1 /*
2 * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9 #include <openssl/ssl.h>
10 #include <openssl/quic.h>
11 #include <openssl/bio.h>
12 #include <openssl/lhash.h>
13 #include <openssl/rand.h>
14 #include "internal/quic_tserver.h"
15 #include "internal/quic_ssl.h"
16 #include "internal/quic_error.h"
17 #include "internal/quic_stream_map.h"
18 #include "internal/quic_engine.h"
19 #include "testutil.h"
20 #include "helpers/quictestlib.h"
21 #if defined(OPENSSL_THREADS)
22 # include "internal/thread_arch.h"
23 #endif
24 #include "internal/numbers.h" /* UINT64_C */
25
26 static const char *certfile, *keyfile;
27
28 #if defined(OPENSSL_THREADS)
29 struct child_thread_args {
30 struct helper *h;
31 const struct script_op *script;
32 const char *script_name;
33 int thread_idx;
34
35 CRYPTO_THREAD *t;
36 CRYPTO_MUTEX *m;
37 int testresult;
38 int done;
39 int s_checked_out;
40 };
41 #endif
42
43 typedef struct stream_info {
44 const char *name;
45 SSL *c_stream;
46 uint64_t s_stream_id;
47 } STREAM_INFO;
48
49 DEFINE_LHASH_OF_EX(STREAM_INFO);
50
51 struct helper {
52 int s_fd;
53 BIO *s_net_bio, *s_net_bio_own, *s_qtf_wbio, *s_qtf_wbio_own;
54 /* The BIO_ADDR used for BIO_bind() */
55 BIO_ADDR *s_net_bio_orig_addr;
56 /* The resulting address, which is the one to connect to */
57 BIO_ADDR *s_net_bio_addr;
58
59 /*
60 * When doing a blocking mode test run, s_priv always points to the TSERVER
61 * and s is NULL when the main thread should not be touching s_priv.
62 */
63 QUIC_TSERVER *s, *s_priv;
64 LHASH_OF(STREAM_INFO) *s_streams;
65
66 int c_fd;
67 BIO *c_net_bio, *c_net_bio_own;
68 SSL_CTX *c_ctx;
69 SSL *c_conn;
70 LHASH_OF(STREAM_INFO) *c_streams;
71
72 #if defined(OPENSSL_THREADS)
73 struct child_thread_args *threads;
74 size_t num_threads;
75 CRYPTO_MUTEX *misc_m;
76 CRYPTO_CONDVAR *misc_cv;
77 #endif
78
79 OSSL_TIME start_time;
80
81 /*
82 * This is a duration recording the amount of time we have skipped forwards
83 * for testing purposes relative to the real ossl_time_now() clock. We add
84 * a quantity of time to this every time we skip some time.
85 */
86 CRYPTO_RWLOCK *time_lock;
87 OSSL_TIME time_slip; /* protected by time_lock */
88
89 QTEST_FAULT *qtf;
90
91 int init, blocking, check_spin_again;
92 int free_order, need_injector;
93
94 int (*qtf_packet_plain_cb)(struct helper *h, QUIC_PKT_HDR *hdr,
95 unsigned char *buf, size_t buf_len);
96 int (*qtf_handshake_cb)(struct helper *h,
97 unsigned char *buf, size_t buf_len);
98 int (*qtf_datagram_cb)(struct helper *h,
99 BIO_MSG *m, size_t stride);
100 uint64_t inject_word0, inject_word1;
101 uint64_t scratch0, scratch1, fail_count;
102 #if defined(OPENSSL_THREADS)
103 struct {
104 CRYPTO_THREAD *t;
105 CRYPTO_MUTEX *m;
106 CRYPTO_CONDVAR *c;
107 int ready, stop;
108 } server_thread;
109 int s_checked_out;
110 #endif
111 };
112
113 struct helper_local {
114 struct helper *h;
115 LHASH_OF(STREAM_INFO) *c_streams;
116 int thread_idx;
117 const struct script_op *check_op;
118 int explicit_event_handling;
119 };
120
121 struct script_op {
122 uint32_t op;
123 const void *arg0;
124 size_t arg1;
125 int (*check_func)(struct helper *h, struct helper_local *hl);
126 const char *stream_name;
127 uint64_t arg2;
128 int (*qtf_packet_plain_cb)(struct helper *h, QUIC_PKT_HDR *hdr,
129 unsigned char *buf, size_t buf_len);
130 int (*qtf_handshake_cb)(struct helper *h,
131 unsigned char *buf, size_t buf_len);
132 int (*qtf_datagram_cb)(struct helper *h,
133 BIO_MSG *m, size_t stride);
134 };
135
136 #define OPK_END 0
137 #define OPK_CHECK 1
138 #define OPK_C_SET_ALPN 2
139 #define OPK_C_CONNECT_WAIT 3
140 #define OPK_C_WRITE 4
141 #define OPK_S_WRITE 5
142 #define OPK_C_READ_EXPECT 6
143 #define OPK_S_READ_EXPECT 7
144 #define OPK_C_EXPECT_FIN 8
145 #define OPK_S_EXPECT_FIN 9
146 #define OPK_C_CONCLUDE 10
147 #define OPK_S_CONCLUDE 11
148 #define OPK_C_DETACH 12
149 #define OPK_C_ATTACH 13
150 #define OPK_C_NEW_STREAM 14
151 #define OPK_S_NEW_STREAM 15
152 #define OPK_C_ACCEPT_STREAM_WAIT 16
153 #define OPK_C_ACCEPT_STREAM_NONE 17
154 #define OPK_C_FREE_STREAM 18
155 #define OPK_C_SET_DEFAULT_STREAM_MODE 19
156 #define OPK_C_SET_INCOMING_STREAM_POLICY 20
157 #define OPK_C_SHUTDOWN_WAIT 21
158 #define OPK_C_EXPECT_CONN_CLOSE_INFO 22
159 #define OPK_S_EXPECT_CONN_CLOSE_INFO 23
160 #define OPK_S_BIND_STREAM_ID 24
161 #define OPK_C_WAIT_FOR_DATA 25
162 #define OPK_C_WRITE_FAIL 26
163 #define OPK_S_WRITE_FAIL 27
164 #define OPK_C_READ_FAIL 28
165 #define OPK_C_STREAM_RESET 29
166 #define OPK_S_ACCEPT_STREAM_WAIT 30
167 #define OPK_NEW_THREAD 31
168 #define OPK_BEGIN_REPEAT 32
169 #define OPK_END_REPEAT 33
170 #define OPK_S_UNBIND_STREAM_ID 34
171 #define OPK_C_READ_FAIL_WAIT 35
172 #define OPK_C_CLOSE_SOCKET 36
173 #define OPK_C_EXPECT_SSL_ERR 37
174 #define OPK_EXPECT_ERR_REASON 38
175 #define OPK_EXPECT_ERR_LIB 39
176 #define OPK_SLEEP 40
177 #define OPK_S_READ_FAIL 41
178 #define OPK_S_SET_INJECT_PLAIN 42
179 #define OPK_SET_INJECT_WORD 43
180 #define OPK_C_INHIBIT_TICK 44
181 #define OPK_C_SET_WRITE_BUF_SIZE 45
182 #define OPK_S_SET_INJECT_HANDSHAKE 46
183 #define OPK_S_NEW_TICKET 47
184 #define OPK_C_SKIP_IF_UNBOUND 48
185 #define OPK_S_SET_INJECT_DATAGRAM 49
186 #define OPK_S_SHUTDOWN 50
187 #define OPK_POP_ERR 51
188 #define OPK_C_WRITE_EX2 52
189 #define OPK_SKIP_IF_BLOCKING 53
190
191 #define EXPECT_CONN_CLOSE_APP (1U << 0)
192 #define EXPECT_CONN_CLOSE_REMOTE (1U << 1)
193
194 /* OPK_C_NEW_STREAM */
195 #define ALLOW_FAIL (1U << 16)
196
197 #define C_BIDI_ID(ordinal) \
198 (((ordinal) << 2) | QUIC_STREAM_INITIATOR_CLIENT | QUIC_STREAM_DIR_BIDI)
199 #define S_BIDI_ID(ordinal) \
200 (((ordinal) << 2) | QUIC_STREAM_INITIATOR_SERVER | QUIC_STREAM_DIR_BIDI)
201 #define C_UNI_ID(ordinal) \
202 (((ordinal) << 2) | QUIC_STREAM_INITIATOR_CLIENT | QUIC_STREAM_DIR_UNI)
203 #define S_UNI_ID(ordinal) \
204 (((ordinal) << 2) | QUIC_STREAM_INITIATOR_SERVER | QUIC_STREAM_DIR_UNI)
205
206 #define ANY_ID UINT64_MAX
207
208 #define OP_END \
209 {OPK_END}
210 #define OP_CHECK(func, arg2) \
211 {OPK_CHECK, NULL, 0, (func), NULL, (arg2)},
212 #define OP_C_SET_ALPN(alpn) \
213 {OPK_C_SET_ALPN, (alpn), 0, NULL, NULL},
214 #define OP_C_CONNECT_WAIT() \
215 {OPK_C_CONNECT_WAIT, NULL, 0, NULL, NULL},
216 #define OP_C_CONNECT_WAIT_OR_FAIL() \
217 {OPK_C_CONNECT_WAIT, NULL, 1, NULL, NULL},
218 #define OP_C_WRITE(stream_name, buf, buf_len) \
219 {OPK_C_WRITE, (buf), (buf_len), NULL, #stream_name},
220 #define OP_S_WRITE(stream_name, buf, buf_len) \
221 {OPK_S_WRITE, (buf), (buf_len), NULL, #stream_name},
222 #define OP_C_READ_EXPECT(stream_name, buf, buf_len) \
223 {OPK_C_READ_EXPECT, (buf), (buf_len), NULL, #stream_name},
224 #define OP_S_READ_EXPECT(stream_name, buf, buf_len) \
225 {OPK_S_READ_EXPECT, (buf), (buf_len), NULL, #stream_name},
226 #define OP_C_EXPECT_FIN(stream_name) \
227 {OPK_C_EXPECT_FIN, NULL, 0, NULL, #stream_name},
228 #define OP_S_EXPECT_FIN(stream_name) \
229 {OPK_S_EXPECT_FIN, NULL, 0, NULL, #stream_name},
230 #define OP_C_CONCLUDE(stream_name) \
231 {OPK_C_CONCLUDE, NULL, 0, NULL, #stream_name},
232 #define OP_S_CONCLUDE(stream_name) \
233 {OPK_S_CONCLUDE, NULL, 0, NULL, #stream_name},
234 #define OP_C_DETACH(stream_name) \
235 {OPK_C_DETACH, NULL, 0, NULL, #stream_name},
236 #define OP_C_ATTACH(stream_name) \
237 {OPK_C_ATTACH, NULL, 0, NULL, #stream_name},
238 #define OP_C_NEW_STREAM_BIDI(stream_name, expect_id) \
239 {OPK_C_NEW_STREAM, NULL, 0, NULL, #stream_name, (expect_id)},
240 #define OP_C_NEW_STREAM_BIDI_EX(stream_name, expect_id, flags) \
241 {OPK_C_NEW_STREAM, NULL, (flags), NULL, #stream_name, (expect_id)},
242 #define OP_C_NEW_STREAM_UNI(stream_name, expect_id) \
243 {OPK_C_NEW_STREAM, NULL, SSL_STREAM_FLAG_UNI, \
244 NULL, #stream_name, (expect_id)},
245 #define OP_C_NEW_STREAM_UNI_EX(stream_name, expect_id, flags) \
246 {OPK_C_NEW_STREAM, NULL, (flags) | SSL_STREAM_FLAG_UNI, \
247 NULL, #stream_name, (expect_id)},
248 #define OP_S_NEW_STREAM_BIDI(stream_name, expect_id) \
249 {OPK_S_NEW_STREAM, NULL, 0, NULL, #stream_name, (expect_id)},
250 #define OP_S_NEW_STREAM_UNI(stream_name, expect_id) \
251 {OPK_S_NEW_STREAM, NULL, 1, NULL, #stream_name, (expect_id)},
252 #define OP_C_ACCEPT_STREAM_WAIT(stream_name) \
253 {OPK_C_ACCEPT_STREAM_WAIT, NULL, 0, NULL, #stream_name},
254 #define OP_C_ACCEPT_STREAM_NONE() \
255 {OPK_C_ACCEPT_STREAM_NONE, NULL, 0, NULL, NULL},
256 #define OP_C_FREE_STREAM(stream_name) \
257 {OPK_C_FREE_STREAM, NULL, 0, NULL, #stream_name},
258 #define OP_C_SET_DEFAULT_STREAM_MODE(mode) \
259 {OPK_C_SET_DEFAULT_STREAM_MODE, NULL, (mode), NULL, NULL},
260 #define OP_C_SET_INCOMING_STREAM_POLICY(policy) \
261 {OPK_C_SET_INCOMING_STREAM_POLICY, NULL, (policy), NULL, NULL},
262 #define OP_C_SHUTDOWN_WAIT(reason, flags) \
263 {OPK_C_SHUTDOWN_WAIT, (reason), (flags), NULL, NULL},
264 #define OP_C_EXPECT_CONN_CLOSE_INFO(ec, app, remote) \
265 {OPK_C_EXPECT_CONN_CLOSE_INFO, NULL, \
266 ((app) ? EXPECT_CONN_CLOSE_APP : 0) | \
267 ((remote) ? EXPECT_CONN_CLOSE_REMOTE : 0), \
268 NULL, NULL, (ec)},
269 #define OP_S_EXPECT_CONN_CLOSE_INFO(ec, app, remote) \
270 {OPK_S_EXPECT_CONN_CLOSE_INFO, NULL, \
271 ((app) ? EXPECT_CONN_CLOSE_APP : 0) | \
272 ((remote) ? EXPECT_CONN_CLOSE_REMOTE : 0), \
273 NULL, NULL, (ec)},
274 #define OP_S_BIND_STREAM_ID(stream_name, stream_id) \
275 {OPK_S_BIND_STREAM_ID, NULL, 0, NULL, #stream_name, (stream_id)},
276 #define OP_C_WAIT_FOR_DATA(stream_name) \
277 {OPK_C_WAIT_FOR_DATA, NULL, 0, NULL, #stream_name},
278 #define OP_C_WRITE_FAIL(stream_name) \
279 {OPK_C_WRITE_FAIL, NULL, 0, NULL, #stream_name},
280 #define OP_S_WRITE_FAIL(stream_name) \
281 {OPK_S_WRITE_FAIL, NULL, 0, NULL, #stream_name},
282 #define OP_C_READ_FAIL(stream_name) \
283 {OPK_C_READ_FAIL, NULL, 0, NULL, #stream_name},
284 #define OP_S_READ_FAIL(stream_name, allow_zero_len) \
285 {OPK_S_READ_FAIL, NULL, (allow_zero_len), NULL, #stream_name},
286 #define OP_C_STREAM_RESET(stream_name, aec) \
287 {OPK_C_STREAM_RESET, NULL, 0, NULL, #stream_name, (aec)},
288 #define OP_S_ACCEPT_STREAM_WAIT(stream_name) \
289 {OPK_S_ACCEPT_STREAM_WAIT, NULL, 0, NULL, #stream_name},
290 #define OP_NEW_THREAD(num_threads, script) \
291 {OPK_NEW_THREAD, (script), (num_threads), NULL, NULL, 0 },
292 #define OP_BEGIN_REPEAT(n) \
293 {OPK_BEGIN_REPEAT, NULL, (n)},
294 #define OP_END_REPEAT() \
295 {OPK_END_REPEAT},
296 #define OP_S_UNBIND_STREAM_ID(stream_name) \
297 {OPK_S_UNBIND_STREAM_ID, NULL, 0, NULL, #stream_name},
298 #define OP_C_READ_FAIL_WAIT(stream_name) \
299 {OPK_C_READ_FAIL_WAIT, NULL, 0, NULL, #stream_name},
300 #define OP_C_CLOSE_SOCKET() \
301 {OPK_C_CLOSE_SOCKET},
302 #define OP_C_EXPECT_SSL_ERR(stream_name, err) \
303 {OPK_C_EXPECT_SSL_ERR, NULL, (err), NULL, #stream_name},
304 #define OP_EXPECT_ERR_REASON(err) \
305 {OPK_EXPECT_ERR_REASON, NULL, (err)},
306 #define OP_EXPECT_ERR_LIB(lib) \
307 {OPK_EXPECT_ERR_LIB, NULL, (lib)},
308 #define OP_SLEEP(ms) \
309 {OPK_SLEEP, NULL, 0, NULL, NULL, (ms)},
310 #define OP_S_SET_INJECT_PLAIN(f) \
311 {OPK_S_SET_INJECT_PLAIN, NULL, 0, NULL, NULL, 0, (f)},
312 #define OP_SET_INJECT_WORD(w0, w1) \
313 {OPK_SET_INJECT_WORD, NULL, (w0), NULL, NULL, (w1), NULL},
314 #define OP_C_INHIBIT_TICK(inhibit) \
315 {OPK_C_INHIBIT_TICK, NULL, (inhibit), NULL, NULL, 0, NULL},
316 #define OP_C_SET_WRITE_BUF_SIZE(stream_name, size) \
317 {OPK_C_SET_WRITE_BUF_SIZE, NULL, (size), NULL, #stream_name},
318 #define OP_S_SET_INJECT_HANDSHAKE(f) \
319 {OPK_S_SET_INJECT_HANDSHAKE, NULL, 0, NULL, NULL, 0, NULL, (f)},
320 #define OP_S_NEW_TICKET() \
321 {OPK_S_NEW_TICKET},
322 #define OP_C_SKIP_IF_UNBOUND(stream_name, n) \
323 {OPK_C_SKIP_IF_UNBOUND, NULL, (n), NULL, #stream_name},
324 #define OP_S_SET_INJECT_DATAGRAM(f) \
325 {OPK_S_SET_INJECT_DATAGRAM, NULL, 0, NULL, NULL, 0, NULL, NULL, (f)},
326 #define OP_S_SHUTDOWN(error_code) \
327 {OPK_S_SHUTDOWN, NULL, (error_code)},
328 #define OP_POP_ERR() \
329 {OPK_POP_ERR},
330 #define OP_C_WRITE_EX2(stream_name, buf, buf_len, flags) \
331 {OPK_C_WRITE_EX2, (buf), (buf_len), NULL, #stream_name, (flags)},
332 #define OP_CHECK2(func, arg1, arg2) \
333 {OPK_CHECK, NULL, (arg1), (func), NULL, (arg2)},
334 #define OP_SKIP_IF_BLOCKING(n) \
335 {OPK_SKIP_IF_BLOCKING, NULL, (n), NULL, 0},
336
get_time(void * arg)337 static OSSL_TIME get_time(void *arg)
338 {
339 struct helper *h = arg;
340 OSSL_TIME t;
341
342 if (!TEST_true(CRYPTO_THREAD_read_lock(h->time_lock)))
343 return ossl_time_zero();
344
345 t = ossl_time_add(ossl_time_now(), h->time_slip);
346
347 CRYPTO_THREAD_unlock(h->time_lock);
348 return t;
349 }
350
skip_time_ms(struct helper * h,struct helper_local * hl)351 static int skip_time_ms(struct helper *h, struct helper_local *hl)
352 {
353 if (!TEST_true(CRYPTO_THREAD_write_lock(h->time_lock)))
354 return 0;
355
356 h->time_slip = ossl_time_add(h->time_slip, ossl_ms2time(hl->check_op->arg2));
357
358 CRYPTO_THREAD_unlock(h->time_lock);
359 return 1;
360 }
361
362 static QUIC_TSERVER *s_lock(struct helper *h, struct helper_local *hl);
363 static void s_unlock(struct helper *h, struct helper_local *hl);
364
365 #define ACQUIRE_S() s_lock(h, hl)
366 #define ACQUIRE_S_NOHL() s_lock(h, NULL)
367
check_rejected(struct helper * h,struct helper_local * hl)368 static int check_rejected(struct helper *h, struct helper_local *hl)
369 {
370 uint64_t stream_id = hl->check_op->arg2;
371
372 if (!ossl_quic_tserver_stream_has_peer_stop_sending(ACQUIRE_S(), stream_id, NULL)
373 || !ossl_quic_tserver_stream_has_peer_reset_stream(ACQUIRE_S(), stream_id, NULL)) {
374 h->check_spin_again = 1;
375 return 0;
376 }
377
378 return 1;
379 }
380
check_stream_reset(struct helper * h,struct helper_local * hl)381 static int check_stream_reset(struct helper *h, struct helper_local *hl)
382 {
383 uint64_t stream_id = hl->check_op->arg2, aec = 0;
384
385 if (!ossl_quic_tserver_stream_has_peer_reset_stream(ACQUIRE_S(), stream_id, &aec)) {
386 h->check_spin_again = 1;
387 return 0;
388 }
389
390 return TEST_uint64_t_eq(aec, 42);
391 }
392
check_stream_stopped(struct helper * h,struct helper_local * hl)393 static int check_stream_stopped(struct helper *h, struct helper_local *hl)
394 {
395 uint64_t stream_id = hl->check_op->arg2;
396
397 if (!ossl_quic_tserver_stream_has_peer_stop_sending(ACQUIRE_S(), stream_id, NULL)) {
398 h->check_spin_again = 1;
399 return 0;
400 }
401
402 return 1;
403 }
404
override_key_update(struct helper * h,struct helper_local * hl)405 static int override_key_update(struct helper *h, struct helper_local *hl)
406 {
407 QUIC_CHANNEL *ch = ossl_quic_conn_get_channel(h->c_conn);
408
409 ossl_quic_channel_set_txku_threshold_override(ch, hl->check_op->arg2);
410 return 1;
411 }
412
trigger_key_update(struct helper * h,struct helper_local * hl)413 static int trigger_key_update(struct helper *h, struct helper_local *hl)
414 {
415 if (!TEST_true(SSL_key_update(h->c_conn, SSL_KEY_UPDATE_REQUESTED)))
416 return 0;
417
418 return 1;
419 }
420
check_key_update_ge(struct helper * h,struct helper_local * hl)421 static int check_key_update_ge(struct helper *h, struct helper_local *hl)
422 {
423 QUIC_CHANNEL *ch = ossl_quic_conn_get_channel(h->c_conn);
424 int64_t txke = (int64_t)ossl_quic_channel_get_tx_key_epoch(ch);
425 int64_t rxke = (int64_t)ossl_quic_channel_get_rx_key_epoch(ch);
426 int64_t diff = txke - rxke;
427
428 /*
429 * TXKE must always be equal to or ahead of RXKE.
430 * It can be ahead of RXKE by at most 1.
431 */
432 if (!TEST_int64_t_ge(diff, 0) || !TEST_int64_t_le(diff, 1))
433 return 0;
434
435 /* Caller specifies a minimum number of RXKEs which must have happened. */
436 if (!TEST_uint64_t_ge((uint64_t)rxke, hl->check_op->arg2))
437 return 0;
438
439 return 1;
440 }
441
check_key_update_lt(struct helper * h,struct helper_local * hl)442 static int check_key_update_lt(struct helper *h, struct helper_local *hl)
443 {
444 QUIC_CHANNEL *ch = ossl_quic_conn_get_channel(h->c_conn);
445 uint64_t txke = ossl_quic_channel_get_tx_key_epoch(ch);
446
447 /* Caller specifies a maximum number of TXKEs which must have happened. */
448 if (!TEST_uint64_t_lt(txke, hl->check_op->arg2))
449 return 0;
450
451 return 1;
452 }
453
stream_info_hash(const STREAM_INFO * info)454 static unsigned long stream_info_hash(const STREAM_INFO *info)
455 {
456 return OPENSSL_LH_strhash(info->name);
457 }
458
stream_info_cmp(const STREAM_INFO * a,const STREAM_INFO * b)459 static int stream_info_cmp(const STREAM_INFO *a, const STREAM_INFO *b)
460 {
461 return strcmp(a->name, b->name);
462 }
463
cleanup_stream(STREAM_INFO * info)464 static void cleanup_stream(STREAM_INFO *info)
465 {
466 SSL_free(info->c_stream);
467 OPENSSL_free(info);
468 }
469
helper_cleanup_streams(LHASH_OF (STREAM_INFO)** lh)470 static void helper_cleanup_streams(LHASH_OF(STREAM_INFO) **lh)
471 {
472 if (*lh == NULL)
473 return;
474
475 lh_STREAM_INFO_doall(*lh, cleanup_stream);
476 lh_STREAM_INFO_free(*lh);
477 *lh = NULL;
478 }
479
480 #if defined(OPENSSL_THREADS)
481 static CRYPTO_THREAD_RETVAL run_script_child_thread(void *arg);
482
join_threads(struct child_thread_args * threads,size_t num_threads)483 static int join_threads(struct child_thread_args *threads, size_t num_threads)
484 {
485 int ok = 1;
486 size_t i;
487 CRYPTO_THREAD_RETVAL rv;
488
489 for (i = 0; i < num_threads; ++i) {
490 if (threads[i].t != NULL) {
491 ossl_crypto_thread_native_join(threads[i].t, &rv);
492
493 if (!threads[i].testresult)
494 /* Do not log failure here, worker will do it. */
495 ok = 0;
496
497 ossl_crypto_thread_native_clean(threads[i].t);
498 threads[i].t = NULL;
499 }
500
501 ossl_crypto_mutex_free(&threads[i].m);
502 }
503
504 return ok;
505 }
506
join_server_thread(struct helper * h)507 static int join_server_thread(struct helper *h)
508 {
509 CRYPTO_THREAD_RETVAL rv;
510
511 if (h->server_thread.t == NULL)
512 return 1;
513
514 ossl_crypto_mutex_lock(h->server_thread.m);
515 h->server_thread.stop = 1;
516 ossl_crypto_condvar_signal(h->server_thread.c);
517 ossl_crypto_mutex_unlock(h->server_thread.m);
518
519 ossl_crypto_thread_native_join(h->server_thread.t, &rv);
520 ossl_crypto_thread_native_clean(h->server_thread.t);
521 h->server_thread.t = NULL;
522 return 1;
523 }
524
525 /* Ensure the server-state lock is currently held. Idempotent. */
s_checked_out_p(struct helper * h,int thread_idx)526 static int *s_checked_out_p(struct helper *h, int thread_idx)
527 {
528 return (thread_idx < 0) ? &h->s_checked_out
529 : &h->threads[thread_idx].s_checked_out;
530 }
531
s_lock(struct helper * h,struct helper_local * hl)532 static QUIC_TSERVER *s_lock(struct helper *h, struct helper_local *hl)
533 {
534 int *p_checked_out = s_checked_out_p(h, hl == NULL ? -1 : hl->thread_idx);
535
536 if (h->server_thread.m == NULL || *p_checked_out)
537 return h->s;
538
539 ossl_crypto_mutex_lock(h->server_thread.m);
540 h->s = h->s_priv;
541 *p_checked_out = 1;
542 return h->s;
543 }
544
545 /* Ensure the server-state lock is currently not held. Idempotent. */
s_unlock(struct helper * h,struct helper_local * hl)546 static void s_unlock(struct helper *h, struct helper_local *hl)
547 {
548 int *p_checked_out = s_checked_out_p(h, hl->thread_idx);
549
550 if (h->server_thread.m == NULL || !*p_checked_out)
551 return;
552
553 *p_checked_out = 0;
554 h->s = NULL;
555 ossl_crypto_mutex_unlock(h->server_thread.m);
556 }
557
server_helper_thread(void * arg)558 static unsigned int server_helper_thread(void *arg)
559 {
560 struct helper *h = arg;
561
562 ossl_crypto_mutex_lock(h->server_thread.m);
563
564 for (;;) {
565 int ready, stop;
566
567 ready = h->server_thread.ready;
568 stop = h->server_thread.stop;
569
570 if (stop)
571 break;
572
573 if (!ready) {
574 ossl_crypto_condvar_wait(h->server_thread.c, h->server_thread.m);
575 continue;
576 }
577
578 ossl_quic_tserver_tick(h->s_priv);
579 ossl_crypto_mutex_unlock(h->server_thread.m);
580 /*
581 * Give the main thread an opportunity to get the mutex, which is
582 * sometimes necessary in some script operations.
