1 /*
2 * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9 #include <openssl/ssl.h>
10 #include <openssl/quic.h>
11 #include <openssl/bio.h>
12 #include <openssl/lhash.h>
13 #include <openssl/rand.h>
14 #include "internal/quic_tserver.h"
15 #include "internal/quic_ssl.h"
16 #include "internal/quic_error.h"
17 #include "internal/quic_stream_map.h"
18 #include "internal/quic_engine.h"
19 #include "testutil.h"
20 #include "helpers/quictestlib.h"
21 #if defined(OPENSSL_THREADS)
22 # include "internal/thread_arch.h"
23 #endif
24 #include "internal/numbers.h" /* UINT64_C */
25
26 static const char *certfile, *keyfile;
27
28 #if defined(OPENSSL_THREADS)
29 struct child_thread_args {
30 struct helper *h;
31 const struct script_op *script;
32 const char *script_name;
33 int thread_idx;
34
35 CRYPTO_THREAD *t;
36 CRYPTO_MUTEX *m;
37 int testresult;
38 int done;
39 int s_checked_out;
40 };
41 #endif
42
43 typedef struct stream_info {
44 const char *name;
45 SSL *c_stream;
46 uint64_t s_stream_id;
47 } STREAM_INFO;
48
49 DEFINE_LHASH_OF_EX(STREAM_INFO);
50
51 struct helper {
52 int s_fd;
53 BIO *s_net_bio, *s_net_bio_own, *s_qtf_wbio, *s_qtf_wbio_own;
54 /* The BIO_ADDR used for BIO_bind() */
55 BIO_ADDR *s_net_bio_orig_addr;
56 /* The resulting address, which is the one to connect to */
57 BIO_ADDR *s_net_bio_addr;
58
59 /*
60 * When doing a blocking mode test run, s_priv always points to the TSERVER
61 * and s is NULL when the main thread should not be touching s_priv.
62 */
63 QUIC_TSERVER *s, *s_priv;
64 LHASH_OF(STREAM_INFO) *s_streams;
65
66 int c_fd;
67 BIO *c_net_bio, *c_net_bio_own;
68 SSL_CTX *c_ctx;
69 SSL *c_conn;
70 LHASH_OF(STREAM_INFO) *c_streams;
71
72 #if defined(OPENSSL_THREADS)
73 struct child_thread_args *threads;
74 size_t num_threads;
75 CRYPTO_MUTEX *misc_m;
76 CRYPTO_CONDVAR *misc_cv;
77 #endif
78
79 OSSL_TIME start_time;
80
81 /*
82 * This is a duration recording the amount of time we have skipped forwards
83 * for testing purposes relative to the real ossl_time_now() clock. We add
84 * a quantity of time to this every time we skip some time.
85 */
86 CRYPTO_RWLOCK *time_lock;
87 OSSL_TIME time_slip; /* protected by time_lock */
88
89 QTEST_FAULT *qtf;
90
91 int init, blocking, check_spin_again;
92 int free_order, need_injector;
93
94 int (*qtf_packet_plain_cb)(struct helper *h, QUIC_PKT_HDR *hdr,
95 unsigned char *buf, size_t buf_len);
96 int (*qtf_handshake_cb)(struct helper *h,
97 unsigned char *buf, size_t buf_len);
98 int (*qtf_datagram_cb)(struct helper *h,
99 BIO_MSG *m, size_t stride);
100 uint64_t inject_word0, inject_word1;
101 uint64_t scratch0, scratch1, fail_count;
102 #if defined(OPENSSL_THREADS)
103 struct {
104 CRYPTO_THREAD *t;
105 CRYPTO_MUTEX *m;
106 CRYPTO_CONDVAR *c;
107 int ready, stop;
108 } server_thread;
109 int s_checked_out;
110 #endif
111 };
112
113 struct helper_local {
114 struct helper *h;
115 LHASH_OF(STREAM_INFO) *c_streams;
116 int thread_idx;
117 const struct script_op *check_op;
118 int explicit_event_handling;
119 };
120
121 struct script_op {
122 uint32_t op;
123 const void *arg0;
124 size_t arg1;
125 int (*check_func)(struct helper *h, struct helper_local *hl);
126 const char *stream_name;
127 uint64_t arg2;
128 int (*qtf_packet_plain_cb)(struct helper *h, QUIC_PKT_HDR *hdr,
129 unsigned char *buf, size_t buf_len);
130 int (*qtf_handshake_cb)(struct helper *h,
131 unsigned char *buf, size_t buf_len);
132 int (*qtf_datagram_cb)(struct helper *h,
133 BIO_MSG *m, size_t stride);
134 };
135
136 #define OPK_END 0
137 #define OPK_CHECK 1
138 #define OPK_C_SET_ALPN 2
139 #define OPK_C_CONNECT_WAIT 3
140 #define OPK_C_WRITE 4
141 #define OPK_S_WRITE 5
142 #define OPK_C_READ_EXPECT 6
143 #define OPK_S_READ_EXPECT 7
144 #define OPK_C_EXPECT_FIN 8
145 #define OPK_S_EXPECT_FIN 9
146 #define OPK_C_CONCLUDE 10
147 #define OPK_S_CONCLUDE 11
148 #define OPK_C_DETACH 12
149 #define OPK_C_ATTACH 13
150 #define OPK_C_NEW_STREAM 14
151 #define OPK_S_NEW_STREAM 15
152 #define OPK_C_ACCEPT_STREAM_WAIT 16
153 #define OPK_C_ACCEPT_STREAM_NONE 17
154 #define OPK_C_FREE_STREAM 18
155 #define OPK_C_SET_DEFAULT_STREAM_MODE 19
156 #define OPK_C_SET_INCOMING_STREAM_POLICY 20
157 #define OPK_C_SHUTDOWN_WAIT 21
158 #define OPK_C_EXPECT_CONN_CLOSE_INFO 22
159 #define OPK_S_EXPECT_CONN_CLOSE_INFO 23
160 #define OPK_S_BIND_STREAM_ID 24
161 #define OPK_C_WAIT_FOR_DATA 25
162 #define OPK_C_WRITE_FAIL 26
163 #define OPK_S_WRITE_FAIL 27
164 #define OPK_C_READ_FAIL 28
165 #define OPK_C_STREAM_RESET 29
166 #define OPK_S_ACCEPT_STREAM_WAIT 30
167 #define OPK_NEW_THREAD 31
168 #define OPK_BEGIN_REPEAT 32
169 #define OPK_END_REPEAT 33
170 #define OPK_S_UNBIND_STREAM_ID 34
171 #define OPK_C_READ_FAIL_WAIT 35
172 #define OPK_C_CLOSE_SOCKET 36
173 #define OPK_C_EXPECT_SSL_ERR 37
174 #define OPK_EXPECT_ERR_REASON 38
175 #define OPK_EXPECT_ERR_LIB 39
176 #define OPK_SLEEP 40
177 #define OPK_S_READ_FAIL 41
178 #define OPK_S_SET_INJECT_PLAIN 42
179 #define OPK_SET_INJECT_WORD 43
180 #define OPK_C_INHIBIT_TICK 44
181 #define OPK_C_SET_WRITE_BUF_SIZE 45
182 #define OPK_S_SET_INJECT_HANDSHAKE 46
183 #define OPK_S_NEW_TICKET 47
184 #define OPK_C_SKIP_IF_UNBOUND 48
185 #define OPK_S_SET_INJECT_DATAGRAM 49
186 #define OPK_S_SHUTDOWN 50
187 #define OPK_POP_ERR 51
188 #define OPK_C_WRITE_EX2 52
189 #define OPK_SKIP_IF_BLOCKING 53
190 #define OPK_C_STREAM_RESET_FAIL 54
191
192 #define EXPECT_CONN_CLOSE_APP (1U << 0)
193 #define EXPECT_CONN_CLOSE_REMOTE (1U << 1)
194
195 /* OPK_C_NEW_STREAM */
196 #define ALLOW_FAIL (1U << 16)
197
198 #define C_BIDI_ID(ordinal) \
199 (((ordinal) << 2) | QUIC_STREAM_INITIATOR_CLIENT | QUIC_STREAM_DIR_BIDI)
200 #define S_BIDI_ID(ordinal) \
201 (((ordinal) << 2) | QUIC_STREAM_INITIATOR_SERVER | QUIC_STREAM_DIR_BIDI)
202 #define C_UNI_ID(ordinal) \
203 (((ordinal) << 2) | QUIC_STREAM_INITIATOR_CLIENT | QUIC_STREAM_DIR_UNI)
204 #define S_UNI_ID(ordinal) \
205 (((ordinal) << 2) | QUIC_STREAM_INITIATOR_SERVER | QUIC_STREAM_DIR_UNI)
206
207 #define ANY_ID UINT64_MAX
208
209 #define OP_END \
210 {OPK_END}
211 #define OP_CHECK(func, arg2) \
212 {OPK_CHECK, NULL, 0, (func), NULL, (arg2)},
213 #define OP_C_SET_ALPN(alpn) \
214 {OPK_C_SET_ALPN, (alpn), 0, NULL, NULL},
215 #define OP_C_CONNECT_WAIT() \
216 {OPK_C_CONNECT_WAIT, NULL, 0, NULL, NULL},
217 #define OP_C_CONNECT_WAIT_OR_FAIL() \
218 {OPK_C_CONNECT_WAIT, NULL, 1, NULL, NULL},
219 #define OP_C_WRITE(stream_name, buf, buf_len) \
220 {OPK_C_WRITE, (buf), (buf_len), NULL, #stream_name},
221 #define OP_S_WRITE(stream_name, buf, buf_len) \
222 {OPK_S_WRITE, (buf), (buf_len), NULL, #stream_name},
223 #define OP_C_READ_EXPECT(stream_name, buf, buf_len) \
224 {OPK_C_READ_EXPECT, (buf), (buf_len), NULL, #stream_name},
225 #define OP_S_READ_EXPECT(stream_name, buf, buf_len) \
226 {OPK_S_READ_EXPECT, (buf), (buf_len), NULL, #stream_name},
227 #define OP_C_EXPECT_FIN(stream_name) \
228 {OPK_C_EXPECT_FIN, NULL, 0, NULL, #stream_name},
229 #define OP_S_EXPECT_FIN(stream_name) \
230 {OPK_S_EXPECT_FIN, NULL, 0, NULL, #stream_name},
231 #define OP_C_CONCLUDE(stream_name) \
232 {OPK_C_CONCLUDE, NULL, 0, NULL, #stream_name},
233 #define OP_S_CONCLUDE(stream_name) \
234 {OPK_S_CONCLUDE, NULL, 0, NULL, #stream_name},
235 #define OP_C_DETACH(stream_name) \
236 {OPK_C_DETACH, NULL, 0, NULL, #stream_name},
237 #define OP_C_ATTACH(stream_name) \
238 {OPK_C_ATTACH, NULL, 0, NULL, #stream_name},
239 #define OP_C_NEW_STREAM_BIDI(stream_name, expect_id) \
240 {OPK_C_NEW_STREAM, NULL, 0, NULL, #stream_name, (expect_id)},
241 #define OP_C_NEW_STREAM_BIDI_EX(stream_name, expect_id, flags) \
242 {OPK_C_NEW_STREAM, NULL, (flags), NULL, #stream_name, (expect_id)},
243 #define OP_C_NEW_STREAM_UNI(stream_name, expect_id) \
244 {OPK_C_NEW_STREAM, NULL, SSL_STREAM_FLAG_UNI, \
245 NULL, #stream_name, (expect_id)},
246 #define OP_C_NEW_STREAM_UNI_EX(stream_name, expect_id, flags) \
247 {OPK_C_NEW_STREAM, NULL, (flags) | SSL_STREAM_FLAG_UNI, \
248 NULL, #stream_name, (expect_id)},
249 #define OP_S_NEW_STREAM_BIDI(stream_name, expect_id) \
250 {OPK_S_NEW_STREAM, NULL, 0, NULL, #stream_name, (expect_id)},
251 #define OP_S_NEW_STREAM_UNI(stream_name, expect_id) \
252 {OPK_S_NEW_STREAM, NULL, 1, NULL, #stream_name, (expect_id)},
253 #define OP_C_ACCEPT_STREAM_WAIT(stream_name) \
254 {OPK_C_ACCEPT_STREAM_WAIT, NULL, 0, NULL, #stream_name},
255 #define OP_C_ACCEPT_STREAM_NONE() \
256 {OPK_C_ACCEPT_STREAM_NONE, NULL, 0, NULL, NULL},
257 #define OP_C_FREE_STREAM(stream_name) \
258 {OPK_C_FREE_STREAM, NULL, 0, NULL, #stream_name},
259 #define OP_C_SET_DEFAULT_STREAM_MODE(mode) \
260 {OPK_C_SET_DEFAULT_STREAM_MODE, NULL, (mode), NULL, NULL},
261 #define OP_C_SET_INCOMING_STREAM_POLICY(policy) \
262 {OPK_C_SET_INCOMING_STREAM_POLICY, NULL, (policy), NULL, NULL},
263 #define OP_C_SHUTDOWN_WAIT(reason, flags) \
264 {OPK_C_SHUTDOWN_WAIT, (reason), (flags), NULL, NULL},
265 #define OP_C_EXPECT_CONN_CLOSE_INFO(ec, app, remote) \
266 {OPK_C_EXPECT_CONN_CLOSE_INFO, NULL, \
267 ((app) ? EXPECT_CONN_CLOSE_APP : 0) | \
268 ((remote) ? EXPECT_CONN_CLOSE_REMOTE : 0), \
269 NULL, NULL, (ec)},
270 #define OP_S_EXPECT_CONN_CLOSE_INFO(ec, app, remote) \
271 {OPK_S_EXPECT_CONN_CLOSE_INFO, NULL, \
272 ((app) ? EXPECT_CONN_CLOSE_APP : 0) | \
273 ((remote) ? EXPECT_CONN_CLOSE_REMOTE : 0), \
274 NULL, NULL, (ec)},
275 #define OP_S_BIND_STREAM_ID(stream_name, stream_id) \
276 {OPK_S_BIND_STREAM_ID, NULL, 0, NULL, #stream_name, (stream_id)},
277 #define OP_C_WAIT_FOR_DATA(stream_name) \
278 {OPK_C_WAIT_FOR_DATA, NULL, 0, NULL, #stream_name},
279 #define OP_C_WRITE_FAIL(stream_name) \
280 {OPK_C_WRITE_FAIL, NULL, 0, NULL, #stream_name},
281 #define OP_S_WRITE_FAIL(stream_name) \
282 {OPK_S_WRITE_FAIL, NULL, 0, NULL, #stream_name},
283 #define OP_C_READ_FAIL(stream_name) \
284 {OPK_C_READ_FAIL, NULL, 0, NULL, #stream_name},
285 #define OP_S_READ_FAIL(stream_name, allow_zero_len) \
286 {OPK_S_READ_FAIL, NULL, (allow_zero_len), NULL, #stream_name},
287 #define OP_C_STREAM_RESET(stream_name, aec) \
288 {OPK_C_STREAM_RESET, NULL, 0, NULL, #stream_name, (aec)},
289 #define OP_C_STREAM_RESET_FAIL(stream_name, aec) \
290 {OPK_C_STREAM_RESET_FAIL, NULL, 0, NULL, #stream_name, (aec)},
291 #define OP_S_ACCEPT_STREAM_WAIT(stream_name) \
292 {OPK_S_ACCEPT_STREAM_WAIT, NULL, 0, NULL, #stream_name},
293 #define OP_NEW_THREAD(num_threads, script) \
294 {OPK_NEW_THREAD, (script), (num_threads), NULL, NULL, 0 },
295 #define OP_BEGIN_REPEAT(n) \
296 {OPK_BEGIN_REPEAT, NULL, (n)},
297 #define OP_END_REPEAT() \
298 {OPK_END_REPEAT},
299 #define OP_S_UNBIND_STREAM_ID(stream_name) \
300 {OPK_S_UNBIND_STREAM_ID, NULL, 0, NULL, #stream_name},
301 #define OP_C_READ_FAIL_WAIT(stream_name) \
302 {OPK_C_READ_FAIL_WAIT, NULL, 0, NULL, #stream_name},
303 #define OP_C_CLOSE_SOCKET() \
304 {OPK_C_CLOSE_SOCKET},
305 #define OP_C_EXPECT_SSL_ERR(stream_name, err) \
306 {OPK_C_EXPECT_SSL_ERR, NULL, (err), NULL, #stream_name},
307 #define OP_EXPECT_ERR_REASON(err) \
308 {OPK_EXPECT_ERR_REASON, NULL, (err)},
309 #define OP_EXPECT_ERR_LIB(lib) \
310 {OPK_EXPECT_ERR_LIB, NULL, (lib)},
311 #define OP_SLEEP(ms) \
312 {OPK_SLEEP, NULL, 0, NULL, NULL, (ms)},
313 #define OP_S_SET_INJECT_PLAIN(f) \
314 {OPK_S_SET_INJECT_PLAIN, NULL, 0, NULL, NULL, 0, (f)},
315 #define OP_SET_INJECT_WORD(w0, w1) \
316 {OPK_SET_INJECT_WORD, NULL, (w0), NULL, NULL, (w1), NULL},
317 #define OP_C_INHIBIT_TICK(inhibit) \
318 {OPK_C_INHIBIT_TICK, NULL, (inhibit), NULL, NULL, 0, NULL},
319 #define OP_C_SET_WRITE_BUF_SIZE(stream_name, size) \
320 {OPK_C_SET_WRITE_BUF_SIZE, NULL, (size), NULL, #stream_name},
321 #define OP_S_SET_INJECT_HANDSHAKE(f) \
322 {OPK_S_SET_INJECT_HANDSHAKE, NULL, 0, NULL, NULL, 0, NULL, (f)},
323 #define OP_S_NEW_TICKET() \
324 {OPK_S_NEW_TICKET},
325 #define OP_C_SKIP_IF_UNBOUND(stream_name, n) \
326 {OPK_C_SKIP_IF_UNBOUND, NULL, (n), NULL, #stream_name},
327 #define OP_S_SET_INJECT_DATAGRAM(f) \
328 {OPK_S_SET_INJECT_DATAGRAM, NULL, 0, NULL, NULL, 0, NULL, NULL, (f)},
329 #define OP_S_SHUTDOWN(error_code) \
330 {OPK_S_SHUTDOWN, NULL, (error_code)},
331 #define OP_POP_ERR() \
332 {OPK_POP_ERR},
333 #define OP_C_WRITE_EX2(stream_name, buf, buf_len, flags) \
334 {OPK_C_WRITE_EX2, (buf), (buf_len), NULL, #stream_name, (flags)},
335 #define OP_CHECK2(func, arg1, arg2) \
336 {OPK_CHECK, NULL, (arg1), (func), NULL, (arg2)},
337 #define OP_SKIP_IF_BLOCKING(n) \
338 {OPK_SKIP_IF_BLOCKING, NULL, (n), NULL, 0},
339
get_time(void * arg)340 static OSSL_TIME get_time(void *arg)
341 {
342 struct helper *h = arg;
343 OSSL_TIME t;
344
345 if (!TEST_true(CRYPTO_THREAD_read_lock(h->time_lock)))
346 return ossl_time_zero();
347
348 t = ossl_time_add(ossl_time_now(), h->time_slip);
349
350 CRYPTO_THREAD_unlock(h->time_lock);
351 return t;
352 }
353
skip_time_ms(struct helper * h,struct helper_local * hl)354 static int skip_time_ms(struct helper *h, struct helper_local *hl)
355 {
356 if (!TEST_true(CRYPTO_THREAD_write_lock(h->time_lock)))
357 return 0;
358
359 h->time_slip = ossl_time_add(h->time_slip, ossl_ms2time(hl->check_op->arg2));
360
361 CRYPTO_THREAD_unlock(h->time_lock);
362 return 1;
363 }
364
365 static QUIC_TSERVER *s_lock(struct helper *h, struct helper_local *hl);
366 static void s_unlock(struct helper *h, struct helper_local *hl);
367
368 #define ACQUIRE_S() s_lock(h, hl)
369 #define ACQUIRE_S_NOHL() s_lock(h, NULL)
370
check_rejected(struct helper * h,struct helper_local * hl)371 static int check_rejected(struct helper *h, struct helper_local *hl)
372 {
373 uint64_t stream_id = hl->check_op->arg2;
374
375 if (!ossl_quic_tserver_stream_has_peer_stop_sending(ACQUIRE_S(), stream_id, NULL)
376 || !ossl_quic_tserver_stream_has_peer_reset_stream(ACQUIRE_S(), stream_id, NULL)) {
377 h->check_spin_again = 1;
378 return 0;
379 }
380
381 return 1;
382 }
383
check_stream_reset(struct helper * h,struct helper_local * hl)384 static int check_stream_reset(struct helper *h, struct helper_local *hl)
385 {
386 uint64_t stream_id = hl->check_op->arg2, aec = 0;
387
388 if (!ossl_quic_tserver_stream_has_peer_reset_stream(ACQUIRE_S(), stream_id, &aec)) {
389 h->check_spin_again = 1;
390 return 0;
391 }
392
393 return TEST_uint64_t_eq(aec, 42);
394 }
395
check_stream_stopped(struct helper * h,struct helper_local * hl)396 static int check_stream_stopped(struct helper *h, struct helper_local *hl)
397 {
398 uint64_t stream_id = hl->check_op->arg2;
399
400 if (!ossl_quic_tserver_stream_has_peer_stop_sending(ACQUIRE_S(), stream_id, NULL)) {
401 h->check_spin_again = 1;
402 return 0;
403 }
404
405 return 1;
406 }
407
override_key_update(struct helper * h,struct helper_local * hl)408 static int override_key_update(struct helper *h, struct helper_local *hl)
409 {
410 QUIC_CHANNEL *ch = ossl_quic_conn_get_channel(h->c_conn);
411
412 ossl_quic_channel_set_txku_threshold_override(ch, hl->check_op->arg2);
413 return 1;
414 }
415
trigger_key_update(struct helper * h,struct helper_local * hl)416 static int trigger_key_update(struct helper *h, struct helper_local *hl)
417 {
418 if (!TEST_true(SSL_key_update(h->c_conn, SSL_KEY_UPDATE_REQUESTED)))
419 return 0;
420
421 return 1;
422 }
423
check_key_update_ge(struct helper * h,struct helper_local * hl)424 static int check_key_update_ge(struct helper *h, struct helper_local *hl)
425 {
426 QUIC_CHANNEL *ch = ossl_quic_conn_get_channel(h->c_conn);
427 int64_t txke = (int64_t)ossl_quic_channel_get_tx_key_epoch(ch);
428 int64_t rxke = (int64_t)ossl_quic_channel_get_rx_key_epoch(ch);
429 int64_t diff = txke - rxke;
430
431 /*
432 * TXKE must always be equal to or ahead of RXKE.
433 * It can be ahead of RXKE by at most 1.
434 */
435 if (!TEST_int64_t_ge(diff, 0) || !TEST_int64_t_le(diff, 1))
436 return 0;
437
438 /* Caller specifies a minimum number of RXKEs which must have happened. */
439 if (!TEST_uint64_t_ge((uint64_t)rxke, hl->check_op->arg2))
440 return 0;
441
442 return 1;
443 }
444
check_key_update_lt(struct helper * h,struct helper_local * hl)445 static int check_key_update_lt(struct helper *h, struct helper_local *hl)
446 {
447 QUIC_CHANNEL *ch = ossl_quic_conn_get_channel(h->c_conn);
448 uint64_t txke = ossl_quic_channel_get_tx_key_epoch(ch);
449
450 /* Caller specifies a maximum number of TXKEs which must have happened. */
451 if (!TEST_uint64_t_lt(txke, hl->check_op->arg2))
452 return 0;
453
454 return 1;
455 }
456
stream_info_hash(const STREAM_INFO * info)457 static unsigned long stream_info_hash(const STREAM_INFO *info)
458 {
459 return OPENSSL_LH_strhash(info->name);
460 }
461
stream_info_cmp(const STREAM_INFO * a,const STREAM_INFO * b)462 static int stream_info_cmp(const STREAM_INFO *a, const STREAM_INFO *b)
463 {
464 return strcmp(a->name, b->name);
465 }
466
cleanup_stream(STREAM_INFO * info)467 static void cleanup_stream(STREAM_INFO *info)
468 {
469 SSL_free(info->c_stream);
470 OPENSSL_free(info);
471 }
472
helper_cleanup_streams(LHASH_OF (STREAM_INFO)** lh)473 static void helper_cleanup_streams(LHASH_OF(STREAM_INFO) **lh)
474 {
475 if (*lh == NULL)
476 return;
477
478 lh_STREAM_INFO_doall(*lh, cleanup_stream);
479 lh_STREAM_INFO_free(*lh);
480 *lh = NULL;
481 }
482
483 #if defined(OPENSSL_THREADS)
484 static CRYPTO_THREAD_RETVAL run_script_child_thread(void *arg);
485
join_threads(struct child_thread_args * threads,size_t num_threads)486 static int join_threads(struct child_thread_args *threads, size_t num_threads)
487 {
488 int ok = 1;
489 size_t i;
490 CRYPTO_THREAD_RETVAL rv;
491
492 for (i = 0; i < num_threads; ++i) {
493 if (threads[i].t != NULL) {
494 ossl_crypto_thread_native_join(threads[i].t, &rv);
495
496 if (!threads[i].testresult)
497 /* Do not log failure here, worker will do it. */
498 ok = 0;
499
500 ossl_crypto_thread_native_clean(threads[i].t);
501 threads[i].t = NULL;
502 }
503
504 ossl_crypto_mutex_free(&threads[i].m);
505 }
506
507 return ok;
508 }
509
join_server_thread(struct helper * h)510 static int join_server_thread(struct helper *h)
511 {
512 CRYPTO_THREAD_RETVAL rv;
513
514 if (h->server_thread.t == NULL)
515 return 1;
516
517 ossl_crypto_mutex_lock(h->server_thread.m);
518 h->server_thread.stop = 1;
519 ossl_crypto_condvar_signal(h->server_thread.c);
520 ossl_crypto_mutex_unlock(h->server_thread.m);
521
522 ossl_crypto_thread_native_join(h->server_thread.t, &rv);
523 ossl_crypto_thread_native_clean(h->server_thread.t);
524 h->server_thread.t = NULL;
525 return 1;
526 }
527
528 /* Ensure the server-state lock is currently held. Idempotent. */
s_checked_out_p(struct helper * h,int thread_idx)529 static int *s_checked_out_p(struct helper *h, int thread_idx)
530 {
531 return (thread_idx < 0) ? &h->s_checked_out
532 : &h->threads[thread_idx].s_checked_out;
533 }
534
s_lock(struct helper * h,struct helper_local * hl)535 static QUIC_TSERVER *s_lock(struct helper *h, struct helper_local *hl)
536 {
537 int *p_checked_out = s_checked_out_p(h, hl == NULL ? -1 : hl->thread_idx);
538
539 if (h->server_thread.m == NULL || *p_checked_out)
540 return h->s;
541
542 ossl_crypto_mutex_lock(h->server_thread.m);
543 h->s = h->s_priv;
544 *p_checked_out = 1;
545 return h->s;
546 }
547
548 /* Ensure the server-state lock is currently not held. Idempotent. */
s_unlock(struct helper * h,struct helper_local * hl)549 static void s_unlock(struct helper *h, struct helper_local *hl)
550 {
551 int *p_checked_out = s_checked_out_p(h, hl->thread_idx);
552
553 if (h->server_thread.m == NULL || !*p_checked_out)
554 return;
555
556 *p_checked_out = 0;
557 h->s = NULL;
558 ossl_crypto_mutex_unlock(h->server_thread.m);
559 }
560
server_helper_thread(void * arg)561 static unsigned int server_helper_thread(void *arg)
562 {
563 struct helper *h = arg;
564
565 ossl_crypto_mutex_lock(h->server_thread.m);
566
567 for (;;) {
568 int ready, stop;
569
570 ready = h->server_thread.ready;
571 stop = h->server_thread.stop;
572
573 if (stop)
574 break;
575
576 if (!ready) {
577 ossl_crypto_condvar_wait(h->server_thread.c, h->server_thread.m);
578 continue;
579 }
580
581 ossl_quic_tserver_tick(h->s_priv);
582 ossl_crypto_mutex_unlock(h->server_thread.m);
583 /*
584 * Give the main thread an opportunity to get the mutex, which is
585 * sometimes necessary in some script operations.
