1 /* 2 * Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 #include <openssl/ssl.h> 10 #include <openssl/quic.h> 11 #include <openssl/bio.h> 12 #include <openssl/lhash.h> 13 #include <openssl/rand.h> 14 #include "internal/quic_tserver.h" 15 #include "internal/quic_ssl.h" 16 #include "internal/quic_error.h" 17 #include "internal/quic_stream_map.h" 18 #include "internal/quic_engine.h" 19 #include "testutil.h" 20 #include "helpers/quictestlib.h" 21 #if defined(OPENSSL_THREADS) 22 #include "internal/thread_arch.h" 23 #endif 24 #include "internal/numbers.h" /* UINT64_C */ 25 26 static const char *certfile, *keyfile; 27 28 #if defined(_AIX) 29 /* 30 * Some versions of AIX define macros for events and revents for use when 31 * accessing pollfd structures (see Github issue #24236). That interferes 32 * with our use of these names here. We simply undef them. 33 */ 34 #undef revents 35 #undef events 36 #endif 37 38 #if defined(OPENSSL_THREADS) 39 struct child_thread_args { 40 struct helper *h; 41 const struct script_op *script; 42 const char *script_name; 43 int thread_idx; 44 45 CRYPTO_THREAD *t; 46 CRYPTO_MUTEX *m; 47 int testresult; 48 int done; 49 int s_checked_out; 50 }; 51 #endif 52 53 typedef struct stream_info { 54 const char *name; 55 SSL *c_stream; 56 uint64_t s_stream_id; 57 } STREAM_INFO; 58 59 DEFINE_LHASH_OF_EX(STREAM_INFO); 60 61 struct helper { 62 int s_fd; 63 BIO *s_net_bio, *s_net_bio_own, *s_qtf_wbio, *s_qtf_wbio_own; 64 /* The BIO_ADDR used for BIO_bind() */ 65 BIO_ADDR *s_net_bio_orig_addr; 66 /* The resulting address, which is the one to connect to */ 67 BIO_ADDR *s_net_bio_addr; 68 69 /* 70 * When doing a blocking mode test run, s_priv always points to the TSERVER 71 * and s is NULL when the main thread should not be touching s_priv. 72 */ 73 QUIC_TSERVER *s, *s_priv; 74 LHASH_OF(STREAM_INFO) *s_streams; 75 76 int c_fd; 77 BIO *c_net_bio, *c_net_bio_own; 78 SSL_CTX *c_ctx; 79 SSL *c_conn; 80 LHASH_OF(STREAM_INFO) *c_streams; 81 82 #if defined(OPENSSL_THREADS) 83 struct child_thread_args *threads; 84 size_t num_threads; 85 CRYPTO_MUTEX *misc_m; 86 CRYPTO_CONDVAR *misc_cv; 87 #endif 88 89 OSSL_TIME start_time; 90 91 /* 92 * This is a duration recording the amount of time we have skipped forwards 93 * for testing purposes relative to the real ossl_time_now() clock. We add 94 * a quantity of time to this every time we skip some time. 95 */ 96 CRYPTO_RWLOCK *time_lock; 97 OSSL_TIME time_slip; /* protected by time_lock */ 98 99 QTEST_FAULT *qtf; 100 101 int init, blocking, check_spin_again; 102 int free_order, need_injector; 103 104 int (*qtf_packet_plain_cb)(struct helper *h, QUIC_PKT_HDR *hdr, 105 unsigned char *buf, size_t buf_len); 106 int (*qtf_handshake_cb)(struct helper *h, 107 unsigned char *buf, size_t buf_len); 108 int (*qtf_datagram_cb)(struct helper *h, 109 BIO_MSG *m, size_t stride); 110 uint64_t inject_word0, inject_word1; 111 uint64_t scratch0, scratch1, fail_count; 112 #if defined(OPENSSL_THREADS) 113 struct { 114 CRYPTO_THREAD *t; 115 CRYPTO_MUTEX *m; 116 CRYPTO_CONDVAR *c; 117 int ready, stop; 118 } server_thread; 119 int s_checked_out; 120 #endif 121 }; 122 123 struct helper_local { 124 struct helper *h; 125 LHASH_OF(STREAM_INFO) *c_streams; 126 int thread_idx; 127 const struct script_op *check_op; 128 int explicit_event_handling; 129 }; 130 131 struct script_op { 132 uint32_t op; 133 const void *arg0; 134 size_t arg1; 135 int (*check_func)(struct helper *h, struct helper_local *hl); 136 const char *stream_name; 137 uint64_t arg2; 138 int (*qtf_packet_plain_cb)(struct helper *h, QUIC_PKT_HDR *hdr, 139 unsigned char *buf, size_t buf_len); 140 int (*qtf_handshake_cb)(struct helper *h, 141 unsigned char *buf, size_t buf_len); 142 int (*qtf_datagram_cb)(struct helper *h, 143 BIO_MSG *m, size_t stride); 144 }; 145 146 #define OPK_END 0 147 #define OPK_CHECK 1 148 #define OPK_C_SET_ALPN 2 149 #define OPK_C_CONNECT_WAIT 3 150 #define OPK_C_WRITE 4 151 #define OPK_S_WRITE 5 152 #define OPK_C_READ_EXPECT 6 153 #define OPK_S_READ_EXPECT 7 154 #define OPK_C_EXPECT_FIN 8 155 #define OPK_S_EXPECT_FIN 9 156 #define OPK_C_CONCLUDE 10 157 #define OPK_S_CONCLUDE 11 158 #define OPK_C_DETACH 12 159 #define OPK_C_ATTACH 13 160 #define OPK_C_NEW_STREAM 14 161 #define OPK_S_NEW_STREAM 15 162 #define OPK_C_ACCEPT_STREAM_WAIT 16 163 #define OPK_C_ACCEPT_STREAM_NONE 17 164 #define OPK_C_FREE_STREAM 18 165 #define OPK_C_SET_DEFAULT_STREAM_MODE 19 166 #define OPK_C_SET_INCOMING_STREAM_POLICY 20 167 #define OPK_C_SHUTDOWN_WAIT 21 168 #define OPK_C_EXPECT_CONN_CLOSE_INFO 22 169 #define OPK_S_EXPECT_CONN_CLOSE_INFO 23 170 #define OPK_S_BIND_STREAM_ID 24 171 #define OPK_C_WAIT_FOR_DATA 25 172 #define OPK_C_WRITE_FAIL 26 173 #define OPK_S_WRITE_FAIL 27 174 #define OPK_C_READ_FAIL 28 175 #define OPK_C_STREAM_RESET 29 176 #define OPK_S_ACCEPT_STREAM_WAIT 30 177 #define OPK_NEW_THREAD 31 178 #define OPK_BEGIN_REPEAT 32 179 #define OPK_END_REPEAT 33 180 #define OPK_S_UNBIND_STREAM_ID 34 181 #define OPK_C_READ_FAIL_WAIT 35 182 #define OPK_C_CLOSE_SOCKET 36 183 #define OPK_C_EXPECT_SSL_ERR 37 184 #define OPK_EXPECT_ERR_REASON 38 185 #define OPK_EXPECT_ERR_LIB 39 186 #define OPK_SLEEP 40 187 #define OPK_S_READ_FAIL 41 188 #define OPK_S_SET_INJECT_PLAIN 42 189 #define OPK_SET_INJECT_WORD 43 190 #define OPK_C_INHIBIT_TICK 44 191 #define OPK_C_SET_WRITE_BUF_SIZE 45 192 #define OPK_S_SET_INJECT_HANDSHAKE 46 193 #define OPK_S_NEW_TICKET 47 194 #define OPK_C_SKIP_IF_UNBOUND 48 195 #define OPK_S_SET_INJECT_DATAGRAM 49 196 #define OPK_S_SHUTDOWN 50 197 #define OPK_POP_ERR 51 198 #define OPK_C_WRITE_EX2 52 199 #define OPK_SKIP_IF_BLOCKING 53 200 #define OPK_C_STREAM_RESET_FAIL 54 201 202 #define EXPECT_CONN_CLOSE_APP (1U << 0) 203 #define EXPECT_CONN_CLOSE_REMOTE (1U << 1) 204 205 /* OPK_C_NEW_STREAM */ 206 #define ALLOW_FAIL (1U << 16) 207 208 #define C_BIDI_ID(ordinal) \ 209 (((ordinal) << 2) | QUIC_STREAM_INITIATOR_CLIENT | QUIC_STREAM_DIR_BIDI) 210 #define S_BIDI_ID(ordinal) \ 211 (((ordinal) << 2) | QUIC_STREAM_INITIATOR_SERVER | QUIC_STREAM_DIR_BIDI) 212 #define C_UNI_ID(ordinal) \ 213 (((ordinal) << 2) | QUIC_STREAM_INITIATOR_CLIENT | QUIC_STREAM_DIR_UNI) 214 #define S_UNI_ID(ordinal) \ 215 (((ordinal) << 2) | QUIC_STREAM_INITIATOR_SERVER | QUIC_STREAM_DIR_UNI) 216 217 #define ANY_ID UINT64_MAX 218 219 #define OP_END \ 220 { OPK_END } 221 #define OP_CHECK(func, arg2) \ 222 { OPK_CHECK, NULL, 0, (func), NULL, (arg2) }, 223 #define OP_C_SET_ALPN(alpn) \ 224 { OPK_C_SET_ALPN, (alpn), 0, NULL, NULL }, 225 #define OP_C_CONNECT_WAIT() \ 226 { OPK_C_CONNECT_WAIT, NULL, 0, NULL, NULL }, 227 #define OP_C_CONNECT_WAIT_OR_FAIL() \ 228 { OPK_C_CONNECT_WAIT, NULL, 1, NULL, NULL }, 229 #define OP_C_WRITE(stream_name, buf, buf_len) \ 230 { OPK_C_WRITE, (buf), (buf_len), NULL, #stream_name }, 231 #define OP_S_WRITE(stream_name, buf, buf_len) \ 232 { OPK_S_WRITE, (buf), (buf_len), NULL, #stream_name }, 233 #define OP_C_READ_EXPECT(stream_name, buf, buf_len) \ 234 { OPK_C_READ_EXPECT, (buf), (buf_len), NULL, #stream_name }, 235 #define OP_S_READ_EXPECT(stream_name, buf, buf_len) \ 236 { OPK_S_READ_EXPECT, (buf), (buf_len), NULL, #stream_name }, 237 #define OP_C_EXPECT_FIN(stream_name) \ 238 { OPK_C_EXPECT_FIN, NULL, 0, NULL, #stream_name }, 239 #define OP_S_EXPECT_FIN(stream_name) \ 240 { OPK_S_EXPECT_FIN, NULL, 0, NULL, #stream_name }, 241 #define OP_C_CONCLUDE(stream_name) \ 242 { OPK_C_CONCLUDE, NULL, 0, NULL, #stream_name }, 243 #define OP_S_CONCLUDE(stream_name) \ 244 { OPK_S_CONCLUDE, NULL, 0, NULL, #stream_name }, 245 #define OP_C_DETACH(stream_name) \ 246 { OPK_C_DETACH, NULL, 0, NULL, #stream_name }, 247 #define OP_C_ATTACH(stream_name) \ 248 { OPK_C_ATTACH, NULL, 0, NULL, #stream_name }, 249 #define OP_C_NEW_STREAM_BIDI(stream_name, expect_id) \ 250 { OPK_C_NEW_STREAM, NULL, 0, NULL, #stream_name, (expect_id) }, 251 #define OP_C_NEW_STREAM_BIDI_EX(stream_name, expect_id, flags) \ 