583 */
584 OSSL_sleep(1);
585 ossl_crypto_mutex_lock(h->server_thread.m);
586 }
587
588 ossl_crypto_mutex_unlock(h->server_thread.m);
589 return 1;
590 }
591
592 #else
593
s_lock(struct helper * h,struct helper_local * hl)594 static QUIC_TSERVER *s_lock(struct helper *h, struct helper_local *hl)
595 {
596 return h->s;
597 }
598
s_unlock(struct helper * h,struct helper_local * hl)599 static void s_unlock(struct helper *h, struct helper_local *hl)
600 {}
601
602 #endif
603
helper_cleanup(struct helper * h)604 static void helper_cleanup(struct helper *h)
605 {
606 #if defined(OPENSSL_THREADS)
607 join_threads(h->threads, h->num_threads);
608 join_server_thread(h);
609 OPENSSL_free(h->threads);
610 h->threads = NULL;
611 h->num_threads = 0;
612 #endif
613
614 if (h->free_order == 0) {
615 /* order 0: streams, then conn */
616 helper_cleanup_streams(&h->c_streams);
617
618 SSL_free(h->c_conn);
619 h->c_conn = NULL;
620 } else {
621 /* order 1: conn, then streams */
622 SSL_free(h->c_conn);
623 h->c_conn = NULL;
624
625 helper_cleanup_streams(&h->c_streams);
626 }
627
628 helper_cleanup_streams(&h->s_streams);
629 ossl_quic_tserver_free(h->s_priv);
630 h->s_priv = h->s = NULL;
631
632 BIO_free(h->s_net_bio_own);
633 h->s_net_bio_own = NULL;
634
635 BIO_free(h->c_net_bio_own);
636 h->c_net_bio_own = NULL;
637
638 BIO_free(h->s_qtf_wbio_own);
639 h->s_qtf_wbio_own = NULL;
640
641 qtest_fault_free(h->qtf);
642 h->qtf = NULL;
643
644 if (h->s_fd >= 0) {
645 BIO_closesocket(h->s_fd);
646 h->s_fd = -1;
647 }
648
649 if (h->c_fd >= 0) {
650 BIO_closesocket(h->c_fd);
651 h->c_fd = -1;
652 }
653
654 BIO_ADDR_free(h->s_net_bio_addr);
655 h->s_net_bio_addr = NULL;
656 BIO_ADDR_free(h->s_net_bio_orig_addr);
657 h->s_net_bio_orig_addr = NULL;
658
659 SSL_CTX_free(h->c_ctx);
660 h->c_ctx = NULL;
661
662 CRYPTO_THREAD_lock_free(h->time_lock);
663 h->time_lock = NULL;
664
665 #if defined(OPENSSL_THREADS)
666 ossl_crypto_mutex_free(&h->misc_m);
667 ossl_crypto_condvar_free(&h->misc_cv);
668 ossl_crypto_mutex_free(&h->server_thread.m);
669 ossl_crypto_condvar_free(&h->server_thread.c);
670 #endif
671 }
672
helper_init(struct helper * h,const char * script_name,int free_order,int blocking,int need_injector)673 static int helper_init(struct helper *h, const char *script_name,
674 int free_order, int blocking,
675 int need_injector)
676 {
677 struct in_addr ina = {0};
678 QUIC_TSERVER_ARGS s_args = {0};
679 union BIO_sock_info_u info;
680 char title[128];
681
682 memset(h, 0, sizeof(*h));
683 h->c_fd = -1;
684 h->s_fd = -1;
685 h->free_order = free_order;
686 h->blocking = blocking;
687 h->need_injector = need_injector;
688 h->time_slip = ossl_time_zero();
689
690 if (!TEST_ptr(h->time_lock = CRYPTO_THREAD_lock_new()))
691 goto err;
692
693 if (!TEST_ptr(h->s_streams = lh_STREAM_INFO_new(stream_info_hash,
694 stream_info_cmp)))
695 goto err;
696
697 if (!TEST_ptr(h->c_streams = lh_STREAM_INFO_new(stream_info_hash,
698 stream_info_cmp)))
699 goto err;
700
701 ina.s_addr = htonl(0x7f000001UL);
702
703 h->s_fd = BIO_socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP, 0);
704 if (!TEST_int_ge(h->s_fd, 0))
705 goto err;
706
707 if (!TEST_true(BIO_socket_nbio(h->s_fd, 1)))
708 goto err;
709
710 if (!TEST_ptr(h->s_net_bio_orig_addr = BIO_ADDR_new())
711 || !TEST_ptr(h->s_net_bio_addr = BIO_ADDR_new()))
712 goto err;
713
714 if (!TEST_true(BIO_ADDR_rawmake(h->s_net_bio_orig_addr, AF_INET,
715 &ina, sizeof(ina), 0)))
716 goto err;
717
718 if (!TEST_true(BIO_bind(h->s_fd, h->s_net_bio_orig_addr, 0)))
719 goto err;
720
721 info.addr = h->s_net_bio_addr;
722 if (!TEST_true(BIO_sock_info(h->s_fd, BIO_SOCK_INFO_ADDRESS, &info)))
723 goto err;
724
725 if (!TEST_int_gt(BIO_ADDR_rawport(h->s_net_bio_addr), 0))
726 goto err;
727
728 if (!TEST_ptr(h->s_net_bio = h->s_net_bio_own = BIO_new_dgram(h->s_fd, 0)))
729 goto err;
730
731 if (!BIO_up_ref(h->s_net_bio))
732 goto err;
733
734 if (need_injector) {
735 h->s_qtf_wbio = h->s_qtf_wbio_own = BIO_new(qtest_get_bio_method());
736 if (!TEST_ptr(h->s_qtf_wbio))
737 goto err;
738
739 if (!TEST_ptr(BIO_push(h->s_qtf_wbio, h->s_net_bio)))
740 goto err;
741
742 s_args.net_wbio = h->s_qtf_wbio;
743 } else {
744 s_args.net_wbio = h->s_net_bio;
745 }
746
747 s_args.net_rbio = h->s_net_bio;
748 s_args.alpn = NULL;
749 s_args.now_cb = get_time;
750 s_args.now_cb_arg = h;
751 s_args.ctx = NULL;
752
753 if (!TEST_ptr(h->s_priv = ossl_quic_tserver_new(&s_args, certfile, keyfile)))
754 goto err;
755
756 if (!blocking)
757 h->s = h->s_priv;
758
759 if (need_injector) {
760 h->qtf = qtest_create_injector(h->s_priv);
761 if (!TEST_ptr(h->qtf))
762 goto err;
763
764 BIO_set_data(h->s_qtf_wbio, h->qtf);
765 }
766
767 h->s_net_bio_own = NULL;
768 h->s_qtf_wbio_own = NULL;
769
770 h->c_fd = BIO_socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP, 0);
771 if (!TEST_int_ge(h->c_fd, 0))
772 goto err;
773
774 if (!TEST_true(BIO_socket_nbio(h->c_fd, 1)))
775 goto err;
776
777 if (!TEST_ptr(h->c_net_bio = h->c_net_bio_own = BIO_new_dgram(h->c_fd, 0)))
778 goto err;
779
780 if (!TEST_true(BIO_dgram_set_peer(h->c_net_bio, h->s_net_bio_addr)))
781 goto err;
782
783 if (!TEST_ptr(h->c_ctx = SSL_CTX_new(OSSL_QUIC_client_method())))
784 goto err;
785
786 /* Set title for qlog purposes. */
787 BIO_snprintf(title, sizeof(title), "quic_multistream_test: %s", script_name);
788 if (!TEST_true(ossl_quic_set_diag_title(h->c_ctx, title)))
789 goto err;
790
791 if (!TEST_ptr(h->c_conn = SSL_new(h->c_ctx)))
792 goto err;
793
794 /* Use custom time function for virtual time skip. */
795 if (!TEST_true(ossl_quic_conn_set_override_now_cb(h->c_conn, get_time, h)))
796 goto err;
797
798 /* Takes ownership of our reference to the BIO. */
799 SSL_set0_rbio(h->c_conn, h->c_net_bio);
800 h->c_net_bio_own = NULL;
801
802 if (!TEST_true(BIO_up_ref(h->c_net_bio)))
803 goto err;
804
805 SSL_set0_wbio(h->c_conn, h->c_net_bio);
806
807 if (!TEST_true(SSL_set_blocking_mode(h->c_conn, h->blocking)))
808 goto err;
809
810 #if defined(OPENSSL_THREADS)
811 if (!TEST_ptr(h->misc_m = ossl_crypto_mutex_new()))
812 goto err;
813 if (!TEST_ptr(h->misc_cv = ossl_crypto_condvar_new()))
814 goto err;
815 #endif
816
817 if (h->blocking) {
818 #if defined(OPENSSL_THREADS)
819 if (!TEST_ptr(h->server_thread.m = ossl_crypto_mutex_new()))
820 goto err;
821
822 if (!TEST_ptr(h->server_thread.c = ossl_crypto_condvar_new()))
823 goto err;
824
825 h->server_thread.t
826 = ossl_crypto_thread_native_start(server_helper_thread, h, 1);
827 if (!TEST_ptr(h->server_thread.t))
828 goto err;
829 #else
830 TEST_error("cannot support blocking mode without threads");
831 goto err;
832 #endif
833 }
834
835 h->start_time = ossl_time_now();
836 h->init = 1;
837 return 1;
838
839 err:
840 helper_cleanup(h);
841 return 0;
842 }
843
helper_local_init(struct helper_local * hl,struct helper * h,int thread_idx)844 static int helper_local_init(struct helper_local *hl, struct helper *h,
845 int thread_idx)
846 {
847 hl->h = h;
848 hl->c_streams = NULL;
849 hl->thread_idx = thread_idx;
850 hl->explicit_event_handling = 0;
851
852 if (!TEST_ptr(h))
853 return 0;
854
855 if (thread_idx < 0) {
856 hl->c_streams = h->c_streams;
857 } else {
858 if (!TEST_ptr(hl->c_streams = lh_STREAM_INFO_new(stream_info_hash,
859 stream_info_cmp)))
860 return 0;
861 }
862
863 return 1;
864 }
865
helper_local_cleanup(struct helper_local * hl)866 static void helper_local_cleanup(struct helper_local *hl)
867 {
868 if (hl->h == NULL)
869 return;
870
871 if (hl->thread_idx >= 0)
872 helper_cleanup_streams(&hl->c_streams);
873
874 hl->h = NULL;
875 }
876
get_stream_info(LHASH_OF (STREAM_INFO)* lh,const char * stream_name)877 static STREAM_INFO *get_stream_info(LHASH_OF(STREAM_INFO) *lh,
878 const char *stream_name)
879 {
880 STREAM_INFO key, *info;
881
882 if (!TEST_ptr(stream_name))
883 return NULL;
884
885 if (!strcmp(stream_name, "DEFAULT"))
886 return NULL;
887
888 key.name = stream_name;
889 info = lh_STREAM_INFO_retrieve(lh, &key);
890 if (info == NULL) {
891 info = OPENSSL_zalloc(sizeof(*info));
892 if (info == NULL)
893 return NULL;
894
895 info->name = stream_name;
896 info->s_stream_id = UINT64_MAX;
897 lh_STREAM_INFO_insert(lh, info);
898 }
899
900 return info;
901 }
902
helper_local_set_c_stream(struct helper_local * hl,const char * stream_name,SSL * c_stream)903 static int helper_local_set_c_stream(struct helper_local *hl,
904 const char *stream_name,
905 SSL *c_stream)
906 {
907 STREAM_INFO *info = get_stream_info(hl->c_streams, stream_name);
908
909 if (info == NULL)
910 return 0;
911
912 info->c_stream = c_stream;
913 info->s_stream_id = UINT64_MAX;
914 return 1;
915 }
916
helper_local_get_c_stream(struct helper_local * hl,const char * stream_name)917 static SSL *helper_local_get_c_stream(struct helper_local *hl,
918 const char *stream_name)
919 {
920 STREAM_INFO *info;
921
922 if (!strcmp(stream_name, "DEFAULT"))
923 return hl->h->c_conn;
924
925 info = get_stream_info(hl->c_streams, stream_name);
926 if (info == NULL)
927 return NULL;
928
929 return info->c_stream;
930 }
931
932 static int
helper_set_s_stream(struct helper * h,const char * stream_name,uint64_t s_stream_id)933 helper_set_s_stream(struct helper *h, const char *stream_name,
934 uint64_t s_stream_id)
935 {
936 STREAM_INFO *info;
937
938 if (!strcmp(stream_name, "DEFAULT"))
939 return 0;
940
941 info = get_stream_info(h->s_streams, stream_name);
942 if (info == NULL)
943 return 0;
944
945 info->c_stream = NULL;
946 info->s_stream_id = s_stream_id;
947 return 1;
948 }
949
helper_get_s_stream(struct helper * h,const char * stream_name)950 static uint64_t helper_get_s_stream(struct helper *h, const char *stream_name)
951 {
952 STREAM_INFO *info;
953
954 if (!strcmp(stream_name, "DEFAULT"))
955 return UINT64_MAX;
956
957 info = get_stream_info(h->s_streams, stream_name);
958 if (info == NULL)
959 return UINT64_MAX;
960
961 return info->s_stream_id;
962 }
963
helper_packet_plain_listener(QTEST_FAULT * qtf,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t buf_len,void * arg)964 static int helper_packet_plain_listener(QTEST_FAULT *qtf, QUIC_PKT_HDR *hdr,
965 unsigned char *buf, size_t buf_len,
966 void *arg)
967 {
968 struct helper *h = arg;
969
970 return h->qtf_packet_plain_cb(h, hdr, buf, buf_len);
971 }
972
helper_handshake_listener(QTEST_FAULT * fault,unsigned char * buf,size_t buf_len,void * arg)973 static int helper_handshake_listener(QTEST_FAULT *fault,
974 unsigned char *buf, size_t buf_len,
975 void *arg)
976 {
977 struct helper *h = arg;
978
979 return h->qtf_handshake_cb(h, buf, buf_len);
980 }
981
helper_datagram_listener(QTEST_FAULT * fault,BIO_MSG * msg,size_t stride,void * arg)982 static int helper_datagram_listener(QTEST_FAULT *fault,
983 BIO_MSG *msg, size_t stride,
984 void *arg)
985 {
986 struct helper *h = arg;
987
988 return h->qtf_datagram_cb(h, msg, stride);
989 }
990
is_want(SSL * s,int ret)991 static int is_want(SSL *s, int ret)
992 {
993 int ec = SSL_get_error(s, ret);
994
995 return ec == SSL_ERROR_WANT_READ || ec == SSL_ERROR_WANT_WRITE;
996 }
997
check_consistent_want(SSL * s,int ret)998 static int check_consistent_want(SSL *s, int ret)
999 {
1000 int ec = SSL_get_error(s, ret);
1001 int w = SSL_want(s);
1002
1003 int ok = TEST_true(
1004 (ec == SSL_ERROR_NONE && w == SSL_NOTHING)
1005 || (ec == SSL_ERROR_ZERO_RETURN && w == SSL_NOTHING)
1006 || (ec == SSL_ERROR_SSL && w == SSL_NOTHING)
1007 || (ec == SSL_ERROR_SYSCALL && w == SSL_NOTHING)
1008 || (ec == SSL_ERROR_WANT_READ && w == SSL_READING)
1009 || (ec == SSL_ERROR_WANT_WRITE && w == SSL_WRITING)
1010 || (ec == SSL_ERROR_WANT_CLIENT_HELLO_CB && w == SSL_CLIENT_HELLO_CB)
1011 || (ec == SSL_ERROR_WANT_X509_LOOKUP && w == SSL_X509_LOOKUP)
1012 || (ec == SSL_ERROR_WANT_RETRY_VERIFY && w == SSL_RETRY_VERIFY)
1013 );
1014
1015 if (!ok)
1016 TEST_error("got error=%d, want=%d", ec, w);
1017
1018 return ok;
1019 }
1020
run_script_worker(struct helper * h,const struct script_op * script,const char * script_name,int thread_idx)1021 static int run_script_worker(struct helper *h, const struct script_op *script,
1022 const char *script_name,
1023 int thread_idx)
1024 {
1025 int testresult = 0;
1026 unsigned char *tmp_buf = NULL;
1027 int connect_started = 0;
1028 size_t offset = 0;
1029 size_t op_idx = 0;
1030 const struct script_op *op = NULL;
1031 int no_advance = 0, first = 1;
1032 #if defined(OPENSSL_THREADS)
1033 int end_wait_warning = 0;
1034 #endif
1035 OSSL_TIME op_start_time = ossl_time_zero(), op_deadline = ossl_time_zero();
1036 struct helper_local hl_, *hl = &hl_;
1037 #define REPEAT_SLOTS 8
1038 size_t repeat_stack_idx[REPEAT_SLOTS], repeat_stack_done[REPEAT_SLOTS];
1039 size_t repeat_stack_limit[REPEAT_SLOTS];
1040 size_t repeat_stack_len = 0;
1041
1042 if (!TEST_true(helper_local_init(hl, h, thread_idx)))
1043 goto out;
1044
1045 #define COMMON_SPIN_AGAIN() \
1046 { \
1047 no_advance = 1; \
1048 continue; \
1049 }
1050 #define S_SPIN_AGAIN() \
1051 { \
1052 s_lock(h, hl); \
1053 ossl_quic_tserver_tick(h->s); \
1054 COMMON_SPIN_AGAIN(); \
1055 }
1056 #define C_SPIN_AGAIN() \
1057 { \
1058 if (h->blocking) { \
1059 TEST_error("spin again in blocking mode"); \
1060 goto out; \
1061 } \
1062 COMMON_SPIN_AGAIN(); \
1063 }
1064
1065 for (;;) {
1066 SSL *c_tgt = h->c_conn;
1067 uint64_t s_stream_id = UINT64_MAX;
1068
1069 s_unlock(h, hl);
1070
1071 if (no_advance) {
1072 no_advance = 0;
1073 } else {
1074 if (!first)
1075 ++op_idx;
1076
1077 first = 0;
1078 offset = 0;
1079 op_start_time = ossl_time_now();
1080 op_deadline = ossl_time_add(op_start_time, ossl_ms2time(60000));
1081 }
1082
1083 if (!TEST_int_le(ossl_time_compare(ossl_time_now(), op_deadline), 0)) {
1084 TEST_error("op %zu timed out on thread %d", op_idx + 1, thread_idx);
1085 goto out;
1086 }
1087
1088 op = &script[op_idx];
1089
1090 if (op->stream_name != NULL) {
1091 c_tgt = helper_local_get_c_stream(hl, op->stream_name);
1092 if (thread_idx < 0)
1093 s_stream_id = helper_get_s_stream(h, op->stream_name);
1094 else
1095 s_stream_id = UINT64_MAX;
1096 }
1097
1098 if (thread_idx < 0) {
1099 if (!h->blocking) {
1100 ossl_quic_tserver_tick(h->s);
1101 }
1102 #if defined(OPENSSL_THREADS)
1103 else if (h->blocking && !h->server_thread.ready) {
1104 ossl_crypto_mutex_lock(h->server_thread.m);
1105 h->server_thread.ready = 1;
1106 ossl_crypto_condvar_signal(h->server_thread.c);
1107 ossl_crypto_mutex_unlock(h->server_thread.m);
1108 }
1109 if (h->blocking)
1110 assert(h->s == NULL);
1111 #endif
1112 }
1113
1114 if (!hl->explicit_event_handling
1115 && (thread_idx >= 0 || connect_started))
1116 SSL_handle_events(h->c_conn);
1117
1118 if (thread_idx >= 0) {
1119 /* Only allow certain opcodes on child threads. */
1120 switch (op->op) {
1121 case OPK_END:
1122 case OPK_CHECK:
1123 case OPK_C_ACCEPT_STREAM_WAIT:
1124 case OPK_C_NEW_STREAM:
1125 case OPK_C_READ_EXPECT:
1126 case OPK_C_EXPECT_FIN:
1127 case OPK_C_WRITE:
1128 case OPK_C_WRITE_EX2:
1129 case OPK_C_CONCLUDE:
1130 case OPK_C_FREE_STREAM:
1131 case OPK_BEGIN_REPEAT:
1132 case OPK_END_REPEAT:
1133 case OPK_C_READ_FAIL_WAIT:
1134 case OPK_C_EXPECT_SSL_ERR:
1135 case OPK_EXPECT_ERR_REASON:
1136 case OPK_EXPECT_ERR_LIB:
1137 case OPK_POP_ERR:
1138 case OPK_SLEEP:
1139 break;
1140
1141 default:
1142 TEST_error("opcode %lu not allowed on child thread",
1143 (unsigned long)op->op);
1144 goto out;
1145 }
1146 }
1147
1148 switch (op->op) {
1149 case OPK_END:
1150 if (!TEST_size_t_eq(repeat_stack_len, 0))
1151 goto out;
1152
1153 #if defined(OPENSSL_THREADS)
1154 if (thread_idx < 0) {
1155 int done;
1156 size_t i;
1157
1158 for (i = 0; i < h->num_threads; ++i) {
1159 if (h->threads[i].m == NULL)
1160 continue;
1161
1162 ossl_crypto_mutex_lock(h->threads[i].m);
1163 done = h->threads[i].done;
1164 ossl_crypto_mutex_unlock(h->threads[i].m);
1165
1166 if (!done) {
1167 if (!end_wait_warning) {
1168 TEST_info("still waiting for other threads to finish (%zu)", i);
1169 end_wait_warning = 1;
1170 }
1171
1172 S_SPIN_AGAIN();
1173 }
1174 }
1175 }
1176 #endif
1177
1178 TEST_info("script \"%s\" finished on thread %d", script_name, thread_idx);
1179 testresult = 1;
1180 goto out;
1181
1182 case OPK_BEGIN_REPEAT:
1183 if (!TEST_size_t_lt(repeat_stack_len, OSSL_NELEM(repeat_stack_idx)))
1184 goto out;
1185
1186 if (!TEST_size_t_gt(op->arg1, 0))
1187 goto out;
1188
1189 repeat_stack_idx[repeat_stack_len] = op_idx + 1;
1190 repeat_stack_done[repeat_stack_len] = 0;
1191 repeat_stack_limit[repeat_stack_len] = op->arg1;
1192 ++repeat_stack_len;
1193 break;
1194
1195 case OPK_C_SKIP_IF_UNBOUND:
1196 if (c_tgt != NULL)
1197 break;
1198
1199 op_idx += op->arg1;
1200 break;
1201
1202 case OPK_SKIP_IF_BLOCKING:
1203 if (!h->blocking)
1204 break;
1205
1206 op_idx += op->arg1;
1207 break;
1208
1209 case OPK_END_REPEAT:
1210 if (!TEST_size_t_gt(repeat_stack_len, 0))
1211 goto out;
1212
1213 if (++repeat_stack_done[repeat_stack_len - 1]
1214 == repeat_stack_limit[repeat_stack_len - 1]) {
1215 --repeat_stack_len;
1216 } else {
1217 op_idx = repeat_stack_idx[repeat_stack_len - 1];
1218 no_advance = 1;
1219 continue;
1220 }
1221
1222 break;
1223
1224 case OPK_CHECK:
1225 {
1226 int ok;
1227
1228 hl->check_op = op;
1229 ok = op->check_func(h, hl);
1230 hl->check_op = NULL;
1231
1232 if (thread_idx < 0 && h->check_spin_again) {
1233 h->check_spin_again = 0;
1234 S_SPIN_AGAIN();
1235 }
1236
1237 if (!TEST_true(ok))
1238 goto out;
1239 }
1240 break;
1241
1242 case OPK_C_SET_ALPN:
1243 {
1244 const char *alpn = op->arg0;
1245 size_t alpn_len = strlen(alpn);
1246
1247 if (!TEST_size_t_le(alpn_len, UINT8_MAX)
1248 || !TEST_ptr(tmp_buf = (unsigned char *)OPENSSL_malloc(alpn_len + 1)))
1249 goto out;
1250
1251 memcpy(tmp_buf + 1, alpn, alpn_len);
1252 tmp_buf[0] = (unsigned char)alpn_len;
1253
1254 /* 0 is the success case for SSL_set_alpn_protos(). */
1255 if (!TEST_false(SSL_set_alpn_protos(h->c_conn, tmp_buf,
1256 alpn_len + 1)))
1257 goto out;
1258
1259 OPENSSL_free(tmp_buf);
1260 tmp_buf = NULL;
1261 }
1262 break;
1263
1264 case OPK_C_CONNECT_WAIT:
1265 {
1266 int ret;
1267
1268 connect_started = 1;
1269
1270 ret = SSL_connect(h->c_conn);
1271 if (!check_consistent_want(c_tgt, ret))
1272 goto out;
1273 if (ret != 1) {
1274 if (!h->blocking && is_want(h->c_conn, ret))
1275 C_SPIN_AGAIN();
1276
1277 if (op->arg1 == 0 && !TEST_int_eq(ret, 1))
1278 goto out;
1279 }
1280 }
1281 break;
1282
1283 case OPK_C_WRITE:
1284 {
1285 size_t bytes_written = 0;
1286 int r;
1287
1288 if (!TEST_ptr(c_tgt))
1289 goto out;
1290
1291 r = SSL_write_ex(c_tgt, op->arg0, op->arg1, &bytes_written);
1292 if (!TEST_true(r)
1293 || !check_consistent_want(c_tgt, r)
1294 || !TEST_size_t_eq(bytes_written, op->arg1))
1295 goto out;
1296 }
1297 break;
1298
1299 case OPK_C_WRITE_EX2:
1300 {
1301 size_t bytes_written = 0;
1302 int r;
1303
1304 if (!TEST_ptr(c_tgt))
1305 goto out;
1306
1307 r = SSL_write_ex2(c_tgt, op->arg0, op->arg1, op->arg2,
1308 &bytes_written);
1309 if (!TEST_true(r)
1310 || !check_consistent_want(c_tgt, r)
1311 || !TEST_size_t_eq(bytes_written, op->arg1))
1312 goto out;
1313 }
1314 break;
1315
1316 case OPK_S_WRITE:
1317 {
1318 size_t bytes_written = 0;
1319
1320 if (!TEST_uint64_t_ne(s_stream_id, UINT64_MAX))
1321 goto out;
1322
1323 if (!TEST_true(ossl_quic_tserver_write(ACQUIRE_S(), s_stream_id,
1324 op->arg0, op->arg1,
1325 &bytes_written))
1326 || !TEST_size_t_eq(bytes_written, op->arg1))
1327 goto out;
1328 }
1329 break;
1330
1331 case OPK_C_CONCLUDE:
1332 {
1333 if (!TEST_true(SSL_stream_conclude(c_tgt, 0)))
1334 goto out;
1335 }
1336 break;
1337
1338 case OPK_S_CONCLUDE:
1339 {
1340 if (!TEST_uint64_t_ne(s_stream_id, UINT64_MAX))
1341 goto out;
1342
1343 ossl_quic_tserver_conclude(ACQUIRE_S(), s_stream_id);
1344 }
1345 break;
1346
1347 case OPK_C_WAIT_FOR_DATA:
1348 {
1349 char buf[1];
1350 size_t bytes_read = 0;
1351
1352 if (!TEST_ptr(c_tgt))
1353 goto out;
1354
1355 if (!SSL_peek_ex(c_tgt, buf, sizeof(buf), &bytes_read)
1356 || bytes_read == 0)
1357 C_SPIN_AGAIN();
1358 }
1359 break;
1360
1361 case OPK_C_READ_EXPECT:
1362 {
1363 size_t bytes_read = 0;
1364 int r;
1365
1366 if (op->arg1 > 0 && tmp_buf == NULL
1367 && !TEST_ptr(tmp_buf = OPENSSL_malloc(op->arg1)))
1368 goto out;
1369
1370 r = SSL_read_ex(c_tgt, tmp_buf + offset, op->arg1 - offset,
1371 &bytes_read);
1372 if (!check_consistent_want(c_tgt, r))
1373 goto out;
1374
1375 if (!r)
1376 C_SPIN_AGAIN();
1377
1378 if (bytes_read + offset != op->arg1) {