586 */
587 OSSL_sleep(1);
588 ossl_crypto_mutex_lock(h->server_thread.m);
589 }
590
591 ossl_crypto_mutex_unlock(h->server_thread.m);
592 return 1;
593 }
594
595 #else
596
s_lock(struct helper * h,struct helper_local * hl)597 static QUIC_TSERVER *s_lock(struct helper *h, struct helper_local *hl)
598 {
599 return h->s;
600 }
601
s_unlock(struct helper * h,struct helper_local * hl)602 static void s_unlock(struct helper *h, struct helper_local *hl)
603 {}
604
605 #endif
606
helper_cleanup(struct helper * h)607 static void helper_cleanup(struct helper *h)
608 {
609 #if defined(OPENSSL_THREADS)
610 join_threads(h->threads, h->num_threads);
611 join_server_thread(h);
612 OPENSSL_free(h->threads);
613 h->threads = NULL;
614 h->num_threads = 0;
615 #endif
616
617 if (h->free_order == 0) {
618 /* order 0: streams, then conn */
619 helper_cleanup_streams(&h->c_streams);
620
621 SSL_free(h->c_conn);
622 h->c_conn = NULL;
623 } else {
624 /* order 1: conn, then streams */
625 SSL_free(h->c_conn);
626 h->c_conn = NULL;
627
628 helper_cleanup_streams(&h->c_streams);
629 }
630
631 helper_cleanup_streams(&h->s_streams);
632 ossl_quic_tserver_free(h->s_priv);
633 h->s_priv = h->s = NULL;
634
635 BIO_free(h->s_net_bio_own);
636 h->s_net_bio_own = NULL;
637
638 BIO_free(h->c_net_bio_own);
639 h->c_net_bio_own = NULL;
640
641 BIO_free(h->s_qtf_wbio_own);
642 h->s_qtf_wbio_own = NULL;
643
644 qtest_fault_free(h->qtf);
645 h->qtf = NULL;
646
647 if (h->s_fd >= 0) {
648 BIO_closesocket(h->s_fd);
649 h->s_fd = -1;
650 }
651
652 if (h->c_fd >= 0) {
653 BIO_closesocket(h->c_fd);
654 h->c_fd = -1;
655 }
656
657 BIO_ADDR_free(h->s_net_bio_addr);
658 h->s_net_bio_addr = NULL;
659 BIO_ADDR_free(h->s_net_bio_orig_addr);
660 h->s_net_bio_orig_addr = NULL;
661
662 SSL_CTX_free(h->c_ctx);
663 h->c_ctx = NULL;
664
665 CRYPTO_THREAD_lock_free(h->time_lock);
666 h->time_lock = NULL;
667
668 #if defined(OPENSSL_THREADS)
669 ossl_crypto_mutex_free(&h->misc_m);
670 ossl_crypto_condvar_free(&h->misc_cv);
671 ossl_crypto_mutex_free(&h->server_thread.m);
672 ossl_crypto_condvar_free(&h->server_thread.c);
673 #endif
674 }
675
helper_init(struct helper * h,const char * script_name,int free_order,int blocking,int need_injector)676 static int helper_init(struct helper *h, const char *script_name,
677 int free_order, int blocking,
678 int need_injector)
679 {
680 struct in_addr ina = {0};
681 QUIC_TSERVER_ARGS s_args = {0};
682 union BIO_sock_info_u info;
683 char title[128];
684
685 memset(h, 0, sizeof(*h));
686 h->c_fd = -1;
687 h->s_fd = -1;
688 h->free_order = free_order;
689 h->blocking = blocking;
690 h->need_injector = need_injector;
691 h->time_slip = ossl_time_zero();
692
693 if (!TEST_ptr(h->time_lock = CRYPTO_THREAD_lock_new()))
694 goto err;
695
696 if (!TEST_ptr(h->s_streams = lh_STREAM_INFO_new(stream_info_hash,
697 stream_info_cmp)))
698 goto err;
699
700 if (!TEST_ptr(h->c_streams = lh_STREAM_INFO_new(stream_info_hash,
701 stream_info_cmp)))
702 goto err;
703
704 ina.s_addr = htonl(0x7f000001UL);
705
706 h->s_fd = BIO_socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP, 0);
707 if (!TEST_int_ge(h->s_fd, 0))
708 goto err;
709
710 if (!TEST_true(BIO_socket_nbio(h->s_fd, 1)))
711 goto err;
712
713 if (!TEST_ptr(h->s_net_bio_orig_addr = BIO_ADDR_new())
714 || !TEST_ptr(h->s_net_bio_addr = BIO_ADDR_new()))
715 goto err;
716
717 if (!TEST_true(BIO_ADDR_rawmake(h->s_net_bio_orig_addr, AF_INET,
718 &ina, sizeof(ina), 0)))
719 goto err;
720
721 if (!TEST_true(BIO_bind(h->s_fd, h->s_net_bio_orig_addr, 0)))
722 goto err;
723
724 info.addr = h->s_net_bio_addr;
725 if (!TEST_true(BIO_sock_info(h->s_fd, BIO_SOCK_INFO_ADDRESS, &info)))
726 goto err;
727
728 if (!TEST_int_gt(BIO_ADDR_rawport(h->s_net_bio_addr), 0))
729 goto err;
730
731 if (!TEST_ptr(h->s_net_bio = h->s_net_bio_own = BIO_new_dgram(h->s_fd, 0)))
732 goto err;
733
734 if (!BIO_up_ref(h->s_net_bio))
735 goto err;
736
737 if (need_injector) {
738 h->s_qtf_wbio = h->s_qtf_wbio_own = BIO_new(qtest_get_bio_method());
739 if (!TEST_ptr(h->s_qtf_wbio))
740 goto err;
741
742 if (!TEST_ptr(BIO_push(h->s_qtf_wbio, h->s_net_bio)))
743 goto err;
744
745 s_args.net_wbio = h->s_qtf_wbio;
746 } else {
747 s_args.net_wbio = h->s_net_bio;
748 }
749
750 s_args.net_rbio = h->s_net_bio;
751 s_args.alpn = NULL;
752 s_args.now_cb = get_time;
753 s_args.now_cb_arg = h;
754 s_args.ctx = NULL;
755
756 if (!TEST_ptr(h->s_priv = ossl_quic_tserver_new(&s_args, certfile, keyfile)))
757 goto err;
758
759 if (!blocking)
760 h->s = h->s_priv;
761
762 if (need_injector) {
763 h->qtf = qtest_create_injector(h->s_priv);
764 if (!TEST_ptr(h->qtf))
765 goto err;
766
767 BIO_set_data(h->s_qtf_wbio, h->qtf);
768 }
769
770 h->s_net_bio_own = NULL;
771 h->s_qtf_wbio_own = NULL;
772
773 h->c_fd = BIO_socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP, 0);
774 if (!TEST_int_ge(h->c_fd, 0))
775 goto err;
776
777 if (!TEST_true(BIO_socket_nbio(h->c_fd, 1)))
778 goto err;
779
780 if (!TEST_ptr(h->c_net_bio = h->c_net_bio_own = BIO_new_dgram(h->c_fd, 0)))
781 goto err;
782
783 if (!TEST_true(BIO_dgram_set_peer(h->c_net_bio, h->s_net_bio_addr)))
784 goto err;
785
786 if (!TEST_ptr(h->c_ctx = SSL_CTX_new(OSSL_QUIC_client_method())))
787 goto err;
788
789 /* Set title for qlog purposes. */
790 BIO_snprintf(title, sizeof(title), "quic_multistream_test: %s", script_name);
791 if (!TEST_true(ossl_quic_set_diag_title(h->c_ctx, title)))
792 goto err;
793
794 if (!TEST_ptr(h->c_conn = SSL_new(h->c_ctx)))
795 goto err;
796
797 /* Use custom time function for virtual time skip. */
798 if (!TEST_true(ossl_quic_conn_set_override_now_cb(h->c_conn, get_time, h)))
799 goto err;
800
801 /* Takes ownership of our reference to the BIO. */
802 SSL_set0_rbio(h->c_conn, h->c_net_bio);
803 h->c_net_bio_own = NULL;
804
805 if (!TEST_true(BIO_up_ref(h->c_net_bio)))
806 goto err;
807
808 SSL_set0_wbio(h->c_conn, h->c_net_bio);
809
810 if (!TEST_true(SSL_set_blocking_mode(h->c_conn, h->blocking)))
811 goto err;
812
813 #if defined(OPENSSL_THREADS)
814 if (!TEST_ptr(h->misc_m = ossl_crypto_mutex_new()))
815 goto err;
816 if (!TEST_ptr(h->misc_cv = ossl_crypto_condvar_new()))
817 goto err;
818 #endif
819
820 if (h->blocking) {
821 #if defined(OPENSSL_THREADS)
822 if (!TEST_ptr(h->server_thread.m = ossl_crypto_mutex_new()))
823 goto err;
824
825 if (!TEST_ptr(h->server_thread.c = ossl_crypto_condvar_new()))
826 goto err;
827
828 h->server_thread.t
829 = ossl_crypto_thread_native_start(server_helper_thread, h, 1);
830 if (!TEST_ptr(h->server_thread.t))
831 goto err;
832 #else
833 TEST_error("cannot support blocking mode without threads");
834 goto err;
835 #endif
836 }
837
838 h->start_time = ossl_time_now();
839 h->init = 1;
840 return 1;
841
842 err:
843 helper_cleanup(h);
844 return 0;
845 }
846
helper_local_init(struct helper_local * hl,struct helper * h,int thread_idx)847 static int helper_local_init(struct helper_local *hl, struct helper *h,
848 int thread_idx)
849 {
850 hl->h = h;
851 hl->c_streams = NULL;
852 hl->thread_idx = thread_idx;
853 hl->explicit_event_handling = 0;
854
855 if (!TEST_ptr(h))
856 return 0;
857
858 if (thread_idx < 0) {
859 hl->c_streams = h->c_streams;
860 } else {
861 if (!TEST_ptr(hl->c_streams = lh_STREAM_INFO_new(stream_info_hash,
862 stream_info_cmp)))
863 return 0;
864 }
865
866 return 1;
867 }
868
helper_local_cleanup(struct helper_local * hl)869 static void helper_local_cleanup(struct helper_local *hl)
870 {
871 if (hl->h == NULL)
872 return;
873
874 if (hl->thread_idx >= 0)
875 helper_cleanup_streams(&hl->c_streams);
876
877 hl->h = NULL;
878 }
879
get_stream_info(LHASH_OF (STREAM_INFO)* lh,const char * stream_name)880 static STREAM_INFO *get_stream_info(LHASH_OF(STREAM_INFO) *lh,
881 const char *stream_name)
882 {
883 STREAM_INFO key, *info;
884
885 if (!TEST_ptr(stream_name))
886 return NULL;
887
888 if (!strcmp(stream_name, "DEFAULT"))
889 return NULL;
890
891 key.name = stream_name;
892 info = lh_STREAM_INFO_retrieve(lh, &key);
893 if (info == NULL) {
894 info = OPENSSL_zalloc(sizeof(*info));
895 if (info == NULL)
896 return NULL;
897
898 info->name = stream_name;
899 info->s_stream_id = UINT64_MAX;
900 lh_STREAM_INFO_insert(lh, info);
901 }
902
903 return info;
904 }
905
helper_local_set_c_stream(struct helper_local * hl,const char * stream_name,SSL * c_stream)906 static int helper_local_set_c_stream(struct helper_local *hl,
907 const char *stream_name,
908 SSL *c_stream)
909 {
910 STREAM_INFO *info = get_stream_info(hl->c_streams, stream_name);
911
912 if (info == NULL)
913 return 0;
914
915 info->c_stream = c_stream;
916 info->s_stream_id = UINT64_MAX;
917 return 1;
918 }
919
helper_local_get_c_stream(struct helper_local * hl,const char * stream_name)920 static SSL *helper_local_get_c_stream(struct helper_local *hl,
921 const char *stream_name)
922 {
923 STREAM_INFO *info;
924
925 if (!strcmp(stream_name, "DEFAULT"))
926 return hl->h->c_conn;
927
928 info = get_stream_info(hl->c_streams, stream_name);
929 if (info == NULL)
930 return NULL;
931
932 return info->c_stream;
933 }
934
935 static int
helper_set_s_stream(struct helper * h,const char * stream_name,uint64_t s_stream_id)936 helper_set_s_stream(struct helper *h, const char *stream_name,
937 uint64_t s_stream_id)
938 {
939 STREAM_INFO *info;
940
941 if (!strcmp(stream_name, "DEFAULT"))
942 return 0;
943
944 info = get_stream_info(h->s_streams, stream_name);
945 if (info == NULL)
946 return 0;
947
948 info->c_stream = NULL;
949 info->s_stream_id = s_stream_id;
950 return 1;
951 }
952
helper_get_s_stream(struct helper * h,const char * stream_name)953 static uint64_t helper_get_s_stream(struct helper *h, const char *stream_name)
954 {
955 STREAM_INFO *info;
956
957 if (!strcmp(stream_name, "DEFAULT"))
958 return UINT64_MAX;
959
960 info = get_stream_info(h->s_streams, stream_name);
961 if (info == NULL)
962 return UINT64_MAX;
963
964 return info->s_stream_id;
965 }
966
helper_packet_plain_listener(QTEST_FAULT * qtf,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t buf_len,void * arg)967 static int helper_packet_plain_listener(QTEST_FAULT *qtf, QUIC_PKT_HDR *hdr,
968 unsigned char *buf, size_t buf_len,
969 void *arg)
970 {
971 struct helper *h = arg;
972
973 return h->qtf_packet_plain_cb(h, hdr, buf, buf_len);
974 }
975
helper_handshake_listener(QTEST_FAULT * fault,unsigned char * buf,size_t buf_len,void * arg)976 static int helper_handshake_listener(QTEST_FAULT *fault,
977 unsigned char *buf, size_t buf_len,
978 void *arg)
979 {
980 struct helper *h = arg;
981
982 return h->qtf_handshake_cb(h, buf, buf_len);
983 }
984
helper_datagram_listener(QTEST_FAULT * fault,BIO_MSG * msg,size_t stride,void * arg)985 static int helper_datagram_listener(QTEST_FAULT *fault,
986 BIO_MSG *msg, size_t stride,
987 void *arg)
988 {
989 struct helper *h = arg;
990
991 return h->qtf_datagram_cb(h, msg, stride);
992 }
993
is_want(SSL * s,int ret)994 static int is_want(SSL *s, int ret)
995 {
996 int ec = SSL_get_error(s, ret);
997
998 return ec == SSL_ERROR_WANT_READ || ec == SSL_ERROR_WANT_WRITE;
999 }
1000
check_consistent_want(SSL * s,int ret)1001 static int check_consistent_want(SSL *s, int ret)
1002 {
1003 int ec = SSL_get_error(s, ret);
1004 int w = SSL_want(s);
1005
1006 int ok = TEST_true(
1007 (ec == SSL_ERROR_NONE && w == SSL_NOTHING)
1008 || (ec == SSL_ERROR_ZERO_RETURN && w == SSL_NOTHING)
1009 || (ec == SSL_ERROR_SSL && w == SSL_NOTHING)
1010 || (ec == SSL_ERROR_SYSCALL && w == SSL_NOTHING)
1011 || (ec == SSL_ERROR_WANT_READ && w == SSL_READING)
1012 || (ec == SSL_ERROR_WANT_WRITE && w == SSL_WRITING)
1013 || (ec == SSL_ERROR_WANT_CLIENT_HELLO_CB && w == SSL_CLIENT_HELLO_CB)
1014 || (ec == SSL_ERROR_WANT_X509_LOOKUP && w == SSL_X509_LOOKUP)
1015 || (ec == SSL_ERROR_WANT_RETRY_VERIFY && w == SSL_RETRY_VERIFY)
1016 );
1017
1018 if (!ok)
1019 TEST_error("got error=%d, want=%d", ec, w);
1020
1021 return ok;
1022 }
1023
run_script_worker(struct helper * h,const struct script_op * script,const char * script_name,int thread_idx)1024 static int run_script_worker(struct helper *h, const struct script_op *script,
1025 const char *script_name,
1026 int thread_idx)
1027 {
1028 int testresult = 0;
1029 unsigned char *tmp_buf = NULL;
1030 int connect_started = 0;
1031 size_t offset = 0;
1032 size_t op_idx = 0;
1033 const struct script_op *op = NULL;
1034 int no_advance = 0, first = 1;
1035 #if defined(OPENSSL_THREADS)
1036 int end_wait_warning = 0;
1037 #endif
1038 OSSL_TIME op_start_time = ossl_time_zero(), op_deadline = ossl_time_zero();
1039 struct helper_local hl_, *hl = &hl_;
1040 #define REPEAT_SLOTS 8
1041 size_t repeat_stack_idx[REPEAT_SLOTS], repeat_stack_done[REPEAT_SLOTS];
1042 size_t repeat_stack_limit[REPEAT_SLOTS];
1043 size_t repeat_stack_len = 0;
1044
1045 if (!TEST_true(helper_local_init(hl, h, thread_idx)))
1046 goto out;
1047
1048 #define COMMON_SPIN_AGAIN() \
1049 { \
1050 no_advance = 1; \
1051 continue; \
1052 }
1053 #define S_SPIN_AGAIN() \
1054 { \
1055 s_lock(h, hl); \
1056 ossl_quic_tserver_tick(h->s); \
1057 COMMON_SPIN_AGAIN(); \
1058 }
1059 #define C_SPIN_AGAIN() \
1060 { \
1061 if (h->blocking) { \
1062 TEST_error("spin again in blocking mode"); \
1063 goto out; \
1064 } \
1065 COMMON_SPIN_AGAIN(); \
1066 }
1067
1068 for (;;) {
1069 SSL *c_tgt = h->c_conn;
1070 uint64_t s_stream_id = UINT64_MAX;
1071
1072 s_unlock(h, hl);
1073
1074 if (no_advance) {
1075 no_advance = 0;
1076 } else {
1077 if (!first)
1078 ++op_idx;
1079
1080 first = 0;
1081 offset = 0;
1082 op_start_time = ossl_time_now();
1083 op_deadline = ossl_time_add(op_start_time, ossl_ms2time(60000));
1084 }
1085
1086 if (!TEST_int_le(ossl_time_compare(ossl_time_now(), op_deadline), 0)) {
1087 TEST_error("op %zu timed out on thread %d", op_idx + 1, thread_idx);
1088 goto out;
1089 }
1090
1091 op = &script[op_idx];
1092
1093 if (op->stream_name != NULL) {
1094 c_tgt = helper_local_get_c_stream(hl, op->stream_name);
1095 if (thread_idx < 0)
1096 s_stream_id = helper_get_s_stream(h, op->stream_name);
1097 else
1098 s_stream_id = UINT64_MAX;
1099 }
1100
1101 if (thread_idx < 0) {
1102 if (!h->blocking) {
1103 ossl_quic_tserver_tick(h->s);
1104 }
1105 #if defined(OPENSSL_THREADS)
1106 else if (h->blocking && !h->server_thread.ready) {
1107 ossl_crypto_mutex_lock(h->server_thread.m);
1108 h->server_thread.ready = 1;
1109 ossl_crypto_condvar_signal(h->server_thread.c);
1110 ossl_crypto_mutex_unlock(h->server_thread.m);
1111 }
1112 if (h->blocking)
1113 assert(h->s == NULL);
1114 #endif
1115 }
1116
1117 if (!hl->explicit_event_handling
1118 && (thread_idx >= 0 || connect_started))
1119 SSL_handle_events(h->c_conn);
1120
1121 if (thread_idx >= 0) {
1122 /* Only allow certain opcodes on child threads. */
1123 switch (op->op) {
1124 case OPK_END:
1125 case OPK_CHECK:
1126 case OPK_C_ACCEPT_STREAM_WAIT:
1127 case OPK_C_NEW_STREAM:
1128 case OPK_C_READ_EXPECT:
1129 case OPK_C_EXPECT_FIN:
1130 case OPK_C_WRITE:
1131 case OPK_C_WRITE_EX2:
1132 case OPK_C_CONCLUDE:
1133 case OPK_C_FREE_STREAM:
1134 case OPK_BEGIN_REPEAT:
1135 case OPK_END_REPEAT:
1136 case OPK_C_READ_FAIL_WAIT:
1137 case OPK_C_EXPECT_SSL_ERR:
1138 case OPK_EXPECT_ERR_REASON:
1139 case OPK_EXPECT_ERR_LIB:
1140 case OPK_POP_ERR:
1141 case OPK_SLEEP:
1142 break;
1143
1144 default:
1145 TEST_error("opcode %lu not allowed on child thread",
1146 (unsigned long)op->op);
1147 goto out;
1148 }
1149 }
1150
1151 switch (op->op) {
1152 case OPK_END:
1153 if (!TEST_size_t_eq(repeat_stack_len, 0))
1154 goto out;
1155
1156 #if defined(OPENSSL_THREADS)
1157 if (thread_idx < 0) {
1158 int done;
1159 size_t i;
1160
1161 for (i = 0; i < h->num_threads; ++i) {
1162 if (h->threads[i].m == NULL)
1163 continue;
1164
1165 ossl_crypto_mutex_lock(h->threads[i].m);
1166 done = h->threads[i].done;
1167 ossl_crypto_mutex_unlock(h->threads[i].m);
1168
1169 if (!done) {
1170 if (!end_wait_warning) {
1171 TEST_info("still waiting for other threads to finish (%zu)", i);
1172 end_wait_warning = 1;
1173 }
1174
1175 S_SPIN_AGAIN();
1176 }
1177 }
1178 }
1179 #endif
1180
1181 TEST_info("script \"%s\" finished on thread %d", script_name, thread_idx);
1182 testresult = 1;
1183 goto out;
1184
1185 case OPK_BEGIN_REPEAT:
1186 if (!TEST_size_t_lt(repeat_stack_len, OSSL_NELEM(repeat_stack_idx)))
1187 goto out;
1188
1189 if (!TEST_size_t_gt(op->arg1, 0))
1190 goto out;
1191
1192 repeat_stack_idx[repeat_stack_len] = op_idx + 1;
1193 repeat_stack_done[repeat_stack_len] = 0;
1194 repeat_stack_limit[repeat_stack_len] = op->arg1;
1195 ++repeat_stack_len;
1196 break;
1197
1198 case OPK_C_SKIP_IF_UNBOUND:
1199 if (c_tgt != NULL)
1200 break;
1201
1202 op_idx += op->arg1;
1203 break;
1204
1205 case OPK_SKIP_IF_BLOCKING:
1206 if (!h->blocking)
1207 break;
1208
1209 op_idx += op->arg1;
1210 break;
1211
1212 case OPK_END_REPEAT:
1213 if (!TEST_size_t_gt(repeat_stack_len, 0))
1214 goto out;
1215
1216 if (++repeat_stack_done[repeat_stack_len - 1]
1217 == repeat_stack_limit[repeat_stack_len - 1]) {
1218 --repeat_stack_len;
1219 } else {
1220 op_idx = repeat_stack_idx[repeat_stack_len - 1];
1221 no_advance = 1;
1222 continue;
1223 }
1224
1225 break;
1226
1227 case OPK_CHECK:
1228 {
1229 int ok;
1230
1231 hl->check_op = op;
1232 ok = op->check_func(h, hl);
1233 hl->check_op = NULL;
1234
1235 if (thread_idx < 0 && h->check_spin_again) {
1236 h->check_spin_again = 0;
1237 S_SPIN_AGAIN();
1238 }
1239
1240 if (!TEST_true(ok))
1241 goto out;
1242 }
1243 break;
1244
1245 case OPK_C_SET_ALPN:
1246 {
1247 const char *alpn = op->arg0;
1248 size_t alpn_len = strlen(alpn);
1249
1250 if (!TEST_size_t_le(alpn_len, UINT8_MAX)
1251 || !TEST_ptr(tmp_buf = (unsigned char *)OPENSSL_malloc(alpn_len + 1)))
1252 goto out;
1253
1254 memcpy(tmp_buf + 1, alpn, alpn_len);
1255 tmp_buf[0] = (unsigned char)alpn_len;
1256
1257 /* 0 is the success case for SSL_set_alpn_protos(). */
1258 if (!TEST_false(SSL_set_alpn_protos(h->c_conn, tmp_buf,
1259 alpn_len + 1)))
1260 goto out;
1261
1262 OPENSSL_free(tmp_buf);
1263 tmp_buf = NULL;
1264 }
1265 break;
1266
1267 case OPK_C_CONNECT_WAIT:
1268 {
1269 int ret;
1270
1271 connect_started = 1;
1272
1273 ret = SSL_connect(h->c_conn);
1274 if (!check_consistent_want(c_tgt, ret))
1275 goto out;
1276 if (ret != 1) {
1277 if (!h->blocking && is_want(h->c_conn, ret))
1278 C_SPIN_AGAIN();
1279
1280 if (op->arg1 == 0 && !TEST_int_eq(ret, 1))
1281 goto out;
1282 }
1283 }
1284 break;
1285
1286 case OPK_C_WRITE:
1287 {
1288 size_t bytes_written = 0;
1289 int r;
1290
1291 if (!TEST_ptr(c_tgt))
1292 goto out;
1293
1294 r = SSL_write_ex(c_tgt, op->arg0, op->arg1, &bytes_written);
1295 if (!TEST_true(r)
1296 || !check_consistent_want(c_tgt, r)
1297 || !TEST_size_t_eq(bytes_written, op->arg1))
1298 goto out;
1299 }
1300 break;
1301
1302 case OPK_C_WRITE_EX2:
1303 {
1304 size_t bytes_written = 0;
1305 int r;
1306
1307 if (!TEST_ptr(c_tgt))
1308 goto out;
1309
1310 r = SSL_write_ex2(c_tgt, op->arg0, op->arg1, op->arg2,
1311 &bytes_written);
1312 if (!TEST_true(r)
1313 || !check_consistent_want(c_tgt, r)
1314 || !TEST_size_t_eq(bytes_written, op->arg1))
1315 goto out;
1316 }
1317 break;
1318
1319 case OPK_S_WRITE:
1320 {
1321 size_t bytes_written = 0;
1322
1323 if (!TEST_uint64_t_ne(s_stream_id, UINT64_MAX))
1324 goto out;
1325
1326 if (!TEST_true(ossl_quic_tserver_write(ACQUIRE_S(), s_stream_id,
1327 op->arg0, op->arg1,
1328 &bytes_written))
1329 || !TEST_size_t_eq(bytes_written, op->arg1))
1330 goto out;
1331 }
1332 break;
1333
1334 case OPK_C_CONCLUDE:
1335 {
1336 if (!TEST_true(SSL_stream_conclude(c_tgt, 0)))
1337 goto out;
1338 }
1339 break;
1340
1341 case OPK_S_CONCLUDE:
1342 {
1343 if (!TEST_uint64_t_ne(s_stream_id, UINT64_MAX))
1344 goto out;
1345
1346 ossl_quic_tserver_conclude(ACQUIRE_S(), s_stream_id);
1347 }
1348 break;
1349
1350 case OPK_C_WAIT_FOR_DATA:
1351 {
1352 char buf[1];
1353 size_t bytes_read = 0;
1354
1355 if (!TEST_ptr(c_tgt))
1356 goto out;
1357
1358 if (!SSL_peek_ex(c_tgt, buf, sizeof(buf), &bytes_read)
1359 || bytes_read == 0)
1360 C_SPIN_AGAIN();
1361 }
1362 break;
1363
1364 case OPK_C_READ_EXPECT:
1365 {
1366 size_t bytes_read = 0;
1367 int r;
1368
1369 if (op->arg1 > 0 && tmp_buf == NULL
1370 && !TEST_ptr(tmp_buf = OPENSSL_malloc(op->arg1)))
1371 goto out;
1372
1373 r = SSL_read_ex(c_tgt, tmp_buf + offset, op->arg1 - offset,
1374 &bytes_read);
1375 if (!check_consistent_want(c_tgt, r))
1376 goto out;
1377
1378 if (!r)
1379 C_SPIN_AGAIN();
1380
1381 if (bytes_read + offset != op->arg1) {
1382 offset += bytes_read;
1383 C_SPIN_AGAIN();
1384 }
1385
1386 if (op->arg1 > 0
