1 /* 2 * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 #include "internal/sockets.h" 10 #include <openssl/rand.h> 11 12 static const unsigned char alpn_ossltest[] = { 13 /* "\x08ossltest" (hex for EBCDIC resilience) */ 14 0x08, 0x6f, 0x73, 0x73, 0x6c, 0x74, 0x65, 0x73, 0x74 15 }; 16 17 DEF_FUNC(hf_unbind) 18 { 19 int ok = 0; 20 const char *name; 21 22 F_POP(name); 23 RADIX_PROCESS_set_obj(RP(), name, NULL); 24 25 ok = 1; 26 err: 27 return ok; 28 } 29 30 static int ssl_ctx_select_alpn(SSL *ssl, 31 const unsigned char **out, unsigned char *out_len, 32 const unsigned char *in, unsigned int in_len, 33 void *arg) 34 { 35 if (SSL_select_next_proto((unsigned char **)out, out_len, 36 alpn_ossltest, sizeof(alpn_ossltest), in, in_len) 37 != OPENSSL_NPN_NEGOTIATED) 38 return SSL_TLSEXT_ERR_ALERT_FATAL; 39 40 return SSL_TLSEXT_ERR_OK; 41 } 42 43 static void keylog_cb(const SSL *ssl, const char *line) 44 { 45 ossl_crypto_mutex_lock(RP()->gm); 46 BIO_printf(RP()->keylog_out, "%s", line); 47 (void)BIO_flush(RP()->keylog_out); 48 ossl_crypto_mutex_unlock(RP()->gm); 49 } 50 51 static int ssl_ctx_configure(SSL_CTX *ctx, int is_server) 52 { 53 if (!TEST_true(ossl_quic_set_diag_title(ctx, "quic_radix_test"))) 54 return 0; 55 56 if (!is_server) 57 return 1; 58 59 if (RP()->keylog_out != NULL) 60 SSL_CTX_set_keylog_callback(ctx, keylog_cb); 61 62 if (!TEST_int_eq(SSL_CTX_use_certificate_file(ctx, cert_file, 63 SSL_FILETYPE_PEM), 1) 64 || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(ctx, key_file, 65 SSL_FILETYPE_PEM), 1)) 66 return 0; 67 68 SSL_CTX_set_alpn_select_cb(ctx, ssl_ctx_select_alpn, NULL); 69 return 1; 70 } 71 72 static int ssl_create_bound_socket(uint16_t listen_port, 73 int *p_fd, uint16_t *p_result_port) 74 { 75 int ok = 0; 76 int fd = -1; 77 BIO_ADDR *addr = NULL; 78 union BIO_sock_info_u info; 79 struct in_addr ina; 80 81 ina.s_addr = htonl(INADDR_LOOPBACK); 82 83 fd = BIO_socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP, 0); 84 if (!TEST_int_ge(fd, 0)) 85 goto err; 86 87 if (!TEST_true(BIO_socket_nbio(fd, 1))) 88 goto err; 89 90 if (!TEST_ptr(addr = BIO_ADDR_new())) 91 goto err; 92 93 if (!TEST_true(BIO_ADDR_rawmake(addr, AF_INET, 94 &ina, sizeof(ina), 0))) 95 goto err; 96 97 if (!TEST_true(BIO_bind(fd, addr, 0))) 98 goto err; 99 100 info.addr = addr; 101 if (!TEST_true(BIO_sock_info(fd, BIO_SOCK_INFO_ADDRESS, &info))) 102 goto err; 103 104 if (!TEST_int_gt(BIO_ADDR_rawport(addr), 0)) 105 goto err; 106 107 ok = 1; 108 err: 109 if (!ok && fd >= 0) 110 BIO_closesocket(fd); 111 else if (ok) { 112 *p_fd = fd; 113 if (p_result_port != NULL) 114 *p_result_port = BIO_ADDR_rawport(addr); 115 } 116 BIO_ADDR_free(addr); 117 return ok; 118 } 119 120 static int ssl_attach_bio_dgram(SSL *ssl, 121 uint16_t local_port, uint16_t *actual_port) 122 { 123 int s_fd = -1; 124 BIO *bio; 125 126 if (!TEST_true(ssl_create_bound_socket(local_port, &s_fd, actual_port))) 127 return 0; 128 129 if (!TEST_ptr(bio = BIO_new_dgram(s_fd, BIO_CLOSE))) { 130 BIO_closesocket(s_fd); 131 return 0; 132 } 133 134 SSL_set0_rbio(ssl, bio); 135 if (!TEST_true(BIO_up_ref(bio))) 136 return 0; 137 138 SSL_set0_wbio(ssl, bio); 139 140 return 1; 141 } 142 143 /* 144 * Test to make sure that SSL_accept_connection returns the same ssl object 145 * that is used in the various TLS callbacks 146 * 147 * Unlike TCP, QUIC processes new connections independently from their 148 * acceptance, and so we need to pre-allocate tls objects to return during 149 * connection acceptance via the user_ssl. This is just a quic test to validate 150 * that: 151 * 1) The new callback to inform