252 { OPK_C_NEW_STREAM, NULL, (flags), NULL, #stream_name, (expect_id) }, 253 #define OP_C_NEW_STREAM_UNI(stream_name, expect_id) \ 254 { OPK_C_NEW_STREAM, NULL, SSL_STREAM_FLAG_UNI, \ 255 NULL, #stream_name, (expect_id) }, 256 #define OP_C_NEW_STREAM_UNI_EX(stream_name, expect_id, flags) \ 257 { OPK_C_NEW_STREAM, NULL, (flags) | SSL_STREAM_FLAG_UNI, \ 258 NULL, #stream_name, (expect_id) }, 259 #define OP_S_NEW_STREAM_BIDI(stream_name, expect_id) \ 260 { OPK_S_NEW_STREAM, NULL, 0, NULL, #stream_name, (expect_id) }, 261 #define OP_S_NEW_STREAM_UNI(stream_name, expect_id) \ 262 { OPK_S_NEW_STREAM, NULL, 1, NULL, #stream_name, (expect_id) }, 263 #define OP_C_ACCEPT_STREAM_WAIT(stream_name) \ 264 { OPK_C_ACCEPT_STREAM_WAIT, NULL, 0, NULL, #stream_name }, 265 #define OP_C_ACCEPT_STREAM_NONE() \ 266 { OPK_C_ACCEPT_STREAM_NONE, NULL, 0, NULL, NULL }, 267 #define OP_C_FREE_STREAM(stream_name) \ 268 { OPK_C_FREE_STREAM, NULL, 0, NULL, #stream_name }, 269 #define OP_C_SET_DEFAULT_STREAM_MODE(mode) \ 270 { OPK_C_SET_DEFAULT_STREAM_MODE, NULL, (mode), NULL, NULL }, 271 #define OP_C_SET_INCOMING_STREAM_POLICY(policy) \ 272 { OPK_C_SET_INCOMING_STREAM_POLICY, NULL, (policy), NULL, NULL }, 273 #define OP_C_SHUTDOWN_WAIT(reason, flags) \ 274 { OPK_C_SHUTDOWN_WAIT, (reason), (flags), NULL, NULL }, 275 #define OP_C_EXPECT_CONN_CLOSE_INFO(ec, app, remote) \ 276 { OPK_C_EXPECT_CONN_CLOSE_INFO, NULL, \ 277 ((app) ? EXPECT_CONN_CLOSE_APP : 0) | ((remote) ? EXPECT_CONN_CLOSE_REMOTE : 0), \ 278 NULL, NULL, (ec) }, 279 #define OP_S_EXPECT_CONN_CLOSE_INFO(ec, app, remote) \ 280 { OPK_S_EXPECT_CONN_CLOSE_INFO, NULL, \ 281 ((app) ? EXPECT_CONN_CLOSE_APP : 0) | ((remote) ? EXPECT_CONN_CLOSE_REMOTE : 0), \ 282 NULL, NULL, (ec) }, 283 #define OP_S_BIND_STREAM_ID(stream_name, stream_id) \ 284 { OPK_S_BIND_STREAM_ID, NULL, 0, NULL, #stream_name, (stream_id) }, 285 #define OP_C_WAIT_FOR_DATA(stream_name) \ 286 { OPK_C_WAIT_FOR_DATA, NULL, 0, NULL, #stream_name }, 287 #define OP_C_WRITE_FAIL(stream_name) \ 288 { OPK_C_WRITE_FAIL, NULL, 0, NULL, #stream_name }, 289 #define OP_S_WRITE_FAIL(stream_name) \ 290 { OPK_S_WRITE_FAIL, NULL, 0, NULL, #stream_name }, 291 #define OP_C_READ_FAIL(stream_name) \ 292 { OPK_C_READ_FAIL, NULL, 0, NULL, #stream_name }, 293 #define OP_S_READ_FAIL(stream_name, allow_zero_len) \ 294 { OPK_S_READ_FAIL, NULL, (allow_zero_len), NULL, #stream_name }, 295 #define OP_C_STREAM_RESET(stream_name, aec) \ 296 { OPK_C_STREAM_RESET, NULL, 0, NULL, #stream_name, (aec) }, 297 #define OP_C_STREAM_RESET_FAIL(stream_name, aec) \ 298 { OPK_C_STREAM_RESET_FAIL, NULL, 0, NULL, #stream_name, (aec) }, 299 #define OP_S_ACCEPT_STREAM_WAIT(stream_name) \ 300 { OPK_S_ACCEPT_STREAM_WAIT, NULL, 0, NULL, #stream_name }, 301 #define OP_NEW_THREAD(num_threads, script) \ 302 { OPK_NEW_THREAD, (script), (num_threads), NULL, NULL, 0 }, 303 #define OP_BEGIN_REPEAT(n) \ 304 { OPK_BEGIN_REPEAT, NULL, (n) }, 305 #define OP_END_REPEAT() \ 306 { OPK_END_REPEAT }, 307 #define OP_S_UNBIND_STREAM_ID(stream_name) \ 308 { OPK_S_UNBIND_STREAM_ID, NULL, 0, NULL, #stream_name }, 309 #define OP_C_READ_FAIL_WAIT(stream_name) \ 310 { OPK_C_READ_FAIL_WAIT, NULL, 0, NULL, #stream_name }, 311 #define OP_C_CLOSE_SOCKET() \ 312 { OPK_C_CLOSE_SOCKET }, 313 #define OP_C_EXPECT_SSL_ERR(stream_name, err) \ 314 { OPK_C_EXPECT_SSL_ERR, NULL, (err), NULL, #stream_name }, 315 #define OP_EXPECT_ERR_REASON(err) \ 316 { OPK_EXPECT_ERR_REASON, NULL, (err) }, 317 #define OP_EXPECT_ERR_LIB(lib) \ 318 { OPK_EXPECT_ERR_LIB, NULL, (lib) }, 319 #define OP_SLEEP(ms) \ 320 { OPK_SLEEP, NULL, 0, NULL, NULL, (ms) }, 321 #define OP_S_SET_INJECT_PLAIN(f) \ 322 { OPK_S_SET_INJECT_PLAIN, NULL, 0, NULL, NULL, 0, (f) }, 323 #define OP_SET_INJECT_WORD(w0, w1) \ 324 { OPK_SET_INJECT_WORD, NULL, (w0), NULL, NULL, (w1), NULL }, 325 #define OP_C_INHIBIT_TICK(inhibit) \ 326 { OPK_C_INHIBIT_TICK, NULL, (inhibit), NULL, NULL, 0, NULL }, 327 #define