1 /* 2 * Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 #include <openssl/ssl.h> 10 #include <openssl/quic.h> 11 #include <openssl/bio.h> 12 #include <openssl/lhash.h> 13 #include <openssl/rand.h> 14 #include "internal/quic_tserver.h" 15 #include "internal/quic_ssl.h" 16 #include "internal/quic_error.h" 17 #include "internal/quic_stream_map.h" 18 #include "internal/quic_engine.h" 19 #include "testutil.h" 20 #include "helpers/quictestlib.h" 21 #if defined(OPENSSL_THREADS) 22 # include "internal/thread_arch.h" 23 #endif 24 #include "internal/numbers.h" /* UINT64_C */ 25 26 static const char *certfile, *keyfile; 27 28 #if defined(_AIX) 29 /* 30 * Some versions of AIX define macros for events and revents for use when 31 * accessing pollfd structures (see Github issue #24236). That interferes 32 * with our use of these names here. We simply undef them. 33 */ 34 # undef revents 35 # undef events 36 #endif 37 38 #if defined(OPENSSL_THREADS) 39 struct child_thread_args { 40 struct helper *h; 41 const struct script_op *script; 42 const char *script_name; 43 int thread_idx; 44 45 CRYPTO_THREAD *t; 46 CRYPTO_MUTEX *m; 47 int testresult; 48 int done; 49 int s_checked_out; 50 }; 51 #endif 52 53 typedef struct stream_info { 54 const char *name; 55 SSL *c_stream; 56 uint64_t s_stream_id; 57 } STREAM_INFO; 58 59 DEFINE_LHASH_OF_EX(STREAM_INFO); 60 61 struct helper { 62 int s_fd; 63 BIO *s_net_bio, *s_net_bio_own, *s_qtf_wbio, *s_qtf_wbio_own; 64 /* The BIO_ADDR used for BIO_bind() */ 65 BIO_ADDR *s_net_bio_orig_addr; 66 /* The resulting address, which is the one to connect to */ 67 BIO_ADDR *s_net_bio_addr; 68 69 /* 70 * When doing a blocking mode test run, s_priv always points to the TSERVER 71 * and s is NULL when the main thread should not be touching s_priv. 72 */ 73 QUIC_TSERVER *s, *s_priv; 74 LHASH_OF(STREAM_INFO) *s_streams; 75 76 int c_fd; 77 BIO *c_net_bio, *c_net_bio_own; 78 SSL_CTX *c_ctx; 79 SSL *c_conn; 80 LHASH_OF(STREAM_INFO) *c_streams; 81 82 #if defined(OPENSSL_THREADS) 83 struct child_thread_args *threads; 84 size_t num_threads; 85 CRYPTO_MUTEX *misc_m; 86 CRYPTO_CONDVAR *misc_cv; 87 #endif 88 89 OSSL_TIME start_time; 90 91 /* 92 * This is a duration recording the amount of time we have skipped forwards 93 * for testing purposes relative to the real ossl_time_now() clock. We add 94 * a quantity of time to this every time we skip some time. 95 */ 96 CRYPTO_RWLOCK *time_lock; 97 OSSL_TIME time_slip; /* protected by time_lock */ 98 99 QTEST_FAULT *qtf; 100 101 int init, blocking, check_spin_again; 102 int free_order, need_injector; 103 104 int (*qtf_packet_plain_cb)(struct helper *h, QUIC_PKT_HDR *hdr, 105 unsigned char *buf, size_t buf_len); 106 int (*qtf_handshake_cb)(struct helper *h, 107 unsigned char *buf, size_t buf_len); 108 int (*qtf_datagram_cb)(struct helper *h, 109 BIO_MSG *m, size_t stride); 110 uint64_t inject_word0, inject_word1; 111 uint64_t scratch0, scratch1, fail_count; 112 #if defined(OPENSSL_THREADS) 113 struct { 114 CRYPTO_THREAD *t; 115 CRYPTO_MUTEX *m; 116 CRYPTO_CONDVAR *c; 117 int ready, stop; 118 } server_thread; 119 int s_checked_out; 120 #endif 121 }; 122 123 struct helper_local { 124 struct helper *h; 125 LHASH_OF(STREAM_INFO) *c_streams; 126 int thread_idx; 127 const struct script_op *check_op; 128 int explicit_event_handling; 129 }; 130 131 struct script_op { 132 uint32_t op; 133 const void *arg0; 134 size_t arg1; 135 int (*check_func)(struct helper *h, struct helper_local *hl); 136 const char *stream_name; 137 uint64_t arg2; 138 int (*qtf_packet_plain_cb)(struct helper *h, QUIC_PKT_HDR *hdr, 139 unsigned char *buf, size_t buf_len); 140 int (*qtf_handshake_cb)(struct helper *h, 141 unsigned char *buf, size_t buf_len); 142 int (*qtf_datagram_cb)(struct helper *h, 143 BIO_MSG *m, size_t stride); 144 }; 145 146 #define OPK_END 0 147 #define OPK_CHECK 1 148 #define OPK_C_SET_ALPN 2 149 #define OPK_C_CONNECT_WAIT 3 150 #define OPK_C_WRITE 4 151 #define OPK_S_WRITE 5 152 #define OPK_C_READ_EXPECT 6 153 #define OPK_S_READ_EXPECT 7 154 #define OPK_C_EXPECT_FIN 8 155 #define OPK_S_EXPECT_FIN 9 156 #define OPK_C_CONCLUDE 10 157 #define OPK_S_CONCLUDE 11 158 #define OPK_C_DETACH 12 159 #define OPK_C_ATTACH 13 160 #define OPK_C_NEW_STREAM 14 161 #define OPK_S_NEW_STREAM 15 162 #define OPK_C_ACCEPT_STREAM_WAIT 16 163 #define OPK_C_ACCEPT_STREAM_NONE 17 164 #define OPK_C_FREE_STREAM 18 165 #define OPK_C_SET_DEFAULT_STREAM_MODE 19 166 #define OPK_C_SET_INCOMING_STREAM_POLICY 20 167 #define OPK_C_SHUTDOWN_WAIT 21 168 #define OPK_C_EXPECT_CONN_CLOSE_INFO 22 169 #define OPK_S_EXPECT_CONN_CLOSE_INFO 23 170 #define OPK_S_BIND_STREAM_ID 24 171 #define OPK_C_WAIT_FOR_DATA 25 172 #define OPK_C_WRITE_FAIL 26 173 #define OPK_S_WRITE_FAIL 27 174 #define OPK_C_READ_FAIL 28 175 #define OPK_C_STREAM_RESET 29 176 #define OPK_S_ACCEPT_STREAM_WAIT 30 177 #define OPK_NEW_THREAD 31 178 #define OPK_BEGIN_REPEAT 32 179 #define OPK_END_REPEAT 33 180 #define OPK_S_UNBIND_STREAM_ID 34 181 #define OPK_C_READ_FAIL_WAIT 35 182 #define OPK_C_CLOSE_SOCKET 36 183 #define OPK_C_EXPECT_SSL_ERR 37 184 #define OPK_EXPECT_ERR_REASON 38 185 #define OPK_EXPECT_ERR_LIB 39 186 #define OPK_SLEEP 40 187 #define OPK_S_READ_FAIL 41 188 #define OPK_S_SET_INJECT_PLAIN 42 189 #define OPK_SET_INJECT_WORD 43 190 #define OPK_C_INHIBIT_TICK 44 191 #define OPK_C_SET_WRITE_BUF_SIZE 45 192 #define OPK_S_SET_INJECT_HANDSHAKE 46 193 #define OPK_S_NEW_TICKET 47 194 #define OPK_C_SKIP_IF_UNBOUND 48 195 #define OPK_S_SET_INJECT_DATAGRAM 49 196 #define OPK_S_SHUTDOWN 50 197 #define OPK_POP_ERR 51 198 #define OPK_C_WRITE_EX2 52 199 #define OPK_SKIP_IF_BLOCKING 53 200 #define OPK_C_STREAM_RESET_FAIL 54 201 202 #define EXPECT_CONN_CLOSE_APP (1U << 0) 203 #define EXPECT_CONN_CLOSE_REMOTE (1U << 1) 204 205 /* OPK_C_NEW_STREAM */ 206 #define ALLOW_FAIL (1U << 16) 207 208 #define C_BIDI_ID(ordinal) \ 209 (((ordinal) << 2) | QUIC_STREAM_INITIATOR_CLIENT | QUIC_STREAM_DIR_BIDI) 210 #define S_BIDI_ID(ordinal) \ 211 (((ordinal) << 2) | QUIC_STREAM_INITIATOR_SERVER | QUIC_STREAM_DIR_BIDI) 212 #define C_UNI_ID(ordinal) \ 213 (((ordinal) << 2) | QUIC_STREAM_INITIATOR_CLIENT | QUIC_STREAM_DIR_UNI) 214 #define S_UNI_ID(ordinal) \ 215 (((ordinal) << 2) | QUIC_STREAM_INITIATOR_SERVER | QUIC_STREAM_DIR_UNI) 216 217 #define ANY_ID UINT64_MAX 218 219 #define OP_END \ 220 {OPK_END} 221 #define OP_CHECK(func, arg2) \ 222 {OPK_CHECK, NULL, 0, (func), NULL, (arg2)}, 223 #define OP_C_SET_ALPN(alpn) \ 224 {OPK_C_SET_ALPN, (alpn), 0, NULL, NULL}, 225 #define OP_C_CONNECT_WAIT() \ 226 {OPK_C_CONNECT_WAIT, NULL, 0, NULL, NULL}, 227 #define OP_C_CONNECT_WAIT_OR_FAIL() \ 228 {OPK_C_CONNECT_WAIT, NULL, 1, NULL, NULL}, 229 #define OP_C_WRITE(stream_name, buf, buf_len) \ 230 {OPK_C_WRITE, (buf), (buf_len), NULL, #stream_name}, 231 #define OP_S_WRITE(stream_name, buf, buf_len) \ 232 {OPK_S_WRITE, (buf), (buf_len), NULL, #stream_name}, 233 #define OP_C_READ_EXPECT(stream_name, buf, buf_len) \ 234 {OPK_C_READ_EXPECT, (buf), (buf_len), NULL, #stream_name}, 235 #define OP_S_READ_EXPECT(stream_name, buf, buf_len) \ 236 {OPK_S_READ_EXPECT, (buf), (buf_len), NULL, #stream_name}, 237 #define OP_C_EXPECT_FIN(stream_name) \ 238 {OPK_C_EXPECT_FIN, NULL, 0, NULL, #stream_name}, 239 #define OP_S_EXPECT_FIN(stream_name) \ 240 {OPK_S_EXPECT_FIN, NULL, 0, NULL, #stream_name}, 241 #define OP_C_CONCLUDE(stream_name) \ 242 {OPK_C_CONCLUDE, NULL, 0, NULL, #stream_name}, 243 #define OP_S_CONCLUDE(stream_name) \ 244 {OPK_S_CONCLUDE, NULL, 0, NULL, #stream_name}, 245 #define OP_C_DETACH(stream_name) \ 246 {OPK_C_DETACH, NULL, 0, NULL, #stream_name}, 247 #define OP_C_ATTACH(stream_name) \ 248 {OPK_C_ATTACH, NULL, 0, NULL, #stream_name}, 249 #define OP_C_NEW_STREAM_BIDI(stream_name, expect_id) \ 250 {OPK_C_NEW_STREAM, NULL, 0, NULL, #stream_name, (expect_id)}, 251 #define OP_C_NEW_STREAM_BIDI_EX(stream_name, expect_id, flags) \ 252 {OPK_C_NEW_STREAM, NULL, (flags), NULL, #stream_name, (expect_id)}, 253 #define OP_C_NEW_STREAM_UNI(stream_name, expect_id) \ 254 {OPK_C_NEW_STREAM, NULL, SSL_STREAM_FLAG_UNI, \ 255 NULL, #stream_name, (expect_id)}, 256 #define OP_C_NEW_STREAM_UNI_EX(stream_name, expect_id, flags) \ 257 {OPK_C_NEW_STREAM, NULL, (flags) | SSL_STREAM_FLAG_UNI, \ 258 NULL, #stream_name, (expect_id)}, 259 #define OP_S_NEW_STREAM_BIDI(stream_name, expect_id) \ 260 {OPK_S_NEW_STREAM, NULL, 0, NULL, #stream_name, (expect_id)}, 261 #define OP_S_NEW_STREAM_UNI(stream_name, expect_id) \ 262 {OPK_S_NEW_STREAM, NULL, 1, NULL, #stream_name, (expect_id)}, 263 #define OP_C_ACCEPT_STREAM_WAIT(stream_name) \ 264 {OPK_C_ACCEPT_STREAM_WAIT, NULL, 0, NULL, #stream_name}, 265 #define OP_C_ACCEPT_STREAM_NONE() \ 266 {OPK_C_ACCEPT_STREAM_NONE, NULL, 0, NULL, NULL}, 267 #define OP_C_FREE_STREAM(stream_name) \ 268 {OPK_C_FREE_STREAM, NULL, 0, NULL, #stream_name}, 269 #define OP_C_SET_DEFAULT_STREAM_MODE(mode) \ 270 {OPK_C_SET_DEFAULT_STREAM_MODE, NULL, (mode), NULL, NULL}, 271 #define OP_C_SET_INCOMING_STREAM_POLICY(policy) \ 272 {OPK_C_SET_INCOMING_STREAM_POLICY, NULL, (policy), NULL, NULL}, 273 #define OP_C_SHUTDOWN_WAIT(reason, flags) \ 274 {OPK_C_SHUTDOWN_WAIT, (reason), (flags), NULL, NULL}, 275 #define OP_C_EXPECT_CONN_CLOSE_INFO(ec, app, remote) \ 276 {OPK_C_EXPECT_CONN_CLOSE_INFO, NULL, \ 277 ((app) ? EXPECT_CONN_CLOSE_APP : 0) | \ 278 ((remote) ? EXPECT_CONN_CLOSE_REMOTE : 0), \ 279 NULL, NULL, (ec)}, 280 #define OP_S_EXPECT_CONN_CLOSE_INFO(ec, app, remote) \ 281 {OPK_S_EXPECT_CONN_CLOSE_INFO, NULL, \ 282 ((app) ? EXPECT_CONN_CLOSE_APP : 0) | \ 283 ((remote) ? EXPECT_CONN_CLOSE_REMOTE : 0), \ 284 NULL, NULL, (ec)}, 285 #define OP_S_BIND_STREAM_ID(stream_name, stream_id) \ 286 {OPK_S_BIND_STREAM_ID, NULL, 0, NULL, #stream_name, (stream_id)}, 287 #define OP_C_WAIT_FOR_DATA(stream_name) \ 288 {OPK_C_WAIT_FOR_DATA, NULL, 0, NULL, #stream_name}, 289 #define OP_C_WRITE_FAIL(stream_name) \ 290 {OPK_C_WRITE_FAIL, NULL, 0, NULL, #stream_name}, 291 #define OP_S_WRITE_FAIL(stream_name) \ 292 {OPK_S_WRITE_FAIL, NULL, 0, NULL, #stream_name}, 293 #define OP_C_READ_FAIL(stream_name) \ 294 {OPK_C_READ_FAIL, NULL, 0, NULL, #stream_name}, 295 #define OP_S_READ_FAIL(stream_name, allow_zero_len) \ 296 {OPK_S_READ_FAIL, NULL, (allow_zero_len), NULL, #stream_name}, 297 #define OP_C_STREAM_RESET(stream_name, aec) \ 298 {OPK_C_STREAM_RESET, NULL, 0, NULL, #stream_name, (aec)}, 299 #define OP_C_STREAM_RESET_FAIL(stream_name, aec) \ 300 {OPK_C_STREAM_RESET_FAIL, NULL, 0, NULL, #stream_name, (aec)}, 301 #define OP_S_ACCEPT_STREAM_WAIT(stream_name) \ 302 {OPK_S_ACCEPT_STREAM_WAIT, NULL, 0, NULL, #stream_name}, 303 #define OP_NEW_THREAD(num_threads, script) \ 304 {OPK_NEW_THREAD, (script), (num_threads), NULL, NULL, 0 }, 305 #define OP_BEGIN_REPEAT(n) \ 306 {OPK_BEGIN_REPEAT, NULL, (n)}, 307 #define OP_END_REPEAT() \ 308 {OPK_END_REPEAT}, 309 #define OP_S_UNBIND_STREAM_ID(stream_name) \ 310 {OPK_S_UNBIND_STREAM_ID, NULL, 0, NULL, #stream_name}, 311 #define OP_C_READ_FAIL_WAIT(stream_name) \ 312 {OPK_C_READ_FAIL_WAIT, NULL, 0, NULL, #stream_name}, 313 #define OP_C_CLOSE_SOCKET() \ 314 {OPK_C_CLOSE_SOCKET}, 315 #define OP_C_EXPECT_SSL_ERR(stream_name, err) \ 316 {OPK_C_EXPECT_SSL_ERR, NULL, (err), NULL, #stream_name}, 317 #define OP_EXPECT_ERR_REASON(err) \ 318 {OPK_EXPECT_ERR_REASON, NULL, (err)}, 319 #define OP_EXPECT_ERR_LIB(lib) \ 320 {OPK_EXPECT_ERR_LIB, NULL, (lib)}, 321 #define OP_SLEEP(ms) \ 322 {OPK_SLEEP, NULL, 0, NULL, NULL, (ms)}, 323 #define OP_S_SET_INJECT_PLAIN(f) \ 324 {OPK_S_SET_INJECT_PLAIN, NULL, 0, NULL, NULL, 0, (f)}, 325 #define OP_SET_INJECT_WORD(w0, w1) \ 326 {OPK_SET_INJECT_WORD, NULL, (w0), NULL, NULL, (w1), NULL}, 327 #define OP_C_INHIBIT_TICK(inhibit) \ 328 {OPK_C_INHIBIT_TICK, NULL, (inhibit), NULL, NULL, 0, NULL}, 329 #define OP_C_SET_WRITE_BUF_SIZE(stream_name, size) \ 330 {OPK_C_SET_WRITE_BUF_SIZE, NULL, (size), NULL, #stream_name}, 331 #define OP_S_SET_INJECT_HANDSHAKE(f) \ 332 {OPK_S_SET_INJECT_HANDSHAKE, NULL, 0, NULL, NULL, 0, NULL, (f)}, 333 #define OP_S_NEW_TICKET() \ 334 {OPK_S_NEW_TICKET}, 335 #define OP_C_SKIP_IF_UNBOUND(stream_name, n) \ 336 {OPK_C_SKIP_IF_UNBOUND, NULL, (n), NULL, #stream_name}, 337 #define OP_S_SET_INJECT_DATAGRAM(f) \ 338 {OPK_S_SET_INJECT_DATAGRAM, NULL, 0, NULL, NULL, 0, NULL, NULL, (f)}, 339 #define OP_S_SHUTDOWN(error_code) \ 340 {OPK_S_SHUTDOWN, NULL, (error_code)}, 341 #define OP_POP_ERR() \ 342 {OPK_POP_ERR}, 343 #define OP_C_WRITE_EX2(stream_name, buf, buf_len, flags) \ 344 {OPK_C_WRITE_EX2, (buf), (buf_len), NULL, #stream_name, (flags)}, 345 #define OP_CHECK2(func, arg1, arg2) \ 346 {OPK_CHECK, NULL, (arg1), (func), NULL, (arg2)}, 347 #define OP_SKIP_IF_BLOCKING(n) \ 348 {OPK_SKIP_IF_BLOCKING, NULL, (n), NULL, 0}, 349 350 static OSSL_TIME get_time(void *arg) 351 { 352 struct helper *h = arg; 353 OSSL_TIME t; 354 355 if (!TEST_true(CRYPTO_THREAD_read_lock(h->time_lock))) 356 return ossl_time_zero(); 357 358 t = ossl_time_add(ossl_time_now(), h->time_slip); 359 360 CRYPTO_THREAD_unlock(h->time_lock); 361 return t; 362 } 363 364 static int skip_time_ms(struct helper *h, struct helper_local *hl) 365 { 366 if (!TEST_true(CRYPTO_THREAD_write_lock(h->time_lock))) 367 return 0; 368 369 h->time_slip = ossl_time_add(h->time_slip, ossl_ms2time(hl->check_op->arg2)); 370 371 CRYPTO_THREAD_unlock(h->time_lock); 372 return 1; 373 } 374 375 static QUIC_TSERVER *s_lock(struct helper *h, struct helper_local *hl); 376 static void s_unlock(struct helper *h, struct helper_local *hl); 377 378 #define ACQUIRE_S() s_lock(h, hl) 379 #define ACQUIRE_S_NOHL() s_lock(h, NULL) 380 381 static int check_rejected(struct helper *h, struct helper_local *hl) 382 { 383 uint64_t stream_id = hl->check_op->arg2; 384 385 if (!ossl_quic_tserver_stream_has_peer_stop_sending(ACQUIRE_S(), stream_id, NULL) 386 || !ossl_quic_tserver_stream_has_peer_reset_stream(ACQUIRE_S(), stream_id, NULL)) { 387 h->check_spin_again = 1; 388 return 0; 389 } 390 391 return 1; 392 } 393 394 static int check_stream_reset(struct helper *h, struct helper_local *hl) 395 { 396 uint64_t stream_id = hl->check_op->arg2, aec = 0; 397 398 if (!ossl_quic_tserver_stream_has_peer_reset_stream(ACQUIRE_S(), stream_id, &aec)) { 399 h->check_spin_again = 1; 400 return 0; 401 } 402 403 return TEST_uint64_t_eq(aec, 42); 404 } 405 406 static int check_stream_stopped(struct helper *h, struct helper_local *hl) 407 { 408 uint64_t stream_id = hl->check_op->arg2; 409 410 if (!ossl_quic_tserver_stream_has_peer_stop_sending(ACQUIRE_S(), stream_id, NULL)) { 411 h->check_spin_again = 1; 412 return 0; 413 } 414 415 return 1; 416 } 417 418 static int override_key_update(struct helper *h, struct helper_local *hl) 419 { 420 QUIC_CHANNEL *ch = ossl_quic_conn_get_channel(h->c_conn); 421 422 ossl_quic_channel_set_txku_threshold_override(ch, hl->check_op->arg2); 423 return 1; 424 } 425 426 static int trigger_key_update(struct helper *h, struct helper_local *hl) 427 { 428 if (!TEST_true(SSL_key_update(h->c_conn, SSL_KEY_UPDATE_REQUESTED))) 429 return 0; 430 431 return 1; 432 } 433 434 static int check_key_update_ge(struct helper *h, struct helper_local *hl) 435 { 436 QUIC_CHANNEL *ch = ossl_quic_conn_get_channel(h->c_conn); 437 int64_t txke = (int64_t)ossl_quic_channel_get_tx_key_epoch(ch); 438 int64_t rxke = (int64_t)ossl_quic_channel_get_rx_key_epoch(ch); 439 int64_t diff = txke - rxke; 440 441 /* 442 * TXKE must always be equal to or ahead of RXKE. 443 * It can be ahead of RXKE by at most 1. 444 */ 445 if (!TEST_int64_t_ge(diff, 0) || !TEST_int64_t_le(diff, 1)) 446 return 0; 447 448 /* Caller specifies a minimum number of RXKEs which must have happened. */ 449 if (!TEST_uint64_t_ge((uint64_t)rxke, hl->check_op->arg2)) 450 return 0; 451 452 return 1; 453 } 454 455 static int check_key_update_lt(struct helper *h, struct helper_local *hl) 456 { 457 QUIC_CHANNEL *ch = ossl_quic_conn_get_channel(h->c_conn); 458 uint64_t txke = ossl_quic_channel_get_tx_key_epoch(ch); 459 460 /* Caller specifies a maximum number of TXKEs which must have happened. */ 461 if (!TEST_uint64_t_lt(txke, hl->check_op->arg2)) 462 return 0; 463 464 return 1; 465 } 466 467 static unsigned long stream_info_hash(const STREAM_INFO *info) 468 { 469 return OPENSSL_LH_strhash(info->name); 470 } 471 472 static int stream_info_cmp(const STREAM_INFO *a, const STREAM_INFO *b) 473 { 474 return strcmp(a->name, b->name); 475 } 476 477 static void cleanup_stream(STREAM_INFO *info) 478 { 479 SSL_free(info->c_stream); 480 OPENSSL_free(info); 481 } 482 483 static void helper_cleanup_streams(LHASH_OF(STREAM_INFO) **lh) 484 { 485 if (*lh == NULL) 486 return; 487 488 lh_STREAM_INFO_doall(*lh, cleanup_stream); 489 lh_STREAM_INFO_free(*lh); 490 *lh = NULL; 491 } 492 493 #if defined(OPENSSL_THREADS) 494 static CRYPTO_THREAD_RETVAL run_script_child_thread(void *arg); 495 496 static int join_threads(struct child_thread_args *threads, size_t num_threads) 497 { 498 int ok = 1; 499 size_t i; 500 CRYPTO_THREAD_RETVAL rv; 501 502 for (i = 0; i < num_threads; ++i) { 503 if (threads[i].t != NULL) { 504 ossl_crypto_thread_native_join(threads[i].t, &rv); 505 506 if (!threads[i].testresult) 507 /* Do not log failure here, worker will do it. */ 508 ok = 0; 509 510 ossl_crypto_thread_native_clean(threads[i].t); 511 threads[i].t = NULL; 512 } 513 514 ossl_crypto_mutex_free(&threads[i].m); 515 } 516 517 return ok; 518 } 519 520 static int join_server_thread(struct helper *h) 521 { 522 CRYPTO_THREAD_RETVAL rv; 523 524 if (h->server_thread.t == NULL) 525 return 1; 526 527 ossl_crypto_mutex_lock(h->server_thread.m); 528 h->server_thread.stop = 1; 529 ossl_crypto_condvar_signal(h->server_thread.c); 530 ossl_crypto_mutex_unlock(h->server_thread.m); 531 532 ossl_crypto_thread_native_join(h->server_thread.t, &rv); 533 ossl_crypto_thread_native_clean(h->server_thread.t); 534 h->server_thread.t = NULL; 535 return 1; 536 } 537 538 /* Ensure the server-state lock is currently held. Idempotent. */ 539 static int *s_checked_out_p(struct helper *h, int thread_idx) 540 { 541 return (thread_idx < 0) ? &h->s_checked_out 542 : &h->threads[thread_idx].s_checked_out; 543 } 544 545 static QUIC_TSERVER *s_lock(struct helper *h, struct helper_local *hl) 546 { 547 int *p_checked_out = s_checked_out_p(h, hl == NULL ? -1 : hl->thread_idx); 548 549 if (h->server_thread.m == NULL || *p_checked_out) 550 return h->s; 551 552 ossl_crypto_mutex_lock(h->server_thread.m); 553 h->s = h->s_priv; 554 *p_checked_out = 1; 555 return h->s; 556 } 557 558 /* Ensure the server-state lock is currently not held. Idempotent. */ 559 static void s_unlock(struct helper *h, struct helper_local *hl) 560 { 561 int *p_checked_out = s_checked_out_p(h, hl->thread_idx); 562 563 if (h->server_thread.m == NULL || !*p_checked_out) 564 return; 565 566 *p_checked_out = 0; 567 h->s = NULL; 568 ossl_crypto_mutex_unlock(h->server_thread.m); 569 } 570 571 static unsigned int server_helper_thread(void *arg) 572 { 573 struct helper *h = arg; 574 575 ossl_crypto_mutex_lock(h->server_thread.m); 576 577 for (;;) { 578 int ready, stop; 579 580 ready = h->server_thread.ready; 581 stop = h->server_thread.stop; 582 583 if (stop) 584 break; 585 586 if (!ready) { 587 ossl_crypto_condvar_wait(h->server_thread.c, h->server_thread.m); 588 continue; 589 } 590 591 ossl_quic_tserver_tick(h->s_priv); 592 ossl_crypto_mutex_unlock(h->server_thread.m); 593 /* 594 * Give the main thread an opportunity to get the mutex, which is 595 * sometimes necessary in some script operations. 