUIC_PKT_HDR ** hdrout,const OSSL_QTX_IOVEC ** iovecout,size_t * numout,void * arg)5015 static int script_74_alter_version(const QUIC_PKT_HDR *hdrin,
5016 const OSSL_QTX_IOVEC *iovecin, size_t numin,
5017 QUIC_PKT_HDR **hdrout,
5018 const OSSL_QTX_IOVEC **iovecout,
5019 size_t *numout,
5020 void *arg)
5021 {
5022 *hdrout = OPENSSL_memdup(hdrin, sizeof(QUIC_PKT_HDR));
5023 *iovecout = iovecin;
5024 *numout = numin;
5025 hdr_to_free = *hdrout;
5026
5027 if (do_mutation == 0)
5028 return 1;
5029 do_mutation = 0;
5030
5031 if (hdrin->type == QUIC_PKT_TYPE_INITIAL)
5032 (*hdrout)->version = 0xdeadbeef;
5033 return 1;
5034 }
5035
script_74_finish_mutation(void * arg)5036 static void script_74_finish_mutation(void *arg)
5037 {
5038 OPENSSL_free(hdr_to_free);
5039 }
5040
5041 /*
5042 * Enable the packet mutator for the client channel
5043 * So that when we send a Initial packet
5044 * We modify the version to be something invalid
5045 * to force a version negotiation
5046 */
script_74_arm_packet_mutator(struct helper * h,struct helper_local * hl)5047 static int script_74_arm_packet_mutator(struct helper *h,
5048 struct helper_local *hl)
5049 {
5050 QUIC_CHANNEL *ch = ossl_quic_conn_get_channel(h->c_conn);
5051
5052 do_mutation = 1;
5053 if (!ossl_quic_channel_set_mutator(ch, script_74_alter_version,
5054 script_74_finish_mutation,
5055 NULL))
5056 return 0;
5057 return 1;
5058 }
5059
5060 static const struct script_op script_74[] = {
5061 OP_CHECK(script_74_arm_packet_mutator, 0)
5062 OP_C_SET_ALPN("ossltest")
5063 OP_C_CONNECT_WAIT()
5064
5065 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
5066
5067 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0))
5068 OP_C_WRITE(a, "apple", 5)
5069 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
5070 OP_S_READ_EXPECT(a, "apple", 5)
5071
5072 OP_END
5073 };
5074
5075 /* 75. Version negotiation: Unknown version causes connection abort */
5076 static const struct script_op script_75[] = {
5077 OP_S_SET_INJECT_DATAGRAM(server_gen_version_neg)
5078 OP_SET_INJECT_WORD(2, 0)
5079
5080 OP_C_SET_ALPN("ossltest")
5081 OP_C_CONNECT_WAIT_OR_FAIL()
5082
5083 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_CONNECTION_REFUSED, 0, 0)
5084
5085 OP_END
5086 };
5087
5088 /* 76. Test peer-initiated shutdown wait */
script_76_check(struct helper * h,struct helper_local * hl)5089 static int script_76_check(struct helper *h, struct helper_local *hl)
5090 {
5091 if (!TEST_false(SSL_shutdown_ex(h->c_conn,
5092 SSL_SHUTDOWN_FLAG_WAIT_PEER
5093 | SSL_SHUTDOWN_FLAG_NO_BLOCK,
5094 NULL, 0)))
5095 return 0;
5096
5097 return 1;
5098 }
5099
5100 static const struct script_op script_76[] = {
5101 OP_C_SET_ALPN("ossltest")
5102 OP_C_CONNECT_WAIT()
5103 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
5104
5105 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0))
5106 OP_C_WRITE(a, "apple", 5)
5107
5108 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
5109 OP_S_READ_EXPECT(a, "apple", 5)
5110
5111 /* Check a WAIT_PEER call doesn't succeed yet. */
5112 OP_CHECK(script_76_check, 0)
5113 OP_S_SHUTDOWN(42)
5114
5115 OP_C_SHUTDOWN_WAIT(NULL, SSL_SHUTDOWN_FLAG_WAIT_PEER)
5116 OP_C_EXPECT_CONN_CLOSE_INFO(42, 1, 1)
5117
5118 OP_END
5119 };
5120
5121 /* 77. Ensure default stream popping operates correctly */
5122 static const struct script_op script_77[] = {