OP_C_SET_WRITE_BUF_SIZE(stream_name, size) \ 328 { OPK_C_SET_WRITE_BUF_SIZE, NULL, (size), NULL, #stream_name }, 329 #define OP_S_SET_INJECT_HANDSHAKE(f) \ 330 { OPK_S_SET_INJECT_HANDSHAKE, NULL, 0, NULL, NULL, 0, NULL, (f) }, 331 #define OP_S_NEW_TICKET() \ 332 { OPK_S_NEW_TICKET }, 333 #define OP_C_SKIP_IF_UNBOUND(stream_name, n) \ 334 { OPK_C_SKIP_IF_UNBOUND, NULL, (n), NULL, #stream_name }, 335 #define OP_S_SET_INJECT_DATAGRAM(f) \ 336 { OPK_S_SET_INJECT_DATAGRAM, NULL, 0, NULL, NULL, 0, NULL, NULL, (f) }, 337 #define OP_S_SHUTDOWN(error_code) \ 338 { OPK_S_SHUTDOWN, NULL, (error_code) }, 339 #define OP_POP_ERR() \ 340 { OPK_POP_ERR }, 341 #define OP_C_WRITE_EX2(stream_name, buf, buf_len, flags) \ 342 { OPK_C_WRITE_EX2, (buf), (buf_len), NULL, #stream_name, (flags) }, 343 #define OP_CHECK2(func, arg1, arg2) \ 344 { OPK_CHECK, NULL, (arg1), (func), NULL, (arg2) }, 345 #define OP_SKIP_IF_BLOCKING(n) \ 346 { OPK_SKIP_IF_BLOCKING, NULL, (n), NULL, 0 }, 347 348 static OSSL_TIME get_time(void *arg) 349 { 350 struct helper *h = arg; 351 OSSL_TIME t; 352 353 if (!TEST_true(CRYPTO_THREAD_read_lock(h->time_lock))) 354 return ossl_time_zero(); 355 356 t = ossl_time_add(ossl_time_now(), h->time_slip); 357 358 CRYPTO_THREAD_unlock(h->time_lock); 359 return t; 360 } 361 362 static int skip_time_ms(struct helper *h, struct helper_local *hl) 363 { 364 if (!TEST_true(CRYPTO_THREAD_write_lock(h->time_lock))) 365 return 0; 366 367 h->time_slip = ossl_time_add(h->time_slip, ossl_ms2time(hl->check_op->arg2)); 368 369 CRYPTO_THREAD_unlock(h->time_lock); 370 return 1; 371 } 372 373 static QUIC_TSERVER *s_lock(struct helper *h, struct helper_local *hl); 374 static void s_unlock(struct helper *h, struct helper_local *hl); 375 376 #define ACQUIRE_S() s_lock(h, hl) 377 #define ACQUIRE_S_NOHL() s_lock(h, NULL) 378 379 static int check_rejected(struct helper *h, struct helper_local *hl) 380 { 381 uint64_t stream_id = hl->check_op->arg2; 382 383 if (!ossl_quic_tserver_stream_has_peer_stop_sending(ACQUIRE_S(), stream_id, NULL) 384 || !ossl_quic_tserver_stream_has_peer_reset_stream(ACQUIRE_S(), stream_id, NULL)) { 385 h->check_spin_again = 1; 386 return 0; 387 } 388 389 return 1; 390 } 391 392 static int check_stream_reset(struct helper *h, struct helper_local *hl) 393 { 394 uint64_t stream_id = hl->check_op->arg2, aec = 0; 395 396 if (!ossl_quic_tserver_stream_has_peer_reset_stream(ACQUIRE_S(), stream_id, &aec)) { 397 h->check_spin_again = 1; 398 return 0; 399 } 400 401 return TEST_uint64_t_eq(aec, 42); 402 } 403 404 static int check_stream_stopped(struct helper *h, struct helper_local *hl) 405 { 406 uint64_t stream_id = hl->check_op->arg2; 407 408 if (!ossl_quic_tserver_stream_has_peer_stop_sending(ACQUIRE_S(), stream_id, NULL)) { 409 h->check_spin_again = 1; 410 return 0; 411 } 412 413 return 1; 414 } 415 416 static int override_key_update(struct helper *h, struct helper_local *hl) 417 { 418 QUIC_CHANNEL *ch = ossl_quic_conn_get_channel(h->c_conn); 419 420 ossl_quic_channel_set_txku_threshold_override(ch, hl->check_op->arg2); 421 return 1; 422 } 423 424 static int trigger_key_update(struct helper *h, struct helper_local *hl) 425 { 426 if (!TEST_true(SSL_key_update(h->c_conn, SSL_KEY_UPDATE_REQUESTED))) 427 return 0; 428 429 return 1; 430 } 431 432 static int check_key_update_ge(struct helper *h, struct helper_local *hl) 433 { 434 QUIC_CHANNEL *ch = ossl_quic_conn_get_channel(h->c_conn); 435 int64_t txke = (int64_t)ossl_quic_channel_get_tx_key_epoch(ch); 436 int64_t rxke = (int64_t)ossl_quic_channel_get_rx_key_epoch(ch); 437 int64_t diff = txke - rxke; 438 439 /* 440 * TXKE must always be equal to or ahead of RXKE. 441 * It can be ahead of RXKE by at most 1. 