1379 offset += bytes_read;
1380 C_SPIN_AGAIN();
1381 }
1382
1383 if (op->arg1 > 0
1384 && !TEST_mem_eq(tmp_buf, op->arg1, op->arg0, op->arg1))
1385 goto out;
1386
1387 OPENSSL_free(tmp_buf);
1388 tmp_buf = NULL;
1389 }
1390 break;
1391
1392 case OPK_S_READ_EXPECT:
1393 {
1394 size_t bytes_read = 0;
1395
1396 if (!TEST_uint64_t_ne(s_stream_id, UINT64_MAX))
1397 goto out;
1398
1399 if (op->arg1 > 0 && tmp_buf == NULL
1400 && !TEST_ptr(tmp_buf = OPENSSL_malloc(op->arg1)))
1401 goto out;
1402
1403 if (!TEST_true(ossl_quic_tserver_read(ACQUIRE_S(), s_stream_id,
1404 tmp_buf + offset,
1405 op->arg1 - offset,
1406 &bytes_read)))
1407 goto out;
1408
1409 if (bytes_read + offset != op->arg1) {
1410 offset += bytes_read;
1411 S_SPIN_AGAIN();
1412 }
1413
1414 if (op->arg1 > 0
1415 && !TEST_mem_eq(tmp_buf, op->arg1, op->arg0, op->arg1))
1416 goto out;
1417
1418 OPENSSL_free(tmp_buf);
1419 tmp_buf = NULL;
1420 }
1421 break;
1422
1423 case OPK_C_EXPECT_FIN:
1424 {
1425 char buf[1];
1426 size_t bytes_read = 0;
1427 int r;
1428
1429 r = SSL_read_ex(c_tgt, buf, sizeof(buf), &bytes_read);
1430 if (!check_consistent_want(c_tgt, r)
1431 || !TEST_false(r)
1432 || !TEST_size_t_eq(bytes_read, 0))
1433 goto out;
1434
1435 if (is_want(c_tgt, 0))
1436 C_SPIN_AGAIN();
1437
1438 if (!TEST_int_eq(SSL_get_error(c_tgt, 0),
1439 SSL_ERROR_ZERO_RETURN))
1440 goto out;
1441
1442 if (!TEST_int_eq(SSL_want(c_tgt), SSL_NOTHING))
1443 goto out;
1444 }
1445 break;
1446
1447 case OPK_S_EXPECT_FIN:
1448 {
1449 if (!TEST_uint64_t_ne(s_stream_id, UINT64_MAX))
1450 goto out;
1451
1452 if (!ossl_quic_tserver_has_read_ended(ACQUIRE_S(), s_stream_id))
1453 S_SPIN_AGAIN();
1454 }
1455 break;
1456
1457 case OPK_C_DETACH:
1458 {
1459 SSL *c_stream;
1460
1461 if (!TEST_ptr_null(c_tgt))
1462 goto out; /* don't overwrite existing stream with same name */
1463
1464 if (!TEST_ptr(op->stream_name))
1465 goto out;
1466
1467 if (!TEST_ptr(c_stream = ossl_quic_detach_stream(h->c_conn)))
1468 goto out;
1469
1470 if (!TEST_true(helper_local_set_c_stream(hl, op->stream_name, c_stream)))
1471 goto out;
1472 }
1473 break;
1474
1475 case OPK_C_ATTACH:
1476 {
1477 if (!TEST_ptr(c_tgt))
1478 goto out;
1479
1480 if (!TEST_ptr(op->stream_name))
1481 goto out;
1482
1483 if (!TEST_true(ossl_quic_attach_stream(h->c_conn, c_tgt)))
1484 goto out;
1485
1486 if (!TEST_true(helper_local_set_c_stream(hl, op->stream_name, NULL)))
1487 goto out;
1488 }
1489 break;
1490
1491 case OPK_C_NEW_STREAM:
1492 {
1493 SSL *c_stream;
1494 uint64_t flags = op->arg1;
1495 int allow_fail = ((flags & ALLOW_FAIL) != 0);
1496
1497 flags &= ~(uint64_t)ALLOW_FAIL;
1498
1499 if (!TEST_ptr_null(c_tgt))
1500 goto out; /* don't overwrite existing stream with same name */
1501
1502 if (!TEST_ptr(op->stream_name))
1503 goto out;
1504
1505 c_stream = SSL_new_stream(h->c_conn, flags);
1506 if (!allow_fail && !TEST_ptr(c_stream))
1507 goto out;
1508
1509 if (allow_fail && c_stream == NULL) {
1510 if (!TEST_size_t_eq(ERR_GET_REASON(ERR_get_error()),
1511 SSL_R_STREAM_COUNT_LIMITED))
1512 goto out;
1513
1514 ++h->fail_count;
1515 break;
1516 }
1517
1518 if (op->arg2 != UINT64_MAX
1519 && !TEST_uint64_t_eq(SSL_get_stream_id(c_stream),
1520 op->arg2))
1521 goto out;
1522
1523 if (!TEST_true(helper_local_set_c_stream(hl, op->stream_name, c_stream)))
1524 goto out;
1525 }
1526 break;
1527
1528 case OPK_S_NEW_STREAM:
1529 {
1530 uint64_t stream_id = UINT64_MAX;
1531
1532 if (!TEST_uint64_t_eq(s_stream_id, UINT64_MAX))
1533 goto out; /* don't overwrite existing stream with same name */
1534
1535 if (!TEST_ptr(op->stream_name))
1536 goto out;
1537
1538 if (!TEST_true(ossl_quic_tserver_stream_new(ACQUIRE_S(),
1539 op->arg1 > 0,
1540 &stream_id)))
1541 goto out;
1542
1543 if (op->arg2 != UINT64_MAX
1544 && !TEST_uint64_t_eq(stream_id, op->arg2))
1545 goto out;
1546
1547 if (!TEST_true(helper_set_s_stream(h, op->stream_name,
1548 stream_id)))
1549 goto out;
1550 }
1551 break;
1552
1553 case OPK_C_ACCEPT_STREAM_WAIT:
1554 {
1555 SSL *c_stream;
1556
1557 if (!TEST_ptr_null(c_tgt))
1558 goto out; /* don't overwrite existing stream with same name */
1559
1560 if (!TEST_ptr(op->stream_name))
1561 goto out;
1562
1563 if ((c_stream = SSL_accept_stream(h->c_conn, 0)) == NULL)
1564 C_SPIN_AGAIN();
1565
1566 if (!TEST_true(helper_local_set_c_stream(hl, op->stream_name,
1567 c_stream)))
1568 goto out;
1569 }
1570 break;
1571
1572 case OPK_S_ACCEPT_STREAM_WAIT:
1573 {
1574 uint64_t new_stream_id;
1575
1576 if (!TEST_uint64_t_eq(s_stream_id, UINT64_MAX))
1577 goto out;
1578
1579 if (!TEST_ptr(op->stream_name))
1580 goto out;
1581
1582 new_stream_id = ossl_quic_tserver_pop_incoming_stream(ACQUIRE_S());
1583 if (new_stream_id == UINT64_MAX)
1584 S_SPIN_AGAIN();
1585
1586 if (!TEST_true(helper_set_s_stream(h, op->stream_name, new_stream_id)))
1587 goto out;
1588 }
1589 break;
1590
1591 case OPK_C_ACCEPT_STREAM_NONE:
1592 {
1593 SSL *c_stream;
1594
1595 if (!TEST_ptr_null(c_stream = SSL_accept_stream(h->c_conn,
1596 SSL_ACCEPT_STREAM_NO_BLOCK))) {
1597 SSL_free(c_stream);
1598 goto out;
1599 }
1600 }
1601 break;
1602
1603 case OPK_C_FREE_STREAM:
1604 {
1605 if (!TEST_ptr(c_tgt)
1606 || !TEST_true(!SSL_is_connection(c_tgt)))
1607 goto out;
1608
1609 if (!TEST_ptr(op->stream_name))
1610 goto out;
1611
1612 if (!TEST_true(helper_local_set_c_stream(hl, op->stream_name, NULL)))
1613 goto out;
1614
1615 SSL_free(c_tgt);
1616 c_tgt = NULL;
1617 }
1618 break;
1619
1620 case OPK_C_SET_DEFAULT_STREAM_MODE:
1621 {
1622 if (!TEST_ptr(c_tgt))
1623 goto out;
1624
1625 if (!TEST_true(SSL_set_default_stream_mode(c_tgt, op->arg1)))
1626 goto out;
1627 }
1628 break;
1629
1630 case OPK_C_SET_INCOMING_STREAM_POLICY:
1631 {
1632 if (!TEST_ptr(c_tgt))
1633 goto out;
1634
1635 if (!TEST_true(SSL_set_incoming_stream_policy(c_tgt,
1636 op->arg1, 0)))
1637 goto out;
1638 }
1639 break;
1640
1641 case OPK_C_SHUTDOWN_WAIT:
1642 {
1643 int ret;
1644 QUIC_CHANNEL *ch = ossl_quic_conn_get_channel(h->c_conn);
1645 SSL_SHUTDOWN_EX_ARGS args = {0};
1646
1647 ossl_quic_engine_set_inhibit_tick(ossl_quic_channel_get0_engine(ch), 0);
1648
1649 if (!TEST_ptr(c_tgt))
1650 goto out;
1651
1652 args.quic_reason = (const char *)op->arg0;
1653
1654 ret = SSL_shutdown_ex(c_tgt, op->arg1, &args, sizeof(args));
1655 if (!TEST_int_ge(ret, 0))
1656 goto out;
1657
1658 if (ret == 0)
1659 C_SPIN_AGAIN();
1660 }
1661 break;
1662
1663 case OPK_S_SHUTDOWN:
1664 {
1665 ossl_quic_tserver_shutdown(ACQUIRE_S(), op->arg1);
1666 }
1667 break;
1668
1669 case OPK_C_EXPECT_CONN_CLOSE_INFO:
1670 {
1671 SSL_CONN_CLOSE_INFO cc_info = {0};
1672 int expect_app = (op->arg1 & EXPECT_CONN_CLOSE_APP) != 0;
1673 int expect_remote = (op->arg1 & EXPECT_CONN_CLOSE_REMOTE) != 0;
1674 uint64_t error_code = op->arg2;
1675
1676 if (!TEST_ptr(c_tgt))
1677 goto out;
1678
1679 if (h->blocking
1680 && !TEST_true(SSL_shutdown_ex(c_tgt,
1681 SSL_SHUTDOWN_FLAG_WAIT_PEER,
1682 NULL, 0)))
1683 goto out;
1684
1685 if (!SSL_get_conn_close_info(c_tgt, &cc_info, sizeof(cc_info)))
1686 C_SPIN_AGAIN();
1687
1688 if (!TEST_int_eq(expect_app,
1689 (cc_info.flags
1690 & SSL_CONN_CLOSE_FLAG_TRANSPORT) == 0)
1691 || !TEST_int_eq(expect_remote,
1692 (cc_info.flags
1693 & SSL_CONN_CLOSE_FLAG_LOCAL) == 0)
1694 || !TEST_uint64_t_eq(error_code, cc_info.error_code)) {
1695 TEST_info("Connection close reason: %s", cc_info.reason);
1696 goto out;
1697 }
1698 }
1699 break;
1700
1701 case OPK_S_EXPECT_CONN_CLOSE_INFO:
1702 {
1703 const QUIC_TERMINATE_CAUSE *tc;
1704 int expect_app = (op->arg1 & EXPECT_CONN_CLOSE_APP) != 0;
1705 int expect_remote = (op->arg1 & EXPECT_CONN_CLOSE_REMOTE) != 0;
1706 uint64_t error_code = op->arg2;
1707
1708 if (!ossl_quic_tserver_is_term_any(ACQUIRE_S())) {
1709 ossl_quic_tserver_ping(ACQUIRE_S());
1710 S_SPIN_AGAIN();
1711 }
1712
1713 if (!TEST_ptr(tc = ossl_quic_tserver_get_terminate_cause(ACQUIRE_S())))
1714 goto out;
1715
1716 if (!TEST_uint64_t_eq(error_code, tc->error_code)
1717 || !TEST_int_eq(expect_app, tc->app)
1718 || !TEST_int_eq(expect_remote, tc->remote))
1719 goto out;
1720 }
1721 break;
1722
1723 case OPK_S_BIND_STREAM_ID:
1724 {
1725 if (!TEST_uint64_t_eq(s_stream_id, UINT64_MAX))
1726 goto out;
1727
1728 if (!TEST_ptr(op->stream_name))
1729 goto out;
1730
1731 if (!TEST_true(helper_set_s_stream(h, op->stream_name, op->arg2)))
1732 goto out;
1733 }
1734 break;
1735
1736 case OPK_S_UNBIND_STREAM_ID:
1737 {
1738 if (!TEST_uint64_t_ne(s_stream_id, UINT64_MAX))
1739 goto out;
1740
1741 if (!TEST_ptr(op->stream_name))
1742 goto out;
1743
1744 if (!TEST_true(helper_set_s_stream(h, op->stream_name, UINT64_MAX)))
1745 goto out;
1746 }
1747 break;
1748
1749 case OPK_C_WRITE_FAIL:
1750 {
1751 size_t bytes_written = 0;
1752 int r;
1753
1754 if (!TEST_ptr(c_tgt))
1755 goto out;
1756
1757 r = SSL_write_ex(c_tgt, "apple", 5, &bytes_written);
1758 if (!TEST_false(r)
1759 || !check_consistent_want(c_tgt, r))
1760 goto out;
1761 }
1762 break;
1763
1764 case OPK_S_WRITE_FAIL:
1765 {
1766 size_t bytes_written = 0;
1767
1768 if (!TEST_uint64_t_ne(s_stream_id, UINT64_MAX))
1769 goto out;
1770
1771 if (!TEST_false(ossl_quic_tserver_write(ACQUIRE_S(), s_stream_id,
1772 (const unsigned char *)"apple", 5,
1773 &bytes_written)))
1774 goto out;
1775 }
1776 break;
1777
1778 case OPK_C_READ_FAIL:
1779 {
1780 size_t bytes_read = 0;
1781 char buf[1];
1782 int r;
1783
1784 if (!TEST_ptr(c_tgt))
1785 goto out;
1786
1787 r = SSL_read_ex(c_tgt, buf, sizeof(buf), &bytes_read);
1788 if (!TEST_false(r))
1789 goto out;
1790 if (!check_consistent_want(c_tgt, r))
1791 goto out;
1792 }
1793 break;
1794
1795 case OPK_C_READ_FAIL_WAIT:
1796 {
1797 size_t bytes_read = 0;
1798 char buf[1];
1799 int r;
1800
1801 if (!TEST_ptr(c_tgt))
1802 goto out;
1803
1804 r = SSL_read_ex(c_tgt, buf, sizeof(buf), &bytes_read);
1805 if (!TEST_false(r))
1806 goto out;
1807 if (!check_consistent_want(c_tgt, r))
1808 goto out;
1809
1810 if (is_want(c_tgt, 0))
1811 C_SPIN_AGAIN();
1812 }
1813 break;
1814
1815 case OPK_S_READ_FAIL:
1816 {
1817 int ret;
1818 size_t bytes_read = 0;
1819 unsigned char buf[1];
1820
1821 if (!TEST_uint64_t_ne(s_stream_id, UINT64_MAX))
1822 goto out;
1823
1824 ret = ossl_quic_tserver_read(ACQUIRE_S(), s_stream_id,
1825 buf, sizeof(buf),
1826 &bytes_read);
1827 if (!TEST_true(ret == 0 || (op->arg1 && bytes_read == 0)))
1828 goto out;
1829 }
1830 break;
1831
1832 case OPK_C_STREAM_RESET:
1833 {
1834 SSL_STREAM_RESET_ARGS args = {0};
1835
1836 if (!TEST_ptr(c_tgt))
1837 goto out;
1838
1839 args.quic_error_code = op->arg2;
1840
1841 if (!TEST_true(SSL_stream_reset(c_tgt, &args, sizeof(args))))
1842 goto out;
1843 }
1844 break;
1845
1846 case OPK_NEW_THREAD:
1847 {
1848 #if !defined(OPENSSL_THREADS)
1849 /*
1850 * If this test script requires threading and we do not have
1851 * support for it, skip the rest of it.
1852 */
1853 TEST_skip("threading not supported, skipping");
1854 testresult = 1;
1855 goto out;
1856 #else
1857 size_t i;
1858
1859 if (!TEST_ptr_null(h->threads)) {
1860 TEST_error("max one NEW_THREAD operation per script");
1861 goto out;
1862 }
1863
1864 h->threads = OPENSSL_zalloc(op->arg1 * sizeof(struct child_thread_args));
1865 if (!TEST_ptr(h->threads))
1866 goto out;
1867
1868 h->num_threads = op->arg1;
1869
1870 for (i = 0; i < op->arg1; ++i) {
1871 h->threads[i].h = h;
1872 h->threads[i].script = op->arg0;
1873 h->threads[i].script_name = script_name;
1874 h->threads[i].thread_idx = i;
1875
1876 h->threads[i].m = ossl_crypto_mutex_new();
1877 if (!TEST_ptr(h->threads[i].m))
1878 goto out;
1879
1880 h->threads[i].t
1881 = ossl_crypto_thread_native_start(run_script_child_thread,
1882 &h->threads[i], 1);
1883 if (!TEST_ptr(h->threads[i].t))
1884 goto out;
1885 }
1886 #endif
1887 }
1888 break;
1889
1890 case OPK_C_CLOSE_SOCKET:
1891 {
1892 BIO_closesocket(h->c_fd);
1893 h->c_fd = -1;
1894 }
1895 break;
1896
1897 case OPK_C_EXPECT_SSL_ERR:
1898 {
1899 if (!TEST_size_t_eq((size_t)SSL_get_error(c_tgt, 0), op->arg1))
1900 goto out;
1901 if (!TEST_int_eq(SSL_want(c_tgt), SSL_NOTHING))
1902 goto out;
1903 }
1904 break;
1905
1906 case OPK_EXPECT_ERR_REASON:
1907 {
1908 if (!TEST_size_t_eq((size_t)ERR_GET_REASON(ERR_peek_last_error()), op->arg1))
1909 goto out;
1910 }
1911 break;
1912
1913 case OPK_EXPECT_ERR_LIB:
1914 {
1915 if (!TEST_size_t_eq((size_t)ERR_GET_LIB(ERR_peek_last_error()), op->arg1))
1916 goto out;
1917 }
1918 break;
1919
1920 case OPK_POP_ERR:
1921 ERR_pop();
1922 break;
1923
1924 case OPK_SLEEP:
1925 {
1926 OSSL_sleep(op->arg2);
1927 }
1928 break;
1929
1930 case OPK_S_SET_INJECT_PLAIN:
1931 h->qtf_packet_plain_cb = op->qtf_packet_plain_cb;
1932
1933 if (!TEST_true(qtest_fault_set_packet_plain_listener(h->qtf,
1934 h->qtf_packet_plain_cb != NULL ?
1935 helper_packet_plain_listener : NULL,
1936 h)))
1937 goto out;
1938
1939 break;
1940
1941 case OPK_S_SET_INJECT_HANDSHAKE:
1942 h->qtf_handshake_cb = op->qtf_handshake_cb;
1943
1944 if (!TEST_true(qtest_fault_set_handshake_listener(h->qtf,
1945 h->qtf_handshake_cb != NULL ?
1946 helper_handshake_listener : NULL,
1947 h)))
1948 goto out;
1949
1950 break;
1951
1952 case OPK_S_SET_INJECT_DATAGRAM:
1953 h->qtf_datagram_cb = op->qtf_datagram_cb;
1954
1955 if (!TEST_true(qtest_fault_set_datagram_listener(h->qtf,
1956 h->qtf_datagram_cb != NULL ?
1957 helper_datagram_listener : NULL,
1958 h)))
1959 goto out;
1960
1961 break;
1962
1963 case OPK_SET_INJECT_WORD:
1964 /*
1965 * Must hold server tick lock - callbacks can be called from other
1966 * thread when running test in blocking mode (tsan).
1967 */
1968 ACQUIRE_S();
1969 h->inject_word0 = op->arg1;
1970 h->inject_word1 = op->arg2;
1971 break;
1972
1973 case OPK_C_INHIBIT_TICK:
1974 {
1975 QUIC_CHANNEL *ch = ossl_quic_conn_get_channel(h->c_conn);
1976
1977 ossl_quic_engine_set_inhibit_tick(ossl_quic_channel_get0_engine(ch),
1978 op->arg1);
1979 }
1980 break;
1981
1982 case OPK_C_SET_WRITE_BUF_SIZE:
1983 if (!TEST_ptr(c_tgt))
1984 goto out;
1985
1986 if (!TEST_true(ossl_quic_set_write_buffer_size(c_tgt, op->arg1)))
1987 goto out;
1988
1989 break;
1990
1991 case OPK_S_NEW_TICKET:
1992 if (!TEST_true(ossl_quic_tserver_new_ticket(ACQUIRE_S())))
1993 goto out;
1994 break;
1995
1996 default:
1997 TEST_error("unknown op");
1998 goto out;
1999 }
2000 }
2001
2002 out:
2003 s_unlock(h, hl); /* idempotent */
2004 if (!testresult) {
2005 size_t i;
2006 const QUIC_TERMINATE_CAUSE *tcause;
2007 const char *e_str, *f_str;
2008
2009 TEST_error("failed in script \"%s\" at op %zu, thread %d\n",
2010 script_name, op_idx + 1, thread_idx);
2011
2012 for (i = 0; i < repeat_stack_len; ++i)
2013 TEST_info("while repeating, iteration %zu of %zu, starting at script op %zu",
2014 repeat_stack_done[i],
2015 repeat_stack_limit[i],
2016 repeat_stack_idx[i]);
2017
2018 ERR_print_errors_fp(stderr);
2019
2020 if (h->c_conn != NULL) {
2021 SSL_CONN_CLOSE_INFO cc_info = {0};
2022
2023 if (SSL_get_conn_close_info(h->c_conn, &cc_info, sizeof(cc_info))) {
2024 e_str = ossl_quic_err_to_string(cc_info.error_code);
2025 f_str = ossl_quic_frame_type_to_string(cc_info.frame_type);
2026
2027 if (e_str == NULL)
2028 e_str = "?";
2029 if (f_str == NULL)
2030 f_str = "?";
2031
2032 TEST_info("client side is closed: %llu(%s)/%llu(%s), "
2033 "%s, %s, reason: \"%s\"",
2034 (unsigned long long)cc_info.error_code,
2035 e_str,
2036 (unsigned long long)cc_info.frame_type,
2037 f_str,
2038 (cc_info.flags & SSL_CONN_CLOSE_FLAG_LOCAL) != 0
2039 ? "local" : "remote",
2040 (cc_info.flags & SSL_CONN_CLOSE_FLAG_TRANSPORT) != 0
2041 ? "transport" : "app",
2042 cc_info.reason != NULL ? cc_info.reason : "-");
2043 }
2044 }
2045
2046 tcause = (h->s != NULL
2047 ? ossl_quic_tserver_get_terminate_cause(h->s) : NULL);
2048 if (tcause != NULL) {
2049 e_str = ossl_quic_err_to_string(tcause->error_code);
2050 f_str = ossl_quic_frame_type_to_string(tcause->frame_type);
2051
2052 if (e_str == NULL)
2053 e_str = "?";
2054 if (f_str == NULL)
2055 f_str = "?";
2056
2057 TEST_info("server side is closed: %llu(%s)/%llu(%s), "
2058 "%s, %s, reason: \"%s\"",
2059 (unsigned long long)tcause->error_code,
2060 e_str,
2061 (unsigned long long)tcause->frame_type,
2062 f_str,
2063 tcause->remote ? "remote" : "local",
2064 tcause->app ? "app" : "transport",
2065 tcause->reason != NULL ? tcause->reason : "-");
2066 }
2067 }
2068
2069 OPENSSL_free(tmp_buf);
2070 helper_local_cleanup(hl);
2071 return testresult;
2072 }
2073
run_script(const struct script_op * script,const char * script_name,int free_order,int blocking)2074 static int run_script(const struct script_op *script,
2075 const char *script_name,
2076 int free_order,
2077 int blocking)
2078 {
2079 int testresult = 0;
2080 struct helper h;
2081
2082 if (!TEST_true(helper_init(&h, script_name,
2083 free_order, blocking, 1)))
2084 goto out;
2085
2086 if (!TEST_true(run_script_worker(&h, script, script_name, -1)))
2087 goto out;
2088
2089 #if defined(OPENSSL_THREADS)
2090 if (!TEST_true(join_threads(h.threads, h.num_threads)))
2091 goto out;
2092 #endif
2093
2094 testresult = 1;
2095 out:
2096 helper_cleanup(&h);
2097 return testresult;
2098 }
2099
2100 #if defined(OPENSSL_THREADS)
run_script_child_thread(void * arg)2101 static CRYPTO_THREAD_RETVAL run_script_child_thread(void *arg)
2102 {
2103 int testresult;
2104 struct child_thread_args *args = arg;
2105
2106 testresult = run_script_worker(args->h, args->script,
2107 args->script_name,
2108 args->thread_idx);
2109
2110 ossl_crypto_mutex_lock(args->m);
2111 args->testresult = testresult;
2112 args->done = 1;
2113 ossl_crypto_mutex_unlock(args->m);
2114 return 1;
2115 }
2116 #endif
2117
2118 /* 1. Simple single-stream test */
2119 static const struct script_op script_1[] = {
2120 OP_C_SET_ALPN ("ossltest")
2121 OP_C_CONNECT_WAIT ()
2122 OP_C_WRITE (DEFAULT, "apple", 5)
2123 OP_C_CONCLUDE (DEFAULT)
2124 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
2125 OP_S_READ_EXPECT (a, "apple", 5)
2126 OP_S_EXPECT_FIN (a)
2127 OP_S_WRITE (a, "orange", 6)
2128 OP_S_CONCLUDE (a)
2129 OP_C_READ_EXPECT (DEFAULT, "orange", 6)
2130 OP_C_EXPECT_FIN (DEFAULT)
2131 OP_END
2132 };
2133
2134 /* 2. Multi-stream test */
2135 static const struct script_op script_2[] = {
2136 OP_C_SET_ALPN ("ossltest")
2137 OP_C_CONNECT_WAIT ()
2138 OP_C_SET_INCOMING_STREAM_POLICY(SSL_INCOMING_STREAM_POLICY_ACCEPT)
2139 OP_C_WRITE (DEFAULT, "apple", 5)
2140 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
2141 OP_S_READ_EXPECT (a, "apple", 5)
2142 OP_S_WRITE (a, "orange", 6)
2143 OP_C_READ_EXPECT (DEFAULT, "orange", 6)
2144
2145 OP_C_NEW_STREAM_BIDI (b, C_BIDI_ID(1))
2146 OP_C_WRITE (b, "flamingo", 8)
2147 OP_C_CONCLUDE (b)
2148 OP_S_BIND_STREAM_ID (b, C_BIDI_ID(1))
2149 OP_S_READ_EXPECT (b, "flamingo", 8)
2150 OP_S_EXPECT_FIN (b)
2151 OP_S_WRITE (b, "gargoyle", 8)
2152 OP_S_CONCLUDE (b)
2153 OP_C_READ_EXPECT (b, "gargoyle", 8)
2154 OP_C_EXPECT_FIN (b)
2155
2156 OP_C_NEW_STREAM_UNI (c, C_UNI_ID(0))
2157 OP_C_WRITE (c, "elephant", 8)
2158 OP_C_CONCLUDE (c)
2159 OP_S_BIND_STREAM_ID (c, C_UNI_ID(0))
2160 OP_S_READ_EXPECT (c, "elephant", 8)
2161 OP_S_EXPECT_FIN (c)
2162 OP_S_WRITE_FAIL (c)
2163
2164 OP_C_ACCEPT_STREAM_NONE ()
2165
2166 OP_S_NEW_STREAM_BIDI (d, S_BIDI_ID(0))
2167 OP_S_WRITE (d, "frog", 4)
2168 OP_S_CONCLUDE (d)
2169
2170 OP_C_ACCEPT_STREAM_WAIT (d)
2171 OP_C_ACCEPT_STREAM_NONE ()
2172 OP_C_READ_EXPECT (d, "frog", 4)
2173 OP_C_EXPECT_FIN (d)
2174
2175 OP_S_NEW_STREAM_BIDI (e, S_BIDI_ID(1))
2176 OP_S_WRITE (e, "mixture", 7)
2177 OP_S_CONCLUDE (e)
2178
2179 OP_C_ACCEPT_STREAM_WAIT (e)
2180 OP_C_READ_EXPECT (e, "mixture", 7)
2181 OP_C_EXPECT_FIN (e)
2182 OP_C_WRITE (e, "ramble", 6)
2183 OP_S_READ_EXPECT (e, "ramble", 6)
2184 OP_C_CONCLUDE (e)
2185 OP_S_EXPECT_FIN (e)
2186
2187 OP_S_NEW_STREAM_UNI (f, S_UNI_ID(0))
2188 OP_S_WRITE (f, "yonder", 6)
2189 OP_S_CONCLUDE (f)
2190
2191 OP_C_ACCEPT_STREAM_WAIT (f)
2192 OP_C_ACCEPT_STREAM_NONE ()
2193 OP_C_READ_EXPECT (f, "yonder", 6)
2194 OP_C_EXPECT_FIN (f)
2195 OP_C_WRITE_FAIL (f)
2196
2197 OP_C_SET_INCOMING_STREAM_POLICY(SSL_INCOMING_STREAM_POLICY_REJECT)
2198 OP_S_NEW_STREAM_BIDI (g, S_BIDI_ID(2))
2199 OP_S_WRITE (g, "unseen", 6)
2200 OP_S_CONCLUDE (g)
2201
2202 OP_C_ACCEPT_STREAM_NONE ()
2203
2204 OP_C_SET_INCOMING_STREAM_POLICY(SSL_INCOMING_STREAM_POLICY_AUTO)
2205 OP_S_NEW_STREAM_BIDI (h, S_BIDI_ID(3))
2206 OP_S_WRITE (h, "UNSEEN", 6)
2207 OP_S_CONCLUDE (h)
2208
2209 OP_C_ACCEPT_STREAM_NONE ()
2210
2211 /*
2212 * Streams g, h should have been rejected, so server should have got
2213 * STOP_SENDING/RESET_STREAM.