5123 OP_C_SET_ALPN("ossltest")
5124 OP_C_CONNECT_WAIT()
5125
5126 OP_C_SET_INCOMING_STREAM_POLICY(SSL_INCOMING_STREAM_POLICY_ACCEPT)
5127
5128 OP_S_NEW_STREAM_BIDI(a, S_BIDI_ID(0))
5129 OP_S_WRITE(a, "Strawberry", 10)
5130
5131 OP_C_READ_EXPECT(DEFAULT, "Strawberry", 10)
5132
5133 OP_S_NEW_STREAM_BIDI(b, S_BIDI_ID(1))
5134 OP_S_WRITE(b, "xyz", 3)
5135
5136 OP_C_ACCEPT_STREAM_WAIT(b)
5137 OP_C_READ_EXPECT(b, "xyz", 3)
5138
5139 OP_END
5140 };
5141
5142 /* 78. Post-connection session ticket handling */
5143 static size_t new_session_count;
5144
on_new_session(SSL * s,SSL_SESSION * sess)5145 static int on_new_session(SSL *s, SSL_SESSION *sess)
5146 {
5147 ++new_session_count;
5148 return 0; /* do not ref session, we aren't keeping it */
5149 }
5150
setup_session(struct helper * h,struct helper_local * hl)5151 static int setup_session(struct helper *h, struct helper_local *hl)
5152 {
5153 SSL_CTX_set_session_cache_mode(h->c_ctx, SSL_SESS_CACHE_BOTH);
5154 SSL_CTX_sess_set_new_cb(h->c_ctx, on_new_session);
5155 return 1;
5156 }
5157
trigger_late_session_ticket(struct helper * h,struct helper_local * hl)5158 static int trigger_late_session_ticket(struct helper *h, struct helper_local *hl)
5159 {
5160 new_session_count = 0;
5161
5162 if (!TEST_true(ossl_quic_tserver_new_ticket(ACQUIRE_S())))
5163 return 0;
5164
5165 return 1;
5166 }
5167
check_got_session_ticket(struct helper * h,struct helper_local * hl)5168 static int check_got_session_ticket(struct helper *h, struct helper_local *hl)
5169 {
5170 if (!TEST_size_t_gt(new_session_count, 0))
5171 return 0;
5172
5173 return 1;
5174 }
5175
5176 static int check_idle_timeout(struct helper *h, struct helper_local *hl);
5177
5178 static const struct script_op script_78[] = {
5179 OP_C_SET_ALPN("ossltest")
5180 OP_CHECK(setup_session, 0)
5181 OP_C_CONNECT_WAIT()
5182
5183 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
5184
5185 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0))
5186 OP_C_WRITE(a, "apple", 5)
5187
5188 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
5189 OP_S_READ_EXPECT(a, "apple", 5)
5190
5191 OP_S_WRITE(a, "orange", 6)
5192 OP_C_READ_EXPECT(a, "orange", 6)
5193
5194 OP_CHECK(trigger_late_session_ticket, 0)
5195
5196 OP_S_WRITE(a, "Strawberry", 10)
5197 OP_C_READ_EXPECT(a, "Strawberry", 10)
5198
5199 OP_CHECK(check_got_session_ticket, 0)
5200 OP_CHECK2(check_idle_timeout,
5201 SSL_VALUE_CLASS_FEATURE_NEGOTIATED, 30000)
5202
5203 OP_END
5204 };
5205
5206 /* 79. Optimised FIN test */
5207 static const struct script_op script_79[] = {
5208 OP_C_SET_ALPN("ossltest")
5209 OP_C_CONNECT_WAIT()
5210 OP_C_WRITE_EX2(DEFAULT, "apple", 5, SSL_WRITE_FLAG_CONCLUDE)
5211 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
5212 OP_S_READ_EXPECT(a, "apple", 5)
5213 OP_S_EXPECT_FIN(a)
5214 OP_S_WRITE(a, "orange", 6)
5215 OP_S_CONCLUDE(a)
5216 OP_C_READ_EXPECT(DEFAULT, "orange", 6)
5217 OP_C_EXPECT_FIN(DEFAULT)
5218 OP_END
5219 };
5220
5221 /* 80. Stateless reset detection test */
5222 static QUIC_STATELESS_RESET_TOKEN test_reset_token = {
5223 { 0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef,
5224 0xde, 0xad, 0xbe, 0xef }
5225 };
5226
5227 /*
5228 * Generate a packet in the following format:
5229 * https://www.rfc-editor.org/rfc/rfc9000.html#name-stateless-reset
5230 * Stateless Reset {
5231 * Fixed Bits (2): 1
5232 * Unpredictable bits (38..)