1387 && !TEST_mem_eq(tmp_buf, op->arg1, op->arg0, op->arg1))
1388 goto out;
1389
1390 OPENSSL_free(tmp_buf);
1391 tmp_buf = NULL;
1392 }
1393 break;
1394
1395 case OPK_S_READ_EXPECT:
1396 {
1397 size_t bytes_read = 0;
1398
1399 if (!TEST_uint64_t_ne(s_stream_id, UINT64_MAX))
1400 goto out;
1401
1402 if (op->arg1 > 0 && tmp_buf == NULL
1403 && !TEST_ptr(tmp_buf = OPENSSL_malloc(op->arg1)))
1404 goto out;
1405
1406 if (!TEST_true(ossl_quic_tserver_read(ACQUIRE_S(), s_stream_id,
1407 tmp_buf + offset,
1408 op->arg1 - offset,
1409 &bytes_read)))
1410 goto out;
1411
1412 if (bytes_read + offset != op->arg1) {
1413 offset += bytes_read;
1414 S_SPIN_AGAIN();
1415 }
1416
1417 if (op->arg1 > 0
1418 && !TEST_mem_eq(tmp_buf, op->arg1, op->arg0, op->arg1))
1419 goto out;
1420
1421 OPENSSL_free(tmp_buf);
1422 tmp_buf = NULL;
1423 }
1424 break;
1425
1426 case OPK_C_EXPECT_FIN:
1427 {
1428 char buf[1];
1429 size_t bytes_read = 0;
1430 int r;
1431
1432 r = SSL_read_ex(c_tgt, buf, sizeof(buf), &bytes_read);
1433 if (!check_consistent_want(c_tgt, r)
1434 || !TEST_false(r)
1435 || !TEST_size_t_eq(bytes_read, 0))
1436 goto out;
1437
1438 if (is_want(c_tgt, 0))
1439 C_SPIN_AGAIN();
1440
1441 if (!TEST_int_eq(SSL_get_error(c_tgt, 0),
1442 SSL_ERROR_ZERO_RETURN))
1443 goto out;
1444
1445 if (!TEST_int_eq(SSL_want(c_tgt), SSL_NOTHING))
1446 goto out;
1447 }
1448 break;
1449
1450 case OPK_S_EXPECT_FIN:
1451 {
1452 if (!TEST_uint64_t_ne(s_stream_id, UINT64_MAX))
1453 goto out;
1454
1455 if (!ossl_quic_tserver_has_read_ended(ACQUIRE_S(), s_stream_id))
1456 S_SPIN_AGAIN();
1457 }
1458 break;
1459
1460 case OPK_C_DETACH:
1461 {
1462 SSL *c_stream;
1463
1464 if (!TEST_ptr_null(c_tgt))
1465 goto out; /* don't overwrite existing stream with same name */
1466
1467 if (!TEST_ptr(op->stream_name))
1468 goto out;
1469
1470 if (!TEST_ptr(c_stream = ossl_quic_detach_stream(h->c_conn)))
1471 goto out;
1472
1473 if (!TEST_true(helper_local_set_c_stream(hl, op->stream_name, c_stream)))
1474 goto out;
1475 }
1476 break;
1477
1478 case OPK_C_ATTACH:
1479 {
1480 if (!TEST_ptr(c_tgt))
1481 goto out;
1482
1483 if (!TEST_ptr(op->stream_name))
1484 goto out;
1485
1486 if (!TEST_true(ossl_quic_attach_stream(h->c_conn, c_tgt)))
1487 goto out;
1488
1489 if (!TEST_true(helper_local_set_c_stream(hl, op->stream_name, NULL)))
1490 goto out;
1491 }
1492 break;
1493
1494 case OPK_C_NEW_STREAM:
1495 {
1496 SSL *c_stream;
1497 uint64_t flags = op->arg1;
1498 int allow_fail = ((flags & ALLOW_FAIL) != 0);
1499
1500 flags &= ~(uint64_t)ALLOW_FAIL;
1501
1502 if (!TEST_ptr_null(c_tgt))
1503 goto out; /* don't overwrite existing stream with same name */
1504
1505 if (!TEST_ptr(op->stream_name))
1506 goto out;
1507
1508 c_stream = SSL_new_stream(h->c_conn, flags);
1509 if (!allow_fail && !TEST_ptr(c_stream))
1510 goto out;
1511
1512 if (allow_fail && c_stream == NULL) {
1513 if (!TEST_size_t_eq(ERR_GET_REASON(ERR_get_error()),
1514 SSL_R_STREAM_COUNT_LIMITED))
1515 goto out;
1516
1517 ++h->fail_count;
1518 break;
1519 }
1520
1521 if (op->arg2 != UINT64_MAX
1522 && !TEST_uint64_t_eq(SSL_get_stream_id(c_stream),
1523 op->arg2))
1524 goto out;
1525
1526 if (!TEST_true(helper_local_set_c_stream(hl, op->stream_name, c_stream)))
1527 goto out;
1528 }
1529 break;
1530
1531 case OPK_S_NEW_STREAM:
1532 {
1533 uint64_t stream_id = UINT64_MAX;
1534
1535 if (!TEST_uint64_t_eq(s_stream_id, UINT64_MAX))
1536 goto out; /* don't overwrite existing stream with same name */
1537
1538 if (!TEST_ptr(op->stream_name))
1539 goto out;
1540
1541 if (!TEST_true(ossl_quic_tserver_stream_new(ACQUIRE_S(),
1542 op->arg1 > 0,
1543 &stream_id)))
1544 goto out;
1545
1546 if (op->arg2 != UINT64_MAX
1547 && !TEST_uint64_t_eq(stream_id, op->arg2))
1548 goto out;
1549
1550 if (!TEST_true(helper_set_s_stream(h, op->stream_name,
1551 stream_id)))
1552 goto out;
1553 }
1554 break;
1555
1556 case OPK_C_ACCEPT_STREAM_WAIT:
1557 {
1558 SSL *c_stream;
1559
1560 if (!TEST_ptr_null(c_tgt))
1561 goto out; /* don't overwrite existing stream with same name */
1562
1563 if (!TEST_ptr(op->stream_name))
1564 goto out;
1565
1566 if ((c_stream = SSL_accept_stream(h->c_conn, 0)) == NULL)
1567 C_SPIN_AGAIN();
1568
1569 if (!TEST_true(helper_local_set_c_stream(hl, op->stream_name,
1570 c_stream)))
1571 goto out;
1572 }
1573 break;
1574
1575 case OPK_S_ACCEPT_STREAM_WAIT:
1576 {
1577 uint64_t new_stream_id;
1578
1579 if (!TEST_uint64_t_eq(s_stream_id, UINT64_MAX))
1580 goto out;
1581
1582 if (!TEST_ptr(op->stream_name))
1583 goto out;
1584
1585 new_stream_id = ossl_quic_tserver_pop_incoming_stream(ACQUIRE_S());
1586 if (new_stream_id == UINT64_MAX)
1587 S_SPIN_AGAIN();
1588
1589 if (!TEST_true(helper_set_s_stream(h, op->stream_name, new_stream_id)))
1590 goto out;
1591 }
1592 break;
1593
1594 case OPK_C_ACCEPT_STREAM_NONE:
1595 {
1596 SSL *c_stream;
1597
1598 if (!TEST_ptr_null(c_stream = SSL_accept_stream(h->c_conn,
1599 SSL_ACCEPT_STREAM_NO_BLOCK))) {
1600 SSL_free(c_stream);
1601 goto out;
1602 }
1603 }
1604 break;
1605
1606 case OPK_C_FREE_STREAM:
1607 {
1608 if (!TEST_ptr(c_tgt)
1609 || !TEST_true(!SSL_is_connection(c_tgt)))
1610 goto out;
1611
1612 if (!TEST_ptr(op->stream_name))
1613 goto out;
1614
1615 if (!TEST_true(helper_local_set_c_stream(hl, op->stream_name, NULL)))
1616 goto out;
1617
1618 SSL_free(c_tgt);
1619 c_tgt = NULL;
1620 }
1621 break;
1622
1623 case OPK_C_SET_DEFAULT_STREAM_MODE:
1624 {
1625 if (!TEST_ptr(c_tgt))
1626 goto out;
1627
1628 if (!TEST_true(SSL_set_default_stream_mode(c_tgt, op->arg1)))
1629 goto out;
1630 }
1631 break;
1632
1633 case OPK_C_SET_INCOMING_STREAM_POLICY:
1634 {
1635 if (!TEST_ptr(c_tgt))
1636 goto out;
1637
1638 if (!TEST_true(SSL_set_incoming_stream_policy(c_tgt,
1639 op->arg1, 0)))
1640 goto out;
1641 }
1642 break;
1643
1644 case OPK_C_SHUTDOWN_WAIT:
1645 {
1646 int ret;
1647 QUIC_CHANNEL *ch = ossl_quic_conn_get_channel(h->c_conn);
1648 SSL_SHUTDOWN_EX_ARGS args = {0};
1649
1650 ossl_quic_engine_set_inhibit_tick(ossl_quic_channel_get0_engine(ch), 0);
1651
1652 if (!TEST_ptr(c_tgt))
1653 goto out;
1654
1655 args.quic_reason = (const char *)op->arg0;
1656
1657 ret = SSL_shutdown_ex(c_tgt, op->arg1, &args, sizeof(args));
1658 if (!TEST_int_ge(ret, 0))
1659 goto out;
1660
1661 if (ret == 0)
1662 C_SPIN_AGAIN();
1663 }
1664 break;
1665
1666 case OPK_S_SHUTDOWN:
1667 {
1668 ossl_quic_tserver_shutdown(ACQUIRE_S(), op->arg1);
1669 }
1670 break;
1671
1672 case OPK_C_EXPECT_CONN_CLOSE_INFO:
1673 {
1674 SSL_CONN_CLOSE_INFO cc_info = {0};
1675 int expect_app = (op->arg1 & EXPECT_CONN_CLOSE_APP) != 0;
1676 int expect_remote = (op->arg1 & EXPECT_CONN_CLOSE_REMOTE) != 0;
1677 uint64_t error_code = op->arg2;
1678
1679 if (!TEST_ptr(c_tgt))
1680 goto out;
1681
1682 if (h->blocking
1683 && !TEST_true(SSL_shutdown_ex(c_tgt,
1684 SSL_SHUTDOWN_FLAG_WAIT_PEER,
1685 NULL, 0)))
1686 goto out;
1687
1688 if (!SSL_get_conn_close_info(c_tgt, &cc_info, sizeof(cc_info)))
1689 C_SPIN_AGAIN();
1690
1691 if (!TEST_int_eq(expect_app,
1692 (cc_info.flags
1693 & SSL_CONN_CLOSE_FLAG_TRANSPORT) == 0)
1694 || !TEST_int_eq(expect_remote,
1695 (cc_info.flags
1696 & SSL_CONN_CLOSE_FLAG_LOCAL) == 0)
1697 || !TEST_uint64_t_eq(error_code, cc_info.error_code)) {
1698 TEST_info("Connection close reason: %s", cc_info.reason);
1699 goto out;
1700 }
1701 }
1702 break;
1703
1704 case OPK_S_EXPECT_CONN_CLOSE_INFO:
1705 {
1706 const QUIC_TERMINATE_CAUSE *tc;
1707 int expect_app = (op->arg1 & EXPECT_CONN_CLOSE_APP) != 0;
1708 int expect_remote = (op->arg1 & EXPECT_CONN_CLOSE_REMOTE) != 0;
1709 uint64_t error_code = op->arg2;
1710
1711 if (!ossl_quic_tserver_is_term_any(ACQUIRE_S())) {
1712 ossl_quic_tserver_ping(ACQUIRE_S());
1713 S_SPIN_AGAIN();
1714 }
1715
1716 if (!TEST_ptr(tc = ossl_quic_tserver_get_terminate_cause(ACQUIRE_S())))
1717 goto out;
1718
1719 if (!TEST_uint64_t_eq(error_code, tc->error_code)
1720 || !TEST_int_eq(expect_app, tc->app)
1721 || !TEST_int_eq(expect_remote, tc->remote))
1722 goto out;
1723 }
1724 break;
1725
1726 case OPK_S_BIND_STREAM_ID:
1727 {
1728 if (!TEST_uint64_t_eq(s_stream_id, UINT64_MAX))
1729 goto out;
1730
1731 if (!TEST_ptr(op->stream_name))
1732 goto out;
1733
1734 if (!TEST_true(helper_set_s_stream(h, op->stream_name, op->arg2)))
1735 goto out;
1736 }
1737 break;
1738
1739 case OPK_S_UNBIND_STREAM_ID:
1740 {
1741 if (!TEST_uint64_t_ne(s_stream_id, UINT64_MAX))
1742 goto out;
1743
1744 if (!TEST_ptr(op->stream_name))
1745 goto out;
1746
1747 if (!TEST_true(helper_set_s_stream(h, op->stream_name, UINT64_MAX)))
1748 goto out;
1749 }
1750 break;
1751
1752 case OPK_C_WRITE_FAIL:
1753 {
1754 size_t bytes_written = 0;
1755 int r;
1756
1757 if (!TEST_ptr(c_tgt))
1758 goto out;
1759
1760 r = SSL_write_ex(c_tgt, "apple", 5, &bytes_written);
1761 if (!TEST_false(r)
1762 || !check_consistent_want(c_tgt, r))
1763 goto out;
1764 }
1765 break;
1766
1767 case OPK_S_WRITE_FAIL:
1768 {
1769 size_t bytes_written = 0;
1770
1771 if (!TEST_uint64_t_ne(s_stream_id, UINT64_MAX))
1772 goto out;
1773
1774 if (!TEST_false(ossl_quic_tserver_write(ACQUIRE_S(), s_stream_id,
1775 (const unsigned char *)"apple", 5,
1776 &bytes_written)))
1777 goto out;
1778 }
1779 break;
1780
1781 case OPK_C_READ_FAIL:
1782 {
1783 size_t bytes_read = 0;
1784 char buf[1];
1785 int r;
1786
1787 if (!TEST_ptr(c_tgt))
1788 goto out;
1789
1790 r = SSL_read_ex(c_tgt, buf, sizeof(buf), &bytes_read);
1791 if (!TEST_false(r))
1792 goto out;
1793 if (!check_consistent_want(c_tgt, r))
1794 goto out;
1795 }
1796 break;
1797
1798 case OPK_C_READ_FAIL_WAIT:
1799 {
1800 size_t bytes_read = 0;
1801 char buf[1];
1802 int r;
1803
1804 if (!TEST_ptr(c_tgt))
1805 goto out;
1806
1807 r = SSL_read_ex(c_tgt, buf, sizeof(buf), &bytes_read);
1808 if (!TEST_false(r))
1809 goto out;
1810 if (!check_consistent_want(c_tgt, r))
1811 goto out;
1812
1813 if (is_want(c_tgt, 0))
1814 C_SPIN_AGAIN();
1815 }
1816 break;
1817
1818 case OPK_S_READ_FAIL:
1819 {
1820 int ret;
1821 size_t bytes_read = 0;
1822 unsigned char buf[1];
1823
1824 if (!TEST_uint64_t_ne(s_stream_id, UINT64_MAX))
1825 goto out;
1826
1827 ret = ossl_quic_tserver_read(ACQUIRE_S(), s_stream_id,
1828 buf, sizeof(buf),
1829 &bytes_read);
1830 if (!TEST_true(ret == 0 || (op->arg1 && bytes_read == 0)))
1831 goto out;
1832 }
1833 break;
1834
1835 case OPK_C_STREAM_RESET:
1836 case OPK_C_STREAM_RESET_FAIL:
1837 {
1838 SSL_STREAM_RESET_ARGS args = {0};
1839
1840 if (!TEST_ptr(c_tgt))
1841 goto out;
1842
1843 args.quic_error_code = op->arg2;
1844 if (op->op == OPK_C_STREAM_RESET) {
1845 if (!TEST_true(SSL_stream_reset(c_tgt, &args, sizeof(args))))
1846 goto out;
1847 } else {
1848 if (!TEST_false(SSL_stream_reset(c_tgt, &args, sizeof(args))))
1849 goto out;
1850 }
1851 }
1852 break;
1853
1854 case OPK_NEW_THREAD:
1855 {
1856 #if !defined(OPENSSL_THREADS)
1857 /*
1858 * If this test script requires threading and we do not have
1859 * support for it, skip the rest of it.
1860 */
1861 TEST_skip("threading not supported, skipping");
1862 testresult = 1;
1863 goto out;
1864 #else
1865 size_t i;
1866
1867 if (!TEST_ptr_null(h->threads)) {
1868 TEST_error("max one NEW_THREAD operation per script");
1869 goto out;
1870 }
1871
1872 h->threads = OPENSSL_zalloc(op->arg1 * sizeof(struct child_thread_args));
1873 if (!TEST_ptr(h->threads))
1874 goto out;
1875
1876 h->num_threads = op->arg1;
1877
1878 for (i = 0; i < op->arg1; ++i) {
1879 h->threads[i].h = h;
1880 h->threads[i].script = op->arg0;
1881 h->threads[i].script_name = script_name;
1882 h->threads[i].thread_idx = i;
1883
1884 h->threads[i].m = ossl_crypto_mutex_new();
1885 if (!TEST_ptr(h->threads[i].m))
1886 goto out;
1887
1888 h->threads[i].t
1889 = ossl_crypto_thread_native_start(run_script_child_thread,
1890 &h->threads[i], 1);
1891 if (!TEST_ptr(h->threads[i].t))
1892 goto out;
1893 }
1894 #endif
1895 }
1896 break;
1897
1898 case OPK_C_CLOSE_SOCKET:
1899 {
1900 BIO_closesocket(h->c_fd);
1901 h->c_fd = -1;
1902 }
1903 break;
1904
1905 case OPK_C_EXPECT_SSL_ERR:
1906 {
1907 if (!TEST_size_t_eq((size_t)SSL_get_error(c_tgt, 0), op->arg1))
1908 goto out;
1909 if (!TEST_int_eq(SSL_want(c_tgt), SSL_NOTHING))
1910 goto out;
1911 }
1912 break;
1913
1914 case OPK_EXPECT_ERR_REASON:
1915 {
1916 if (!TEST_size_t_eq((size_t)ERR_GET_REASON(ERR_peek_last_error()), op->arg1))
1917 goto out;
1918 }
1919 break;
1920
1921 case OPK_EXPECT_ERR_LIB:
1922 {
1923 if (!TEST_size_t_eq((size_t)ERR_GET_LIB(ERR_peek_last_error()), op->arg1))
1924 goto out;
1925 }
1926 break;
1927
1928 case OPK_POP_ERR:
1929 ERR_pop();
1930 break;
1931
1932 case OPK_SLEEP:
1933 {
1934 OSSL_sleep(op->arg2);
1935 }
1936 break;
1937
1938 case OPK_S_SET_INJECT_PLAIN:
1939 h->qtf_packet_plain_cb = op->qtf_packet_plain_cb;
1940
1941 if (!TEST_true(qtest_fault_set_packet_plain_listener(h->qtf,
1942 h->qtf_packet_plain_cb != NULL ?
1943 helper_packet_plain_listener : NULL,
1944 h)))
1945 goto out;
1946
1947 break;
1948
1949 case OPK_S_SET_INJECT_HANDSHAKE:
1950 h->qtf_handshake_cb = op->qtf_handshake_cb;
1951
1952 if (!TEST_true(qtest_fault_set_handshake_listener(h->qtf,
1953 h->qtf_handshake_cb != NULL ?
1954 helper_handshake_listener : NULL,
1955 h)))
1956 goto out;
1957
1958 break;
1959
1960 case OPK_S_SET_INJECT_DATAGRAM:
1961 h->qtf_datagram_cb = op->qtf_datagram_cb;
1962
1963 if (!TEST_true(qtest_fault_set_datagram_listener(h->qtf,
1964 h->qtf_datagram_cb != NULL ?
1965 helper_datagram_listener : NULL,
1966 h)))
1967 goto out;
1968
1969 break;
1970
1971 case OPK_SET_INJECT_WORD:
1972 /*
1973 * Must hold server tick lock - callbacks can be called from other
1974 * thread when running test in blocking mode (tsan).
1975 */
1976 ACQUIRE_S();
1977 h->inject_word0 = op->arg1;
1978 h->inject_word1 = op->arg2;
1979 break;
1980
1981 case OPK_C_INHIBIT_TICK:
1982 {
1983 QUIC_CHANNEL *ch = ossl_quic_conn_get_channel(h->c_conn);
1984
1985 ossl_quic_engine_set_inhibit_tick(ossl_quic_channel_get0_engine(ch),
1986 op->arg1);
1987 }
1988 break;
1989
1990 case OPK_C_SET_WRITE_BUF_SIZE:
1991 if (!TEST_ptr(c_tgt))
1992 goto out;
1993
1994 if (!TEST_true(ossl_quic_set_write_buffer_size(c_tgt, op->arg1)))
1995 goto out;
1996
1997 break;
1998
1999 case OPK_S_NEW_TICKET:
2000 if (!TEST_true(ossl_quic_tserver_new_ticket(ACQUIRE_S())))
2001 goto out;
2002 break;
2003
2004 default:
2005 TEST_error("unknown op");
2006 goto out;
2007 }
2008 }
2009
2010 out:
2011 s_unlock(h, hl); /* idempotent */
2012 if (!testresult) {
2013 size_t i;
2014 const QUIC_TERMINATE_CAUSE *tcause;
2015 const char *e_str, *f_str;
2016
2017 TEST_error("failed in script \"%s\" at op %zu, thread %d\n",
2018 script_name, op_idx + 1, thread_idx);
2019
2020 for (i = 0; i < repeat_stack_len; ++i)
2021 TEST_info("while repeating, iteration %zu of %zu, starting at script op %zu",
2022 repeat_stack_done[i],
2023 repeat_stack_limit[i],
2024 repeat_stack_idx[i]);
2025
2026 ERR_print_errors_fp(stderr);
2027
2028 if (h->c_conn != NULL) {
2029 SSL_CONN_CLOSE_INFO cc_info = {0};
2030
2031 if (SSL_get_conn_close_info(h->c_conn, &cc_info, sizeof(cc_info))) {
2032 e_str = ossl_quic_err_to_string(cc_info.error_code);
2033 f_str = ossl_quic_frame_type_to_string(cc_info.frame_type);
2034
2035 if (e_str == NULL)
2036 e_str = "?";
2037 if (f_str == NULL)
2038 f_str = "?";
2039
2040 TEST_info("client side is closed: %llu(%s)/%llu(%s), "
2041 "%s, %s, reason: \"%s\"",
2042 (unsigned long long)cc_info.error_code,
2043 e_str,
2044 (unsigned long long)cc_info.frame_type,
2045 f_str,
2046 (cc_info.flags & SSL_CONN_CLOSE_FLAG_LOCAL) != 0
2047 ? "local" : "remote",
2048 (cc_info.flags & SSL_CONN_CLOSE_FLAG_TRANSPORT) != 0
2049 ? "transport" : "app",
2050 cc_info.reason != NULL ? cc_info.reason : "-");
2051 }
2052 }
2053
2054 tcause = (h->s != NULL
2055 ? ossl_quic_tserver_get_terminate_cause(h->s) : NULL);
2056 if (tcause != NULL) {
2057 e_str = ossl_quic_err_to_string(tcause->error_code);
2058 f_str = ossl_quic_frame_type_to_string(tcause->frame_type);
2059
2060 if (e_str == NULL)
2061 e_str = "?";
2062 if (f_str == NULL)
2063 f_str = "?";
2064
2065 TEST_info("server side is closed: %llu(%s)/%llu(%s), "
2066 "%s, %s, reason: \"%s\"",
2067 (unsigned long long)tcause->error_code,
2068 e_str,
2069 (unsigned long long)tcause->frame_type,
2070 f_str,
2071 tcause->remote ? "remote" : "local",
2072 tcause->app ? "app" : "transport",
2073 tcause->reason != NULL ? tcause->reason : "-");
2074 }
2075 }
2076
2077 OPENSSL_free(tmp_buf);
2078 helper_local_cleanup(hl);
2079 return testresult;
2080 }
2081
run_script(const struct script_op * script,const char * script_name,int free_order,int blocking)2082 static int run_script(const struct script_op *script,
2083 const char *script_name,
2084 int free_order,
2085 int blocking)
2086 {
2087 int testresult = 0;
2088 struct helper h;
2089
2090 if (!TEST_true(helper_init(&h, script_name,
2091 free_order, blocking, 1)))
2092 goto out;
2093
2094 if (!TEST_true(run_script_worker(&h, script, script_name, -1)))
2095 goto out;
2096
2097 #if defined(OPENSSL_THREADS)
2098 if (!TEST_true(join_threads(h.threads, h.num_threads)))
2099 goto out;
2100 #endif
2101
2102 testresult = 1;
2103 out:
2104 helper_cleanup(&h);
2105 return testresult;
2106 }
2107
2108 #if defined(OPENSSL_THREADS)
run_script_child_thread(void * arg)2109 static CRYPTO_THREAD_RETVAL run_script_child_thread(void *arg)
2110 {
2111 int testresult;
2112 struct child_thread_args *args = arg;
2113
2114 testresult = run_script_worker(args->h, args->script,
2115 args->script_name,
2116 args->thread_idx);
2117
2118 ossl_crypto_mutex_lock(args->m);
2119 args->testresult = testresult;
2120 args->done = 1;
2121 ossl_crypto_mutex_unlock(args->m);
2122 return 1;
2123 }
2124 #endif
2125
2126 /* 1. Simple single-stream test */
2127 static const struct script_op script_1[] = {
2128 OP_C_SET_ALPN ("ossltest")
2129 OP_C_CONNECT_WAIT ()
2130 OP_C_WRITE (DEFAULT, "apple", 5)
2131 OP_C_CONCLUDE (DEFAULT)
2132 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
2133 OP_S_READ_EXPECT (a, "apple", 5)
2134 OP_S_EXPECT_FIN (a)
2135 OP_S_WRITE (a, "orange", 6)
2136 OP_S_CONCLUDE (a)
2137 OP_C_READ_EXPECT (DEFAULT, "orange", 6)
2138 OP_C_EXPECT_FIN (DEFAULT)
2139 OP_END
2140 };
2141
2142 /* 2. Multi-stream test */
2143 static const struct script_op script_2[] = {
2144 OP_C_SET_ALPN ("ossltest")
2145 OP_C_CONNECT_WAIT ()
2146 OP_C_SET_INCOMING_STREAM_POLICY(SSL_INCOMING_STREAM_POLICY_ACCEPT)
2147 OP_C_WRITE (DEFAULT, "apple", 5)
2148 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
2149 OP_S_READ_EXPECT (a, "apple", 5)
2150 OP_S_WRITE (a, "orange", 6)
2151 OP_C_READ_EXPECT (DEFAULT, "orange", 6)
2152
2153 OP_C_NEW_STREAM_BIDI (b, C_BIDI_ID(1))
2154 OP_C_WRITE (b, "flamingo", 8)
2155 OP_C_CONCLUDE (b)
2156 OP_S_BIND_STREAM_ID (b, C_BIDI_ID(1))
2157 OP_S_READ_EXPECT (b, "flamingo", 8)
2158 OP_S_EXPECT_FIN (b)
2159 OP_S_WRITE (b, "gargoyle", 8)
2160 OP_S_CONCLUDE (b)
2161 OP_C_READ_EXPECT (b, "gargoyle", 8)
2162 OP_C_EXPECT_FIN (b)
2163
2164 OP_C_NEW_STREAM_UNI (c, C_UNI_ID(0))
2165 OP_C_WRITE (c, "elephant", 8)
2166 OP_C_CONCLUDE (c)
2167 OP_S_BIND_STREAM_ID (c, C_UNI_ID(0))
2168 OP_S_READ_EXPECT (c, "elephant", 8)
2169 OP_S_EXPECT_FIN (c)
2170 OP_S_WRITE_FAIL (c)
2171
2172 OP_C_ACCEPT_STREAM_NONE ()
2173
2174 OP_S_NEW_STREAM_BIDI (d, S_BIDI_ID(0))
2175 OP_S_WRITE (d, "frog", 4)
2176 OP_S_CONCLUDE (d)
2177
2178 OP_C_ACCEPT_STREAM_WAIT (d)
2179 OP_C_ACCEPT_STREAM_NONE ()
2180 OP_C_READ_EXPECT (d, "frog", 4)
2181 OP_C_EXPECT_FIN (d)
2182
2183 OP_S_NEW_STREAM_BIDI (e, S_BIDI_ID(1))
2184 OP_S_WRITE (e, "mixture", 7)
2185 OP_S_CONCLUDE (e)
2186
2187 OP_C_ACCEPT_STREAM_WAIT (e)
2188 OP_C_READ_EXPECT (e, "mixture", 7)
2189 OP_C_EXPECT_FIN (e)
2190 OP_C_WRITE (e, "ramble", 6)
2191 OP_S_READ_EXPECT (e, "ramble", 6)
2192 OP_C_CONCLUDE (e)
2193 OP_S_EXPECT_FIN (e)
2194
2195 OP_S_NEW_STREAM_UNI (f, S_UNI_ID(0))
2196 OP_S_WRITE (f, "yonder", 6)
2197 OP_S_CONCLUDE (f)
2198
2199 OP_C_ACCEPT_STREAM_WAIT (f)
2200 OP_C_ACCEPT_STREAM_NONE ()
2201 OP_C_READ_EXPECT (f, "yonder", 6)
2202 OP_C_EXPECT_FIN (f)
2203 OP_C_WRITE_FAIL (f)
2204
2205 OP_C_SET_INCOMING_STREAM_POLICY(SSL_INCOMING_STREAM_POLICY_REJECT)
2206 OP_S_NEW_STREAM_BIDI (g, S_BIDI_ID(2))
2207 OP_S_WRITE (g, "unseen", 6)
2208 OP_S_CONCLUDE (g)
2209
2210 OP_C_ACCEPT_STREAM_NONE ()
2211
2212 OP_C_SET_INCOMING_STREAM_POLICY(SSL_INCOMING_STREAM_POLICY_AUTO)
2213 OP_S_NEW_STREAM_BIDI (h, S_BIDI_ID(3))
2214 OP_S_WRITE (h, "UNSEEN", 6)
2215 OP_S_CONCLUDE (h)
2216
2217 OP_C_ACCEPT_STREAM_NONE ()
2218
2219 /*
2220 * Streams g, h should have been rejected, so server should have got
2221 * STOP_SENDING/RESET_STREAM.