596 */ 597 OSSL_sleep(1); 598 ossl_crypto_mutex_lock(h->server_thread.m); 599 } 600 601 ossl_crypto_mutex_unlock(h->server_thread.m); 602 return 1; 603 } 604 605 #else 606 607 static QUIC_TSERVER *s_lock(struct helper *h, struct helper_local *hl) 608 { 609 return h->s; 610 } 611 612 static void s_unlock(struct helper *h, struct helper_local *hl) 613 {} 614 615 #endif 616 617 static void helper_cleanup(struct helper *h) 618 { 619 #if defined(OPENSSL_THREADS) 620 join_threads(h->threads, h->num_threads); 621 join_server_thread(h); 622 OPENSSL_free(h->threads); 623 h->threads = NULL; 624 h->num_threads = 0; 625 #endif 626 627 if (h->free_order == 0) { 628 /* order 0: streams, then conn */ 629 helper_cleanup_streams(&h->c_streams); 630 631 SSL_free(h->c_conn); 632 h->c_conn = NULL; 633 } else { 634 /* order 1: conn, then streams */ 635 SSL_free(h->c_conn); 636 h->c_conn = NULL; 637 638 helper_cleanup_streams(&h->c_streams); 639 } 640 641 helper_cleanup_streams(&h->s_streams); 642 ossl_quic_tserver_free(h->s_priv); 643 h->s_priv = h->s = NULL; 644 645 BIO_free(h->s_net_bio_own); 646 h->s_net_bio_own = NULL; 647 648 BIO_free(h->c_net_bio_own); 649 h->c_net_bio_own = NULL; 650 651 BIO_free(h->s_qtf_wbio_own); 652 h->s_qtf_wbio_own = NULL; 653 654 qtest_fault_free(h->qtf); 655 h->qtf = NULL; 656 657 if (h->s_fd >= 0) { 658 BIO_closesocket(h->s_fd); 659 h->s_fd = -1; 660 } 661 662 if (h->c_fd >= 0) { 663 BIO_closesocket(h->c_fd); 664 h->c_fd = -1; 665 } 666 667 BIO_ADDR_free(h->s_net_bio_addr); 668 h->s_net_bio_addr = NULL; 669 BIO_ADDR_free(h->s_net_bio_orig_addr); 670 h->s_net_bio_orig_addr = NULL; 671 672 SSL_CTX_free(h->c_ctx); 673 h->c_ctx = NULL; 674 675 CRYPTO_THREAD_lock_free(h->time_lock); 676 h->time_lock = NULL; 677 678 #if defined(OPENSSL_THREADS) 679 ossl_crypto_mutex_free(&h->misc_m); 680 ossl_crypto_condvar_free(&h->misc_cv); 681 ossl_crypto_mutex_free(&h->server_thread.m); 682 ossl_crypto_condvar_free(&h->server_thread.c); 683 #endif 684 } 685 686 static int helper_init(struct helper *h, const char *script_name, 687 int free_order, int blocking, 688 int need_injector) 689 { 690 struct in_addr ina = {0}; 691 QUIC_TSERVER_ARGS s_args = {0}; 692 union BIO_sock_info_u info; 693 char title[128]; 694 QTEST_DATA *bdata = NULL; 695 696 memset(h, 0, sizeof(*h)); 697 h->c_fd = -1; 698 h->s_fd = -1; 699 h->free_order = free_order; 700 h->blocking = blocking; 701 h->need_injector = need_injector; 702 h->time_slip = ossl_time_zero(); 703 704 bdata = OPENSSL_zalloc(sizeof(QTEST_DATA)); 705 if (bdata == NULL) 706 goto err; 707 708 if (!TEST_ptr(h->time_lock = CRYPTO_THREAD_lock_new())) 709 goto err; 710 711 if (!TEST_ptr(h->s_streams = lh_STREAM_INFO_new(stream_info_hash, 712 stream_info_cmp))) 713 goto err; 714 715 if (!TEST_ptr(h->c_streams = lh_STREAM_INFO_new(stream_info_hash, 716 stream_info_cmp))) 717 goto err; 718 719 ina.s_addr = htonl(0x7f000001UL); 720 721 h->s_fd = BIO_socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP, 0); 722 if (!TEST_int_ge(h->s_fd, 0)) 723 goto err; 724 725 if (!TEST_true(BIO_socket_nbio(h->s_fd, 1))) 726 goto err; 727 728 if (!TEST_ptr(h->s_net_bio_orig_addr = BIO_ADDR_new()) 729 || !TEST_ptr(h->s_net_bio_addr = BIO_ADDR_new())) 730 goto err; 731 732 if (!TEST_true(BIO_ADDR_rawmake(h->s_net_bio_orig_addr, AF_INET, 733 &ina, sizeof(ina), 0))) 734 goto err; 735 736 if (!TEST_true(BIO_bind(h->s_fd, h->s_net_bio_orig_addr, 0))) 737 goto err; 738 739 info.addr = h->s_net_bio_addr; 740 if (!TEST_true(BIO_sock_info(h->s_fd, BIO_SOCK_INFO_ADDRESS, &info))) 741 goto err; 742 743 if (!TEST_int_gt(BIO_ADDR_rawport(h->s_net_bio_addr), 0)) 744 goto err; 745 746 if (!TEST_ptr(h->s_net_bio = h->s_net_bio_own = BIO_new_dgram(h->s_fd, 0))) 747 goto err; 748 749 if (!BIO_up_ref(h->s_net_bio)) 750 goto err; 751 752 if (need_injector) { 753 h->s_qtf_wbio = h->s_qtf_wbio_own = BIO_new(qtest_get_bio_method()); 754 if (!TEST_ptr(h->s_qtf_wbio)) 755 goto err; 756 757 if (!TEST_ptr(BIO_push(h->s_qtf_wbio, h->s_net_bio))) 758 goto err; 759 760 s_args.net_wbio = h->s_qtf_wbio; 761 } else { 762 s_args.net_wbio = h->s_net_bio; 763 } 764 765 s_args.net_rbio = h->s_net_bio; 766 s_args.alpn = NULL; 767 s_args.now_cb = get_time; 768 s_args.now_cb_arg = h; 769 s_args.ctx = NULL; 770 771 if (!TEST_ptr(h->s_priv = ossl_quic_tserver_new(&s_args, certfile, keyfile))) 772 goto err; 773 774 if (!blocking) 775 h->s = h->s_priv; 776 777 if (need_injector) { 778 h->qtf = qtest_create_injector(h->s_priv); 779 if (!TEST_ptr(h->qtf)) 780 goto err; 781 bdata->fault = h->qtf; 782 BIO_set_data(h->s_qtf_wbio, bdata); 783 } 784 785 h->s_net_bio_own = NULL; 786 h->s_qtf_wbio_own = NULL; 787 788 h->c_fd = BIO_socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP, 0); 789 if (!TEST_int_ge(h->c_fd, 0)) 790 goto err; 791 792 if (!TEST_true(BIO_socket_nbio(h->c_fd, 1))) 793 goto err; 794 795 if (!TEST_ptr(h->c_net_bio = h->c_net_bio_own = BIO_new_dgram(h->c_fd, 0))) 796 goto err; 797 798 if (!TEST_true(BIO_dgram_set_peer(h->c_net_bio, h->s_net_bio_addr))) 799 goto err; 800 801 if (!TEST_ptr(h->c_ctx = SSL_CTX_new(OSSL_QUIC_client_method()))) 802 goto err; 803 804 /* Set title for qlog purposes. */ 805 BIO_snprintf(title, sizeof(title), "quic_multistream_test: %s", script_name); 806 if (!TEST_true(ossl_quic_set_diag_title(h->c_ctx, title))) 807 goto err; 808 809 if (!TEST_ptr(h->c_conn = SSL_new(h->c_ctx))) 810 goto err; 811 812 /* Use custom time function for virtual time skip. */ 813 if (!TEST_true(ossl_quic_set_override_now_cb(h->c_conn, get_time, h))) 814 goto err; 815 816 /* Takes ownership of our reference to the BIO. */ 817 SSL_set0_rbio(h->c_conn, h->c_net_bio); 818 h->c_net_bio_own = NULL; 819 820 if (!TEST_true(BIO_up_ref(h->c_net_bio))) 821 goto err; 822 823 SSL_set0_wbio(h->c_conn, h->c_net_bio); 824 825 if (!TEST_true(SSL_set_blocking_mode(h->c_conn, h->blocking))) 826 goto err; 827 828 #if defined(OPENSSL_THREADS) 829 if (!TEST_ptr(h->misc_m = ossl_crypto_mutex_new())) 830 goto err; 831 if (!TEST_ptr(h->misc_cv = ossl_crypto_condvar_new())) 832 goto err; 833 #endif 834 835 if (h->blocking) { 836 #if defined(OPENSSL_THREADS) 837 if (!TEST_ptr(h->server_thread.m = ossl_crypto_mutex_new())) 838 goto err; 839 840 if (!TEST_ptr(h->server_thread.c = ossl_crypto_condvar_new())) 841 goto err; 842 843 h->server_thread.t 844 = ossl_crypto_thread_native_start(server_helper_thread, h, 1); 845 if (!TEST_ptr(h->server_thread.t)) 846 goto err; 847 #else 848 TEST_error("cannot support blocking mode without threads"); 849 goto err; 850 #endif 851 } 852 853 h->start_time = ossl_time_now(); 854 h->init = 1; 855 return 1; 856 857 err: 858 helper_cleanup(h); 859 return 0; 860 } 861 862 static int helper_local_init(struct helper_local *hl, struct helper *h, 863 int thread_idx) 864 { 865 hl->h = h; 866 hl->c_streams = NULL; 867 hl->thread_idx = thread_idx; 868 hl->explicit_event_handling = 0; 869 870 if (!TEST_ptr(h)) 871 return 0; 872 873 if (thread_idx < 0) { 874 hl->c_streams = h->c_streams; 875 } else { 876 if (!TEST_ptr(hl->c_streams = lh_STREAM_INFO_new(stream_info_hash, 877 stream_info_cmp))) 878 return 0; 879 } 880 881 return 1; 882 } 883 884 static void helper_local_cleanup(struct helper_local *hl) 885 { 886 if (hl->h == NULL) 887 return; 888 889 if (hl->thread_idx >= 0) 890 helper_cleanup_streams(&hl->c_streams); 891 892 hl->h = NULL; 893 } 894 895 static STREAM_INFO *get_stream_info(LHASH_OF(STREAM_INFO) *lh, 896 const char *stream_name) 897 { 898 STREAM_INFO key, *info; 899 900 if (!TEST_ptr(stream_name)) 901 return NULL; 902 903 if (!strcmp(stream_name, "DEFAULT")) 904 return NULL; 905 906 key.name = stream_name; 907 info = lh_STREAM_INFO_retrieve(lh, &key); 908 if (info == NULL) { 909 info = OPENSSL_zalloc(sizeof(*info)); 910 if (info == NULL) 911 return NULL; 912 913 info->name = stream_name; 914 info->s_stream_id = UINT64_MAX; 915 lh_STREAM_INFO_insert(lh, info); 916 } 917 918 return info; 919 } 920 921 static int helper_local_set_c_stream(struct helper_local *hl, 922 const char *stream_name, 923 SSL *c_stream) 924 { 925 STREAM_INFO *info = get_stream_info(hl->c_streams, stream_name); 926 927 if (info == NULL) 928 return 0; 929 930 info->c_stream = c_stream; 931 info->s_stream_id = UINT64_MAX; 932 return 1; 933 } 934 935 static SSL *helper_local_get_c_stream(struct helper_local *hl, 936 const char *stream_name) 937 { 938 STREAM_INFO *info; 939 940 if (!strcmp(stream_name, "DEFAULT")) 941 return hl->h->c_conn; 942 943 info = get_stream_info(hl->c_streams, stream_name); 944 if (info == NULL) 945 return NULL; 946 947 return info->c_stream; 948 } 949 950 static int 951 helper_set_s_stream(struct helper *h, const char *stream_name, 952 uint64_t s_stream_id) 953 { 954 STREAM_INFO *info; 955 956 if (!strcmp(stream_name, "DEFAULT")) 957 return 0; 958 959 info = get_stream_info(h->s_streams, stream_name); 960 if (info == NULL) 961 return 0; 962 963 info->c_stream = NULL; 964 info->s_stream_id = s_stream_id; 965 return 1; 966 } 967 968 static uint64_t helper_get_s_stream(struct helper *h, const char *stream_name) 969 { 970 STREAM_INFO *info; 971 972 if (!strcmp(stream_name, "DEFAULT")) 973 return UINT64_MAX; 974 975 info = get_stream_info(h->s_streams, stream_name); 976 if (info == NULL) 977 return UINT64_MAX; 978 979 return info->s_stream_id; 980 } 981 982 static int helper_packet_plain_listener(QTEST_FAULT *qtf, QUIC_PKT_HDR *hdr, 983 unsigned char *buf, size_t buf_len, 984 void *arg) 985 { 986 struct helper *h = arg; 987 988 return h->qtf_packet_plain_cb(h, hdr, buf, buf_len); 989 } 990 991 static int helper_handshake_listener(QTEST_FAULT *fault, 992 unsigned char *buf, size_t buf_len, 993 void *arg) 994 { 995 struct helper *h = arg; 996 997 return h->qtf_handshake_cb(h, buf, buf_len); 998 } 999 1000 static int helper_datagram_listener(QTEST_FAULT *fault, 1001 BIO_MSG *msg, size_t stride, 1002 void *arg) 1003 { 1004 struct helper *h = arg; 1005 1006 return h->qtf_datagram_cb(h, msg, stride); 1007 } 1008 1009 static int is_want(SSL *s, int ret) 1010 { 1011 int ec = SSL_get_error(s, ret); 1012 1013 return ec == SSL_ERROR_WANT_READ || ec == SSL_ERROR_WANT_WRITE; 1014 } 1015 1016 static int check_consistent_want(SSL *s, int ret) 1017 { 1018 int ec = SSL_get_error(s, ret); 1019 int w = SSL_want(s); 1020 1021 int ok = TEST_true( 1022 (ec == SSL_ERROR_NONE && w == SSL_NOTHING) 1023 || (ec == SSL_ERROR_ZERO_RETURN && w == SSL_NOTHING) 1024 || (ec == SSL_ERROR_SSL && w == SSL_NOTHING) 1025 || (ec == SSL_ERROR_SYSCALL && w == SSL_NOTHING) 1026 || (ec == SSL_ERROR_WANT_READ && w == SSL_READING) 1027 || (ec == SSL_ERROR_WANT_WRITE && w == SSL_WRITING) 1028 || (ec == SSL_ERROR_WANT_CLIENT_HELLO_CB && w == SSL_CLIENT_HELLO_CB) 1029 || (ec == SSL_ERROR_WANT_X509_LOOKUP && w == SSL_X509_LOOKUP) 1030 || (ec == SSL_ERROR_WANT_RETRY_VERIFY && w == SSL_RETRY_VERIFY) 1031 ); 1032 1033 if (!ok) 1034 TEST_error("got error=%d, want=%d", ec, w); 1035 1036 return ok; 1037 } 1038 1039 static int run_script_worker(struct helper *h, const struct script_op *script, 1040 const char *script_name, 1041 int thread_idx) 1042 { 1043 int testresult = 0; 1044 unsigned char *tmp_buf = NULL; 1045 int connect_started = 0; 1046 size_t offset = 0; 1047 size_t op_idx = 0; 1048 const struct script_op *op = NULL; 1049 int no_advance = 0, first = 1; 1050 #if defined(OPENSSL_THREADS) 1051 int end_wait_warning = 0; 1052 #endif 1053 OSSL_TIME op_start_time = ossl_time_zero(), op_deadline = ossl_time_zero(); 1054 struct helper_local hl_, *hl = &hl_; 1055 #define REPEAT_SLOTS 8 1056 size_t repeat_stack_idx[REPEAT_SLOTS], repeat_stack_done[REPEAT_SLOTS]; 1057 size_t repeat_stack_limit[REPEAT_SLOTS]; 1058 size_t repeat_stack_len = 0; 1059 1060 if (!TEST_true(helper_local_init(hl, h, thread_idx))) 1061 goto out; 1062 1063 #define COMMON_SPIN_AGAIN() \ 1064 { \ 1065 no_advance = 1; \ 1066 continue; \ 1067 } 1068 #define S_SPIN_AGAIN() \ 1069 { \ 1070 s_lock(h, hl); \ 1071 ossl_quic_tserver_tick(h->s); \ 1072 COMMON_SPIN_AGAIN(); \ 1073 } 1074 #define C_SPIN_AGAIN() \ 1075 { \ 1076 if (h->blocking) { \ 1077 TEST_error("spin again in blocking mode"); \ 1078 goto out; \ 1079 } \ 1080 COMMON_SPIN_AGAIN(); \ 1081 } 1082 1083 for (;;) { 1084 SSL *c_tgt = h->c_conn; 1085 uint64_t s_stream_id = UINT64_MAX; 1086 1087 s_unlock(h, hl); 1088 1089 if (no_advance) { 1090 no_advance = 0; 1091 } else { 1092 if (!first) 1093 ++op_idx; 1094 1095 first = 0; 1096 offset = 0; 1097 op_start_time = ossl_time_now(); 1098 op_deadline = ossl_time_add(op_start_time, ossl_ms2time(60000)); 1099 } 1100 1101 if (!TEST_int_le(ossl_time_compare(ossl_time_now(), op_deadline), 0)) { 1102 TEST_error("op %zu timed out on thread %d", op_idx + 1, thread_idx); 1103 goto out; 1104 } 1105 1106 op = &script[op_idx]; 1107 1108 if (op->stream_name != NULL) { 1109 c_tgt = helper_local_get_c_stream(hl, op->stream_name); 1110 if (thread_idx < 0) 1111 s_stream_id = helper_get_s_stream(h, op->stream_name); 1112 else 1113 s_stream_id = UINT64_MAX; 1114 } 1115 1116 if (thread_idx < 0) { 1117 if (!h->blocking) { 1118 ossl_quic_tserver_tick(h->s); 1119 } 1120 #if defined(OPENSSL_THREADS) 1121 else if (h->blocking && !h->server_thread.ready) { 1122 ossl_crypto_mutex_lock(h->server_thread.m); 1123 h->server_thread.ready = 1; 1124 ossl_crypto_condvar_signal(h->server_thread.c); 1125 ossl_crypto_mutex_unlock(h->server_thread.m); 1126 } 1127 if (h->blocking) 1128 assert(h->s == NULL); 1129 #endif 1130 } 1131 1132 if (!hl->explicit_event_handling 1133 && (thread_idx >= 0 || connect_started)) 1134 SSL_handle_events(h->c_conn); 1135 1136 if (thread_idx >= 0) { 1137 /* Only allow certain opcodes on child threads. */ 1138 switch (op->op) { 1139 case OPK_END: 1140 case OPK_CHECK: 1141 case OPK_C_ACCEPT_STREAM_WAIT: 1142 case OPK_C_NEW_STREAM: 1143 case OPK_C_READ_EXPECT: 1144 case OPK_C_EXPECT_FIN: 1145 case OPK_C_WRITE: 1146 case OPK_C_WRITE_EX2: 1147 case OPK_C_CONCLUDE: 1148 case OPK_C_FREE_STREAM: 1149 case OPK_BEGIN_REPEAT: 1150 case OPK_END_REPEAT: 1151 case OPK_C_READ_FAIL_WAIT: 1152 case OPK_C_EXPECT_SSL_ERR: 1153 case OPK_EXPECT_ERR_REASON: 1154 case OPK_EXPECT_ERR_LIB: 1155 case OPK_POP_ERR: 1156 case OPK_SLEEP: 1157 break; 1158 1159 default: 1160 TEST_error("opcode %lu not allowed on child thread", 1161 (unsigned long)op->op); 1162 goto out; 1163 } 1164 } 1165 1166 switch (op->op) { 1167 case OPK_END: 1168 if (!TEST_size_t_eq(repeat_stack_len, 0)) 1169 goto out; 1170 1171 #if defined(OPENSSL_THREADS) 1172 if (thread_idx < 0) { 1173 int done; 1174 size_t i; 1175 1176 for (i = 0; i < h->num_threads; ++i) { 1177 if (h->threads[i].m == NULL) 1178 continue; 1179 1180 ossl_crypto_mutex_lock(h->threads[i].m); 1181 done = h->threads[i].done; 1182 ossl_crypto_mutex_unlock(h->threads[i].m); 1183 1184 if (!done) { 1185 if (!end_wait_warning) { 1186 TEST_info("still waiting for other threads to finish (%zu)", i); 1187 end_wait_warning = 1; 1188 } 1189 1190 S_SPIN_AGAIN(); 1191 } 1192 } 1193 } 1194 #endif 1195 1196 TEST_info("script \"%s\" finished on thread %d", script_name, thread_idx); 1197 testresult = 1; 1198 goto out; 1199 1200 case OPK_BEGIN_REPEAT: 1201 if (!TEST_size_t_lt(repeat_stack_len, OSSL_NELEM(repeat_stack_idx))) 1202 goto out; 1203 1204 if (!TEST_size_t_gt(op->arg1, 0)) 1205 goto out; 1206 1207 repeat_stack_idx[repeat_stack_len] = op_idx + 1; 1208 repeat_stack_done[repeat_stack_len] = 0; 1209 repeat_stack_limit[repeat_stack_len] = op->arg1; 1210 ++repeat_stack_len; 1211 break; 1212 1213 case OPK_C_SKIP_IF_UNBOUND: 1214 if (c_tgt != NULL) 1215 break; 1216 1217 op_idx += op->arg1; 1218 break; 1219 1220 case OPK_SKIP_IF_BLOCKING: 1221 if (!h->blocking) 1222 break; 1223 1224 op_idx += op->arg1; 1225 break; 1226 1227 case OPK_END_REPEAT: 1228 if (!TEST_size_t_gt(repeat_stack_len, 0)) 1229 goto out; 1230 1231 if (++repeat_stack_done[repeat_stack_len - 1] 1232 == repeat_stack_limit[repeat_stack_len - 1]) { 1233 --repeat_stack_len; 1234 } else { 1235 op_idx = repeat_stack_idx[repeat_stack_len - 1]; 1236 no_advance = 1; 1237 continue; 1238 } 1239 1240 break; 1241 1242 case OPK_CHECK: 1243 { 1244 int ok; 1245 1246 hl->check_op = op; 1247 ok = op->check_func(h, hl); 1248 hl->check_op = NULL; 1249 1250 if (thread_idx < 0 && h->check_spin_again) { 1251 h->check_spin_again = 0; 1252 S_SPIN_AGAIN(); 1253 } 1254 1255 if (!TEST_true(ok)) 1256 goto out; 1257 } 1258 break; 1259 1260 case OPK_C_SET_ALPN: 1261 { 1262 const char *alpn = op->arg0; 1263 size_t alpn_len = strlen(alpn); 1264 1265 if (!TEST_size_t_le(alpn_len, UINT8_MAX) 1266 || !TEST_ptr(tmp_buf = (unsigned char *)OPENSSL_malloc(alpn_len + 1))) 1267 goto out; 1268 1269 memcpy(tmp_buf + 1, alpn, alpn_len); 1270 tmp_buf[0] = (unsigned char)alpn_len; 1271 1272 /* 0 is the success case for SSL_set_alpn_protos(). */ 1273 if (!TEST_false(SSL_set_alpn_protos(h->c_conn, tmp_buf, 1274 alpn_len + 1))) 1275 goto out; 1276 1277 OPENSSL_free(tmp_buf); 1278 tmp_buf = NULL; 1279 } 1280 break; 1281 1282 case OPK_C_CONNECT_WAIT: 1283 { 1284 int ret; 1285 1286 connect_started = 1; 1287 1288 ret = SSL_connect(h->c_conn); 1289 if (!check_consistent_want(c_tgt, ret)) 1290 goto out; 1291 if (ret != 1) { 1292 if (!h->blocking && is_want(h->c_conn, ret)) 1293 C_SPIN_AGAIN(); 1294 1295 if (op->arg1 == 0 && !TEST_int_eq(ret, 1)) 1296 goto out; 1297 } 1298 } 1299 break; 1300 1301 case OPK_C_WRITE: 1302 { 1303 size_t bytes_written = 0; 1304 int r; 1305 1306 if (!TEST_ptr(c_tgt)) 1307 goto out; 1308 1309 r = SSL_write_ex(c_tgt, op->arg0, op->arg1, &bytes_written); 1310 if (!TEST_true(r) 1311 || !check_consistent_want(c_tgt, r) 1312 || !TEST_size_t_eq(bytes_written, op->arg1)) 1313 goto out; 1314 } 1315 break; 1316 1317 case OPK_C_WRITE_EX2: 1318 { 1319 size_t bytes_written = 0; 1320 int r; 1321 1322 if (!TEST_ptr(c_tgt)) 1323 goto out; 1324 1325 r = SSL_write_ex2(c_tgt, op->arg0, op->arg1, op->arg2, 1326 &bytes_written); 1327 if (!TEST_true(r) 1328 || !check_consistent_want(c_tgt, r) 1329 || !TEST_size_t_eq(bytes_written, op->arg1)) 1330 goto out; 1331 } 1332 break; 1333 1334 case OPK_S_WRITE: 1335 { 1336 size_t bytes_written = 0; 1337 1338 if (!TEST_uint64_t_ne(s_stream_id, UINT64_MAX)) 1339 goto out; 1340 1341 if (!TEST_true(ossl_quic_tserver_write(ACQUIRE_S(), s_stream_id, 1342 op->arg0, op->arg1, 1343 &bytes_written)) 1344 || !TEST_size_t_eq(bytes_written, op->arg1)) 1345 goto out; 1346 } 1347 break; 1348 1349 case OPK_C_CONCLUDE: 1350 { 1351 if (!TEST_true(SSL_stream_conclude(c_tgt, 0))) 1352 goto out; 1353 } 1354 break; 1355 1356 case OPK_S_CONCLUDE: 1357 { 1358 if (!TEST_uint64_t_ne(s_stream_id, UINT64_MAX)) 1359 goto out; 1360 1361 ossl_quic_tserver_conclude(ACQUIRE_S(), s_stream_id); 1362 } 1363 break; 1364 1365 case OPK_C_WAIT_FOR_DATA: 1366 { 1367 char buf[1]; 1368 size_t bytes_read = 0; 1369 1370 if (!TEST_ptr(c_tgt)) 1371 goto out; 1372 1373 if (!SSL_peek_ex(c_tgt, buf, sizeof(buf), &bytes_read) 1374 || bytes_read == 0) 1375 C_SPIN_AGAIN(); 1376 } 1377 break; 1378 1379 case OPK_C_READ_EXPECT: 1380 { 1381 size_t bytes_read = 0; 1382 int r; 1383 1384 if (op->arg1 > 0 && tmp_buf == NULL 1385 && !TEST_ptr(tmp_buf = OPENSSL_malloc(op->arg1))) 1386 goto out; 1387 1388 r = SSL_read_ex(c_tgt, tmp_buf + offset, op->arg1 - offset, 1389 &bytes_read); 1390 if (!check_consistent_want(c_tgt, r)) 1391 goto out; 1392 1393 if (!r) 1394 C_SPIN_AGAIN(); 1395 1396 if (bytes_read + offset != op->arg1) { 1397 offset += bytes_read; 1398 C_SPIN_AGAIN(); 1399 } 1400 1401 if (op->arg1 > 0 1402 && !TEST_mem_eq(tmp_buf, op->arg1, op->arg0, op->arg1)) 1403 goto out; 1404 1405 OPENSSL_free(tmp_buf); 1406 tmp_buf = NULL; 1407 } 1408 break; 1409 1410 case OPK_S_READ_EXPECT: 1411 { 1412 size_t bytes_read = 0; 1413 1414 if (!TEST_uint64_t_ne(s_stream_id, UINT64_MAX)) 1415 goto out; 1416 1417 if (op->arg1 > 0 && tmp_buf == NULL 1418 && !TEST_ptr(tmp_buf = OPENSSL_malloc(op->arg1))) 1419 goto out; 1420 1421 if (!TEST_true(ossl_quic_tserver_read(ACQUIRE_S(), s_stream_id, 1422 tmp_buf + offset, 1423 op->arg1 - offset, 1424 &bytes_read))) 1425 goto out; 1426 1427 if (bytes_read + offset != op->arg1) { 1428 offset += bytes_read; 1429 S_SPIN_AGAIN(); 1430 } 1431 1432 if (op->arg1 > 0 1433 && !TEST_mem_eq(tmp_buf, op->arg1, op->arg0, op->arg1)) 1434 goto out; 1435 1436 OPENSSL_free(tmp_buf); 1437 tmp_buf = NULL; 1438 } 1439 break; 1440 1441 case OPK_C_EXPECT_FIN: 1442 { 1443 char buf[1]; 1444 size_t bytes_read = 0; 1445 int r; 1446 1447 r = SSL_read_ex(c_tgt, buf, sizeof(buf), &bytes_read); 1448 if (!check_consistent_want(c_tgt, r) 1449 || !TEST_false(r) 1450 || !TEST_size_t_eq(bytes_read, 0)) 1451 goto out; 1452 1453 if (is_want(c_tgt, 0)) 1454 C_SPIN_AGAIN(); 1455 1456 if (!TEST_int_eq(SSL_get_error(c_tgt, 0), 1457 SSL_ERROR_ZERO_RETURN)) 1458 goto out; 1459 1460 if (!TEST_int_eq(SSL_want(c_tgt), SSL_NOTHING)) 1461 goto out; 1462 } 1463 break; 1464 1465 case OPK_S_EXPECT_FIN: 1466 { 1467 if (!TEST_uint64_t_ne(s_stream_id, UINT64_MAX)) 1468 goto out; 1469 1470 if (!ossl_quic_tserver_has_read_ended(ACQUIRE_S(), s_stream_id)) 1471 S_SPIN_AGAIN(); 1472 } 1473 break; 1474 1475 case OPK_C_DETACH: 1476 { 1477 SSL *c_stream; 1478 1479 if (!TEST_ptr_null(c_tgt)) 1480 goto out; /* don't overwrite existing stream with same name */ 1481 1482 if (!TEST_ptr(op->stream_name)) 1483 goto out; 1484 1485 if (!TEST_ptr(c_stream = ossl_quic_detach_stream(h->c_conn))) 1486 goto out; 1487 1488 if (!TEST_true(helper_local_set_c_stream(hl, op->stream_name, c_stream))) 1489 goto out; 1490 } 1491 break; 1492 1493 case OPK_C_ATTACH: 1494 { 1495 if (!TEST_ptr(c_tgt)) 1496 goto out; 1497 1498 if (!TEST_ptr(op->stream_name)) 1499 goto out; 1500 1501 if (!TEST_true(ossl_quic_attach_stream(h->c_conn, c_tgt))) 1502 goto out; 1503 1504 if (!TEST_true(helper_local_set_c_stream(hl, op->stream_name, NULL))) 1505 goto out; 1506 } 1507 break; 1508 1509 case OPK_C_NEW_STREAM: 1510 { 1511 SSL *c_stream; 1512 uint64_t flags = op->arg1; 1513 int allow_fail = ((flags & ALLOW_FAIL) != 0); 1514 1515 flags &= ~(uint64_t)ALLOW_FAIL; 1516 1517 if (!TEST_ptr_null(c_tgt)) 1518 goto out; /* don't overwrite existing stream with same name */ 1519 1520 if (!TEST_ptr(op->stream_name)) 1521 goto out; 1522 1523 c_stream = SSL_new_stream(h->c_conn, flags); 1524 if (!allow_fail && !TEST_ptr(c_stream)) 1525 goto out; 1526 1527 if (allow_fail && c_stream == NULL) { 1528 if (!TEST_size_t_eq(ERR_GET_REASON(ERR_get_error()), 1529 SSL_R_STREAM_COUNT_LIMITED)) 1530 goto out; 1531 1532 ++h->fail_count; 1533 break; 1534 } 1535 1536 if (op->arg2 != UINT64_MAX 1537 && !TEST_uint64_t_eq(SSL_get_stream_id(c_stream), 1538 op->arg2)) 1539 goto out; 1540 1541 if (!TEST_true(helper_local_set_c_stream(hl, op->stream_name, c_stream))) 1542 goto out; 1543 } 1544 break; 1545 1546 case OPK_S_NEW_STREAM: 1547 { 1548 uint64_t stream_id = UINT64_MAX; 1549 1550 if (!TEST_uint64_t_eq(s_stream_id, UINT64_MAX)) 1551 goto out; /* don't overwrite existing stream with same name */ 1552 1553 if (!TEST_ptr(op->stream_name)) 1554 goto out; 1555 1556 if (!TEST_true(ossl_quic_tserver_stream_new(ACQUIRE_S(), 1557 op->arg1 > 0, 1558 &stream_id))) 1559 goto out; 1560 1561 if (op->arg2 != UINT64_MAX 1562 && !TEST_uint64_t_eq(stream_id, op->arg2)) 1563 goto out; 1564 1565 if (!TEST_true(helper_set_s_stream(h, op->stream_name, 1566 stream_id))) 1567 goto out; 1568 } 1569 break; 1570 1571 case OPK_C_ACCEPT_STREAM_WAIT: 1572 { 1573 SSL *c_stream; 1574 1575 if (!TEST_ptr_null(c_tgt)) 1576 goto out; /* don't overwrite existing stream with same name */ 1577 1578 if (!TEST_ptr(op->stream_name)) 1579 goto out; 1580 1581 if ((c_stream = SSL_accept_stream(h->c_conn, 0)) == NULL) 1582 C_SPIN_AGAIN(); 1583 1584 if (!TEST_true(helper_local_set_c_stream(hl, op->stream_name, 1585 c_stream))) 1586 goto