5233 * Stateless reset token (128)
5234 * }
5235 */
script_80_send_stateless_reset(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)5236 static int script_80_send_stateless_reset(struct helper *h, QUIC_PKT_HDR *hdr,
5237 unsigned char *buf, size_t len)
5238 {
5239 unsigned char databuf[64];
5240
5241 if (h->inject_word1 == 0)
5242 return 1;
5243
5244 h->inject_word1 = 0;
5245
5246 fprintf(stderr, "Sending stateless reset\n");
5247
5248 RAND_bytes(databuf, 64);
5249 databuf[0] = 0x40;
5250 memcpy(&databuf[48], test_reset_token.token,
5251 sizeof(test_reset_token.token));
5252
5253 if (!TEST_int_eq(SSL_inject_net_dgram(h->c_conn, databuf, sizeof(databuf),
5254 NULL, h->s_net_bio_addr),
5255 1))
5256 return 0;
5257
5258 return 1;
5259 }
5260
script_80_gen_new_conn_id(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)5261 static int script_80_gen_new_conn_id(struct helper *h, QUIC_PKT_HDR *hdr,
5262 unsigned char *buf, size_t len)
5263 {
5264 int rc = 0;
5265 size_t l;
5266 unsigned char frame_buf[64];
5267 WPACKET wpkt;
5268 QUIC_CONN_ID new_cid = { 0 };
5269 OSSL_QUIC_FRAME_NEW_CONN_ID ncid = { 0 };
5270 QUIC_CHANNEL *ch = ossl_quic_tserver_get_channel(ACQUIRE_S_NOHL());
5271
5272 if (h->inject_word0 == 0)
5273 return 1;
5274
5275 h->inject_word0 = 0;
5276
5277 fprintf(stderr, "sending new conn id\n");
5278 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
5279 sizeof(frame_buf), 0)))
5280 return 0;
5281
5282 ossl_quic_channel_get_diag_local_cid(ch, &new_cid);
5283
5284 ncid.seq_num = 2;
5285 ncid.retire_prior_to = 2;
5286 ncid.conn_id = new_cid;
5287 memcpy(ncid.stateless_reset.token, test_reset_token.token,
5288 sizeof(test_reset_token.token));
5289
5290 if (!TEST_true(ossl_quic_wire_encode_frame_new_conn_id(&wpkt, &ncid)))
5291 goto err;
5292
5293 if (!TEST_true(WPACKET_get_total_written(&wpkt, &l)))
5294 goto err;
5295
5296 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, l))
5297 goto err;
5298
5299 rc = 1;
5300 err:
5301 if (rc)
5302 WPACKET_finish(&wpkt);
5303 else
5304 WPACKET_cleanup(&wpkt);
5305
5306 return rc;
5307 }
5308
script_80_inject_pkt(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)5309 static int script_80_inject_pkt(struct helper *h, QUIC_PKT_HDR *hdr,
5310 unsigned char *buf, size_t len)
5311 {
5312 if (h->inject_word1 == 1)
5313 return script_80_send_stateless_reset(h, hdr, buf, len);
5314 else if (h->inject_word0 == 1)
5315 return script_80_gen_new_conn_id(h, hdr, buf, len);
5316
5317 return 1;
5318 }
5319
5320 static const struct script_op script_80[] = {
5321 OP_S_SET_INJECT_PLAIN(script_80_inject_pkt)
5322 OP_C_SET_ALPN("ossltest")
5323 OP_C_CONNECT_WAIT()
5324 OP_C_WRITE(DEFAULT, "apple", 5)
5325 OP_C_CONCLUDE(DEFAULT)
5326 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
5327 OP_S_READ_EXPECT(a, "apple", 5)
5328 OP_SET_INJECT_WORD(1, 0)
5329 OP_S_WRITE(a, "apple", 5)
5330 OP_C_READ_EXPECT(DEFAULT, "apple", 5)
5331 OP_SET_INJECT_WORD(0, 1)
5332 OP_S_WRITE(a, "apple", 5)
5333 OP_C_EXPECT_CONN_CLOSE_INFO(0, 0, 1)
5334 OP_END
5335 };
5336
5337 /* 81. Idle timeout configuration */
modify_idle_timeout(struct helper * h,struct helper_local * hl)5338 static int modify_idle_timeout(struct helper *h, struct helper_local *hl)
5339 {
5340 uint64_t v = 0;
5341
5342 /* Test bad value is rejected. */
5343 if (!TEST_false(SSL_set_feature_request_uint(h->c_conn,
5344 SSL_VALUE_QUIC_IDLE_TIMEOUT,
5345 (1ULL << 62))))
5346 return 0;
5347
5348 /* Set value. */
5349 if (!TEST_true(SSL_set_feature_request_uint(h->c_conn,
5350 SSL_VALUE_QUIC_IDLE_TIMEOUT,
5351 hl->check_op->arg2)))
5352 return 0;
5353
5354 if (!TEST_true(SSL_get_feature_request_uint(h->c_conn,
5355 SSL_VALUE_QUIC_IDLE_TIMEOUT,
5356 &v)))
5357 return 0;
5358
5359 if (!TEST_uint64_t_eq(v, hl->check_op->arg2))
5360 return 0;
5361
5362 return 1;
5363 }
5364
check_idle_timeout(struct helper * h,struct helper_local * hl)5365 static int check_idle_timeout(struct helper *h, struct helper_local *hl)