2222 */
2223 OP_CHECK (check_rejected, S_BIDI_ID(2))
2224 OP_CHECK (check_rejected, S_BIDI_ID(3))
2225
2226 OP_END
2227 };
2228
2229 /* 3. Default stream detach/reattach test */
2230 static const struct script_op script_3[] = {
2231 OP_C_SET_ALPN ("ossltest")
2232 OP_C_CONNECT_WAIT ()
2233
2234 OP_C_WRITE (DEFAULT, "apple", 5)
2235 OP_C_DETACH (a) /* DEFAULT becomes stream 'a' */
2236 OP_C_WRITE_FAIL (DEFAULT)
2237
2238 OP_C_WRITE (a, "by", 2)
2239
2240 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
2241 OP_S_READ_EXPECT (a, "appleby", 7)
2242
2243 OP_S_WRITE (a, "hello", 5)
2244 OP_C_READ_EXPECT (a, "hello", 5)
2245
2246 OP_C_WRITE_FAIL (DEFAULT)
2247 OP_C_ATTACH (a)
2248 OP_C_WRITE (DEFAULT, "is here", 7)
2249 OP_S_READ_EXPECT (a, "is here", 7)
2250
2251 OP_C_DETACH (a)
2252 OP_C_CONCLUDE (a)
2253 OP_S_EXPECT_FIN (a)
2254
2255 OP_END
2256 };
2257
2258 /* 4. Default stream mode test */
2259 static const struct script_op script_4[] = {
2260 OP_C_SET_ALPN ("ossltest")
2261 OP_C_CONNECT_WAIT ()
2262
2263 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
2264 OP_C_WRITE_FAIL (DEFAULT)
2265
2266 OP_S_NEW_STREAM_BIDI (a, S_BIDI_ID(0))
2267 OP_S_WRITE (a, "apple", 5)
2268
2269 OP_C_READ_FAIL (DEFAULT)
2270
2271 OP_C_ACCEPT_STREAM_WAIT (a)
2272 OP_C_READ_EXPECT (a, "apple", 5)
2273
2274 OP_C_ATTACH (a)
2275 OP_C_WRITE (DEFAULT, "orange", 6)
2276 OP_S_READ_EXPECT (a, "orange", 6)
2277
2278 OP_END
2279 };
2280
2281 /* 5. Test stream reset functionality */
2282 static const struct script_op script_5[] = {
2283 OP_C_SET_ALPN ("ossltest")
2284 OP_C_CONNECT_WAIT ()
2285
2286 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
2287 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
2288 OP_C_NEW_STREAM_BIDI (b, C_BIDI_ID(1))
2289
2290 OP_C_WRITE (a, "apple", 5)
2291 OP_C_STREAM_RESET (a, 42)
2292
2293 OP_C_WRITE (b, "strawberry", 10)
2294
2295 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
2296 OP_S_BIND_STREAM_ID (b, C_BIDI_ID(1))
2297 OP_S_READ_EXPECT (b, "strawberry", 10)
2298 /* Reset disrupts read of already sent data */
2299 OP_S_READ_FAIL (a, 0)
2300 OP_CHECK (check_stream_reset, C_BIDI_ID(0))
2301
2302 OP_END
2303 };
2304
2305 /* 6. Test STOP_SENDING functionality */
2306 static const struct script_op script_6[] = {
2307 OP_C_SET_ALPN ("ossltest")
2308 OP_C_CONNECT_WAIT ()
2309
2310 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
2311 OP_S_NEW_STREAM_BIDI (a, S_BIDI_ID(0))
2312 OP_S_WRITE (a, "apple", 5)
2313
2314 OP_C_ACCEPT_STREAM_WAIT (a)
2315 OP_C_FREE_STREAM (a)
2316 OP_C_ACCEPT_STREAM_NONE ()
2317
2318 OP_CHECK (check_stream_stopped, S_BIDI_ID(0))
2319
2320 OP_END
2321 };
2322
2323 /* 7. Unidirectional default stream mode test (client sends first) */
2324 static const struct script_op script_7[] = {
2325 OP_C_SET_ALPN ("ossltest")
2326 OP_C_CONNECT_WAIT ()
2327
2328 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_AUTO_UNI)
2329 OP_C_WRITE (DEFAULT, "apple", 5)
2330
2331 OP_S_BIND_STREAM_ID (a, C_UNI_ID(0))
2332 OP_S_READ_EXPECT (a, "apple", 5)
2333 OP_S_WRITE_FAIL (a)
2334
2335 OP_END
2336 };
2337
2338 /* 8. Unidirectional default stream mode test (server sends first) */
2339 static const struct script_op script_8[] = {
2340 OP_C_SET_ALPN ("ossltest")
2341 OP_C_CONNECT_WAIT ()
2342
2343 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_AUTO_UNI)
2344 OP_S_NEW_STREAM_UNI (a, S_UNI_ID(0))
2345 OP_S_WRITE (a, "apple", 5)
2346 OP_C_READ_EXPECT (DEFAULT, "apple", 5)
2347 OP_C_WRITE_FAIL (DEFAULT)
2348
2349 OP_END
2350 };
2351
2352 /* 9. Unidirectional default stream mode test (server sends first on bidi) */
2353 static const struct script_op script_9[] = {
2354 OP_C_SET_ALPN ("ossltest")
2355 OP_C_CONNECT_WAIT ()
2356
2357 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_AUTO_UNI)
2358 OP_S_NEW_STREAM_BIDI (a, S_BIDI_ID(0))
2359 OP_S_WRITE (a, "apple", 5)
2360 OP_C_READ_EXPECT (DEFAULT, "apple", 5)
2361 OP_C_WRITE (DEFAULT, "orange", 6)
2362 OP_S_READ_EXPECT (a, "orange", 6)
2363
2364 OP_END
2365 };
2366
2367 /* 10. Shutdown */
2368 static const struct script_op script_10[] = {
2369 OP_C_SET_ALPN ("ossltest")
2370 OP_C_CONNECT_WAIT ()
2371
2372 OP_C_WRITE (DEFAULT, "apple", 5)
2373 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
2374 OP_S_READ_EXPECT (a, "apple", 5)
2375
2376 OP_C_SHUTDOWN_WAIT (NULL, 0)
2377 OP_C_EXPECT_CONN_CLOSE_INFO(0, 1, 0)
2378 OP_S_EXPECT_CONN_CLOSE_INFO(0, 1, 1)
2379
2380 OP_END
2381 };
2382
2383 /* 11. Many threads accepted on the same client connection */
2384 static const struct script_op script_11_child[] = {
2385 OP_C_ACCEPT_STREAM_WAIT (a)
2386 OP_C_READ_EXPECT (a, "foo", 3)
2387 OP_SLEEP (10)
2388 OP_C_EXPECT_FIN (a)
2389
2390 OP_END
2391 };
2392
2393 static const struct script_op script_11[] = {
2394 OP_C_SET_ALPN ("ossltest")
2395 OP_C_CONNECT_WAIT ()
2396 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
2397
2398 OP_NEW_THREAD (5, script_11_child)
2399
2400 OP_S_NEW_STREAM_BIDI (a, ANY_ID)
2401 OP_S_WRITE (a, "foo", 3)
2402 OP_S_CONCLUDE (a)
2403
2404 OP_S_NEW_STREAM_BIDI (b, ANY_ID)
2405 OP_S_WRITE (b, "foo", 3)
2406 OP_S_CONCLUDE (b)
2407
2408 OP_S_NEW_STREAM_BIDI (c, ANY_ID)
2409 OP_S_WRITE (c, "foo", 3)
2410 OP_S_CONCLUDE (c)
2411
2412 OP_S_NEW_STREAM_BIDI (d, ANY_ID)
2413 OP_S_WRITE (d, "foo", 3)
2414 OP_S_CONCLUDE (d)
2415
2416 OP_S_NEW_STREAM_BIDI (e, ANY_ID)
2417 OP_S_WRITE (e, "foo", 3)
2418 OP_S_CONCLUDE (e)
2419
2420 OP_END
2421 };
2422
2423 /* 12. Many threads initiated on the same client connection */
2424 static const struct script_op script_12_child[] = {
2425 OP_C_NEW_STREAM_BIDI (a, ANY_ID)
2426 OP_C_WRITE (a, "foo", 3)
2427 OP_C_CONCLUDE (a)
2428 OP_C_FREE_STREAM (a)
2429
2430 OP_END
2431 };
2432
2433 static const struct script_op script_12[] = {
2434 OP_C_SET_ALPN ("ossltest")
2435 OP_C_CONNECT_WAIT ()
2436 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
2437
2438 OP_NEW_THREAD (5, script_12_child)
2439
2440 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
2441 OP_S_READ_EXPECT (a, "foo", 3)
2442 OP_S_EXPECT_FIN (a)
2443 OP_S_BIND_STREAM_ID (b, C_BIDI_ID(1))
2444 OP_S_READ_EXPECT (b, "foo", 3)
2445 OP_S_EXPECT_FIN (b)
2446 OP_S_BIND_STREAM_ID (c, C_BIDI_ID(2))
2447 OP_S_READ_EXPECT (c, "foo", 3)
2448 OP_S_EXPECT_FIN (c)
2449 OP_S_BIND_STREAM_ID (d, C_BIDI_ID(3))
2450 OP_S_READ_EXPECT (d, "foo", 3)
2451 OP_S_EXPECT_FIN (d)
2452 OP_S_BIND_STREAM_ID (e, C_BIDI_ID(4))
2453 OP_S_READ_EXPECT (e, "foo", 3)
2454 OP_S_EXPECT_FIN (e)
2455
2456 OP_END
2457 };
2458
2459 /* 13. Many threads accepted on the same client connection (stress test) */
2460 static const struct script_op script_13_child[] = {
2461 OP_BEGIN_REPEAT (10)
2462
2463 OP_C_ACCEPT_STREAM_WAIT (a)
2464 OP_C_READ_EXPECT (a, "foo", 3)
2465 OP_C_EXPECT_FIN (a)
2466 OP_C_FREE_STREAM (a)
2467
2468 OP_END_REPEAT ()
2469
2470 OP_END
2471 };
2472
2473 static const struct script_op script_13[] = {
2474 OP_C_SET_ALPN ("ossltest")
2475 OP_C_CONNECT_WAIT ()
2476 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
2477
2478 OP_NEW_THREAD (5, script_13_child)
2479
2480 OP_BEGIN_REPEAT (50)
2481
2482 OP_S_NEW_STREAM_BIDI (a, ANY_ID)
2483 OP_S_WRITE (a, "foo", 3)
2484 OP_S_CONCLUDE (a)
2485 OP_S_UNBIND_STREAM_ID (a)
2486
2487 OP_END_REPEAT ()
2488
2489 OP_END
2490 };
2491
2492 /* 14. Many threads initiating on the same client connection (stress test) */
2493 static const struct script_op script_14_child[] = {
2494 OP_BEGIN_REPEAT (10)
2495
2496 OP_C_NEW_STREAM_BIDI (a, ANY_ID)
2497 OP_C_WRITE (a, "foo", 3)
2498 OP_C_CONCLUDE (a)
2499 OP_C_FREE_STREAM (a)
2500
2501 OP_END_REPEAT ()
2502
2503 OP_END
2504 };
2505
2506 static const struct script_op script_14[] = {
2507 OP_C_SET_ALPN ("ossltest")
2508 OP_C_CONNECT_WAIT ()
2509 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
2510
2511 OP_NEW_THREAD (5, script_14_child)
2512
2513 OP_BEGIN_REPEAT (50)
2514
2515 OP_S_ACCEPT_STREAM_WAIT (a)
2516 OP_S_READ_EXPECT (a, "foo", 3)
2517 OP_S_EXPECT_FIN (a)
2518 OP_S_UNBIND_STREAM_ID (a)
2519
2520 OP_END_REPEAT ()
2521
2522 OP_END
2523 };
2524
2525 /* 15. Client sending large number of streams, MAX_STREAMS test */
2526 static const struct script_op script_15[] = {
2527 OP_C_SET_ALPN ("ossltest")
2528 OP_C_CONNECT_WAIT ()
2529 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
2530
2531 /*
2532 * This will cause a protocol violation to be raised by the server if we are
2533 * not handling the stream limit correctly on the TX side.
2534 */
2535 OP_BEGIN_REPEAT (200)
2536
2537 OP_C_NEW_STREAM_BIDI_EX (a, ANY_ID, SSL_STREAM_FLAG_ADVANCE)
2538 OP_C_WRITE (a, "foo", 3)
2539 OP_C_CONCLUDE (a)
2540 OP_C_FREE_STREAM (a)
2541
2542 OP_END_REPEAT ()
2543
2544 /* Prove the connection is still good. */
2545 OP_S_NEW_STREAM_BIDI (a, S_BIDI_ID(0))
2546 OP_S_WRITE (a, "bar", 3)
2547 OP_S_CONCLUDE (a)
2548
2549 OP_C_ACCEPT_STREAM_WAIT (a)
2550 OP_C_READ_EXPECT (a, "bar", 3)
2551 OP_C_EXPECT_FIN (a)
2552
2553 /*
2554 * Drain the queue of incoming streams. We should be able to get all 200
2555 * even though only 100 can be initiated at a time.
2556 */
2557 OP_BEGIN_REPEAT (200)
2558
2559 OP_S_ACCEPT_STREAM_WAIT (b)
2560 OP_S_READ_EXPECT (b, "foo", 3)
2561 OP_S_EXPECT_FIN (b)
2562 OP_S_UNBIND_STREAM_ID (b)
2563
2564 OP_END_REPEAT ()
2565
2566 OP_END
2567 };
2568
2569 /* 16. Server sending large number of streams, MAX_STREAMS test */
2570 static const struct script_op script_16[] = {
2571 OP_C_SET_ALPN ("ossltest")
2572 OP_C_CONNECT_WAIT ()
2573 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
2574
2575 /*
2576 * This will cause a protocol violation to be raised by the client if we are
2577 * not handling the stream limit correctly on the TX side.
2578 */
2579 OP_BEGIN_REPEAT (200)
2580
2581 OP_S_NEW_STREAM_BIDI (a, ANY_ID)
2582 OP_S_WRITE (a, "foo", 3)
2583 OP_S_CONCLUDE (a)
2584 OP_S_UNBIND_STREAM_ID (a)
2585
2586 OP_END_REPEAT ()
2587
2588 /* Prove that the connection is still good. */
2589 OP_C_NEW_STREAM_BIDI (a, ANY_ID)
2590 OP_C_WRITE (a, "bar", 3)
2591 OP_C_CONCLUDE (a)
2592
2593 OP_S_ACCEPT_STREAM_WAIT (b)
2594 OP_S_READ_EXPECT (b, "bar", 3)
2595 OP_S_EXPECT_FIN (b)
2596
2597 /* Drain the queue of incoming streams. */
2598 OP_BEGIN_REPEAT (200)
2599
2600 OP_C_ACCEPT_STREAM_WAIT (b)
2601 OP_C_READ_EXPECT (b, "foo", 3)
2602 OP_C_EXPECT_FIN (b)
2603 OP_C_FREE_STREAM (b)
2604
2605 OP_END_REPEAT ()
2606
2607 OP_END
2608 };
2609
2610 /* 17. Key update test - unlimited */
2611 static const struct script_op script_17[] = {
2612 OP_C_SET_ALPN ("ossltest")
2613 OP_C_CONNECT_WAIT ()
2614
2615 OP_C_WRITE (DEFAULT, "apple", 5)
2616
2617 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
2618 OP_S_READ_EXPECT (a, "apple", 5)
2619
2620 OP_CHECK (override_key_update, 1)
2621
2622 OP_BEGIN_REPEAT (200)
2623
2624 OP_C_WRITE (DEFAULT, "apple", 5)
2625 OP_S_READ_EXPECT (a, "apple", 5)
2626
2627 /*
2628 * TXKU frequency is bounded by RTT because a previous TXKU needs to be
2629 * acknowledged by the peer first before another one can be begin. By
2630 * waiting this long, we eliminate any such concern and ensure as many key
2631 * updates as possible can occur for the purposes of this test.
2632 */
2633 OP_CHECK (skip_time_ms, 100)
2634
2635 OP_END_REPEAT ()
2636
2637 /* At least 5 RXKUs detected */
2638 OP_CHECK (check_key_update_ge, 5)
2639
2640 /*
2641 * Prove the connection is still healthy by sending something in both
2642 * directions.
2643 */
2644 OP_C_WRITE (DEFAULT, "xyzzy", 5)
2645 OP_S_READ_EXPECT (a, "xyzzy", 5)
2646
2647 OP_S_WRITE (a, "plugh", 5)
2648 OP_C_READ_EXPECT (DEFAULT, "plugh", 5)
2649
2650 OP_END
2651 };
2652
2653 /* 18. Key update test - RTT-bounded */
2654 static const struct script_op script_18[] = {
2655 OP_C_SET_ALPN ("ossltest")
2656 OP_C_CONNECT_WAIT ()
2657
2658 OP_C_WRITE (DEFAULT, "apple", 5)
2659
2660 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
2661 OP_S_READ_EXPECT (a, "apple", 5)
2662
2663 OP_CHECK (override_key_update, 1)
2664
2665 OP_BEGIN_REPEAT (200)
2666
2667 OP_C_WRITE (DEFAULT, "apple", 5)
2668 OP_S_READ_EXPECT (a, "apple", 5)
2669 OP_CHECK (skip_time_ms, 8)
2670
2671 OP_END_REPEAT ()
2672
2673 /*
2674 * This time we simulate far less time passing between writes, so there are
2675 * fewer opportunities to initiate TXKUs. Note that we ask for a TXKU every
2676 * 1 packet above, which is absurd; thus this ensures we only actually
2677 * generate TXKUs when we are allowed to.
2678 */
2679 OP_CHECK (check_key_update_lt, 240)
2680
2681 /*
2682 * Prove the connection is still healthy by sending something in both
2683 * directions.