out; 1587 } 1588 break; 1589 1590 case OPK_S_ACCEPT_STREAM_WAIT: 1591 { 1592 uint64_t new_stream_id; 1593 1594 if (!TEST_uint64_t_eq(s_stream_id, UINT64_MAX)) 1595 goto out; 1596 1597 if (!TEST_ptr(op->stream_name)) 1598 goto out; 1599 1600 new_stream_id = ossl_quic_tserver_pop_incoming_stream(ACQUIRE_S()); 1601 if (new_stream_id == UINT64_MAX) 1602 S_SPIN_AGAIN(); 1603 1604 if (!TEST_true(helper_set_s_stream(h, op->stream_name, new_stream_id))) 1605 goto out; 1606 } 1607 break; 1608 1609 case OPK_C_ACCEPT_STREAM_NONE: 1610 { 1611 SSL *c_stream; 1612 1613 if (!TEST_ptr_null(c_stream = SSL_accept_stream(h->c_conn, 1614 SSL_ACCEPT_STREAM_NO_BLOCK))) { 1615 SSL_free(c_stream); 1616 goto out; 1617 } 1618 } 1619 break; 1620 1621 case OPK_C_FREE_STREAM: 1622 { 1623 if (!TEST_ptr(c_tgt) 1624 || !TEST_true(!SSL_is_connection(c_tgt))) 1625 goto out; 1626 1627 if (!TEST_ptr(op->stream_name)) 1628 goto out; 1629 1630 if (!TEST_true(helper_local_set_c_stream(hl, op->stream_name, NULL))) 1631 goto out; 1632 1633 SSL_free(c_tgt); 1634 c_tgt = NULL; 1635 } 1636 break; 1637 1638 case OPK_C_SET_DEFAULT_STREAM_MODE: 1639 { 1640 if (!TEST_ptr(c_tgt)) 1641 goto out; 1642 1643 if (!TEST_true(SSL_set_default_stream_mode(c_tgt, op->arg1))) 1644 goto out; 1645 } 1646 break; 1647 1648 case OPK_C_SET_INCOMING_STREAM_POLICY: 1649 { 1650 if (!TEST_ptr(c_tgt)) 1651 goto out; 1652 1653 if (!TEST_true(SSL_set_incoming_stream_policy(c_tgt, 1654 op->arg1, 0))) 1655 goto out; 1656 } 1657 break; 1658 1659 case OPK_C_SHUTDOWN_WAIT: 1660 { 1661 int ret; 1662 QUIC_CHANNEL *ch = ossl_quic_conn_get_channel(h->c_conn); 1663 SSL_SHUTDOWN_EX_ARGS args = {0}; 1664 1665 ossl_quic_engine_set_inhibit_tick(ossl_quic_channel_get0_engine(ch), 0); 1666 1667 if (!TEST_ptr(c_tgt)) 1668 goto out; 1669 1670 args.quic_reason = (const char *)op->arg0; 1671 1672 ret = SSL_shutdown_ex(c_tgt, op->arg1, &args, sizeof(args)); 1673 if (!TEST_int_ge(ret, 0)) 1674 goto out; 1675 1676 if (ret == 0) 1677 C_SPIN_AGAIN(); 1678 } 1679 break; 1680 1681 case OPK_S_SHUTDOWN: 1682 { 1683 ossl_quic_tserver_shutdown(ACQUIRE_S(), op->arg1); 1684 } 1685 break; 1686 1687 case OPK_C_EXPECT_CONN_CLOSE_INFO: 1688 { 1689 SSL_CONN_CLOSE_INFO cc_info = {0}; 1690 int expect_app = (op->arg1 & EXPECT_CONN_CLOSE_APP) != 0; 1691 int expect_remote = (op->arg1 & EXPECT_CONN_CLOSE_REMOTE) != 0; 1692 uint64_t error_code = op->arg2; 1693 1694 if (!TEST_ptr(c_tgt)) 1695 goto out; 1696 1697 if (h->blocking 1698 && !TEST_true(SSL_shutdown_ex(c_tgt, 1699 SSL_SHUTDOWN_FLAG_WAIT_PEER, 1700 NULL, 0))) 1701 goto out; 1702 1703 if (!SSL_get_conn_close_info(c_tgt, &cc_info, sizeof(cc_info))) 1704 C_SPIN_AGAIN(); 1705 1706 if (!TEST_int_eq(expect_app, 1707 (cc_info.flags 1708 & SSL_CONN_CLOSE_FLAG_TRANSPORT) == 0) 1709 || !TEST_int_eq(expect_remote, 1710 (cc_info.flags 1711 & SSL_CONN_CLOSE_FLAG_LOCAL) == 0) 1712 || !TEST_uint64_t_eq(error_code, cc_info.error_code)) { 1713 TEST_info("Connection close reason: %s", cc_info.reason); 1714 goto out; 1715 } 1716 } 1717 break; 1718 1719 case OPK_S_EXPECT_CONN_CLOSE_INFO: 1720 { 1721 const QUIC_TERMINATE_CAUSE *tc; 1722 int expect_app = (op->arg1 & EXPECT_CONN_CLOSE_APP) != 0; 1723 int expect_remote = (op->arg1 & EXPECT_CONN_CLOSE_REMOTE) != 0; 1724 uint64_t error_code = op->arg2; 1725 1726 if (!ossl_quic_tserver_is_term_any(ACQUIRE_S())) { 1727 ossl_quic_tserver_ping(ACQUIRE_S()); 1728 S_SPIN_AGAIN(); 1729 } 1730 1731 if (!TEST_ptr(tc = ossl_quic_tserver_get_terminate_cause(ACQUIRE_S()))) 1732 goto out; 1733 1734 if (!TEST_uint64_t_eq(error_code, tc->error_code) 1735 || !TEST_int_eq(expect_app, tc->app) 1736 || !TEST_int_eq(expect_remote, tc->remote)) 1737 goto out; 1738 } 1739 break; 1740 1741 case OPK_S_BIND_STREAM_ID: 1742 { 1743 if (!TEST_uint64_t_eq(s_stream_id, UINT64_MAX)) 1744 goto out; 1745 1746 if (!TEST_ptr(op->stream_name)) 1747 goto out; 1748 1749 if (!TEST_true(helper_set_s_stream(h, op->stream_name, op->arg2))) 1750 goto out; 1751 } 1752 break; 1753 1754 case OPK_S_UNBIND_STREAM_ID: 1755 { 1756 if (!TEST_uint64_t_ne(s_stream_id, UINT64_MAX)) 1757 goto out; 1758 1759 if (!TEST_ptr(op->stream_name)) 1760 goto out; 1761 1762 if (!TEST_true(helper_set_s_stream(h, op->stream_name, UINT64_MAX))) 1763 goto out; 1764 } 1765 break; 1766 1767 case OPK_C_WRITE_FAIL: 1768 { 1769 size_t bytes_written = 0; 1770 int r; 1771 1772 if (!TEST_ptr(c_tgt)) 1773 goto out; 1774 1775 r = SSL_write_ex(c_tgt, "apple", 5, &bytes_written); 1776 if (!TEST_false(r) 1777 || !check_consistent_want(c_tgt, r)) 1778 goto out; 1779 } 1780 break; 1781 1782 case OPK_S_WRITE_FAIL: 1783 { 1784 size_t bytes_written = 0; 1785 1786 if (!TEST_uint64_t_ne(s_stream_id, UINT64_MAX)) 1787 goto out; 1788 1789 if (!TEST_false(ossl_quic_tserver_write(ACQUIRE_S(), s_stream_id, 1790 (const unsigned char *)"apple", 5, 1791 &bytes_written))) 1792 goto out; 1793 } 1794 break; 1795 1796 case OPK_C_READ_FAIL: 1797 { 1798 size_t bytes_read = 0; 1799 char buf[1]; 1800 int r; 1801 1802 if (!TEST_ptr(c_tgt)) 1803 goto out; 1804 1805 r = SSL_read_ex(c_tgt, buf, sizeof(buf), &bytes_read); 1806 if (!TEST_false(r)) 1807 goto out; 1808 if (!check_consistent_want(c_tgt, r)) 1809 goto out; 1810 } 1811 break; 1812 1813 case OPK_C_READ_FAIL_WAIT: 1814 { 1815 size_t bytes_read = 0; 1816 char buf[1]; 1817 int r; 1818 1819 if (!TEST_ptr(c_tgt)) 1820 goto out; 1821 1822 r = SSL_read_ex(c_tgt, buf, sizeof(buf), &bytes_read); 1823 if (!TEST_false(r)) 1824 goto out; 1825 if (!check_consistent_want(c_tgt, r)) 1826 goto out; 1827 1828 if (is_want(c_tgt, 0)) 1829 C_SPIN_AGAIN(); 1830 } 1831 break; 1832 1833 case OPK_S_READ_FAIL: 1834 { 1835 int ret; 1836 size_t bytes_read = 0; 1837 unsigned char buf[1]; 1838 1839 if (!TEST_uint64_t_ne(s_stream_id, UINT64_MAX)) 1840 goto out; 1841 1842 ret = ossl_quic_tserver_read(ACQUIRE_S(), s_stream_id, 1843 buf, sizeof(buf), 1844 &bytes_read); 1845 if (!TEST_true(ret == 0 || (op->arg1 && bytes_read == 0))) 1846 goto out; 1847 } 1848 break; 1849 1850 case OPK_C_STREAM_RESET: 1851 case OPK_C_STREAM_RESET_FAIL: 1852 { 1853 SSL_STREAM_RESET_ARGS args = {0}; 1854 1855 if (!TEST_ptr(c_tgt)) 1856 goto out; 1857 1858 args.quic_error_code = op->arg2; 1859 if (op->op == OPK_C_STREAM_RESET) { 1860 if (!TEST_true(SSL_stream_reset(c_tgt, &args, sizeof(args)))) 1861 goto out; 1862 } else { 1863 if (!TEST_false(SSL_stream_reset(c_tgt, &args, sizeof(args)))) 1864 goto out; 1865 } 1866 } 1867 break; 1868 1869 case OPK_NEW_THREAD: 1870 { 1871 #if !defined(OPENSSL_THREADS) 1872 /* 1873 * If this test script requires threading and we do not have 1874 * support for it, skip the rest of it. 1875 */ 1876 TEST_skip("threading not supported, skipping"); 1877 testresult = 1; 1878 goto out; 1879 #else 1880 size_t i; 1881 1882 if (!TEST_ptr_null(h->threads)) { 1883 TEST_error("max one NEW_THREAD operation per script"); 1884 goto out; 1885 } 1886 1887 h->threads = OPENSSL_zalloc(op->arg1 * sizeof(struct child_thread_args)); 1888 if (!TEST_ptr(h->threads)) 1889 goto out; 1890 1891 h->num_threads = op->arg1; 1892 1893 for (i = 0; i < op->arg1; ++i) { 1894 h->threads[i].h = h; 1895 h->threads[i].script = op->arg0; 1896 h->threads[i].script_name = script_name; 1897 h->threads[i].thread_idx = i; 1898 1899 h->threads[i].m = ossl_crypto_mutex_new(); 1900 if (!TEST_ptr(h->threads[i].m)) 1901 goto out; 1902 1903 h->threads[i].t 1904 = ossl_crypto_thread_native_start(run_script_child_thread, 1905 &h->threads[i], 1); 1906 if (!TEST_ptr(h->threads[i].t)) 1907 goto out; 1908 } 1909 #endif 1910 } 1911 break; 1912 1913 case OPK_C_CLOSE_SOCKET: 1914 { 1915 BIO_closesocket(h->c_fd); 1916 h->c_fd = -1; 1917 } 1918 break; 1919 1920 case OPK_C_EXPECT_SSL_ERR: 1921 { 1922 if (!TEST_size_t_eq((size_t)SSL_get_error(c_tgt, 0), op->arg1)) 1923 goto out; 1924 if (!TEST_int_eq(SSL_want(c_tgt), SSL_NOTHING)) 1925 goto out; 1926 } 1927 break; 1928 1929 case OPK_EXPECT_ERR_REASON: 1930 { 1931 if (!TEST_size_t_eq((size_t)ERR_GET_REASON(ERR_peek_last_error()), op->arg1)) 1932 goto out; 1933 } 1934 break; 1935 1936 case OPK_EXPECT_ERR_LIB: 1937 { 1938 if (!TEST_size_t_eq((size_t)ERR_GET_LIB(ERR_peek_last_error()), op->arg1)) 1939 goto out; 1940 } 1941 break; 1942 1943 case OPK_POP_ERR: 1944 ERR_pop(); 1945 break; 1946 1947 case OPK_SLEEP: 1948 { 1949 OSSL_sleep(op->arg2); 1950 } 1951 break; 1952 1953 case OPK_S_SET_INJECT_PLAIN: 1954 h->qtf_packet_plain_cb = op->qtf_packet_plain_cb; 1955 1956 if (!TEST_true(qtest_fault_set_packet_plain_listener(h->qtf, 1957 h->qtf_packet_plain_cb != NULL ? 1958 helper_packet_plain_listener : NULL, 1959 h))) 1960 goto out; 1961 1962 break; 1963 1964 case OPK_S_SET_INJECT_HANDSHAKE: 1965 h->qtf_handshake_cb = op->qtf_handshake_cb; 1966 1967 if (!TEST_true(qtest_fault_set_handshake_listener(h->qtf, 1968 h->qtf_handshake_cb != NULL ? 1969 helper_handshake_listener : NULL, 1970 h))) 1971 goto out; 1972 1973 break; 1974 1975 case OPK_S_SET_INJECT_DATAGRAM: 1976 h->qtf_datagram_cb = op->qtf_datagram_cb; 1977 1978 if (!TEST_true(qtest_fault_set_datagram_listener(h->qtf, 1979 h->qtf_datagram_cb != NULL ? 1980 helper_datagram_listener : NULL, 1981 h))) 1982 goto out; 1983 1984 break; 1985 1986 case OPK_SET_INJECT_WORD: 1987 /* 1988 * Must hold server tick lock - callbacks can be called from other 1989 * thread when running test in blocking mode (tsan). 1990 */ 1991 ACQUIRE_S(); 1992 h->inject_word0 = op->arg1; 1993 h->inject_word1 = op->arg2; 1994 break; 1995 1996 case OPK_C_INHIBIT_TICK: 1997 { 1998 QUIC_CHANNEL *ch = ossl_quic_conn_get_channel(h->c_conn); 1999 2000 ossl_quic_engine_set_inhibit_tick(ossl_quic_channel_get0_engine(ch), 2001 op->arg1); 2002 } 2003 break; 2004 2005 case OPK_C_SET_WRITE_BUF_SIZE: 2006 if (!TEST_ptr(c_tgt)) 2007 goto out; 2008 2009 if (!TEST_true(ossl_quic_set_write_buffer_size(c_tgt, op->arg1))) 2010 goto out; 2011 2012 break; 2013 2014 case OPK_S_NEW_TICKET: 2015 if (!TEST_true(ossl_quic_tserver_new_ticket(ACQUIRE_S()))) 2016 goto out; 2017 break; 2018 2019 default: 2020 TEST_error("unknown op"); 2021 goto out; 2022 } 2023 } 2024 2025 out: 2026 s_unlock(h, hl); /* idempotent */ 2027 if (!testresult) { 2028 size_t i; 2029 const QUIC_TERMINATE_CAUSE *tcause; 2030 const char *e_str, *f_str; 2031 2032 TEST_error("failed in script \"%s\" at op %zu, thread %d\n", 2033 script_name, op_idx + 1, thread_idx); 2034 2035 for (i = 0; i < repeat_stack_len; ++i) 2036 TEST_info("while repeating, iteration %zu of %zu, starting at script op %zu", 2037 repeat_stack_done[i], 2038 repeat_stack_limit[i], 2039 repeat_stack_idx[i]); 2040 2041 ERR_print_errors_fp(stderr); 2042 2043 if (h->c_conn != NULL) { 2044 SSL_CONN_CLOSE_INFO cc_info = {0}; 2045 2046 if (SSL_get_conn_close_info(h->c_conn, &cc_info, sizeof(cc_info))) { 2047 e_str = ossl_quic_err_to_string(cc_info.error_code); 2048 f_str = ossl_quic_frame_type_to_string(cc_info.frame_type); 2049 2050 if (e_str == NULL) 2051 e_str = "?"; 2052 if (f_str == NULL) 2053 f_str = "?"; 2054 2055 TEST_info("client side is closed: %llu(%s)/%llu(%s), " 2056 "%s, %s, reason: \"%s\"", 2057 (unsigned long long)cc_info.error_code, 2058 e_str, 2059 (unsigned long long)cc_info.frame_type, 2060 f_str, 2061 (cc_info.flags & SSL_CONN_CLOSE_FLAG_LOCAL) != 0 2062 ? "local" : "remote", 2063 (cc_info.flags & SSL_CONN_CLOSE_FLAG_TRANSPORT) != 0 2064 ? "transport" : "app", 2065 cc_info.reason != NULL ? cc_info.reason : "-"); 2066 } 2067 } 2068 2069 tcause = (h->s != NULL 2070 ? ossl_quic_tserver_get_terminate_cause(h->s) : NULL); 2071 if (tcause != NULL) { 2072 e_str = ossl_quic_err_to_string(tcause->error_code); 2073 f_str = ossl_quic_frame_type_to_string(tcause->frame_type); 2074 2075 if (e_str == NULL) 2076 e_str = "?"; 2077 if (f_str == NULL) 2078 f_str = "?"; 2079 2080 TEST_info("server side is closed: %llu(%s)/%llu(%s), " 2081 "%s, %s, reason: \"%s\"", 2082 (unsigned long long)tcause->error_code, 2083 e_str, 2084 (unsigned long long)tcause->frame_type, 2085 f_str, 2086 tcause->remote ? "remote" : "local", 2087 tcause->app ? "app" : "transport", 2088 tcause->reason != NULL ? tcause->reason : "-"); 2089 } 2090 } 2091 2092 OPENSSL_free(tmp_buf); 2093 helper_local_cleanup(hl); 2094 return testresult; 2095 } 2096 2097 static int run_script(const struct script_op *script, 2098 const char *script_name, 2099 int free_order, 2100 int blocking) 2101 { 2102 int testresult = 0; 2103 struct helper h; 2104 2105 if (!TEST_true(helper_init(&h, script_name, 2106 free_order, blocking, 1))) 2107 goto out; 2108 2109 if (!TEST_true(run_script_worker(&h, script, script_name, -1))) 2110 goto out; 2111 2112 #if defined(OPENSSL_THREADS) 2113 if (!TEST_true(join_threads(h.threads, h.num_threads))) 2114 goto out; 2115 #endif 2116 2117 testresult = 1; 2118 out: 2119 helper_cleanup(&h); 2120 return testresult; 2121 } 2122 2123 #if defined(OPENSSL_THREADS) 2124 static CRYPTO_THREAD_RETVAL run_script_child_thread(void *arg) 2125 { 2126 int testresult; 2127 struct child_thread_args *args = arg; 2128 2129 testresult = run_script_worker(args->h, args->script, 2130 args->script_name, 2131 args->thread_idx); 2132 2133 ossl_crypto_mutex_lock(args->m); 2134 args->testresult = testresult; 2135 args->done = 1; 2136 ossl_crypto_mutex_unlock(args->m); 2137 return 1; 2138 } 2139 #endif 2140 2141 /* 1. Simple single-stream test */ 2142 static const struct script_op script_1[] = { 2143 OP_C_SET_ALPN ("ossltest") 2144 OP_C_CONNECT_WAIT () 2145 OP_C_WRITE (DEFAULT, "apple", 5) 2146 OP_C_CONCLUDE (DEFAULT) 2147 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 2148 OP_S_READ_EXPECT (a, "apple", 5) 2149 OP_S_EXPECT_FIN (a) 2150 OP_S_WRITE (a, "orange", 6) 2151 OP_S_CONCLUDE (a) 2152 OP_C_READ_EXPECT (DEFAULT, "orange", 6) 2153 OP_C_EXPECT_FIN (DEFAULT) 2154 OP_END 2155 }; 2156 2157 /* 2. Multi-stream test */ 2158 static const struct script_op script_2[] = { 2159 OP_C_SET_ALPN ("ossltest") 2160 OP_C_CONNECT_WAIT () 2161 OP_C_SET_INCOMING_STREAM_POLICY(SSL_INCOMING_STREAM_POLICY_ACCEPT) 2162 OP_C_WRITE (DEFAULT, "apple", 5) 2163 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 2164 OP_S_READ_EXPECT (a, "apple", 5) 2165 OP_S_WRITE (a, "orange", 6) 2166 OP_C_READ_EXPECT (DEFAULT, "orange", 6) 2167 2168 OP_C_NEW_STREAM_BIDI (b, C_BIDI_ID(1)) 2169 OP_C_WRITE (b, "flamingo", 8) 2170 OP_C_CONCLUDE (b) 2171 OP_S_BIND_STREAM_ID (b, C_BIDI_ID(1)) 2172 OP_S_READ_EXPECT (b, "flamingo", 8) 2173 OP_S_EXPECT_FIN (b) 2174 OP_S_WRITE (b, "gargoyle", 8) 2175 OP_S_CONCLUDE (b) 2176 OP_C_READ_EXPECT (b, "gargoyle", 8) 2177 OP_C_EXPECT_FIN (b) 2178 2179 OP_C_NEW_STREAM_UNI (c, C_UNI_ID(0)) 2180 OP_C_WRITE (c, "elephant", 8) 2181 OP_C_CONCLUDE (c) 2182 OP_S_BIND_STREAM_ID (c, C_UNI_ID(0)) 2183 OP_S_READ_EXPECT (c, "elephant", 8) 2184 OP_S_EXPECT_FIN (c) 2185 OP_S_WRITE_FAIL (c) 2186 2187 OP_C_ACCEPT_STREAM_NONE () 2188 2189 OP_S_NEW_STREAM_BIDI (d, S_BIDI_ID(0)) 2190 OP_S_WRITE (d, "frog", 4) 2191 OP_S_CONCLUDE (d) 2192 2193 OP_C_ACCEPT_STREAM_WAIT (d) 2194 OP_C_ACCEPT_STREAM_NONE () 2195 OP_C_READ_EXPECT (d, "frog", 4) 2196 OP_C_EXPECT_FIN (d) 2197 2198 OP_S_NEW_STREAM_BIDI (e, S_BIDI_ID(1)) 2199 OP_S_WRITE (e, "mixture", 7) 2200 OP_S_CONCLUDE (e) 2201 2202 OP_C_ACCEPT_STREAM_WAIT (e) 2203 OP_C_READ_EXPECT (e, "mixture", 7) 2204 OP_C_EXPECT_FIN (e) 2205 OP_C_WRITE (e, "ramble", 6) 2206 OP_S_READ_EXPECT (e, "ramble", 6) 2207 OP_C_CONCLUDE (e) 2208 OP_S_EXPECT_FIN (e) 2209 2210 OP_S_NEW_STREAM_UNI (f, S_UNI_ID(0)) 2211 OP_S_WRITE (f, "yonder", 6) 2212 OP_S_CONCLUDE (f) 2213 2214 OP_C_ACCEPT_STREAM_WAIT (f) 2215 OP_C_ACCEPT_STREAM_NONE () 2216 OP_C_READ_EXPECT (f, "yonder", 6) 2217 OP_C_EXPECT_FIN (f) 2218 OP_C_WRITE_FAIL (f) 2219 2220 OP_C_SET_INCOMING_STREAM_POLICY(SSL_INCOMING_STREAM_POLICY_REJECT) 2221 OP_S_NEW_STREAM_BIDI (g, S_BIDI_ID(2)) 2222 OP_S_WRITE (g, "unseen", 6) 2223 OP_S_CONCLUDE (g) 2224 2225 OP_C_ACCEPT_STREAM_NONE () 2226 2227 OP_C_SET_INCOMING_STREAM_POLICY(SSL_INCOMING_STREAM_POLICY_AUTO) 2228 OP_S_NEW_STREAM_BIDI (h, S_BIDI_ID(3)) 2229 OP_S_WRITE (h, "UNSEEN", 6) 2230 OP_S_CONCLUDE (h) 2231 2232 OP_C_ACCEPT_STREAM_NONE () 2233 2234 /* 2235 * Streams g, h should have been rejected, so server should have got 2236 * STOP_SENDING/RESET_STREAM. 2237 */ 2238 OP_CHECK (check_rejected, S_BIDI_ID(2)) 2239 OP_CHECK (check_rejected, S_BIDI_ID(3)) 2240 2241 OP_END 2242 }; 2243 2244 /* 3. Default stream detach/reattach test */ 2245 static const struct script_op script_3[] = { 2246 OP_C_SET_ALPN ("ossltest") 2247 OP_C_CONNECT_WAIT () 2248 2249 OP_C_WRITE (DEFAULT, "apple", 5) 2250 OP_C_DETACH (a) /* DEFAULT becomes stream 'a' */ 2251 OP_C_WRITE_FAIL (DEFAULT) 2252 2253 OP_C_WRITE (a, "by", 2) 2254 2255 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 2256 OP_S_READ_EXPECT (a, "appleby", 7) 2257 2258 OP_S_WRITE (a, "hello", 5) 2259 OP_C_READ_EXPECT (a, "hello", 5) 2260 2261 OP_C_WRITE_FAIL (DEFAULT) 2262 OP_C_ATTACH (a) 2263 OP_C_WRITE (DEFAULT, "is here", 7) 2264 OP_S_READ_EXPECT (a, "is here", 7) 2265 2266 OP_C_DETACH (a) 2267 OP_C_CONCLUDE (a) 2268 OP_S_EXPECT_FIN (a) 2269 2270 OP_END 2271 }; 2272 2273 /* 4. Default stream mode test */ 2274 static const struct script_op script_4[] = { 2275 OP_C_SET_ALPN ("ossltest") 2276 OP_C_CONNECT_WAIT () 2277 2278 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 2279 OP_C_WRITE_FAIL (DEFAULT) 2280 2281 OP_S_NEW_STREAM_BIDI (a, S_BIDI_ID(0)) 2282 OP_S_WRITE (a, "apple", 5) 2283 2284 OP_C_READ_FAIL (DEFAULT) 2285 2286 OP_C_ACCEPT_STREAM_WAIT (a) 2287 OP_C_READ_EXPECT (a, "apple", 5) 2288 2289 OP_C_ATTACH (a) 2290 OP_C_WRITE (DEFAULT, "orange", 6) 2291 OP_S_READ_EXPECT (a, "orange", 6) 2292 2293 OP_END 2294 }; 2295 2296 /* 5. Test stream reset functionality */ 2297 static const struct script_op script_5[] = { 2298 OP_C_SET_ALPN ("ossltest") 2299 OP_C_CONNECT_WAIT () 2300 2301 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 2302 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0)) 2303 OP_C_NEW_STREAM_BIDI (b, C_BIDI_ID(1)) 2304 2305 OP_C_WRITE (a, "apple", 5) 2306 OP_C_STREAM_RESET (a, 42) 2307 2308 OP_C_WRITE (b, "strawberry", 10) 2309 2310 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 2311 OP_S_BIND_STREAM_ID (b, C_BIDI_ID(1)) 2312 OP_S_READ_EXPECT (b, "strawberry", 10) 2313 /* Reset disrupts read of already sent data */ 2314 OP_S_READ_FAIL (a, 0) 2315 OP_CHECK (check_stream_reset, C_BIDI_ID(0)) 2316 2317 OP_END 2318 }; 2319 2320 /* 6. Test STOP_SENDING functionality */ 2321 static const struct script_op script_6[] = { 2322 OP_C_SET_ALPN ("ossltest") 2323 OP_C_CONNECT_WAIT () 2324 2325 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 2326 OP_S_NEW_STREAM_BIDI (a, S_BIDI_ID(0)) 2327 OP_S_WRITE (a, "apple", 5) 2328 2329 OP_C_ACCEPT_STREAM_WAIT (a) 2330 OP_C_FREE_STREAM (a) 2331 OP_C_ACCEPT_STREAM_NONE () 2332 2333 OP_CHECK (check_stream_stopped, S_BIDI_ID(0)) 2334 2335 OP_END 2336 }; 2337 2338 /* 7. Unidirectional default stream mode test (client sends first) */ 2339 static const struct script_op script_7[] = { 2340 OP_C_SET_ALPN ("ossltest") 2341 OP_C_CONNECT_WAIT () 2342 2343 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_AUTO_UNI) 2344 OP_C_WRITE (DEFAULT, "apple", 5) 2345 2346 OP_S_BIND_STREAM_ID (a, C_UNI_ID(0)) 2347 OP_S_READ_EXPECT (a, "apple", 5) 2348 OP_S_WRITE_FAIL (a) 2349 2350 OP_END 2351 }; 2352 2353 /* 8. Unidirectional default stream mode test (server sends first) */ 2354 static const struct script_op script_8[] = { 2355 OP_C_SET_ALPN ("ossltest") 2356 OP_C_CONNECT_WAIT () 2357 2358 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_AUTO_UNI) 2359 OP_S_NEW_STREAM_UNI (a, S_UNI_ID(0)) 2360 OP_S_WRITE (a, "apple", 5) 2361 OP_C_READ_EXPECT (DEFAULT, "apple", 5) 2362 OP_C_WRITE_FAIL (DEFAULT) 2363 2364 OP_END 2365 }; 2366 2367 /* 9. Unidirectional default stream mode test (server sends first on bidi) */ 2368 static const struct script_op script_9[] = { 2369 OP_C_SET_ALPN ("ossltest") 2370 OP_C_CONNECT_WAIT () 2371 2372 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_AUTO_UNI) 2373 OP_S_NEW_STREAM_BIDI (a, S_BIDI_ID(0)) 2374 OP_S_WRITE (a, "apple", 5) 2375 OP_C_READ_EXPECT (DEFAULT, "apple", 5) 2376 OP_C_WRITE (DEFAULT, "orange", 6) 2377 OP_S_READ_EXPECT (a, "orange", 6) 2378 2379 OP_END 2380 }; 2381 2382 /* 10. Shutdown */ 2383 static const struct script_op script_10[] = { 2384 OP_C_SET_ALPN ("ossltest") 2385 OP_C_CONNECT_WAIT () 2386 2387 OP_C_WRITE (DEFAULT, "apple", 5) 2388 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 2389 OP_S_READ_EXPECT (a, "apple", 5) 2390 2391 OP_C_SHUTDOWN_WAIT (NULL, 0) 2392 OP_C_EXPECT_CONN_CLOSE_INFO(0, 1, 0) 2393 OP_S_EXPECT_CONN_CLOSE_INFO(0, 1, 1) 2394 2395 OP_END 2396 }; 2397 2398 /* 11. Many threads accepted on the same client connection */ 2399 static const struct script_op script_11_child[] = { 2400 OP_C_ACCEPT_STREAM_WAIT (a) 2401 OP_C_READ_EXPECT (a, "foo", 3) 2402 OP_SLEEP (10) 2403 OP_C_EXPECT_FIN (a) 2404 2405 OP_END 2406 }; 2407 2408 static const struct script_op script_11[] = { 2409 OP_C_SET_ALPN ("ossltest") 2410 OP_C_CONNECT_WAIT () 2411 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 2412 2413 OP_NEW_THREAD (5, script_11_child) 2414 2415 OP_S_NEW_STREAM_BIDI (a, ANY_ID) 2416 OP_S_WRITE (a, "foo", 3) 2417 OP_S_CONCLUDE (a) 2418 2419 OP_S_NEW_STREAM_BIDI (b, ANY_ID) 2420 OP_S_WRITE (b, "foo", 3) 2421 OP_S_CONCLUDE (b) 2422 2423 OP_S_NEW_STREAM_BIDI (c, ANY_ID) 2424 OP_S_WRITE (c, "foo", 3) 2425 OP_S_CONCLUDE (c) 2426 2427 OP_S_NEW_STREAM_BIDI (d, ANY_ID) 2428 OP_S_WRITE (d, "foo", 3) 2429 OP_S_CONCLUDE (d) 2430 2431 OP_S_NEW_STREAM_BIDI (e, ANY_ID) 2432 OP_S_WRITE (e, "foo", 3) 2433 OP_S_CONCLUDE (e) 2434 2435 OP_END 2436 }; 2437 2438 /* 12. Many