2214 */
2215 OP_CHECK (check_rejected, S_BIDI_ID(2))
2216 OP_CHECK (check_rejected, S_BIDI_ID(3))
2217
2218 OP_END
2219 };
2220
2221 /* 3. Default stream detach/reattach test */
2222 static const struct script_op script_3[] = {
2223 OP_C_SET_ALPN ("ossltest")
2224 OP_C_CONNECT_WAIT ()
2225
2226 OP_C_WRITE (DEFAULT, "apple", 5)
2227 OP_C_DETACH (a) /* DEFAULT becomes stream 'a' */
2228 OP_C_WRITE_FAIL (DEFAULT)
2229
2230 OP_C_WRITE (a, "by", 2)
2231
2232 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
2233 OP_S_READ_EXPECT (a, "appleby", 7)
2234
2235 OP_S_WRITE (a, "hello", 5)
2236 OP_C_READ_EXPECT (a, "hello", 5)
2237
2238 OP_C_WRITE_FAIL (DEFAULT)
2239 OP_C_ATTACH (a)
2240 OP_C_WRITE (DEFAULT, "is here", 7)
2241 OP_S_READ_EXPECT (a, "is here", 7)
2242
2243 OP_C_DETACH (a)
2244 OP_C_CONCLUDE (a)
2245 OP_S_EXPECT_FIN (a)
2246
2247 OP_END
2248 };
2249
2250 /* 4. Default stream mode test */
2251 static const struct script_op script_4[] = {
2252 OP_C_SET_ALPN ("ossltest")
2253 OP_C_CONNECT_WAIT ()
2254
2255 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
2256 OP_C_WRITE_FAIL (DEFAULT)
2257
2258 OP_S_NEW_STREAM_BIDI (a, S_BIDI_ID(0))
2259 OP_S_WRITE (a, "apple", 5)
2260
2261 OP_C_READ_FAIL (DEFAULT)
2262
2263 OP_C_ACCEPT_STREAM_WAIT (a)
2264 OP_C_READ_EXPECT (a, "apple", 5)
2265
2266 OP_C_ATTACH (a)
2267 OP_C_WRITE (DEFAULT, "orange", 6)
2268 OP_S_READ_EXPECT (a, "orange", 6)
2269
2270 OP_END
2271 };
2272
2273 /* 5. Test stream reset functionality */
2274 static const struct script_op script_5[] = {
2275 OP_C_SET_ALPN ("ossltest")
2276 OP_C_CONNECT_WAIT ()
2277
2278 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
2279 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
2280 OP_C_NEW_STREAM_BIDI (b, C_BIDI_ID(1))
2281
2282 OP_C_WRITE (a, "apple", 5)
2283 OP_C_STREAM_RESET (a, 42)
2284
2285 OP_C_WRITE (b, "strawberry", 10)
2286
2287 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
2288 OP_S_BIND_STREAM_ID (b, C_BIDI_ID(1))
2289 OP_S_READ_EXPECT (b, "strawberry", 10)
2290 /* Reset disrupts read of already sent data */
2291 OP_S_READ_FAIL (a, 0)
2292 OP_CHECK (check_stream_reset, C_BIDI_ID(0))
2293
2294 OP_END
2295 };
2296
2297 /* 6. Test STOP_SENDING functionality */
2298 static const struct script_op script_6[] = {
2299 OP_C_SET_ALPN ("ossltest")
2300 OP_C_CONNECT_WAIT ()
2301
2302 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
2303 OP_S_NEW_STREAM_BIDI (a, S_BIDI_ID(0))
2304 OP_S_WRITE (a, "apple", 5)
2305
2306 OP_C_ACCEPT_STREAM_WAIT (a)
2307 OP_C_FREE_STREAM (a)
2308 OP_C_ACCEPT_STREAM_NONE ()
2309
2310 OP_CHECK (check_stream_stopped, S_BIDI_ID(0))
2311
2312 OP_END
2313 };
2314
2315 /* 7. Unidirectional default stream mode test (client sends first) */
2316 static const struct script_op script_7[] = {
2317 OP_C_SET_ALPN ("ossltest")
2318 OP_C_CONNECT_WAIT ()
2319
2320 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_AUTO_UNI)
2321 OP_C_WRITE (DEFAULT, "apple", 5)
2322
2323 OP_S_BIND_STREAM_ID (a, C_UNI_ID(0))
2324 OP_S_READ_EXPECT (a, "apple", 5)
2325 OP_S_WRITE_FAIL (a)
2326
2327 OP_END
2328 };
2329
2330 /* 8. Unidirectional default stream mode test (server sends first) */
2331 static const struct script_op script_8[] = {
2332 OP_C_SET_ALPN ("ossltest")
2333 OP_C_CONNECT_WAIT ()
2334
2335 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_AUTO_UNI)
2336 OP_S_NEW_STREAM_UNI (a, S_UNI_ID(0))
2337 OP_S_WRITE (a, "apple", 5)
2338 OP_C_READ_EXPECT (DEFAULT, "apple", 5)
2339 OP_C_WRITE_FAIL (DEFAULT)
2340
2341 OP_END
2342 };
2343
2344 /* 9. Unidirectional default stream mode test (server sends first on bidi) */
2345 static const struct script_op script_9[] = {
2346 OP_C_SET_ALPN ("ossltest")
2347 OP_C_CONNECT_WAIT ()
2348
2349 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_AUTO_UNI)
2350 OP_S_NEW_STREAM_BIDI (a, S_BIDI_ID(0))
2351 OP_S_WRITE (a, "apple", 5)
2352 OP_C_READ_EXPECT (DEFAULT, "apple", 5)
2353 OP_C_WRITE (DEFAULT, "orange", 6)
2354 OP_S_READ_EXPECT (a, "orange", 6)
2355
2356 OP_END
2357 };
2358
2359 /* 10. Shutdown */
2360 static const struct script_op script_10[] = {
2361 OP_C_SET_ALPN ("ossltest")
2362 OP_C_CONNECT_WAIT ()
2363
2364 OP_C_WRITE (DEFAULT, "apple", 5)
2365 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
2366 OP_S_READ_EXPECT (a, "apple", 5)
2367
2368 OP_C_SHUTDOWN_WAIT (NULL, 0)
2369 OP_C_EXPECT_CONN_CLOSE_INFO(0, 1, 0)
2370 OP_S_EXPECT_CONN_CLOSE_INFO(0, 1, 1)
2371
2372 OP_END
2373 };
2374
2375 /* 11. Many threads accepted on the same client connection */
2376 static const struct script_op script_11_child[] = {
2377 OP_C_ACCEPT_STREAM_WAIT (a)
2378 OP_C_READ_EXPECT (a, "foo", 3)
2379 OP_SLEEP (10)
2380 OP_C_EXPECT_FIN (a)
2381
2382 OP_END
2383 };
2384
2385 static const struct script_op script_11[] = {
2386 OP_C_SET_ALPN ("ossltest")
2387 OP_C_CONNECT_WAIT ()
2388 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
2389
2390 OP_NEW_THREAD (5, script_11_child)
2391
2392 OP_S_NEW_STREAM_BIDI (a, ANY_ID)
2393 OP_S_WRITE (a, "foo", 3)
2394 OP_S_CONCLUDE (a)
2395
2396 OP_S_NEW_STREAM_BIDI (b, ANY_ID)
2397 OP_S_WRITE (b, "foo", 3)
2398 OP_S_CONCLUDE (b)
2399
2400 OP_S_NEW_STREAM_BIDI (c, ANY_ID)
2401 OP_S_WRITE (c, "foo", 3)
2402 OP_S_CONCLUDE (c)
2403
2404 OP_S_NEW_STREAM_BIDI (d, ANY_ID)
2405 OP_S_WRITE (d, "foo", 3)
2406 OP_S_CONCLUDE (d)
2407
2408 OP_S_NEW_STREAM_BIDI (e, ANY_ID)
2409 OP_S_WRITE (e, "foo", 3)
2410 OP_S_CONCLUDE (e)
2411
2412 OP_END
2413 };
2414
2415 /* 12. Many threads initiated on the same client connection */
2416 static const struct script_op script_12_child[] = {
2417 OP_C_NEW_STREAM_BIDI (a, ANY_ID)
2418 OP_C_WRITE (a, "foo", 3)
2419 OP_C_CONCLUDE (a)
2420 OP_C_FREE_STREAM (a)
2421
2422 OP_END
2423 };
2424
2425 static const struct script_op script_12[] = {
2426 OP_C_SET_ALPN ("ossltest")
2427 OP_C_CONNECT_WAIT ()
2428 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
2429
2430 OP_NEW_THREAD (5, script_12_child)
2431
2432 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
2433 OP_S_READ_EXPECT (a, "foo", 3)
2434 OP_S_EXPECT_FIN (a)
2435 OP_S_BIND_STREAM_ID (b, C_BIDI_ID(1))
2436 OP_S_READ_EXPECT (b, "foo", 3)
2437 OP_S_EXPECT_FIN (b)
2438 OP_S_BIND_STREAM_ID (c, C_BIDI_ID(2))
2439 OP_S_READ_EXPECT (c, "foo", 3)
2440 OP_S_EXPECT_FIN (c)
2441 OP_S_BIND_STREAM_ID (d, C_BIDI_ID(3))
2442 OP_S_READ_EXPECT (d, "foo", 3)
2443 OP_S_EXPECT_FIN (d)
2444 OP_S_BIND_STREAM_ID (e, C_BIDI_ID(4))
2445 OP_S_READ_EXPECT (e, "foo", 3)
2446 OP_S_EXPECT_FIN (e)
2447
2448 OP_END
2449 };
2450
2451 /* 13. Many threads accepted on the same client connection (stress test) */
2452 static const struct script_op script_13_child[] = {
2453 OP_BEGIN_REPEAT (10)
2454
2455 OP_C_ACCEPT_STREAM_WAIT (a)
2456 OP_C_READ_EXPECT (a, "foo", 3)
2457 OP_C_EXPECT_FIN (a)
2458 OP_C_FREE_STREAM (a)
2459
2460 OP_END_REPEAT ()
2461
2462 OP_END
2463 };
2464
2465 static const struct script_op script_13[] = {
2466 OP_C_SET_ALPN ("ossltest")
2467 OP_C_CONNECT_WAIT ()
2468 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
2469
2470 OP_NEW_THREAD (5, script_13_child)
2471
2472 OP_BEGIN_REPEAT (50)
2473
2474 OP_S_NEW_STREAM_BIDI (a, ANY_ID)
2475 OP_S_WRITE (a, "foo", 3)
2476 OP_S_CONCLUDE (a)
2477 OP_S_UNBIND_STREAM_ID (a)
2478
2479 OP_END_REPEAT ()
2480
2481 OP_END
2482 };
2483
2484 /* 14. Many threads initiating on the same client connection (stress test) */
2485 static const struct script_op script_14_child[] = {
2486 OP_BEGIN_REPEAT (10)
2487
2488 OP_C_NEW_STREAM_BIDI (a, ANY_ID)
2489 OP_C_WRITE (a, "foo", 3)
2490 OP_C_CONCLUDE (a)
2491 OP_C_FREE_STREAM (a)
2492
2493 OP_END_REPEAT ()
2494
2495 OP_END
2496 };
2497
2498 static const struct script_op script_14[] = {
2499 OP_C_SET_ALPN ("ossltest")
2500 OP_C_CONNECT_WAIT ()
2501 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
2502
2503 OP_NEW_THREAD (5, script_14_child)
2504
2505 OP_BEGIN_REPEAT (50)
2506
2507 OP_S_ACCEPT_STREAM_WAIT (a)
2508 OP_S_READ_EXPECT (a, "foo", 3)
2509 OP_S_EXPECT_FIN (a)
2510 OP_S_UNBIND_STREAM_ID (a)
2511
2512 OP_END_REPEAT ()
2513
2514 OP_END
2515 };
2516
2517 /* 15. Client sending large number of streams, MAX_STREAMS test */
2518 static const struct script_op script_15[] = {
2519 OP_C_SET_ALPN ("ossltest")
2520 OP_C_CONNECT_WAIT ()
2521 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
2522
2523 /*
2524 * This will cause a protocol violation to be raised by the server if we are
2525 * not handling the stream limit correctly on the TX side.
2526 */
2527 OP_BEGIN_REPEAT (200)
2528
2529 OP_C_NEW_STREAM_BIDI_EX (a, ANY_ID, SSL_STREAM_FLAG_ADVANCE)
2530 OP_C_WRITE (a, "foo", 3)
2531 OP_C_CONCLUDE (a)
2532 OP_C_FREE_STREAM (a)
2533
2534 OP_END_REPEAT ()
2535
2536 /* Prove the connection is still good. */
2537 OP_S_NEW_STREAM_BIDI (a, S_BIDI_ID(0))
2538 OP_S_WRITE (a, "bar", 3)
2539 OP_S_CONCLUDE (a)
2540
2541 OP_C_ACCEPT_STREAM_WAIT (a)
2542 OP_C_READ_EXPECT (a, "bar", 3)
2543 OP_C_EXPECT_FIN (a)
2544
2545 /*
2546 * Drain the queue of incoming streams. We should be able to get all 200
2547 * even though only 100 can be initiated at a time.
2548 */
2549 OP_BEGIN_REPEAT (200)
2550
2551 OP_S_ACCEPT_STREAM_WAIT (b)
2552 OP_S_READ_EXPECT (b, "foo", 3)
2553 OP_S_EXPECT_FIN (b)
2554 OP_S_UNBIND_STREAM_ID (b)
2555
2556 OP_END_REPEAT ()
2557
2558 OP_END
2559 };
2560
2561 /* 16. Server sending large number of streams, MAX_STREAMS test */
2562 static const struct script_op script_16[] = {
2563 OP_C_SET_ALPN ("ossltest")
2564 OP_C_CONNECT_WAIT ()
2565 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
2566
2567 /*
2568 * This will cause a protocol violation to be raised by the client if we are
2569 * not handling the stream limit correctly on the TX side.
2570 */
2571 OP_BEGIN_REPEAT (200)
2572
2573 OP_S_NEW_STREAM_BIDI (a, ANY_ID)
2574 OP_S_WRITE (a, "foo", 3)
2575 OP_S_CONCLUDE (a)
2576 OP_S_UNBIND_STREAM_ID (a)
2577
2578 OP_END_REPEAT ()
2579
2580 /* Prove that the connection is still good. */
2581 OP_C_NEW_STREAM_BIDI (a, ANY_ID)
2582 OP_C_WRITE (a, "bar", 3)
2583 OP_C_CONCLUDE (a)
2584
2585 OP_S_ACCEPT_STREAM_WAIT (b)
2586 OP_S_READ_EXPECT (b, "bar", 3)
2587 OP_S_EXPECT_FIN (b)
2588
2589 /* Drain the queue of incoming streams. */
2590 OP_BEGIN_REPEAT (200)
2591
2592 OP_C_ACCEPT_STREAM_WAIT (b)
2593 OP_C_READ_EXPECT (b, "foo", 3)
2594 OP_C_EXPECT_FIN (b)
2595 OP_C_FREE_STREAM (b)
2596
2597 OP_END_REPEAT ()
2598
2599 OP_END
2600 };
2601
2602 /* 17. Key update test - unlimited */
2603 static const struct script_op script_17[] = {
2604 OP_C_SET_ALPN ("ossltest")
2605 OP_C_CONNECT_WAIT ()
2606
2607 OP_C_WRITE (DEFAULT, "apple", 5)
2608
2609 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
2610 OP_S_READ_EXPECT (a, "apple", 5)
2611
2612 OP_CHECK (override_key_update, 1)
2613
2614 OP_BEGIN_REPEAT (200)
2615
2616 OP_C_WRITE (DEFAULT, "apple", 5)
2617 OP_S_READ_EXPECT (a, "apple", 5)
2618
2619 /*
2620 * TXKU frequency is bounded by RTT because a previous TXKU needs to be
2621 * acknowledged by the peer first before another one can be begin. By
2622 * waiting this long, we eliminate any such concern and ensure as many key
2623 * updates as possible can occur for the purposes of this test.
2624 */
2625 OP_CHECK (skip_time_ms, 100)
2626
2627 OP_END_REPEAT ()
2628
2629 /* At least 5 RXKUs detected */
2630 OP_CHECK (check_key_update_ge, 5)
2631
2632 /*
2633 * Prove the connection is still healthy by sending something in both
2634 * directions.
2635 */
2636 OP_C_WRITE (DEFAULT, "xyzzy", 5)
2637 OP_S_READ_EXPECT (a, "xyzzy", 5)
2638
2639 OP_S_WRITE (a, "plugh", 5)
2640 OP_C_READ_EXPECT (DEFAULT, "plugh", 5)
2641
2642 OP_END
2643 };
2644
2645 /* 18. Key update test - RTT-bounded */
2646 static const struct script_op script_18[] = {
2647 OP_C_SET_ALPN ("ossltest")
2648 OP_C_CONNECT_WAIT ()
2649
2650 OP_C_WRITE (DEFAULT, "apple", 5)
2651
2652 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
2653 OP_S_READ_EXPECT (a, "apple", 5)
2654
2655 OP_CHECK (override_key_update, 1)
2656
2657 OP_BEGIN_REPEAT (200)
2658
2659 OP_C_WRITE (DEFAULT, "apple", 5)
2660 OP_S_READ_EXPECT (a, "apple", 5)
2661 OP_CHECK (skip_time_ms, 8)
2662
2663 OP_END_REPEAT ()
2664
2665 /*
2666 * This time we simulate far less time passing between writes, so there are
2667 * fewer opportunities to initiate TXKUs. Note that we ask for a TXKU every
2668 * 1 packet above, which is absurd; thus this ensures we only actually
2669 * generate TXKUs when we are allowed to.
2670 */
2671 OP_CHECK (check_key_update_lt, 240)
2672
2673 /*
2674 * Prove the connection is still healthy by sending something in both
2675 * directions.