2684 */
2685 OP_C_WRITE (DEFAULT, "xyzzy", 5)
2686 OP_S_READ_EXPECT (a, "xyzzy", 5)
2687
2688 OP_S_WRITE (a, "plugh", 5)
2689 OP_C_READ_EXPECT (DEFAULT, "plugh", 5)
2690
2691 OP_END
2692 };
2693
2694 /* 19. Key update test - artificially triggered */
2695 static const struct script_op script_19[] = {
2696 OP_C_SET_ALPN ("ossltest")
2697 OP_C_CONNECT_WAIT ()
2698
2699 OP_C_WRITE (DEFAULT, "apple", 5)
2700
2701 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
2702 OP_S_READ_EXPECT (a, "apple", 5)
2703
2704 OP_C_WRITE (DEFAULT, "orange", 6)
2705 OP_S_READ_EXPECT (a, "orange", 6)
2706
2707 OP_S_WRITE (a, "strawberry", 10)
2708 OP_C_READ_EXPECT (DEFAULT, "strawberry", 10)
2709
2710 OP_CHECK (check_key_update_lt, 1)
2711 OP_CHECK (trigger_key_update, 0)
2712
2713 OP_C_WRITE (DEFAULT, "orange", 6)
2714 OP_S_READ_EXPECT (a, "orange", 6)
2715 OP_S_WRITE (a, "ok", 2)
2716
2717 OP_C_READ_EXPECT (DEFAULT, "ok", 2)
2718 OP_CHECK (check_key_update_ge, 1)
2719
2720 OP_END
2721 };
2722
2723 /* 20. Multiple threads accept stream with socket forcibly closed (error test) */
script_20_trigger(struct helper * h,volatile uint64_t * counter)2724 static int script_20_trigger(struct helper *h, volatile uint64_t *counter)
2725 {
2726 #if defined(OPENSSL_THREADS)
2727 ossl_crypto_mutex_lock(h->misc_m);
2728 ++*counter;
2729 ossl_crypto_condvar_broadcast(h->misc_cv);
2730 ossl_crypto_mutex_unlock(h->misc_m);
2731 #endif
2732 return 1;
2733 }
2734
script_20_wait(struct helper * h,volatile uint64_t * counter,uint64_t threshold)2735 static int script_20_wait(struct helper *h, volatile uint64_t *counter, uint64_t threshold)
2736 {
2737 #if defined(OPENSSL_THREADS)
2738 int stop = 0;
2739
2740 ossl_crypto_mutex_lock(h->misc_m);
2741 while (!stop) {
2742 stop = (*counter >= threshold);
2743 if (stop)
2744 break;
2745
2746 ossl_crypto_condvar_wait(h->misc_cv, h->misc_m);
2747 }
2748
2749 ossl_crypto_mutex_unlock(h->misc_m);
2750 #endif
2751 return 1;
2752 }
2753
script_20_trigger1(struct helper * h,struct helper_local * hl)2754 static int script_20_trigger1(struct helper *h, struct helper_local *hl)
2755 {
2756 return script_20_trigger(h, &h->scratch0);
2757 }
2758
script_20_wait1(struct helper * h,struct helper_local * hl)2759 static int script_20_wait1(struct helper *h, struct helper_local *hl)
2760 {
2761 return script_20_wait(h, &h->scratch0, hl->check_op->arg2);
2762 }
2763
script_20_trigger2(struct helper * h,struct helper_local * hl)2764 static int script_20_trigger2(struct helper *h, struct helper_local *hl)
2765 {
2766 return script_20_trigger(h, &h->scratch1);
2767 }
2768
script_20_wait2(struct helper * h,struct helper_local * hl)2769 static int script_20_wait2(struct helper *h, struct helper_local *hl)
2770 {
2771 return script_20_wait(h, &h->scratch1, hl->check_op->arg2);
2772 }
2773
2774 static const struct script_op script_20_child[] = {
2775 OP_C_ACCEPT_STREAM_WAIT (a)
2776 OP_C_READ_EXPECT (a, "foo", 3)
2777
2778 OP_CHECK (script_20_trigger1, 0)
2779 OP_CHECK (script_20_wait2, 1)
2780
2781 OP_C_READ_FAIL_WAIT (a)
2782 OP_C_EXPECT_SSL_ERR (a, SSL_ERROR_SYSCALL)
2783
2784 OP_EXPECT_ERR_LIB (ERR_LIB_SSL)
2785 OP_EXPECT_ERR_REASON (SSL_R_PROTOCOL_IS_SHUTDOWN)
2786
2787 OP_POP_ERR ()
2788 OP_EXPECT_ERR_LIB (ERR_LIB_SSL)
2789 OP_EXPECT_ERR_REASON (SSL_R_QUIC_NETWORK_ERROR)
2790
2791 OP_C_FREE_STREAM (a)
2792
2793 OP_END
2794 };
2795
2796 static const struct script_op script_20[] = {
2797 OP_C_SET_ALPN ("ossltest")
2798 OP_C_CONNECT_WAIT ()
2799 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
2800
2801 OP_NEW_THREAD (5, script_20_child)
2802
2803 OP_BEGIN_REPEAT (5)
2804
2805 OP_S_NEW_STREAM_BIDI (a, ANY_ID)
2806 OP_S_WRITE (a, "foo", 3)
2807 OP_S_UNBIND_STREAM_ID (a)
2808
2809 OP_END_REPEAT ()
2810
2811 OP_CHECK (script_20_wait1, 5)
2812
2813 OP_C_CLOSE_SOCKET ()
2814 OP_CHECK (script_20_trigger2, 0)
2815
2816 OP_END
2817 };
2818
2819 /* 21. Fault injection - unknown frame in 1-RTT packet */
script_21_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)2820 static int script_21_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
2821 unsigned char *buf, size_t len)
2822 {
2823 int ok = 0;
2824 WPACKET wpkt;
2825 unsigned char frame_buf[8];
2826 size_t written;
2827
2828 if (h->inject_word0 == 0 || hdr->type != h->inject_word0)
2829 return 1;
2830
2831 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
2832 sizeof(frame_buf), 0)))
2833 return 0;
2834
2835 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word1)))
2836 goto err;
2837
2838 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
2839 goto err;
2840
2841 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
2842 goto err;
2843
2844 ok = 1;
2845 err:
2846 if (ok)
2847 WPACKET_finish(&wpkt);
2848 else
2849 WPACKET_cleanup(&wpkt);
2850 return ok;
2851 }
2852
2853 static const struct script_op script_21[] = {
2854 OP_S_SET_INJECT_PLAIN (script_21_inject_plain)
2855 OP_C_SET_ALPN ("ossltest")
2856 OP_C_CONNECT_WAIT ()
2857
2858 OP_C_WRITE (DEFAULT, "apple", 5)
2859 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
2860 OP_S_READ_EXPECT (a, "apple", 5)
2861
2862 OP_SET_INJECT_WORD (QUIC_PKT_TYPE_1RTT, OSSL_QUIC_VLINT_MAX)
2863
2864 OP_S_WRITE (a, "orange", 6)
2865
2866 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0)
2867
2868 OP_END
2869 };
2870
2871 /* 22. Fault injection - non-zero packet header reserved bits */
script_22_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)2872 static int script_22_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
2873 unsigned char *buf, size_t len)
2874 {
2875 if (h->inject_word0 == 0)
2876 return 1;
2877
2878 hdr->reserved = 1;
2879 return 1;
2880 }
2881
2882 static const struct script_op script_22[] = {
2883 OP_S_SET_INJECT_PLAIN (script_22_inject_plain)
2884 OP_C_SET_ALPN ("ossltest")
2885 OP_C_CONNECT_WAIT ()
2886
2887 OP_C_WRITE (DEFAULT, "apple", 5)
2888 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
2889 OP_S_READ_EXPECT (a, "apple", 5)
2890
2891 OP_SET_INJECT_WORD (1, 0)
2892
2893 OP_S_WRITE (a, "orange", 6)
2894
2895 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_PROTOCOL_VIOLATION,0,0)
2896
2897 OP_END
2898 };
2899
2900 /* 23. Fault injection - empty NEW_TOKEN */
script_23_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)2901 static int script_23_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
2902 unsigned char *buf, size_t len)
2903 {
2904 int ok = 0;
2905 WPACKET wpkt;
2906 unsigned char frame_buf[16];
2907 size_t written;
2908
2909 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT)
2910 return 1;
2911
2912 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
2913 sizeof(frame_buf), 0)))
2914 return 0;
2915
2916 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_FRAME_TYPE_NEW_TOKEN))
2917 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, 0)))
2918 goto err;
2919
2920 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
2921 goto err;
2922
2923 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
2924 goto err;
2925
2926 ok = 1;
2927 err:
2928 if (ok)
2929 WPACKET_finish(&wpkt);
2930 else
2931 WPACKET_cleanup(&wpkt);
2932 return ok;
2933 }
2934
2935 static const struct script_op script_23[] = {
2936 OP_S_SET_INJECT_PLAIN (script_23_inject_plain)
2937 OP_C_SET_ALPN ("ossltest")
2938 OP_C_CONNECT_WAIT ()
2939
2940 OP_C_WRITE (DEFAULT, "apple", 5)
2941 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
2942 OP_S_READ_EXPECT (a, "apple", 5)
2943
2944 OP_SET_INJECT_WORD (1, 0)
2945
2946 OP_S_WRITE (a, "orange", 6)
2947
2948 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0)
2949
2950 OP_END
2951 };
2952
2953 /* 24. Fault injection - excess value of MAX_STREAMS_BIDI */
script_24_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)2954 static int script_24_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
2955 unsigned char *buf, size_t len)
2956 {
2957 int ok = 0;
2958 WPACKET wpkt;
2959 unsigned char frame_buf[16];
2960 size_t written;
2961
2962 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT)
2963 return 1;
2964
2965 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
2966 sizeof(frame_buf), 0)))
2967 return 0;
2968
2969 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word1))
2970 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, (((uint64_t)1) << 60) + 1)))
2971 goto err;
2972
2973 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
2974 goto err;
2975
2976 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
2977 goto err;
2978
2979 ok = 1;
2980 err:
2981 if (ok)
2982 WPACKET_finish(&wpkt);
2983 else
2984 WPACKET_cleanup(&wpkt);
2985 return ok;
2986 }
2987
2988 static const struct script_op script_24[] = {
2989 OP_S_SET_INJECT_PLAIN (script_24_inject_plain)
2990 OP_C_SET_ALPN ("ossltest")
2991 OP_C_CONNECT_WAIT ()
2992
2993 OP_C_WRITE (DEFAULT, "apple", 5)
2994 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
2995 OP_S_READ_EXPECT (a, "apple", 5)
2996
2997 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_BIDI)
2998
2999 OP_S_WRITE (a, "orange", 6)
3000
3001 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0)
3002
3003 OP_END
3004 };
3005
3006 /* 25. Fault injection - excess value of MAX_STREAMS_UNI */
3007 static const struct script_op script_25[] = {
3008 OP_S_SET_INJECT_PLAIN (script_24_inject_plain)
3009 OP_C_SET_ALPN ("ossltest")
3010 OP_C_CONNECT_WAIT ()
3011
3012 OP_C_WRITE (DEFAULT, "apple", 5)
3013 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3014 OP_S_READ_EXPECT (a, "apple", 5)
3015
3016 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_UNI)
3017
3018 OP_S_WRITE (a, "orange", 6)
3019
3020 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0)
3021
3022 OP_END
3023 };
3024
3025 /* 26. Fault injection - excess value of STREAMS_BLOCKED_BIDI */
3026 static const struct script_op script_26[] = {
3027 OP_S_SET_INJECT_PLAIN (script_24_inject_plain)
3028 OP_C_SET_ALPN ("ossltest")
3029 OP_C_CONNECT_WAIT ()
3030
3031 OP_C_WRITE (DEFAULT, "apple", 5)
3032 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3033 OP_S_READ_EXPECT (a, "apple", 5)
3034
3035 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_BIDI)
3036
3037 OP_S_WRITE (a, "orange", 6)
3038
3039 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_LIMIT_ERROR,0,0)
3040
3041 OP_END
3042 };
3043
3044 /* 27. Fault injection - excess value of STREAMS_BLOCKED_UNI */
3045 static const struct script_op script_27[] = {
3046 OP_S_SET_INJECT_PLAIN (script_24_inject_plain)
3047 OP_C_SET_ALPN ("ossltest")
3048 OP_C_CONNECT_WAIT ()
3049
3050 OP_C_WRITE (DEFAULT, "apple", 5)
3051 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3052 OP_S_READ_EXPECT (a, "apple", 5)
3053
3054 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_UNI)
3055
3056 OP_S_WRITE (a, "orange", 6)
3057
3058 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_LIMIT_ERROR,0,0)
3059
3060 OP_END
3061 };
3062
3063 /* 28. Fault injection - received RESET_STREAM for send-only stream */
script_28_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)3064 static int script_28_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
3065 unsigned char *buf, size_t len)
3066 {
3067 int ok = 0;
3068 WPACKET wpkt;
3069 unsigned char frame_buf[32];
3070 size_t written;
3071
3072 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT)
3073 return 1;
3074
3075 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
3076 sizeof(frame_buf), 0)))
3077 return 0;
3078
3079 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word1))
3080 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, /* stream ID */
3081 h->inject_word0 - 1))
3082 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, 123))
3083 || (h->inject_word1 == OSSL_QUIC_FRAME_TYPE_RESET_STREAM
3084 && !TEST_true(WPACKET_quic_write_vlint(&wpkt, 5)))) /* final size */
3085 goto err;
3086
3087 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
3088 goto err;
3089
3090 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
3091 goto err;
3092
3093 ok = 1;
3094 err:
3095 if (ok)
3096 WPACKET_finish(&wpkt);
3097 else
3098 WPACKET_cleanup(&wpkt);
3099 return ok;
3100 }
3101
3102 static const struct script_op script_28[] = {
3103 OP_S_SET_INJECT_PLAIN (script_28_inject_plain)
3104 OP_C_SET_ALPN ("ossltest")
3105 OP_C_CONNECT_WAIT ()
3106 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3107
3108 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
3109 OP_C_WRITE (a, "orange", 6)
3110
3111 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3112 OP_S_READ_EXPECT (a, "orange", 6)
3113
3114 OP_C_NEW_STREAM_UNI (b, C_UNI_ID(0))
3115 OP_C_WRITE (b, "apple", 5)
3116
3117 OP_S_BIND_STREAM_ID (b, C_UNI_ID(0))
3118 OP_S_READ_EXPECT (b, "apple", 5)
3119
3120 OP_SET_INJECT_WORD (C_UNI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_RESET_STREAM)
3121 OP_S_WRITE (a, "fruit", 5)
3122
3123 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR,0,0)
3124
3125 OP_END
3126 };
3127
3128 /* 29. Fault injection - received RESET_STREAM for nonexistent send-only stream */
3129 static const struct script_op script_29[] = {
3130 OP_S_SET_INJECT_PLAIN (script_28_inject_plain)
3131 OP_C_SET_ALPN ("ossltest")
3132 OP_C_CONNECT_WAIT ()
3133 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3134
3135 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
3136 OP_C_WRITE (a, "orange", 6)
3137
3138 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3139 OP_S_READ_EXPECT (a, "orange", 6)
3140
3141 OP_C_NEW_STREAM_UNI (b, C_UNI_ID(0))
3142 OP_C_WRITE (b, "apple", 5)
3143
3144 OP_S_BIND_STREAM_ID (b, C_UNI_ID(0))
3145 OP_S_READ_EXPECT (b, "apple", 5)
3146
3147 OP_SET_INJECT_WORD (C_UNI_ID(1) + 1, OSSL_QUIC_FRAME_TYPE_RESET_STREAM)
3148 OP_S_WRITE (a, "fruit", 5)
3149
3150 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR,0,0)
3151
3152 OP_END
3153 };
3154
3155 /* 30. Fault injection - received STOP_SENDING for receive-only stream */
3156 static const struct script_op script_30[] = {
3157 OP_S_SET_INJECT_PLAIN (script_28_inject_plain)
3158 OP_C_SET_ALPN ("ossltest")
3159 OP_C_CONNECT_WAIT ()
3160 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3161
3162 OP_S_NEW_STREAM_UNI (a, S_UNI_ID(0))
3163 OP_S_WRITE (a, "apple", 5)
3164
3165 OP_C_ACCEPT_STREAM_WAIT (a)
3166 OP_C_READ_EXPECT (a, "apple", 5)
3167
3168 OP_SET_INJECT_WORD (S_UNI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_STOP_SENDING)
3169 OP_S_WRITE (a, "orange", 6)
3170
3171 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR,0,0)
3172
3173 OP_END
3174 };
3175
3176 /* 31. Fault injection - received STOP_SENDING for nonexistent receive-only stream */
3177 static const struct script_op script_31[] = {
3178 OP_S_SET_INJECT_PLAIN (script_28_inject_plain)
3179 OP_C_SET_ALPN ("ossltest")
3180 OP_C_CONNECT_WAIT ()
3181 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3182
3183 OP_S_NEW_STREAM_UNI (a, S_UNI_ID(0))
3184 OP_S_WRITE (a, "apple", 5)
3185
3186 OP_C_ACCEPT_STREAM_WAIT (a)
3187 OP_C_READ_EXPECT (a, "apple", 5)
3188
3189 OP_SET_INJECT_WORD (C_UNI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_STOP_SENDING)
3190 OP_S_WRITE (a, "orange", 6)
3191
3192 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR,0,0)
3193
3194 OP_END
3195 };
3196
3197 /* 32. Fault injection - STREAM frame for nonexistent stream */
script_32_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)3198 static int script_32_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
3199 unsigned char *buf, size_t len)
3200 {
3201 int ok = 0;
3202 WPACKET wpkt;
3203 unsigned char frame_buf[64];
3204 size_t written;
3205 uint64_t type = OSSL_QUIC_FRAME_TYPE_STREAM_OFF_LEN, offset, flen, i;
3206
3207 if (hdr->type != QUIC_PKT_TYPE_1RTT)
3208 return 1;
3209
3210 switch (h->inject_word1) {
3211 default:
3212 return 0;
3213 case 0:
3214 return 1;
3215 case 1:
3216 offset = 0;
3217 flen = 0;
3218 break;
3219 case 2:
3220 offset = (((uint64_t)1)<<62) - 1;
3221 flen = 5;
3222 break;
3223 case 3:
3224 offset = 1 * 1024 * 1024 * 1024; /* 1G */
3225 flen = 5;
3226 break;
3227 case 4:
3228 offset = 0;
3229 flen = 1;
3230 break;
3231 }
3232
3233 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
3234 sizeof(frame_buf), 0)))
3235 return 0;
3236
3237 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, type))
3238 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, /* stream ID */
3239 h->inject_word0 - 1))
3240 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, offset))
3241 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, flen)))
3242 goto err;
3243
3244 for (i = 0; i < flen; ++i)
3245 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x42)))
3246 goto err;
3247
3248 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
3249 goto err;
3250
3251 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
3252 goto err;
3253
3254 ok = 1;
3255 err:
3256 if (ok)
3257 WPACKET_finish(&wpkt);
3258 else
3259 WPACKET_cleanup(&wpkt);
3260 return ok;
3261 }
3262
3263 static const struct script_op script_32[] = {
3264 OP_S_SET_INJECT_PLAIN (script_32_inject_plain)
3265 OP_C_SET_ALPN ("ossltest")
3266 OP_C_CONNECT_WAIT ()
3267 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3268
3269 OP_S_NEW_STREAM_UNI (a, S_UNI_ID(0))
3270 OP_S_WRITE (a, "apple", 5)
3271
3272 OP_C_ACCEPT_STREAM_WAIT (a)
3273 OP_C_READ_EXPECT (a, "apple", 5)
3274
3275 OP_SET_INJECT_WORD (C_UNI_ID(0) + 1, 1)
3276 OP_S_WRITE (a, "orange", 6)
3277
3278 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR,0,0)
3279
3280 OP_END
3281 };
3282
3283 /* 33. Fault injection - STREAM frame with illegal offset */
3284 static const struct script_op script_33[] = {
3285 OP_S_SET_INJECT_PLAIN (script_32_inject_plain)
3286 OP_C_SET_ALPN ("ossltest")
3287 OP_C_CONNECT_WAIT ()
3288 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3289
3290 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
3291 OP_C_WRITE (a, "apple", 5)
3292
3293 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3294 OP_S_READ_EXPECT (a, "apple", 5)
3295
3296 OP_SET_INJECT_WORD (C_BIDI_ID(0) + 1, 2)
3297 OP_S_WRITE (a, "orange", 6)
3298
3299 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0)
3300
3301 OP_END
3302 };
3303
3304 /* 34. Fault injection - STREAM frame which exceeds FC */
3305 static const struct script_op script_34[] = {
3306 OP_S_SET_INJECT_PLAIN (script_32_inject_plain)
3307 OP_C_SET_ALPN ("ossltest")
3308 OP_C_CONNECT_WAIT ()
3309 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3310
3311 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
3312 OP_C_WRITE (a, "apple", 5)
3313
3314 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3315 OP_S_READ_EXPECT (a, "apple", 5)
3316
3317 OP_SET_INJECT_WORD (C_BIDI_ID(0) + 1, 3)
3318 OP_S_WRITE (a, "orange", 6)
3319
3320 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FLOW_CONTROL_ERROR,0,0)
3321
3322 OP_END
3323 };
3324
3325 /* 35. Fault injection - MAX_STREAM_DATA for receive-only stream */
3326 static const struct script_op script_35[] = {
3327 OP_S_SET_INJECT_PLAIN (script_28_inject_plain)
3328 OP_C_SET_ALPN ("ossltest")
3329 OP_C_CONNECT_WAIT ()
3330 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3331
3332 OP_S_NEW_STREAM_UNI (a, S_UNI_ID(0))
3333 OP_S_WRITE (a, "apple", 5)
3334
3335 OP_C_ACCEPT_STREAM_WAIT (a)
3336 OP_C_READ_EXPECT (a, "apple", 5)
3337
3338 OP_SET_INJECT_WORD (S_UNI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA)
3339 OP_S_WRITE (a, "orange", 6)
3340
3341 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR,0,0)
3342
3343 OP_END
3344 };
3345
3346 /* 36. Fault injection - MAX_STREAM_DATA for nonexistent stream */
3347 static const struct script_op script_36[] = {
3348 OP_S_SET_INJECT_PLAIN (script_28_inject_plain)
3349 OP_C_SET_ALPN ("ossltest")
3350 OP_C_CONNECT_WAIT ()
3351 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3352
3353 OP_S_NEW_STREAM_UNI (a, S_UNI_ID(0))
3354 OP_S_WRITE (a, "apple", 5)
3355
3356 OP_C_ACCEPT_STREAM_WAIT (a)
3357 OP_C_READ_EXPECT (a, "apple", 5)
3358
3359 OP_SET_INJECT_WORD (C_BIDI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA)
3360 OP_S_WRITE (a, "orange", 6)
3361
3362 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR,0,0)
3363
3364 OP_END
3365 };
3366
3367 /* 37. Fault injection - STREAM_DATA_BLOCKED for send-only stream */
3368 static const struct script_op script_37[] = {
3369 OP_S_SET_INJECT_PLAIN (script_28_inject_plain)
3370 OP_C_SET_ALPN ("ossltest")
3371 OP_C_CONNECT_WAIT ()
3372 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3373
3374 OP_C_NEW_STREAM_UNI (a, C_UNI_ID(0))
3375 OP_C_WRITE (a, "apple", 5)
3376
3377 OP_S_BIND_STREAM_ID (a, C_UNI_ID(0))
3378 OP_S_READ_EXPECT (a, "apple", 5)
3379
3380 OP_S_NEW_STREAM_UNI (b, S_UNI_ID(0))
3381 OP_SET_INJECT_WORD (C_UNI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED)
3382 OP_S_WRITE (b, "orange", 5)
3383
3384 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR,0,0)
3385
3386 OP_END
3387 };
3388
3389 /* 38. Fault injection - STREAM_DATA_BLOCKED for non-existent stream */
3390 static const struct script_op script_38[] = {
3391 OP_S_SET_INJECT_PLAIN (script_28_inject_plain)
3392 OP_C_SET_ALPN ("ossltest")
3393 OP_C_CONNECT_WAIT ()
3394 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3395
3396 OP_C_NEW_STREAM_UNI (a, C_UNI_ID(0))
3397 OP_C_WRITE (a, "apple", 5)
3398
3399 OP_S_BIND_STREAM_ID (a, C_UNI_ID(0))
3400 OP_S_READ_EXPECT (a, "apple", 5)
3401
3402 OP_SET_INJECT_WORD (C_BIDI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED)
3403
3404 OP_S_NEW_STREAM_UNI (b, S_UNI_ID(0))
3405 OP_S_WRITE (b, "orange", 5)
3406
3407 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR,0,0)
3408
3409 OP_END
3410 };
3411
3412 /* 39. Fault injection - NEW_CONN_ID with zero-len CID */
script_39_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)3413 static int script_39_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
3414 unsigned char *buf, size_t len)
3415 {
3416 int ok = 0;
3417 WPACKET wpkt;
3418 unsigned char frame_buf[64];
3419 size_t i, written;
3420 uint64_t seq_no = 0, retire_prior_to = 0;
3421 QUIC_CONN_ID new_cid = {0};
3422 QUIC_CHANNEL *ch = ossl_quic_tserver_get_channel(h->s_priv);
3423
3424 if (hdr->type != QUIC_PKT_TYPE_1RTT)
3425 return 1;
3426
3427 switch (h->inject_word1) {
3428 case 0:
3429 return 1;
3430 case 1:
3431 new_cid.id_len = 0;
3432 break;
3433 case 2:
3434 new_cid.id_len = 21;
3435 break;
3436 case 3:
3437 new_cid.id_len = 1;
3438 new_cid.id[0] = 0x55;
3439
3440 seq_no = 0;
3441 retire_prior_to = 1;
3442 break;
3443 case 4:
3444 /* Use our actual CID so we don't break connectivity. */
3445 ossl_quic_channel_get_diag_local_cid(ch, &new_cid);
3446
3447 seq_no = 2;
3448 retire_prior_to = 2;
3449 break;
3450 case 5:
3451 /*
3452 * Use a bogus CID which will need to be ignored if connectivity is to
3453 * be continued.