the user of a new pending ssl acceptance works 152 * properly 153 * 2) That the object returned from SSL_accept_connection matches the one passed 154 * to various callbacks 155 * 156 * It would be better as its own test, but currently the tserver used in the 157 * other quic_tests doesn't actually accept connections (it pre-creates them 158 * and fixes them up in place), so testing there is not feasible at the moment 159 * 160 * For details on this issue see: 161 * https://github.com/openssl/project/issues/918 162 */ 163 static SSL *pending_ssl_obj = NULL; 164 static SSL *client_hello_ssl_obj = NULL; 165 static int check_pending_match = 0; 166 static int pending_cb_called = 0; 167 static int hello_cb_called = 0; 168 static int new_pending_cb(SSL_CTX *ctx, SSL *new_ssl, void *arg) 169 { 170 pending_ssl_obj = new_ssl; 171 pending_cb_called = 1; 172 return 1; 173 } 174 175 static int client_hello_cb(SSL *s, int *al, void *arg) 176 { 177 client_hello_ssl_obj = s; 178 hello_cb_called = 1; 179 return 1; 180 } 181 182 DEF_FUNC(hf_new_ssl) 183 { 184 int ok = 0; 185 const char *name; 186 SSL_CTX *ctx = NULL; 187 const SSL_METHOD *method; 188 SSL *ssl; 189 uint64_t flags; 190 int is_server, is_domain; 191 192 F_POP2(name, flags); 193 194 is_domain = ((flags & 2) != 0); 195 is_server = ((flags & 1) != 0); 196 197 method = is_server ? OSSL_QUIC_server_method() : OSSL_QUIC_client_method(); 198 if (!TEST_ptr(ctx = SSL_CTX_new(method))) 199 goto err; 200 201 #if defined(OPENSSL_THREADS) 202 if (!TEST_true(SSL_CTX_set_domain_flags(ctx, 203 SSL_DOMAIN_FLAG_MULTI_THREAD 204 | SSL_DOMAIN_FLAG_BLOCKING))) 205 goto err; 206 #endif 207 208 if (!TEST_true(ssl_ctx_configure(ctx, is_server))) 209 goto err; 210 211 if (is_domain) { 212 if (!TEST_ptr(ssl = SSL_new_domain(ctx, 0))) 213 goto err; 214 215 } else if (is_server) { 216 SSL_CTX_set_new_pending_conn_cb(ctx, new_pending_cb, NULL); 217 SSL_CTX_set_client_hello_cb(ctx, client_hello_cb, NULL); 218 check_pending_match = 1; 219 if (!TEST_ptr(ssl = SSL_new_listener(ctx, 0))) 220 goto err; 221 } else { 222 if (!TEST_ptr(ssl = SSL_new(ctx))) 223 goto err; 224 } 225 226 if (!is_domain && !TEST_true(ssl_attach_bio_dgram(ssl, 0, NULL))) 227 goto err; 228 229 if (!TEST_true(RADIX_PROCESS_set_ssl(RP(), name, ssl))) { 230 SSL_free(ssl); 231 goto err; 232 } 233 234 ok = 1; 235 err: 236 /* SSL object will hold ref, we don't need it */ 237 SSL_CTX_free(ctx); 238 return ok; 239 } 240 241 DEF_FUNC(hf_new_ssl_listener_from) 242 { 243 int ok = 0; 244 SSL *domain, *listener; 245 const char *listener_name; 246 uint64_t flags; 247 248 REQUIRE_SSL(domain); 249 F_POP2(listener_name, flags); 250 251 if (!TEST_ptr_null(RADIX_PROCESS_get_obj(RP(), listener_name))) 252 goto err; 253 254 if (!TEST_ptr(listener = SSL_new_listener_from(domain, flags))) 255 goto err; 256 257 if (!TEST_true(ssl_attach_bio_dgram(listener, 0, NULL))) 258 goto err; 259 260 if (!TEST_true(RADIX_PROCESS_set_ssl(RP(), listener_name, listener))) { 261 SSL_free(listener); 262 goto err; 263 } 264 265 radix_activate_slot(0); 266 267 ok = 1; 268 err: 269 return ok; 270 } 271 272 DEF_FUNC(hf_listen) 273 { 274 int ok = 0, r; 275 SSL *ssl; 276 277 REQUIRE_SSL(ssl); 278 279 r = SSL_listen(ssl); 280 if (!TEST_true(r)) 281 goto err; 282 283 if (SSL_get0_domain(ssl) == NULL) 284 radix_activate_slot(0); 285 286 ok = 1; 287 err: 288 return ok; 289 } 290 291 DEF_FUNC(hf_new_stream) 292 { 293 int ok = 0; 294 const char *stream_name; 295 SSL *conn, *stream; 296 uint64_t flags, do_accept; 297 298 F_POP2(flags, do_accept); 299 F_POP(stream_name); 300 REQUIRE_SSL(conn); 301 302 if (!TEST_ptr_null(RADIX_PROCESS_get_obj(RP(), stream_name))) 303 goto err; 304 305 if (do_accept) { 306 stream = SSL_accept_stream(conn, flags); 307 308 if (stream == NULL) 309 F_SPIN_AGAIN(); 310 } else { 311 stream = SSL_new_stream(conn, flags); 312 } 313 314 if (!TEST_ptr(stream)) 315 goto err; 316 317 /* TODO(QUIC RADIX): Implement wait behaviour */ 318 319 if (stream != NULL 320 && !TEST_true(RADIX_PROCESS_set_ssl(RP(), stream_name, stream))) { 321 SSL_free(stream); 322 goto err; 323 } 324 325 ok = 1; 326 err: 327 return ok; 328 } 329 330 DEF_FUNC(hf_accept_conn) 331 { 332 int ok = 0; 333 const char *conn_name; 334 uint64_t flags; 335 SSL *listener, *conn; 336 337 F_POP2(conn_name, flags); 338 REQUIRE_SSL(listener); 339 340 if (!TEST_ptr_null(RADIX_PROCESS_get_obj(RP(), conn_name))) 341 goto err; 342 343 conn = SSL_accept_connection(listener, flags); 344 if (conn == NULL) 345 F_SPIN_AGAIN(); 346 347 if (!TEST_true(RADIX_PROCESS_set_ssl(RP(), conn_name, conn))) { 348 SSL_free(conn); 349 goto err; 350 } 351 352 if (check_pending_match) { 353 if (!pending_cb_called || !hello_cb_called) { 354 TEST_info("Callbacks not called, skipping user_ssl check\n"); 355 } else { 356 if (!TEST_ptr_eq(pending_ssl_obj, client_hello_ssl_obj)) { 357 SSL_free(conn); 358 goto err; 359 } 360 if (!TEST_ptr_eq(pending_ssl_obj, conn)) { 361 SSL_free(conn); 362 goto err; 363 } 364 } 365 pending_ssl_obj = client_hello_ssl_obj = NULL; 366 check_pending_match = 0; 367 pending_cb_called = hello_cb_called = 0; 368 } 369 ok = 1; 370 err: 371 return ok; 372 } 373 374 DEF_FUNC(hf_accept_conn_none) 375 { 376 int ok = 0; 377 SSL *listener, *conn; 378 379 REQUIRE_SSL(listener); 380 381 conn = SSL_accept_connection(listener, SSL_ACCEPT_CONNECTION_NO_BLOCK); 382 if (!TEST_ptr_null(conn)) { 383 SSL_free(conn); 384 goto err; 385 } 386 387 ok = 1; 388 err: 389 return ok; 390 } 391 392 DEF_FUNC(hf_accept_stream_none) 393 { 394 int ok = 0; 395 const char *conn_name; 396 uint64_t flags; 397 SSL *conn, *stream; 398 399 F_POP2(conn_name, flags); 400 401 if (!TEST_ptr(conn = RADIX_PROCESS_get_ssl(RP(), conn_name))) 402 goto err; 403 404 stream = SSL_accept_stream(conn, flags); 405 if (!TEST_ptr_null(stream)) { 406 SSL_free(stream); 407 goto err; 408 } 409 410 ok = 1; 411 err: 412 return ok; 413 } 414 415 DEF_FUNC(hf_pop_err) 416 { 417 ERR_pop(); 418 419 return 1; 420 } 421 422 DEF_FUNC(hf_stream_reset) 423 { 424 int ok = 0; 425 const char *name; 426 SSL_STREAM_RESET_ARGS args = {0}; 427 SSL *ssl; 428 429 F_POP2(name, args.quic_error_code); 430 REQUIRE_SSL(ssl); 431 432 if (!TEST_true(SSL_stream_reset(ssl, &args, sizeof(args)))) 433 goto err; 434 435 ok = 1; 436 err: 437 return ok; 438 } 439 440 DEF_FUNC(hf_set_default_stream_mode) 441 { 442 int ok = 0; 443 uint64_t mode; 444 SSL *ssl; 445 446 F_POP(mode); 447 REQUIRE_SSL(ssl); 448 449 if (!TEST_true(SSL_set_default_stream_mode(ssl, (uint32_t)mode))) 450 goto err; 451 452 ok = 1; 453 err: 454 return ok; 455 } 456 457 DEF_FUNC(hf_set_incoming_stream_policy) 458 { 459 int ok = 0; 460 uint64_t policy, error_code; 461 SSL *ssl; 462 463 F_POP(error_code); 464 F_POP(policy); 465 REQUIRE_SSL(ssl); 466 467 if (!TEST_true(SSL_set_incoming_stream_policy(ssl, (int)policy, error_code))) 468 goto err; 469 470 ok = 1; 471 err: 472 return ok; 473 } 474 475 DEF_FUNC(hf_shutdown_wait) 476 { 477 int ok = 0, ret; 478 uint64_t flags; 479 SSL *ssl; 480 SSL_SHUTDOWN_EX_ARGS args = {0}; 481 QUIC_CHANNEL *ch; 482 483 F_POP(args.quic_reason); 484 F_POP(args.quic_error_code); 485 F_POP(flags); 486 REQUIRE_SSL(ssl); 487 488 ch = ossl_quic_conn_get_channel(ssl); 489 