442 */ 443 if (!TEST_int64_t_ge(diff, 0) || !TEST_int64_t_le(diff, 1)) 444 return 0; 445 446 /* Caller specifies a minimum number of RXKEs which must have happened. */ 447 if (!TEST_uint64_t_ge((uint64_t)rxke, hl->check_op->arg2)) 448 return 0; 449 450 return 1; 451 } 452 453 static int check_key_update_lt(struct helper *h, struct helper_local *hl) 454 { 455 QUIC_CHANNEL *ch = ossl_quic_conn_get_channel(h->c_conn); 456 uint64_t txke = ossl_quic_channel_get_tx_key_epoch(ch); 457 458 /* Caller specifies a maximum number of TXKEs which must have happened. */ 459 if (!TEST_uint64_t_lt(txke, hl->check_op->arg2)) 460 return 0; 461 462 return 1; 463 } 464 465 static unsigned long stream_info_hash(const STREAM_INFO *info) 466 { 467 return OPENSSL_LH_strhash(info->name); 468 } 469 470 static int stream_info_cmp(const STREAM_INFO *a, const STREAM_INFO *b) 471 { 472 return strcmp(a->name, b->name); 473 } 474 475 static void cleanup_stream(STREAM_INFO *info) 476 { 477 SSL_free(info->c_stream); 478 OPENSSL_free(info); 479 } 480 481 static void helper_cleanup_streams(LHASH_OF(STREAM_INFO) **lh) 482 { 483 if (*lh == NULL) 484 return; 485 486 lh_STREAM_INFO_doall(*lh, cleanup_stream); 487 lh_STREAM_INFO_free(*lh); 488 *lh = NULL; 489 } 490 491 #if defined(OPENSSL_THREADS) 492 static CRYPTO_THREAD_RETVAL run_script_child_thread(void *arg); 493 494 static int join_threads(struct child_thread_args *threads, size_t num_threads) 495 { 496 int ok = 1; 497 size_t i; 498 CRYPTO_THREAD_RETVAL rv; 499 500 for (i = 0; i < num_threads; ++i) { 501 if (threads[i].t != NULL) { 502 ossl_crypto_thread_native_join(threads[i].t, &rv); 503 504 if (!threads[i].testresult) 505 /* Do not log failure here, worker will do it. */ 506 ok = 0; 507 508 ossl_crypto_thread_native_clean(threads[i].t); 509 threads[i].t = NULL; 510 } 511 512 ossl_crypto_mutex_free(&threads[i].m); 513 } 514 515 return ok; 516 } 517 518 static int join_server_thread(struct helper *h) 519 { 520 CRYPTO_THREAD_RETVAL rv; 521 522 if (h->server_thread.t == NULL) 523 return 1; 524 525 ossl_crypto_mutex_lock(h->server_thread.m); 526 h->server_thread.stop = 1; 527 ossl_crypto_condvar_signal(h->server_thread.c); 528 ossl_crypto_mutex_unlock(h->server_thread.m); 529 530 ossl_crypto_thread_native_join(h->server_thread.t, &rv); 531 ossl_crypto_thread_native_clean(h->server_thread.t); 532 h->server_thread.t = NULL; 533 return 1; 534 } 535 536 /* Ensure the server-state lock is currently held. Idempotent. */ 537 static int *s_checked_out_p(struct helper *h, int thread_idx) 538 { 539 return (thread_idx < 0) ? &h->s_checked_out 540 : &h->threads[thread_idx].s_checked_out; 541 } 542 543 static QUIC_TSERVER *s_lock(struct helper *h, struct helper_local *hl) 544 { 545 int *p_checked_out = s_checked_out_p(h, hl == NULL ? -1 : hl->thread_idx); 546 547 if (h->server_thread.m == NULL || *p_checked_out) 548 return h->s; 549 550 ossl_crypto_mutex_lock(h->server_thread.m); 551 h->s = h->s_priv; 552 *p_checked_out = 1; 553 return h->s; 554 } 555 556 /* Ensure the server-state lock is currently not held. Idempotent. */ 557 static void s_unlock(struct helper *h, struct helper_local *hl) 558 { 559 int *p_checked_out = s_checked_out_p(h, hl->thread_idx); 560 561 if (h->server_thread.m == NULL || !*p_checked_out) 562 return; 563 564 *p_checked_out = 0; 565 h->s = NULL; 566 ossl_crypto_mutex_unlock(h->server_thread.m); 567 } 568 569 static unsigned int server_helper_thread(void *arg) 570 { 571 struct helper *h = arg; 572 573 ossl_crypto_mutex_lock(h->server_thread.m); 574 575 for (;;) { 576 int ready, stop; 577 578 ready = h->server_thread.ready; 579 stop = h->server_thread.stop; 580 581 if (stop) 582 break; 583 584 if (!ready) { 585 ossl_crypto_condvar_wait(h->server_thread.c, h->server_thread.m); 586 continue; 587 } 588 589 ossl_quic_tserver_tick(h->s_priv); 590 ossl_crypto_mutex_unlock(h->server_thread.m); 591 /* 592 * Give the main thread an opportunity to get the mutex, which is 593 * sometimes necessary in some script operations. 