2676 */
2677 OP_C_WRITE (DEFAULT, "xyzzy", 5)
2678 OP_S_READ_EXPECT (a, "xyzzy", 5)
2679
2680 OP_S_WRITE (a, "plugh", 5)
2681 OP_C_READ_EXPECT (DEFAULT, "plugh", 5)
2682
2683 OP_END
2684 };
2685
2686 /* 19. Key update test - artificially triggered */
2687 static const struct script_op script_19[] = {
2688 OP_C_SET_ALPN ("ossltest")
2689 OP_C_CONNECT_WAIT ()
2690
2691 OP_C_WRITE (DEFAULT, "apple", 5)
2692
2693 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
2694 OP_S_READ_EXPECT (a, "apple", 5)
2695
2696 OP_C_WRITE (DEFAULT, "orange", 6)
2697 OP_S_READ_EXPECT (a, "orange", 6)
2698
2699 OP_S_WRITE (a, "strawberry", 10)
2700 OP_C_READ_EXPECT (DEFAULT, "strawberry", 10)
2701
2702 OP_CHECK (check_key_update_lt, 1)
2703 OP_CHECK (trigger_key_update, 0)
2704
2705 OP_C_WRITE (DEFAULT, "orange", 6)
2706 OP_S_READ_EXPECT (a, "orange", 6)
2707 OP_S_WRITE (a, "ok", 2)
2708
2709 OP_C_READ_EXPECT (DEFAULT, "ok", 2)
2710 OP_CHECK (check_key_update_ge, 1)
2711
2712 OP_END
2713 };
2714
2715 /* 20. Multiple threads accept stream with socket forcibly closed (error test) */
script_20_trigger(struct helper * h,volatile uint64_t * counter)2716 static int script_20_trigger(struct helper *h, volatile uint64_t *counter)
2717 {
2718 #if defined(OPENSSL_THREADS)
2719 ossl_crypto_mutex_lock(h->misc_m);
2720 ++*counter;
2721 ossl_crypto_condvar_broadcast(h->misc_cv);
2722 ossl_crypto_mutex_unlock(h->misc_m);
2723 #endif
2724 return 1;
2725 }
2726
script_20_wait(struct helper * h,volatile uint64_t * counter,uint64_t threshold)2727 static int script_20_wait(struct helper *h, volatile uint64_t *counter, uint64_t threshold)
2728 {
2729 #if defined(OPENSSL_THREADS)
2730 int stop = 0;
2731
2732 ossl_crypto_mutex_lock(h->misc_m);
2733 while (!stop) {
2734 stop = (*counter >= threshold);
2735 if (stop)
2736 break;
2737
2738 ossl_crypto_condvar_wait(h->misc_cv, h->misc_m);
2739 }
2740
2741 ossl_crypto_mutex_unlock(h->misc_m);
2742 #endif
2743 return 1;
2744 }
2745
script_20_trigger1(struct helper * h,struct helper_local * hl)2746 static int script_20_trigger1(struct helper *h, struct helper_local *hl)
2747 {
2748 return script_20_trigger(h, &h->scratch0);
2749 }
2750
script_20_wait1(struct helper * h,struct helper_local * hl)2751 static int script_20_wait1(struct helper *h, struct helper_local *hl)
2752 {
2753 return script_20_wait(h, &h->scratch0, hl->check_op->arg2);
2754 }
2755
script_20_trigger2(struct helper * h,struct helper_local * hl)2756 static int script_20_trigger2(struct helper *h, struct helper_local *hl)
2757 {
2758 return script_20_trigger(h, &h->scratch1);
2759 }
2760
script_20_wait2(struct helper * h,struct helper_local * hl)2761 static int script_20_wait2(struct helper *h, struct helper_local *hl)
2762 {
2763 return script_20_wait(h, &h->scratch1, hl->check_op->arg2);
2764 }
2765
2766 static const struct script_op script_20_child[] = {
2767 OP_C_ACCEPT_STREAM_WAIT (a)
2768 OP_C_READ_EXPECT (a, "foo", 3)
2769
2770 OP_CHECK (script_20_trigger1, 0)
2771 OP_CHECK (script_20_wait2, 1)
2772
2773 OP_C_READ_FAIL_WAIT (a)
2774 OP_C_EXPECT_SSL_ERR (a, SSL_ERROR_SYSCALL)
2775
2776 OP_EXPECT_ERR_LIB (ERR_LIB_SSL)
2777 OP_EXPECT_ERR_REASON (SSL_R_PROTOCOL_IS_SHUTDOWN)
2778
2779 OP_POP_ERR ()
2780 OP_EXPECT_ERR_LIB (ERR_LIB_SSL)
2781 OP_EXPECT_ERR_REASON (SSL_R_QUIC_NETWORK_ERROR)
2782
2783 OP_C_FREE_STREAM (a)
2784
2785 OP_END
2786 };
2787
2788 static const struct script_op script_20[] = {
2789 OP_C_SET_ALPN ("ossltest")
2790 OP_C_CONNECT_WAIT ()
2791 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
2792
2793 OP_NEW_THREAD (5, script_20_child)
2794
2795 OP_BEGIN_REPEAT (5)
2796
2797 OP_S_NEW_STREAM_BIDI (a, ANY_ID)
2798 OP_S_WRITE (a, "foo", 3)
2799 OP_S_UNBIND_STREAM_ID (a)
2800
2801 OP_END_REPEAT ()
2802
2803 OP_CHECK (script_20_wait1, 5)
2804
2805 OP_C_CLOSE_SOCKET ()
2806 OP_CHECK (script_20_trigger2, 0)
2807
2808 OP_END
2809 };
2810
2811 /* 21. Fault injection - unknown frame in 1-RTT packet */
script_21_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)2812 static int script_21_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
2813 unsigned char *buf, size_t len)
2814 {
2815 int ok = 0;
2816 WPACKET wpkt;
2817 unsigned char frame_buf[8];
2818 size_t written;
2819
2820 if (h->inject_word0 == 0 || hdr->type != h->inject_word0)
2821 return 1;
2822
2823 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
2824 sizeof(frame_buf), 0)))
2825 return 0;
2826
2827 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word1)))
2828 goto err;
2829
2830 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
2831 goto err;
2832
2833 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
2834 goto err;
2835
2836 ok = 1;
2837 err:
2838 if (ok)
2839 WPACKET_finish(&wpkt);
2840 else
2841 WPACKET_cleanup(&wpkt);
2842 return ok;
2843 }
2844
2845 static const struct script_op script_21[] = {
2846 OP_S_SET_INJECT_PLAIN (script_21_inject_plain)
2847 OP_C_SET_ALPN ("ossltest")
2848 OP_C_CONNECT_WAIT ()
2849
2850 OP_C_WRITE (DEFAULT, "apple", 5)
2851 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
2852 OP_S_READ_EXPECT (a, "apple", 5)
2853
2854 OP_SET_INJECT_WORD (QUIC_PKT_TYPE_1RTT, OSSL_QUIC_VLINT_MAX)
2855
2856 OP_S_WRITE (a, "orange", 6)
2857
2858 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0)
2859
2860 OP_END
2861 };
2862
2863 /* 22. Fault injection - non-zero packet header reserved bits */
script_22_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)2864 static int script_22_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
2865 unsigned char *buf, size_t len)
2866 {
2867 if (h->inject_word0 == 0)
2868 return 1;
2869
2870 hdr->reserved = 1;
2871 return 1;
2872 }
2873
2874 static const struct script_op script_22[] = {
2875 OP_S_SET_INJECT_PLAIN (script_22_inject_plain)
2876 OP_C_SET_ALPN ("ossltest")
2877 OP_C_CONNECT_WAIT ()
2878
2879 OP_C_WRITE (DEFAULT, "apple", 5)
2880 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
2881 OP_S_READ_EXPECT (a, "apple", 5)
2882
2883 OP_SET_INJECT_WORD (1, 0)
2884
2885 OP_S_WRITE (a, "orange", 6)
2886
2887 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_PROTOCOL_VIOLATION,0,0)
2888
2889 OP_END
2890 };
2891
2892 /* 23. Fault injection - empty NEW_TOKEN */
script_23_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)2893 static int script_23_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
2894 unsigned char *buf, size_t len)
2895 {
2896 int ok = 0;
2897 WPACKET wpkt;
2898 unsigned char frame_buf[16];
2899 size_t written;
2900
2901 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT)
2902 return 1;
2903
2904 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
2905 sizeof(frame_buf), 0)))
2906 return 0;
2907
2908 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_FRAME_TYPE_NEW_TOKEN))
2909 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, 0)))
2910 goto err;
2911
2912 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
2913 goto err;
2914
2915 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
2916 goto err;
2917
2918 ok = 1;
2919 err:
2920 if (ok)
2921 WPACKET_finish(&wpkt);
2922 else
2923 WPACKET_cleanup(&wpkt);
2924 return ok;
2925 }
2926
2927 static const struct script_op script_23[] = {
2928 OP_S_SET_INJECT_PLAIN (script_23_inject_plain)
2929 OP_C_SET_ALPN ("ossltest")
2930 OP_C_CONNECT_WAIT ()
2931
2932 OP_C_WRITE (DEFAULT, "apple", 5)
2933 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
2934 OP_S_READ_EXPECT (a, "apple", 5)
2935
2936 OP_SET_INJECT_WORD (1, 0)
2937
2938 OP_S_WRITE (a, "orange", 6)
2939
2940 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0)
2941
2942 OP_END
2943 };
2944
2945 /* 24. Fault injection - excess value of MAX_STREAMS_BIDI */
script_24_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)2946 static int script_24_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
2947 unsigned char *buf, size_t len)
2948 {
2949 int ok = 0;
2950 WPACKET wpkt;
2951 unsigned char frame_buf[16];
2952 size_t written;
2953
2954 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT)
2955 return 1;
2956
2957 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
2958 sizeof(frame_buf), 0)))
2959 return 0;
2960
2961 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word1))
2962 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, (((uint64_t)1) << 60) + 1)))
2963 goto err;
2964
2965 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
2966 goto err;
2967
2968 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
2969 goto err;
2970
2971 ok = 1;
2972 err:
2973 if (ok)
2974 WPACKET_finish(&wpkt);
2975 else
2976 WPACKET_cleanup(&wpkt);
2977 return ok;
2978 }
2979
2980 static const struct script_op script_24[] = {
2981 OP_S_SET_INJECT_PLAIN (script_24_inject_plain)
2982 OP_C_SET_ALPN ("ossltest")
2983 OP_C_CONNECT_WAIT ()
2984
2985 OP_C_WRITE (DEFAULT, "apple", 5)
2986 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
2987 OP_S_READ_EXPECT (a, "apple", 5)
2988
2989 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_BIDI)
2990
2991 OP_S_WRITE (a, "orange", 6)
2992
2993 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0)
2994
2995 OP_END
2996 };
2997
2998 /* 25. Fault injection - excess value of MAX_STREAMS_UNI */
2999 static const struct script_op script_25[] = {
3000 OP_S_SET_INJECT_PLAIN (script_24_inject_plain)
3001 OP_C_SET_ALPN ("ossltest")
3002 OP_C_CONNECT_WAIT ()
3003
3004 OP_C_WRITE (DEFAULT, "apple", 5)
3005 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3006 OP_S_READ_EXPECT (a, "apple", 5)
3007
3008 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_UNI)
3009
3010 OP_S_WRITE (a, "orange", 6)
3011
3012 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0)
3013
3014 OP_END
3015 };
3016
3017 /* 26. Fault injection - excess value of STREAMS_BLOCKED_BIDI */
3018 static const struct script_op script_26[] = {
3019 OP_S_SET_INJECT_PLAIN (script_24_inject_plain)
3020 OP_C_SET_ALPN ("ossltest")
3021 OP_C_CONNECT_WAIT ()
3022
3023 OP_C_WRITE (DEFAULT, "apple", 5)
3024 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3025 OP_S_READ_EXPECT (a, "apple", 5)
3026
3027 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_BIDI)
3028
3029 OP_S_WRITE (a, "orange", 6)
3030
3031 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_LIMIT_ERROR,0,0)
3032
3033 OP_END
3034 };
3035
3036 /* 27. Fault injection - excess value of STREAMS_BLOCKED_UNI */
3037 static const struct script_op script_27[] = {
3038 OP_S_SET_INJECT_PLAIN (script_24_inject_plain)
3039 OP_C_SET_ALPN ("ossltest")
3040 OP_C_CONNECT_WAIT ()
3041
3042 OP_C_WRITE (DEFAULT, "apple", 5)
3043 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3044 OP_S_READ_EXPECT (a, "apple", 5)
3045
3046 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_UNI)
3047
3048 OP_S_WRITE (a, "orange", 6)
3049
3050 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_LIMIT_ERROR,0,0)
3051
3052 OP_END
3053 };
3054
3055 /* 28. Fault injection - received RESET_STREAM for send-only stream */
script_28_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)3056 static int script_28_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
3057 unsigned char *buf, size_t len)
3058 {
3059 int ok = 0;
3060 WPACKET wpkt;
3061 unsigned char frame_buf[32];
3062 size_t written;
3063
3064 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT)
3065 return 1;
3066
3067 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
3068 sizeof(frame_buf), 0)))
3069 return 0;
3070
3071 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word1))
3072 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, /* stream ID */
3073 h->inject_word0 - 1))
3074 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, 123))
3075 || (h->inject_word1 == OSSL_QUIC_FRAME_TYPE_RESET_STREAM
3076 && !TEST_true(WPACKET_quic_write_vlint(&wpkt, 5)))) /* final size */
3077 goto err;
3078
3079 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
3080 goto err;
3081
3082 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
3083 goto err;
3084
3085 ok = 1;
3086 err:
3087 if (ok)
3088 WPACKET_finish(&wpkt);
3089 else
3090 WPACKET_cleanup(&wpkt);
3091 return ok;
3092 }
3093
3094 static const struct script_op script_28[] = {
3095 OP_S_SET_INJECT_PLAIN (script_28_inject_plain)
3096 OP_C_SET_ALPN ("ossltest")
3097 OP_C_CONNECT_WAIT ()
3098 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3099
3100 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
3101 OP_C_WRITE (a, "orange", 6)
3102
3103 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3104 OP_S_READ_EXPECT (a, "orange", 6)
3105
3106 OP_C_NEW_STREAM_UNI (b, C_UNI_ID(0))
3107 OP_C_WRITE (b, "apple", 5)
3108
3109 OP_S_BIND_STREAM_ID (b, C_UNI_ID(0))
3110 OP_S_READ_EXPECT (b, "apple", 5)
3111
3112 OP_SET_INJECT_WORD (C_UNI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_RESET_STREAM)
3113 OP_S_WRITE (a, "fruit", 5)
3114
3115 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR,0,0)
3116
3117 OP_END
3118 };
3119
3120 /* 29. Fault injection - received RESET_STREAM for nonexistent send-only stream */
3121 static const struct script_op script_29[] = {
3122 OP_S_SET_INJECT_PLAIN (script_28_inject_plain)
3123 OP_C_SET_ALPN ("ossltest")
3124 OP_C_CONNECT_WAIT ()
3125 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3126
3127 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
3128 OP_C_WRITE (a, "orange", 6)
3129
3130 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3131 OP_S_READ_EXPECT (a, "orange", 6)
3132
3133 OP_C_NEW_STREAM_UNI (b, C_UNI_ID(0))
3134 OP_C_WRITE (b, "apple", 5)
3135
3136 OP_S_BIND_STREAM_ID (b, C_UNI_ID(0))
3137 OP_S_READ_EXPECT (b, "apple", 5)
3138
3139 OP_SET_INJECT_WORD (C_UNI_ID(1) + 1, OSSL_QUIC_FRAME_TYPE_RESET_STREAM)
3140 OP_S_WRITE (a, "fruit", 5)
3141
3142 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR,0,0)
3143
3144 OP_END
3145 };
3146
3147 /* 30. Fault injection - received STOP_SENDING for receive-only stream */
3148 static const struct script_op script_30[] = {
3149 OP_S_SET_INJECT_PLAIN (script_28_inject_plain)
3150 OP_C_SET_ALPN ("ossltest")
3151 OP_C_CONNECT_WAIT ()
3152 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3153
3154 OP_S_NEW_STREAM_UNI (a, S_UNI_ID(0))
3155 OP_S_WRITE (a, "apple", 5)
3156
3157 OP_C_ACCEPT_STREAM_WAIT (a)
3158 OP_C_READ_EXPECT (a, "apple", 5)
3159
3160 OP_SET_INJECT_WORD (S_UNI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_STOP_SENDING)
3161 OP_S_WRITE (a, "orange", 6)
3162
3163 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR,0,0)
3164
3165 OP_END
3166 };
3167
3168 /* 31. Fault injection - received STOP_SENDING for nonexistent receive-only stream */
3169 static const struct script_op script_31[] = {
3170 OP_S_SET_INJECT_PLAIN (script_28_inject_plain)
3171 OP_C_SET_ALPN ("ossltest")
3172 OP_C_CONNECT_WAIT ()
3173 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3174
3175 OP_S_NEW_STREAM_UNI (a, S_UNI_ID(0))
3176 OP_S_WRITE (a, "apple", 5)
3177
3178 OP_C_ACCEPT_STREAM_WAIT (a)
3179 OP_C_READ_EXPECT (a, "apple", 5)
3180
3181 OP_SET_INJECT_WORD (C_UNI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_STOP_SENDING)
3182 OP_S_WRITE (a, "orange", 6)
3183
3184 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR,0,0)
3185
3186 OP_END
3187 };
3188
3189 /* 32. Fault injection - STREAM frame for nonexistent stream */
script_32_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)3190 static int script_32_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
3191 unsigned char *buf, size_t len)
3192 {
3193 int ok = 0;
3194 WPACKET wpkt;
3195 unsigned char frame_buf[64];
3196 size_t written;
3197 uint64_t type = OSSL_QUIC_FRAME_TYPE_STREAM_OFF_LEN, offset, flen, i;
3198
3199 if (hdr->type != QUIC_PKT_TYPE_1RTT)
3200 return 1;
3201
3202 switch (h->inject_word1) {
3203 default:
3204 return 0;
3205 case 0:
3206 return 1;
3207 case 1:
3208 offset = 0;
3209 flen = 0;
3210 break;
3211 case 2:
3212 offset = (((uint64_t)1)<<62) - 1;
3213 flen = 5;
3214 break;
3215 case 3:
3216 offset = 1 * 1024 * 1024 * 1024; /* 1G */
3217 flen = 5;
3218 break;
3219 case 4:
3220 offset = 0;
3221 flen = 1;
3222 break;
3223 }
3224
3225 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
3226 sizeof(frame_buf), 0)))
3227 return 0;
3228
3229 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, type))
3230 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, /* stream ID */
3231 h->inject_word0 - 1))
3232 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, offset))
3233 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, flen)))
3234 goto err;
3235
3236 for (i = 0; i < flen; ++i)
3237 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x42)))
3238 goto err;
3239
3240 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
3241 goto err;
3242
3243 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
3244 goto err;
3245
3246 ok = 1;
3247 err:
3248 if (ok)
3249 WPACKET_finish(&wpkt);
3250 else
3251 WPACKET_cleanup(&wpkt);
3252 return ok;
3253 }
3254
3255 static const struct script_op script_32[] = {
3256 OP_S_SET_INJECT_PLAIN (script_32_inject_plain)
3257 OP_C_SET_ALPN ("ossltest")
3258 OP_C_CONNECT_WAIT ()
3259 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3260
3261 OP_S_NEW_STREAM_UNI (a, S_UNI_ID(0))
3262 OP_S_WRITE (a, "apple", 5)
3263
3264 OP_C_ACCEPT_STREAM_WAIT (a)
3265 OP_C_READ_EXPECT (a, "apple", 5)
3266
3267 OP_SET_INJECT_WORD (C_UNI_ID(0) + 1, 1)
3268 OP_S_WRITE (a, "orange", 6)
3269
3270 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR,0,0)
3271
3272 OP_END
3273 };
3274
3275 /* 33. Fault injection - STREAM frame with illegal offset */
3276 static const struct script_op script_33[] = {
3277 OP_S_SET_INJECT_PLAIN (script_32_inject_plain)
3278 OP_C_SET_ALPN ("ossltest")
3279 OP_C_CONNECT_WAIT ()
3280 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3281
3282 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
3283 OP_C_WRITE (a, "apple", 5)
3284
3285 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3286 OP_S_READ_EXPECT (a, "apple", 5)
3287
3288 OP_SET_INJECT_WORD (C_BIDI_ID(0) + 1, 2)
3289 OP_S_WRITE (a, "orange", 6)
3290
3291 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0)
3292
3293 OP_END
3294 };
3295
3296 /* 34. Fault injection - STREAM frame which exceeds FC */
3297 static const struct script_op script_34[] = {
3298 OP_S_SET_INJECT_PLAIN (script_32_inject_plain)
3299 OP_C_SET_ALPN ("ossltest")
3300 OP_C_CONNECT_WAIT ()
3301 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3302
3303 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
3304 OP_C_WRITE (a, "apple", 5)
3305
3306 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3307 OP_S_READ_EXPECT (a, "apple", 5)
3308
3309 OP_SET_INJECT_WORD (C_BIDI_ID(0) + 1, 3)
3310 OP_S_WRITE (a, "orange", 6)
3311
3312 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FLOW_CONTROL_ERROR,0,0)
3313
3314 OP_END
3315 };
3316
3317 /* 35. Fault injection - MAX_STREAM_DATA for receive-only stream */
3318 static const struct script_op script_35[] = {
3319 OP_S_SET_INJECT_PLAIN (script_28_inject_plain)
3320 OP_C_SET_ALPN ("ossltest")
3321 OP_C_CONNECT_WAIT ()
3322 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3323
3324 OP_S_NEW_STREAM_UNI (a, S_UNI_ID(0))
3325 OP_S_WRITE (a, "apple", 5)
3326
3327 OP_C_ACCEPT_STREAM_WAIT (a)
3328 OP_C_READ_EXPECT (a, "apple", 5)
3329
3330 OP_SET_INJECT_WORD (S_UNI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA)
3331 OP_S_WRITE (a, "orange", 6)
3332
3333 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR,0,0)
3334
3335 OP_END
3336 };
3337
3338 /* 36. Fault injection - MAX_STREAM_DATA for nonexistent stream */
3339 static const struct script_op script_36[] = {
3340 OP_S_SET_INJECT_PLAIN (script_28_inject_plain)
3341 OP_C_SET_ALPN ("ossltest")
3342 OP_C_CONNECT_WAIT ()
3343 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3344
3345 OP_S_NEW_STREAM_UNI (a, S_UNI_ID(0))
3346 OP_S_WRITE (a, "apple", 5)
3347
3348 OP_C_ACCEPT_STREAM_WAIT (a)
3349 OP_C_READ_EXPECT (a, "apple", 5)
3350
3351 OP_SET_INJECT_WORD (C_BIDI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA)
3352 OP_S_WRITE (a, "orange", 6)
3353
3354 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR,0,0)
3355
3356 OP_END
3357 };
3358
3359 /* 37. Fault injection - STREAM_DATA_BLOCKED for send-only stream */
3360 static const struct script_op script_37[] = {
3361 OP_S_SET_INJECT_PLAIN (script_28_inject_plain)
3362 OP_C_SET_ALPN ("ossltest")
3363 OP_C_CONNECT_WAIT ()
3364 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3365
3366 OP_C_NEW_STREAM_UNI (a, C_UNI_ID(0))
3367 OP_C_WRITE (a, "apple", 5)
3368
3369 OP_S_BIND_STREAM_ID (a, C_UNI_ID(0))
3370 OP_S_READ_EXPECT (a, "apple", 5)
3371
3372 OP_S_NEW_STREAM_UNI (b, S_UNI_ID(0))
3373 OP_SET_INJECT_WORD (C_UNI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED)
3374 OP_S_WRITE (b, "orange", 5)
3375
3376 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR,0,0)
3377
3378 OP_END
3379 };
3380
3381 /* 38. Fault injection - STREAM_DATA_BLOCKED for non-existent stream */
3382 static const struct script_op script_38[] = {
3383 OP_S_SET_INJECT_PLAIN (script_28_inject_plain)
3384 OP_C_SET_ALPN ("ossltest")
3385 OP_C_CONNECT_WAIT ()
3386 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3387
3388 OP_C_NEW_STREAM_UNI (a, C_UNI_ID(0))
3389 OP_C_WRITE (a, "apple", 5)
3390
3391 OP_S_BIND_STREAM_ID (a, C_UNI_ID(0))
3392 OP_S_READ_EXPECT (a, "apple", 5)
3393
3394 OP_SET_INJECT_WORD (C_BIDI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED)
3395
3396 OP_S_NEW_STREAM_UNI (b, S_UNI_ID(0))
3397 OP_S_WRITE (b, "orange", 5)
3398
3399 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR,0,0)
3400
3401 OP_END
3402 };
3403
3404 /* 39. Fault injection - NEW_CONN_ID with zero-len CID */
script_39_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)3405 static int script_39_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
3406 unsigned char *buf, size_t len)
3407 {
3408 int ok = 0;
3409 WPACKET wpkt;
3410 unsigned char frame_buf[64];
3411 size_t i, written;
3412 uint64_t seq_no = 0, retire_prior_to = 0;
3413 QUIC_CONN_ID new_cid = {0};
3414 QUIC_CHANNEL *ch = ossl_quic_tserver_get_channel(h->s_priv);
3415
3416 if (hdr->type != QUIC_PKT_TYPE_1RTT)
3417 return 1;
3418
3419 switch (h->inject_word1) {
3420 case 0:
3421 return 1;
3422 case 1:
3423 new_cid.id_len = 0;
3424 break;
3425 case 2:
3426 new_cid.id_len = 21;
3427 break;
3428 case 3:
3429 new_cid.id_len = 1;
3430 new_cid.id[0] = 0x55;
3431
3432 seq_no = 0;
3433 retire_prior_to = 1;
3434 break;
3435 case 4:
3436 /* Use our actual CID so we don't break connectivity. */
3437 ossl_quic_channel_get_diag_local_cid(ch, &new_cid);
3438
3439 seq_no = 2;
3440 retire_prior_to = 2;
3441 break;
3442 case 5:
3443 /*
3444 * Use a bogus CID which will need to be ignored if connectivity is to
3445 * be continued.