3454 */
3455 new_cid.id_len = 8;
3456 new_cid.id[0] = 0x55;
3457
3458 seq_no = 1;
3459 retire_prior_to = 1;
3460 break;
3461 }
3462
3463 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
3464 sizeof(frame_buf), 0)))
3465 return 0;
3466
3467 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID))
3468 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, seq_no)) /* seq no */
3469 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, retire_prior_to)) /* retire prior to */
3470 || !TEST_true(WPACKET_put_bytes_u8(&wpkt, new_cid.id_len))) /* len */
3471 goto err;
3472
3473 for (i = 0; i < new_cid.id_len && i < OSSL_NELEM(new_cid.id); ++i)
3474 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, new_cid.id[i])))
3475 goto err;
3476
3477 for (; i < new_cid.id_len; ++i)
3478 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x55)))
3479 goto err;
3480
3481 for (i = 0; i < QUIC_STATELESS_RESET_TOKEN_LEN; ++i)
3482 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x42)))
3483 goto err;
3484
3485 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
3486 goto err;
3487
3488 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
3489 goto err;
3490
3491 ok = 1;
3492 err:
3493 if (ok)
3494 WPACKET_finish(&wpkt);
3495 else
3496 WPACKET_cleanup(&wpkt);
3497 return ok;
3498 }
3499
3500 static const struct script_op script_39[] = {
3501 OP_S_SET_INJECT_PLAIN (script_39_inject_plain)
3502 OP_C_SET_ALPN ("ossltest")
3503 OP_C_CONNECT_WAIT ()
3504 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3505
3506 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
3507 OP_C_WRITE (a, "apple", 5)
3508 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3509 OP_S_READ_EXPECT (a, "apple", 5)
3510
3511 OP_SET_INJECT_WORD (0, 1)
3512 OP_S_WRITE (a, "orange", 5)
3513
3514 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0)
3515
3516 OP_END
3517 };
3518
3519 /* 40. Shutdown flush test */
3520 static const unsigned char script_40_data[1024] = "strawberry";
3521
3522 static const struct script_op script_40[] = {
3523 OP_C_SET_ALPN ("ossltest")
3524 OP_C_CONNECT_WAIT ()
3525 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3526
3527 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
3528 OP_C_WRITE (a, "apple", 5)
3529
3530 OP_C_INHIBIT_TICK (1)
3531 OP_C_SET_WRITE_BUF_SIZE (a, 1024 * 100 * 3)
3532
3533 OP_BEGIN_REPEAT (100)
3534
3535 OP_C_WRITE (a, script_40_data, sizeof(script_40_data))
3536
3537 OP_END_REPEAT ()
3538
3539 OP_C_CONCLUDE (a)
3540 OP_C_SHUTDOWN_WAIT (NULL, 0) /* disengages tick inhibition */
3541
3542 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3543 OP_S_READ_EXPECT (a, "apple", 5)
3544
3545 OP_BEGIN_REPEAT (100)
3546
3547 OP_S_READ_EXPECT (a, script_40_data, sizeof(script_40_data))
3548
3549 OP_END_REPEAT ()
3550
3551 OP_S_EXPECT_FIN (a)
3552
3553 OP_C_EXPECT_CONN_CLOSE_INFO(0, 1, 0)
3554 OP_S_EXPECT_CONN_CLOSE_INFO(0, 1, 1)
3555
3556 OP_END
3557 };
3558
3559 /* 41. Fault injection - PATH_CHALLENGE yields PATH_RESPONSE */
3560 static const uint64_t path_challenge = UINT64_C(0xbdeb9451169c83aa);
3561
script_41_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)3562 static int script_41_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
3563 unsigned char *buf, size_t len)
3564 {
3565 int ok = 0;
3566 WPACKET wpkt;
3567 unsigned char frame_buf[16];
3568 size_t written;
3569
3570 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT)
3571 return 1;
3572
3573 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
3574 sizeof(frame_buf), 0)))
3575 return 0;
3576
3577 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word1))
3578 || !TEST_true(WPACKET_put_bytes_u64(&wpkt, path_challenge)))
3579 goto err;
3580
3581 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written))
3582 || !TEST_size_t_eq(written, 9))
3583 goto err;
3584
3585 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
3586 goto err;
3587
3588 --h->inject_word0;
3589 ok = 1;
3590 err:
3591 if (ok)
3592 WPACKET_finish(&wpkt);
3593 else
3594 WPACKET_cleanup(&wpkt);
3595 return ok;
3596 }
3597
script_41_trace(int write_p,int version,int content_type,const void * buf,size_t len,SSL * ssl,void * arg)3598 static void script_41_trace(int write_p, int version, int content_type,
3599 const void *buf, size_t len, SSL *ssl, void *arg)
3600 {
3601 uint64_t frame_type, frame_data;
3602 int was_minimal;
3603 struct helper *h = arg;
3604 PACKET pkt;
3605
3606 if (version != OSSL_QUIC1_VERSION
3607 || content_type != SSL3_RT_QUIC_FRAME_FULL
3608 || len < 1)
3609 return;
3610
3611 if (!TEST_true(PACKET_buf_init(&pkt, buf, len))) {
3612 ++h->scratch1;
3613 return;
3614 }
3615
3616 if (!TEST_true(ossl_quic_wire_peek_frame_header(&pkt, &frame_type,
3617 &was_minimal))) {
3618 ++h->scratch1;
3619 return;
3620 }
3621
3622 if (frame_type != OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE)
3623 return;
3624
3625 if (!TEST_true(ossl_quic_wire_decode_frame_path_response(&pkt, &frame_data))
3626 || !TEST_uint64_t_eq(frame_data, path_challenge)) {
3627 ++h->scratch1;
3628 return;
3629 }
3630
3631 ++h->scratch0;
3632 }
3633
script_41_setup(struct helper * h,struct helper_local * hl)3634 static int script_41_setup(struct helper *h, struct helper_local *hl)
3635 {
3636 ossl_quic_tserver_set_msg_callback(ACQUIRE_S(), script_41_trace, h);
3637 return 1;
3638 }
3639
script_41_check(struct helper * h,struct helper_local * hl)3640 static int script_41_check(struct helper *h, struct helper_local *hl)
3641 {
3642 /* At least one valid challenge/response echo? */
3643 if (!TEST_uint64_t_gt(h->scratch0, 0))
3644 return 0;
3645
3646 /* No failed tests? */
3647 if (!TEST_uint64_t_eq(h->scratch1, 0))
3648 return 0;
3649
3650 return 1;
3651 }
3652
3653 static const struct script_op script_41[] = {
3654 OP_S_SET_INJECT_PLAIN (script_41_inject_plain)
3655 OP_C_SET_ALPN ("ossltest")
3656 OP_C_CONNECT_WAIT ()
3657 OP_CHECK (script_41_setup, 0)
3658
3659 OP_C_WRITE (DEFAULT, "apple", 5)
3660 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3661 OP_S_READ_EXPECT (a, "apple", 5)
3662
3663 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_PATH_CHALLENGE)
3664
3665 OP_S_WRITE (a, "orange", 6)
3666 OP_C_READ_EXPECT (DEFAULT, "orange", 6)
3667
3668 OP_C_WRITE (DEFAULT, "strawberry", 10)
3669 OP_S_READ_EXPECT (a, "strawberry", 10)
3670
3671 OP_CHECK (script_41_check, 0)
3672 OP_END
3673 };
3674
3675 /* 42. Fault injection - CRYPTO frame with illegal offset */
script_42_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)3676 static int script_42_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
3677 unsigned char *buf, size_t len)
3678 {
3679 int ok = 0;
3680 unsigned char frame_buf[64];
3681 size_t written;
3682 WPACKET wpkt;
3683
3684 if (h->inject_word0 == 0)
3685 return 1;
3686
3687 --h->inject_word0;
3688
3689 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
3690 sizeof(frame_buf), 0)))
3691 return 0;
3692
3693 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_FRAME_TYPE_CRYPTO))
3694 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word1))
3695 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, 1))
3696 || !TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x42)))
3697 goto err;
3698
3699 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
3700 goto err;
3701
3702 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
3703 goto err;
3704
3705 ok = 1;
3706 err:
3707 if (ok)
3708 WPACKET_finish(&wpkt);
3709 else
3710 WPACKET_cleanup(&wpkt);
3711 return ok;
3712 }
3713
3714 static const struct script_op script_42[] = {
3715 OP_S_SET_INJECT_PLAIN (script_42_inject_plain)
3716 OP_C_SET_ALPN ("ossltest")
3717 OP_C_CONNECT_WAIT ()
3718 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3719
3720 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
3721 OP_C_WRITE (a, "apple", 5)
3722
3723 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3724 OP_S_READ_EXPECT (a, "apple", 5)
3725
3726 OP_SET_INJECT_WORD (1, (((uint64_t)1) << 62) - 1)
3727 OP_S_WRITE (a, "orange", 6)
3728
3729 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0)
3730
3731 OP_END
3732 };
3733
3734 /* 43. Fault injection - CRYPTO frame exceeding FC */
3735 static const struct script_op script_43[] = {
3736 OP_S_SET_INJECT_PLAIN (script_42_inject_plain)
3737 OP_C_SET_ALPN ("ossltest")
3738 OP_C_CONNECT_WAIT ()
3739 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3740
3741 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
3742 OP_C_WRITE (a, "apple", 5)
3743
3744 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3745 OP_S_READ_EXPECT (a, "apple", 5)
3746
3747 OP_SET_INJECT_WORD (1, 0x100000 /* 1 MiB */)
3748 OP_S_WRITE (a, "orange", 6)
3749
3750 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_CRYPTO_BUFFER_EXCEEDED,0,0)
3751
3752 OP_END
3753 };
3754
3755 /* 44. Fault injection - PADDING */
script_44_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)3756 static int script_44_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
3757 unsigned char *buf, size_t len)
3758 {
3759 int ok = 0;
3760 WPACKET wpkt;
3761 unsigned char frame_buf[16];
3762 size_t written;
3763
3764 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT)
3765 return 1;
3766
3767 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
3768 sizeof(frame_buf), 0)))
3769 return 0;
3770
3771 if (!TEST_true(ossl_quic_wire_encode_padding(&wpkt, 1)))
3772 goto err;
3773
3774 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
3775 goto err;
3776
3777 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
3778 goto err;
3779
3780 ok = 1;
3781 err:
3782 if (ok)
3783 WPACKET_finish(&wpkt);
3784 else
3785 WPACKET_cleanup(&wpkt);
3786 return ok;
3787 }
3788
3789 static const struct script_op script_44[] = {
3790 OP_S_SET_INJECT_PLAIN (script_44_inject_plain)
3791 OP_C_SET_ALPN ("ossltest")
3792 OP_C_CONNECT_WAIT ()
3793
3794 OP_C_WRITE (DEFAULT, "apple", 5)
3795 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3796 OP_S_READ_EXPECT (a, "apple", 5)
3797
3798 OP_SET_INJECT_WORD (1, 0)
3799
3800 OP_S_WRITE (a, "Strawberry", 10)
3801 OP_C_READ_EXPECT (DEFAULT, "Strawberry", 10)
3802
3803 OP_END
3804 };
3805
3806 /* 45. PING must generate ACK */
force_ping(struct helper * h,struct helper_local * hl)3807 static int force_ping(struct helper *h, struct helper_local *hl)
3808 {
3809 QUIC_CHANNEL *ch = ossl_quic_tserver_get_channel(ACQUIRE_S());
3810
3811 h->scratch0 = ossl_quic_channel_get_diag_num_rx_ack(ch);
3812
3813 if (!TEST_true(ossl_quic_tserver_ping(ACQUIRE_S())))
3814 return 0;
3815
3816 return 1;
3817 }
3818
wait_incoming_acks_increased(struct helper * h,struct helper_local * hl)3819 static int wait_incoming_acks_increased(struct helper *h, struct helper_local *hl)
3820 {
3821 QUIC_CHANNEL *ch = ossl_quic_tserver_get_channel(ACQUIRE_S());
3822 uint16_t count;
3823
3824 count = ossl_quic_channel_get_diag_num_rx_ack(ch);
3825
3826 if (count == h->scratch0) {
3827 h->check_spin_again = 1;
3828 return 0;
3829 }
3830
3831 return 1;
3832 }
3833
3834 static const struct script_op script_45[] = {
3835 OP_C_SET_ALPN ("ossltest")
3836 OP_C_CONNECT_WAIT ()
3837
3838 OP_C_WRITE (DEFAULT, "apple", 5)
3839 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3840 OP_S_READ_EXPECT (a, "apple", 5)
3841
3842 OP_BEGIN_REPEAT (2)
3843
3844 OP_CHECK (force_ping, 0)
3845 OP_CHECK (wait_incoming_acks_increased, 0)
3846
3847 OP_END_REPEAT ()
3848
3849 OP_S_WRITE (a, "Strawberry", 10)
3850 OP_C_READ_EXPECT (DEFAULT, "Strawberry", 10)
3851
3852 OP_END
3853 };
3854
3855 /* 46. Fault injection - ACK - malformed initial range */
script_46_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)3856 static int script_46_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
3857 unsigned char *buf, size_t len)
3858 {
3859 int ok = 0;
3860 WPACKET wpkt;
3861 unsigned char frame_buf[16];
3862 size_t written;
3863 uint64_t type = 0, largest_acked = 0, first_range = 0, range_count = 0;
3864 uint64_t agap = 0, alen = 0;
3865 uint64_t ect0 = 0, ect1 = 0, ecnce = 0;
3866
3867 if (h->inject_word0 == 0)
3868 return 1;
3869
3870 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
3871 sizeof(frame_buf), 0)))
3872 return 0;
3873
3874 type = OSSL_QUIC_FRAME_TYPE_ACK_WITHOUT_ECN;
3875
3876 switch (h->inject_word0) {
3877 case 1:
3878 largest_acked = 100;
3879 first_range = 101;
3880 range_count = 0;
3881 break;
3882 case 2:
3883 largest_acked = 100;
3884 first_range = 80;
3885 /* [20..100]; [0..18] */
3886 range_count = 1;
3887 agap = 0;
3888 alen = 19;
3889 break;
3890 case 3:
3891 largest_acked = 100;
3892 first_range = 80;
3893 range_count = 1;
3894 agap = 18;
3895 alen = 1;
3896 break;
3897 case 4:
3898 type = OSSL_QUIC_FRAME_TYPE_ACK_WITH_ECN;
3899 largest_acked = 100;
3900 first_range = 1;
3901 range_count = 0;
3902 break;
3903 case 5:
3904 type = OSSL_QUIC_FRAME_TYPE_ACK_WITH_ECN;
3905 largest_acked = 0;
3906 first_range = 0;
3907 range_count = 0;
3908 ect0 = 0;
3909 ect1 = 50;
3910 ecnce = 200;
3911 break;
3912 }
3913
3914 h->inject_word0 = 0;
3915
3916 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, type))
3917 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, largest_acked))
3918 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, /*ack_delay=*/0))
3919 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, /*ack_range_count=*/range_count))
3920 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, /*first_ack_range=*/first_range)))
3921 goto err;
3922
3923 if (range_count > 0)
3924 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, /*range[0].gap=*/agap))
3925 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, /*range[0].len=*/alen)))
3926 goto err;
3927
3928 if (type == OSSL_QUIC_FRAME_TYPE_ACK_WITH_ECN)
3929 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, ect0))
3930 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, ect1))
3931 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, ecnce)))
3932 goto err;
3933
3934 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
3935 goto err;
3936
3937 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
3938 goto err;
3939
3940 ok = 1;
3941 err:
3942 if (ok)
3943 WPACKET_finish(&wpkt);
3944 else
3945 WPACKET_cleanup(&wpkt);
3946 return ok;
3947 }
3948
3949 static const struct script_op script_46[] = {
3950 OP_S_SET_INJECT_PLAIN (script_46_inject_plain)
3951 OP_C_SET_ALPN ("ossltest")
3952 OP_C_CONNECT_WAIT ()
3953
3954 OP_C_WRITE (DEFAULT, "apple", 5)
3955 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3956 OP_S_READ_EXPECT (a, "apple", 5)
3957
3958 OP_SET_INJECT_WORD (1, 0)
3959
3960 OP_S_WRITE (a, "Strawberry", 10)
3961
3962 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0)
3963
3964 OP_END
3965 };
3966
3967 /* 47. Fault injection - ACK - malformed subsequent range */
3968 static const struct script_op script_47[] = {
3969 OP_S_SET_INJECT_PLAIN (script_46_inject_plain)
3970 OP_C_SET_ALPN ("ossltest")
3971 OP_C_CONNECT_WAIT ()
3972
3973 OP_C_WRITE (DEFAULT, "apple", 5)
3974 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3975 OP_S_READ_EXPECT (a, "apple", 5)
3976
3977 OP_SET_INJECT_WORD (2, 0)
3978
3979 OP_S_WRITE (a, "Strawberry", 10)
3980
3981 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0)
3982
3983 OP_END
3984 };
3985
3986 /* 48. Fault injection - ACK - malformed subsequent range */
3987 static const struct script_op script_48[] = {
3988 OP_S_SET_INJECT_PLAIN (script_46_inject_plain)
3989 OP_C_SET_ALPN ("ossltest")
3990 OP_C_CONNECT_WAIT ()
3991
3992 OP_C_WRITE (DEFAULT, "apple", 5)
3993 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3994 OP_S_READ_EXPECT (a, "apple", 5)
3995
3996 OP_SET_INJECT_WORD (3, 0)
3997
3998 OP_S_WRITE (a, "Strawberry", 10)
3999
4000 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0)
4001
4002 OP_END
4003 };
4004
4005 /* 49. Fault injection - ACK - fictional PN */
4006 static const struct script_op script_49[] = {
4007 OP_S_SET_INJECT_PLAIN (script_46_inject_plain)
4008 OP_C_SET_ALPN ("ossltest")
4009 OP_C_CONNECT_WAIT ()
4010
4011 OP_C_WRITE (DEFAULT, "apple", 5)
4012 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4013 OP_S_READ_EXPECT (a, "apple", 5)
4014
4015 OP_SET_INJECT_WORD (4, 0)
4016
4017 OP_S_WRITE (a, "Strawberry", 10)
4018 OP_C_READ_EXPECT (DEFAULT, "Strawberry", 10)
4019
4020 OP_END
4021 };
4022
4023 /* 50. Fault injection - ACK - duplicate PN */
4024 static const struct script_op script_50[] = {
4025 OP_S_SET_INJECT_PLAIN (script_46_inject_plain)
4026 OP_C_SET_ALPN ("ossltest")
4027 OP_C_CONNECT_WAIT ()
4028
4029 OP_C_WRITE (DEFAULT, "apple", 5)
4030 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4031 OP_S_READ_EXPECT (a, "apple", 5)
4032
4033 OP_BEGIN_REPEAT (2)
4034
4035 OP_SET_INJECT_WORD (5, 0)
4036
4037 OP_S_WRITE (a, "Strawberry", 10)
4038 OP_C_READ_EXPECT (DEFAULT, "Strawberry", 10)
4039
4040 OP_END_REPEAT ()
4041
4042 OP_END
4043 };
4044
4045 /* 51. Fault injection - PATH_RESPONSE is ignored */
4046 static const struct script_op script_51[] = {
4047 OP_S_SET_INJECT_PLAIN (script_41_inject_plain)
4048 OP_C_SET_ALPN ("ossltest")
4049 OP_C_CONNECT_WAIT ()
4050
4051 OP_C_WRITE (DEFAULT, "apple", 5)
4052 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4053 OP_S_READ_EXPECT (a, "apple", 5)
4054
4055 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE)
4056
4057 OP_S_WRITE (a, "orange", 6)
4058 OP_C_READ_EXPECT (DEFAULT, "orange", 6)
4059
4060 OP_C_WRITE (DEFAULT, "Strawberry", 10)
4061 OP_S_READ_EXPECT (a, "Strawberry", 10)
4062
4063 OP_END
4064 };
4065
4066 /* 52. Fault injection - ignore BLOCKED frames with bogus values */
script_52_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)4067 static int script_52_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
4068 unsigned char *buf, size_t len)
4069 {
4070 int ok = 0;
4071 unsigned char frame_buf[64];
4072 size_t written;
4073 WPACKET wpkt;
4074 uint64_t type = h->inject_word1;
4075
4076 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT)
4077 return 1;
4078
4079 --h->inject_word0;
4080
4081 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
4082 sizeof(frame_buf), 0)))
4083 return 0;
4084
4085 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, type)))
4086 goto err;
4087
4088 if (type == OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED)
4089 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, C_BIDI_ID(0))))
4090 goto err;
4091
4092 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, 0xFFFFFF)))
4093 goto err;
4094
4095 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
4096 goto err;
4097
4098 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
4099 goto err;
4100
4101 ok = 1;
4102 err:
4103 if (ok)
4104 WPACKET_finish(&wpkt);
4105 else
4106 WPACKET_cleanup(&wpkt);
4107 return ok;
4108 }
4109
4110 static const struct script_op script_52[] = {
4111 OP_S_SET_INJECT_PLAIN (script_52_inject_plain)
4112 OP_C_SET_ALPN ("ossltest")
4113 OP_C_CONNECT_WAIT ()
4114
4115 OP_C_WRITE (DEFAULT, "apple", 5)
4116 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4117 OP_S_READ_EXPECT (a, "apple", 5)
4118
4119 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_DATA_BLOCKED)
4120
4121 OP_S_WRITE (a, "orange", 6)
4122 OP_C_READ_EXPECT (DEFAULT, "orange", 6)
4123
4124 OP_C_WRITE (DEFAULT, "Strawberry", 10)
4125 OP_S_READ_EXPECT (a, "Strawberry", 10)
4126
4127 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED)
4128
4129 OP_S_WRITE (a, "orange", 6)
4130 OP_C_READ_EXPECT (DEFAULT, "orange", 6)
4131
4132 OP_C_WRITE (DEFAULT, "Strawberry", 10)
4133 OP_S_READ_EXPECT (a, "Strawberry", 10)
4134
4135 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_UNI)
4136
4137 OP_S_WRITE (a, "orange", 6)
4138 OP_C_READ_EXPECT (DEFAULT, "orange", 6)
4139
4140 OP_C_WRITE (DEFAULT, "Strawberry", 10)
4141 OP_S_READ_EXPECT (a, "Strawberry", 10)
4142
4143 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_BIDI)
4144
4145 OP_S_WRITE (a, "orange", 6)
4146 OP_C_READ_EXPECT (DEFAULT, "orange", 6)
4147
4148 OP_C_WRITE (DEFAULT, "Strawberry", 10)
4149 OP_S_READ_EXPECT (a, "Strawberry", 10)
4150
4151 OP_END
4152 };
4153
4154 /* 53. Fault injection - excess CRYPTO buffer size */
script_53_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)4155 static int script_53_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
4156 unsigned char *buf, size_t len)
4157 {
4158 int ok = 0;
4159 size_t written;
4160 WPACKET wpkt;
4161 uint64_t offset = 0, data_len = 100;
4162 unsigned char *frame_buf = NULL;
4163 size_t frame_len, i;
4164
4165 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT)
4166 return 1;
4167
4168 h->inject_word0 = 0;
4169
4170 switch (h->inject_word1) {
4171 case 0:
4172 /*
4173 * Far out offset which will not have been reached during handshake.
4174 * This will not be delivered to the QUIC_TLS instance since it will be
4175 * waiting for in-order delivery of previous bytes. This tests our flow
4176 * control on CRYPTO stream buffering.
4177 */
4178 offset = 100000;
4179 data_len = 1;
4180 break;
4181 }
4182
4183 frame_len = 1 + 8 + 8 + (size_t)data_len;
4184 if (!TEST_ptr(frame_buf = OPENSSL_malloc(frame_len)))
4185 return 0;
4186
4187 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf, frame_len, 0)))
4188 goto err;
4189
4190 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_FRAME_TYPE_CRYPTO))
4191 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, offset))
4192 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, data_len)))
4193 goto err;
4194
4195 for (i = 0; i < data_len; ++i)
4196 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x42)))
4197 goto err;
4198
4199 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
4200 goto err;
4201
4202 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
4203 goto err;
4204
4205 ok = 1;
4206 err:
4207 if (ok)
4208 WPACKET_finish(&wpkt);
4209 else
4210 WPACKET_cleanup(&wpkt);
4211 OPENSSL_free(frame_buf);
4212 return ok;
4213 }
4214
4215 static const struct script_op script_53[] = {
4216 OP_S_SET_INJECT_PLAIN (script_53_inject_plain)
4217 OP_C_SET_ALPN ("ossltest")
4218 OP_C_CONNECT_WAIT ()
4219
4220 OP_C_WRITE (DEFAULT, "apple", 5)
4221 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4222 OP_S_READ_EXPECT (a, "apple", 5)
4223
4224 OP_SET_INJECT_WORD (1, 0)
4225 OP_S_WRITE (a, "Strawberry", 10)
4226
4227 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_CRYPTO_BUFFER_EXCEEDED,0,0)
4228
4229 OP_END
4230 };
4231
4232 /* 54. Fault injection - corrupted crypto stream data */
script_54_inject_handshake(struct helper * h,unsigned char * buf,size_t buf_len)4233 static int script_54_inject_handshake(struct helper *h,
4234 unsigned char *buf, size_t buf_len)
4235 {
4236 size_t i;
4237
4238 for (i = 0; i < buf_len; ++i)
4239 buf[i] ^= 0xff;
4240
4241 return 1;
4242 }
4243
4244 static const struct script_op script_54[] = {
4245 OP_S_SET_INJECT_HANDSHAKE(script_54_inject_handshake)
4246 OP_C_SET_ALPN ("ossltest")
4247 OP_C_CONNECT_WAIT_OR_FAIL()
4248
4249 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_CRYPTO_UNEXPECTED_MESSAGE,0,0)
4250
4251 OP_END
4252 };
4253
4254 /* 55. Fault injection - NEW_CONN_ID with >20 byte CID */
4255 static const struct script_op script_55[] = {
4256 OP_S_SET_INJECT_PLAIN (script_39_inject_plain)
4257 OP_C_SET_ALPN ("ossltest")
4258 OP_C_CONNECT_WAIT ()
4259 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4260
4261 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
4262 OP_C_WRITE (a, "apple", 5)
4263 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4264 OP_S_READ_EXPECT (a, "apple", 5)
4265
4266 OP_SET_INJECT_WORD (0, 2)
4267 OP_S_WRITE (a, "orange", 5)
4268
4269 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0)
4270
4271 OP_END
4272 };
4273
4274 /* 56. Fault injection - NEW_CONN_ID with seq no < retire prior to */
4275 static const struct script_op script_56[] = {
4276 OP_S_SET_INJECT_PLAIN (script_39_inject_plain)
4277 OP_C_SET_ALPN ("ossltest")
4278 OP_C_CONNECT_WAIT ()
4279 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4280
4281 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
4282 OP_C_WRITE (a, "apple", 5)
4283 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4284 OP_S_READ_EXPECT (a, "apple", 5)
4285
4286 OP_SET_INJECT_WORD (0, 3)
4287 OP_S_WRITE (a, "orange", 5)
4288
4289 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0)
4290
4291 OP_END
4292 };
4293
4294 /* 57. Fault injection - NEW_CONN_ID with lower seq so ignored */
4295 static const struct script_op script_57[] = {
4296 OP_S_SET_INJECT_PLAIN (script_39_inject_plain)
4297 OP_C_SET_ALPN ("ossltest")
4298 OP_C_CONNECT_WAIT ()
4299 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4300
4301 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
4302 OP_C_WRITE (a, "apple", 5)
4303 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4304 OP_S_READ_EXPECT (a, "apple", 5)
4305
4306 OP_SET_INJECT_WORD (0, 4)
4307 OP_S_WRITE (a, "orange", 5)
4308 OP_C_READ_EXPECT (a, "orange", 5)
4309
4310 OP_C_WRITE (a, "Strawberry", 10)
4311 OP_S_READ_EXPECT (a, "Strawberry", 10)
4312
4313 /*
4314 * Now we send a NEW_CONN_ID with a bogus CID. However the sequence number
4315 * is old so it should be ignored and we should still be able to
4316 * communicate.