ossl_quic_engine_set_inhibit_tick(ossl_quic_channel_get0_engine(ch), 0); 490 491 ret = SSL_shutdown_ex(ssl, flags, &args, sizeof(args)); 492 if (!TEST_int_ge(ret, 0)) 493 goto err; 494 495 if (ret == 0) 496 F_SPIN_AGAIN(); 497 498 ok = 1; 499 err: 500 return ok; 501 } 502 503 DEF_FUNC(hf_conclude) 504 { 505 int ok = 0; 506 SSL *ssl; 507 508 REQUIRE_SSL(ssl); 509 510 if (!TEST_true(SSL_stream_conclude(ssl, 0))) 511 goto err; 512 513 ok = 1; 514 err: 515 return ok; 516 } 517 518 static int is_want(SSL *s, int ret) 519 { 520 int ec = SSL_get_error(s, ret); 521 522 return ec == SSL_ERROR_WANT_READ || ec == SSL_ERROR_WANT_WRITE; 523 } 524 525 static int check_consistent_want(SSL *s, int ret) 526 { 527 int ec = SSL_get_error(s, ret); 528 int w = SSL_want(s); 529 530 int ok = TEST_true( 531 (ec == SSL_ERROR_NONE && w == SSL_NOTHING) 532 || (ec == SSL_ERROR_ZERO_RETURN && w == SSL_NOTHING) 533 || (ec == SSL_ERROR_SSL && w == SSL_NOTHING) 534 || (ec == SSL_ERROR_SYSCALL && w == SSL_NOTHING) 535 || (ec == SSL_ERROR_WANT_READ && w == SSL_READING) 536 || (ec == SSL_ERROR_WANT_WRITE && w == SSL_WRITING) 537 || (ec == SSL_ERROR_WANT_CLIENT_HELLO_CB && w == SSL_CLIENT_HELLO_CB) 538 || (ec == SSL_ERROR_WANT_X509_LOOKUP && w == SSL_X509_LOOKUP) 539 || (ec == SSL_ERROR_WANT_RETRY_VERIFY && w == SSL_RETRY_VERIFY) 540 ); 541 542 if (!ok) 543 TEST_error("got error=%d, want=%d", ec, w); 544 545 return ok; 546 } 547 548 DEF_FUNC(hf_write) 549 { 550 int ok = 0, r; 551 SSL *ssl; 552 const void *buf; 553 size_t buf_len, bytes_written = 0; 554 555 F_POP2(buf, buf_len); 556 REQUIRE_SSL(ssl); 557 558 r = SSL_write_ex(ssl, buf, buf_len, &bytes_written); 559 if (!TEST_true(r) 560 || !check_consistent_want(ssl, r) 561 || !TEST_size_t_eq(bytes_written, buf_len)) 562 goto err; 563 564 ok = 1; 565 err: 566 return ok; 567 } 568 569 DEF_FUNC(hf_write_rand) 570 { 571 int ok = 0, r; 572 SSL *ssl; 573 void *buf = NULL; 574 size_t buf_len, bytes_written = 0; 575 576 F_POP(buf_len); 577 REQUIRE_SSL(ssl); 578 579 while (buf_len > 0) { 580 size_t thislen = buf_len > 1024 ? 1024 : buf_len; 581 582 if (buf == NULL) 583 buf = OPENSSL_malloc(thislen); 584 if (!TEST_ptr(buf)) 585 goto err; 586 if (!TEST_int_eq(RAND_bytes(buf, thislen), 1)) 587 goto err; 588 r = SSL_write_ex(ssl, buf, thislen, &bytes_written); 589 if (!TEST_true(r) 590 || !check_consistent_want(ssl, r) 591 || !TEST_size_t_eq(bytes_written, thislen)) 592 goto err; 593 594 buf_len -= thislen; 595 } 596 597 ok = 1; 598 err: 599 OPENSSL_free(buf); 600 return ok; 601 } 602 603 DEF_FUNC(hf_write_ex2) 604 { 605 int ok = 0, r; 606 SSL *ssl; 607 const void *buf; 608 size_t buf_len, bytes_written = 0; 609 uint64_t flags; 610 611 F_POP(flags); 612 F_POP2(buf, buf_len); 613 REQUIRE_SSL(ssl); 614 615 r = SSL_write_ex2(ssl, buf, buf_len, flags, &bytes_written); 616 if (!TEST_true(r) 617 || !check_consistent_want(ssl, r) 618 || !TEST_size_t_eq(bytes_written, buf_len)) 619 goto err; 620 621 ok = 1; 622 err: 623 return ok; 624 } 625 626 DEF_FUNC(hf_write_fail) 627 { 628 int ok = 0, ret; 629 SSL *ssl; 630 size_t bytes_written = 0; 631 632 REQUIRE_SSL(ssl); 633 634 ret = SSL_write_ex(ssl, "apple", 5, &bytes_written); 635 if (!TEST_false(ret) 636 || !TEST_true(check_consistent_want(ssl, ret)) 637 || !TEST_size_t_eq(bytes_written, 0)) 638 goto err; 639 640 ok = 1; 641 err: 642 return ok; 643 } 644 645 DEF_FUNC(hf_read_expect) 646 { 647 int ok = 0, r; 648 SSL *ssl; 649 const void *buf; 650 size_t buf_len, bytes_read = 0; 651 652 F_POP2(buf, buf_len); 653 REQUIRE_SSL(ssl); 654 655 if (buf_len > 0 && RT()->tmp_buf == NULL 656 && !TEST_ptr(RT()->tmp_buf = OPENSSL_malloc(buf_len))) 657 goto err; 658 659 r = SSL_read_ex(ssl, RT()->tmp_buf + RT()->tmp_buf_offset, 660 buf_len - RT()->tmp_buf_offset, 661 &bytes_read); 662 if (!TEST_true(check_consistent_want(ssl, r))) 663 goto err; 664 665 if (!r) 666 F_SPIN_AGAIN(); 667 668 if (bytes_read + RT()->tmp_buf_offset != buf_len) { 669 RT()->tmp_buf_offset += bytes_read; 670 F_SPIN_AGAIN(); 671 } 672 673 if (buf_len > 0 674 && !TEST_mem_eq(RT()->tmp_buf, buf_len, buf, buf_len)) 675 goto err; 676 677 OPENSSL_free(RT()->tmp_buf); 678 RT()->tmp_buf = NULL; 679 RT()->tmp_buf_offset = 0; 680 681 ok = 1; 682 err: 683 return ok; 684 } 685 686 DEF_FUNC(hf_read_fail) 687 { 688 int ok = 0, r; 689 SSL *ssl; 690 char buf[1] = {0}; 691 size_t bytes_read = 0; 692 uint64_t do_wait; 693 694 F_POP(do_wait); 695 REQUIRE_SSL(ssl); 696 697 r = SSL_read_ex(ssl, buf, sizeof(buf), &bytes_read); 698 if (!TEST_false(r) 699 || !TEST_true(check_consistent_want(ssl, r)) 700 || !TEST_size_t_eq(bytes_read, 0)) 701 goto err; 702 703 if (do_wait && is_want(ssl, 0)) 704 F_SPIN_AGAIN(); 705 706 ok = 1; 707 err: 708 return ok; 709 } 710 711 DEF_FUNC(hf_connect_wait) 712 { 713 int ok = 0, ret; 714 SSL *ssl; 715 716 REQUIRE_SSL(ssl); 717 718 /* if not started */ 719 if (RT()->scratch0 == 0) { 720 if (!TEST_true(SSL_set_blocking_mode(ssl, 0))) 721 return 0; 722 723 /* 0 is the success case for SSL_set_alpn_protos(). */ 724 if (!TEST_false(SSL_set_alpn_protos(ssl, alpn_ossltest, 725 sizeof(alpn_ossltest)))) 726 goto err; 727 } 728 729 RT()->scratch0 = 1; /* connect started */ 730 ret = SSL_connect(ssl); 731 radix_activate_slot(0); 732 if (!TEST_true(check_consistent_want(ssl, ret))) 733 goto err; 734 735 if (ret != 1) { 736 if (is_want(ssl, ret)) 737 F_SPIN_AGAIN(); 738 739 if (!TEST_int_eq(ret, 1)) 740 goto err; 741 } 742 743 ok = 1; 744 err: 745 RT()->scratch0 = 0; 746 return ok; 747 } 748 749 DEF_FUNC(hf_detach) 750 { 751 int ok = 0; 752 const char *conn_name, *stream_name; 753 SSL *conn, *stream; 754 755 F_POP2(conn_name, stream_name); 756 if (!TEST_ptr(conn = RADIX_PROCESS_get_ssl(RP(), conn_name))) 757 goto err; 758 759 if (!TEST_ptr(stream = ossl_quic_detach_stream(conn))) 760 goto err; 761 762 if (!TEST_true(RADIX_PROCESS_set_ssl(RP(), stream_name, stream))) { 763 SSL_free(stream); 764 goto err; 765 } 766 767 ok = 1; 768 err: 769 return ok; 770 } 771 772 DEF_FUNC(hf_attach) 773 { 774 int ok = 0; 775 const char *conn_name, *stream_name; 776 SSL *conn, *stream; 777 778 F_POP2(conn_name, stream_name); 779 780 if (!TEST_ptr(conn = RADIX_PROCESS_get_ssl(RP(), conn_name))) 781 goto err; 782 783 if (!TEST_ptr(stream = RADIX_PROCESS_get_ssl(RP(), stream_name))) 784 goto err; 785 786 if (!TEST_true(ossl_quic_attach_stream(conn, stream))) 787 goto err; 788 789 if (!TEST_true(RADIX_PROCESS_set_ssl(RP(), stream_name, NULL))) 790 goto err; 791 792 ok = 1; 793 err: 794 return ok; 795 } 796 797 DEF_FUNC(hf_expect_fin) 798 { 799 int ok = 0, ret; 800 SSL *ssl; 801 char buf[1]; 802 size_t bytes_read = 0; 803 804 REQUIRE_SSL(ssl); 805 806 ret = SSL_read_ex(ssl, buf, sizeof(buf), &bytes_read); 807 if (!TEST_true(check_consistent_want(ssl, ret)) 808 || !TEST_false(ret) 809 || !TEST_size_t_eq(bytes_read, 0)) 810 goto err; 811 812 if (is_want(ssl, 0)) 813 F_SPIN_AGAIN(); 814 815 if (!TEST_int_eq(SSL_get_error(ssl, 0), 816 SSL_ERROR_ZERO_RETURN)) 817 goto err; 818 819 if (!TEST_int_eq(SSL_want(ssl), SSL_NOTHING)) 820 goto err; 821 822 ok = 1; 823 err: 824 return ok; 825 } 826 827 DEF_FUNC(hf_expect_conn_close_info) 828 { 829 int ok = 0; 830 SSL *ssl; 831 SSL_CONN_CLOSE_INFO cc_info = {0}; 832 uint64_t