3446 */
3447 new_cid.id_len = 8;
3448 new_cid.id[0] = 0x55;
3449
3450 seq_no = 1;
3451 retire_prior_to = 1;
3452 break;
3453 }
3454
3455 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
3456 sizeof(frame_buf), 0)))
3457 return 0;
3458
3459 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID))
3460 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, seq_no)) /* seq no */
3461 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, retire_prior_to)) /* retire prior to */
3462 || !TEST_true(WPACKET_put_bytes_u8(&wpkt, new_cid.id_len))) /* len */
3463 goto err;
3464
3465 for (i = 0; i < new_cid.id_len && i < OSSL_NELEM(new_cid.id); ++i)
3466 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, new_cid.id[i])))
3467 goto err;
3468
3469 for (; i < new_cid.id_len; ++i)
3470 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x55)))
3471 goto err;
3472
3473 for (i = 0; i < QUIC_STATELESS_RESET_TOKEN_LEN; ++i)
3474 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x42)))
3475 goto err;
3476
3477 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
3478 goto err;
3479
3480 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
3481 goto err;
3482
3483 ok = 1;
3484 err:
3485 if (ok)
3486 WPACKET_finish(&wpkt);
3487 else
3488 WPACKET_cleanup(&wpkt);
3489 return ok;
3490 }
3491
3492 static const struct script_op script_39[] = {
3493 OP_S_SET_INJECT_PLAIN (script_39_inject_plain)
3494 OP_C_SET_ALPN ("ossltest")
3495 OP_C_CONNECT_WAIT ()
3496 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3497
3498 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
3499 OP_C_WRITE (a, "apple", 5)
3500 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3501 OP_S_READ_EXPECT (a, "apple", 5)
3502
3503 OP_SET_INJECT_WORD (0, 1)
3504 OP_S_WRITE (a, "orange", 5)
3505
3506 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0)
3507
3508 OP_END
3509 };
3510
3511 /* 40. Shutdown flush test */
3512 static const unsigned char script_40_data[1024] = "strawberry";
3513
3514 static const struct script_op script_40[] = {
3515 OP_C_SET_ALPN ("ossltest")
3516 OP_C_CONNECT_WAIT ()
3517 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3518
3519 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
3520 OP_C_WRITE (a, "apple", 5)
3521
3522 OP_C_INHIBIT_TICK (1)
3523 OP_C_SET_WRITE_BUF_SIZE (a, 1024 * 100 * 3)
3524
3525 OP_BEGIN_REPEAT (100)
3526
3527 OP_C_WRITE (a, script_40_data, sizeof(script_40_data))
3528
3529 OP_END_REPEAT ()
3530
3531 OP_C_CONCLUDE (a)
3532 OP_C_SHUTDOWN_WAIT (NULL, 0) /* disengages tick inhibition */
3533
3534 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3535 OP_S_READ_EXPECT (a, "apple", 5)
3536
3537 OP_BEGIN_REPEAT (100)
3538
3539 OP_S_READ_EXPECT (a, script_40_data, sizeof(script_40_data))
3540
3541 OP_END_REPEAT ()
3542
3543 OP_S_EXPECT_FIN (a)
3544
3545 OP_C_EXPECT_CONN_CLOSE_INFO(0, 1, 0)
3546 OP_S_EXPECT_CONN_CLOSE_INFO(0, 1, 1)
3547
3548 OP_END
3549 };
3550
3551 /* 41. Fault injection - PATH_CHALLENGE yields PATH_RESPONSE */
3552 static const uint64_t path_challenge = UINT64_C(0xbdeb9451169c83aa);
3553
script_41_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)3554 static int script_41_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
3555 unsigned char *buf, size_t len)
3556 {
3557 int ok = 0;
3558 WPACKET wpkt;
3559 unsigned char frame_buf[16];
3560 size_t written;
3561
3562 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT)
3563 return 1;
3564
3565 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
3566 sizeof(frame_buf), 0)))
3567 return 0;
3568
3569 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word1))
3570 || !TEST_true(WPACKET_put_bytes_u64(&wpkt, path_challenge)))
3571 goto err;
3572
3573 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written))
3574 || !TEST_size_t_eq(written, 9))
3575 goto err;
3576
3577 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
3578 goto err;
3579
3580 --h->inject_word0;
3581 ok = 1;
3582 err:
3583 if (ok)
3584 WPACKET_finish(&wpkt);
3585 else
3586 WPACKET_cleanup(&wpkt);
3587 return ok;
3588 }
3589
script_41_trace(int write_p,int version,int content_type,const void * buf,size_t len,SSL * ssl,void * arg)3590 static void script_41_trace(int write_p, int version, int content_type,
3591 const void *buf, size_t len, SSL *ssl, void *arg)
3592 {
3593 uint64_t frame_type, frame_data;
3594 int was_minimal;
3595 struct helper *h = arg;
3596 PACKET pkt;
3597
3598 if (version != OSSL_QUIC1_VERSION
3599 || content_type != SSL3_RT_QUIC_FRAME_FULL
3600 || len < 1)
3601 return;
3602
3603 if (!TEST_true(PACKET_buf_init(&pkt, buf, len))) {
3604 ++h->scratch1;
3605 return;
3606 }
3607
3608 if (!TEST_true(ossl_quic_wire_peek_frame_header(&pkt, &frame_type,
3609 &was_minimal))) {
3610 ++h->scratch1;
3611 return;
3612 }
3613
3614 if (frame_type != OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE)
3615 return;
3616
3617 if (!TEST_true(ossl_quic_wire_decode_frame_path_response(&pkt, &frame_data))
3618 || !TEST_uint64_t_eq(frame_data, path_challenge)) {
3619 ++h->scratch1;
3620 return;
3621 }
3622
3623 ++h->scratch0;
3624 }
3625
script_41_setup(struct helper * h,struct helper_local * hl)3626 static int script_41_setup(struct helper *h, struct helper_local *hl)
3627 {
3628 ossl_quic_tserver_set_msg_callback(ACQUIRE_S(), script_41_trace, h);
3629 return 1;
3630 }
3631
script_41_check(struct helper * h,struct helper_local * hl)3632 static int script_41_check(struct helper *h, struct helper_local *hl)
3633 {
3634 /* At least one valid challenge/response echo? */
3635 if (!TEST_uint64_t_gt(h->scratch0, 0))
3636 return 0;
3637
3638 /* No failed tests? */
3639 if (!TEST_uint64_t_eq(h->scratch1, 0))
3640 return 0;
3641
3642 return 1;
3643 }
3644
3645 static const struct script_op script_41[] = {
3646 OP_S_SET_INJECT_PLAIN (script_41_inject_plain)
3647 OP_C_SET_ALPN ("ossltest")
3648 OP_C_CONNECT_WAIT ()
3649 OP_CHECK (script_41_setup, 0)
3650
3651 OP_C_WRITE (DEFAULT, "apple", 5)
3652 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3653 OP_S_READ_EXPECT (a, "apple", 5)
3654
3655 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_PATH_CHALLENGE)
3656
3657 OP_S_WRITE (a, "orange", 6)
3658 OP_C_READ_EXPECT (DEFAULT, "orange", 6)
3659
3660 OP_C_WRITE (DEFAULT, "strawberry", 10)
3661 OP_S_READ_EXPECT (a, "strawberry", 10)
3662
3663 OP_CHECK (script_41_check, 0)
3664 OP_END
3665 };
3666
3667 /* 42. Fault injection - CRYPTO frame with illegal offset */
script_42_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)3668 static int script_42_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
3669 unsigned char *buf, size_t len)
3670 {
3671 int ok = 0;
3672 unsigned char frame_buf[64];
3673 size_t written;
3674 WPACKET wpkt;
3675
3676 if (h->inject_word0 == 0)
3677 return 1;
3678
3679 --h->inject_word0;
3680
3681 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
3682 sizeof(frame_buf), 0)))
3683 return 0;
3684
3685 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_FRAME_TYPE_CRYPTO))
3686 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word1))
3687 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, 1))
3688 || !TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x42)))
3689 goto err;
3690
3691 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
3692 goto err;
3693
3694 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
3695 goto err;
3696
3697 ok = 1;
3698 err:
3699 if (ok)
3700 WPACKET_finish(&wpkt);
3701 else
3702 WPACKET_cleanup(&wpkt);
3703 return ok;
3704 }
3705
3706 static const struct script_op script_42[] = {
3707 OP_S_SET_INJECT_PLAIN (script_42_inject_plain)
3708 OP_C_SET_ALPN ("ossltest")
3709 OP_C_CONNECT_WAIT ()
3710 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3711
3712 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
3713 OP_C_WRITE (a, "apple", 5)
3714
3715 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3716 OP_S_READ_EXPECT (a, "apple", 5)
3717
3718 OP_SET_INJECT_WORD (1, (((uint64_t)1) << 62) - 1)
3719 OP_S_WRITE (a, "orange", 6)
3720
3721 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0)
3722
3723 OP_END
3724 };
3725
3726 /* 43. Fault injection - CRYPTO frame exceeding FC */
3727 static const struct script_op script_43[] = {
3728 OP_S_SET_INJECT_PLAIN (script_42_inject_plain)
3729 OP_C_SET_ALPN ("ossltest")
3730 OP_C_CONNECT_WAIT ()
3731 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
3732
3733 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
3734 OP_C_WRITE (a, "apple", 5)
3735
3736 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3737 OP_S_READ_EXPECT (a, "apple", 5)
3738
3739 OP_SET_INJECT_WORD (1, 0x100000 /* 1 MiB */)
3740 OP_S_WRITE (a, "orange", 6)
3741
3742 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_CRYPTO_BUFFER_EXCEEDED,0,0)
3743
3744 OP_END
3745 };
3746
3747 /* 44. Fault injection - PADDING */
script_44_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)3748 static int script_44_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
3749 unsigned char *buf, size_t len)
3750 {
3751 int ok = 0;
3752 WPACKET wpkt;
3753 unsigned char frame_buf[16];
3754 size_t written;
3755
3756 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT)
3757 return 1;
3758
3759 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
3760 sizeof(frame_buf), 0)))
3761 return 0;
3762
3763 if (!TEST_true(ossl_quic_wire_encode_padding(&wpkt, 1)))
3764 goto err;
3765
3766 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
3767 goto err;
3768
3769 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
3770 goto err;
3771
3772 ok = 1;
3773 err:
3774 if (ok)
3775 WPACKET_finish(&wpkt);
3776 else
3777 WPACKET_cleanup(&wpkt);
3778 return ok;
3779 }
3780
3781 static const struct script_op script_44[] = {
3782 OP_S_SET_INJECT_PLAIN (script_44_inject_plain)
3783 OP_C_SET_ALPN ("ossltest")
3784 OP_C_CONNECT_WAIT ()
3785
3786 OP_C_WRITE (DEFAULT, "apple", 5)
3787 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3788 OP_S_READ_EXPECT (a, "apple", 5)
3789
3790 OP_SET_INJECT_WORD (1, 0)
3791
3792 OP_S_WRITE (a, "Strawberry", 10)
3793 OP_C_READ_EXPECT (DEFAULT, "Strawberry", 10)
3794
3795 OP_END
3796 };
3797
3798 /* 45. PING must generate ACK */
force_ping(struct helper * h,struct helper_local * hl)3799 static int force_ping(struct helper *h, struct helper_local *hl)
3800 {
3801 QUIC_CHANNEL *ch = ossl_quic_tserver_get_channel(ACQUIRE_S());
3802
3803 h->scratch0 = ossl_quic_channel_get_diag_num_rx_ack(ch);
3804
3805 if (!TEST_true(ossl_quic_tserver_ping(ACQUIRE_S())))
3806 return 0;
3807
3808 return 1;
3809 }
3810
wait_incoming_acks_increased(struct helper * h,struct helper_local * hl)3811 static int wait_incoming_acks_increased(struct helper *h, struct helper_local *hl)
3812 {
3813 QUIC_CHANNEL *ch = ossl_quic_tserver_get_channel(ACQUIRE_S());
3814 uint16_t count;
3815
3816 count = ossl_quic_channel_get_diag_num_rx_ack(ch);
3817
3818 if (count == h->scratch0) {
3819 h->check_spin_again = 1;
3820 return 0;
3821 }
3822
3823 return 1;
3824 }
3825
3826 static const struct script_op script_45[] = {
3827 OP_C_SET_ALPN ("ossltest")
3828 OP_C_CONNECT_WAIT ()
3829
3830 OP_C_WRITE (DEFAULT, "apple", 5)
3831 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3832 OP_S_READ_EXPECT (a, "apple", 5)
3833
3834 OP_BEGIN_REPEAT (2)
3835
3836 OP_CHECK (force_ping, 0)
3837 OP_CHECK (wait_incoming_acks_increased, 0)
3838
3839 OP_END_REPEAT ()
3840
3841 OP_S_WRITE (a, "Strawberry", 10)
3842 OP_C_READ_EXPECT (DEFAULT, "Strawberry", 10)
3843
3844 OP_END
3845 };
3846
3847 /* 46. Fault injection - ACK - malformed initial range */
script_46_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)3848 static int script_46_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
3849 unsigned char *buf, size_t len)
3850 {
3851 int ok = 0;
3852 WPACKET wpkt;
3853 unsigned char frame_buf[16];
3854 size_t written;
3855 uint64_t type = 0, largest_acked = 0, first_range = 0, range_count = 0;
3856 uint64_t agap = 0, alen = 0;
3857 uint64_t ect0 = 0, ect1 = 0, ecnce = 0;
3858
3859 if (h->inject_word0 == 0)
3860 return 1;
3861
3862 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
3863 sizeof(frame_buf), 0)))
3864 return 0;
3865
3866 type = OSSL_QUIC_FRAME_TYPE_ACK_WITHOUT_ECN;
3867
3868 switch (h->inject_word0) {
3869 case 1:
3870 largest_acked = 100;
3871 first_range = 101;
3872 range_count = 0;
3873 break;
3874 case 2:
3875 largest_acked = 100;
3876 first_range = 80;
3877 /* [20..100]; [0..18] */
3878 range_count = 1;
3879 agap = 0;
3880 alen = 19;
3881 break;
3882 case 3:
3883 largest_acked = 100;
3884 first_range = 80;
3885 range_count = 1;
3886 agap = 18;
3887 alen = 1;
3888 break;
3889 case 4:
3890 type = OSSL_QUIC_FRAME_TYPE_ACK_WITH_ECN;
3891 largest_acked = 100;
3892 first_range = 1;
3893 range_count = 0;
3894 break;
3895 case 5:
3896 type = OSSL_QUIC_FRAME_TYPE_ACK_WITH_ECN;
3897 largest_acked = 0;
3898 first_range = 0;
3899 range_count = 0;
3900 ect0 = 0;
3901 ect1 = 50;
3902 ecnce = 200;
3903 break;
3904 }
3905
3906 h->inject_word0 = 0;
3907
3908 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, type))
3909 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, largest_acked))
3910 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, /*ack_delay=*/0))
3911 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, /*ack_range_count=*/range_count))
3912 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, /*first_ack_range=*/first_range)))
3913 goto err;
3914
3915 if (range_count > 0)
3916 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, /*range[0].gap=*/agap))
3917 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, /*range[0].len=*/alen)))
3918 goto err;
3919
3920 if (type == OSSL_QUIC_FRAME_TYPE_ACK_WITH_ECN)
3921 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, ect0))
3922 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, ect1))
3923 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, ecnce)))
3924 goto err;
3925
3926 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
3927 goto err;
3928
3929 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
3930 goto err;
3931
3932 ok = 1;
3933 err:
3934 if (ok)
3935 WPACKET_finish(&wpkt);
3936 else
3937 WPACKET_cleanup(&wpkt);
3938 return ok;
3939 }
3940
3941 static const struct script_op script_46[] = {
3942 OP_S_SET_INJECT_PLAIN (script_46_inject_plain)
3943 OP_C_SET_ALPN ("ossltest")
3944 OP_C_CONNECT_WAIT ()
3945
3946 OP_C_WRITE (DEFAULT, "apple", 5)
3947 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3948 OP_S_READ_EXPECT (a, "apple", 5)
3949
3950 OP_SET_INJECT_WORD (1, 0)
3951
3952 OP_S_WRITE (a, "Strawberry", 10)
3953
3954 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0)
3955
3956 OP_END
3957 };
3958
3959 /* 47. Fault injection - ACK - malformed subsequent range */
3960 static const struct script_op script_47[] = {
3961 OP_S_SET_INJECT_PLAIN (script_46_inject_plain)
3962 OP_C_SET_ALPN ("ossltest")
3963 OP_C_CONNECT_WAIT ()
3964
3965 OP_C_WRITE (DEFAULT, "apple", 5)
3966 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3967 OP_S_READ_EXPECT (a, "apple", 5)
3968
3969 OP_SET_INJECT_WORD (2, 0)
3970
3971 OP_S_WRITE (a, "Strawberry", 10)
3972
3973 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0)
3974
3975 OP_END
3976 };
3977
3978 /* 48. Fault injection - ACK - malformed subsequent range */
3979 static const struct script_op script_48[] = {
3980 OP_S_SET_INJECT_PLAIN (script_46_inject_plain)
3981 OP_C_SET_ALPN ("ossltest")
3982 OP_C_CONNECT_WAIT ()
3983
3984 OP_C_WRITE (DEFAULT, "apple", 5)
3985 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
3986 OP_S_READ_EXPECT (a, "apple", 5)
3987
3988 OP_SET_INJECT_WORD (3, 0)
3989
3990 OP_S_WRITE (a, "Strawberry", 10)
3991
3992 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0)
3993
3994 OP_END
3995 };
3996
3997 /* 49. Fault injection - ACK - fictional PN */
3998 static const struct script_op script_49[] = {
3999 OP_S_SET_INJECT_PLAIN (script_46_inject_plain)
4000 OP_C_SET_ALPN ("ossltest")
4001 OP_C_CONNECT_WAIT ()
4002
4003 OP_C_WRITE (DEFAULT, "apple", 5)
4004 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4005 OP_S_READ_EXPECT (a, "apple", 5)
4006
4007 OP_SET_INJECT_WORD (4, 0)
4008
4009 OP_S_WRITE (a, "Strawberry", 10)
4010 OP_C_READ_EXPECT (DEFAULT, "Strawberry", 10)
4011
4012 OP_END
4013 };
4014
4015 /* 50. Fault injection - ACK - duplicate PN */
4016 static const struct script_op script_50[] = {
4017 OP_S_SET_INJECT_PLAIN (script_46_inject_plain)
4018 OP_C_SET_ALPN ("ossltest")
4019 OP_C_CONNECT_WAIT ()
4020
4021 OP_C_WRITE (DEFAULT, "apple", 5)
4022 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4023 OP_S_READ_EXPECT (a, "apple", 5)
4024
4025 OP_BEGIN_REPEAT (2)
4026
4027 OP_SET_INJECT_WORD (5, 0)
4028
4029 OP_S_WRITE (a, "Strawberry", 10)
4030 OP_C_READ_EXPECT (DEFAULT, "Strawberry", 10)
4031
4032 OP_END_REPEAT ()
4033
4034 OP_END
4035 };
4036
4037 /* 51. Fault injection - PATH_RESPONSE is ignored */
4038 static const struct script_op script_51[] = {
4039 OP_S_SET_INJECT_PLAIN (script_41_inject_plain)
4040 OP_C_SET_ALPN ("ossltest")
4041 OP_C_CONNECT_WAIT ()
4042
4043 OP_C_WRITE (DEFAULT, "apple", 5)
4044 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4045 OP_S_READ_EXPECT (a, "apple", 5)
4046
4047 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE)
4048
4049 OP_S_WRITE (a, "orange", 6)
4050 OP_C_READ_EXPECT (DEFAULT, "orange", 6)
4051
4052 OP_C_WRITE (DEFAULT, "Strawberry", 10)
4053 OP_S_READ_EXPECT (a, "Strawberry", 10)
4054
4055 OP_END
4056 };
4057
4058 /* 52. Fault injection - ignore BLOCKED frames with bogus values */
script_52_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)4059 static int script_52_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
4060 unsigned char *buf, size_t len)
4061 {
4062 int ok = 0;
4063 unsigned char frame_buf[64];
4064 size_t written;
4065 WPACKET wpkt;
4066 uint64_t type = h->inject_word1;
4067
4068 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT)
4069 return 1;
4070
4071 --h->inject_word0;
4072
4073 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
4074 sizeof(frame_buf), 0)))
4075 return 0;
4076
4077 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, type)))
4078 goto err;
4079
4080 if (type == OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED)
4081 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, C_BIDI_ID(0))))
4082 goto err;
4083
4084 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, 0xFFFFFF)))
4085 goto err;
4086
4087 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
4088 goto err;
4089
4090 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
4091 goto err;
4092
4093 ok = 1;
4094 err:
4095 if (ok)
4096 WPACKET_finish(&wpkt);
4097 else
4098 WPACKET_cleanup(&wpkt);
4099 return ok;
4100 }
4101
4102 static const struct script_op script_52[] = {
4103 OP_S_SET_INJECT_PLAIN (script_52_inject_plain)
4104 OP_C_SET_ALPN ("ossltest")
4105 OP_C_CONNECT_WAIT ()
4106
4107 OP_C_WRITE (DEFAULT, "apple", 5)
4108 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4109 OP_S_READ_EXPECT (a, "apple", 5)
4110
4111 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_DATA_BLOCKED)
4112
4113 OP_S_WRITE (a, "orange", 6)
4114 OP_C_READ_EXPECT (DEFAULT, "orange", 6)
4115
4116 OP_C_WRITE (DEFAULT, "Strawberry", 10)
4117 OP_S_READ_EXPECT (a, "Strawberry", 10)
4118
4119 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED)
4120
4121 OP_S_WRITE (a, "orange", 6)
4122 OP_C_READ_EXPECT (DEFAULT, "orange", 6)
4123
4124 OP_C_WRITE (DEFAULT, "Strawberry", 10)
4125 OP_S_READ_EXPECT (a, "Strawberry", 10)
4126
4127 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_UNI)
4128
4129 OP_S_WRITE (a, "orange", 6)
4130 OP_C_READ_EXPECT (DEFAULT, "orange", 6)
4131
4132 OP_C_WRITE (DEFAULT, "Strawberry", 10)
4133 OP_S_READ_EXPECT (a, "Strawberry", 10)
4134
4135 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_BIDI)
4136
4137 OP_S_WRITE (a, "orange", 6)
4138 OP_C_READ_EXPECT (DEFAULT, "orange", 6)
4139
4140 OP_C_WRITE (DEFAULT, "Strawberry", 10)
4141 OP_S_READ_EXPECT (a, "Strawberry", 10)
4142
4143 OP_END
4144 };
4145
4146 /* 53. Fault injection - excess CRYPTO buffer size */
script_53_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)4147 static int script_53_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
4148 unsigned char *buf, size_t len)
4149 {
4150 int ok = 0;
4151 size_t written;
4152 WPACKET wpkt;
4153 uint64_t offset = 0, data_len = 100;
4154 unsigned char *frame_buf = NULL;
4155 size_t frame_len, i;
4156
4157 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT)
4158 return 1;
4159
4160 h->inject_word0 = 0;
4161
4162 switch (h->inject_word1) {
4163 case 0:
4164 /*
4165 * Far out offset which will not have been reached during handshake.
4166 * This will not be delivered to the QUIC_TLS instance since it will be
4167 * waiting for in-order delivery of previous bytes. This tests our flow
4168 * control on CRYPTO stream buffering.
4169 */
4170 offset = 100000;
4171 data_len = 1;
4172 break;
4173 }
4174
4175 frame_len = 1 + 8 + 8 + (size_t)data_len;
4176 if (!TEST_ptr(frame_buf = OPENSSL_malloc(frame_len)))
4177 return 0;
4178
4179 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf, frame_len, 0)))
4180 goto err;
4181
4182 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_FRAME_TYPE_CRYPTO))
4183 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, offset))
4184 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, data_len)))
4185 goto err;
4186
4187 for (i = 0; i < data_len; ++i)
4188 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x42)))
4189 goto err;
4190
4191 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
4192 goto err;
4193
4194 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
4195 goto err;
4196
4197 ok = 1;
4198 err:
4199 if (ok)
4200 WPACKET_finish(&wpkt);
4201 else
4202 WPACKET_cleanup(&wpkt);
4203 OPENSSL_free(frame_buf);
4204 return ok;
4205 }
4206
4207 static const struct script_op script_53[] = {
4208 OP_S_SET_INJECT_PLAIN (script_53_inject_plain)
4209 OP_C_SET_ALPN ("ossltest")
4210 OP_C_CONNECT_WAIT ()
4211
4212 OP_C_WRITE (DEFAULT, "apple", 5)
4213 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4214 OP_S_READ_EXPECT (a, "apple", 5)
4215
4216 OP_SET_INJECT_WORD (1, 0)
4217 OP_S_WRITE (a, "Strawberry", 10)
4218
4219 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_CRYPTO_BUFFER_EXCEEDED,0,0)
4220
4221 OP_END
4222 };
4223
4224 /* 54. Fault injection - corrupted crypto stream data */
script_54_inject_handshake(struct helper * h,unsigned char * buf,size_t buf_len)4225 static int script_54_inject_handshake(struct helper *h,
4226 unsigned char *buf, size_t buf_len)
4227 {
4228 size_t i;
4229
4230 for (i = 0; i < buf_len; ++i)
4231 buf[i] ^= 0xff;
4232
4233 return 1;
4234 }
4235
4236 static const struct script_op script_54[] = {
4237 OP_S_SET_INJECT_HANDSHAKE(script_54_inject_handshake)
4238 OP_C_SET_ALPN ("ossltest")
4239 OP_C_CONNECT_WAIT_OR_FAIL()
4240
4241 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_CRYPTO_UNEXPECTED_MESSAGE,0,0)
4242
4243 OP_END
4244 };
4245
4246 /* 55. Fault injection - NEW_CONN_ID with >20 byte CID */
4247 static const struct script_op script_55[] = {
4248 OP_S_SET_INJECT_PLAIN (script_39_inject_plain)
4249 OP_C_SET_ALPN ("ossltest")
4250 OP_C_CONNECT_WAIT ()
4251 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4252
4253 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
4254 OP_C_WRITE (a, "apple", 5)
4255 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4256 OP_S_READ_EXPECT (a, "apple", 5)
4257
4258 OP_SET_INJECT_WORD (0, 2)
4259 OP_S_WRITE (a, "orange", 5)
4260
4261 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0)
4262
4263 OP_END
4264 };
4265
4266 /* 56. Fault injection - NEW_CONN_ID with seq no < retire prior to */
4267 static const struct script_op script_56[] = {
4268 OP_S_SET_INJECT_PLAIN (script_39_inject_plain)
4269 OP_C_SET_ALPN ("ossltest")
4270 OP_C_CONNECT_WAIT ()
4271 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4272
4273 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
4274 OP_C_WRITE (a, "apple", 5)
4275 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4276 OP_S_READ_EXPECT (a, "apple", 5)
4277
4278 OP_SET_INJECT_WORD (0, 3)
4279 OP_S_WRITE (a, "orange", 5)
4280
4281 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0)
4282
4283 OP_END
4284 };
4285
4286 /* 57. Fault injection - NEW_CONN_ID with lower seq so ignored */
4287 static const struct script_op script_57[] = {
4288 OP_S_SET_INJECT_PLAIN (script_39_inject_plain)
4289 OP_C_SET_ALPN ("ossltest")
4290 OP_C_CONNECT_WAIT ()
4291 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4292
4293 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
4294 OP_C_WRITE (a, "apple", 5)
4295 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4296 OP_S_READ_EXPECT (a, "apple", 5)
4297
4298 OP_SET_INJECT_WORD (0, 4)
4299 OP_S_WRITE (a, "orange", 5)
4300 OP_C_READ_EXPECT (a, "orange", 5)
4301
4302 OP_C_WRITE (a, "Strawberry", 10)
4303 OP_S_READ_EXPECT (a, "Strawberry", 10)
4304
4305 /*
4306 * Now we send a NEW_CONN_ID with a bogus CID. However the sequence number
4307 * is old so it should be ignored and we should still be able to
4308 * communicate.