4317 */
4318 OP_SET_INJECT_WORD (0, 5)
4319 OP_S_WRITE (a, "raspberry", 9)
4320 OP_C_READ_EXPECT (a, "raspberry", 9)
4321
4322 OP_C_WRITE (a, "peach", 5)
4323 OP_S_READ_EXPECT (a, "peach", 5)
4324
4325 OP_END
4326 };
4327
4328 /* 58. Fault injection - repeated HANDSHAKE_DONE */
script_58_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)4329 static int script_58_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
4330 unsigned char *buf, size_t len)
4331 {
4332 int ok = 0;
4333 unsigned char frame_buf[64];
4334 size_t written;
4335 WPACKET wpkt;
4336
4337 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT)
4338 return 1;
4339
4340 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
4341 sizeof(frame_buf), 0)))
4342 return 0;
4343
4344 if (h->inject_word0 == 1) {
4345 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_FRAME_TYPE_HANDSHAKE_DONE)))
4346 goto err;
4347 } else {
4348 /* Needless multi-byte encoding */
4349 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x40))
4350 || !TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x1E)))
4351 goto err;
4352 }
4353
4354 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
4355 goto err;
4356
4357 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
4358 goto err;
4359
4360 ok = 1;
4361 err:
4362 if (ok)
4363 WPACKET_finish(&wpkt);
4364 else
4365 WPACKET_cleanup(&wpkt);
4366 return ok;
4367 }
4368
4369 static const struct script_op script_58[] = {
4370 OP_S_SET_INJECT_PLAIN (script_58_inject_plain)
4371 OP_C_SET_ALPN ("ossltest")
4372 OP_C_CONNECT_WAIT ()
4373
4374 OP_C_WRITE (DEFAULT, "apple", 5)
4375 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4376 OP_S_READ_EXPECT (a, "apple", 5)
4377
4378 OP_SET_INJECT_WORD (1, 0)
4379
4380 OP_S_WRITE (a, "orange", 6)
4381 OP_C_READ_EXPECT (DEFAULT, "orange", 6)
4382
4383 OP_C_WRITE (DEFAULT, "Strawberry", 10)
4384 OP_S_READ_EXPECT (a, "Strawberry", 10)
4385
4386 OP_END
4387 };
4388
4389 /* 59. Fault injection - multi-byte frame encoding */
4390 static const struct script_op script_59[] = {
4391 OP_S_SET_INJECT_PLAIN (script_58_inject_plain)
4392 OP_C_SET_ALPN ("ossltest")
4393 OP_C_CONNECT_WAIT ()
4394
4395 OP_C_WRITE (DEFAULT, "apple", 5)
4396 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4397 OP_S_READ_EXPECT (a, "apple", 5)
4398
4399 OP_SET_INJECT_WORD (2, 0)
4400
4401 OP_S_WRITE (a, "orange", 6)
4402
4403 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_PROTOCOL_VIOLATION,0,0)
4404
4405 OP_END
4406 };
4407
4408 /* 60. Connection close reason truncation */
4409 static char long_reason[2048];
4410
init_reason(struct helper * h,struct helper_local * hl)4411 static int init_reason(struct helper *h, struct helper_local *hl)
4412 {
4413 memset(long_reason, '~', sizeof(long_reason));
4414 memcpy(long_reason, "This is a long reason string.", 29);
4415 long_reason[OSSL_NELEM(long_reason) - 1] = '\0';
4416 return 1;
4417 }
4418
check_shutdown_reason(struct helper * h,struct helper_local * hl)4419 static int check_shutdown_reason(struct helper *h, struct helper_local *hl)
4420 {
4421 const QUIC_TERMINATE_CAUSE *tc = ossl_quic_tserver_get_terminate_cause(ACQUIRE_S());
4422
4423 if (tc == NULL) {
4424 h->check_spin_again = 1;
4425 return 0;
4426 }
4427
4428 if (!TEST_size_t_ge(tc->reason_len, 50)
4429 || !TEST_mem_eq(long_reason, tc->reason_len,
4430 tc->reason, tc->reason_len))
4431 return 0;
4432
4433 return 1;
4434 }
4435
4436 static const struct script_op script_60[] = {
4437 OP_C_SET_ALPN ("ossltest")
4438 OP_C_CONNECT_WAIT ()
4439
4440 OP_C_WRITE (DEFAULT, "apple", 5)
4441 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4442 OP_S_READ_EXPECT (a, "apple", 5)
4443
4444 OP_CHECK (init_reason, 0)
4445 OP_C_SHUTDOWN_WAIT (long_reason, 0)
4446 OP_CHECK (check_shutdown_reason, 0)
4447
4448 OP_END
4449 };
4450
4451 /* 61. Fault injection - RESET_STREAM exceeding stream count FC */
script_61_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)4452 static int script_61_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
4453 unsigned char *buf, size_t len)
4454 {
4455 int ok = 0;
4456 WPACKET wpkt;
4457 unsigned char frame_buf[32];
4458 size_t written;
4459
4460 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT)
4461 return 1;
4462
4463 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
4464 sizeof(frame_buf), 0)))
4465 return 0;
4466
4467 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word0))
4468 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, /* stream ID */
4469 h->inject_word1))
4470 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, 123))
4471 || (h->inject_word0 == OSSL_QUIC_FRAME_TYPE_RESET_STREAM
4472 && !TEST_true(WPACKET_quic_write_vlint(&wpkt, 0)))) /* final size */
4473 goto err;
4474
4475 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
4476 goto err;
4477
4478 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
4479 goto err;
4480
4481 ok = 1;
4482 err:
4483 if (ok)
4484 WPACKET_finish(&wpkt);
4485 else
4486 WPACKET_cleanup(&wpkt);
4487 return ok;
4488 }
4489
4490 static const struct script_op script_61[] = {
4491 OP_S_SET_INJECT_PLAIN (script_61_inject_plain)
4492 OP_C_SET_ALPN ("ossltest")
4493 OP_C_CONNECT_WAIT ()
4494 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4495
4496 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
4497 OP_C_WRITE (a, "orange", 6)
4498
4499 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4500 OP_S_READ_EXPECT (a, "orange", 6)
4501
4502 OP_SET_INJECT_WORD (OSSL_QUIC_FRAME_TYPE_RESET_STREAM,
4503 S_BIDI_ID(OSSL_QUIC_VLINT_MAX / 4))
4504 OP_S_WRITE (a, "fruit", 5)
4505
4506 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_LIMIT_ERROR,0,0)
4507
4508 OP_END
4509 };
4510
4511 /* 62. Fault injection - STOP_SENDING with high ID */
4512 static const struct script_op script_62[] = {
4513 OP_S_SET_INJECT_PLAIN (script_61_inject_plain)
4514 OP_C_SET_ALPN ("ossltest")
4515 OP_C_CONNECT_WAIT ()
4516 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4517
4518 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
4519 OP_C_WRITE (a, "orange", 6)
4520
4521 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4522 OP_S_READ_EXPECT (a, "orange", 6)
4523
4524 OP_SET_INJECT_WORD (OSSL_QUIC_FRAME_TYPE_STOP_SENDING,
4525 C_BIDI_ID(OSSL_QUIC_VLINT_MAX / 4))
4526 OP_S_WRITE (a, "fruit", 5)
4527
4528 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR,0,0)
4529
4530 OP_END
4531 };
4532
4533 /* 63. Fault injection - STREAM frame exceeding stream limit */
4534 static const struct script_op script_63[] = {
4535 OP_S_SET_INJECT_PLAIN (script_32_inject_plain)
4536 OP_C_SET_ALPN ("ossltest")
4537 OP_C_CONNECT_WAIT ()
4538 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4539
4540 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
4541 OP_C_WRITE (a, "apple", 5)
4542
4543 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4544 OP_S_READ_EXPECT (a, "apple", 5)
4545
4546 OP_SET_INJECT_WORD (S_BIDI_ID(5000) + 1, 4)
4547 OP_S_WRITE (a, "orange", 6)
4548
4549 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_LIMIT_ERROR,0,0)
4550
4551 OP_END
4552 };
4553
4554 /* 64. Fault injection - STREAM - zero-length no-FIN is accepted */
4555 static const struct script_op script_64[] = {
4556 OP_S_SET_INJECT_PLAIN (script_32_inject_plain)
4557 OP_C_SET_ALPN ("ossltest")
4558 OP_C_CONNECT_WAIT ()
4559 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4560
4561 OP_S_NEW_STREAM_UNI (a, S_UNI_ID(0))
4562 OP_S_WRITE (a, "apple", 5)
4563
4564 OP_C_ACCEPT_STREAM_WAIT (a)
4565 OP_C_READ_EXPECT (a, "apple", 5)
4566
4567 OP_SET_INJECT_WORD (S_BIDI_ID(20) + 1, 1)
4568 OP_S_WRITE (a, "orange", 6)
4569 OP_C_READ_EXPECT (a, "orange", 6)
4570
4571 OP_END
4572 };
4573
4574 /* 65. Fault injection - CRYPTO - zero-length is accepted */
script_65_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)4575 static int script_65_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
4576 unsigned char *buf, size_t len)
4577 {
4578 int ok = 0;
4579 unsigned char frame_buf[64];
4580 size_t written;
4581 WPACKET wpkt;
4582
4583 if (h->inject_word0 == 0)
4584 return 1;
4585
4586 --h->inject_word0;
4587
4588 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
4589 sizeof(frame_buf), 0)))
4590 return 0;
4591
4592 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_FRAME_TYPE_CRYPTO))
4593 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, 0))
4594 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, 0)))
4595 goto err;
4596
4597 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
4598 goto err;
4599
4600 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
4601 goto err;
4602
4603 ok = 1;
4604 err:
4605 if (ok)
4606 WPACKET_finish(&wpkt);
4607 else
4608 WPACKET_cleanup(&wpkt);
4609 return ok;
4610 }
4611
4612 static const struct script_op script_65[] = {
4613 OP_S_SET_INJECT_PLAIN (script_65_inject_plain)
4614 OP_C_SET_ALPN ("ossltest")
4615 OP_C_CONNECT_WAIT ()
4616 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4617
4618 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
4619 OP_C_WRITE (a, "apple", 5)
4620
4621 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4622 OP_S_READ_EXPECT (a, "apple", 5)
4623
4624 OP_SET_INJECT_WORD (1, 0)
4625 OP_S_WRITE (a, "orange", 6)
4626 OP_C_READ_EXPECT (a, "orange", 6)
4627
4628 OP_END
4629 };
4630
4631 /* 66. Fault injection - large MAX_STREAM_DATA */
script_66_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)4632 static int script_66_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
4633 unsigned char *buf, size_t len)
4634 {
4635 int ok = 0;
4636 WPACKET wpkt;
4637 unsigned char frame_buf[64];
4638 size_t written;
4639
4640 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT)
4641 return 1;
4642
4643 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
4644 sizeof(frame_buf), 0)))
4645 return 0;
4646
4647 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word1)))
4648 goto err;
4649
4650 if (h->inject_word1 == OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA)
4651 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, /* stream ID */
4652 h->inject_word0 - 1)))
4653 goto err;
4654
4655 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_VLINT_MAX)))
4656 goto err;
4657
4658 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
4659 goto err;
4660
4661 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
4662 goto err;
4663
4664 ok = 1;
4665 err:
4666 if (ok)
4667 WPACKET_finish(&wpkt);
4668 else
4669 WPACKET_cleanup(&wpkt);
4670 return ok;
4671 }
4672
4673 static const struct script_op script_66[] = {
4674 OP_S_SET_INJECT_PLAIN (script_66_inject_plain)
4675 OP_C_SET_ALPN ("ossltest")
4676 OP_C_CONNECT_WAIT ()
4677 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4678
4679 OP_S_NEW_STREAM_BIDI (a, S_BIDI_ID(0))
4680 OP_S_WRITE (a, "apple", 5)
4681
4682 OP_C_ACCEPT_STREAM_WAIT (a)
4683 OP_C_READ_EXPECT (a, "apple", 5)
4684
4685 OP_SET_INJECT_WORD (S_BIDI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA)
4686 OP_S_WRITE (a, "orange", 6)
4687 OP_C_READ_EXPECT (a, "orange", 6)
4688 OP_C_WRITE (a, "Strawberry", 10)
4689 OP_S_READ_EXPECT (a, "Strawberry", 10)
4690
4691 OP_END
4692 };
4693
4694 /* 67. Fault injection - large MAX_DATA */
4695 static const struct script_op script_67[] = {
4696 OP_S_SET_INJECT_PLAIN (script_66_inject_plain)
4697 OP_C_SET_ALPN ("ossltest")
4698 OP_C_CONNECT_WAIT ()
4699 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4700
4701 OP_S_NEW_STREAM_BIDI (a, S_BIDI_ID(0))
4702 OP_S_WRITE (a, "apple", 5)
4703
4704 OP_C_ACCEPT_STREAM_WAIT (a)
4705 OP_C_READ_EXPECT (a, "apple", 5)
4706
4707 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_MAX_DATA)
4708 OP_S_WRITE (a, "orange", 6)
4709 OP_C_READ_EXPECT (a, "orange", 6)
4710 OP_C_WRITE (a, "Strawberry", 10)
4711 OP_S_READ_EXPECT (a, "Strawberry", 10)
4712
4713 OP_END
4714 };
4715
4716 /* 68. Fault injection - Unexpected TLS messages */
script_68_inject_handshake(struct helper * h,unsigned char * msg,size_t msglen)4717 static int script_68_inject_handshake(struct helper *h, unsigned char *msg,
4718 size_t msglen)
4719 {
4720 const unsigned char *data;
4721 size_t datalen;
4722 const unsigned char certreq[] = {
4723 SSL3_MT_CERTIFICATE_REQUEST, /* CertificateRequest message */
4724 0, 0, 12, /* Length of message */
4725 1, 1, /* certificate_request_context */
4726 0, 8, /* Extensions block length */
4727 0, TLSEXT_TYPE_signature_algorithms, /* sig_algs extension*/
4728 0, 4, /* 4 bytes of sig algs extension*/
4729 0, 2, /* sigalgs list is 2 bytes long */
4730 8, 4 /* rsa_pss_rsae_sha256 */
4731 };
4732 const unsigned char keyupdate[] = {
4733 SSL3_MT_KEY_UPDATE, /* KeyUpdate message */
4734 0, 0, 1, /* Length of message */
4735 SSL_KEY_UPDATE_NOT_REQUESTED /* update_not_requested */
4736 };
4737
4738 /* We transform the NewSessionTicket message into something else */
4739 switch(h->inject_word0) {
4740 case 0:
4741 return 1;
4742
4743 case 1:
4744 /* CertificateRequest message */
4745 data = certreq;
4746 datalen = sizeof(certreq);
4747 break;
4748
4749 case 2:
4750 /* KeyUpdate message */
4751 data = keyupdate;
4752 datalen = sizeof(keyupdate);
4753 break;
4754
4755 default:
4756 return 0;
4757 }
4758
4759 if (!TEST_true(qtest_fault_resize_message(h->qtf,
4760 datalen - SSL3_HM_HEADER_LENGTH)))
4761 return 0;
4762
4763 memcpy(msg, data, datalen);
4764
4765 return 1;
4766 }
4767
4768 /* Send a CerticateRequest message post-handshake */
4769 static const struct script_op script_68[] = {
4770 OP_S_SET_INJECT_HANDSHAKE(script_68_inject_handshake)
4771 OP_C_SET_ALPN ("ossltest")
4772 OP_C_CONNECT_WAIT ()
4773 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4774
4775 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
4776 OP_C_WRITE (a, "apple", 5)
4777 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4778 OP_S_READ_EXPECT (a, "apple", 5)
4779
4780 OP_SET_INJECT_WORD (1, 0)
4781 OP_S_NEW_TICKET ()
4782 OP_S_WRITE (a, "orange", 6)
4783
4784 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_PROTOCOL_VIOLATION, 0, 0)
4785
4786 OP_END
4787 };
4788
4789 /* 69. Send a TLS KeyUpdate message post-handshake */
4790 static const struct script_op script_69[] = {
4791 OP_S_SET_INJECT_HANDSHAKE(script_68_inject_handshake)
4792 OP_C_SET_ALPN ("ossltest")
4793 OP_C_CONNECT_WAIT ()
4794 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4795
4796 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
4797 OP_C_WRITE (a, "apple", 5)
4798 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4799 OP_S_READ_EXPECT (a, "apple", 5)
4800
4801 OP_SET_INJECT_WORD (2, 0)
4802 OP_S_NEW_TICKET ()
4803 OP_S_WRITE (a, "orange", 6)
4804
4805 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_CRYPTO_ERR_BEGIN
4806 + SSL_AD_UNEXPECTED_MESSAGE, 0, 0)
4807
4808 OP_END
4809 };
4810
set_max_early_data(struct helper * h,struct helper_local * hl)4811 static int set_max_early_data(struct helper *h, struct helper_local *hl)
4812 {
4813
4814 if (!TEST_true(ossl_quic_tserver_set_max_early_data(ACQUIRE_S(),
4815 (uint32_t)hl->check_op->arg2)))
4816 return 0;
4817
4818 return 1;
4819 }
4820
4821 /* 70. Send a TLS NewSessionTicket message with invalid max_early_data */
4822 static const struct script_op script_70[] = {
4823 OP_C_SET_ALPN ("ossltest")
4824 OP_C_CONNECT_WAIT ()
4825 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4826
4827 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
4828 OP_C_WRITE (a, "apple", 5)
4829 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4830 OP_S_READ_EXPECT (a, "apple", 5)
4831
4832 OP_CHECK (set_max_early_data, 0xfffffffe)
4833 OP_S_NEW_TICKET ()
4834 OP_S_WRITE (a, "orange", 6)
4835
4836 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_PROTOCOL_VIOLATION, 0, 0)
4837
4838 OP_END
4839 };
4840
4841 /* 71. Send a TLS NewSessionTicket message with valid max_early_data */
4842 static const struct script_op script_71[] = {
4843 OP_C_SET_ALPN ("ossltest")
4844 OP_C_CONNECT_WAIT ()
4845 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4846
4847 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
4848 OP_C_WRITE (a, "apple", 5)
4849 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4850 OP_S_READ_EXPECT (a, "apple", 5)
4851
4852 OP_CHECK (set_max_early_data, 0xffffffff)
4853 OP_S_NEW_TICKET ()
4854 OP_S_WRITE (a, "orange", 6)
4855 OP_C_READ_EXPECT (a, "orange", 6)
4856
4857 OP_END
4858 };
4859
4860 /* 72. Test that APL stops handing out streams after limit reached (bidi) */
script_72_check(struct helper * h,struct helper_local * hl)4861 static int script_72_check(struct helper *h, struct helper_local *hl)
4862 {
4863 if (!TEST_uint64_t_ge(h->fail_count, 50))
4864 return 0;
4865
4866 return 1;
4867 }
4868
4869 static const struct script_op script_72[] = {
4870 OP_C_SET_ALPN ("ossltest")
4871 OP_C_CONNECT_WAIT ()
4872 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4873
4874 /*
4875 * Request more streams than a server will initially hand out and test that
4876 * they fail properly.
4877 */
4878 OP_BEGIN_REPEAT (200)
4879
4880 OP_C_NEW_STREAM_BIDI_EX (a, ANY_ID, ALLOW_FAIL | SSL_STREAM_FLAG_NO_BLOCK)
4881 OP_C_SKIP_IF_UNBOUND (a, 2)
4882 OP_C_WRITE (a, "apple", 5)
4883 OP_C_FREE_STREAM (a)
4884
4885 OP_END_REPEAT ()
4886
4887 OP_CHECK (script_72_check, 0)
4888
4889 OP_END
4890 };
4891
4892 /* 73. Test that APL stops handing out streams after limit reached (uni) */
4893 static const struct script_op script_73[] = {
4894 OP_C_SET_ALPN ("ossltest")
4895 OP_C_CONNECT_WAIT ()
4896 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4897
4898 /*
4899 * Request more streams than a server will initially hand out and test that
4900 * they fail properly.
4901 */
4902 OP_BEGIN_REPEAT (200)
4903
4904 OP_C_NEW_STREAM_UNI_EX (a, ANY_ID, ALLOW_FAIL | SSL_STREAM_FLAG_NO_BLOCK)
4905 OP_C_SKIP_IF_UNBOUND (a, 2)
4906 OP_C_WRITE (a, "apple", 5)
4907 OP_C_FREE_STREAM (a)
4908
4909 OP_END_REPEAT ()
4910
4911 OP_CHECK (script_72_check, 0)
4912
4913 OP_END
4914 };
4915
4916 /* 74. Version negotiation: QUIC_VERSION_1 ignored */
generate_version_neg(WPACKET * wpkt,uint32_t version)4917 static int generate_version_neg(WPACKET *wpkt, uint32_t version)
4918 {
4919 QUIC_PKT_HDR hdr = {0};
4920
4921 hdr.type = QUIC_PKT_TYPE_VERSION_NEG;
4922 hdr.fixed = 1;
4923 hdr.dst_conn_id.id_len = 0;
4924 hdr.src_conn_id.id_len = 8;
4925 memset(hdr.src_conn_id.id, 0x55, 8);
4926
4927 if (!TEST_true(ossl_quic_wire_encode_pkt_hdr(wpkt, 0, &hdr, NULL)))
4928 return 0;
4929
4930 if (!TEST_true(WPACKET_put_bytes_u32(wpkt, version)))
4931 return 0;
4932
4933 return 1;
4934 }
4935
server_gen_version_neg(struct helper * h,BIO_MSG * msg,size_t stride)4936 static int server_gen_version_neg(struct helper *h, BIO_MSG *msg, size_t stride)
4937 {
4938 int rc = 0, have_wpkt = 0;
4939 size_t l;
4940 WPACKET wpkt;
4941 BUF_MEM *buf = NULL;
4942 uint32_t version;
4943
4944 switch (h->inject_word0) {
4945 case 0:
4946 return 1;
4947 case 1:
4948 version = QUIC_VERSION_1;
4949 break;
4950 default:
4951 version = 0x5432abcd;
4952 break;
4953 }
4954
4955 if (!TEST_ptr(buf = BUF_MEM_new()))
4956 goto err;
4957
4958 if (!TEST_true(WPACKET_init(&wpkt, buf)))
4959 goto err;
4960
4961 have_wpkt = 1;
4962
4963 generate_version_neg(&wpkt, version);
4964
4965 if (!TEST_true(WPACKET_get_total_written(&wpkt, &l)))
4966 goto err;
4967
4968 if (!TEST_true(qtest_fault_resize_datagram(h->qtf, l)))
4969 return 0;
4970
4971 memcpy(msg->data, buf->data, l);
4972 h->inject_word0 = 0;
4973
4974 rc = 1;
4975 err:
4976 if (have_wpkt)
4977 WPACKET_finish(&wpkt);
4978
4979 BUF_MEM_free(buf);
4980 return rc;
4981 }
4982
4983 static const struct script_op script_74[] = {
4984 OP_S_SET_INJECT_DATAGRAM (server_gen_version_neg)
4985 OP_SET_INJECT_WORD (1, 0)
4986
4987 OP_C_SET_ALPN ("ossltest")
4988 OP_C_CONNECT_WAIT ()
4989
4990 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4991
4992 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
4993 OP_C_WRITE (a, "apple", 5)
4994 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4995 OP_S_READ_EXPECT (a, "apple", 5)
4996
4997 OP_END
4998 };
4999
5000 /* 75. Version negotiation: Unknown version causes connection abort */
5001 static const struct script_op script_75[] = {
5002 OP_S_SET_INJECT_DATAGRAM (server_gen_version_neg)
5003 OP_SET_INJECT_WORD (2, 0)
5004
5005 OP_C_SET_ALPN ("ossltest")
5006 OP_C_CONNECT_WAIT_OR_FAIL()
5007
5008 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_CONNECTION_REFUSED,0,0)
5009
5010 OP_END
5011 };
5012
5013 /* 76. Test peer-initiated shutdown wait */
script_76_check(struct helper * h,struct helper_local * hl)5014 static int script_76_check(struct helper *h, struct helper_local *hl)
5015 {
5016 if (!TEST_false(SSL_shutdown_ex(h->c_conn,
5017 SSL_SHUTDOWN_FLAG_WAIT_PEER
5018 | SSL_SHUTDOWN_FLAG_NO_BLOCK,
5019 NULL, 0)))
5020 return 0;
5021
5022 return 1;
5023 }
5024
5025 static const struct script_op script_76[] = {
5026 OP_C_SET_ALPN ("ossltest")
5027 OP_C_CONNECT_WAIT ()
5028 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
5029
5030 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
5031 OP_C_WRITE (a, "apple", 5)
5032
5033 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
5034 OP_S_READ_EXPECT (a, "apple", 5)
5035
5036 /* Check a WAIT_PEER call doesn't succeed yet. */
5037 OP_CHECK (script_76_check, 0)
5038 OP_S_SHUTDOWN (42)
5039
5040 OP_C_SHUTDOWN_WAIT (NULL, SSL_SHUTDOWN_FLAG_WAIT_PEER)
5041 OP_C_EXPECT_CONN_CLOSE_INFO(42, 1, 1)
5042
5043 OP_END
5044 };
5045
5046 /* 77. Ensure default stream popping operates correctly */
5047 static const struct script_op script_77[] = {
5048 OP_C_SET_ALPN ("ossltest")
5049 OP_C_CONNECT_WAIT ()
5050
5051 OP_C_SET_INCOMING_STREAM_POLICY(SSL_INCOMING_STREAM_POLICY_ACCEPT)
5052
5053 OP_S_NEW_STREAM_BIDI (a, S_BIDI_ID(0))
5054 OP_S_WRITE (a, "Strawberry", 10)
5055
5056 OP_C_READ_EXPECT (DEFAULT, "Strawberry", 10)
5057
5058 OP_S_NEW_STREAM_BIDI (b, S_BIDI_ID(1))
5059 OP_S_WRITE (b, "xyz", 3)
5060
5061 OP_C_ACCEPT_STREAM_WAIT (b)
5062 OP_C_READ_EXPECT (b, "xyz", 3)
5063
5064 OP_END
5065 };
5066
5067 /* 78. Post-connection session ticket handling */
5068 static size_t new_session_count;
5069
on_new_session(SSL * s,SSL_SESSION * sess)5070 static int on_new_session(SSL *s, SSL_SESSION *sess)
5071 {
5072 ++new_session_count;
5073 return 0; /* do not ref session, we aren't keeping it */
5074 }
5075
setup_session(struct helper * h,struct helper_local * hl)5076 static int setup_session(struct helper *h, struct helper_local *hl)
5077 {
5078 SSL_CTX_set_session_cache_mode(h->c_ctx, SSL_SESS_CACHE_BOTH);
5079 SSL_CTX_sess_set_new_cb(h->c_ctx, on_new_session);
5080 return 1;
5081 }
5082
trigger_late_session_ticket(struct helper * h,struct helper_local * hl)5083 static int trigger_late_session_ticket(struct helper *h, struct helper_local *hl)
5084 {
5085 new_session_count = 0;
5086
5087 if (!TEST_true(ossl_quic_tserver_new_ticket(ACQUIRE_S())))
5088 return 0;
5089
5090 return 1;
5091 }
5092
check_got_session_ticket(struct helper * h,struct helper_local * hl)5093 static int check_got_session_ticket(struct helper *h, struct helper_local *hl)
5094 {
5095 if (!TEST_size_t_gt(new_session_count, 0))
5096 return 0;
5097
5098 return 1;
5099 }
5100
5101 static int check_idle_timeout(struct helper *h, struct helper_local *hl);
5102
5103 static const struct script_op script_78[] = {
5104 OP_C_SET_ALPN ("ossltest")
5105 OP_CHECK (setup_session, 0)
5106 OP_C_CONNECT_WAIT ()
5107
5108 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
5109
5110 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
5111 OP_C_WRITE (a, "apple", 5)
5112
5113 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
5114 OP_S_READ_EXPECT (a, "apple", 5)
5115
5116 OP_S_WRITE (a, "orange", 6)
5117 OP_C_READ_EXPECT (a, "orange", 6)
5118
5119 OP_CHECK (trigger_late_session_ticket, 0)
5120
5121 OP_S_WRITE (a, "Strawberry", 10)
5122 OP_C_READ_EXPECT (a, "Strawberry", 10)
5123
5124 OP_CHECK (check_got_session_ticket, 0)
5125 OP_CHECK2 (check_idle_timeout,
5126 SSL_VALUE_CLASS_FEATURE_NEGOTIATED, 30000)
5127
5128 OP_END
5129 };
5130
5131 /* 79. Optimised FIN test */
5132 static const struct script_op script_79[] = {
5133 OP_C_SET_ALPN ("ossltest")
5134 OP_C_CONNECT_WAIT ()
5135 OP_C_WRITE_EX2 (DEFAULT, "apple", 5, SSL_WRITE_FLAG_CONCLUDE)
5136 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
5137 OP_S_READ_EXPECT (a, "apple", 5)
5138 OP_S_EXPECT_FIN (a)
5139 OP_S_WRITE (a, "orange", 6)
5140 OP_S_CONCLUDE (a)
5141 OP_C_READ_EXPECT (DEFAULT, "orange", 6)
5142 OP_C_EXPECT_FIN (DEFAULT)
5143 OP_END
5144 };
5145
5146 /* 80. Stateless reset detection test */
5147 static QUIC_STATELESS_RESET_TOKEN test_reset_token = {
5148 { 0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef,
5149 0xde, 0xad, 0xbe, 0xef }};
5150
5151 /*
5152 * Generate a packet in the following format:
5153 * https://www.rfc-editor.org/rfc/rfc9000.html#name-stateless-reset
5154 * Stateless Reset {
5155 * Fixed Bits (2): 1
5156 * Unpredictable bits (38..)