threads initiated on the same client connection */ 2439 static const struct script_op script_12_child[] = { 2440 OP_C_NEW_STREAM_BIDI (a, ANY_ID) 2441 OP_C_WRITE (a, "foo", 3) 2442 OP_C_CONCLUDE (a) 2443 OP_C_FREE_STREAM (a) 2444 2445 OP_END 2446 }; 2447 2448 static const struct script_op script_12[] = { 2449 OP_C_SET_ALPN ("ossltest") 2450 OP_C_CONNECT_WAIT () 2451 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 2452 2453 OP_NEW_THREAD (5, script_12_child) 2454 2455 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 2456 OP_S_READ_EXPECT (a, "foo", 3) 2457 OP_S_EXPECT_FIN (a) 2458 OP_S_BIND_STREAM_ID (b, C_BIDI_ID(1)) 2459 OP_S_READ_EXPECT (b, "foo", 3) 2460 OP_S_EXPECT_FIN (b) 2461 OP_S_BIND_STREAM_ID (c, C_BIDI_ID(2)) 2462 OP_S_READ_EXPECT (c, "foo", 3) 2463 OP_S_EXPECT_FIN (c) 2464 OP_S_BIND_STREAM_ID (d, C_BIDI_ID(3)) 2465 OP_S_READ_EXPECT (d, "foo", 3) 2466 OP_S_EXPECT_FIN (d) 2467 OP_S_BIND_STREAM_ID (e, C_BIDI_ID(4)) 2468 OP_S_READ_EXPECT (e, "foo", 3) 2469 OP_S_EXPECT_FIN (e) 2470 2471 OP_END 2472 }; 2473 2474 /* 13. Many threads accepted on the same client connection (stress test) */ 2475 static const struct script_op script_13_child[] = { 2476 OP_BEGIN_REPEAT (10) 2477 2478 OP_C_ACCEPT_STREAM_WAIT (a) 2479 OP_C_READ_EXPECT (a, "foo", 3) 2480 OP_C_EXPECT_FIN (a) 2481 OP_C_FREE_STREAM (a) 2482 2483 OP_END_REPEAT () 2484 2485 OP_END 2486 }; 2487 2488 static const struct script_op script_13[] = { 2489 OP_C_SET_ALPN ("ossltest") 2490 OP_C_CONNECT_WAIT () 2491 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 2492 2493 OP_NEW_THREAD (5, script_13_child) 2494 2495 OP_BEGIN_REPEAT (50) 2496 2497 OP_S_NEW_STREAM_BIDI (a, ANY_ID) 2498 OP_S_WRITE (a, "foo", 3) 2499 OP_S_CONCLUDE (a) 2500 OP_S_UNBIND_STREAM_ID (a) 2501 2502 OP_END_REPEAT () 2503 2504 OP_END 2505 }; 2506 2507 /* 14. Many threads initiating on the same client connection (stress test) */ 2508 static const struct script_op script_14_child[] = { 2509 OP_BEGIN_REPEAT (10) 2510 2511 OP_C_NEW_STREAM_BIDI (a, ANY_ID) 2512 OP_C_WRITE (a, "foo", 3) 2513 OP_C_CONCLUDE (a) 2514 OP_C_FREE_STREAM (a) 2515 2516 OP_END_REPEAT () 2517 2518 OP_END 2519 }; 2520 2521 static const struct script_op script_14[] = { 2522 OP_C_SET_ALPN ("ossltest") 2523 OP_C_CONNECT_WAIT () 2524 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 2525 2526 OP_NEW_THREAD (5, script_14_child) 2527 2528 OP_BEGIN_REPEAT (50) 2529 2530 OP_S_ACCEPT_STREAM_WAIT (a) 2531 OP_S_READ_EXPECT (a, "foo", 3) 2532 OP_S_EXPECT_FIN (a) 2533 OP_S_UNBIND_STREAM_ID (a) 2534 2535 OP_END_REPEAT () 2536 2537 OP_END 2538 }; 2539 2540 /* 15. Client sending large number of streams, MAX_STREAMS test */ 2541 static const struct script_op script_15[] = { 2542 OP_C_SET_ALPN ("ossltest") 2543 OP_C_CONNECT_WAIT () 2544 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 2545 2546 /* 2547 * This will cause a protocol violation to be raised by the server if we are 2548 * not handling the stream limit correctly on the TX side. 2549 */ 2550 OP_BEGIN_REPEAT (200) 2551 2552 OP_C_NEW_STREAM_BIDI_EX (a, ANY_ID, SSL_STREAM_FLAG_ADVANCE) 2553 OP_C_WRITE (a, "foo", 3) 2554 OP_C_CONCLUDE (a) 2555 OP_C_FREE_STREAM (a) 2556 2557 OP_END_REPEAT () 2558 2559 /* Prove the connection is still good. */ 2560 OP_S_NEW_STREAM_BIDI (a, S_BIDI_ID(0)) 2561 OP_S_WRITE (a, "bar", 3) 2562 OP_S_CONCLUDE (a) 2563 2564 OP_C_ACCEPT_STREAM_WAIT (a) 2565 OP_C_READ_EXPECT (a, "bar", 3) 2566 OP_C_EXPECT_FIN (a) 2567 2568 /* 2569 * Drain the queue of incoming streams. We should be able to get all 200 2570 * even though only 100 can be initiated at a time. 2571 */ 2572 OP_BEGIN_REPEAT (200) 2573 2574 OP_S_ACCEPT_STREAM_WAIT (b) 2575 OP_S_READ_EXPECT (b, "foo", 3) 2576 OP_S_EXPECT_FIN (b) 2577 OP_S_UNBIND_STREAM_ID (b) 2578 2579 OP_END_REPEAT () 2580 2581 OP_END 2582 }; 2583 2584 /* 16. Server sending large number of streams, MAX_STREAMS test */ 2585 static const struct script_op script_16[] = { 2586 OP_C_SET_ALPN ("ossltest") 2587 OP_C_CONNECT_WAIT () 2588 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 2589 2590 /* 2591 * This will cause a protocol violation to be raised by the client if we are 2592 * not handling the stream limit correctly on the TX side. 2593 */ 2594 OP_BEGIN_REPEAT (200) 2595 2596 OP_S_NEW_STREAM_BIDI (a, ANY_ID) 2597 OP_S_WRITE (a, "foo", 3) 2598 OP_S_CONCLUDE (a) 2599 OP_S_UNBIND_STREAM_ID (a) 2600 2601 OP_END_REPEAT () 2602 2603 /* Prove that the connection is still good. */ 2604 OP_C_NEW_STREAM_BIDI (a, ANY_ID) 2605 OP_C_WRITE (a, "bar", 3) 2606 OP_C_CONCLUDE (a) 2607 2608 OP_S_ACCEPT_STREAM_WAIT (b) 2609 OP_S_READ_EXPECT (b, "bar", 3) 2610 OP_S_EXPECT_FIN (b) 2611 2612 /* Drain the queue of incoming streams. */ 2613 OP_BEGIN_REPEAT (200) 2614 2615 OP_C_ACCEPT_STREAM_WAIT (b) 2616 OP_C_READ_EXPECT (b, "foo", 3) 2617 OP_C_EXPECT_FIN (b) 2618 OP_C_FREE_STREAM (b) 2619 2620 OP_END_REPEAT () 2621 2622 OP_END 2623 }; 2624 2625 /* 17. Key update test - unlimited */ 2626 static const struct script_op script_17[] = { 2627 OP_C_SET_ALPN ("ossltest") 2628 OP_C_CONNECT_WAIT () 2629 2630 OP_C_WRITE (DEFAULT, "apple", 5) 2631 2632 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 2633 OP_S_READ_EXPECT (a, "apple", 5) 2634 2635 OP_CHECK (override_key_update, 1) 2636 2637 OP_BEGIN_REPEAT (200) 2638 2639 OP_C_WRITE (DEFAULT, "apple", 5) 2640 OP_S_READ_EXPECT (a, "apple", 5) 2641 2642 /* 2643 * TXKU frequency is bounded by RTT because a previous TXKU needs to be 2644 * acknowledged by the peer first before another one can be begin. By 2645 * waiting this long, we eliminate any such concern and ensure as many key 2646 * updates as possible can occur for the purposes of this test. 2647 */ 2648 OP_CHECK (skip_time_ms, 100) 2649 2650 OP_END_REPEAT () 2651 2652 /* At least 5 RXKUs detected */ 2653 OP_CHECK (check_key_update_ge, 5) 2654 2655 /* 2656 * Prove the connection is still healthy by sending something in both 2657 * directions. 2658 */ 2659 OP_C_WRITE (DEFAULT, "xyzzy", 5) 2660 OP_S_READ_EXPECT (a, "xyzzy", 5) 2661 2662 OP_S_WRITE (a, "plugh", 5) 2663 OP_C_READ_EXPECT (DEFAULT, "plugh", 5) 2664 2665 OP_END 2666 }; 2667 2668 /* 18. Key update test - RTT-bounded */ 2669 static const struct script_op script_18[] = { 2670 OP_C_SET_ALPN ("ossltest") 2671 OP_C_CONNECT_WAIT () 2672 2673 OP_C_WRITE (DEFAULT, "apple", 5) 2674 2675 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 2676 OP_S_READ_EXPECT (a, "apple", 5) 2677 2678 OP_CHECK (override_key_update, 1) 2679 2680 OP_BEGIN_REPEAT (200) 2681 2682 OP_C_WRITE (DEFAULT, "apple", 5) 2683 OP_S_READ_EXPECT (a, "apple", 5) 2684 OP_CHECK (skip_time_ms, 8) 2685 2686 OP_END_REPEAT () 2687 2688 /* 2689 * This time we simulate far less time passing between writes, so there are 2690 * fewer opportunities to initiate TXKUs. Note that we ask for a TXKU every 2691 * 1 packet above, which is absurd; thus this ensures we only actually 2692 * generate TXKUs when we are allowed to. 2693 */ 2694 OP_CHECK (check_key_update_lt, 240) 2695 2696 /* 2697 * Prove the connection is still healthy by sending something in both 2698 * directions. 2699 */ 2700 OP_C_WRITE (DEFAULT, "xyzzy", 5) 2701 OP_S_READ_EXPECT (a, "xyzzy", 5) 2702 2703 OP_S_WRITE (a, "plugh", 5) 2704 OP_C_READ_EXPECT (DEFAULT, "plugh", 5) 2705 2706 OP_END 2707 }; 2708 2709 /* 19. Key update test - artificially triggered */ 2710 static const struct script_op script_19[] = { 2711 OP_C_SET_ALPN ("ossltest") 2712 OP_C_CONNECT_WAIT () 2713 2714 OP_C_WRITE (DEFAULT, "apple", 5) 2715 2716 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 2717 OP_S_READ_EXPECT (a, "apple", 5) 2718 2719 OP_C_WRITE (DEFAULT, "orange", 6) 2720 OP_S_READ_EXPECT (a, "orange", 6) 2721 2722 OP_S_WRITE (a, "strawberry", 10) 2723 OP_C_READ_EXPECT (DEFAULT, "strawberry", 10) 2724 2725 OP_CHECK (check_key_update_lt, 1) 2726 OP_CHECK (trigger_key_update, 0) 2727 2728 OP_C_WRITE (DEFAULT, "orange", 6) 2729 OP_S_READ_EXPECT (a, "orange", 6) 2730 OP_S_WRITE (a, "ok", 2) 2731 2732 OP_C_READ_EXPECT (DEFAULT, "ok", 2) 2733 OP_CHECK (check_key_update_ge, 1) 2734 2735 OP_END 2736 }; 2737 2738 /* 20. Multiple threads accept stream with socket forcibly closed (error test) */ 2739 static int script_20_trigger(struct helper *h, volatile uint64_t *counter) 2740 { 2741 #if defined(OPENSSL_THREADS) 2742 ossl_crypto_mutex_lock(h->misc_m); 2743 ++*counter; 2744 ossl_crypto_condvar_broadcast(h->misc_cv); 2745 ossl_crypto_mutex_unlock(h->misc_m); 2746 #endif 2747 return 1; 2748 } 2749 2750 static int script_20_wait(struct helper *h, volatile uint64_t *counter, uint64_t threshold) 2751 { 2752 #if defined(OPENSSL_THREADS) 2753 int stop = 0; 2754 2755 ossl_crypto_mutex_lock(h->misc_m); 2756 while (!stop) { 2757 stop = (*counter >= threshold); 2758 if (stop) 2759 break; 2760 2761 ossl_crypto_condvar_wait(h->misc_cv, h->misc_m); 2762 } 2763 2764 ossl_crypto_mutex_unlock(h->misc_m); 2765 #endif 2766 return 1; 2767 } 2768 2769 static int script_20_trigger1(struct helper *h, struct helper_local *hl) 2770 { 2771 return script_20_trigger(h, &h->scratch0); 2772 } 2773 2774 static int script_20_wait1(struct helper *h, struct helper_local *hl) 2775 { 2776 return script_20_wait(h, &h->scratch0, hl->check_op->arg2); 2777 } 2778 2779 static int script_20_trigger2(struct helper *h, struct helper_local *hl) 2780 { 2781 return script_20_trigger(h, &h->scratch1); 2782 } 2783 2784 static int script_20_wait2(struct helper *h, struct helper_local *hl) 2785 { 2786 return script_20_wait(h, &h->scratch1, hl->check_op->arg2); 2787 } 2788 2789 static const struct script_op script_20_child[] = { 2790 OP_C_ACCEPT_STREAM_WAIT (a) 2791 OP_C_READ_EXPECT (a, "foo", 3) 2792 2793 OP_CHECK (script_20_trigger1, 0) 2794 OP_CHECK (script_20_wait2, 1) 2795 2796 OP_C_READ_FAIL_WAIT (a) 2797 OP_C_EXPECT_SSL_ERR (a, SSL_ERROR_SYSCALL) 2798 2799 OP_EXPECT_ERR_LIB (ERR_LIB_SSL) 2800 OP_EXPECT_ERR_REASON (SSL_R_PROTOCOL_IS_SHUTDOWN) 2801 2802 OP_POP_ERR () 2803 OP_EXPECT_ERR_LIB (ERR_LIB_SSL) 2804 OP_EXPECT_ERR_REASON (SSL_R_QUIC_NETWORK_ERROR) 2805 2806 OP_C_FREE_STREAM (a) 2807 2808 OP_END 2809 }; 2810 2811 static const struct script_op script_20[] = { 2812 OP_C_SET_ALPN ("ossltest") 2813 OP_C_CONNECT_WAIT () 2814 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 2815 2816 OP_NEW_THREAD (5, script_20_child) 2817 2818 OP_BEGIN_REPEAT (5) 2819 2820 OP_S_NEW_STREAM_BIDI (a, ANY_ID) 2821 OP_S_WRITE (a, "foo", 3) 2822 OP_S_UNBIND_STREAM_ID (a) 2823 2824 OP_END_REPEAT () 2825 2826 OP_CHECK (script_20_wait1, 5) 2827 2828 OP_C_CLOSE_SOCKET () 2829 OP_CHECK (script_20_trigger2, 0) 2830 2831 OP_END 2832 }; 2833 2834 /* 21. Fault injection - unknown frame in 1-RTT packet */ 2835 static int script_21_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr, 2836 unsigned char *buf, size_t len) 2837 { 2838 int ok = 0; 2839 WPACKET wpkt; 2840 unsigned char frame_buf[21]; 2841 size_t written; 2842 2843 if (h->inject_word0 == 0 || hdr->type != h->inject_word0) 2844 return 1; 2845 2846 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf, 2847 sizeof(frame_buf), 0))) 2848 return 0; 2849 2850 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word1))) 2851 goto err; 2852 2853 switch (h->inject_word1) { 2854 case OSSL_QUIC_FRAME_TYPE_PATH_CHALLENGE: 2855 case OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE: 2856 case OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID: 2857 /* 2858 * These cases to be formatted properly need a single uint64_t 2859 */ 2860 if (!TEST_true(WPACKET_put_bytes_u64(&wpkt, (uint64_t)0))) 2861 goto err; 2862 break; 2863 case OSSL_QUIC_FRAME_TYPE_MAX_DATA: 2864 case OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_UNI: 2865 case OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_BIDI: 2866 case OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_BIDI: 2867 case OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_UNI: 2868 case OSSL_QUIC_FRAME_TYPE_DATA_BLOCKED: 2869 /* 2870 * These cases require a single vlint 2871 */ 2872 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, (uint64_t)0))) 2873 goto err; 2874 break; 2875 case OSSL_QUIC_FRAME_TYPE_STOP_SENDING: 2876 case OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA: 2877 case OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED: 2878 /* 2879 * These cases require 2 variable integers 2880 */ 2881 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, (uint64_t)0))) 2882 goto err; 2883 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, (uint64_t)0))) 2884 goto err; 2885 break; 2886 case OSSL_QUIC_FRAME_TYPE_STREAM: 2887 case OSSL_QUIC_FRAME_TYPE_RESET_STREAM: 2888 case OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_APP: 2889 /* 2890 * These cases require 3 variable integers 2891 */ 2892 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, (uint64_t)0))) 2893 goto err; 2894 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, (uint64_t)0))) 2895 goto err; 2896 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, (uint64_t)0))) 2897 goto err; 2898 break; 2899 case OSSL_QUIC_FRAME_TYPE_NEW_TOKEN: 2900 /* 2901 * Special case for new token 2902 */ 2903 2904 /* New token length, cannot be zero */ 2905 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, (uint64_t)1))) 2906 goto err; 2907 2908 /* 1 bytes of token data, to match the above length */ 2909 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, (uint8_t)0))) 2910 goto err; 2911 break; 2912 case OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID: 2913 /* 2914 * Special case for New Connection ids, has a combination 2915 * of vlints and fixed width values 2916 */ 2917 2918 /* seq number */ 2919 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, (uint64_t)0))) 2920 goto err; 2921 2922 /* retire prior to */ 2923 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, (uint64_t)0))) 2924 goto err; 2925 2926 /* Connection id length, arbitrary at 1 bytes */ 2927 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, (uint8_t)1))) 2928 goto err; 2929 2930 /* The connection id, to match the above length */ 2931 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, (uint8_t)0))) 2932 goto err; 2933 2934 /* 16 bytes total for the SRT */ 2935 if (!TEST_true(WPACKET_memset(&wpkt, 0, 16))) 2936 goto err; 2937 2938 break; 2939 } 2940 2941 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written))) 2942 goto err; 2943 2944 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written)) 2945 goto err; 2946 2947 ok = 1; 2948 err: 2949 if (ok) 2950 WPACKET_finish(&wpkt); 2951 else 2952 WPACKET_cleanup(&wpkt); 2953 return ok; 2954 } 2955 2956 static const struct script_op script_21[] = { 2957 OP_S_SET_INJECT_PLAIN (script_21_inject_plain) 2958 OP_C_SET_ALPN ("ossltest") 2959 OP_C_CONNECT_WAIT () 2960 2961 OP_C_WRITE (DEFAULT, "apple", 5) 2962 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 2963 OP_S_READ_EXPECT (a, "apple", 5) 2964 2965 OP_SET_INJECT_WORD (QUIC_PKT_TYPE_1RTT, OSSL_QUIC_VLINT_MAX) 2966 2967 OP_S_WRITE (a, "orange", 6) 2968 2969 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0) 2970 2971 OP_END 2972 }; 2973 2974 /* 22. Fault injection - non-zero packet header reserved bits */ 2975 static int script_22_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr, 2976 unsigned char *buf, size_t len) 2977 { 2978 if (h->inject_word0 == 0) 2979 return 1; 2980 2981 hdr->reserved = 1; 2982 return 1; 2983 } 2984 2985 static const struct script_op script_22[] = { 2986 OP_S_SET_INJECT_PLAIN (script_22_inject_plain) 2987 OP_C_SET_ALPN ("ossltest") 2988 OP_C_CONNECT_WAIT () 2989 2990 OP_C_WRITE (DEFAULT, "apple", 5) 2991 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 2992 OP_S_READ_EXPECT (a, "apple", 5) 2993 2994 OP_SET_INJECT_WORD (1, 0) 2995 2996 OP_S_WRITE (a, "orange", 6) 2997 2998 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_PROTOCOL_VIOLATION,0,0) 2999 3000 OP_END 3001 }; 3002 3003 /* 23. Fault injection - empty NEW_TOKEN */ 3004 static int script_23_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr, 3005 unsigned char *buf, size_t len) 3006 { 3007 int ok = 0; 3008 WPACKET wpkt; 3009 unsigned char frame_buf[16]; 3010 size_t written; 3011 3012 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT) 3013 return 1; 3014 3015 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf, 3016 sizeof(frame_buf), 0))) 3017 return 0; 3018 3019 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_FRAME_TYPE_NEW_TOKEN)) 3020 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, 0))) 3021 goto err; 3022 3023 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written))) 3024 goto err; 3025 3026 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written)) 3027 goto err; 3028 3029 ok = 1; 3030 err: 3031 if (ok) 3032 WPACKET_finish(&wpkt); 3033 else 3034 WPACKET_cleanup(&wpkt); 3035 return ok; 3036 } 3037 3038 static const struct script_op script_23[] = { 3039 OP_S_SET_INJECT_PLAIN (script_23_inject_plain) 3040 OP_C_SET_ALPN ("ossltest") 3041 OP_C_CONNECT_WAIT () 3042 3043 OP_C_WRITE (DEFAULT, "apple", 5) 3044 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 3045 OP_S_READ_EXPECT (a, "apple", 5) 3046 3047 OP_SET_INJECT_WORD (1, 0) 3048 3049 OP_S_WRITE (a, "orange", 6) 3050 3051 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0) 3052 3053 OP_END 3054 }; 3055 3056 /* 24. Fault injection - excess value of MAX_STREAMS_BIDI */ 3057 static int script_24_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr, 3058 unsigned char *buf, size_t len) 3059 { 3060 int ok = 0; 3061 WPACKET wpkt; 3062 unsigned char frame_buf[16]; 3063 size_t written; 3064 3065 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT) 3066 return 1; 3067 3068 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf, 3069 sizeof(frame_buf), 0))) 3070 return 0; 3071 3072 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word1)) 3073 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, (((uint64_t)1) << 60) + 1))) 3074 goto err; 3075 3076 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written))) 3077 goto err; 3078 3079 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written)) 3080 goto err; 3081 3082 ok = 1; 3083 err: 3084 if (ok) 3085 WPACKET_finish(&wpkt); 3086 else 3087 WPACKET_cleanup(&wpkt); 3088 return ok; 3089 } 3090 3091 static const struct script_op script_24[] = { 3092 OP_S_SET_INJECT_PLAIN (script_24_inject_plain) 3093 OP_C_SET_ALPN ("ossltest") 3094 OP_C_CONNECT_WAIT () 3095 3096 OP_C_WRITE (DEFAULT, "apple", 5) 3097 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 3098 OP_S_READ_EXPECT (a, "apple", 5) 3099 3100 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_BIDI) 3101 3102 OP_S_WRITE (a, "orange", 6) 3103 3104 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0) 3105 3106 OP_END 3107 }; 3108 3109 /* 25. Fault injection - excess value of MAX_STREAMS_UNI */ 3110 static const struct script_op script_25[] = { 3111 OP_S_SET_INJECT_PLAIN (script_24_inject_plain) 3112 OP_C_SET_ALPN ("ossltest") 3113 OP_C_CONNECT_WAIT () 3114 3115 OP_C_WRITE (DEFAULT, "apple", 5) 3116 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 3117 OP_S_READ_EXPECT (a, "apple", 5) 3118 3119 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_UNI) 3120 3121 OP_S_WRITE (a, "orange", 6) 3122 3123 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0) 3124 3125 OP_END 3126 }; 3127 3128 /* 26. Fault injection - excess value of STREAMS_BLOCKED_BIDI */ 3129 static const struct script_op script_26[] = { 3130 OP_S_SET_INJECT_PLAIN (script_24_inject_plain) 3131 OP_C_SET_ALPN ("ossltest") 3132 OP_C_CONNECT_WAIT () 3133 3134 OP_C_WRITE (DEFAULT, "apple", 5) 3135 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 3136 OP_S_READ_EXPECT (a, "apple", 5) 3137 3138 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_BIDI) 3139 3140 OP_S_WRITE (a, "orange", 6) 3141 3142 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_LIMIT_ERROR,0,0) 3143 3144 OP_END 3145 }; 3146 3147 /* 27. Fault injection - excess value of STREAMS_BLOCKED_UNI */ 3148 static const struct script_op script_27[] = { 3149 OP_S_SET_INJECT_PLAIN (script_24_inject_plain) 3150 OP_C_SET_ALPN ("ossltest") 3151 OP_C_CONNECT_WAIT () 3152 3153 OP_C_WRITE (DEFAULT, "apple", 5) 3154 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 3155 OP_S_READ_EXPECT (a, "apple", 5) 3156 3157 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_UNI) 3158 3159 OP_S_WRITE (a, "orange", 6) 3160 3161 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_LIMIT_ERROR,0,0) 3162 3163 OP_END 3164 }; 3165 3166 /* 28. Fault injection - received RESET_STREAM for send-only stream */ 3167 static int script_28_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr, 3168 unsigned char *buf, size_t len) 3169 { 3170 int ok = 0; 3171 WPACKET wpkt; 3172 unsigned char frame_buf[32]; 3173 size_t written; 3174 3175 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT) 3176 return 1; 3177 3178 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf, 3179 sizeof(frame_buf), 0))) 3180 return 0; 3181 3182 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word1)) 3183 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, /* stream ID */ 3184 h->inject_word0 - 1)) 3185 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, 123)) 3186 || (h->inject_word1 == OSSL_QUIC_FRAME_TYPE_RESET_STREAM 3187 && !TEST_true(WPACKET_quic_write_vlint(&wpkt, 5)))) /* final size */ 3188 goto err; 3189 3190 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written))) 3191 goto err; 3192 3193 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written)) 3194 goto err; 3195 3196 ok = 1; 3197 err: 3198 