4309 */
4310 OP_SET_INJECT_WORD (0, 5)
4311 OP_S_WRITE (a, "raspberry", 9)
4312 OP_C_READ_EXPECT (a, "raspberry", 9)
4313
4314 OP_C_WRITE (a, "peach", 5)
4315 OP_S_READ_EXPECT (a, "peach", 5)
4316
4317 OP_END
4318 };
4319
4320 /* 58. Fault injection - repeated HANDSHAKE_DONE */
script_58_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)4321 static int script_58_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
4322 unsigned char *buf, size_t len)
4323 {
4324 int ok = 0;
4325 unsigned char frame_buf[64];
4326 size_t written;
4327 WPACKET wpkt;
4328
4329 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT)
4330 return 1;
4331
4332 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
4333 sizeof(frame_buf), 0)))
4334 return 0;
4335
4336 if (h->inject_word0 == 1) {
4337 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_FRAME_TYPE_HANDSHAKE_DONE)))
4338 goto err;
4339 } else {
4340 /* Needless multi-byte encoding */
4341 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x40))
4342 || !TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x1E)))
4343 goto err;
4344 }
4345
4346 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
4347 goto err;
4348
4349 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
4350 goto err;
4351
4352 ok = 1;
4353 err:
4354 if (ok)
4355 WPACKET_finish(&wpkt);
4356 else
4357 WPACKET_cleanup(&wpkt);
4358 return ok;
4359 }
4360
4361 static const struct script_op script_58[] = {
4362 OP_S_SET_INJECT_PLAIN (script_58_inject_plain)
4363 OP_C_SET_ALPN ("ossltest")
4364 OP_C_CONNECT_WAIT ()
4365
4366 OP_C_WRITE (DEFAULT, "apple", 5)
4367 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4368 OP_S_READ_EXPECT (a, "apple", 5)
4369
4370 OP_SET_INJECT_WORD (1, 0)
4371
4372 OP_S_WRITE (a, "orange", 6)
4373 OP_C_READ_EXPECT (DEFAULT, "orange", 6)
4374
4375 OP_C_WRITE (DEFAULT, "Strawberry", 10)
4376 OP_S_READ_EXPECT (a, "Strawberry", 10)
4377
4378 OP_END
4379 };
4380
4381 /* 59. Fault injection - multi-byte frame encoding */
4382 static const struct script_op script_59[] = {
4383 OP_S_SET_INJECT_PLAIN (script_58_inject_plain)
4384 OP_C_SET_ALPN ("ossltest")
4385 OP_C_CONNECT_WAIT ()
4386
4387 OP_C_WRITE (DEFAULT, "apple", 5)
4388 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4389 OP_S_READ_EXPECT (a, "apple", 5)
4390
4391 OP_SET_INJECT_WORD (2, 0)
4392
4393 OP_S_WRITE (a, "orange", 6)
4394
4395 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_PROTOCOL_VIOLATION,0,0)
4396
4397 OP_END
4398 };
4399
4400 /* 60. Connection close reason truncation */
4401 static char long_reason[2048];
4402
init_reason(struct helper * h,struct helper_local * hl)4403 static int init_reason(struct helper *h, struct helper_local *hl)
4404 {
4405 memset(long_reason, '~', sizeof(long_reason));
4406 memcpy(long_reason, "This is a long reason string.", 29);
4407 long_reason[OSSL_NELEM(long_reason) - 1] = '\0';
4408 return 1;
4409 }
4410
check_shutdown_reason(struct helper * h,struct helper_local * hl)4411 static int check_shutdown_reason(struct helper *h, struct helper_local *hl)
4412 {
4413 const QUIC_TERMINATE_CAUSE *tc = ossl_quic_tserver_get_terminate_cause(ACQUIRE_S());
4414
4415 if (tc == NULL) {
4416 h->check_spin_again = 1;
4417 return 0;
4418 }
4419
4420 if (!TEST_size_t_ge(tc->reason_len, 50)
4421 || !TEST_mem_eq(long_reason, tc->reason_len,
4422 tc->reason, tc->reason_len))
4423 return 0;
4424
4425 return 1;
4426 }
4427
4428 static const struct script_op script_60[] = {
4429 OP_C_SET_ALPN ("ossltest")
4430 OP_C_CONNECT_WAIT ()
4431
4432 OP_C_WRITE (DEFAULT, "apple", 5)
4433 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4434 OP_S_READ_EXPECT (a, "apple", 5)
4435
4436 OP_CHECK (init_reason, 0)
4437 OP_C_SHUTDOWN_WAIT (long_reason, 0)
4438 OP_CHECK (check_shutdown_reason, 0)
4439
4440 OP_END
4441 };
4442
4443 /* 61. Fault injection - RESET_STREAM exceeding stream count FC */
script_61_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)4444 static int script_61_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
4445 unsigned char *buf, size_t len)
4446 {
4447 int ok = 0;
4448 WPACKET wpkt;
4449 unsigned char frame_buf[32];
4450 size_t written;
4451
4452 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT)
4453 return 1;
4454
4455 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
4456 sizeof(frame_buf), 0)))
4457 return 0;
4458
4459 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word0))
4460 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, /* stream ID */
4461 h->inject_word1))
4462 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, 123))
4463 || (h->inject_word0 == OSSL_QUIC_FRAME_TYPE_RESET_STREAM
4464 && !TEST_true(WPACKET_quic_write_vlint(&wpkt, 0)))) /* final size */
4465 goto err;
4466
4467 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
4468 goto err;
4469
4470 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
4471 goto err;
4472
4473 ok = 1;
4474 err:
4475 if (ok)
4476 WPACKET_finish(&wpkt);
4477 else
4478 WPACKET_cleanup(&wpkt);
4479 return ok;
4480 }
4481
4482 static const struct script_op script_61[] = {
4483 OP_S_SET_INJECT_PLAIN (script_61_inject_plain)
4484 OP_C_SET_ALPN ("ossltest")
4485 OP_C_CONNECT_WAIT ()
4486 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4487
4488 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
4489 OP_C_WRITE (a, "orange", 6)
4490
4491 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4492 OP_S_READ_EXPECT (a, "orange", 6)
4493
4494 OP_SET_INJECT_WORD (OSSL_QUIC_FRAME_TYPE_RESET_STREAM,
4495 S_BIDI_ID(OSSL_QUIC_VLINT_MAX / 4))
4496 OP_S_WRITE (a, "fruit", 5)
4497
4498 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_LIMIT_ERROR,0,0)
4499
4500 OP_END
4501 };
4502
4503 /* 62. Fault injection - STOP_SENDING with high ID */
4504 static const struct script_op script_62[] = {
4505 OP_S_SET_INJECT_PLAIN (script_61_inject_plain)
4506 OP_C_SET_ALPN ("ossltest")
4507 OP_C_CONNECT_WAIT ()
4508 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4509
4510 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
4511 OP_C_WRITE (a, "orange", 6)
4512
4513 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4514 OP_S_READ_EXPECT (a, "orange", 6)
4515
4516 OP_SET_INJECT_WORD (OSSL_QUIC_FRAME_TYPE_STOP_SENDING,
4517 C_BIDI_ID(OSSL_QUIC_VLINT_MAX / 4))
4518 OP_S_WRITE (a, "fruit", 5)
4519
4520 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR,0,0)
4521
4522 OP_END
4523 };
4524
4525 /* 63. Fault injection - STREAM frame exceeding stream limit */
4526 static const struct script_op script_63[] = {
4527 OP_S_SET_INJECT_PLAIN (script_32_inject_plain)
4528 OP_C_SET_ALPN ("ossltest")
4529 OP_C_CONNECT_WAIT ()
4530 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4531
4532 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
4533 OP_C_WRITE (a, "apple", 5)
4534
4535 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4536 OP_S_READ_EXPECT (a, "apple", 5)
4537
4538 OP_SET_INJECT_WORD (S_BIDI_ID(5000) + 1, 4)
4539 OP_S_WRITE (a, "orange", 6)
4540
4541 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_LIMIT_ERROR,0,0)
4542
4543 OP_END
4544 };
4545
4546 /* 64. Fault injection - STREAM - zero-length no-FIN is accepted */
4547 static const struct script_op script_64[] = {
4548 OP_S_SET_INJECT_PLAIN (script_32_inject_plain)
4549 OP_C_SET_ALPN ("ossltest")
4550 OP_C_CONNECT_WAIT ()
4551 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4552
4553 OP_S_NEW_STREAM_UNI (a, S_UNI_ID(0))
4554 OP_S_WRITE (a, "apple", 5)
4555
4556 OP_C_ACCEPT_STREAM_WAIT (a)
4557 OP_C_READ_EXPECT (a, "apple", 5)
4558
4559 OP_SET_INJECT_WORD (S_BIDI_ID(20) + 1, 1)
4560 OP_S_WRITE (a, "orange", 6)
4561 OP_C_READ_EXPECT (a, "orange", 6)
4562
4563 OP_END
4564 };
4565
4566 /* 65. Fault injection - CRYPTO - zero-length is accepted */
script_65_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)4567 static int script_65_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
4568 unsigned char *buf, size_t len)
4569 {
4570 int ok = 0;
4571 unsigned char frame_buf[64];
4572 size_t written;
4573 WPACKET wpkt;
4574
4575 if (h->inject_word0 == 0)
4576 return 1;
4577
4578 --h->inject_word0;
4579
4580 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
4581 sizeof(frame_buf), 0)))
4582 return 0;
4583
4584 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_FRAME_TYPE_CRYPTO))
4585 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, 0))
4586 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, 0)))
4587 goto err;
4588
4589 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
4590 goto err;
4591
4592 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
4593 goto err;
4594
4595 ok = 1;
4596 err:
4597 if (ok)
4598 WPACKET_finish(&wpkt);
4599 else
4600 WPACKET_cleanup(&wpkt);
4601 return ok;
4602 }
4603
4604 static const struct script_op script_65[] = {
4605 OP_S_SET_INJECT_PLAIN (script_65_inject_plain)
4606 OP_C_SET_ALPN ("ossltest")
4607 OP_C_CONNECT_WAIT ()
4608 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4609
4610 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
4611 OP_C_WRITE (a, "apple", 5)
4612
4613 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4614 OP_S_READ_EXPECT (a, "apple", 5)
4615
4616 OP_SET_INJECT_WORD (1, 0)
4617 OP_S_WRITE (a, "orange", 6)
4618 OP_C_READ_EXPECT (a, "orange", 6)
4619
4620 OP_END
4621 };
4622
4623 /* 66. Fault injection - large MAX_STREAM_DATA */
script_66_inject_plain(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)4624 static int script_66_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr,
4625 unsigned char *buf, size_t len)
4626 {
4627 int ok = 0;
4628 WPACKET wpkt;
4629 unsigned char frame_buf[64];
4630 size_t written;
4631
4632 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT)
4633 return 1;
4634
4635 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
4636 sizeof(frame_buf), 0)))
4637 return 0;
4638
4639 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word1)))
4640 goto err;
4641
4642 if (h->inject_word1 == OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA)
4643 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, /* stream ID */
4644 h->inject_word0 - 1)))
4645 goto err;
4646
4647 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_VLINT_MAX)))
4648 goto err;
4649
4650 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)))
4651 goto err;
4652
4653 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written))
4654 goto err;
4655
4656 ok = 1;
4657 err:
4658 if (ok)
4659 WPACKET_finish(&wpkt);
4660 else
4661 WPACKET_cleanup(&wpkt);
4662 return ok;
4663 }
4664
4665 static const struct script_op script_66[] = {
4666 OP_S_SET_INJECT_PLAIN (script_66_inject_plain)
4667 OP_C_SET_ALPN ("ossltest")
4668 OP_C_CONNECT_WAIT ()
4669 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4670
4671 OP_S_NEW_STREAM_BIDI (a, S_BIDI_ID(0))
4672 OP_S_WRITE (a, "apple", 5)
4673
4674 OP_C_ACCEPT_STREAM_WAIT (a)
4675 OP_C_READ_EXPECT (a, "apple", 5)
4676
4677 OP_SET_INJECT_WORD (S_BIDI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA)
4678 OP_S_WRITE (a, "orange", 6)
4679 OP_C_READ_EXPECT (a, "orange", 6)
4680 OP_C_WRITE (a, "Strawberry", 10)
4681 OP_S_READ_EXPECT (a, "Strawberry", 10)
4682
4683 OP_END
4684 };
4685
4686 /* 67. Fault injection - large MAX_DATA */
4687 static const struct script_op script_67[] = {
4688 OP_S_SET_INJECT_PLAIN (script_66_inject_plain)
4689 OP_C_SET_ALPN ("ossltest")
4690 OP_C_CONNECT_WAIT ()
4691 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4692
4693 OP_S_NEW_STREAM_BIDI (a, S_BIDI_ID(0))
4694 OP_S_WRITE (a, "apple", 5)
4695
4696 OP_C_ACCEPT_STREAM_WAIT (a)
4697 OP_C_READ_EXPECT (a, "apple", 5)
4698
4699 OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_MAX_DATA)
4700 OP_S_WRITE (a, "orange", 6)
4701 OP_C_READ_EXPECT (a, "orange", 6)
4702 OP_C_WRITE (a, "Strawberry", 10)
4703 OP_S_READ_EXPECT (a, "Strawberry", 10)
4704
4705 OP_END
4706 };
4707
4708 /* 68. Fault injection - Unexpected TLS messages */
script_68_inject_handshake(struct helper * h,unsigned char * msg,size_t msglen)4709 static int script_68_inject_handshake(struct helper *h, unsigned char *msg,
4710 size_t msglen)
4711 {
4712 const unsigned char *data;
4713 size_t datalen;
4714 const unsigned char certreq[] = {
4715 SSL3_MT_CERTIFICATE_REQUEST, /* CertificateRequest message */
4716 0, 0, 12, /* Length of message */
4717 1, 1, /* certificate_request_context */
4718 0, 8, /* Extensions block length */
4719 0, TLSEXT_TYPE_signature_algorithms, /* sig_algs extension*/
4720 0, 4, /* 4 bytes of sig algs extension*/
4721 0, 2, /* sigalgs list is 2 bytes long */
4722 8, 4 /* rsa_pss_rsae_sha256 */
4723 };
4724 const unsigned char keyupdate[] = {
4725 SSL3_MT_KEY_UPDATE, /* KeyUpdate message */
4726 0, 0, 1, /* Length of message */
4727 SSL_KEY_UPDATE_NOT_REQUESTED /* update_not_requested */
4728 };
4729
4730 /* We transform the NewSessionTicket message into something else */
4731 switch(h->inject_word0) {
4732 case 0:
4733 return 1;
4734
4735 case 1:
4736 /* CertificateRequest message */
4737 data = certreq;
4738 datalen = sizeof(certreq);
4739 break;
4740
4741 case 2:
4742 /* KeyUpdate message */
4743 data = keyupdate;
4744 datalen = sizeof(keyupdate);
4745 break;
4746
4747 default:
4748 return 0;
4749 }
4750
4751 if (!TEST_true(qtest_fault_resize_message(h->qtf,
4752 datalen - SSL3_HM_HEADER_LENGTH)))
4753 return 0;
4754
4755 memcpy(msg, data, datalen);
4756
4757 return 1;
4758 }
4759
4760 /* Send a CerticateRequest message post-handshake */
4761 static const struct script_op script_68[] = {
4762 OP_S_SET_INJECT_HANDSHAKE(script_68_inject_handshake)
4763 OP_C_SET_ALPN ("ossltest")
4764 OP_C_CONNECT_WAIT ()
4765 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4766
4767 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
4768 OP_C_WRITE (a, "apple", 5)
4769 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4770 OP_S_READ_EXPECT (a, "apple", 5)
4771
4772 OP_SET_INJECT_WORD (1, 0)
4773 OP_S_NEW_TICKET ()
4774 OP_S_WRITE (a, "orange", 6)
4775
4776 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_PROTOCOL_VIOLATION, 0, 0)
4777
4778 OP_END
4779 };
4780
4781 /* 69. Send a TLS KeyUpdate message post-handshake */
4782 static const struct script_op script_69[] = {
4783 OP_S_SET_INJECT_HANDSHAKE(script_68_inject_handshake)
4784 OP_C_SET_ALPN ("ossltest")
4785 OP_C_CONNECT_WAIT ()
4786 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4787
4788 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
4789 OP_C_WRITE (a, "apple", 5)
4790 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4791 OP_S_READ_EXPECT (a, "apple", 5)
4792
4793 OP_SET_INJECT_WORD (2, 0)
4794 OP_S_NEW_TICKET ()
4795 OP_S_WRITE (a, "orange", 6)
4796
4797 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_CRYPTO_ERR_BEGIN
4798 + SSL_AD_UNEXPECTED_MESSAGE, 0, 0)
4799
4800 OP_END
4801 };
4802
set_max_early_data(struct helper * h,struct helper_local * hl)4803 static int set_max_early_data(struct helper *h, struct helper_local *hl)
4804 {
4805
4806 if (!TEST_true(ossl_quic_tserver_set_max_early_data(ACQUIRE_S(),
4807 (uint32_t)hl->check_op->arg2)))
4808 return 0;
4809
4810 return 1;
4811 }
4812
4813 /* 70. Send a TLS NewSessionTicket message with invalid max_early_data */
4814 static const struct script_op script_70[] = {
4815 OP_C_SET_ALPN ("ossltest")
4816 OP_C_CONNECT_WAIT ()
4817 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4818
4819 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
4820 OP_C_WRITE (a, "apple", 5)
4821 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4822 OP_S_READ_EXPECT (a, "apple", 5)
4823
4824 OP_CHECK (set_max_early_data, 0xfffffffe)
4825 OP_S_NEW_TICKET ()
4826 OP_S_WRITE (a, "orange", 6)
4827
4828 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_PROTOCOL_VIOLATION, 0, 0)
4829
4830 OP_END
4831 };
4832
4833 /* 71. Send a TLS NewSessionTicket message with valid max_early_data */
4834 static const struct script_op script_71[] = {
4835 OP_C_SET_ALPN ("ossltest")
4836 OP_C_CONNECT_WAIT ()
4837 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4838
4839 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
4840 OP_C_WRITE (a, "apple", 5)
4841 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4842 OP_S_READ_EXPECT (a, "apple", 5)
4843
4844 OP_CHECK (set_max_early_data, 0xffffffff)
4845 OP_S_NEW_TICKET ()
4846 OP_S_WRITE (a, "orange", 6)
4847 OP_C_READ_EXPECT (a, "orange", 6)
4848
4849 OP_END
4850 };
4851
4852 /* 72. Test that APL stops handing out streams after limit reached (bidi) */
script_72_check(struct helper * h,struct helper_local * hl)4853 static int script_72_check(struct helper *h, struct helper_local *hl)
4854 {
4855 if (!TEST_uint64_t_ge(h->fail_count, 50))
4856 return 0;
4857
4858 return 1;
4859 }
4860
4861 static const struct script_op script_72[] = {
4862 OP_C_SET_ALPN ("ossltest")
4863 OP_C_CONNECT_WAIT ()
4864 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4865
4866 /*
4867 * Request more streams than a server will initially hand out and test that
4868 * they fail properly.
4869 */
4870 OP_BEGIN_REPEAT (200)
4871
4872 OP_C_NEW_STREAM_BIDI_EX (a, ANY_ID, ALLOW_FAIL | SSL_STREAM_FLAG_NO_BLOCK)
4873 OP_C_SKIP_IF_UNBOUND (a, 2)
4874 OP_C_WRITE (a, "apple", 5)
4875 OP_C_FREE_STREAM (a)
4876
4877 OP_END_REPEAT ()
4878
4879 OP_CHECK (script_72_check, 0)
4880
4881 OP_END
4882 };
4883
4884 /* 73. Test that APL stops handing out streams after limit reached (uni) */
4885 static const struct script_op script_73[] = {
4886 OP_C_SET_ALPN ("ossltest")
4887 OP_C_CONNECT_WAIT ()
4888 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4889
4890 /*
4891 * Request more streams than a server will initially hand out and test that
4892 * they fail properly.
4893 */
4894 OP_BEGIN_REPEAT (200)
4895
4896 OP_C_NEW_STREAM_UNI_EX (a, ANY_ID, ALLOW_FAIL | SSL_STREAM_FLAG_NO_BLOCK)
4897 OP_C_SKIP_IF_UNBOUND (a, 2)
4898 OP_C_WRITE (a, "apple", 5)
4899 OP_C_FREE_STREAM (a)
4900
4901 OP_END_REPEAT ()
4902
4903 OP_CHECK (script_72_check, 0)
4904
4905 OP_END
4906 };
4907
4908 /* 74. Version negotiation: QUIC_VERSION_1 ignored */
generate_version_neg(WPACKET * wpkt,uint32_t version)4909 static int generate_version_neg(WPACKET *wpkt, uint32_t version)
4910 {
4911 QUIC_PKT_HDR hdr = {0};
4912
4913 hdr.type = QUIC_PKT_TYPE_VERSION_NEG;
4914 hdr.fixed = 1;
4915 hdr.dst_conn_id.id_len = 0;
4916 hdr.src_conn_id.id_len = 8;
4917 memset(hdr.src_conn_id.id, 0x55, 8);
4918
4919 if (!TEST_true(ossl_quic_wire_encode_pkt_hdr(wpkt, 0, &hdr, NULL)))
4920 return 0;
4921
4922 if (!TEST_true(WPACKET_put_bytes_u32(wpkt, version)))
4923 return 0;
4924
4925 return 1;
4926 }
4927
server_gen_version_neg(struct helper * h,BIO_MSG * msg,size_t stride)4928 static int server_gen_version_neg(struct helper *h, BIO_MSG *msg, size_t stride)
4929 {
4930 int rc = 0, have_wpkt = 0;
4931 size_t l;
4932 WPACKET wpkt;
4933 BUF_MEM *buf = NULL;
4934 uint32_t version;
4935
4936 switch (h->inject_word0) {
4937 case 0:
4938 return 1;
4939 case 1:
4940 version = QUIC_VERSION_1;
4941 break;
4942 default:
4943 version = 0x5432abcd;
4944 break;
4945 }
4946
4947 if (!TEST_ptr(buf = BUF_MEM_new()))
4948 goto err;
4949
4950 if (!TEST_true(WPACKET_init(&wpkt, buf)))
4951 goto err;
4952
4953 have_wpkt = 1;
4954
4955 generate_version_neg(&wpkt, version);
4956
4957 if (!TEST_true(WPACKET_get_total_written(&wpkt, &l)))
4958 goto err;
4959
4960 if (!TEST_true(qtest_fault_resize_datagram(h->qtf, l)))
4961 return 0;
4962
4963 memcpy(msg->data, buf->data, l);
4964 h->inject_word0 = 0;
4965
4966 rc = 1;
4967 err:
4968 if (have_wpkt)
4969 WPACKET_finish(&wpkt);
4970
4971 BUF_MEM_free(buf);
4972 return rc;
4973 }
4974
4975 static const struct script_op script_74[] = {
4976 OP_S_SET_INJECT_DATAGRAM (server_gen_version_neg)
4977 OP_SET_INJECT_WORD (1, 0)
4978
4979 OP_C_SET_ALPN ("ossltest")
4980 OP_C_CONNECT_WAIT ()
4981
4982 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
4983
4984 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
4985 OP_C_WRITE (a, "apple", 5)
4986 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
4987 OP_S_READ_EXPECT (a, "apple", 5)
4988
4989 OP_END
4990 };
4991
4992 /* 75. Version negotiation: Unknown version causes connection abort */
4993 static const struct script_op script_75[] = {
4994 OP_S_SET_INJECT_DATAGRAM (server_gen_version_neg)
4995 OP_SET_INJECT_WORD (2, 0)
4996
4997 OP_C_SET_ALPN ("ossltest")
4998 OP_C_CONNECT_WAIT_OR_FAIL()
4999
5000 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_CONNECTION_REFUSED,0,0)
5001
5002 OP_END
5003 };
5004
5005 /* 76. Test peer-initiated shutdown wait */
script_76_check(struct helper * h,struct helper_local * hl)5006 static int script_76_check(struct helper *h, struct helper_local *hl)
5007 {
5008 if (!TEST_false(SSL_shutdown_ex(h->c_conn,
5009 SSL_SHUTDOWN_FLAG_WAIT_PEER
5010 | SSL_SHUTDOWN_FLAG_NO_BLOCK,
5011 NULL, 0)))
5012 return 0;
5013
5014 return 1;
5015 }
5016
5017 static const struct script_op script_76[] = {
5018 OP_C_SET_ALPN ("ossltest")
5019 OP_C_CONNECT_WAIT ()
5020 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
5021
5022 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
5023 OP_C_WRITE (a, "apple", 5)
5024
5025 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
5026 OP_S_READ_EXPECT (a, "apple", 5)
5027
5028 /* Check a WAIT_PEER call doesn't succeed yet. */
5029 OP_CHECK (script_76_check, 0)
5030 OP_S_SHUTDOWN (42)
5031
5032 OP_C_SHUTDOWN_WAIT (NULL, SSL_SHUTDOWN_FLAG_WAIT_PEER)
5033 OP_C_EXPECT_CONN_CLOSE_INFO(42, 1, 1)
5034
5035 OP_END
5036 };
5037
5038 /* 77. Ensure default stream popping operates correctly */
5039 static const struct script_op script_77[] = {
5040 OP_C_SET_ALPN ("ossltest")
5041 OP_C_CONNECT_WAIT ()
5042
5043 OP_C_SET_INCOMING_STREAM_POLICY(SSL_INCOMING_STREAM_POLICY_ACCEPT)
5044
5045 OP_S_NEW_STREAM_BIDI (a, S_BIDI_ID(0))
5046 OP_S_WRITE (a, "Strawberry", 10)
5047
5048 OP_C_READ_EXPECT (DEFAULT, "Strawberry", 10)
5049
5050 OP_S_NEW_STREAM_BIDI (b, S_BIDI_ID(1))
5051 OP_S_WRITE (b, "xyz", 3)
5052
5053 OP_C_ACCEPT_STREAM_WAIT (b)
5054 OP_C_READ_EXPECT (b, "xyz", 3)
5055
5056 OP_END
5057 };
5058
5059 /* 78. Post-connection session ticket handling */
5060 static size_t new_session_count;
5061
on_new_session(SSL * s,SSL_SESSION * sess)5062 static int on_new_session(SSL *s, SSL_SESSION *sess)
5063 {
5064 ++new_session_count;
5065 return 0; /* do not ref session, we aren't keeping it */
5066 }
5067
setup_session(struct helper * h,struct helper_local * hl)5068 static int setup_session(struct helper *h, struct helper_local *hl)
5069 {
5070 SSL_CTX_set_session_cache_mode(h->c_ctx, SSL_SESS_CACHE_BOTH);
5071 SSL_CTX_sess_set_new_cb(h->c_ctx, on_new_session);
5072 return 1;
5073 }
5074
trigger_late_session_ticket(struct helper * h,struct helper_local * hl)5075 static int trigger_late_session_ticket(struct helper *h, struct helper_local *hl)
5076 {
5077 new_session_count = 0;
5078
5079 if (!TEST_true(ossl_quic_tserver_new_ticket(ACQUIRE_S())))
5080 return 0;
5081
5082 return 1;
5083 }
5084
check_got_session_ticket(struct helper * h,struct helper_local * hl)5085 static int check_got_session_ticket(struct helper *h, struct helper_local *hl)
5086 {
5087 if (!TEST_size_t_gt(new_session_count, 0))
5088 return 0;
5089
5090 return 1;
5091 }
5092
5093 static int check_idle_timeout(struct helper *h, struct helper_local *hl);
5094
5095 static const struct script_op script_78[] = {
5096 OP_C_SET_ALPN ("ossltest")
5097 OP_CHECK (setup_session, 0)
5098 OP_C_CONNECT_WAIT ()
5099
5100 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
5101
5102 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
5103 OP_C_WRITE (a, "apple", 5)
5104
5105 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
5106 OP_S_READ_EXPECT (a, "apple", 5)
5107
5108 OP_S_WRITE (a, "orange", 6)
5109 OP_C_READ_EXPECT (a, "orange", 6)
5110
5111 OP_CHECK (trigger_late_session_ticket, 0)
5112
5113 OP_S_WRITE (a, "Strawberry", 10)
5114 OP_C_READ_EXPECT (a, "Strawberry", 10)
5115
5116 OP_CHECK (check_got_session_ticket, 0)
5117 OP_CHECK2 (check_idle_timeout,
5118 SSL_VALUE_CLASS_FEATURE_NEGOTIATED, 30000)
5119
5120 OP_END
5121 };
5122
5123 /* 79. Optimised FIN test */
5124 static const struct script_op script_79[] = {
5125 OP_C_SET_ALPN ("ossltest")
5126 OP_C_CONNECT_WAIT ()
5127 OP_C_WRITE_EX2 (DEFAULT, "apple", 5, SSL_WRITE_FLAG_CONCLUDE)
5128 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
5129 OP_S_READ_EXPECT (a, "apple", 5)
5130 OP_S_EXPECT_FIN (a)
5131 OP_S_WRITE (a, "orange", 6)
5132 OP_S_CONCLUDE (a)
5133 OP_C_READ_EXPECT (DEFAULT, "orange", 6)
5134 OP_C_EXPECT_FIN (DEFAULT)
5135 OP_END
5136 };
5137
5138 /* 80. Stateless reset detection test */
5139 static QUIC_STATELESS_RESET_TOKEN test_reset_token = {
5140 { 0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef,
5141 0xde, 0xad, 0xbe, 0xef }};
5142
5143 /*
5144 * Generate a packet in the following format:
5145 * https://www.rfc-editor.org/rfc/rfc9000.html#name-stateless-reset
5146 * Stateless Reset {
5147 * Fixed Bits (2): 1
5148 * Unpredictable bits (38..)