5366 {
5367 uint64_t v = 0;
5368
5369 if (!TEST_true(SSL_get_value_uint(h->c_conn, hl->check_op->arg1,
5370 SSL_VALUE_QUIC_IDLE_TIMEOUT,
5371 &v)))
5372 return 0;
5373
5374 if (!TEST_uint64_t_eq(v, hl->check_op->arg2))
5375 return 0;
5376
5377 return 1;
5378 }
5379
5380 static const struct script_op script_81[] = {
5381 OP_C_SET_ALPN("ossltest")
5382 OP_CHECK(modify_idle_timeout, 25000)
5383 OP_C_CONNECT_WAIT()
5384
5385 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
5386
5387 OP_CHECK2(check_idle_timeout,
5388 SSL_VALUE_CLASS_FEATURE_PEER_REQUEST, 30000)
5389 OP_CHECK2(check_idle_timeout,
5390 SSL_VALUE_CLASS_FEATURE_NEGOTIATED, 25000)
5391
5392 OP_END
5393 };
5394
5395 /* 82. Negotiated default idle timeout if not configured */
5396 static const struct script_op script_82[] = {
5397 OP_C_SET_ALPN("ossltest")
5398 OP_C_CONNECT_WAIT()
5399
5400 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
5401
5402 OP_CHECK2(check_idle_timeout,
5403 SSL_VALUE_CLASS_FEATURE_PEER_REQUEST, 30000)
5404 OP_CHECK2(check_idle_timeout,
5405 SSL_VALUE_CLASS_FEATURE_NEGOTIATED, 30000)
5406
5407 OP_END
5408 };
5409
5410 /* 83. No late changes to idle timeout */
cannot_change_idle_timeout(struct helper * h,struct helper_local * hl)5411 static int cannot_change_idle_timeout(struct helper *h, struct helper_local *hl)
5412 {
5413 uint64_t v = 0;
5414
5415 if (!TEST_true(SSL_get_feature_request_uint(h->c_conn,
5416 SSL_VALUE_QUIC_IDLE_TIMEOUT,
5417 &v)))
5418 return 0;
5419
5420 if (!TEST_uint64_t_eq(v, 30000))
5421 return 0;
5422
5423 if (!TEST_false(SSL_set_feature_request_uint(h->c_conn,
5424 SSL_VALUE_QUIC_IDLE_TIMEOUT,
5425 5000)))
5426 return 0;
5427
5428 return 1;
5429 }
5430
5431 static const struct script_op script_83[] = {
5432 OP_C_SET_ALPN("ossltest")
5433 OP_C_CONNECT_WAIT()
5434
5435 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
5436
5437 OP_CHECK(cannot_change_idle_timeout, 0)
5438 OP_CHECK2(check_idle_timeout,
5439 SSL_VALUE_CLASS_FEATURE_PEER_REQUEST, 30000)
5440 OP_CHECK2(check_idle_timeout,
5441 SSL_VALUE_CLASS_FEATURE_NEGOTIATED, 30000)
5442
5443 OP_END
5444 };
5445
5446 /* 84. Test query of available streams */
check_avail_streams(struct helper * h,struct helper_local * hl)5447 static int check_avail_streams(struct helper *h, struct helper_local *hl)
5448 {
5449 uint64_t v = 0;
5450
5451 switch (hl->check_op->arg1) {
5452 case 0:
5453 if (!TEST_true(SSL_get_quic_stream_bidi_local_avail(h->c_conn, &v)))
5454 return 0;
5455 break;
5456 case 1:
5457 if (!TEST_true(SSL_get_quic_stream_bidi_remote_avail(h->c_conn, &v)))
5458 return 0;
5459 break;
5460 case 2:
5461 if (!TEST_true(SSL_get_quic_stream_uni_local_avail(h->c_conn, &v)))
5462 return 0;
5463 break;
5464 case 3:
5465 if (!TEST_true(SSL_get_quic_stream_uni_remote_avail(h->c_conn, &v)))
5466 return 0;
5467 break;
5468 default:
5469 return 0;
5470 }
5471
5472 if (!TEST_uint64_t_eq(v, hl->check_op->arg2))
5473 return 0;
5474
5475 return 1;
5476 }
5477
5478 static int set_event_handling_mode_conn(struct helper *h, struct helper_local *hl);
5479 static int reenable_test_event_handling(struct helper *h, struct helper_local *hl);
5480
check_write_buf_stat(struct helper * h,struct helper_local * hl)5481 static int check_write_buf_stat(struct helper *h, struct helper_local *hl)
5482 {
5483 SSL *c_a;
5484 uint64_t size, used, avail;
5485
5486 if (!TEST_ptr(c_a = helper_local_get_c_stream(hl, "a")))
5487 return 0;
5488
5489 if (!TEST_true(SSL_get_stream_write_buf_size(c_a, &size))
5490 || !TEST_true(SSL_get_stream_write_buf_used(c_a, &used))
5491 || !TEST_true(SSL_get_stream_write_buf_avail(c_a, &avail))
5492 || !TEST_uint64_t_ge(size, avail)
5493 || !TEST_uint64_t_ge(size, used)
5494 || !TEST_uint64_t_eq(avail + used, size))
5495 return 0;
5496
5497 if (!TEST_uint64_t_eq(used, hl->check_op->arg1))
5498 return 0;
5499
5500 return 1;
5501 }
5502