5157 * Stateless reset token (128)
5158 * }
5159 */
script_80_send_stateless_reset(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)5160 static int script_80_send_stateless_reset(struct helper *h, QUIC_PKT_HDR *hdr,
5161 unsigned char *buf, size_t len)
5162 {
5163 unsigned char databuf[64];
5164
5165 if (h->inject_word1 == 0)
5166 return 1;
5167
5168 h->inject_word1 = 0;
5169
5170 fprintf(stderr, "Sending stateless reset\n");
5171
5172 RAND_bytes(databuf, 64);
5173 databuf[0] = 0x40;
5174 memcpy(&databuf[48], test_reset_token.token,
5175 sizeof(test_reset_token.token));
5176
5177 if (!TEST_int_eq(SSL_inject_net_dgram(h->c_conn, databuf, sizeof(databuf),
5178 NULL, h->s_net_bio_addr), 1))
5179 return 0;
5180
5181 return 1;
5182 }
5183
script_80_gen_new_conn_id(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)5184 static int script_80_gen_new_conn_id(struct helper *h, QUIC_PKT_HDR *hdr,
5185 unsigned char *buf, size_t len)
5186 {
5187 int rc = 0;
5188 size_t l;
5189 unsigned char frame_buf[64];
5190 WPACKET wpkt;
5191 QUIC_CONN_ID new_cid = {0};
5192 OSSL_QUIC_FRAME_NEW_CONN_ID ncid = {0};
5193 QUIC_CHANNEL *ch = ossl_quic_tserver_get_channel(ACQUIRE_S_NOHL());
5194
5195 if (h->inject_word0 == 0)
5196 return 1;
5197
5198 h->inject_word0 = 0;
5199
5200 fprintf(stderr, "sending new conn id\n");
5201 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
5202 sizeof(frame_buf), 0)))
5203 return 0;
5204
5205 ossl_quic_channel_get_diag_local_cid(ch, &new_cid);
5206
5207 ncid.seq_num = 2;
5208 ncid.retire_prior_to = 2;
5209 ncid.conn_id = new_cid;
5210 memcpy(ncid.stateless_reset.token, test_reset_token.token,
5211 sizeof(test_reset_token.token));
5212
5213 if (!TEST_true(ossl_quic_wire_encode_frame_new_conn_id(&wpkt, &ncid)))
5214 goto err;
5215
5216 if (!TEST_true(WPACKET_get_total_written(&wpkt, &l)))
5217 goto err;
5218
5219 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, l))
5220 goto err;
5221
5222 rc = 1;
5223 err:
5224 if (rc)
5225 WPACKET_finish(&wpkt);
5226 else
5227 WPACKET_cleanup(&wpkt);
5228
5229 return rc;
5230 }
5231
script_80_inject_pkt(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)5232 static int script_80_inject_pkt(struct helper *h, QUIC_PKT_HDR *hdr,
5233 unsigned char *buf, size_t len)
5234 {
5235 if (h->inject_word1 == 1)
5236 return script_80_send_stateless_reset(h, hdr, buf, len);
5237 else if (h->inject_word0 == 1)
5238 return script_80_gen_new_conn_id(h, hdr, buf, len);
5239
5240 return 1;
5241 }
5242
5243 static const struct script_op script_80[] = {
5244 OP_S_SET_INJECT_PLAIN (script_80_inject_pkt)
5245 OP_C_SET_ALPN ("ossltest")
5246 OP_C_CONNECT_WAIT ()
5247 OP_C_WRITE (DEFAULT, "apple", 5)
5248 OP_C_CONCLUDE (DEFAULT)
5249 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
5250 OP_S_READ_EXPECT (a, "apple", 5)
5251 OP_SET_INJECT_WORD (1, 0)
5252 OP_S_WRITE (a, "apple", 5)
5253 OP_C_READ_EXPECT (DEFAULT, "apple", 5)
5254 OP_SET_INJECT_WORD (0, 1)
5255 OP_S_WRITE (a, "apple", 5)
5256 OP_C_EXPECT_CONN_CLOSE_INFO (0, 0, 1)
5257 OP_END
5258 };
5259
5260 /* 81. Idle timeout configuration */
modify_idle_timeout(struct helper * h,struct helper_local * hl)5261 static int modify_idle_timeout(struct helper *h, struct helper_local *hl)
5262 {
5263 uint64_t v = 0;
5264
5265 /* Test bad value is rejected. */
5266 if (!TEST_false(SSL_set_feature_request_uint(h->c_conn,
5267 SSL_VALUE_QUIC_IDLE_TIMEOUT,
5268 (1ULL << 62))))
5269 return 0;
5270
5271 /* Set value. */
5272 if (!TEST_true(SSL_set_feature_request_uint(h->c_conn,
5273 SSL_VALUE_QUIC_IDLE_TIMEOUT,
5274 hl->check_op->arg2)))
5275 return 0;
5276
5277 if (!TEST_true(SSL_get_feature_request_uint(h->c_conn,
5278 SSL_VALUE_QUIC_IDLE_TIMEOUT,
5279 &v)))
5280 return 0;
5281
5282 if (!TEST_uint64_t_eq(v, hl->check_op->arg2))
5283 return 0;
5284
5285 return 1;
5286 }
5287
check_idle_timeout(struct helper * h,struct helper_local * hl)5288 static int check_idle_timeout(struct helper *h, struct helper_local *hl)
5289 {
5290 uint64_t v = 0;
5291
5292 if (!TEST_true(SSL_get_value_uint(h->c_conn, hl->check_op->arg1,
5293 SSL_VALUE_QUIC_IDLE_TIMEOUT,
5294 &v)))
5295 return 0;
5296
5297 if (!TEST_uint64_t_eq(v, hl->check_op->arg2))
5298 return 0;
5299
5300 return 1;
5301 }
5302
5303 static const struct script_op script_81[] = {
5304 OP_C_SET_ALPN ("ossltest")
5305 OP_CHECK (modify_idle_timeout, 25000)
5306 OP_C_CONNECT_WAIT ()
5307
5308 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
5309
5310 OP_CHECK2 (check_idle_timeout,
5311 SSL_VALUE_CLASS_FEATURE_PEER_REQUEST, 30000)
5312 OP_CHECK2 (check_idle_timeout,
5313 SSL_VALUE_CLASS_FEATURE_NEGOTIATED, 25000)
5314
5315 OP_END
5316 };
5317
5318 /* 82. Negotiated default idle timeout if not configured */
5319 static const struct script_op script_82[] = {
5320 OP_C_SET_ALPN ("ossltest")
5321 OP_C_CONNECT_WAIT ()
5322
5323 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
5324
5325 OP_CHECK2 (check_idle_timeout,
5326 SSL_VALUE_CLASS_FEATURE_PEER_REQUEST, 30000)
5327 OP_CHECK2 (check_idle_timeout,
5328 SSL_VALUE_CLASS_FEATURE_NEGOTIATED, 30000)
5329
5330 OP_END
5331 };
5332
5333 /* 83. No late changes to idle timeout */
cannot_change_idle_timeout(struct helper * h,struct helper_local * hl)5334 static int cannot_change_idle_timeout(struct helper *h, struct helper_local *hl)
5335 {
5336 uint64_t v = 0;
5337
5338 if (!TEST_true(SSL_get_feature_request_uint(h->c_conn,
5339 SSL_VALUE_QUIC_IDLE_TIMEOUT,
5340 &v)))
5341 return 0;
5342
5343 if (!TEST_uint64_t_eq(v, 30000))
5344 return 0;
5345
5346 if (!TEST_false(SSL_set_feature_request_uint(h->c_conn,
5347 SSL_VALUE_QUIC_IDLE_TIMEOUT,
5348 5000)))
5349 return 0;
5350
5351 return 1;
5352 }
5353
5354 static const struct script_op script_83[] = {
5355 OP_C_SET_ALPN ("ossltest")
5356 OP_C_CONNECT_WAIT ()
5357
5358 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
5359
5360 OP_CHECK (cannot_change_idle_timeout, 0)
5361 OP_CHECK2 (check_idle_timeout,
5362 SSL_VALUE_CLASS_FEATURE_PEER_REQUEST, 30000)
5363 OP_CHECK2 (check_idle_timeout,
5364 SSL_VALUE_CLASS_FEATURE_NEGOTIATED, 30000)
5365
5366 OP_END
5367 };
5368
5369 /* 84. Test query of available streams */
check_avail_streams(struct helper * h,struct helper_local * hl)5370 static int check_avail_streams(struct helper *h, struct helper_local *hl)
5371 {
5372 uint64_t v = 0;
5373
5374 switch (hl->check_op->arg1) {
5375 case 0:
5376 if (!TEST_true(SSL_get_quic_stream_bidi_local_avail(h->c_conn, &v)))
5377 return 0;
5378 break;
5379 case 1:
5380 if (!TEST_true(SSL_get_quic_stream_bidi_remote_avail(h->c_conn, &v)))
5381 return 0;
5382 break;
5383 case 2:
5384 if (!TEST_true(SSL_get_quic_stream_uni_local_avail(h->c_conn, &v)))
5385 return 0;
5386 break;
5387 case 3:
5388 if (!TEST_true(SSL_get_quic_stream_uni_remote_avail(h->c_conn, &v)))
5389 return 0;
5390 break;
5391 default:
5392 return 0;
5393 }
5394
5395 if (!TEST_uint64_t_eq(v, hl->check_op->arg2))
5396 return 0;
5397
5398 return 1;
5399 }
5400
5401 static int set_event_handling_mode_conn(struct helper *h, struct helper_local *hl);
5402 static int reenable_test_event_handling(struct helper *h, struct helper_local *hl);
5403
check_write_buf_stat(struct helper * h,struct helper_local * hl)5404 static int check_write_buf_stat(struct helper *h, struct helper_local *hl)
5405 {
5406 SSL *c_a;
5407 uint64_t size, used, avail;
5408
5409 if (!TEST_ptr(c_a = helper_local_get_c_stream(hl, "a")))
5410 return 0;
5411
5412 if (!TEST_true(SSL_get_stream_write_buf_size(c_a, &size))
5413 || !TEST_true(SSL_get_stream_write_buf_used(c_a, &used))
5414 || !TEST_true(SSL_get_stream_write_buf_avail(c_a, &avail))
5415 || !TEST_uint64_t_ge(size, avail)
5416 || !TEST_uint64_t_ge(size, used)
5417 || !TEST_uint64_t_eq(avail + used, size))
5418 return 0;
5419
5420 if (!TEST_uint64_t_eq(used, hl->check_op->arg1))
5421 return 0;
5422
5423 return 1;
5424 }
5425
5426 static const struct script_op script_84[] = {
5427 OP_C_SET_ALPN ("ossltest")
5428 OP_C_CONNECT_WAIT ()
5429
5430 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
5431
5432 OP_CHECK2 (check_avail_streams, 0, 100)
5433 OP_CHECK2 (check_avail_streams, 1, 100)
5434 OP_CHECK2 (check_avail_streams, 2, 100)
5435 OP_CHECK2 (check_avail_streams, 3, 100)
5436
5437 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
5438
5439 OP_CHECK2 (check_avail_streams, 0, 99)
5440 OP_CHECK2 (check_avail_streams, 1, 100)
5441 OP_CHECK2 (check_avail_streams, 2, 100)
5442 OP_CHECK2 (check_avail_streams, 3, 100)
5443
5444 OP_C_NEW_STREAM_UNI (b, C_UNI_ID(0))
5445
5446 OP_CHECK2 (check_avail_streams, 0, 99)
5447 OP_CHECK2 (check_avail_streams, 1, 100)
5448 OP_CHECK2 (check_avail_streams, 2, 99)
5449 OP_CHECK2 (check_avail_streams, 3, 100)
5450
5451 OP_S_NEW_STREAM_BIDI (c, S_BIDI_ID(0))
5452 OP_S_WRITE (c, "x", 1)
5453
5454 OP_C_ACCEPT_STREAM_WAIT (c)
5455 OP_C_READ_EXPECT (c, "x", 1)
5456
5457 OP_CHECK2 (check_avail_streams, 0, 99)
5458 OP_CHECK2 (check_avail_streams, 1, 99)
5459 OP_CHECK2 (check_avail_streams, 2, 99)
5460 OP_CHECK2 (check_avail_streams, 3, 100)
5461
5462 OP_S_NEW_STREAM_UNI (d, S_UNI_ID(0))
5463 OP_S_WRITE (d, "x", 1)
5464
5465 OP_C_ACCEPT_STREAM_WAIT (d)
5466 OP_C_READ_EXPECT (d, "x", 1)
5467
5468 OP_CHECK2 (check_avail_streams, 0, 99)
5469 OP_CHECK2 (check_avail_streams, 1, 99)
5470 OP_CHECK2 (check_avail_streams, 2, 99)
5471 OP_CHECK2 (check_avail_streams, 3, 99)
5472
5473 OP_CHECK2 (check_write_buf_stat, 0, 0)
5474 OP_CHECK (set_event_handling_mode_conn,
5475 SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT)
5476 OP_C_WRITE (a, "apple", 5)
5477 OP_CHECK2 (check_write_buf_stat, 5, 0)
5478
5479 OP_CHECK (reenable_test_event_handling, 0)
5480
5481 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
5482 OP_S_READ_EXPECT (a, "apple", 5)
5483 OP_S_WRITE (a, "orange", 6)
5484 OP_C_READ_EXPECT (a, "orange", 6)
5485 OP_CHECK2 (check_write_buf_stat, 0, 0)
5486
5487 OP_END
5488 };
5489
5490 /* 85. Test SSL_poll (lite, non-blocking) */
script_85_poll(struct helper * h,struct helper_local * hl)5491 ossl_unused static int script_85_poll(struct helper *h, struct helper_local *hl)
5492 {
5493 int ok = 1, ret, expected_ret = 1;
5494 static const struct timeval timeout = {0};
5495 static const struct timeval nz_timeout = {0, 1};
5496 size_t result_count, expected_result_count = 0;
5497 SSL_POLL_ITEM items[5] = {0}, *item = items;
5498 SSL *c_a, *c_b, *c_c, *c_d;
5499 size_t i;
5500 uint64_t mode, expected_revents[5] = {0};
5501
5502 if (!TEST_ptr(c_a = helper_local_get_c_stream(hl, "a"))
5503 || !TEST_ptr(c_b = helper_local_get_c_stream(hl, "b"))
5504 || !TEST_ptr(c_c = helper_local_get_c_stream(hl, "c"))
5505 || !TEST_ptr(c_d = helper_local_get_c_stream(hl, "d")))
5506 return 0;
5507
5508 item->desc = SSL_as_poll_descriptor(c_a);
5509 item->events = UINT64_MAX;
5510 item->revents = UINT64_MAX;
5511 ++item;
5512
5513 item->desc = SSL_as_poll_descriptor(c_b);
5514 item->events = UINT64_MAX;
5515 item->revents = UINT64_MAX;
5516 ++item;
5517
5518 item->desc = SSL_as_poll_descriptor(c_c);
5519 item->events = UINT64_MAX;
5520 item->revents = UINT64_MAX;
5521 ++item;
5522
5523 item->desc = SSL_as_poll_descriptor(c_d);
5524 item->events = UINT64_MAX;
5525 item->revents = UINT64_MAX;
5526 ++item;
5527
5528 item->desc = SSL_as_poll_descriptor(h->c_conn);
5529 item->events = UINT64_MAX;
5530 item->revents = UINT64_MAX;
5531 ++item;
5532
5533 /* Non-zero timeout is not supported. */
5534 result_count = SIZE_MAX;
5535 ERR_set_mark();
5536 if (!TEST_false(SSL_poll(items, OSSL_NELEM(items), sizeof(SSL_POLL_ITEM),
5537 &nz_timeout, 0,
5538 &result_count))
5539 || !TEST_size_t_eq(result_count, 0))
5540 return 0;
5541
5542 ERR_pop_to_mark();
5543 result_count = SIZE_MAX;
5544 ret = SSL_poll(items, OSSL_NELEM(items), sizeof(SSL_POLL_ITEM),
5545 &timeout, 0,
5546 &result_count);
5547
5548 mode = hl->check_op->arg2;
5549 switch (mode) {
5550 case 0:
5551 /* No incoming data yet */
5552 expected_revents[0] = SSL_POLL_EVENT_W;
5553 expected_revents[1] = SSL_POLL_EVENT_W;
5554 expected_revents[2] = SSL_POLL_EVENT_W;
5555 expected_revents[3] = SSL_POLL_EVENT_W;
5556 expected_revents[4] = SSL_POLL_EVENT_OS;
5557 expected_result_count = 5;
5558 break;
5559 case 1:
5560 /* Expect more events */
5561 expected_revents[0] = SSL_POLL_EVENT_W | SSL_POLL_EVENT_R;
5562 expected_revents[1] = SSL_POLL_EVENT_W | SSL_POLL_EVENT_ER;
5563 expected_revents[2] = SSL_POLL_EVENT_EW;
5564 expected_revents[3] = SSL_POLL_EVENT_W;
5565 expected_revents[4] = SSL_POLL_EVENT_OS | SSL_POLL_EVENT_ISB;
5566 expected_result_count = 5;
5567 break;
5568 default:
5569 return 0;
5570 }
5571
5572 if (!TEST_int_eq(ret, expected_ret)
5573 || !TEST_size_t_eq(result_count, expected_result_count))
5574 ok = 0;
5575
5576 for (i = 0; i < OSSL_NELEM(items); ++i)
5577 if (!TEST_uint64_t_eq(items[i].revents, expected_revents[i])) {
5578 TEST_error("mismatch at index %zu in poll results, mode %d",
5579 i, (int)mode);
5580 ok = 0;
5581 }
5582
5583 return ok;
5584 }
5585
5586 static const struct script_op script_85[] = {
5587 OP_C_SET_ALPN ("ossltest")
5588 OP_C_CONNECT_WAIT ()
5589
5590 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
5591
5592 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
5593 OP_C_WRITE (a, "flamingo", 8)
5594
5595 OP_C_NEW_STREAM_BIDI (b, C_BIDI_ID(1))
5596 OP_C_WRITE (b, "orange", 6)
5597
5598 OP_C_NEW_STREAM_BIDI (c, C_BIDI_ID(2))
5599 OP_C_WRITE (c, "Strawberry", 10)
5600
5601 OP_C_NEW_STREAM_BIDI (d, C_BIDI_ID(3))
5602 OP_C_WRITE (d, "sync", 4)
5603
5604 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
5605 OP_S_BIND_STREAM_ID (b, C_BIDI_ID(1))
5606 OP_S_BIND_STREAM_ID (c, C_BIDI_ID(2))
5607 OP_S_BIND_STREAM_ID (d, C_BIDI_ID(3))
5608
5609 /* Check nothing readable yet. */
5610 OP_CHECK (script_85_poll, 0)
5611
5612 /* Send something that will make client sockets readable. */
5613 OP_S_READ_EXPECT (a, "flamingo", 8)
5614 OP_S_WRITE (a, "herringbone", 11)
5615
5616 /* Send something that will make 'b' reset. */
5617 OP_S_SET_INJECT_PLAIN (script_28_inject_plain)
5618 OP_SET_INJECT_WORD (C_BIDI_ID(1) + 1, OSSL_QUIC_FRAME_TYPE_RESET_STREAM)
5619
5620 /* Ensure sync. */
5621 OP_S_READ_EXPECT (d, "sync", 4)
5622 OP_S_WRITE (d, "x", 1)
5623 OP_C_READ_EXPECT (d, "x", 1)
5624
5625 /* Send something that will make 'c' reset. */
5626 OP_S_SET_INJECT_PLAIN (script_28_inject_plain)
5627 OP_SET_INJECT_WORD (C_BIDI_ID(2) + 1, OSSL_QUIC_FRAME_TYPE_STOP_SENDING)
5628
5629 OP_S_NEW_STREAM_BIDI (z, S_BIDI_ID(0))
5630 OP_S_WRITE (z, "z", 1)
5631
5632 /* Ensure sync. */
5633 OP_S_WRITE (d, "x", 1)
5634 OP_C_READ_EXPECT (d, "x", 1)
5635
5636 /* Check a is now readable. */
5637 OP_CHECK (script_85_poll, 1)
5638
5639 OP_END
5640 };
5641
5642 /* 86. Event Handling Mode Configuration */
set_event_handling_mode_conn(struct helper * h,struct helper_local * hl)5643 static int set_event_handling_mode_conn(struct helper *h, struct helper_local *hl)
5644 {
5645 hl->explicit_event_handling = 1;
5646 return SSL_set_event_handling_mode(h->c_conn, hl->check_op->arg2);
5647 }
5648
reenable_test_event_handling(struct helper * h,struct helper_local * hl)5649 static int reenable_test_event_handling(struct helper *h, struct helper_local *hl)
5650 {
5651 hl->explicit_event_handling = 0;
5652 return 1;
5653 }
5654
set_event_handling_mode_stream(struct helper * h,struct helper_local * hl)5655 static ossl_unused int set_event_handling_mode_stream(struct helper *h, struct helper_local *hl)
5656 {
5657 SSL *ssl = helper_local_get_c_stream(hl, "a");
5658
5659 if (!TEST_ptr(ssl))
5660 return 0;
5661
5662 return SSL_set_event_handling_mode(ssl, hl->check_op->arg2);
5663 }
5664
5665 static const struct script_op script_86[] = {
5666 OP_SKIP_IF_BLOCKING (23)
5667
5668 OP_C_SET_ALPN ("ossltest")
5669 OP_C_CONNECT_WAIT ()
5670
5671 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
5672
5673 /* Turn on explicit handling mode. */
5674 OP_CHECK (set_event_handling_mode_conn,
5675 SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT)
5676
5677 /*
5678 * Create a new stream and write data. This won't get sent
5679 * to the network net because we are in explicit mode
5680 * and we haven't called SSL_handle_events().
5681 */
5682 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
5683 OP_C_WRITE (a, "apple", 5)
5684
5685 /* Put connection back into implicit handling mode. */
5686 OP_CHECK (set_event_handling_mode_conn,
5687 SSL_VALUE_EVENT_HANDLING_MODE_IMPLICIT)
5688
5689 /* Override at stream level. */
5690 OP_CHECK (set_event_handling_mode_stream,
5691 SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT)
5692 OP_C_WRITE (a, "orange", 6)
5693 OP_C_CONCLUDE (a)
5694
5695 /*
5696 * Confirm the data isn't going to arrive. OP_SLEEP is always undesirable
5697 * but we have no reasonable way to synchronise on something not arriving
5698 * given all network traffic is essentially stopped and there are no other
5699 * signals arriving from the peer which could be used for synchronisation.
5700 * Slow OSes will pass this anyway (fail-open).
5701 */
5702 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
5703
5704 OP_BEGIN_REPEAT (20)
5705 OP_S_READ_FAIL (a, 1)
5706 OP_SLEEP (10)
5707 OP_END_REPEAT ()
5708
5709 /* Now let the data arrive and confirm it arrives. */
5710 OP_CHECK (reenable_test_event_handling, 0)
5711 OP_S_READ_EXPECT (a, "appleorange", 11)
5712 OP_S_EXPECT_FIN (a)
5713
5714 /* Back into explicit mode. */
5715 OP_CHECK (set_event_handling_mode_conn,
5716 SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT)
5717 OP_S_WRITE (a, "ok", 2)
5718 OP_C_READ_FAIL (a)
5719
5720 /* Works once event handling is done. */
5721 OP_CHECK (reenable_test_event_handling, 0)
5722 OP_C_READ_EXPECT (a, "ok", 2)
5723
5724 OP_END
5725 };
5726
5727
5728 /* 87. Test stream reset functionality */
5729 static const struct script_op script_87[] = {
5730 OP_C_SET_ALPN ("ossltest")
5731 OP_C_CONNECT_WAIT ()
5732 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
5733 OP_C_WRITE (a, "apple", 5)
5734 OP_C_CONCLUDE (a)
5735 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
5736 OP_S_READ_EXPECT (a, "apple", 5)
5737 OP_S_EXPECT_FIN (a)
5738 OP_S_WRITE (a, "orange", 6)
5739 OP_C_READ_EXPECT (a, "orange", 6)
5740 OP_S_CONCLUDE (a)
5741 OP_C_EXPECT_FIN (a)
5742 OP_SLEEP (1000)
5743 OP_C_STREAM_RESET_FAIL (a, 42)
5744 OP_END
5745 };
5746
5747 static const struct script_op *const scripts[] = {
5748 script_1,
5749 script_2,
5750 script_3,
5751 script_4,
5752 script_5,
5753 script_6,
5754 script_7,
5755 script_8,
5756 script_9,
5757 script_10,
5758 script_11,
5759 script_12,
5760 script_13,
5761 script_14,
5762 script_15,
5763 script_16,
5764 script_17,
5765 script_18,
5766 script_19,
5767 script_20,
5768 script_21,
5769 script_22,
5770 script_23,
5771 script_24,
5772 script_25,
5773 script_26,
5774 script_27,
5775 script_28,
5776 script_29,
5777 script_30,
5778 script_31,
5779 script_32,
5780 script_33,
5781 script_34,
5782 script_35,
5783 script_36,
5784 script_37,
5785 script_38,
5786 script_39,
5787 script_40,
5788 script_41,
5789 script_42,
5790 script_43,
5791 script_44,
5792 script_45,
5793 script_46,
5794 script_47,
5795 script_48,
5796 script_49,
5797 script_50,
5798 script_51,
5799 script_52,
5800 script_53,
5801 script_54,
5802 script_55,
5803 script_56,
5804 script_57,
5805 script_58,
5806 script_59,
5807 script_60,
5808 script_61,
5809 script_62,
5810 script_63,
5811 script_64,
5812 script_65,
5813 script_66,
5814 script_67,
5815 script_68,
5816 script_69,
5817 script_70,
5818 script_71,
5819 script_72,
5820 script_73,
5821 script_74,
5822 script_75,
5823 script_76,
5824 script_77,
5825 script_78,
5826 script_79,
5827 script_80,
5828 script_81,
5829 script_82,
5830 script_83,
5831 script_84,
5832 script_85,
5833 script_86,
5834 script_87
5835 };
5836
test_script(int idx)5837 static int test_script(int idx)
5838 {
5839 int script_idx, free_order, blocking;
5840 char script_name[64];
5841
5842 free_order = idx % 2;
5843 idx /= 2;
5844
5845 blocking = idx % 2;
5846 idx /= 2;
5847
5848 script_idx = idx;
5849
5850 if (blocking && free_order)
5851 return 1; /* don't need to test free_order twice */
5852
5853 #if !defined(OPENSSL_THREADS)
5854 if (blocking) {
5855 TEST_skip("cannot test in blocking mode without threads");
5856 return 1;
5857 }
5858 #endif
5859
5860 BIO_snprintf(script_name, sizeof(script_name), "script %d", script_idx + 1);
5861
5862 TEST_info("Running script %d (order=%d, blocking=%d)", script_idx + 1,
5863 free_order, blocking);
5864 return run_script(scripts[script_idx], script_name, free_order, blocking);
5865 }
5866
5867 /* Dynamically generated tests. */
5868 static struct script_op dyn_frame_types_script[] = {
5869 OP_S_SET_INJECT_PLAIN (script_21_inject_plain)
5870 OP_SET_INJECT_WORD (0, 0) /* dynamic */
5871
5872 OP_C_SET_ALPN ("ossltest")
5873 OP_C_CONNECT_WAIT_OR_FAIL()
5874
5875 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0)
5876
5877 OP_END
5878 };
5879
5880 struct forbidden_frame_type {
5881 uint64_t pkt_type, frame_type, expected_err;
5882 };
5883
5884 static const struct forbidden_frame_type forbidden_frame_types[] = {
5885 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_VLINT_MAX, OSSL_QUIC_ERR_FRAME_ENCODING_ERROR },
5886 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_VLINT_MAX, OSSL_QUIC_ERR_FRAME_ENCODING_ERROR },
5887 { QUIC_PKT_TYPE_1RTT, OSSL_QUIC_VLINT_MAX, OSSL_QUIC_ERR_FRAME_ENCODING_ERROR },
5888
5889 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_STREAM, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5890 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_RESET_STREAM, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5891 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_STOP_SENDING, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5892 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_NEW_TOKEN, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5893 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_MAX_DATA, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5894 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5895 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_BIDI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5896 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_UNI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5897 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_DATA_BLOCKED, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5898 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5899 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_BIDI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5900 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_UNI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5901 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5902 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5903 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_PATH_CHALLENGE, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5904 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5905 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_APP, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5906 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_HANDSHAKE_DONE, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5907
5908 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_STREAM, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5909 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_RESET_STREAM, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5910 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_STOP_SENDING, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5911 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_NEW_TOKEN, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5912 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_MAX_DATA, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5913 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5914 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_BIDI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5915 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_UNI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5916 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_DATA_BLOCKED, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5917 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5918 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_BIDI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5919 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_UNI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5920 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5921 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5922 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_PATH_CHALLENGE, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5923 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5924 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_APP, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5925 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_HANDSHAKE_DONE, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5926
5927 /* Client uses a zero-length CID so this is not allowed. */
5928 { QUIC_PKT_TYPE_1RTT, OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5929 };
5930
test_dyn_frame_types(int idx)5931 static ossl_unused int test_dyn_frame_types(int idx)
5932 {
5933 size_t i;
5934 char script_name[64];
5935 struct script_op *s = dyn_frame_types_script;
5936
5937 for (i = 0; i < OSSL_NELEM(dyn_frame_types_script); ++i)
5938 if (s[i].op == OPK_SET_INJECT_WORD) {
5939 s[i].arg1 = (size_t)forbidden_frame_types[idx].pkt_type;
5940 s[i].arg2 = forbidden_frame_types[idx].frame_type;
5941 } else if (s[i].op == OPK_C_EXPECT_CONN_CLOSE_INFO) {
5942 s[i].arg2 = forbidden_frame_types[idx].expected_err;
5943 }
5944
5945 BIO_snprintf(script_name, sizeof(script_name),
5946 "dyn script %d", idx);
5947
5948 return run_script(dyn_frame_types_script, script_name, 0, 0);
5949 }
5950
5951 OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n")
5952
setup_tests(void)5953 int setup_tests(void)
5954 {
5955 #if defined (_PUT_MODEL_)
5956 return TEST_skip("QUIC is not supported by this build");
5957 #endif
5958
5959 if (!test_skip_common_options()) {
5960 TEST_error("Error parsing test options\n");
5961 return 0;
5962 }
5963
5964 if (!TEST_ptr(certfile = test_get_argument(0))
5965 || !TEST_ptr(keyfile = test_get_argument(1)))
5966 return 0;
5967
5968 ADD_ALL_TESTS(test_dyn_frame_types, OSSL_NELEM(forbidden_frame_types));
5969 ADD_ALL_TESTS(test_script, OSSL_NELEM(scripts) * 2 * 2);
5970 return 1;
5971 }
5972