if (ok) 3199 WPACKET_finish(&wpkt); 3200 else 3201 WPACKET_cleanup(&wpkt); 3202 return ok; 3203 } 3204 3205 static const struct script_op script_28[] = { 3206 OP_S_SET_INJECT_PLAIN (script_28_inject_plain) 3207 OP_C_SET_ALPN ("ossltest") 3208 OP_C_CONNECT_WAIT () 3209 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 3210 3211 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0)) 3212 OP_C_WRITE (a, "orange", 6) 3213 3214 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 3215 OP_S_READ_EXPECT (a, "orange", 6) 3216 3217 OP_C_NEW_STREAM_UNI (b, C_UNI_ID(0)) 3218 OP_C_WRITE (b, "apple", 5) 3219 3220 OP_S_BIND_STREAM_ID (b, C_UNI_ID(0)) 3221 OP_S_READ_EXPECT (b, "apple", 5) 3222 3223 OP_SET_INJECT_WORD (C_UNI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_RESET_STREAM) 3224 OP_S_WRITE (a, "fruit", 5) 3225 3226 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR,0,0) 3227 3228 OP_END 3229 }; 3230 3231 /* 29. Fault injection - received RESET_STREAM for nonexistent send-only stream */ 3232 static const struct script_op script_29[] = { 3233 OP_S_SET_INJECT_PLAIN (script_28_inject_plain) 3234 OP_C_SET_ALPN ("ossltest") 3235 OP_C_CONNECT_WAIT () 3236 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 3237 3238 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0)) 3239 OP_C_WRITE (a, "orange", 6) 3240 3241 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 3242 OP_S_READ_EXPECT (a, "orange", 6) 3243 3244 OP_C_NEW_STREAM_UNI (b, C_UNI_ID(0)) 3245 OP_C_WRITE (b, "apple", 5) 3246 3247 OP_S_BIND_STREAM_ID (b, C_UNI_ID(0)) 3248 OP_S_READ_EXPECT (b, "apple", 5) 3249 3250 OP_SET_INJECT_WORD (C_UNI_ID(1) + 1, OSSL_QUIC_FRAME_TYPE_RESET_STREAM) 3251 OP_S_WRITE (a, "fruit", 5) 3252 3253 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR,0,0) 3254 3255 OP_END 3256 }; 3257 3258 /* 30. Fault injection - received STOP_SENDING for receive-only stream */ 3259 static const struct script_op script_30[] = { 3260 OP_S_SET_INJECT_PLAIN (script_28_inject_plain) 3261 OP_C_SET_ALPN ("ossltest") 3262 OP_C_CONNECT_WAIT () 3263 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 3264 3265 OP_S_NEW_STREAM_UNI (a, S_UNI_ID(0)) 3266 OP_S_WRITE (a, "apple", 5) 3267 3268 OP_C_ACCEPT_STREAM_WAIT (a) 3269 OP_C_READ_EXPECT (a, "apple", 5) 3270 3271 OP_SET_INJECT_WORD (S_UNI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_STOP_SENDING) 3272 OP_S_WRITE (a, "orange", 6) 3273 3274 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR,0,0) 3275 3276 OP_END 3277 }; 3278 3279 /* 31. Fault injection - received STOP_SENDING for nonexistent receive-only stream */ 3280 static const struct script_op script_31[] = { 3281 OP_S_SET_INJECT_PLAIN (script_28_inject_plain) 3282 OP_C_SET_ALPN ("ossltest") 3283 OP_C_CONNECT_WAIT () 3284 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 3285 3286 OP_S_NEW_STREAM_UNI (a, S_UNI_ID(0)) 3287 OP_S_WRITE (a, "apple", 5) 3288 3289 OP_C_ACCEPT_STREAM_WAIT (a) 3290 OP_C_READ_EXPECT (a, "apple", 5) 3291 3292 OP_SET_INJECT_WORD (C_UNI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_STOP_SENDING) 3293 OP_S_WRITE (a, "orange", 6) 3294 3295 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR,0,0) 3296 3297 OP_END 3298 }; 3299 3300 /* 32. Fault injection - STREAM frame for nonexistent stream */ 3301 static int script_32_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr, 3302 unsigned char *buf, size_t len) 3303 { 3304 int ok = 0; 3305 WPACKET wpkt; 3306 unsigned char frame_buf[64]; 3307 size_t written; 3308 uint64_t type = OSSL_QUIC_FRAME_TYPE_STREAM_OFF_LEN, offset, flen, i; 3309 3310 if (hdr->type != QUIC_PKT_TYPE_1RTT) 3311 return 1; 3312 3313 switch (h->inject_word1) { 3314 default: 3315 return 0; 3316 case 0: 3317 return 1; 3318 case 1: 3319 offset = 0; 3320 flen = 0; 3321 break; 3322 case 2: 3323 offset = (((uint64_t)1)<<62) - 1; 3324 flen = 5; 3325 break; 3326 case 3: 3327 offset = 1 * 1024 * 1024 * 1024; /* 1G */ 3328 flen = 5; 3329 break; 3330 case 4: 3331 offset = 0; 3332 flen = 1; 3333 break; 3334 } 3335 3336 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf, 3337 sizeof(frame_buf), 0))) 3338 return 0; 3339 3340 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, type)) 3341 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, /* stream ID */ 3342 h->inject_word0 - 1)) 3343 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, offset)) 3344 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, flen))) 3345 goto err; 3346 3347 for (i = 0; i < flen; ++i) 3348 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x42))) 3349 goto err; 3350 3351 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written))) 3352 goto err; 3353 3354 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written)) 3355 goto err; 3356 3357 ok = 1; 3358 err: 3359 if (ok) 3360 WPACKET_finish(&wpkt); 3361 else 3362 WPACKET_cleanup(&wpkt); 3363 return ok; 3364 } 3365 3366 static const struct script_op script_32[] = { 3367 OP_S_SET_INJECT_PLAIN (script_32_inject_plain) 3368 OP_C_SET_ALPN ("ossltest") 3369 OP_C_CONNECT_WAIT () 3370 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 3371 3372 OP_S_NEW_STREAM_UNI (a, S_UNI_ID(0)) 3373 OP_S_WRITE (a, "apple", 5) 3374 3375 OP_C_ACCEPT_STREAM_WAIT (a) 3376 OP_C_READ_EXPECT (a, "apple", 5) 3377 3378 OP_SET_INJECT_WORD (C_UNI_ID(0) + 1, 1) 3379 OP_S_WRITE (a, "orange", 6) 3380 3381 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR,0,0) 3382 3383 OP_END 3384 }; 3385 3386 /* 33. Fault injection - STREAM frame with illegal offset */ 3387 static const struct script_op script_33[] = { 3388 OP_S_SET_INJECT_PLAIN (script_32_inject_plain) 3389 OP_C_SET_ALPN ("ossltest") 3390 OP_C_CONNECT_WAIT () 3391 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 3392 3393 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0)) 3394 OP_C_WRITE (a, "apple", 5) 3395 3396 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 3397 OP_S_READ_EXPECT (a, "apple", 5) 3398 3399 OP_SET_INJECT_WORD (C_BIDI_ID(0) + 1, 2) 3400 OP_S_WRITE (a, "orange", 6) 3401 3402 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0) 3403 3404 OP_END 3405 }; 3406 3407 /* 34. Fault injection - STREAM frame which exceeds FC */ 3408 static const struct script_op script_34[] = { 3409 OP_S_SET_INJECT_PLAIN (script_32_inject_plain) 3410 OP_C_SET_ALPN ("ossltest") 3411 OP_C_CONNECT_WAIT () 3412 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 3413 3414 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0)) 3415 OP_C_WRITE (a, "apple", 5) 3416 3417 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 3418 OP_S_READ_EXPECT (a, "apple", 5) 3419 3420 OP_SET_INJECT_WORD (C_BIDI_ID(0) + 1, 3) 3421 OP_S_WRITE (a, "orange", 6) 3422 3423 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FLOW_CONTROL_ERROR,0,0) 3424 3425 OP_END 3426 }; 3427 3428 /* 35. Fault injection - MAX_STREAM_DATA for receive-only stream */ 3429 static const struct script_op script_35[] = { 3430 OP_S_SET_INJECT_PLAIN (script_28_inject_plain) 3431 OP_C_SET_ALPN ("ossltest") 3432 OP_C_CONNECT_WAIT () 3433 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 3434 3435 OP_S_NEW_STREAM_UNI (a, S_UNI_ID(0)) 3436 OP_S_WRITE (a, "apple", 5) 3437 3438 OP_C_ACCEPT_STREAM_WAIT (a) 3439 OP_C_READ_EXPECT (a, "apple", 5) 3440 3441 OP_SET_INJECT_WORD (S_UNI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA) 3442 OP_S_WRITE (a, "orange", 6) 3443 3444 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR,0,0) 3445 3446 OP_END 3447 }; 3448 3449 /* 36. Fault injection - MAX_STREAM_DATA for nonexistent stream */ 3450 static const struct script_op script_36[] = { 3451 OP_S_SET_INJECT_PLAIN (script_28_inject_plain) 3452 OP_C_SET_ALPN ("ossltest") 3453 OP_C_CONNECT_WAIT () 3454 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 3455 3456 OP_S_NEW_STREAM_UNI (a, S_UNI_ID(0)) 3457 OP_S_WRITE (a, "apple", 5) 3458 3459 OP_C_ACCEPT_STREAM_WAIT (a) 3460 OP_C_READ_EXPECT (a, "apple", 5) 3461 3462 OP_SET_INJECT_WORD (C_BIDI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA) 3463 OP_S_WRITE (a, "orange", 6) 3464 3465 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR,0,0) 3466 3467 OP_END 3468 }; 3469 3470 /* 37. Fault injection - STREAM_DATA_BLOCKED for send-only stream */ 3471 static const struct script_op script_37[] = { 3472 OP_S_SET_INJECT_PLAIN (script_28_inject_plain) 3473 OP_C_SET_ALPN ("ossltest") 3474 OP_C_CONNECT_WAIT () 3475 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 3476 3477 OP_C_NEW_STREAM_UNI (a, C_UNI_ID(0)) 3478 OP_C_WRITE (a, "apple", 5) 3479 3480 OP_S_BIND_STREAM_ID (a, C_UNI_ID(0)) 3481 OP_S_READ_EXPECT (a, "apple", 5) 3482 3483 OP_S_NEW_STREAM_UNI (b, S_UNI_ID(0)) 3484 OP_SET_INJECT_WORD (C_UNI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED) 3485 OP_S_WRITE (b, "orange", 5) 3486 3487 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR,0,0) 3488 3489 OP_END 3490 }; 3491 3492 /* 38. Fault injection - STREAM_DATA_BLOCKED for non-existent stream */ 3493 static const struct script_op script_38[] = { 3494 OP_S_SET_INJECT_PLAIN (script_28_inject_plain) 3495 OP_C_SET_ALPN ("ossltest") 3496 OP_C_CONNECT_WAIT () 3497 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 3498 3499 OP_C_NEW_STREAM_UNI (a, C_UNI_ID(0)) 3500 OP_C_WRITE (a, "apple", 5) 3501 3502 OP_S_BIND_STREAM_ID (a, C_UNI_ID(0)) 3503 OP_S_READ_EXPECT (a, "apple", 5) 3504 3505 OP_SET_INJECT_WORD (C_BIDI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED) 3506 3507 OP_S_NEW_STREAM_UNI (b, S_UNI_ID(0)) 3508 OP_S_WRITE (b, "orange", 5) 3509 3510 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR,0,0) 3511 3512 OP_END 3513 }; 3514 3515 /* 39. Fault injection - NEW_CONN_ID with zero-len CID */ 3516 static int script_39_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr, 3517 unsigned char *buf, size_t len) 3518 { 3519 int ok = 0; 3520 WPACKET wpkt; 3521 unsigned char frame_buf[64]; 3522 size_t i, written; 3523 uint64_t seq_no = 0, retire_prior_to = 0; 3524 QUIC_CONN_ID new_cid = {0}; 3525 QUIC_CHANNEL *ch = ossl_quic_tserver_get_channel(h->s_priv); 3526 3527 if (hdr->type != QUIC_PKT_TYPE_1RTT) 3528 return 1; 3529 3530 switch (h->inject_word1) { 3531 case 0: 3532 return 1; 3533 case 1: 3534 new_cid.id_len = 0; 3535 break; 3536 case 2: 3537 new_cid.id_len = 21; 3538 break; 3539 case 3: 3540 new_cid.id_len = 1; 3541 new_cid.id[0] = 0x55; 3542 3543 seq_no = 0; 3544 retire_prior_to = 1; 3545 break; 3546 case 4: 3547 /* Use our actual CID so we don't break connectivity. */ 3548 ossl_quic_channel_get_diag_local_cid(ch, &new_cid); 3549 3550 seq_no = 2; 3551 retire_prior_to = 2; 3552 break; 3553 case 5: 3554 /* 3555 * Use a bogus CID which will need to be ignored if connectivity is to 3556 * be continued. 3557 */ 3558 new_cid.id_len = 8; 3559 new_cid.id[0] = 0x55; 3560 3561 seq_no = 1; 3562 retire_prior_to = 1; 3563 break; 3564 } 3565 3566 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf, 3567 sizeof(frame_buf), 0))) 3568 return 0; 3569 3570 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID)) 3571 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, seq_no)) /* seq no */ 3572 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, retire_prior_to)) /* retire prior to */ 3573 || !TEST_true(WPACKET_put_bytes_u8(&wpkt, new_cid.id_len))) /* len */ 3574 goto err; 3575 3576 for (i = 0; i < new_cid.id_len && i < OSSL_NELEM(new_cid.id); ++i) 3577 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, new_cid.id[i]))) 3578 goto err; 3579 3580 for (; i < new_cid.id_len; ++i) 3581 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x55))) 3582 goto err; 3583 3584 for (i = 0; i < QUIC_STATELESS_RESET_TOKEN_LEN; ++i) 3585 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x42))) 3586 goto err; 3587 3588 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written))) 3589 goto err; 3590 3591 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written)) 3592 goto err; 3593 3594 ok = 1; 3595 err: 3596 if (ok) 3597 WPACKET_finish(&wpkt); 3598 else 3599 WPACKET_cleanup(&wpkt); 3600 return ok; 3601 } 3602 3603 static const struct script_op script_39[] = { 3604 OP_S_SET_INJECT_PLAIN (script_39_inject_plain) 3605 OP_C_SET_ALPN ("ossltest") 3606 OP_C_CONNECT_WAIT () 3607 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 3608 3609 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0)) 3610 OP_C_WRITE (a, "apple", 5) 3611 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 3612 OP_S_READ_EXPECT (a, "apple", 5) 3613 3614 OP_SET_INJECT_WORD (0, 1) 3615 OP_S_WRITE (a, "orange", 5) 3616 3617 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0) 3618 3619 OP_END 3620 }; 3621 3622 /* 40. Shutdown flush test */ 3623 static const unsigned char script_40_data[1024] = "strawberry"; 3624 3625 static const struct script_op script_40[] = { 3626 OP_C_SET_ALPN ("ossltest") 3627 OP_C_CONNECT_WAIT () 3628 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 3629 3630 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0)) 3631 OP_C_WRITE (a, "apple", 5) 3632 3633 OP_C_INHIBIT_TICK (1) 3634 OP_C_SET_WRITE_BUF_SIZE (a, 1024 * 100 * 3) 3635 3636 OP_BEGIN_REPEAT (100) 3637 3638 OP_C_WRITE (a, script_40_data, sizeof(script_40_data)) 3639 3640 OP_END_REPEAT () 3641 3642 OP_C_CONCLUDE (a) 3643 OP_C_SHUTDOWN_WAIT (NULL, 0) /* disengages tick inhibition */ 3644 3645 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 3646 OP_S_READ_EXPECT (a, "apple", 5) 3647 3648 OP_BEGIN_REPEAT (100) 3649 3650 OP_S_READ_EXPECT (a, script_40_data, sizeof(script_40_data)) 3651 3652 OP_END_REPEAT () 3653 3654 OP_S_EXPECT_FIN (a) 3655 3656 OP_C_EXPECT_CONN_CLOSE_INFO(0, 1, 0) 3657 OP_S_EXPECT_CONN_CLOSE_INFO(0, 1, 1) 3658 3659 OP_END 3660 }; 3661 3662 /* 41. Fault injection - PATH_CHALLENGE yields PATH_RESPONSE */ 3663 static const uint64_t path_challenge = UINT64_C(0xbdeb9451169c83aa); 3664 3665 static int script_41_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr, 3666 unsigned char *buf, size_t len) 3667 { 3668 int ok = 0; 3669 WPACKET wpkt; 3670 unsigned char frame_buf[16]; 3671 size_t written; 3672 3673 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT) 3674 return 1; 3675 3676 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf, 3677 sizeof(frame_buf), 0))) 3678 return 0; 3679 3680 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word1)) 3681 || !TEST_true(WPACKET_put_bytes_u64(&wpkt, path_challenge))) 3682 goto err; 3683 3684 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)) 3685 || !TEST_size_t_eq(written, 9)) 3686 goto err; 3687 3688 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written)) 3689 goto err; 3690 3691 --h->inject_word0; 3692 ok = 1; 3693 err: 3694 if (ok) 3695 WPACKET_finish(&wpkt); 3696 else 3697 WPACKET_cleanup(&wpkt); 3698 return ok; 3699 } 3700 3701 static void script_41_trace(int write_p, int version, int content_type, 3702 const void *buf, size_t len, SSL *ssl, void *arg) 3703 { 3704 uint64_t frame_type, frame_data; 3705 int was_minimal; 3706 struct helper *h = arg; 3707 PACKET pkt; 3708 3709 if (version != OSSL_QUIC1_VERSION 3710 || content_type != SSL3_RT_QUIC_FRAME_FULL 3711 || len < 1) 3712 return; 3713 3714 if (!TEST_true(PACKET_buf_init(&pkt, buf, len))) { 3715 ++h->scratch1; 3716 return; 3717 } 3718 3719 if (!TEST_true(ossl_quic_wire_peek_frame_header(&pkt, &frame_type, 3720 &was_minimal))) { 3721 ++h->scratch1; 3722 return; 3723 } 3724 3725 if (frame_type != OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE) 3726 return; 3727 3728 if (!TEST_true(ossl_quic_wire_decode_frame_path_response(&pkt, &frame_data)) 3729 || !TEST_uint64_t_eq(frame_data, path_challenge)) { 3730 ++h->scratch1; 3731 return; 3732 } 3733 3734 ++h->scratch0; 3735 } 3736 3737 static int script_41_setup(struct helper *h, struct helper_local *hl) 3738 { 3739 ossl_quic_tserver_set_msg_callback(ACQUIRE_S(), script_41_trace, h); 3740 return 1; 3741 } 3742 3743 static int script_41_check(struct helper *h, struct helper_local *hl) 3744 { 3745 /* At least one valid challenge/response echo? */ 3746 if (!TEST_uint64_t_gt(h->scratch0, 0)) 3747 return 0; 3748 3749 /* No failed tests? */ 3750 if (!TEST_uint64_t_eq(h->scratch1, 0)) 3751 return 0; 3752 3753 return 1; 3754 } 3755 3756 static const struct script_op script_41[] = { 3757 OP_S_SET_INJECT_PLAIN (script_41_inject_plain) 3758 OP_C_SET_ALPN ("ossltest") 3759 OP_C_CONNECT_WAIT () 3760 OP_CHECK (script_41_setup, 0) 3761 3762 OP_C_WRITE (DEFAULT, "apple", 5) 3763 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 3764 OP_S_READ_EXPECT (a, "apple", 5) 3765 3766 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_PATH_CHALLENGE) 3767 3768 OP_S_WRITE (a, "orange", 6) 3769 OP_C_READ_EXPECT (DEFAULT, "orange", 6) 3770 3771 OP_C_WRITE (DEFAULT, "strawberry", 10) 3772 OP_S_READ_EXPECT (a, "strawberry", 10) 3773 3774 OP_CHECK (script_41_check, 0) 3775 OP_END 3776 }; 3777 3778 /* 42. Fault injection - CRYPTO frame with illegal offset */ 3779 static int script_42_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr, 3780 unsigned char *buf, size_t len) 3781 { 3782 int ok = 0; 3783 unsigned char frame_buf[64]; 3784 size_t written; 3785 WPACKET wpkt; 3786 3787 if (h->inject_word0 == 0) 3788 return 1; 3789 3790 --h->inject_word0; 3791 3792 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf, 3793 sizeof(frame_buf), 0))) 3794 return 0; 3795 3796 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_FRAME_TYPE_CRYPTO)) 3797 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word1)) 3798 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, 1)) 3799 || !TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x42))) 3800 goto err; 3801 3802 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written))) 3803 goto err; 3804 3805 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written)) 3806 goto err; 3807 3808 ok = 1; 3809 err: 3810 if (ok) 3811 WPACKET_finish(&wpkt); 3812 else 3813 WPACKET_cleanup(&wpkt); 3814 return ok; 3815 } 3816 3817 static const struct script_op script_42[] = { 3818 OP_S_SET_INJECT_PLAIN (script_42_inject_plain) 3819 OP_C_SET_ALPN ("ossltest") 3820 OP_C_CONNECT_WAIT () 3821 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 3822 3823 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0)) 3824 OP_C_WRITE (a, "apple", 5) 3825 3826 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 3827 OP_S_READ_EXPECT (a, "apple", 5) 3828 3829 OP_SET_INJECT_WORD (1, (((uint64_t)1) << 62) - 1) 3830 OP_S_WRITE (a, "orange", 6) 3831 3832 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0) 3833 3834 OP_END 3835 }; 3836 3837 /* 43. Fault injection - CRYPTO frame exceeding FC */ 3838 static const struct script_op script_43[] = { 3839 OP_S_SET_INJECT_PLAIN (script_42_inject_plain) 3840 OP_C_SET_ALPN ("ossltest") 3841 OP_C_CONNECT_WAIT () 3842 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 3843 3844 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0)) 3845 OP_C_WRITE (a, "apple", 5) 3846 3847 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 3848 OP_S_READ_EXPECT (a, "apple", 5) 3849 3850 OP_SET_INJECT_WORD (1, 0x100000 /* 1 MiB */) 3851 OP_S_WRITE (a, "orange", 6) 3852 3853 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_CRYPTO_BUFFER_EXCEEDED,0,0) 3854 3855 OP_END 3856 }; 3857 3858 /* 44. Fault injection - PADDING */ 3859 static int script_44_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr, 3860 unsigned char *buf, size_t len) 3861 { 3862 int ok = 0; 3863 WPACKET wpkt; 3864 unsigned char frame_buf[16]; 3865 size_t written; 3866 3867 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT) 3868 return 1; 3869 3870 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf, 3871 sizeof(frame_buf), 0))) 3872 return 0; 3873 3874 if (!TEST_true(ossl_quic_wire_encode_padding(&wpkt, 1))) 3875 goto err; 3876 3877 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written))) 3878 goto err; 3879 3880 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written)) 3881 goto err; 3882 3883 ok = 1; 3884 err: 3885 if (ok) 3886 WPACKET_finish(&wpkt); 3887 else 3888 WPACKET_cleanup(&wpkt); 3889 return ok; 3890 } 3891 3892 static const struct script_op script_44[] = { 3893 OP_S_SET_INJECT_PLAIN (script_44_inject_plain) 3894 OP_C_SET_ALPN ("ossltest") 3895 OP_C_CONNECT_WAIT () 3896 3897 OP_C_WRITE (DEFAULT, "apple", 5) 3898 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 3899 OP_S_READ_EXPECT (a, "apple", 5) 3900 3901 OP_SET_INJECT_WORD (1, 0) 3902 3903 OP_S_WRITE (a, "Strawberry", 10) 3904 OP_C_READ_EXPECT (DEFAULT, "Strawberry", 10) 3905 3906 OP_END 3907 }; 3908 3909 /* 45. PING must generate ACK */ 3910 static int force_ping(struct helper *h, struct helper_local *hl) 3911 { 3912 QUIC_CHANNEL *ch = ossl_quic_tserver_get_channel(ACQUIRE_S()); 3913 3914 h->scratch0 = ossl_quic_channel_get_diag_num_rx_ack(ch); 3915 3916 if (!TEST_true(ossl_quic_tserver_ping(ACQUIRE_S()))) 3917 return 0; 3918 3919 return 1; 3920 } 3921 3922 static int wait_incoming_acks_increased(struct helper *h, struct helper_local *hl) 3923 { 3924 QUIC_CHANNEL *ch = ossl_quic_tserver_get_channel(ACQUIRE_S()); 3925 uint16_t count; 3926 3927 count = ossl_quic_channel_get_diag_num_rx_ack(ch); 3928 3929 if (count == h->scratch0) { 3930 h->check_spin_again = 1; 3931 return 0; 3932 } 3933 3934 return 1; 3935 } 3936 3937 static const struct script_op script_45[] = { 3938 OP_C_SET_ALPN ("ossltest") 3939 OP_C_CONNECT_WAIT () 3940 3941 OP_C_WRITE (DEFAULT, "apple", 5) 3942 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 3943 OP_S_READ_EXPECT (a, "apple", 5) 3944 3945 OP_BEGIN_REPEAT (2) 3946 3947 OP_CHECK (force_ping, 0) 3948 OP_CHECK (wait_incoming_acks_increased, 