5503 static const struct script_op script_84[] = {
5504 OP_C_SET_ALPN("ossltest")
5505 OP_C_CONNECT_WAIT()
5506
5507 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
5508
5509 OP_CHECK2(check_avail_streams, 0, 100)
5510 OP_CHECK2(check_avail_streams, 1, 100)
5511 OP_CHECK2(check_avail_streams, 2, 100)
5512 OP_CHECK2(check_avail_streams, 3, 100)
5513
5514 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0))
5515
5516 OP_CHECK2(check_avail_streams, 0, 99)
5517 OP_CHECK2(check_avail_streams, 1, 100)
5518 OP_CHECK2(check_avail_streams, 2, 100)
5519 OP_CHECK2(check_avail_streams, 3, 100)
5520
5521 OP_C_NEW_STREAM_UNI(b, C_UNI_ID(0))
5522
5523 OP_CHECK2(check_avail_streams, 0, 99)
5524 OP_CHECK2(check_avail_streams, 1, 100)
5525 OP_CHECK2(check_avail_streams, 2, 99)
5526 OP_CHECK2(check_avail_streams, 3, 100)
5527
5528 OP_S_NEW_STREAM_BIDI(c, S_BIDI_ID(0))
5529 OP_S_WRITE(c, "x", 1)
5530
5531 OP_C_ACCEPT_STREAM_WAIT(c)
5532 OP_C_READ_EXPECT(c, "x", 1)
5533
5534 OP_CHECK2(check_avail_streams, 0, 99)
5535 OP_CHECK2(check_avail_streams, 1, 99)
5536 OP_CHECK2(check_avail_streams, 2, 99)
5537 OP_CHECK2(check_avail_streams, 3, 100)
5538
5539 OP_S_NEW_STREAM_UNI(d, S_UNI_ID(0))
5540 OP_S_WRITE(d, "x", 1)
5541
5542 OP_C_ACCEPT_STREAM_WAIT(d)
5543 OP_C_READ_EXPECT(d, "x", 1)
5544
5545 OP_CHECK2(check_avail_streams, 0, 99)
5546 OP_CHECK2(check_avail_streams, 1, 99)
5547 OP_CHECK2(check_avail_streams, 2, 99)
5548 OP_CHECK2(check_avail_streams, 3, 99)
5549
5550 OP_CHECK2(check_write_buf_stat, 0, 0)
5551 OP_CHECK(set_event_handling_mode_conn,
5552 SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT)
5553 OP_C_WRITE(a, "apple", 5)
5554 OP_CHECK2(check_write_buf_stat, 5, 0)
5555
5556 OP_CHECK(reenable_test_event_handling, 0)
5557
5558 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
5559 OP_S_READ_EXPECT(a, "apple", 5)
5560 OP_S_WRITE(a, "orange", 6)
5561 OP_C_READ_EXPECT(a, "orange", 6)
5562
5563 OP_END
5564 };
5565
5566 /* 85. Test SSL_poll (lite, non-blocking) */
script_85_poll(struct helper * h,struct helper_local * hl)5567 ossl_unused static int script_85_poll(struct helper *h, struct helper_local *hl)
5568 {
5569 int ok = 1, ret, expected_ret = 1;
5570 static const struct timeval timeout = { 0 };
5571 size_t result_count, expected_result_count = 0;
5572 SSL_POLL_ITEM items[5] = { 0 }, *item = items;
5573 SSL *c_a, *c_b, *c_c, *c_d;
5574 size_t i;
5575 uint64_t mode, expected_revents[5] = { 0 };
5576
5577 if (!TEST_ptr(c_a = helper_local_get_c_stream(hl, "a"))
5578 || !TEST_ptr(c_b = helper_local_get_c_stream(hl, "b"))
5579 || !TEST_ptr(c_c = helper_local_get_c_stream(hl, "c"))
5580 || !TEST_ptr(c_d = helper_local_get_c_stream(hl, "d")))
5581 return 0;
5582
5583 item->desc = SSL_as_poll_descriptor(c_a);
5584 item->events = UINT64_MAX;
5585 item->revents = UINT64_MAX;
5586 ++item;
5587
5588 item->desc = SSL_as_poll_descriptor(c_b);
5589 item->events = UINT64_MAX;
5590 item->revents = UINT64_MAX;
5591 ++item;
5592
5593 item->desc = SSL_as_poll_descriptor(c_c);
5594 item->events = UINT64_MAX;
5595 item->revents = UINT64_MAX;
5596 ++item;
5597
5598 item->desc = SSL_as_poll_descriptor(c_d);
5599 item->events = UINT64_MAX;
5600 item->revents = UINT64_MAX;
5601 ++item;
5602
5603 item->desc = SSL_as_poll_descriptor(h->c_conn);
5604 item->events = UINT64_MAX;
5605 item->revents = UINT64_MAX;
5606 ++item;
5607
5608 result_count = SIZE_MAX;
5609 ret = SSL_poll(items, OSSL_NELEM(items), sizeof(SSL_POLL_ITEM),
5610 &timeout, 0,
5611 &result_count);
5612
5613 mode = hl->check_op->arg2;
5614 switch (mode) {
5615 case 0:
5616 /* No incoming data yet */
5617 expected_revents[0] = SSL_POLL_EVENT_W;
5618 expected_revents[1] = SSL_POLL_EVENT_W;
5619 expected_revents[2] = SSL_POLL_EVENT_W;
5620 expected_revents[3] = SSL_POLL_EVENT_W;
5621 expected_revents[4] = SSL_POLL_EVENT_OS;
5622 expected_result_count = 5;
5623 break;
5624 case 1:
5625 /* Expect more events */