5149 * Stateless reset token (128)
5150 * }
5151 */
script_80_send_stateless_reset(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)5152 static int script_80_send_stateless_reset(struct helper *h, QUIC_PKT_HDR *hdr,
5153 unsigned char *buf, size_t len)
5154 {
5155 unsigned char databuf[64];
5156
5157 if (h->inject_word1 == 0)
5158 return 1;
5159
5160 h->inject_word1 = 0;
5161
5162 fprintf(stderr, "Sending stateless reset\n");
5163
5164 RAND_bytes(databuf, 64);
5165 databuf[0] = 0x40;
5166 memcpy(&databuf[48], test_reset_token.token,
5167 sizeof(test_reset_token.token));
5168
5169 if (!TEST_int_eq(SSL_inject_net_dgram(h->c_conn, databuf, sizeof(databuf),
5170 NULL, h->s_net_bio_addr), 1))
5171 return 0;
5172
5173 return 1;
5174 }
5175
script_80_gen_new_conn_id(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)5176 static int script_80_gen_new_conn_id(struct helper *h, QUIC_PKT_HDR *hdr,
5177 unsigned char *buf, size_t len)
5178 {
5179 int rc = 0;
5180 size_t l;
5181 unsigned char frame_buf[64];
5182 WPACKET wpkt;
5183 QUIC_CONN_ID new_cid = {0};
5184 OSSL_QUIC_FRAME_NEW_CONN_ID ncid = {0};
5185 QUIC_CHANNEL *ch = ossl_quic_tserver_get_channel(ACQUIRE_S_NOHL());
5186
5187 if (h->inject_word0 == 0)
5188 return 1;
5189
5190 h->inject_word0 = 0;
5191
5192 fprintf(stderr, "sending new conn id\n");
5193 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf,
5194 sizeof(frame_buf), 0)))
5195 return 0;
5196
5197 ossl_quic_channel_get_diag_local_cid(ch, &new_cid);
5198
5199 ncid.seq_num = 2;
5200 ncid.retire_prior_to = 2;
5201 ncid.conn_id = new_cid;
5202 memcpy(ncid.stateless_reset.token, test_reset_token.token,
5203 sizeof(test_reset_token.token));
5204
5205 if (!TEST_true(ossl_quic_wire_encode_frame_new_conn_id(&wpkt, &ncid)))
5206 goto err;
5207
5208 if (!TEST_true(WPACKET_get_total_written(&wpkt, &l)))
5209 goto err;
5210
5211 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, l))
5212 goto err;
5213
5214 rc = 1;
5215 err:
5216 if (rc)
5217 WPACKET_finish(&wpkt);
5218 else
5219 WPACKET_cleanup(&wpkt);
5220
5221 return rc;
5222 }
5223
script_80_inject_pkt(struct helper * h,QUIC_PKT_HDR * hdr,unsigned char * buf,size_t len)5224 static int script_80_inject_pkt(struct helper *h, QUIC_PKT_HDR *hdr,
5225 unsigned char *buf, size_t len)
5226 {
5227 if (h->inject_word1 == 1)
5228 return script_80_send_stateless_reset(h, hdr, buf, len);
5229 else if (h->inject_word0 == 1)
5230 return script_80_gen_new_conn_id(h, hdr, buf, len);
5231
5232 return 1;
5233 }
5234
5235 static const struct script_op script_80[] = {
5236 OP_S_SET_INJECT_PLAIN (script_80_inject_pkt)
5237 OP_C_SET_ALPN ("ossltest")
5238 OP_C_CONNECT_WAIT ()
5239 OP_C_WRITE (DEFAULT, "apple", 5)
5240 OP_C_CONCLUDE (DEFAULT)
5241 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
5242 OP_S_READ_EXPECT (a, "apple", 5)
5243 OP_SET_INJECT_WORD (1, 0)
5244 OP_S_WRITE (a, "apple", 5)
5245 OP_C_READ_EXPECT (DEFAULT, "apple", 5)
5246 OP_SET_INJECT_WORD (0, 1)
5247 OP_S_WRITE (a, "apple", 5)
5248 OP_C_EXPECT_CONN_CLOSE_INFO (0, 0, 1)
5249 OP_END
5250 };
5251
5252 /* 81. Idle timeout configuration */
modify_idle_timeout(struct helper * h,struct helper_local * hl)5253 static int modify_idle_timeout(struct helper *h, struct helper_local *hl)
5254 {
5255 uint64_t v = 0;
5256
5257 /* Test bad value is rejected. */
5258 if (!TEST_false(SSL_set_feature_request_uint(h->c_conn,
5259 SSL_VALUE_QUIC_IDLE_TIMEOUT,
5260 (1ULL << 62))))
5261 return 0;
5262
5263 /* Set value. */
5264 if (!TEST_true(SSL_set_feature_request_uint(h->c_conn,
5265 SSL_VALUE_QUIC_IDLE_TIMEOUT,
5266 hl->check_op->arg2)))
5267 return 0;
5268
5269 if (!TEST_true(SSL_get_feature_request_uint(h->c_conn,
5270 SSL_VALUE_QUIC_IDLE_TIMEOUT,
5271 &v)))
5272 return 0;
5273
5274 if (!TEST_uint64_t_eq(v, hl->check_op->arg2))
5275 return 0;
5276
5277 return 1;
5278 }
5279
check_idle_timeout(struct helper * h,struct helper_local * hl)5280 static int check_idle_timeout(struct helper *h, struct helper_local *hl)
5281 {
5282 uint64_t v = 0;
5283
5284 if (!TEST_true(SSL_get_value_uint(h->c_conn, hl->check_op->arg1,
5285 SSL_VALUE_QUIC_IDLE_TIMEOUT,
5286 &v)))
5287 return 0;
5288
5289 if (!TEST_uint64_t_eq(v, hl->check_op->arg2))
5290 return 0;
5291
5292 return 1;
5293 }
5294
5295 static const struct script_op script_81[] = {
5296 OP_C_SET_ALPN ("ossltest")
5297 OP_CHECK (modify_idle_timeout, 25000)
5298 OP_C_CONNECT_WAIT ()
5299
5300 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
5301
5302 OP_CHECK2 (check_idle_timeout,
5303 SSL_VALUE_CLASS_FEATURE_PEER_REQUEST, 30000)
5304 OP_CHECK2 (check_idle_timeout,
5305 SSL_VALUE_CLASS_FEATURE_NEGOTIATED, 25000)
5306
5307 OP_END
5308 };
5309
5310 /* 82. Negotiated default idle timeout if not configured */
5311 static const struct script_op script_82[] = {
5312 OP_C_SET_ALPN ("ossltest")
5313 OP_C_CONNECT_WAIT ()
5314
5315 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
5316
5317 OP_CHECK2 (check_idle_timeout,
5318 SSL_VALUE_CLASS_FEATURE_PEER_REQUEST, 30000)
5319 OP_CHECK2 (check_idle_timeout,
5320 SSL_VALUE_CLASS_FEATURE_NEGOTIATED, 30000)
5321
5322 OP_END
5323 };
5324
5325 /* 83. No late changes to idle timeout */
cannot_change_idle_timeout(struct helper * h,struct helper_local * hl)5326 static int cannot_change_idle_timeout(struct helper *h, struct helper_local *hl)
5327 {
5328 uint64_t v = 0;
5329
5330 if (!TEST_true(SSL_get_feature_request_uint(h->c_conn,
5331 SSL_VALUE_QUIC_IDLE_TIMEOUT,
5332 &v)))
5333 return 0;
5334
5335 if (!TEST_uint64_t_eq(v, 30000))
5336 return 0;
5337
5338 if (!TEST_false(SSL_set_feature_request_uint(h->c_conn,
5339 SSL_VALUE_QUIC_IDLE_TIMEOUT,
5340 5000)))
5341 return 0;
5342
5343 return 1;
5344 }
5345
5346 static const struct script_op script_83[] = {
5347 OP_C_SET_ALPN ("ossltest")
5348 OP_C_CONNECT_WAIT ()
5349
5350 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
5351
5352 OP_CHECK (cannot_change_idle_timeout, 0)
5353 OP_CHECK2 (check_idle_timeout,
5354 SSL_VALUE_CLASS_FEATURE_PEER_REQUEST, 30000)
5355 OP_CHECK2 (check_idle_timeout,
5356 SSL_VALUE_CLASS_FEATURE_NEGOTIATED, 30000)
5357
5358 OP_END
5359 };
5360
5361 /* 84. Test query of available streams */
check_avail_streams(struct helper * h,struct helper_local * hl)5362 static int check_avail_streams(struct helper *h, struct helper_local *hl)
5363 {
5364 uint64_t v = 0;
5365
5366 switch (hl->check_op->arg1) {
5367 case 0:
5368 if (!TEST_true(SSL_get_quic_stream_bidi_local_avail(h->c_conn, &v)))
5369 return 0;
5370 break;
5371 case 1:
5372 if (!TEST_true(SSL_get_quic_stream_bidi_remote_avail(h->c_conn, &v)))
5373 return 0;
5374 break;
5375 case 2:
5376 if (!TEST_true(SSL_get_quic_stream_uni_local_avail(h->c_conn, &v)))
5377 return 0;
5378 break;
5379 case 3:
5380 if (!TEST_true(SSL_get_quic_stream_uni_remote_avail(h->c_conn, &v)))
5381 return 0;
5382 break;
5383 default:
5384 return 0;
5385 }
5386
5387 if (!TEST_uint64_t_eq(v, hl->check_op->arg2))
5388 return 0;
5389
5390 return 1;
5391 }
5392
5393 static int set_event_handling_mode_conn(struct helper *h, struct helper_local *hl);
5394 static int reenable_test_event_handling(struct helper *h, struct helper_local *hl);
5395
check_write_buf_stat(struct helper * h,struct helper_local * hl)5396 static int check_write_buf_stat(struct helper *h, struct helper_local *hl)
5397 {
5398 SSL *c_a;
5399 uint64_t size, used, avail;
5400
5401 if (!TEST_ptr(c_a = helper_local_get_c_stream(hl, "a")))
5402 return 0;
5403
5404 if (!TEST_true(SSL_get_stream_write_buf_size(c_a, &size))
5405 || !TEST_true(SSL_get_stream_write_buf_used(c_a, &used))
5406 || !TEST_true(SSL_get_stream_write_buf_avail(c_a, &avail))
5407 || !TEST_uint64_t_ge(size, avail)
5408 || !TEST_uint64_t_ge(size, used)
5409 || !TEST_uint64_t_eq(avail + used, size))
5410 return 0;
5411
5412 if (!TEST_uint64_t_eq(used, hl->check_op->arg1))
5413 return 0;
5414
5415 return 1;
5416 }
5417
5418 static const struct script_op script_84[] = {
5419 OP_C_SET_ALPN ("ossltest")
5420 OP_C_CONNECT_WAIT ()
5421
5422 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
5423
5424 OP_CHECK2 (check_avail_streams, 0, 100)
5425 OP_CHECK2 (check_avail_streams, 1, 100)
5426 OP_CHECK2 (check_avail_streams, 2, 100)
5427 OP_CHECK2 (check_avail_streams, 3, 100)
5428
5429 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
5430
5431 OP_CHECK2 (check_avail_streams, 0, 99)
5432 OP_CHECK2 (check_avail_streams, 1, 100)
5433 OP_CHECK2 (check_avail_streams, 2, 100)
5434 OP_CHECK2 (check_avail_streams, 3, 100)
5435
5436 OP_C_NEW_STREAM_UNI (b, C_UNI_ID(0))
5437
5438 OP_CHECK2 (check_avail_streams, 0, 99)
5439 OP_CHECK2 (check_avail_streams, 1, 100)
5440 OP_CHECK2 (check_avail_streams, 2, 99)
5441 OP_CHECK2 (check_avail_streams, 3, 100)
5442
5443 OP_S_NEW_STREAM_BIDI (c, S_BIDI_ID(0))
5444 OP_S_WRITE (c, "x", 1)
5445
5446 OP_C_ACCEPT_STREAM_WAIT (c)
5447 OP_C_READ_EXPECT (c, "x", 1)
5448
5449 OP_CHECK2 (check_avail_streams, 0, 99)
5450 OP_CHECK2 (check_avail_streams, 1, 99)
5451 OP_CHECK2 (check_avail_streams, 2, 99)
5452 OP_CHECK2 (check_avail_streams, 3, 100)
5453
5454 OP_S_NEW_STREAM_UNI (d, S_UNI_ID(0))
5455 OP_S_WRITE (d, "x", 1)
5456
5457 OP_C_ACCEPT_STREAM_WAIT (d)
5458 OP_C_READ_EXPECT (d, "x", 1)
5459
5460 OP_CHECK2 (check_avail_streams, 0, 99)
5461 OP_CHECK2 (check_avail_streams, 1, 99)
5462 OP_CHECK2 (check_avail_streams, 2, 99)
5463 OP_CHECK2 (check_avail_streams, 3, 99)
5464
5465 OP_CHECK2 (check_write_buf_stat, 0, 0)
5466 OP_CHECK (set_event_handling_mode_conn,
5467 SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT)
5468 OP_C_WRITE (a, "apple", 5)
5469 OP_CHECK2 (check_write_buf_stat, 5, 0)
5470
5471 OP_CHECK (reenable_test_event_handling, 0)
5472
5473 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
5474 OP_S_READ_EXPECT (a, "apple", 5)
5475 OP_S_WRITE (a, "orange", 6)
5476 OP_C_READ_EXPECT (a, "orange", 6)
5477 OP_CHECK2 (check_write_buf_stat, 0, 0)
5478
5479 OP_END
5480 };
5481
5482 /* 85. Test SSL_poll (lite, non-blocking) */
script_85_poll(struct helper * h,struct helper_local * hl)5483 ossl_unused static int script_85_poll(struct helper *h, struct helper_local *hl)
5484 {
5485 int ok = 1, ret, expected_ret = 1;
5486 static const struct timeval timeout = {0};
5487 static const struct timeval nz_timeout = {0, 1};
5488 size_t result_count, expected_result_count = 0;
5489 SSL_POLL_ITEM items[5] = {0}, *item = items;
5490 SSL *c_a, *c_b, *c_c, *c_d;
5491 size_t i;
5492 uint64_t mode, expected_revents[5] = {0};
5493
5494 if (!TEST_ptr(c_a = helper_local_get_c_stream(hl, "a"))
5495 || !TEST_ptr(c_b = helper_local_get_c_stream(hl, "b"))
5496 || !TEST_ptr(c_c = helper_local_get_c_stream(hl, "c"))
5497 || !TEST_ptr(c_d = helper_local_get_c_stream(hl, "d")))
5498 return 0;
5499
5500 item->desc = SSL_as_poll_descriptor(c_a);
5501 item->events = UINT64_MAX;
5502 item->revents = UINT64_MAX;
5503 ++item;
5504
5505 item->desc = SSL_as_poll_descriptor(c_b);
5506 item->events = UINT64_MAX;
5507 item->revents = UINT64_MAX;
5508 ++item;
5509
5510 item->desc = SSL_as_poll_descriptor(c_c);
5511 item->events = UINT64_MAX;
5512 item->revents = UINT64_MAX;
5513 ++item;
5514
5515 item->desc = SSL_as_poll_descriptor(c_d);
5516 item->events = UINT64_MAX;
5517 item->revents = UINT64_MAX;
5518 ++item;
5519
5520 item->desc = SSL_as_poll_descriptor(h->c_conn);
5521 item->events = UINT64_MAX;
5522 item->revents = UINT64_MAX;
5523 ++item;
5524
5525 /* Non-zero timeout is not supported. */
5526 result_count = SIZE_MAX;
5527 ERR_set_mark();
5528 if (!TEST_false(SSL_poll(items, OSSL_NELEM(items), sizeof(SSL_POLL_ITEM),
5529 &nz_timeout, 0,
5530 &result_count))
5531 || !TEST_size_t_eq(result_count, 0))
5532 return 0;
5533
5534 ERR_pop_to_mark();
5535 result_count = SIZE_MAX;
5536 ret = SSL_poll(items, OSSL_NELEM(items), sizeof(SSL_POLL_ITEM),
5537 &timeout, 0,
5538 &result_count);
5539
5540 mode = hl->check_op->arg2;
5541 switch (mode) {
5542 case 0:
5543 /* No incoming data yet */
5544 expected_revents[0] = SSL_POLL_EVENT_W;
5545 expected_revents[1] = SSL_POLL_EVENT_W;
5546 expected_revents[2] = SSL_POLL_EVENT_W;
5547 expected_revents[3] = SSL_POLL_EVENT_W;
5548 expected_revents[4] = SSL_POLL_EVENT_OS;
5549 expected_result_count = 5;
5550 break;
5551 case 1:
5552 /* Expect more events */
5553 expected_revents[0] = SSL_POLL_EVENT_W | SSL_POLL_EVENT_R;
5554 expected_revents[1] = SSL_POLL_EVENT_W | SSL_POLL_EVENT_ER;
5555 expected_revents[2] = SSL_POLL_EVENT_EW;
5556 expected_revents[3] = SSL_POLL_EVENT_W;
5557 expected_revents[4] = SSL_POLL_EVENT_OS | SSL_POLL_EVENT_ISB;
5558 expected_result_count = 5;
5559 break;
5560 default:
5561 return 0;
5562 }
5563
5564 if (!TEST_int_eq(ret, expected_ret)
5565 || !TEST_size_t_eq(result_count, expected_result_count))
5566 ok = 0;
5567
5568 for (i = 0; i < OSSL_NELEM(items); ++i)
5569 if (!TEST_uint64_t_eq(items[i].revents, expected_revents[i])) {
5570 TEST_error("mismatch at index %zu in poll results, mode %d",
5571 i, (int)mode);
5572 ok = 0;
5573 }
5574
5575 return ok;
5576 }
5577
5578 static const struct script_op script_85[] = {
5579 OP_C_SET_ALPN ("ossltest")
5580 OP_C_CONNECT_WAIT ()
5581
5582 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
5583
5584 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
5585 OP_C_WRITE (a, "flamingo", 8)
5586
5587 OP_C_NEW_STREAM_BIDI (b, C_BIDI_ID(1))
5588 OP_C_WRITE (b, "orange", 6)
5589
5590 OP_C_NEW_STREAM_BIDI (c, C_BIDI_ID(2))
5591 OP_C_WRITE (c, "Strawberry", 10)
5592
5593 OP_C_NEW_STREAM_BIDI (d, C_BIDI_ID(3))
5594 OP_C_WRITE (d, "sync", 4)
5595
5596 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
5597 OP_S_BIND_STREAM_ID (b, C_BIDI_ID(1))
5598 OP_S_BIND_STREAM_ID (c, C_BIDI_ID(2))
5599 OP_S_BIND_STREAM_ID (d, C_BIDI_ID(3))
5600
5601 /* Check nothing readable yet. */
5602 OP_CHECK (script_85_poll, 0)
5603
5604 /* Send something that will make client sockets readable. */
5605 OP_S_READ_EXPECT (a, "flamingo", 8)
5606 OP_S_WRITE (a, "herringbone", 11)
5607
5608 /* Send something that will make 'b' reset. */
5609 OP_S_SET_INJECT_PLAIN (script_28_inject_plain)
5610 OP_SET_INJECT_WORD (C_BIDI_ID(1) + 1, OSSL_QUIC_FRAME_TYPE_RESET_STREAM)
5611
5612 /* Ensure sync. */
5613 OP_S_READ_EXPECT (d, "sync", 4)
5614 OP_S_WRITE (d, "x", 1)
5615 OP_C_READ_EXPECT (d, "x", 1)
5616
5617 /* Send something that will make 'c' reset. */
5618 OP_S_SET_INJECT_PLAIN (script_28_inject_plain)
5619 OP_SET_INJECT_WORD (C_BIDI_ID(2) + 1, OSSL_QUIC_FRAME_TYPE_STOP_SENDING)
5620
5621 OP_S_NEW_STREAM_BIDI (z, S_BIDI_ID(0))
5622 OP_S_WRITE (z, "z", 1)
5623
5624 /* Ensure sync. */
5625 OP_S_WRITE (d, "x", 1)
5626 OP_C_READ_EXPECT (d, "x", 1)
5627
5628 /* Check a is now readable. */
5629 OP_CHECK (script_85_poll, 1)
5630
5631 OP_END
5632 };
5633
5634 /* 86. Event Handling Mode Configuration */
set_event_handling_mode_conn(struct helper * h,struct helper_local * hl)5635 static int set_event_handling_mode_conn(struct helper *h, struct helper_local *hl)
5636 {
5637 hl->explicit_event_handling = 1;
5638 return SSL_set_event_handling_mode(h->c_conn, hl->check_op->arg2);
5639 }
5640
reenable_test_event_handling(struct helper * h,struct helper_local * hl)5641 static int reenable_test_event_handling(struct helper *h, struct helper_local *hl)
5642 {
5643 hl->explicit_event_handling = 0;
5644 return 1;
5645 }
5646
set_event_handling_mode_stream(struct helper * h,struct helper_local * hl)5647 static ossl_unused int set_event_handling_mode_stream(struct helper *h, struct helper_local *hl)
5648 {
5649 SSL *ssl = helper_local_get_c_stream(hl, "a");
5650
5651 if (!TEST_ptr(ssl))
5652 return 0;
5653
5654 return SSL_set_event_handling_mode(ssl, hl->check_op->arg2);
5655 }
5656
5657 static const struct script_op script_86[] = {
5658 OP_SKIP_IF_BLOCKING (23)
5659
5660 OP_C_SET_ALPN ("ossltest")
5661 OP_C_CONNECT_WAIT ()
5662
5663 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE)
5664
5665 /* Turn on explicit handling mode. */
5666 OP_CHECK (set_event_handling_mode_conn,
5667 SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT)
5668
5669 /*
5670 * Create a new stream and write data. This won't get sent
5671 * to the network net because we are in explicit mode
5672 * and we haven't called SSL_handle_events().
5673 */
5674 OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0))
5675 OP_C_WRITE (a, "apple", 5)
5676
5677 /* Put connection back into implicit handling mode. */
5678 OP_CHECK (set_event_handling_mode_conn,
5679 SSL_VALUE_EVENT_HANDLING_MODE_IMPLICIT)
5680
5681 /* Override at stream level. */
5682 OP_CHECK (set_event_handling_mode_stream,
5683 SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT)
5684 OP_C_WRITE (a, "orange", 6)
5685 OP_C_CONCLUDE (a)
5686
5687 /*
5688 * Confirm the data isn't going to arrive. OP_SLEEP is always undesirable
5689 * but we have no reasonable way to synchronise on something not arriving
5690 * given all network traffic is essentially stopped and there are no other
5691 * signals arriving from the peer which could be used for synchronisation.
5692 * Slow OSes will pass this anyway (fail-open).
5693 */
5694 OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0))
5695
5696 OP_BEGIN_REPEAT (20)
5697 OP_S_READ_FAIL (a, 1)
5698 OP_SLEEP (10)
5699 OP_END_REPEAT ()
5700
5701 /* Now let the data arrive and confirm it arrives. */
5702 OP_CHECK (reenable_test_event_handling, 0)
5703 OP_S_READ_EXPECT (a, "appleorange", 11)
5704 OP_S_EXPECT_FIN (a)
5705
5706 /* Back into explicit mode. */
5707 OP_CHECK (set_event_handling_mode_conn,
5708 SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT)
5709 OP_S_WRITE (a, "ok", 2)
5710 OP_C_READ_FAIL (a)
5711
5712 /* Works once event handling is done. */
5713 OP_CHECK (reenable_test_event_handling, 0)
5714 OP_C_READ_EXPECT (a, "ok", 2)
5715
5716 OP_END
5717 };
5718
5719 static const struct script_op *const scripts[] = {
5720 script_1,
5721 script_2,
5722 script_3,
5723 script_4,
5724 script_5,
5725 script_6,
5726 script_7,
5727 script_8,
5728 script_9,
5729 script_10,
5730 script_11,
5731 script_12,
5732 script_13,
5733 script_14,
5734 script_15,
5735 script_16,
5736 script_17,
5737 script_18,
5738 script_19,
5739 script_20,
5740 script_21,
5741 script_22,
5742 script_23,
5743 script_24,
5744 script_25,
5745 script_26,
5746 script_27,
5747 script_28,
5748 script_29,
5749 script_30,
5750 script_31,
5751 script_32,
5752 script_33,
5753 script_34,
5754 script_35,
5755 script_36,
5756 script_37,
5757 script_38,
5758 script_39,
5759 script_40,
5760 script_41,
5761 script_42,
5762 script_43,
5763 script_44,
5764 script_45,
5765 script_46,
5766 script_47,
5767 script_48,
5768 script_49,
5769 script_50,
5770 script_51,
5771 script_52,
5772 script_53,
5773 script_54,
5774 script_55,
5775 script_56,
5776 script_57,
5777 script_58,
5778 script_59,
5779 script_60,
5780 script_61,
5781 script_62,
5782 script_63,
5783 script_64,
5784 script_65,
5785 script_66,
5786 script_67,
5787 script_68,
5788 script_69,
5789 script_70,
5790 script_71,
5791 script_72,
5792 script_73,
5793 script_74,
5794 script_75,
5795 script_76,
5796 script_77,
5797 script_78,
5798 script_79,
5799 script_80,
5800 script_81,
5801 script_82,
5802 script_83,
5803 script_84,
5804 script_85,
5805 script_86
5806 };
5807
test_script(int idx)5808 static int test_script(int idx)
5809 {
5810 int script_idx, free_order, blocking;
5811 char script_name[64];
5812
5813 free_order = idx % 2;
5814 idx /= 2;
5815
5816 blocking = idx % 2;
5817 idx /= 2;
5818
5819 script_idx = idx;
5820
5821 if (blocking && free_order)
5822 return 1; /* don't need to test free_order twice */
5823
5824 #if !defined(OPENSSL_THREADS)
5825 if (blocking) {
5826 TEST_skip("cannot test in blocking mode without threads");
5827 return 1;
5828 }
5829 #endif
5830
5831 BIO_snprintf(script_name, sizeof(script_name), "script %d", script_idx + 1);
5832
5833 TEST_info("Running script %d (order=%d, blocking=%d)", script_idx + 1,
5834 free_order, blocking);
5835 return run_script(scripts[script_idx], script_name, free_order, blocking);
5836 }
5837
5838 /* Dynamically generated tests. */
5839 static struct script_op dyn_frame_types_script[] = {
5840 OP_S_SET_INJECT_PLAIN (script_21_inject_plain)
5841 OP_SET_INJECT_WORD (0, 0) /* dynamic */
5842
5843 OP_C_SET_ALPN ("ossltest")
5844 OP_C_CONNECT_WAIT_OR_FAIL()
5845
5846 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR,0,0)
5847
5848 OP_END
5849 };
5850
5851 struct forbidden_frame_type {
5852 uint64_t pkt_type, frame_type, expected_err;
5853 };
5854
5855 static const struct forbidden_frame_type forbidden_frame_types[] = {
5856 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_VLINT_MAX, OSSL_QUIC_ERR_FRAME_ENCODING_ERROR },
5857 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_VLINT_MAX, OSSL_QUIC_ERR_FRAME_ENCODING_ERROR },
5858 { QUIC_PKT_TYPE_1RTT, OSSL_QUIC_VLINT_MAX, OSSL_QUIC_ERR_FRAME_ENCODING_ERROR },
5859
5860 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_STREAM, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5861 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_RESET_STREAM, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5862 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_STOP_SENDING, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5863 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_NEW_TOKEN, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5864 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_MAX_DATA, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5865 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5866 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_BIDI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5867 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_UNI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5868 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_DATA_BLOCKED, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5869 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5870 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_BIDI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5871 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_UNI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5872 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5873 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5874 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_PATH_CHALLENGE, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5875 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5876 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_APP, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5877 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_HANDSHAKE_DONE, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5878
5879 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_STREAM, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5880 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_RESET_STREAM, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5881 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_STOP_SENDING, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5882 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_NEW_TOKEN, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5883 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_MAX_DATA, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5884 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5885 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_BIDI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5886 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_UNI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5887 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_DATA_BLOCKED, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5888 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5889 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_BIDI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5890 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_UNI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5891 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5892 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5893 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_PATH_CHALLENGE, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5894 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5895 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_APP, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5896 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_HANDSHAKE_DONE, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5897
5898 /* Client uses a zero-length CID so this is not allowed. */
5899 { QUIC_PKT_TYPE_1RTT, OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID, OSSL_QUIC_ERR_PROTOCOL_VIOLATION },
5900 };
5901
test_dyn_frame_types(int idx)5902 static ossl_unused int test_dyn_frame_types(int idx)
5903 {
5904 size_t i;
5905 char script_name[64];
5906 struct script_op *s = dyn_frame_types_script;
5907
5908 for (i = 0; i < OSSL_NELEM(dyn_frame_types_script); ++i)
5909 if (s[i].op == OPK_SET_INJECT_WORD) {
5910 s[i].arg1 = (size_t)forbidden_frame_types[idx].pkt_type;
5911 s[i].arg2 = forbidden_frame_types[idx].frame_type;
5912 } else if (s[i].op == OPK_C_EXPECT_CONN_CLOSE_INFO) {
5913 s[i].arg2 = forbidden_frame_types[idx].expected_err;
5914 }
5915
5916 BIO_snprintf(script_name, sizeof(script_name),
5917 "dyn script %d", idx);
5918
5919 return run_script(dyn_frame_types_script, script_name, 0, 0);
5920 }
5921
5922 OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n")
5923
setup_tests(void)5924 int setup_tests(void)
5925 {
5926 #if defined (_PUT_MODEL_)
5927 return TEST_skip("QUIC is not supported by this build");
5928 #endif
5929
5930 if (!test_skip_common_options()) {
5931 TEST_error("Error parsing test options\n");
5932 return 0;
5933 }
5934
5935 if (!TEST_ptr(certfile = test_get_argument(0))
5936 || !TEST_ptr(keyfile = test_get_argument(1)))
5937 return 0;
5938
5939 ADD_ALL_TESTS(test_dyn_frame_types, OSSL_NELEM(forbidden_frame_types));
5940 ADD_ALL_TESTS(test_script, OSSL_NELEM(scripts) * 2 * 2);
5941 return 1;
5942 }
5943