0) 3949 3950 OP_END_REPEAT () 3951 3952 OP_S_WRITE (a, "Strawberry", 10) 3953 OP_C_READ_EXPECT (DEFAULT, "Strawberry", 10) 3954 3955 OP_END 3956 }; 3957 3958 /* 46. Fault injection - ACK - malformed initial range */ 3959 static int script_46_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr, 3960 unsigned char *buf, size_t len) 3961 { 3962 int ok = 0; 3963 WPACKET wpkt; 3964 unsigned char frame_buf[16]; 3965 size_t written; 3966 uint64_t type = 0, largest_acked = 0, first_range = 0, range_count = 0; 3967 uint64_t agap = 0, alen = 0; 3968 uint64_t ect0 = 0, ect1 = 0, ecnce = 0; 3969 3970 if (h->inject_word0 == 0) 3971 return 1; 3972 3973 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf, 3974 sizeof(frame_buf), 0))) 3975 return 0; 3976 3977 type = OSSL_QUIC_FRAME_TYPE_ACK_WITHOUT_ECN; 3978 3979 switch (h->inject_word0) { 3980 case 1: 3981 largest_acked = 100; 3982 first_range = 101; 3983 range_count = 0; 3984 break; 3985 case 2: 3986 largest_acked = 100; 3987 first_range = 80; 3988 /* [20..100]; [0..18] */ 3989 range_count = 1; 3990 agap = 0; 3991 alen = 19; 3992 break; 3993 case 3: 3994 largest_acked = 100; 3995 first_range = 80; 3996 range_count = 1; 3997 agap = 18; 3998 alen = 1; 3999 break; 4000 case 4: 4001 type = OSSL_QUIC_FRAME_TYPE_ACK_WITH_ECN; 4002 largest_acked = 100; 4003 first_range = 1; 4004 range_count = 0; 4005 break; 4006 case 5: 4007 type = OSSL_QUIC_FRAME_TYPE_ACK_WITH_ECN; 4008 largest_acked = 0; 4009 first_range = 0; 4010 range_count = 0; 4011 ect0 = 0; 4012 ect1 = 50; 4013 ecnce = 200; 4014 break; 4015 } 4016 4017 h->inject_word0 = 0; 4018 4019 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, type)) 4020 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, largest_acked)) 4021 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, /*ack_delay=*/0)) 4022 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, /*ack_range_count=*/range_count)) 4023 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, /*first_ack_range=*/first_range))) 4024 goto err; 4025 4026 if (range_count > 0) 4027 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, /*range[0].gap=*/agap)) 4028 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, /*range[0].len=*/alen))) 4029 goto err; 4030 4031 if (type == OSSL_QUIC_FRAME_TYPE_ACK_WITH_ECN) 4032 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, ect0)) 4033 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, ect1)) 4034 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, ecnce))) 4035 goto err; 4036 4037 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written))) 4038 goto err; 4039 4040 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written)) 4041 goto err; 4042 4043 ok = 1; 4044 err: 4045 if (ok) 4046 WPACKET_finish(&wpkt); 4047 else 4048 WPACKET_cleanup(&wpkt); 4049 return ok; 4050 } 4051 4052 static const struct script_op script_46[] = { 4053 OP_S_SET_INJECT_PLAIN (script_46_inject_plain) 4054 OP_C_SET_ALPN ("ossltest") 4055 OP_C_CONNECT_WAIT () 4056 4057 OP_C_WRITE (DEFAULT, "apple", 5) 4058 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 4059 OP_S_READ_EXPECT (a, "apple", 5) 4060 4061 OP_SET_INJECT_WORD (1, 0) 4062 4063 OP_S_WRITE (a, "Strawberry", 10) 4064 4065 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0) 4066 4067 OP_END 4068 }; 4069 4070 /* 47. Fault injection - ACK - malformed subsequent range */ 4071 static const struct script_op script_47[] = { 4072 OP_S_SET_INJECT_PLAIN (script_46_inject_plain) 4073 OP_C_SET_ALPN ("ossltest") 4074 OP_C_CONNECT_WAIT () 4075 4076 OP_C_WRITE (DEFAULT, "apple", 5) 4077 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 4078 OP_S_READ_EXPECT (a, "apple", 5) 4079 4080 OP_SET_INJECT_WORD (2, 0) 4081 4082 OP_S_WRITE (a, "Strawberry", 10) 4083 4084 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0) 4085 4086 OP_END 4087 }; 4088 4089 /* 48. Fault injection - ACK - malformed subsequent range */ 4090 static const struct script_op script_48[] = { 4091 OP_S_SET_INJECT_PLAIN (script_46_inject_plain) 4092 OP_C_SET_ALPN ("ossltest") 4093 OP_C_CONNECT_WAIT () 4094 4095 OP_C_WRITE (DEFAULT, "apple", 5) 4096 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 4097 OP_S_READ_EXPECT (a, "apple", 5) 4098 4099 OP_SET_INJECT_WORD (3, 0) 4100 4101 OP_S_WRITE (a, "Strawberry", 10) 4102 4103 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0) 4104 4105 OP_END 4106 }; 4107 4108 /* 49. Fault injection - ACK - fictional PN */ 4109 static const struct script_op script_49[] = { 4110 OP_S_SET_INJECT_PLAIN (script_46_inject_plain) 4111 OP_C_SET_ALPN ("ossltest") 4112 OP_C_CONNECT_WAIT () 4113 4114 OP_C_WRITE (DEFAULT, "apple", 5) 4115 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 4116 OP_S_READ_EXPECT (a, "apple", 5) 4117 4118 OP_SET_INJECT_WORD (4, 0) 4119 4120 OP_S_WRITE (a, "Strawberry", 10) 4121 OP_C_READ_EXPECT (DEFAULT, "Strawberry", 10) 4122 4123 OP_END 4124 }; 4125 4126 /* 50. Fault injection - ACK - duplicate PN */ 4127 static const struct script_op script_50[] = { 4128 OP_S_SET_INJECT_PLAIN (script_46_inject_plain) 4129 OP_C_SET_ALPN ("ossltest") 4130 OP_C_CONNECT_WAIT () 4131 4132 OP_C_WRITE (DEFAULT, "apple", 5) 4133 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 4134 OP_S_READ_EXPECT (a, "apple", 5) 4135 4136 OP_BEGIN_REPEAT (2) 4137 4138 OP_SET_INJECT_WORD (5, 0) 4139 4140 OP_S_WRITE (a, "Strawberry", 10) 4141 OP_C_READ_EXPECT (DEFAULT, "Strawberry", 10) 4142 4143 OP_END_REPEAT () 4144 4145 OP_END 4146 }; 4147 4148 /* 51. Fault injection - PATH_RESPONSE is ignored */ 4149 static const struct script_op script_51[] = { 4150 OP_S_SET_INJECT_PLAIN (script_41_inject_plain) 4151 OP_C_SET_ALPN ("ossltest") 4152 OP_C_CONNECT_WAIT () 4153 4154 OP_C_WRITE (DEFAULT, "apple", 5) 4155 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 4156 OP_S_READ_EXPECT (a, "apple", 5) 4157 4158 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE) 4159 4160 OP_S_WRITE (a, "orange", 6) 4161 OP_C_READ_EXPECT (DEFAULT, "orange", 6) 4162 4163 OP_C_WRITE (DEFAULT, "Strawberry", 10) 4164 OP_S_READ_EXPECT (a, "Strawberry", 10) 4165 4166 OP_END 4167 }; 4168 4169 /* 52. Fault injection - ignore BLOCKED frames with bogus values */ 4170 static int script_52_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr, 4171 unsigned char *buf, size_t len) 4172 { 4173 int ok = 0; 4174 unsigned char frame_buf[64]; 4175 size_t written; 4176 WPACKET wpkt; 4177 uint64_t type = h->inject_word1; 4178 4179 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT) 4180 return 1; 4181 4182 --h->inject_word0; 4183 4184 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf, 4185 sizeof(frame_buf), 0))) 4186 return 0; 4187 4188 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, type))) 4189 goto err; 4190 4191 if (type == OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED) 4192 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, C_BIDI_ID(0)))) 4193 goto err; 4194 4195 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, 0xFFFFFF))) 4196 goto err; 4197 4198 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written))) 4199 goto err; 4200 4201 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written)) 4202 goto err; 4203 4204 ok = 1; 4205 err: 4206 if (ok) 4207 WPACKET_finish(&wpkt); 4208 else 4209 WPACKET_cleanup(&wpkt); 4210 return ok; 4211 } 4212 4213 static const struct script_op script_52[] = { 4214 OP_S_SET_INJECT_PLAIN (script_52_inject_plain) 4215 OP_C_SET_ALPN ("ossltest") 4216 OP_C_CONNECT_WAIT () 4217 4218 OP_C_WRITE (DEFAULT, "apple", 5) 4219 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 4220 OP_S_READ_EXPECT (a, "apple", 5) 4221 4222 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_DATA_BLOCKED) 4223 4224 OP_S_WRITE (a, "orange", 6) 4225 OP_C_READ_EXPECT (DEFAULT, "orange", 6) 4226 4227 OP_C_WRITE (DEFAULT, "Strawberry", 10) 4228 OP_S_READ_EXPECT (a, "Strawberry", 10) 4229 4230 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED) 4231 4232 OP_S_WRITE (a, "orange", 6) 4233 OP_C_READ_EXPECT (DEFAULT, "orange", 6) 4234 4235 OP_C_WRITE (DEFAULT, "Strawberry", 10) 4236 OP_S_READ_EXPECT (a, "Strawberry", 10) 4237 4238 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_UNI) 4239 4240 OP_S_WRITE (a, "orange", 6) 4241 OP_C_READ_EXPECT (DEFAULT, "orange", 6) 4242 4243 OP_C_WRITE (DEFAULT, "Strawberry", 10) 4244 OP_S_READ_EXPECT (a, "Strawberry", 10) 4245 4246 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_BIDI) 4247 4248 OP_S_WRITE (a, "orange", 6) 4249 OP_C_READ_EXPECT (DEFAULT, "orange", 6) 4250 4251 OP_C_WRITE (DEFAULT, "Strawberry", 10) 4252 OP_S_READ_EXPECT (a, "Strawberry", 10) 4253 4254 OP_END 4255 }; 4256 4257 /* 53. Fault injection - excess CRYPTO buffer size */ 4258 static int script_53_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr, 4259 unsigned char *buf, size_t len) 4260 { 4261 int ok = 0; 4262 size_t written; 4263 WPACKET wpkt; 4264 uint64_t offset = 0, data_len = 100; 4265 unsigned char *frame_buf = NULL; 4266 size_t frame_len, i; 4267 4268 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT) 4269 return 1; 4270 4271 h->inject_word0 = 0; 4272 4273 switch (h->inject_word1) { 4274 case 0: 4275 /* 4276 * Far out offset which will not have been reached during handshake. 4277 * This will not be delivered to the QUIC_TLS instance since it will be 4278 * waiting for in-order delivery of previous bytes. This tests our flow 4279 * control on CRYPTO stream buffering. 4280 */ 4281 offset = 100000; 4282 data_len = 1; 4283 break; 4284 } 4285 4286 frame_len = 1 + 8 + 8 + (size_t)data_len; 4287 if (!TEST_ptr(frame_buf = OPENSSL_malloc(frame_len))) 4288 return 0; 4289 4290 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf, frame_len, 0))) 4291 goto err; 4292 4293 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_FRAME_TYPE_CRYPTO)) 4294 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, offset)) 4295 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, data_len))) 4296 goto err; 4297 4298 for (i = 0; i < data_len; ++i) 4299 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x42))) 4300 goto err; 4301 4302 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written))) 4303 goto err; 4304 4305 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written)) 4306 goto err; 4307 4308 ok = 1; 4309 err: 4310 if (ok) 4311 WPACKET_finish(&wpkt); 4312 else 4313 WPACKET_cleanup(&wpkt); 4314 OPENSSL_free(frame_buf); 4315 return ok; 4316 } 4317 4318 static const struct script_op script_53[] = { 4319 OP_S_SET_INJECT_PLAIN (script_53_inject_plain) 4320 OP_C_SET_ALPN ("ossltest") 4321 OP_C_CONNECT_WAIT () 4322 4323 OP_C_WRITE (DEFAULT, "apple", 5) 4324 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 4325 OP_S_READ_EXPECT (a, "apple", 5) 4326 4327 OP_SET_INJECT_WORD (1, 0) 4328 OP_S_WRITE (a, "Strawberry", 10) 4329 4330 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_CRYPTO_BUFFER_EXCEEDED,0,0) 4331 4332 OP_END 4333 }; 4334 4335 /* 54. Fault injection - corrupted crypto stream data */ 4336 static int script_54_inject_handshake(struct helper *h, 4337 unsigned char *buf, size_t buf_len) 4338 { 4339 size_t i; 4340 4341 for (i = 0; i < buf_len; ++i) 4342 buf[i] ^= 0xff; 4343 4344 return 1; 4345 } 4346 4347 static const struct script_op script_54[] = { 4348 OP_S_SET_INJECT_HANDSHAKE(script_54_inject_handshake) 4349 OP_C_SET_ALPN ("ossltest") 4350 OP_C_CONNECT_WAIT_OR_FAIL() 4351 4352 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_CRYPTO_UNEXPECTED_MESSAGE,0,0) 4353 4354 OP_END 4355 }; 4356 4357 /* 55. Fault injection - NEW_CONN_ID with >20 byte CID */ 4358 static const struct script_op script_55[] = { 4359 OP_S_SET_INJECT_PLAIN (script_39_inject_plain) 4360 OP_C_SET_ALPN ("ossltest") 4361 OP_C_CONNECT_WAIT () 4362 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 4363 4364 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0)) 4365 OP_C_WRITE (a, "apple", 5) 4366 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 4367 OP_S_READ_EXPECT (a, "apple", 5) 4368 4369 OP_SET_INJECT_WORD (0, 2) 4370 OP_S_WRITE (a, "orange", 5) 4371 4372 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0) 4373 4374 OP_END 4375 }; 4376 4377 /* 56. Fault injection - NEW_CONN_ID with seq no < retire prior to */ 4378 static const struct script_op script_56[] = { 4379 OP_S_SET_INJECT_PLAIN (script_39_inject_plain) 4380 OP_C_SET_ALPN ("ossltest") 4381 OP_C_CONNECT_WAIT () 4382 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 4383 4384 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0)) 4385 OP_C_WRITE (a, "apple", 5) 4386 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 4387 OP_S_READ_EXPECT (a, "apple", 5) 4388 4389 OP_SET_INJECT_WORD (0, 3) 4390 OP_S_WRITE (a, "orange", 5) 4391 4392 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0) 4393 4394 OP_END 4395 }; 4396 4397 /* 57. Fault injection - NEW_CONN_ID with lower seq so ignored */ 4398 static const struct script_op script_57[] = { 4399 OP_S_SET_INJECT_PLAIN (script_39_inject_plain) 4400 OP_C_SET_ALPN ("ossltest") 4401 OP_C_CONNECT_WAIT () 4402 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 4403 4404 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0)) 4405 OP_C_WRITE (a, "apple", 5) 4406 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 4407 OP_S_READ_EXPECT (a, "apple", 5) 4408 4409 OP_SET_INJECT_WORD (0, 4) 4410 OP_S_WRITE (a, "orange", 5) 4411 OP_C_READ_EXPECT (a, "orange", 5) 4412 4413 OP_C_WRITE (a, "Strawberry", 10) 4414 OP_S_READ_EXPECT (a, "Strawberry", 10) 4415 4416 /* 4417 * Now we send a NEW_CONN_ID with a bogus CID. However the sequence number 4418 * is old so it should be ignored and we should still be able to 4419 * communicate. 4420 */ 4421 OP_SET_INJECT_WORD (0, 5) 4422 OP_S_WRITE (a, "raspberry", 9) 4423 OP_C_READ_EXPECT (a, "raspberry", 9) 4424 4425 OP_C_WRITE (a, "peach", 5) 4426 OP_S_READ_EXPECT (a, "peach", 5) 4427 4428 OP_END 4429 }; 4430 4431 /* 58. Fault injection - repeated HANDSHAKE_DONE */ 4432 static int script_58_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr, 4433 unsigned char *buf, size_t len) 4434 { 4435 int ok = 0; 4436 unsigned char frame_buf[64]; 4437 size_t written; 4438 WPACKET wpkt; 4439 4440 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT) 4441 return 1; 4442 4443 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf, 4444 sizeof(frame_buf), 0))) 4445 return 0; 4446 4447 if (h->inject_word0 == 1) { 4448 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_FRAME_TYPE_HANDSHAKE_DONE))) 4449 goto err; 4450 } else { 4451 /* Needless multi-byte encoding */ 4452 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x40)) 4453 || !TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x1E))) 4454 goto err; 4455 } 4456 4457 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written))) 4458 goto err; 4459 4460 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written)) 4461 goto err; 4462 4463 ok = 1; 4464 err: 4465 if (ok) 4466 WPACKET_finish(&wpkt); 4467 else 4468 WPACKET_cleanup(&wpkt); 4469 return ok; 4470 } 4471 4472 static const struct script_op script_58[] = { 4473 OP_S_SET_INJECT_PLAIN (script_58_inject_plain) 4474 OP_C_SET_ALPN ("ossltest") 4475 OP_C_CONNECT_WAIT () 4476 4477 OP_C_WRITE (DEFAULT, "apple", 5) 4478 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 4479 OP_S_READ_EXPECT (a, "apple", 5) 4480 4481 OP_SET_INJECT_WORD (1, 0) 4482 4483 OP_S_WRITE (a, "orange", 6) 4484 OP_C_READ_EXPECT (DEFAULT, "orange", 6) 4485 4486 OP_C_WRITE (DEFAULT, "Strawberry", 10) 4487 OP_S_READ_EXPECT (a, "Strawberry", 10) 4488 4489 OP_END 4490 }; 4491 4492 /* 59. Fault injection - multi-byte frame encoding */ 4493 static const struct script_op script_59[] = { 4494 OP_S_SET_INJECT_PLAIN (script_58_inject_plain) 4495 OP_C_SET_ALPN ("ossltest") 4496 OP_C_CONNECT_WAIT () 4497 4498 OP_C_WRITE (DEFAULT, "apple", 5) 4499 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 4500 OP_S_READ_EXPECT (a, "apple", 5) 4501 4502 OP_SET_INJECT_WORD (2, 0) 4503 4504 OP_S_WRITE (a, "orange", 6) 4505 4506 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_PROTOCOL_VIOLATION,0,0) 4507 4508 OP_END 4509 }; 4510 4511 /* 60. Connection close reason truncation */ 4512 static char long_reason[2048]; 4513 4514 static int init_reason(struct helper *h, struct helper_local *hl) 4515 { 4516 memset(long_reason, '~', sizeof(long_reason)); 4517 memcpy(long_reason, "This is a long reason string.", 29); 4518 long_reason[OSSL_NELEM(long_reason) - 1] = '\0'; 4519 return 1; 4520 } 4521 4522 static int check_shutdown_reason(struct helper *h, struct helper_local *hl) 4523 { 4524 const QUIC_TERMINATE_CAUSE *tc = ossl_quic_tserver_get_terminate_cause(ACQUIRE_S()); 4525 4526 if (tc == NULL) { 4527 h->check_spin_again = 1; 4528 return 0; 4529 } 4530 4531 if (!TEST_size_t_ge(tc->reason_len, 50) 4532 || !TEST_mem_eq(long_reason, tc->reason_len, 4533 tc->reason, tc->reason_len)) 4534 return 0; 4535 4536 return 1; 4537 } 4538 4539 static const struct script_op script_60[] = { 4540 OP_C_SET_ALPN ("ossltest") 4541 OP_C_CONNECT_WAIT () 4542 4543 OP_C_WRITE (DEFAULT, "apple", 5) 4544 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 4545 OP_S_READ_EXPECT (a, "apple", 5) 4546 4547 OP_CHECK (init_reason, 0) 4548 OP_C_SHUTDOWN_WAIT (long_reason, 0) 4549 OP_CHECK (check_shutdown_reason, 0) 4550 4551 OP_END 4552 }; 4553 4554 /* 61. Fault injection - RESET_STREAM exceeding stream count FC */ 4555 static int script_61_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr, 4556 unsigned char *buf, size_t len) 4557 { 4558 int ok = 0; 4559 WPACKET wpkt; 4560 unsigned char frame_buf[32]; 4561 size_t written; 4562 4563 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT) 4564 return 1; 4565 4566 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf, 4567 sizeof(frame_buf), 0))) 4568 return 0; 4569 4570 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word0)) 4571 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, /* stream ID */ 4572 h->inject_word1)) 4573 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, 123)) 4574 || (h->inject_word0 == OSSL_QUIC_FRAME_TYPE_RESET_STREAM 4575 && !TEST_true(WPACKET_quic_write_vlint(&wpkt, 0)))) /* final size */ 4576 goto err; 4577 4578 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written))) 4579 goto err; 4580 4581 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written)) 4582 goto err; 4583 4584 ok = 1; 4585 err: 4586 if (ok) 4587 WPACKET_finish(&wpkt); 4588 else 4589 WPACKET_cleanup(&wpkt); 4590 return ok; 4591 } 4592 4593 static const struct script_op script_61[] = { 4594 OP_S_SET_INJECT_PLAIN (script_61_inject_plain) 4595 OP_C_SET_ALPN ("ossltest") 4596 OP_C_CONNECT_WAIT () 4597 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 4598 4599 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0)) 4600 OP_C_WRITE (a, "orange", 6) 4601 4602 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 4603 OP_S_READ_EXPECT (a, "orange", 6) 4604 4605 OP_SET_INJECT_WORD (OSSL_QUIC_FRAME_TYPE_RESET_STREAM, 4606 S_BIDI_ID(OSSL_QUIC_VLINT_MAX / 4)) 4607 OP_S_WRITE (a, "fruit", 5) 4608 4609 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_LIMIT_ERROR,0,0) 4610 4611 OP_END 4612 }; 4613 4614 /* 62. Fault injection - STOP_SENDING with high ID */ 4615 static const struct script_op script_62[] = { 4616 OP_S_SET_INJECT_PLAIN (script_61_inject_plain) 4617 OP_C_SET_ALPN ("ossltest") 4618 OP_C_CONNECT_WAIT () 4619 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 4620 4621 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0)) 4622 OP_C_WRITE (a, "orange", 6) 4623 4624 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 4625 OP_S_READ_EXPECT (a, "orange", 6) 4626 4627 OP_SET_INJECT_WORD (OSSL_QUIC_FRAME_TYPE_STOP_SENDING, 4628 C_BIDI_ID(OSSL_QUIC_VLINT_MAX / 4)) 4629 OP_S_WRITE (a, "fruit", 5) 4630 4631 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR,0,0) 4632 4633 OP_END 4634 }; 4635 4636 /* 63. Fault injection - STREAM frame exceeding stream limit */ 4637 static const struct script_op script_63[] = { 4638 OP_S_SET_INJECT_PLAIN (script_32_inject_plain) 4639 OP_C_SET_ALPN ("ossltest") 4640 OP_C_CONNECT_WAIT () 4641 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 4642 4643 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0)) 4644 OP_C_WRITE (a, "apple", 5) 4645 4646 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 4647 OP_S_READ_EXPECT (a, "apple", 5) 4648 4649 OP_SET_INJECT_WORD (S_BIDI_ID(5000) + 1, 4) 4650 OP_S_WRITE (a, "orange", 6) 4651 4652 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_LIMIT_ERROR,0,0) 4653 4654 OP_END 4655 }; 4656 4657 /* 64. Fault injection - STREAM - zero-length no-FIN is accepted */ 4658 static const struct script_op script_64[] = { 4659 OP_S_SET_INJECT_PLAIN (script_32_inject_plain) 4660 OP_C_SET_ALPN ("ossltest") 4661 OP_C_CONNECT_WAIT () 4662 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 4663 4664 OP_S_NEW_STREAM_UNI (a, S_UNI_ID(0)) 4665 OP_S_WRITE (a, "apple", 5) 4666 4667 OP_C_ACCEPT_STREAM_WAIT (a) 4668 OP_C_READ_EXPECT (a, "apple", 5) 4669 4670 OP_SET_INJECT_WORD (S_BIDI_ID(20) + 1, 1) 4671 OP_S_WRITE (a, "orange", 6) 4672 OP_C_READ_EXPECT (a, "orange", 6) 4673 4674 OP_END 4675 }; 4676 4677 /* 65. Fault injection - CRYPTO - zero-length is accepted */ 4678 static int script_65_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr, 4679 unsigned char *buf, size_t len) 4680 { 4681 int ok = 0; 4682 unsigned char frame_buf[64]; 4683 size_t written; 4684 WPACKET wpkt; 4685 4686 if (h->inject_word0 == 0) 4687 return 1; 4688 4689 --h->inject_word0; 4690 4691 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf, 