5626 expected_revents[0] = SSL_POLL_EVENT_W | SSL_POLL_EVENT_R;
5627 expected_revents[1] = SSL_POLL_EVENT_W | SSL_POLL_EVENT_ER;
5628 expected_revents[2] = SSL_POLL_EVENT_EW;
5629 expected_revents[3] = SSL_POLL_EVENT_W;
5630 expected_revents[4] = SSL_POLL_EVENT_OS | SSL_POLL_EVENT_ISB;
5631 expected_result_count = 5;
5632 break;
5633 default:
5634 return 0;
5635 }
5636
5637 if (!TEST_int_eq(ret, expected_ret)
5638 || !TEST_size_t_eq(result_count, expected_result_count))
5639 ok = 0;
5640
5641 for (i = 0; i < OSSL_NELEM(items); ++i)
5642 if (!TEST_uint64_t_eq(items[i].revents, expected_revents[i])) {
5643 TEST_error("mismatch at index %zu in poll results, mode %d",
5644 i, (int)mode);
5645 ok = 0;
5646 }
5647
5648 return ok;
5649 }
5650
5651 static const struct script_op script_85[] = {
5652 OP_C_SET_ALPN("ossltest")
5653 OP_C_CONNECT_WAIT()
5654
5655 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
5656
5657 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0))
5658 OP_C_WRITE(a, "flamingo", 8)
5659
5660 OP_C_NEW_STREAM_BIDI(b, C_BIDI_ID(1))
5661 OP_C_WRITE(b, "orange", 6)
5662
5663 OP_C_NEW_STREAM_BIDI(c, C_BIDI_ID(2))
5664 OP_C_WRITE(c, "Strawberry", 10)
5665
5666 OP_C_NEW_STREAM_BIDI(d, C_BIDI_ID(3))
5667 OP_C_WRITE(d, "sync", 4)
5668
5669 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
5670 OP_S_BIND_STREAM_ID(b, C_BIDI_ID(1))
5671 OP_S_BIND_STREAM_ID(c, C_BIDI_ID(2))
5672 OP_S_BIND_STREAM_ID(d, C_BIDI_ID(3))
5673
5674 /* Check nothing readable yet. */
5675 OP_CHECK(script_85_poll, 0)
5676
5677 /* Send something that will make client sockets readable. */
5678 OP_S_READ_EXPECT(a, "flamingo", 8)
5679 OP_S_WRITE(a, "herringbone", 11)
5680
5681 /* Send something that will make 'b' reset. */
5682 OP_S_SET_INJECT_PLAIN(script_28_inject_plain)
5683 OP_SET_INJECT_WORD(C_BIDI_ID(1) + 1, OSSL_QUIC_FRAME_TYPE_RESET_STREAM)
5684
5685 /* Ensure sync. */
5686 OP_S_READ_EXPECT(d, "sync", 4)
5687 OP_S_WRITE(d, "x", 1)
5688 OP_C_READ_EXPECT(d, "x", 1)
5689
5690 /* Send something that will make 'c' reset. */
5691 OP_S_SET_INJECT_PLAIN(script_28_inject_plain)
5692 OP_SET_INJECT_WORD(C_BIDI_ID(2) + 1, OSSL_QUIC_FRAME_TYPE_STOP_SENDING)
5693
5694 OP_S_NEW_STREAM_BIDI(z, S_BIDI_ID(0))
5695 OP_S_WRITE(z, "z", 1)
5696
5697 /* Ensure sync. */
5698 OP_S_WRITE(d, "x", 1)
5699 OP_C_READ_EXPECT(d, "x", 1)
5700
5701 /* Check a is now readable. */
5702 OP_CHECK(script_85_poll, 1)
5703
5704 OP_END
5705 };
5706
5707 /* 86. Event Handling Mode Configuration */
set_event_handling_mode_conn(struct helper * h,struct helper_local * hl)5708 static int set_event_handling_mode_conn(struct helper *h, struct helper_local *hl)
5709 {
5710 hl->explicit_event_handling = 1;
5711 return SSL_set_event_handling_mode(h->c_conn, hl->check_op->arg2);
5712 }
5713
reenable_test_event_handling(struct helper * h,struct helper_local * hl)5714 static int reenable_test_event_handling(struct helper *h, struct helper_local *hl)
5715 {
5716 hl->explicit_event_handling = 0;
5717 return 1;
5718 }
5719
set_event_handling_mode_stream(struct helper * h,struct helper_local * hl)5720 static ossl_unused int set_event_handling_mode_stream(struct helper *h, struct helper_local *hl)
5721 {
5722 SSL *ssl = helper_local_get_c_stream(hl, "a");
5723
5724 if (!TEST_ptr(ssl))
5725 return 0;
5726
5727 return SSL_set_event_handling_mode(ssl, hl->check_op->arg2);
5728 }
5729
5730 static const struct script_op script_86[] = {
5731 OP_SKIP_IF_BLOCKING(23)
5732
5733 OP_C_SET_ALPN("ossltest")
5734 OP_C_CONNECT_WAIT()
5735
5736 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
5737
5738 /* Turn on explicit handling mode. */
5739 OP_CHECK(set_event_handling_mode_conn,
5740 SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT)
5741
5742 /*
5743 * Create a new stream and write data. This won't get sent
5744 * to the network net because we are in explicit mode
5745 * and we haven't called SSL_handle_events().