error_code, expect_app, expect_remote; 833 834 F_POP(error_code); 835 F_POP2(expect_app, expect_remote); 836 REQUIRE_SSL(ssl); 837 838 /* TODO BLOCKING */ 839 840 if (!SSL_get_conn_close_info(ssl, &cc_info, sizeof(cc_info))) 841 F_SPIN_AGAIN(); 842 843 if (!TEST_int_eq((int)expect_app, 844 (cc_info.flags & SSL_CONN_CLOSE_FLAG_TRANSPORT) == 0) 845 || !TEST_int_eq((int)expect_remote, 846 (cc_info.flags & SSL_CONN_CLOSE_FLAG_LOCAL) == 0) 847 || !TEST_uint64_t_eq(error_code, cc_info.error_code)) { 848 TEST_info("connection close reason: %s", cc_info.reason); 849 goto err; 850 } 851 852 ok = 1; 853 err: 854 return ok; 855 } 856 857 DEF_FUNC(hf_wait_for_data) 858 { 859 int ok = 0; 860 SSL *ssl; 861 char buf[1]; 862 size_t bytes_read = 0; 863 864 REQUIRE_SSL(ssl); 865 866 if (!SSL_peek_ex(ssl, buf, sizeof(buf), &bytes_read) 867 || bytes_read == 0) 868 F_SPIN_AGAIN(); 869 870 ok = 1; 871 err: 872 return ok; 873 } 874 875 DEF_FUNC(hf_expect_err) 876 { 877 int ok = 0; 878 uint64_t lib, reason; 879 880 F_POP2(lib, reason); 881 if (!TEST_size_t_eq((size_t)ERR_GET_LIB(ERR_peek_last_error()), 882 (size_t)lib) 883 || !TEST_size_t_eq((size_t)ERR_GET_REASON(ERR_peek_last_error()), 884 (size_t)reason)) 885 goto err; 886 887 ok = 1; 888 err: 889 return ok; 890 } 891 892 DEF_FUNC(hf_expect_ssl_err) 893 { 894 int ok = 0; 895 uint64_t expected; 896 SSL *ssl; 897 898 F_POP(expected); 899 REQUIRE_SSL(ssl); 900 901 if (!TEST_size_t_eq((size_t)SSL_get_error(ssl, 0), (size_t)expected) 902 || !TEST_int_eq(SSL_want(ssl), SSL_NOTHING)) 903 goto err; 904 905 ok = 1; 906 err: 907 return ok; 908 } 909 910 DEF_FUNC(hf_expect_stream_id) 911 { 912 int ok = 0; 913 SSL *ssl; 914 uint64_t expected, actual; 915 916 F_POP(expected); 917 REQUIRE_SSL(ssl); 918 919 actual = SSL_get_stream_id(ssl); 920 if (!TEST_uint64_t_eq(actual, expected)) 921 goto err; 922 923 ok = 1; 924 err: 925 return ok; 926 } 927 928 DEF_FUNC(hf_select_ssl) 929 { 930 int ok = 0; 931 uint64_t slot; 932 const char *name; 933 RADIX_OBJ *obj; 934 935 F_POP2(slot, name); 936 if (!TEST_ptr(obj = RADIX_PROCESS_get_obj(RP(), name))) 937 goto err; 938 939 if (!TEST_uint64_t_lt(slot, NUM_SLOTS)) 940 goto err; 941 942 RT()->slot[slot] = obj; 943 RT()->ssl[slot] = obj->ssl; 944 ok = 1; 945 err: 946 return ok; 947 } 948 949 DEF_FUNC(hf_clear_slot) 950 { 951 int ok = 0; 952 uint64_t slot; 953 954 F_POP(slot); 955 if (!TEST_uint64_t_lt(slot, NUM_SLOTS)) 956 goto err; 957 958 RT()->slot[slot] = NULL; 959 RT()->ssl[slot] = NULL; 960 ok = 1; 961 err: 962 return ok; 963 } 964 965 DEF_FUNC(hf_skip_time) 966 { 967 int ok = 0; 968 uint64_t ms; 969 970 F_POP(ms); 971 972 radix_skip_time(ossl_ms2time(ms)); 973 ok = 1; 974 err: 975 return ok; 976 } 977 978 DEF_FUNC(hf_set_peer_addr_from) 979 { 980 int ok = 0; 981 SSL *dst_ssl, *src_ssl; 982 BIO *dst_bio, *src_bio; 983 int src_fd = -1; 984 union BIO_sock_info_u src_info; 985 BIO_ADDR *src_addr = NULL; 986 987 REQUIRE_SSL_N(0, dst_ssl); 988 REQUIRE_SSL_N(1, src_ssl); 989 dst_bio = SSL_get_rbio(dst_ssl); 990 src_bio = SSL_get_rbio(src_ssl); 991 if (!TEST_ptr(dst_bio) || !TEST_ptr(src_bio)) 992 goto err; 993 994 if (!TEST_ptr(src_addr = BIO_ADDR_new())) 995 goto err; 996 997 if (!TEST_true(BIO_get_fd(src_bio, &src_fd)) 998 || !TEST_int_ge(src_fd, 0)) 999 goto err; 1000 1001 src_info.addr = src_addr; 1002 if (!TEST_true(BIO_sock_info(src_fd, BIO_SOCK_INFO_ADDRESS, &src_info)) 1003 || !TEST_int_ge(ntohs(BIO_ADDR_rawport(src_addr)), 0)) 1004 goto err; 1005 1006 /* 1007 * Could use SSL_set_initial_peer_addr here, but set it on the 1008 * BIO_s_datagram instead and make sure we pick it up automatically. 