4692 sizeof(frame_buf), 0))) 4693 return 0; 4694 4695 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_FRAME_TYPE_CRYPTO)) 4696 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, 0)) 4697 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, 0))) 4698 goto err; 4699 4700 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written))) 4701 goto err; 4702 4703 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written)) 4704 goto err; 4705 4706 ok = 1; 4707 err: 4708 if (ok) 4709 WPACKET_finish(&wpkt); 4710 else 4711 WPACKET_cleanup(&wpkt); 4712 return ok; 4713 } 4714 4715 static const struct script_op script_65[] = { 4716 OP_S_SET_INJECT_PLAIN (script_65_inject_plain) 4717 OP_C_SET_ALPN ("ossltest") 4718 OP_C_CONNECT_WAIT () 4719 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 4720 4721 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0)) 4722 OP_C_WRITE (a, "apple", 5) 4723 4724 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 4725 OP_S_READ_EXPECT (a, "apple", 5) 4726 4727 OP_SET_INJECT_WORD (1, 0) 4728 OP_S_WRITE (a, "orange", 6) 4729 OP_C_READ_EXPECT (a, "orange", 6) 4730 4731 OP_END 4732 }; 4733 4734 /* 66. Fault injection - large MAX_STREAM_DATA */ 4735 static int script_66_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr, 4736 unsigned char *buf, size_t len) 4737 { 4738 int ok = 0; 4739 WPACKET wpkt; 4740 unsigned char frame_buf[64]; 4741 size_t written; 4742 4743 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT) 4744 return 1; 4745 4746 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf, 4747 sizeof(frame_buf), 0))) 4748 return 0; 4749 4750 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word1))) 4751 goto err; 4752 4753 if (h->inject_word1 == OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA) 4754 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, /* stream ID */ 4755 h->inject_word0 - 1))) 4756 goto err; 4757 4758 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_VLINT_MAX))) 4759 goto err; 4760 4761 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written))) 4762 goto err; 4763 4764 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written)) 4765 goto err; 4766 4767 ok = 1; 4768 err: 4769 if (ok) 4770 WPACKET_finish(&wpkt); 4771 else 4772 WPACKET_cleanup(&wpkt); 4773 return ok; 4774 } 4775 4776 static const struct script_op script_66[] = { 4777 OP_S_SET_INJECT_PLAIN (script_66_inject_plain) 4778 OP_C_SET_ALPN ("ossltest") 4779 OP_C_CONNECT_WAIT () 4780 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 4781 4782 OP_S_NEW_STREAM_BIDI (a, S_BIDI_ID(0)) 4783 OP_S_WRITE (a, "apple", 5) 4784 4785 OP_C_ACCEPT_STREAM_WAIT (a) 4786 OP_C_READ_EXPECT (a, "apple", 5) 4787 4788 OP_SET_INJECT_WORD (S_BIDI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA) 4789 OP_S_WRITE (a, "orange", 6) 4790 OP_C_READ_EXPECT (a, "orange", 6) 4791 OP_C_WRITE (a, "Strawberry", 10) 4792 OP_S_READ_EXPECT (a, "Strawberry", 10) 4793 4794 OP_END 4795 }; 4796 4797 /* 67. Fault injection - large MAX_DATA */ 4798 static const struct script_op script_67[] = { 4799 OP_S_SET_INJECT_PLAIN (script_66_inject_plain) 4800 OP_C_SET_ALPN ("ossltest") 4801 OP_C_CONNECT_WAIT () 4802 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 4803 4804 OP_S_NEW_STREAM_BIDI (a, S_BIDI_ID(0)) 4805 OP_S_WRITE (a, "apple", 5) 4806 4807 OP_C_ACCEPT_STREAM_WAIT (a) 4808 OP_C_READ_EXPECT (a, "apple", 5) 4809 4810 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_MAX_DATA) 4811 OP_S_WRITE (a, "orange", 6) 4812 OP_C_READ_EXPECT (a, "orange", 6) 4813 OP_C_WRITE (a, "Strawberry", 10) 4814 OP_S_READ_EXPECT (a, "Strawberry", 10) 4815 4816 OP_END 4817 }; 4818 4819 /* 68. Fault injection - Unexpected TLS messages */ 4820 static int script_68_inject_handshake(struct helper *h, unsigned char *msg, 4821 size_t msglen) 4822 { 4823 const unsigned char *data; 4824 size_t datalen; 4825 const unsigned char certreq[] = { 4826 SSL3_MT_CERTIFICATE_REQUEST, /* CertificateRequest message */ 4827 0, 0, 12, /* Length of message */ 4828 1, 1, /* certificate_request_context */ 4829 0, 8, /* Extensions block length */ 4830 0, TLSEXT_TYPE_signature_algorithms, /* sig_algs extension*/ 4831 0, 4, /* 4 bytes of sig algs extension*/ 4832 0, 2, /* sigalgs list is 2 bytes long */ 4833 8, 4 /* rsa_pss_rsae_sha256 */ 4834 }; 4835 const unsigned char keyupdate[] = { 4836 SSL3_MT_KEY_UPDATE, /* KeyUpdate message */ 4837 0, 0, 1, /* Length of message */ 4838 SSL_KEY_UPDATE_NOT_REQUESTED /* update_not_requested */ 4839 }; 4840 4841 /* We transform the NewSessionTicket message into something else */ 4842 switch(h->inject_word0) { 4843 case 0: 4844 return 1; 4845 4846 case 1: 4847 /* CertificateRequest message */ 4848 data = certreq; 4849 datalen = sizeof(certreq); 4850 break; 4851 4852 case 2: 4853 /* KeyUpdate message */ 4854 data = keyupdate; 4855 datalen = sizeof(keyupdate); 4856 break; 4857 4858 default: 4859 return 0; 4860 } 4861 4862 if (!TEST_true(qtest_fault_resize_message(h->qtf, 4863 datalen - SSL3_HM_HEADER_LENGTH))) 4864 return 0; 4865 4866 memcpy(msg, data, datalen); 4867 4868 return 1; 4869 } 4870 4871 /* Send a CerticateRequest message post-handshake */ 4872 static const struct script_op script_68[] = { 4873 OP_S_SET_INJECT_HANDSHAKE(script_68_inject_handshake) 4874 OP_C_SET_ALPN ("ossltest") 4875 OP_C_CONNECT_WAIT () 4876 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 4877 4878 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0)) 4879 OP_C_WRITE (a, "apple", 5) 4880 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 4881 OP_S_READ_EXPECT (a, "apple", 5) 4882 4883 OP_SET_INJECT_WORD (1, 0) 4884 OP_S_NEW_TICKET () 4885 OP_S_WRITE (a, "orange", 6) 4886 4887 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_PROTOCOL_VIOLATION, 0, 0) 4888 4889 OP_END 4890 }; 4891 4892 /* 69. Send a TLS KeyUpdate message post-handshake */ 4893 static const struct script_op script_69[] = { 4894 OP_S_SET_INJECT_HANDSHAKE(script_68_inject_handshake) 4895 OP_C_SET_ALPN ("ossltest") 4896 OP_C_CONNECT_WAIT () 4897 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 4898 4899 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0)) 4900 OP_C_WRITE (a, "apple", 5) 4901 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 4902 OP_S_READ_EXPECT (a, "apple", 5) 4903 4904 OP_SET_INJECT_WORD (2, 0) 4905 OP_S_NEW_TICKET () 4906 OP_S_WRITE (a, "orange", 6) 4907 4908 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_CRYPTO_ERR_BEGIN 4909 + SSL_AD_UNEXPECTED_MESSAGE, 0, 0) 4910 4911 OP_END 4912 }; 4913 4914 static int set_max_early_data(struct helper *h, struct helper_local *hl) 4915 { 4916 4917 if (!TEST_true(ossl_quic_tserver_set_max_early_data(ACQUIRE_S(), 4918 (uint32_t)hl->check_op->arg2))) 4919 return 0; 4920 4921 return 1; 4922 } 4923 4924 /* 70. Send a TLS NewSessionTicket message with invalid max_early_data */ 4925 static const struct script_op script_70[] = { 4926 OP_C_SET_ALPN ("ossltest") 4927 OP_C_CONNECT_WAIT () 4928 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 4929 4930 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0)) 4931 OP_C_WRITE (a, "apple", 5) 4932 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 4933 OP_S_READ_EXPECT (a, "apple", 5) 4934 4935 OP_CHECK (set_max_early_data, 0xfffffffe) 4936 OP_S_NEW_TICKET () 4937 OP_S_WRITE (a, "orange", 6) 4938 4939 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_PROTOCOL_VIOLATION, 0, 0) 4940 4941 OP_END 4942 }; 4943 4944 /* 71. Send a TLS NewSessionTicket message with valid max_early_data */ 4945 static const struct script_op script_71[] = { 4946 OP_C_SET_ALPN ("ossltest") 4947 OP_C_CONNECT_WAIT () 4948 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 4949 4950 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0)) 4951 OP_C_WRITE (a, "apple", 5) 4952 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 4953 OP_S_READ_EXPECT (a, "apple", 5) 4954 4955 OP_CHECK (set_max_early_data, 0xffffffff) 4956 OP_S_NEW_TICKET () 4957 OP_S_WRITE (a, "orange", 6) 4958 OP_C_READ_EXPECT (a, "orange", 6) 4959 4960 OP_END 4961 }; 4962 4963 /* 72. Test that APL stops handing out streams after limit reached (bidi) */ 4964 static int script_72_check(struct helper *h, struct helper_local *hl) 4965 { 4966 if (!TEST_uint64_t_ge(h->fail_count, 50)) 4967 return 0; 4968 4969 return 1; 4970 } 4971 4972 static const struct script_op script_72[] = { 4973 OP_C_SET_ALPN ("ossltest") 4974 OP_C_CONNECT_WAIT () 4975 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 4976 4977 /* 4978 * Request more streams than a server will initially hand out and test that 4979 * they fail properly. 4980 */ 4981 OP_BEGIN_REPEAT (200) 4982 4983 OP_C_NEW_STREAM_BIDI_EX (a, ANY_ID, ALLOW_FAIL | SSL_STREAM_FLAG_NO_BLOCK) 4984 OP_C_SKIP_IF_UNBOUND (a, 2) 4985 OP_C_WRITE (a, "apple", 5) 4986 OP_C_FREE_STREAM (a) 4987 4988 OP_END_REPEAT () 4989 4990 OP_CHECK (script_72_check, 0) 4991 4992 OP_END 4993 }; 4994 4995 /* 73. Test that APL stops handing out streams after limit reached (uni) */ 4996 static const struct script_op script_73[] = { 4997 OP_C_SET_ALPN ("ossltest") 4998 OP_C_CONNECT_WAIT () 4999 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 5000 5001 /* 5002 * Request more streams than a server will initially hand out and test that 5003 * they fail properly. 5004 */ 5005 OP_BEGIN_REPEAT (200) 5006 5007 OP_C_NEW_STREAM_UNI_EX (a, ANY_ID, ALLOW_FAIL | SSL_STREAM_FLAG_NO_BLOCK) 5008 OP_C_SKIP_IF_UNBOUND (a, 2) 5009 OP_C_WRITE (a, "apple", 5) 5010 OP_C_FREE_STREAM (a) 5011 5012 OP_END_REPEAT () 5013 5014 OP_CHECK (script_72_check, 0) 5015 5016 OP_END 5017 }; 5018 5019 /* 74. Version negotiation: QUIC_VERSION_1 ignored */ 5020 static int generate_version_neg(WPACKET *wpkt, uint32_t version) 5021 { 5022 QUIC_PKT_HDR hdr = {0}; 5023 5024 hdr.type = QUIC_PKT_TYPE_VERSION_NEG; 5025 hdr.version = 0; 5026 hdr.fixed = 1; 5027 hdr.dst_conn_id.id_len = 0; 5028 hdr.src_conn_id.id_len = 8; 5029 memset(hdr.src_conn_id.id, 0x55, 8); 5030 5031 if (!TEST_true(ossl_quic_wire_encode_pkt_hdr(wpkt, 0, &hdr, NULL))) 5032 return 0; 5033 5034 if (!TEST_true(WPACKET_put_bytes_u32(wpkt, version))) 5035 return 0; 5036 5037 return 1; 5038 } 5039 5040 static int server_gen_version_neg(struct helper *h, BIO_MSG *msg, size_t stride) 5041 { 5042 int rc = 0, have_wpkt = 0; 5043 size_t l; 5044 WPACKET wpkt; 5045 BUF_MEM *buf = NULL; 5046 uint32_t version; 5047 5048 switch (h->inject_word0) { 5049 case 0: 5050 return 1; 5051 case 1: 5052 version = QUIC_VERSION_1; 5053 break; 5054 default: 5055 version = 0x5432abcd; 5056 break; 5057 } 5058 5059 if (!TEST_ptr(buf = BUF_MEM_new())) 5060 goto err; 5061 5062 if (!TEST_true(WPACKET_init(&wpkt, buf))) 5063 goto err; 5064 5065 have_wpkt = 1; 5066 5067 generate_version_neg(&wpkt, version); 5068 5069 if (!TEST_true(WPACKET_get_total_written(&wpkt, &l))) 5070 goto err; 5071 5072 if (!TEST_true(qtest_fault_resize_datagram(h->qtf, l))) 5073 return 0; 5074 5075 memcpy(msg->data, buf->data, l); 5076 h->inject_word0 = 0; 5077 5078 rc = 1; 5079 err: 5080 if (have_wpkt) 5081 WPACKET_finish(&wpkt); 5082 5083 BUF_MEM_free(buf); 5084 return rc; 5085 } 5086 5087 static int do_mutation = 0; 5088 static QUIC_PKT_HDR *hdr_to_free = NULL; 5089 5090 /* 5091 * Check packets to transmit, if we have an initial packet 5092 * Modify the version number to something incorrect 5093 * so that we trigger a version negotiation 5094 * Note, this is a use once function, it will only modify the 5095 * first INITIAL packet it sees, after which it needs to be 5096 * armed again 5097 */ 5098 static int script_74_alter_version(const QUIC_PKT_HDR *hdrin, 5099 const OSSL_QTX_IOVEC *iovecin, size_t numin, 5100 QUIC_PKT_HDR **hdrout, 5101 const OSSL_QTX_IOVEC **iovecout, 5102 size_t *numout, 5103 void *arg) 5104 { 5105 *hdrout = OPENSSL_memdup(hdrin, sizeof(QUIC_PKT_HDR)); 5106 *iovecout = iovecin; 5107 *numout = numin; 5108 hdr_to_free = *hdrout; 5109 5110 if (do_mutation == 0) 5111 return 1; 5112 do_mutation = 0; 5113 5114 if (hdrin->type == QUIC_PKT_TYPE_INITIAL) 5115 (*hdrout)->version = 0xdeadbeef; 5116 return 1; 5117 } 5118 5119 static void script_74_finish_mutation(void *arg) 5120 { 5121 OPENSSL_free(hdr_to_free); 5122 } 5123 5124 /* 5125 * Enable the packet mutator for the client channel 5126 * So that when we send a Initial packet 5127 * We modify the version to be something invalid 5128 * to force a version negotiation 5129 */ 5130 static int script_74_arm_packet_mutator(struct helper *h, 5131 struct helper_local *hl) 5132 { 5133 QUIC_CHANNEL *ch = ossl_quic_conn_get_channel(h->c_conn); 5134 5135 do_mutation = 1; 5136 if (!ossl_quic_channel_set_mutator(ch, script_74_alter_version, 5137 script_74_finish_mutation, 5138 NULL)) 5139 return 0; 5140 return 1; 5141 } 5142 5143 static const struct script_op script_74[] = { 5144 OP_CHECK (script_74_arm_packet_mutator, 0) 5145 OP_C_SET_ALPN ("ossltest") 5146 OP_C_CONNECT_WAIT () 5147 5148 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 5149 5150 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0)) 5151 OP_C_WRITE (a, "apple", 5) 5152 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 5153 OP_S_READ_EXPECT (a, "apple", 5) 5154 5155 OP_END 5156 }; 5157 5158 /* 75. Version negotiation: Unknown version causes connection abort */ 5159 static const struct script_op script_75[] = { 5160 OP_S_SET_INJECT_DATAGRAM (server_gen_version_neg) 5161 OP_SET_INJECT_WORD (2, 0) 5162 5163 OP_C_SET_ALPN ("ossltest") 5164 OP_C_CONNECT_WAIT_OR_FAIL() 5165 5166 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_CONNECTION_REFUSED,0,0) 5167 5168 OP_END 5169 }; 5170 5171 /* 76. Test peer-initiated shutdown wait */ 5172 static int script_76_check(struct helper *h, struct helper_local *hl) 5173 { 5174 if (!TEST_false(SSL_shutdown_ex(h->c_conn, 5175 SSL_SHUTDOWN_FLAG_WAIT_PEER 5176 | SSL_SHUTDOWN_FLAG_NO_BLOCK, 5177 NULL, 0))) 5178 return 0; 5179 5180 return 1; 5181 } 5182 5183 static const struct script_op script_76[] = { 5184 OP_C_SET_ALPN ("ossltest") 5185 OP_C_CONNECT_WAIT () 5186 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 5187 5188 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0)) 5189 OP_C_WRITE (a, "apple", 5) 5190 5191 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 5192 OP_S_READ_EXPECT (a, "apple", 5) 5193 5194 /* Check a WAIT_PEER call doesn't succeed yet. */ 5195 OP_CHECK (script_76_check, 0) 5196 OP_S_SHUTDOWN (42) 5197 5198 OP_C_SHUTDOWN_WAIT (NULL, SSL_SHUTDOWN_FLAG_WAIT_PEER) 5199 OP_C_EXPECT_CONN_CLOSE_INFO(42, 1, 1) 5200 5201 OP_END 5202 }; 5203 5204 /* 77. Ensure default stream popping operates correctly */ 5205 static const struct script_op script_77[] = { 5206 OP_C_SET_ALPN ("ossltest") 5207 OP_C_CONNECT_WAIT () 5208 5209 OP_C_SET_INCOMING_STREAM_POLICY(SSL_INCOMING_STREAM_POLICY_ACCEPT) 5210 5211 OP_S_NEW_STREAM_BIDI (a, S_BIDI_ID(0)) 5212 OP_S_WRITE (a, "Strawberry", 10) 5213 5214 OP_C_READ_EXPECT (DEFAULT, "Strawberry", 10) 5215 5216 OP_S_NEW_STREAM_BIDI (b, S_BIDI_ID(1)) 5217 OP_S_WRITE (b, "xyz", 3) 5218 5219 OP_C_ACCEPT_STREAM_WAIT (b) 5220 OP_C_READ_EXPECT (b, "xyz", 3) 5221 5222 OP_END 5223 }; 5224 5225 /* 78. Post-connection session ticket handling */ 5226 static size_t new_session_count; 5227 5228 static int on_new_session(SSL *s, SSL_SESSION *sess) 5229 { 5230 ++new_session_count; 5231 return 0; /* do not ref session, we aren't keeping it */ 5232 } 5233 5234 static int setup_session(struct helper *h, struct helper_local *hl) 5235 { 5236 SSL_CTX_set_session_cache_mode(h->c_ctx, SSL_SESS_CACHE_BOTH); 5237 SSL_CTX_sess_set_new_cb(h->c_ctx, on_new_session); 5238 return 1; 5239 } 5240 5241 static int trigger_late_session_ticket(struct helper *h, struct helper_local *hl) 5242 { 5243 new_session_count = 0; 5244 5245 if (!TEST_true(ossl_quic_tserver_new_ticket(ACQUIRE_S()))) 5246 return 0; 5247 5248 return 1; 5249 } 5250 5251 static int check_got_session_ticket(struct helper *h, struct helper_local *hl) 5252 { 5253 if (!TEST_size_t_gt(new_session_count, 0)) 5254 return 0; 5255 5256 return 1; 5257 } 5258 5259 static int check_idle_timeout(struct helper *h, struct helper_local *hl); 5260 5261 static const struct script_op script_78[] = { 5262 OP_C_SET_ALPN ("ossltest") 5263 OP_CHECK (setup_session, 0) 5264 OP_C_CONNECT_WAIT () 5265 5266 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 5267 5268 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0)) 5269 OP_C_WRITE (a, "apple", 5) 5270 5271 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 5272 OP_S_READ_EXPECT (a, "apple", 5) 5273 5274 OP_S_WRITE (a, "orange", 6) 5275 OP_C_READ_EXPECT (a, "orange", 6) 5276 5277 OP_CHECK (trigger_late_session_ticket, 0) 5278 5279 OP_S_WRITE (a, "Strawberry", 10) 5280 OP_C_READ_EXPECT (a, "Strawberry", 10) 5281 5282 OP_CHECK (check_got_session_ticket, 0) 5283 OP_CHECK2 (check_idle_timeout, 5284 SSL_VALUE_CLASS_FEATURE_NEGOTIATED, 30000) 5285 5286 OP_END 5287 }; 5288 5289 /* 79. Optimised FIN test */ 5290 static const struct script_op script_79[] = { 5291 OP_C_SET_ALPN ("ossltest") 5292 OP_C_CONNECT_WAIT () 5293 OP_C_WRITE_EX2 (DEFAULT, "apple", 5, SSL_WRITE_FLAG_CONCLUDE) 5294 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 5295 OP_S_READ_EXPECT (a, "apple", 5) 5296 OP_S_EXPECT_FIN (a) 5297 OP_S_WRITE (a, "orange", 6) 5298 OP_S_CONCLUDE (a) 5299 OP_C_READ_EXPECT (DEFAULT, "orange", 6) 5300 OP_C_EXPECT_FIN (DEFAULT) 5301 OP_END 5302 }; 5303 5304 /* 80. Stateless reset detection test */ 5305 static QUIC_STATELESS_RESET_TOKEN test_reset_token = { 5306 { 0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef, 5307 0xde, 0xad, 0xbe, 0xef }}; 5308 5309 /* 5310 * Generate a packet in the following format: 5311 * https://www.rfc-editor.org/rfc/rfc9000.html#name-stateless-reset 5312 * Stateless Reset { 5313 * Fixed Bits (2): 1 5314 * Unpredictable bits (38..) 5315 * Stateless reset token (128) 5316 * } 5317 */ 5318 static int script_80_send_stateless_reset(struct helper *h, QUIC_PKT_HDR *hdr, 5319 unsigned char *buf, size_t len) 5320 { 5321 unsigned char databuf[64]; 5322 5323 if (h->inject_word1 == 0) 5324 return 1; 5325 5326 h->inject_word1 = 0; 5327 5328 fprintf(stderr, "Sending stateless reset\n"); 5329 5330 RAND_bytes(databuf, 64); 5331 databuf[0] = 0x40; 5332 memcpy(&databuf[48], test_reset_token.token, 5333 sizeof(test_reset_token.token)); 5334 5335 if (!TEST_int_eq(SSL_inject_net_dgram(h->c_conn, databuf, sizeof(databuf), 5336 NULL, h->s_net_bio_addr), 1)) 5337 return 0; 5338 5339 return 1; 5340 } 5341 5342 static int script_80_gen_new_conn_id(struct helper *h, QUIC_PKT_HDR *hdr, 5343 unsigned char *buf, size_t len) 5344 { 5345 int rc = 0; 5346 size_t l; 5347 unsigned char frame_buf[64]; 5348 WPACKET wpkt; 5349 QUIC_CONN_ID new_cid = {0}; 5350 OSSL_QUIC_FRAME_NEW_CONN_ID ncid = {0}; 5351 QUIC_CHANNEL *ch = ossl_quic_tserver_get_channel(ACQUIRE_S_NOHL()); 5352 5353 if (h->inject_word0 == 0) 5354 return 1; 5355 5356 h->inject_word0 = 0; 5357 5358 fprintf(stderr, "sending new conn id\n"); 5359 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf, 5360 sizeof(frame_buf), 0))) 5361 return 0; 5362 5363 ossl_quic_channel_get_diag_local_cid(ch, &new_cid); 5364 5365 ncid.seq_num = 2; 5366 ncid.retire_prior_to = 2; 5367 ncid.conn_id = new_cid; 5368 memcpy(ncid.stateless_reset.token, test_reset_token.token, 5369 sizeof(test_reset_token.token)); 5370 5371 if (!TEST_true(ossl_quic_wire_encode_frame_new_conn_id(&wpkt, &ncid))) 5372 goto err; 5373 5374 if (!TEST_true(WPACKET_get_total_written(&wpkt, &l))) 5375 goto err; 5376 5377 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, l)) 5378 goto err; 5379 5380 rc = 1; 5381 err: 5382 if (rc) 5383 WPACKET_finish(&wpkt); 5384 else 5385 WPACKET_cleanup(&wpkt); 5386 5387 return rc; 5388 } 5389 5390 static int script_80_inject_pkt(struct helper *h, QUIC_PKT_HDR *hdr, 5391 unsigned char *buf, size_t len) 5392 { 5393 if (h->inject_word1 == 1) 5394 return script_80_send_stateless_reset(h, hdr, buf, len); 5395 else if (h->inject_word0 == 1) 5396 return script_80_gen_new_conn_id(h, hdr, buf, len); 5397 5398 return 1; 5399 } 5400 5401 static const struct script_op script_80[] = { 5402 OP_S_SET_INJECT_PLAIN (script_80_inject_pkt) 5403 OP_C_SET_ALPN ("ossltest") 5404 OP_C_CONNECT_WAIT () 5405 OP_C_WRITE (DEFAULT, "apple", 5) 5406 OP_C_CONCLUDE (DEFAULT) 5407 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 5408 OP_S_READ_EXPECT (a, "apple", 5) 5409 OP_SET_INJECT_WORD (1, 0) 5410 OP_S_WRITE (a, "apple", 5) 5411 OP_C_READ_EXPECT (DEFAULT, "apple", 5) 5412 OP_SET_INJECT_WORD (0, 1) 5413 OP_S_WRITE (a, "apple", 5) 5414 OP_C_EXPECT_CONN_CLOSE_INFO (0, 0, 1) 5415 OP_END 5416 }; 5417 5418 /* 81. Idle timeout configuration */ 5419 static int modify_idle_timeout(struct helper *h, struct helper_local *hl) 5420 { 5421 uint64_t v = 0; 5422 5423 /* Test bad value is rejected. */ 5424 if (!TEST_false(SSL_set_feature_request_uint(h->c_conn, 5425 SSL_VALUE_QUIC_IDLE_TIMEOUT, 5426 (1ULL << 62)))) 5427 return 0; 5428 5429 /* Set value. */ 5430 if (!TEST_true(SSL_set_feature_request_uint(h->c_conn, 5431 SSL_VALUE_QUIC_IDLE_TIMEOUT, 5432 hl->check_op->arg2))) 5433 return 0; 5434 5435 if (!TEST_true(SSL_get_feature_request_uint(h->c_conn, 5436 SSL_VALUE_QUIC_IDLE_TIMEOUT, 5437 &v))) 5438 return 0; 5439 5440 if (!TEST_uint64_t_eq(v, hl->check_op->arg2)) 5441 return 0; 5442 5443 return 1; 5444 } 5445 5446 static int check_idle_timeout(struct helper *h, struct helper_local *hl) 5447 { 5448 uint64_t v = 0; 5449 5450 if (!TEST_true(SSL_get_value_uint(h->c_conn, hl->check_op->arg1, 5451 SSL_VALUE_QUIC_IDLE_TIMEOUT, 5452 &v))) 5453 return 0; 5454 5455 if (!TEST_uint64_t_eq(v, hl->check_op->arg2)) 5456 return 0; 5457 5458 return 1; 5459 } 5460 5461 static const struct script_op script_81[] = { 5462 OP_C_SET_ALPN ("ossltest") 5463 OP_CHECK (modify_idle_timeout, 25000) 5464 OP_C_CONNECT_WAIT () 5465 5466 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 5467 5468 OP_CHECK2 (check_idle_timeout, 5469 SSL_VALUE_CLASS_FEATURE_PEER_REQUEST, 30000) 5470 OP_CHECK2 (check_idle_timeout, 5471 SSL_VALUE_CLASS_FEATURE_NEGOTIATED, 25000) 5472 5473 OP_END 5474 }; 5475 5476 /* 82. Negotiated default idle timeout if not configured */ 5477 static const struct script_op script_82[] = { 5478 OP_C_SET_ALPN ("ossltest") 5479 OP_C_CONNECT_WAIT () 5480 5481 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 5482 5483 OP_CHECK2 (check_idle_timeout, 5484 SSL_VALUE_CLASS_FEATURE_PEER_REQUEST, 30000) 5485 OP_CHECK2 (check_idle_timeout, 5486 SSL_VALUE_CLASS_FEATURE_NEGOTIATED, 30000) 5487 5488 OP_END 5489 }; 5490 5491 /* 83. No late changes to idle timeout */ 5492 static int cannot_change_idle_timeout(struct helper *h, struct helper_local *hl) 5493 { 5494 uint64_t v = 0; 5495 5496 if (!TEST_true(SSL_get_feature_request_uint(h->c_conn, 5497 SSL_VALUE_QUIC_IDLE_TIMEOUT, 5498 &v))) 5499 return 0; 5500 5501 if (!TEST_uint64_t_eq(v, 30000)) 5502 return 0; 5503 5504 if (!TEST_false(SSL_set_feature_request_uint(h->c_conn, 5505 SSL_VALUE_QUIC_IDLE_TIMEOUT, 5506 5000))) 5507 return 0; 5508 5509 return 1; 5510 } 5511 5512 static const struct script_op script_83[] = { 5513 OP_C_SET_ALPN ("ossltest") 5514 OP_C_CONNECT_WAIT () 5515 5516 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 5517 5518 OP_CHECK (cannot_change_idle_timeout, 0) 5519 OP_CHECK2 (check_idle_timeout, 5520 SSL_VALUE_CLASS_FEATURE_PEER_REQUEST, 30000) 5521 OP_CHECK2 (check_idle_timeout, 5522 SSL_VALUE_CLASS_FEATURE_NEGOTIATED, 30000) 5523 5524 OP_END 5525 }; 5526 5527 /* 84. Test query of available streams */ 5528 static int check_avail_streams(struct helper *h, struct helper_local *hl) 5529 { 5530 uint64_t v = 0; 5531 5532 switch (hl->check_op->arg1) { 5533 case 0: 5534 if (!TEST_true(SSL_get_quic_stream_bidi_local_avail(h->c_conn, &v))) 5535 return 0; 5536 break; 5537 case 1: 5538 if (!TEST_true(SSL_get_quic_stream_bidi_remote_avail(h->c_conn, &v))) 5539 return 0; 5540 break; 5541 case 2: 5542 if (!TEST_true(SSL_get_quic_stream_uni_local_avail(h->c_conn, &v))) 5543 return 0; 5544 break; 5545 case 3: 5546 if (!TEST_true(SSL_get_quic_stream_uni_remote_avail(h->c_conn, &v))) 5547 return 0; 5548 break; 5549 default: 5550 return 0; 5551 } 5552 5553 if (!TEST_uint64_t_eq(v, hl->check_op->arg2)) 5554 return 0; 5555 5556 return 1; 5557 } 5558 5559 static int set_event_handling_mode_conn(struct helper *h, struct helper_local *hl); 5560 static int reenable_test_event_handling(struct helper *h, struct helper_local *hl); 5561 5562 static int check_write_buf_stat(struct helper *h, struct helper_local *hl) 5563 { 5564 SSL *c_a; 5565 uint64_t size, used, avail; 5566 5567 if (!TEST_ptr(c_a = helper_local_get_c_stream(hl, "a"))) 5568 return 0; 5569 5570 if (!TEST_true(SSL_get_stream_write_buf_size(c_a, &size)) 5571 || !TEST_true(SSL_get_stream_write_buf_used(c_a, &used)) 5572 || !TEST_true(SSL_get_stream_write_buf_avail(c_a, &avail)) 5573 || !TEST_uint64_t_ge(size, avail) 5574 || !TEST_uint64_t_ge(size, used) 5575 || !TEST_uint64_t_eq(avail + used, size)) 5576 return 0; 5577 5578 if (!TEST_uint64_t_eq(used, hl->check_op->arg1)) 5579 return 0; 5580 5581 return 1; 5582 } 5583 5584 static const struct script_op script_84[] = { 5585 OP_C_SET_ALPN ("ossltest") 5586 OP_C_CONNECT_WAIT () 5587 5588 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 5589 5590 OP_CHECK2 (check_avail_streams, 0, 100) 5591 OP_CHECK2 (check_avail_streams, 1, 100) 5592 OP_CHECK2 (check_avail_streams, 2, 100) 5593 OP_CHECK2 (check_avail_streams, 3, 100) 5594 5595 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0)) 5596 5597 OP_CHECK2 (check_avail_streams, 0, 99) 5598 OP_CHECK2 (check_avail_streams, 1, 100) 5599 OP_CHECK2 (check_avail_streams, 2, 100) 5600 OP_CHECK2 (check_avail_streams, 3, 100) 5601 5602 OP_C_NEW_STREAM_UNI (b, C_UNI_ID(0)) 5603 5604 OP_CHECK2 (check_avail_streams, 0, 99) 5605 OP_CHECK2 (check_avail_streams, 1, 100) 5606 OP_CHECK2 (check_avail_streams, 2, 99) 5607 OP_CHECK2 (check_avail_streams, 3, 100) 5608 5609 OP_S_NEW_STREAM_BIDI (c, S_BIDI_ID(0)) 5610 OP_S_WRITE (c, "x", 1) 5611 5612 OP_C_ACCEPT_STREAM_WAIT (c) 5613 OP_C_READ_EXPECT (c, "x", 1) 5614 5615 OP_CHECK2 (check_avail_streams, 0, 99) 5616 OP_CHECK2 (check_avail_streams, 1, 99) 5617 OP_CHECK2 (check_avail_streams, 2, 99) 5618 OP_CHECK2 (check_avail_streams, 3, 100) 5619 5620 OP_S_NEW_STREAM_UNI (d, S_UNI_ID(0)) 5621 OP_S_WRITE (d, "x", 1) 5622 5623 OP_C_ACCEPT_STREAM_WAIT (d) 5624 OP_C_READ_EXPECT (d, "x", 1) 5625 5626 OP_CHECK2 (check_avail_streams, 0, 99) 5627 OP_CHECK2 (check_avail_streams, 1, 99) 5628 OP_CHECK2 (check_avail_streams, 2, 99) 5629 OP_CHECK2 (check_avail_streams, 3, 99) 5630 5631 OP_CHECK2 (check_write_buf_stat, 0, 0) 5632 OP_CHECK (set_event_handling_mode_conn, 5633 SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT) 5634 OP_C_WRITE (a, "apple", 5) 5635 OP_CHECK2 (check_write_buf_stat, 5, 0) 5636 5637 OP_CHECK (reenable_test_event_handling, 0) 5638 5639 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 5640 OP_S_READ_EXPECT (a, "apple", 5) 5641 OP_S_WRITE (a, "orange", 6) 5642 OP_C_READ_EXPECT (a, "orange", 6) 5643 5644 OP_END 5645 }; 5646 5647 /* 85. Test SSL_poll (lite, non-blocking) */ 5648 ossl_unused static int script_85_poll(struct helper *h, struct helper_local *hl) 5649 { 5650 int ok = 1, ret, expected_ret = 1; 5651 static const struct timeval timeout = {0}; 5652 size_t result_count, expected_result_count = 0; 5653 SSL_POLL_ITEM items[5] = {0}, *item = items; 5654 SSL *c_a, *c_b, *c_c, *c_d; 5655 size_t i; 5656 uint64_t mode, expected_revents[5] = {0}; 5657 5658 if (!TEST_ptr(c_a = helper_local_get_c_stream(hl, "a")) 5659 || !TEST_ptr(c_b = helper_local_get_c_stream(hl, "b")) 5660 || !TEST_ptr(c_c = helper_local_get_c_stream(hl, "c")) 5661 || !TEST_ptr(c_d = helper_local_get_c_stream(hl, "d"))) 5662 return 0; 5663 5664 item->desc = SSL_as_poll_descriptor(c_a); 5665 item->events = UINT64_MAX; 5666 item->revents = UINT64_MAX; 5667 ++item; 5668 5669 item->desc = SSL_as_poll_descriptor(c_b); 5670 item->events = UINT64_MAX; 5671 item->revents = UINT64_MAX; 5672 ++item; 5673 5674 item->desc = SSL_as_poll_descriptor(c_c); 5675 item->events = UINT64_MAX; 5676 item->revents = UINT64_MAX; 5677 ++item; 5678 5679 item->desc = SSL_as_poll_descriptor(c_d); 5680 item->events = UINT64_MAX; 5681 item->revents = UINT64_MAX; 5682 ++item; 5683 5684 item->desc = SSL_as_poll_descriptor(h->c_conn); 5685 item->events = UINT64_MAX; 5686 item->revents = UINT64_MAX; 5687 ++item; 5688 5689 result_count = SIZE_MAX; 5690 ret = SSL_poll(items, OSSL_NELEM(items), sizeof(SSL_POLL_ITEM), 5691 &timeout, 0, 5692 &result_count); 5693 5694 mode = hl->check_op->arg2; 5695 switch (mode) { 5696 case 0: 5697 /* No incoming data yet */ 5698 expected_revents[0] = SSL_POLL_EVENT_W; 5699 expected_revents[1] = SSL_POLL_EVENT_W; 5700 expected_revents[2] = SSL_POLL_EVENT_W; 5701 expected_revents[3] = SSL_POLL_EVENT_W; 5702 expected_revents[4] = SSL_POLL_EVENT_OS; 5703 expected_result_count = 5; 5704 break; 5705 case 1: 5706 /* Expect more events */ 5707 expected_revents[0] = SSL_POLL_EVENT_W | SSL_POLL_EVENT_R; 5708 expected_revents[1] = SSL_POLL_EVENT_W | SSL_POLL_EVENT_ER; 5709 expected_revents[2] = SSL_POLL_EVENT_EW; 5710 expected_revents[3] = SSL_POLL_EVENT_W; 5711 expected_revents[4] = SSL_POLL_EVENT_OS | SSL_POLL_EVENT_ISB; 5712 expected_result_count = 5; 5713 break; 5714 default: 5715 return 0; 5716 } 5717 5718 if (!TEST_int_eq(ret, expected_ret) 5719 || !TEST_size_t_eq(result_count, expected_result_count)) 5720 ok = 0; 5721 5722 for (i = 0; i < OSSL_NELEM(items); ++i) 5723 if (!TEST_uint64_t_eq(items[i].revents, expected_revents[i])) { 5724 TEST_error("mismatch at index %zu in poll results, mode %d", 5725 i, (int)mode); 5726 ok = 0; 5727 } 5728 5729 return ok; 5730 } 5731 5732 static const struct script_op script_85[] = { 5733 OP_C_SET_ALPN ("ossltest") 5734 OP_C_CONNECT_WAIT () 5735 5736 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 5737 5738 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0)) 5739 OP_C_WRITE (a, "flamingo", 8) 5740 5741 OP_C_NEW_STREAM_BIDI (b, C_BIDI_ID(1)) 5742 OP_C_WRITE (b, "orange", 6) 5743 5744 OP_C_NEW_STREAM_BIDI (c, C_BIDI_ID(2)) 5745 OP_C_WRITE (c, "Strawberry", 10) 5746 5747 OP_C_NEW_STREAM_BIDI (d, C_BIDI_ID(3)) 5748 OP_C_WRITE (d, "sync", 4) 5749 5750 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 5751 OP_S_BIND_STREAM_ID (b, C_BIDI_ID(1)) 5752 OP_S_BIND_STREAM_ID (c, C_BIDI_ID(2)) 5753 OP_S_BIND_STREAM_ID (d, C_BIDI_ID(3)) 5754 5755 /* Check nothing readable yet. */ 5756 OP_CHECK (script_85_poll, 0) 5757 5758 /* Send something that will make client sockets readable. */ 5759 OP_S_READ_EXPECT (a, "flamingo", 8) 5760 OP_S_WRITE (a, "herringbone", 11) 5761 5762 /* Send something that will make 'b' reset. */ 5763 OP_S_SET_INJECT_PLAIN (script_28_inject_plain) 5764 OP_SET_INJECT_WORD (C_BIDI_ID(1) + 1, OSSL_QUIC_FRAME_TYPE_RESET_STREAM) 5765 5766 /* Ensure sync. */ 5767 OP_S_READ_EXPECT (d, "sync", 4) 5768 OP_S_WRITE (d, "x", 1) 5769 OP_C_READ_EXPECT (d, "x", 1) 5770 5771 /* Send something that will make 'c' reset. */ 5772 OP_S_SET_INJECT_PLAIN (script_28_inject_plain) 5773 OP_SET_INJECT_WORD (C_BIDI_ID(2) + 1, OSSL_QUIC_FRAME_TYPE_STOP_SENDING) 5774 5775 OP_S_NEW_STREAM_BIDI (z, S_BIDI_ID(0)) 5776 OP_S_WRITE (z, "z", 1) 5777 5778 /* Ensure sync. */ 5779 OP_S_WRITE (d, "x", 1) 5780 OP_C_READ_EXPECT (d, "x", 1) 5781 5782 /* Check a is now readable. */ 5783 OP_CHECK (script_85_poll, 1) 5784 5785 OP_END 5786 }; 5787 5788 /* 86. Event Handling Mode Configuration */ 5789 static int set_event_handling_mode_conn(struct helper *h, struct helper_local *hl) 5790 { 5791 hl->explicit_event_handling = 1; 5792 return SSL_set_event_handling_mode(h->c_conn, hl->check_op->arg2); 5793 } 5794 5795 static int reenable_test_event_handling(struct helper *h, struct helper_local *hl) 5796 { 5797 hl->explicit_event_handling = 0; 5798 return 1; 5799 } 5800 5801 static ossl_unused int set_event_handling_mode_stream(struct helper *h, struct helper_local *hl) 5802 { 5803 SSL *ssl = helper_local_get_c_stream(hl, "a"); 5804 5805 if (!TEST_ptr(ssl)) 5806 return 0; 5807 5808 return SSL_set_event_handling_mode(ssl, hl->check_op->arg2); 5809 } 5810 5811 static const struct script_op script_86[] = { 5812 OP_SKIP_IF_BLOCKING (23) 5813 5814 OP_C_SET_ALPN ("ossltest") 5815 OP_C_CONNECT_WAIT () 5816 5817 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 5818 5819 /* Turn on explicit handling mode. */ 5820 OP_CHECK (set_event_handling_mode_conn, 5821 SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT) 5822 5823 /* 5824 * Create a new stream and write data. This won't get sent 5825 * to the network net because we are in explicit mode 5826 * and we haven't called SSL_handle_events(). 5827 */ 5828 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0)) 5829 OP_C_WRITE (a, "apple", 5) 5830 5831 /* Put connection back into implicit handling mode. */ 5832 OP_CHECK (set_event_handling_mode_conn, 5833 SSL_VALUE_EVENT_HANDLING_MODE_IMPLICIT) 5834 5835 /* Override at stream level. */ 5836 OP_CHECK (set_event_handling_mode_stream, 5837 SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT) 5838 OP_C_WRITE (a, "orange", 6) 5839 OP_C_CONCLUDE (a) 5840 5841 /* 5842 * Confirm the data isn't going to arrive. OP_SLEEP is always undesirable 5843 * but we have no reasonable way to synchronise on something not arriving 5844 * given all network traffic is essentially stopped and there are no other 5845 * signals arriving from the peer which could be used for synchronisation. 5846 * Slow OSes will pass this anyway (fail-open). 5847 */ 5848 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 5849 5850 OP_BEGIN_REPEAT (20) 5851 OP_S_READ_FAIL (a, 1) 5852 OP_SLEEP (10) 5853 OP_END_REPEAT () 5854 5855 /* Now let the data arrive and confirm it arrives. */ 5856 OP_CHECK (reenable_test_event_handling, 0) 5857 OP_S_READ_EXPECT (a, "appleorange", 11) 5858 OP_S_EXPECT_FIN (a) 5859 5860 /* Back into explicit mode. */ 5861 OP_CHECK (set_event_handling_mode_conn, 5862 SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT) 5863 OP_S_WRITE (a, "ok", 2) 5864 OP_C_READ_FAIL (a) 5865 5866 /* Works once event handling is done. */ 5867 OP_CHECK (reenable_test_event_handling, 0) 5868 OP_C_READ_EXPECT (a, "ok", 2) 5869 5870 OP_END 5871 }; 5872 5873 5874 /* 87. Test stream reset functionality */ 5875 static const struct script_op script_87[] = { 5876 OP_C_SET_ALPN ("ossltest") 5877 OP_C_CONNECT_WAIT () 5878 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0)) 5879 OP_C_WRITE (a, "apple", 5) 5880 OP_C_CONCLUDE (a) 5881 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) 5882 OP_S_READ_EXPECT (a, "apple", 5) 5883 OP_S_EXPECT_FIN (a) 5884 OP_S_WRITE (a, "orange", 6) 5885 OP_C_READ_EXPECT (a, "orange", 6) 5886 OP_S_CONCLUDE (a) 5887 OP_C_EXPECT_FIN (a) 5888 OP_SLEEP (1000) 5889 OP_C_STREAM_RESET_FAIL (a, 42) 5890 OP_END 5891 }; 5892 5893 static const struct script_op *const scripts[] = { 5894 script_1, 5895 script_2, 5896 script_3, 5897 script_4, 5898 script_5, 5899 script_6, 5900 script_7, 5901 script_8, 5902 script_9, 5903 script_10, 5904 script_11, 5905 script_12, 5906 script_13, 5907 script_14, 5908 script_15, 5909 script_16, 5910 script_17, 5911 script_18, 5912 script_19, 5913 script_20, 5914 script_21, 5915 script_22, 5916 script_23, 5917 script_24, 5918 script_25, 5919 script_26, 5920 script_27, 5921 script_28, 5922 script_29, 5923 script_30, 5924 script_31, 5925 script_32, 5926 script_33, 5927 script_34, 5928 script_35, 5929 script_36, 5930 script_37, 5931 script_38, 5932 script_39, 5933 script_40, 5934 script_41, 5935 script_42, 5936 script_43, 5937 script_44, 5938 script_45, 5939 script_46, 5940 script_47, 5941 script_48, 5942 script_49, 5943 script_50, 5944 script_51, 5945 script_52, 5946 script_53, 5947 script_54, 5948 script_55, 5949 script_56, 5950 script_57, 5951 script_58, 5952 script_59, 5953 script_60, 5954 script_61, 5955 script_62, 5956 script_63, 5957 script_64, 5958 script_65, 5959 script_66, 5960 script_67, 5961 script_68, 5962 script_69, 5963 script_70, 5964 script_71, 5965 script_72, 5966 script_73, 5967 script_74, 5968 script_75, 5969 script_76, 5970 script_77, 5971 script_78, 5972 script_79, 5973 script_80, 5974 script_81, 5975 script_82, 5976 script_83, 5977 script_84, 5978 script_85, 5979 script_86, 5980 script_87 5981 }; 5982 5983 static int test_script(int idx) 5984 { 5985 int script_idx, free_order, blocking; 5986 char script_name[64]; 5987 5988 free_order = idx % 2; 5989 idx /= 2; 5990 5991 blocking = idx % 2; 5992 idx /= 2; 5993 5994 script_idx = idx; 5995 5996 if (blocking && free_order) 5997 return 1; /* don't need to test free_order twice */ 5998 5999 #if !defined(OPENSSL_THREADS) 6000 if (blocking) { 6001 TEST_skip("cannot test in blocking mode without threads"); 6002 return 1; 6003 } 6004 #endif 6005 6006 BIO_snprintf(script_name, sizeof(script_name), "script %d", script_idx + 1); 6007 6008 TEST_info("Running script %d (order=%d, blocking=%d)", script_idx + 1, 6009 free_order, blocking); 6010 return run_script(scripts[script_idx], script_name, free_order, blocking); 6011 } 6012 6013 /* Dynamically generated tests. */ 6014 static struct script_op dyn_frame_types_script[] = { 6015 OP_S_SET_INJECT_PLAIN (script_21_inject_plain) 6016 OP_SET_INJECT_WORD (0, 0) /* dynamic */ 6017 6018 OP_C_SET_ALPN ("ossltest") 6019 OP_C_CONNECT_WAIT_OR_FAIL() 6020 6021 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0) 6022 6023 OP_END 6024 }; 6025 6026 struct forbidden_frame_type { 6027 uint64_t pkt_type, frame_type, expected_err; 6028 }; 6029 6030 static const struct forbidden_frame_type forbidden_frame_types[] = { 6031 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_VLINT_MAX, OSSL_QUIC_ERR_FRAME_ENCODING_ERROR }, 6032 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_VLINT_MAX, OSSL_QUIC_ERR_FRAME_ENCODING_ERROR }, 6033 { QUIC_PKT_TYPE_1RTT, OSSL_QUIC_VLINT_MAX, OSSL_QUIC_ERR_FRAME_ENCODING_ERROR }, 6034 6035 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_STREAM, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 6036 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_RESET_STREAM, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 6037 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_STOP_SENDING, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 6038 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_NEW_TOKEN, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 6039 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_MAX_DATA, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 6040 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 6041 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_BIDI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 6042 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_UNI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 6043 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_DATA_BLOCKED, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 6044 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 6045 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_BIDI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 6046 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_UNI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 6047 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 6048 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 6049 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_PATH_CHALLENGE, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 6050 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 6051 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_APP, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 6052 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_HANDSHAKE_DONE, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 6053 6054 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_STREAM, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 6055 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_RESET_STREAM, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 6056 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_STOP_SENDING, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 6057 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_NEW_TOKEN, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 6058 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_MAX_DATA, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 6059 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 6060 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_BIDI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 6061 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_UNI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 6062 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_DATA_BLOCKED, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 6063 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 6064 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_BIDI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 6065 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_UNI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 6066 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 6067 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 6068 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_PATH_CHALLENGE, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 6069 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 6070 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_APP, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 6071 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_HANDSHAKE_DONE, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 6072 6073 /* Client uses a zero-length CID so this is not allowed. */ 6074 { QUIC_PKT_TYPE_1RTT, OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 6075 }; 6076 6077 static ossl_unused int test_dyn_frame_types(int idx) 6078 { 6079 size_t i; 6080 char script_name[64]; 6081 struct script_op *s = dyn_frame_types_script; 6082 6083 for (i = 0; i < OSSL_NELEM(dyn_frame_types_script); ++i) 6084 if (s[i].op == OPK_SET_INJECT_WORD) { 6085 s[i].arg1 = (size_t)forbidden_frame_types[idx].pkt_type; 6086 s[i].arg2 = forbidden_frame_types[idx].frame_type; 6087 } else if (s[i].op == OPK_C_EXPECT_CONN_CLOSE_INFO) { 6088 s[i].arg2 = forbidden_frame_types[idx].expected_err; 6089 } 6090 6091 BIO_snprintf(script_name, sizeof(script_name), 6092 "dyn script %d", idx); 6093 6094 return run_script(dyn_frame_types_script, script_name, 0, 0); 6095 } 6096 6097 OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n") 6098 6099 int setup_tests(void) 6100 { 6101 #if defined (_PUT_MODEL_) 6102 return TEST_skip("QUIC is not supported by this build"); 6103 #endif 6104 6105 if (!test_skip_common_options()) { 6106 TEST_error("Error parsing test options\n"); 6107 return 0; 6108 } 6109 6110 if (!TEST_ptr(certfile = test_get_argument(0)) 6111 || !TEST_ptr(keyfile = test_get_argument(1))) 6112 return 0; 6113 6114 ADD_ALL_TESTS(test_dyn_frame_types, OSSL_NELEM(forbidden_frame_types)); 6115 ADD_ALL_TESTS(test_script, OSSL_NELEM(scripts) * 2 * 2); 6116 return 1; 6117 } 6118