5746 */
5747 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0))
5748 OP_C_WRITE(a, "apple", 5)
5749
5750 /* Put connection back into implicit handling mode. */
5751 OP_CHECK(set_event_handling_mode_conn,
5752 SSL_VALUE_EVENT_HANDLING_MODE_IMPLICIT)
5753
5754 /* Override at stream level. */
5755 OP_CHECK(set_event_handling_mode_stream,
5756 SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT)
5757 OP_C_WRITE(a, "orange", 6)
5758 OP_C_CONCLUDE(a)
5759
5760 /*
5761 * Confirm the data isn't going to arrive. OP_SLEEP is always undesirable
5762 * but we have no reasonable way to synchronise on something not arriving
5763 * given all network traffic is essentially stopped and there are no other
5764 * signals arriving from the peer which could be used for synchronisation.
5765 * Slow OSes will pass this anyway (fail-open).
5766 */
5767 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
5768
5769 OP_BEGIN_REPEAT(20)
5770 OP_S_READ_FAIL(a, 1)
5771 OP_SLEEP(10)
5772 OP_END_REPEAT()
5773
5774 /* Now let the data arrive and confirm it arrives. */
5775 OP_CHECK(reenable_test_event_handling, 0)
5776 OP_S_READ_EXPECT(a, "appleorange", 11)
5777 OP_S_EXPECT_FIN(a)
5778
5779 /* Back into explicit mode. */
5780 OP_CHECK(set_event_handling_mode_conn,
5781 SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT)
5782 OP_S_WRITE(a, "ok", 2)
5783 OP_C_READ_FAIL(a)
5784
5785 /* Works once event handling is done. */
5786 OP_CHECK(reenable_test_event_handling, 0)
5787 OP_C_READ_EXPECT(a, "ok", 2)
5788
5789 OP_END
5790 };
5791
5792 /* 87. Test stream reset functionality */
5793 static const struct script_op script_87[] = {
5794 OP_C_SET_ALPN("ossltest")
5795 OP_C_CONNECT_WAIT()
5796 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0))
5797 OP_C_WRITE(a, "apple", 5)
5798 OP_C_CONCLUDE(a)
5799 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0))
5800 OP_S_READ_EXPECT(a, "apple", 5)
5801 OP_S_EXPECT_FIN(a)
5802 OP_S_WRITE(a, "orange", 6)
5803 OP_C_READ_EXPECT(a, "orange", 6)
5804 OP_S_CONCLUDE(a)
5805 OP_C_EXPECT_FIN(a)
5806 OP_SLEEP(1000)
5807 OP_C_STREAM_RESET_FAIL(a, 42)
5808 OP_END
5809 };
5810
5811 static const struct script_op *const scripts[] = {
5812 script_1,
5813 script_2,
5814 script_3,
5815 script_4,
5816 script_5,
5817 script_6,
5818 script_7,
5819 script_8,
5820 script_9,
5821 script_10,
5822 script_11,
5823 script_12,
5824 script_13,
5825 script_14,
5826 script_15,
5827 script_16,
5828 script_17,
5829 script_18,
5830 script_19,
5831 script_20,
5832 script_21,
5833 script_22,
5834 script_23,
5835 script_24,
5836 script_25,
5837 script_26,
5838 script_27,
5839 script_28,
5840 script_29,
5841 script_30,
5842 script_31,
5843 script_32,
5844 script_33,
5845 script_34,
5846 script_35,
5847 script_36,
5848 script_37,
5849 script_38,
5850 script_39,
5851 script_40,
5852 script_41,
5853 script_42,
5854 script_43,
5855 script_44,
5856 script_45,
5857 script_46,
5858 script_47,
5859 script_48,
5860 script_49,
5861 script_50,
5862 script_51,
5863 script_52,
5864 script_53,
5865 script_54,
5866 script_55,
5867 script_56,
5868 script_57,
5869 script_58,
5870 script_59,
5871 script_60,
5872 script_61,
5873 script_62,
5874 script_63,
5875 script_64,
5876 script_65,
5877 script_66,
5878 script_67,
5879 script_68,
5880 script_69,
5881 script_70,
5882 script_71,
5883 script_72,
5884 script_73,
5885 script_74,
5886 script_75,
5887 script_76,
5888 script_77,
5889 script_78,
5890 script_79,
5891 script_80,
5892 script_81,
5893 script_82,
5894 script_83,
5895 script_84,
5896 script_85,
5897 script_86,
5898 script_87
5899 };
5900
test_script(int idx)5901 static int test_script(int idx)
5902 {
5903 int script_idx, free_order, blocking;
5904 char script_name[64];
5905
5906 free_order = idx % 2;
5907 idx /= 2;
5908
5909 blocking = idx % 2;
5910 idx /= 2;
5911
5912 script_idx = idx;
5913
5914 if (blocking && free_order)
5915 return 1; /* don't need to test free_order twice */
5916
5917 #if !defined(OPENSSL_THREADS)
5918 if (blocking) {
5919 TEST_skip("cannot test in blocking mode without threads");
5920 return 1;
5921 }
5922 #endif
5923
5924 BIO_snprintf(script_name, sizeof(script_name), "script %d", script_idx + 1);
5925
5926 TEST_info("Running script %d (order=%d, blocking=%d)", script_idx + 1,
5927 free_order, blocking);
5928 return run_script(scripts[script_idx], script_name, free_order, blocking);
5929 }
5930
5931 /* Dynamically generated tests. */
5932 static struct script_op dyn_frame_types_script[] = {
5933 OP_S_SET_INJECT_PLAIN(script_21_inject_plain)
5934 OP_SET_INJECT_WORD(0, 0) /* dynamic */
5935
5936 OP_C_SET_ALPN("ossltest")
5937 OP_C_CONNECT_WAIT_OR_FAIL()
5938
5939 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR, 0, 0)
5940
5941 OP_END
5942 };
5943
5944 struct forbidden_frame_type {
5945 uint64_t pkt_type, frame_type, expected_err;
5946 };
5947
5948 static const struct forbidden_frame_type forbidden_frame_types[] = {
5949 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_VLINT_MAX, OSSL_QUIC_ERR_FRAME_ENCODING_ERROR },
5950 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_VLINT_MAX, OSSL_QUIC_ERR_FRAME_ENCODING_ERROR },
5951 { QUIC_PKT_TYPE_1RTT, OSSL_QUIC_VLINT_MAX, OSSL_QUIC_ERR_FRAME_ENCODING_ERROR },
5952