1009 */ 1010 if (!TEST_true(BIO_dgram_set_peer(dst_bio, src_addr))) 1011 goto err; 1012 1013 ok = 1; 1014 err: 1015 BIO_ADDR_free(src_addr); 1016 return ok; 1017 } 1018 1019 DEF_FUNC(hf_sleep) 1020 { 1021 int ok = 0; 1022 uint64_t ms; 1023 1024 F_POP(ms); 1025 1026 OSSL_sleep(ms); 1027 1028 ok = 1; 1029 err: 1030 return ok; 1031 } 1032 1033 #define OP_UNBIND(name) \ 1034 (OP_PUSH_PZ(#name), \ 1035 OP_FUNC(hf_unbind)) 1036 1037 #define OP_SELECT_SSL(slot, name) \ 1038 (OP_PUSH_U64(slot), \ 1039 OP_PUSH_PZ(#name), \ 1040 OP_FUNC(hf_select_ssl)) 1041 1042 #define OP_CLEAR_SLOT(slot) \ 1043 (OP_PUSH_U64(slot), \ 1044 OP_FUNC(hf_clear_slot)) 1045 1046 #define OP_CONNECT_WAIT(name) \ 1047 (OP_SELECT_SSL(0, name), \ 1048 OP_FUNC(hf_connect_wait)) 1049 1050 #define OP_LISTEN(name) \ 1051 (OP_SELECT_SSL(0, name), \ 1052 OP_FUNC(hf_listen)) 1053 1054 #define OP_NEW_SSL_C(name) \ 1055 (OP_PUSH_PZ(#name), \ 1056 OP_PUSH_U64(0), \ 1057 OP_FUNC(hf_new_ssl)) 1058 1059 #define OP_NEW_SSL_L(name) \ 1060 (OP_PUSH_PZ(#name), \ 1061 OP_PUSH_U64(1), \ 1062 OP_FUNC(hf_new_ssl)) 1063 1064 #define OP_NEW_SSL_D(name) \ 1065 (OP_PUSH_PZ(#name), \ 1066 OP_PUSH_U64(3), \ 1067 OP_FUNC(hf_new_ssl)) 1068 1069 #define OP_NEW_SSL_L_LISTEN(name) \ 1070 (OP_NEW_SSL_L(name), \ 1071 OP_LISTEN(name)) 1072 1073 #define OP_NEW_SSL_L_FROM(domain_name, listener_name, flags) \ 1074 (OP_SELECT_SSL(0, domain_name), \ 1075 OP_PUSH_PZ(#listener_name), \ 1076 OP_PUSH_U64(flags), \ 1077 OP_FUNC(hf_new_ssl_listener_from)) 1078 1079 #define OP_NEW_SSL_L_FROM_LISTEN(domain_name, listener_name, flags) \ 1080 (OP_NEW_SSL_L_FROM(domain_name, listener_name, flags), \ 1081 OP_LISTEN(listener_name)) 1082 1083 #define OP_SET_PEER_ADDR_FROM(dst_name, src_name) \ 1084 (OP_SELECT_SSL(0, dst_name), \ 1085 OP_SELECT_SSL(1, src_name), \ 1086 OP_FUNC(hf_set_peer_addr_from)) 1087 1088 #define OP_SIMPLE_PAIR_CONN() \ 1089 (OP_NEW_SSL_L_LISTEN(L), \ 1090 OP_NEW_SSL_C(C), \ 1091 OP_SET_PEER_ADDR_FROM(C, L), \ 1092 OP_CONNECT_WAIT(C)) 1093 1094 #define OP_SIMPLE_PAIR_CONN_D() \ 1095 (OP_NEW_SSL_D(Ds), \ 1096 OP_NEW_SSL_L_FROM_LISTEN(Ds, L, 0), \ 1097 OP_NEW_SSL_C(C), \ 1098 OP_SET_PEER_ADDR_FROM(C, L), \ 1099 OP_CONNECT_WAIT(C)) 1100 1101 #define OP_SIMPLE_PAIR_CONN_ND() \ 1102 (OP_SIMPLE_PAIR_CONN(), \ 1103 OP_SET_DEFAULT_STREAM_MODE(C, SSL_DEFAULT_STREAM_MODE_NONE)) 1104 1105 #define OP_NEW_STREAM(conn_name, stream_name, flags) \ 1106 (OP_SELECT_SSL(0, conn_name), \ 1107 OP_PUSH_PZ(#stream_name), \ 1108 OP_PUSH_U64(flags), \ 1109 OP_PUSH_U64(0), \ 1110 OP_FUNC(hf_new_stream)) 1111 1112 #define OP_ACCEPT_STREAM_WAIT(conn_name, stream_name, flags) \ 1113 (OP_SELECT_SSL(0, conn_name), \ 1114 OP_PUSH_PZ(#stream_name), \ 1115 OP_PUSH_U64(flags), \ 1116 OP_PUSH_U64(1), \ 1117 OP_FUNC(hf_new_stream)) 1118 1119 #define OP_ACCEPT_STREAM_NONE(conn_name) \ 1120 (OP_SELECT_SSL(0, conn_name), \ 1121 OP_FUNC(hf_accept_stream_none)) 1122 1123 #define OP_ACCEPT_CONN_WAIT(listener_name, conn_name, flags) \ 1124 (OP_SELECT_SSL(0, listener_name), \ 1125 OP_PUSH_PZ(#conn_name), \ 1126 OP_PUSH_U64(flags), \ 1127 OP_FUNC(hf_accept_conn)) 1128 1129 #define OP_ACCEPT_CONN_WAIT_ND(listener_name, conn_name, flags) \ 1130 (OP_ACCEPT_CONN_WAIT(listener_name, conn_name, flags), \ 1131 OP_SET_DEFAULT_STREAM_MODE(conn_name, SSL_DEFAULT_STREAM_MODE_NONE)) 1132 1133 #define OP_ACCEPT_CONN_NONE(listener_name) \ 1134 (OP_SELECT_SSL(0, listener_name), \ 1135 OP_FUNC(hf_accept_conn_none)) 1136 1137 #define OP_ACCEPT_CONN_WAIT1(listener_name, conn_name, flags) \ 1138 (OP_ACCEPT_CONN_WAIT(listener_name, conn_name, flags), \ 1139 