5953 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_STREAM, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5954 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_RESET_STREAM, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5955 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_STOP_SENDING, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5956 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_NEW_TOKEN, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5957 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_MAX_DATA, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5958 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5959 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_BIDI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5960 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_UNI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5961 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_DATA_BLOCKED, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5962 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5963 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_BIDI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5964 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_UNI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5965 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5966 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5967 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_PATH_CHALLENGE, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5968 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5969 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_APP, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5970 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_HANDSHAKE_DONE, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5971
5972 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_STREAM, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5973 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_RESET_STREAM, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5974 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_STOP_SENDING, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5975 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_NEW_TOKEN, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5976 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_MAX_DATA, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5977 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5978 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_BIDI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5979 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_UNI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5980 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_DATA_BLOCKED, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5981 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5982 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_BIDI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5983 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_UNI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5984 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5985 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5986 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_PATH_CHALLENGE, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5987 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5988 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_APP, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5989 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_HANDSHAKE_DONE, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5990
5991 /* Client uses a zero-length CID so this is not allowed. */
5992 { QUIC_PKT_TYPE_1RTT, OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5993 };
5994
test_dyn_frame_types(int idx)5995 static ossl_unused int test_dyn_frame_types(int idx)
5996 {
5997 size_t i;
5998 char script_name[64];
5999 struct script_op *s = dyn_frame_types_script;
6000
6001 for (i = 0; i < OSSL_NELEM(dyn_frame_types_script); ++i)
6002 if (s[i].op == OPK_SET_INJECT_WORD) {
6003 s[i].arg1 = (size_t)forbidden_frame_types[idx].pkt_type;
6004 s[i].arg2 = forbidden_frame_types[idx].frame_type;
6005 } else if (s[i].op == OPK_C_EXPECT_CONN_CLOSE_INFO) {
6006 s[i].arg2 = forbidden_frame_types[idx].expected_err;
6007 }
6008
6009 BIO_snprintf(script_name, sizeof(script_name),
6010 "dyn script %d", idx);
6011
6012 return run_script(dyn_frame_types_script, script_name, 0, 0);
6013 }
6014
6015 OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n")
6016
setup_tests(void)6017 int setup_tests(void)
6018 {
6019 #if defined(_PUT_MODEL_)
6020 return TEST_skip("QUIC is not supported by this build");
6021 #endif
6022
6023 if (!test_skip_common_options()) {
6024 TEST_error("Error parsing test options\n");
6025 return 0;
6026 }
6027
6028 if (!TEST_ptr(certfile = test_get_argument(0))
6029 || !TEST_ptr(keyfile = test_get_argument(1)))
6030 return 0;
6031
6032 ADD_ALL_TESTS(test_dyn_frame_types, OSSL_NELEM(forbidden_frame_types));
6033 ADD_ALL_TESTS(test_script, OSSL_NELEM(scripts) * 2 * 2);
6034 return 1;
6035 }
6036