OP_ACCEPT_CONN_NONE(listener_name)) 1140 1141 #define OP_ACCEPT_CONN_WAIT1_ND(listener_name, conn_name, flags) \ 1142 (OP_ACCEPT_CONN_WAIT_ND(listener_name, conn_name, flags), \ 1143 OP_ACCEPT_CONN_NONE(listener_name)) 1144 1145 #define OP_WRITE(name, buf, buf_len) \ 1146 (OP_SELECT_SSL(0, name), \ 1147 OP_PUSH_BUFP(buf, buf_len), \ 1148 OP_FUNC(hf_write)) 1149 1150 #define OP_WRITE_RAND(name, buf_len) \ 1151 (OP_SELECT_SSL(0, name), \ 1152 OP_PUSH_SIZE(buf_len), \ 1153 OP_FUNC(hf_write_rand)) 1154 1155 #define OP_WRITE_B(name, buf) \ 1156 OP_WRITE(name, (buf), sizeof(buf)) 1157 1158 #define OP_WRITE_EX2(name, buf, buf_len, flags) \ 1159 (OP_SELECT_SSL(0, name), \ 1160 OP_PUSH_BUFP(buf, buf_len), \ 1161 OP_PUSH_U64(flags), \ 1162 OP_FUNC(hf_write_ex2)) 1163 1164 #define OP_WRITE_FAIL(name) \ 1165 (OP_SELECT_SSL(0, name), \ 1166 OP_FUNC(hf_write_fail)) 1167 1168 #define OP_CONCLUDE(name) \ 1169 (OP_SELECT_SSL(0, name), \ 1170 OP_FUNC(hf_conclude)) 1171 1172 #define OP_READ_EXPECT(name, buf, buf_len) \ 1173 (OP_SELECT_SSL(0, name), \ 1174 OP_PUSH_BUFP(buf, buf_len), \ 1175 OP_FUNC(hf_read_expect)) 1176 1177 #define OP_READ_EXPECT_B(name, buf) \ 1178 OP_READ_EXPECT(name, (buf), sizeof(buf)) 1179 1180 #define OP_READ_FAIL() \ 1181 (OP_SELECT_SSL(0, name), \ 1182 OP_PUSH_U64(0), \ 1183 OP_FUNC(hf_read_fail)) 1184 1185 #define OP_READ_FAIL_WAIT(name) \ 1186 (OP_SELECT_SSL(0, name), \ 1187 OP_PUSH_U64(1), \ 1188 OP_FUNC(hf_read_fail) 1189 1190 #define OP_POP_ERR() \ 1191 OP_FUNC(hf_pop_err) 1192 1193 #define OP_SET_DEFAULT_STREAM_MODE(name, mode) \ 1194 (OP_SELECT_SSL(0, name), \ 1195 OP_PUSH_U64(mode), \ 1196 OP_FUNC(hf_set_default_stream_mode)) 1197 1198 #define OP_SET_INCOMING_STREAM_POLICY(name, policy, error_code) \ 1199 (OP_SELECT_SSL(0, name), \ 1200 OP_PUSH_U64(policy), \ 1201 OP_PUSH_U64(error_code), \ 1202 OP_FUNC(hf_set_incoming_stream_policy)) 1203 1204 #define OP_STREAM_RESET(name, error_code) \ 1205 (OP_SELECT_SSL(0, name), \ 1206 OP_PUSH_U64(flags), \ 1207 OP_PUSH_U64(error_code), \ 1208 OP_FUNC(hf_stream_reset)) \ 1209 1210 #define OP_SHUTDOWN_WAIT(name, flags, error_code, reason) \ 1211 (OP_SELECT_SSL(0, name), \ 1212 OP_PUSH_U64(flags), \ 1213 OP_PUSH_U64(error_code), \ 1214 OP_PUSH_PZ(reason), \ 1215 OP_FUNC(hf_shutdown_wait)) 1216 1217 #define OP_DETACH(conn_name, stream_name) \ 1218 (OP_SELECT_SSL(0, conn_name), \ 1219 OP_PUSH_PZ(#stream_name), \ 1220 OP_FUNC(hf_detach)) 1221 1222 #define OP_ATTACH(conn_name, stream_name) \ 1223 (OP_SELECT_SSL(0, conn_name), \ 1224 OP_PUSH_PZ(stream_name), \ 1225 OP_FUNC(hf_attach)) 1226 1227 #define OP_EXPECT_FIN(name) \ 1228 (OP_SELECT_SSL(0, name), \ 1229 OP_FUNC(hf_expect_fin)) 1230 1231 #define OP_EXPECT_CONN_CLOSE_INFO(name, error_code, expect_app, expect_remote) \ 1232 (OP_SELECT_SSL(0, name), \ 1233 OP_PUSH_U64(expect_app), \ 1234 OP_PUSH_U64(expect_remote), \ 1235 OP_PUSH_U64(error_code), \ 1236 OP_FUNC(hf_expect_conn_close_info)) 1237 1238 #define OP_WAIT_FOR_DATA(name) \ 1239 (OP_SELECT_SSL(0, name), \ 1240 OP_FUNC(hf_wait_for_data)) 1241 1242 #define OP_EXPECT_ERR(lib, reason) \ 1243 (OP_PUSH_U64(lib), \ 1244 OP_PUSH_U64(reason), \ 1245 OP_FUNC(hf_expect_err)) 1246 1247 #define OP_EXPECT_SSL_ERR(name, expected) \ 1248 (OP_SELECT_SSL(0, name), \ 1249 OP_PUSH_U64(expected), \ 1250 OP_FUNC(hf_expect_ssl_err)) 1251 1252 #define OP_EXPECT_STREAM_ID(expected) \ 1253 (OP_PUSH_U64(expected), \ 1254 OP_FUNC(hf_expect_stream_id)) 1255 1256 #define OP_SKIP_TIME(ms) \ 1257 (OP_PUSH_U64(ms), \ 1258 OP_FUNC(hf_skip_time)) 1259 1260 #define OP_SLEEP(ms) \ 1261 (OP_PUSH_U64(ms), \ 1262 OP_FUNC(hf_sleep)) 1263