594 */ 595 OSSL_sleep(1); 596 ossl_crypto_mutex_lock(h->server_thread.m); 597 } 598 599 ossl_crypto_mutex_unlock(h->server_thread.m); 600 return 1; 601 } 602 603 #else 604 605 static QUIC_TSERVER *s_lock(struct helper *h, struct helper_local *hl) 606 { 607 return h->s; 608 } 609 610 static void s_unlock(struct helper *h, struct helper_local *hl) 611 { 612 } 613 614 #endif 615 616 static void helper_cleanup(struct helper *h) 617 { 618 #if defined(OPENSSL_THREADS) 619 join_threads(h->threads, h->num_threads); 620 join_server_thread(h); 621 OPENSSL_free(h->threads); 622 h->threads = NULL; 623 h->num_threads = 0; 624 #endif 625 626 if (h->free_order == 0) { 627 /* order 0: streams, then conn */ 628 helper_cleanup_streams(&h->c_streams); 629 630 SSL_free(h->c_conn); 631 h->c_conn = NULL; 632 } else { 633 /* order 1: conn, then streams */ 634 SSL_free(h->c_conn); 635 h->c_conn = NULL; 636 637 helper_cleanup_streams(&h->c_streams); 638 } 639 640 helper_cleanup_streams(&h->s_streams); 641 ossl_quic_tserver_free(h->s_priv); 642 h->s_priv = h->s = NULL; 643 644 BIO_free(h->s_net_bio_own); 645 h->s_net_bio_own = NULL; 646 647 BIO_free(h->c_net_bio_own); 648 h->c_net_bio_own = NULL; 649 650 BIO_free(h->s_qtf_wbio_own); 651 h->s_qtf_wbio_own = NULL; 652 653 qtest_fault_free(h->qtf); 654 h->qtf = NULL; 655 656 if (h->s_fd >= 0) { 657 BIO_closesocket(h->s_fd); 658 h->s_fd = -1; 659 } 660 661 if (h->c_fd >= 0) { 662 BIO_closesocket(h->c_fd); 663 h->c_fd = -1; 664 } 665 666 BIO_ADDR_free(h->s_net_bio_addr); 667 h->s_net_bio_addr = NULL; 668 BIO_ADDR_free(h->s_net_bio_orig_addr); 669 h->s_net_bio_orig_addr = NULL; 670 671 SSL_CTX_free(h->c_ctx); 672 h->c_ctx = NULL; 673 674 CRYPTO_THREAD_lock_free(h->time_lock); 675 h->time_lock = NULL; 676 677 #if defined(OPENSSL_THREADS) 678 ossl_crypto_mutex_free(&h->misc_m); 679 ossl_crypto_condvar_free(&h->misc_cv); 680 ossl_crypto_mutex_free(&h->server_thread.m); 681 ossl_crypto_condvar_free(&h->server_thread.c); 682 #endif 683 } 684 685 static int helper_init(struct helper *h, const char *script_name, 686 int free_order, int blocking, 687 int need_injector) 688 { 689 struct in_addr ina = { 0 }; 690 QUIC_TSERVER_ARGS s_args = { 0 }; 691 union BIO_sock_info_u info; 692 char title[128]; 693 QTEST_DATA *bdata = NULL; 694 695 memset(h, 0, sizeof(*h)); 696 h->c_fd = -1; 697 h->s_fd = -1; 698 h->free_order = free_order; 699 h->blocking = blocking; 700 h->need_injector = need_injector; 701 h->time_slip = ossl_time_zero(); 702 703 bdata = OPENSSL_zalloc(sizeof(QTEST_DATA)); 704 if (bdata == NULL) 705 goto err; 706 707 if (!TEST_ptr(h->time_lock = CRYPTO_THREAD_lock_new())) 708 goto err; 709 710 if (!TEST_ptr(h->s_streams = lh_STREAM_INFO_new(stream_info_hash, 711 stream_info_cmp))) 712 goto err; 713 714 if (!TEST_ptr(h->c_streams = lh_STREAM_INFO_new(stream_info_hash, 715 stream_info_cmp))) 716 goto err; 717 718 ina.s_addr = htonl(0x7f000001UL); 719 720 h->s_fd = BIO_socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP, 0); 721 if (!TEST_int_ge(h->s_fd, 0)) 722 goto err; 723 724 if (!TEST_true(BIO_socket_nbio(h->s_fd, 1))) 725 goto err; 726 727 if (!TEST_ptr(h->s_net_bio_orig_addr = BIO_ADDR_new()) 728 || !TEST_ptr(h->s_net_bio_addr = BIO_ADDR_new())) 729 goto err; 730 731 if (!TEST_true(BIO_ADDR_rawmake(h->s_net_bio_orig_addr, AF_INET, 732 &ina, sizeof(ina), 0))) 733 goto err; 734 735 if (!TEST_true(BIO_bind(h->s_fd, h->s_net_bio_orig_addr, 0))) 736 goto err; 737 738 info.addr = h->s_net_bio_addr; 739 if (!TEST_true(BIO_sock_info(h->s_fd, BIO_SOCK_INFO_ADDRESS, &info))) 740 goto err; 741 742 if (!TEST_int_gt(BIO_ADDR_rawport(h->s_net_bio_addr), 0)) 743 goto err; 744 745 if (!TEST_ptr(h->s_net_bio = h->s_net_bio_own = BIO_new_dgram(h->s_fd, 0))) 746 goto err; 747 748 if (!BIO_up_ref(h->s_net_bio)) 749 goto err; 750 751 if (need_injector) { 752 h->s_qtf_wbio = h->s_qtf_wbio_own = BIO_new(qtest_get_bio_method()); 753 if (!TEST_ptr(h->s_qtf_wbio)) 754 goto err; 755 756 if (!TEST_ptr(BIO_push(h->s_qtf_wbio, h->s_net_bio))) 757 goto err; 758 759 s_args.net_wbio = h->s_qtf_wbio; 760 } else { 761 s_args.net_wbio = h->s_net_bio; 762 } 763 764 s_args.net_rbio = h->s_net_bio; 765 s_args.alpn = NULL; 766 s_args.now_cb = get_time; 767 s_args.now_cb_arg = h; 768 s_args.ctx = NULL; 769 770 if (!TEST_ptr(h->s_priv = ossl_quic_tserver_new(&s_args, certfile, keyfile))) 771 goto err; 772 773 if (!blocking) 774 h->s = h->s_priv; 775 776 if (need_injector) { 777 h->qtf = qtest_create_injector(h->s_priv); 778 if (!TEST_ptr(h->qtf)) 779 goto err; 780 bdata->fault = h->qtf; 781 BIO_set_data(h->s_qtf_wbio, bdata); 782 } 783 784 h->s_net_bio_own = NULL; 785 h->s_qtf_wbio_own = NULL; 786 787 h->c_fd = BIO_socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP, 0); 788 if (!TEST_int_ge(h->c_fd, 0)) 789 goto err; 790 791 if (!TEST_true(BIO_socket_nbio(h->c_fd, 1))) 792 goto err; 793 794 if (!TEST_ptr(h->c_net_bio = h->c_net_bio_own = BIO_new_dgram(h->c_fd, 0))) 795 goto err; 796 797 if (!TEST_true(BIO_dgram_set_peer(h->c_net_bio, h->s_net_bio_addr))) 798 goto err; 799 800 if (!TEST_ptr(h->c_ctx = SSL_CTX_new(OSSL_QUIC_client_method()))) 801 goto err; 802 803 /* Set title for qlog purposes. */ 804 BIO_snprintf(title, sizeof(title), "quic_multistream_test: %s", script_name); 805 if (!TEST_true(ossl_quic_set_diag_title(h->c_ctx, title))) 806 goto err; 807 808 if (!TEST_ptr(h->c_conn = SSL_new(h->c_ctx))) 809 goto err; 810 811 /* Use custom time function for virtual time skip. */ 812 if (!TEST_true(ossl_quic_set_override_now_cb(h->c_conn, get_time, h))) 813 goto err; 814 815 /* Takes ownership of our reference to the BIO. */ 816 SSL_set0_rbio(h->c_conn, h->c_net_bio); 817 h->c_net_bio_own = NULL; 818 819 if (!TEST_true(BIO_up_ref(h->c_net_bio))) 820 goto err; 821 822 SSL_set0_wbio(h->c_conn, h->c_net_bio); 823 824 if (!TEST_true(SSL_set_blocking_mode(h->c_conn, h->blocking))) 825 goto err; 826 827 #if defined(OPENSSL_THREADS) 828 if (!TEST_ptr(h->misc_m = ossl_crypto_mutex_new())) 829 goto err; 830 if (!TEST_ptr(h->misc_cv = ossl_crypto_condvar_new())) 831 goto err; 832 #endif 833 834 if (h->blocking) { 835 #if defined(OPENSSL_THREADS) 836 if (!TEST_ptr(h->server_thread.m = ossl_crypto_mutex_new())) 837 goto err; 838 839 if (!TEST_ptr(h->server_thread.c = ossl_crypto_condvar_new())) 840 goto err; 841 842 h->server_thread.t 843 = ossl_crypto_thread_native_start(server_helper_thread, h, 1); 844 if (!TEST_ptr(h->server_thread.t)) 845 goto err; 846 #else 847 TEST_error("cannot support blocking mode without threads"); 848 goto err; 849 #endif 850 } 851 852 h->start_time = ossl_time_now(); 853 h->init = 1; 854 return 1; 855 856 err: 857 helper_cleanup(h); 858 return 0; 859 } 860 861 static int helper_local_init(struct helper_local *hl, struct helper *h, 862 int thread_idx) 863 { 864 hl->h = h; 865 hl->c_streams = NULL; 866 hl->thread_idx = thread_idx; 867 hl->explicit_event_handling = 0; 868 869 if (!TEST_ptr(h)) 870 return 0; 871 872 if (thread_idx < 0) { 873 hl->c_streams = h->c_streams; 874 } else { 875 if (!TEST_ptr(hl->c_streams = lh_STREAM_INFO_new(stream_info_hash, 876 stream_info_cmp))) 877 return 0; 878 } 879 880 return 1; 881 } 882 883 static void helper_local_cleanup(struct helper_local *hl) 884 { 885 if (hl->h == NULL) 886 return; 887 888 if (hl->thread_idx >= 0) 889 helper_cleanup_streams(&hl->c_streams); 890 891 hl->h = NULL; 892 } 893 894 static STREAM_INFO *get_stream_info(LHASH_OF(STREAM_INFO) *lh, 895 const char *stream_name) 896 { 897 STREAM_INFO key, *info; 898 899 if (!TEST_ptr(stream_name)) 900 return NULL; 901 902 if (!strcmp(stream_name, "DEFAULT")) 903 return NULL; 904 905 key.name = stream_name; 906 info = lh_STREAM_INFO_retrieve(lh, &key); 907 if (info == NULL) { 908 info = OPENSSL_zalloc(sizeof(*info)); 909 if (info == NULL) 910 return NULL; 911 912 info->name = stream_name; 913 info->s_stream_id = UINT64_MAX; 914 lh_STREAM_INFO_insert(lh, info); 915 } 916 917 return info; 918 } 919 920 static int helper_local_set_c_stream(struct helper_local *hl, 921 const char *stream_name, 922 SSL *c_stream) 923 { 924 STREAM_INFO *info = get_stream_info(hl->c_streams, stream_name); 925 926 if (info == NULL) 927 return 0; 928 929 info->c_stream = c_stream; 930 info->s_stream_id = UINT64_MAX; 931 return 1; 932 } 933 934 static SSL *helper_local_get_c_stream(struct helper_local *hl, 935 const char *stream_name) 936 { 937 STREAM_INFO *info; 938 939 if (!strcmp(stream_name, "DEFAULT")) 940 return hl->h->c_conn; 941 942 info = get_stream_info(hl->c_streams, stream_name); 943 if (info == NULL) 944 return NULL; 945 946 return info->c_stream; 947 } 948 949 static int 950 helper_set_s_stream(struct helper *h, const char *stream_name, 951 uint64_t s_stream_id) 952 { 953 STREAM_INFO *info; 954 955 if (!strcmp(stream_name, "DEFAULT")) 956 return 0; 957 958 info = get_stream_info(h->s_streams, stream_name); 959 if (info == NULL) 960 return 0; 961 962 info->c_stream = NULL; 963 info->s_stream_id = s_stream_id; 964 return 1; 965 } 966 967 static uint64_t helper_get_s_stream(struct helper *h, const char *stream_name) 968 { 969 STREAM_INFO *info; 970 971 if (!strcmp(stream_name, "DEFAULT")) 972 return UINT64_MAX; 973 974 info = get_stream_info(h->s_streams, stream_name); 975 if (info == NULL) 976 return UINT64_MAX; 977 978 return info->s_stream_id; 979 } 980 981 static int helper_packet_plain_listener(QTEST_FAULT *qtf, QUIC_PKT_HDR *hdr, 982 unsigned char *buf, size_t buf_len, 983 void *arg) 984 { 985 struct helper *h = arg; 986 987 return h->qtf_packet_plain_cb(h, hdr, buf, buf_len); 988 } 989 990 static int helper_handshake_listener(QTEST_FAULT *fault, 991 unsigned char *buf, size_t buf_len, 992 void *arg) 993 { 994 struct helper *h = arg; 995 996 return h->qtf_handshake_cb(h, buf, buf_len); 997 } 998 999 static int helper_datagram_listener(QTEST_FAULT *fault, 1000 BIO_MSG *msg, size_t stride, 1001 void *arg) 1002 { 1003 struct helper *h = arg; 1004 1005 return h->qtf_datagram_cb(h, msg, stride); 1006 } 1007 1008 static int is_want(SSL *s, int ret) 1009 { 1010 int ec = SSL_get_error(s, ret); 1011 1012 return ec == SSL_ERROR_WANT_READ || ec == SSL_ERROR_WANT_WRITE; 1013 } 1014 1015 static int check_consistent_want(SSL *s, int ret) 1016 { 1017 int ec = SSL_get_error(s, ret); 1018 int w = SSL_want(s); 1019 1020 int ok = TEST_true( 1021 (ec == SSL_ERROR_NONE && w == SSL_NOTHING) 1022 || (ec == SSL_ERROR_ZERO_RETURN && w == SSL_NOTHING) 1023 || (ec == SSL_ERROR_SSL && w == SSL_NOTHING) 1024 || (ec == SSL_ERROR_SYSCALL && w == SSL_NOTHING) 1025 || (ec == SSL_ERROR_WANT_READ && w == SSL_READING) 1026 || (ec == SSL_ERROR_WANT_WRITE && w == SSL_WRITING) 1027 || (ec == SSL_ERROR_WANT_CLIENT_HELLO_CB && w == SSL_CLIENT_HELLO_CB) 1028 || (ec == SSL_ERROR_WANT_X509_LOOKUP && w == SSL_X509_LOOKUP) 1029 || (ec == SSL_ERROR_WANT_RETRY_VERIFY && w == SSL_RETRY_VERIFY)); 1030 1031 if (!ok) 1032 TEST_error("got error=%d, want=%d", ec, w); 1033 1034 return ok; 1035 } 1036 1037 static int run_script_worker(struct helper *h, const struct script_op *script, 1038 const char *script_name, 1039 int thread_idx) 1040 { 1041 int testresult = 0; 1042 unsigned char *tmp_buf = NULL; 1043 int connect_started = 0; 1044 size_t offset = 0; 1045 size_t op_idx = 0; 1046 const struct script_op *op = NULL; 1047 int no_advance = 0, first = 1; 1048 #if defined(OPENSSL_THREADS) 1049 int end_wait_warning = 0; 1050 #endif 1051 OSSL_TIME op_start_time = ossl_time_zero(), op_deadline = ossl_time_zero(); 1052 struct helper_local hl_, *hl = &hl_; 1053 #define REPEAT_SLOTS 8 1054 size_t repeat_stack_idx[REPEAT_SLOTS], repeat_stack_done[REPEAT_SLOTS]; 1055 size_t repeat_stack_limit[REPEAT_SLOTS]; 1056 size_t repeat_stack_len = 0; 1057 1058 if (!TEST_true(helper_local_init(hl, h, thread_idx))) 1059 goto out; 1060 1061 #define COMMON_SPIN_AGAIN() \ 1062 { \ 1063 no_advance = 1; \ 1064 continue; \ 1065 } 1066 #define S_SPIN_AGAIN() \ 1067 { \ 1068 s_lock(h, hl); \ 1069 ossl_quic_tserver_tick(h->s); \ 1070 COMMON_SPIN_AGAIN(); \ 1071 } 1072 #define C_SPIN_AGAIN() \ 1073 { \ 1074 if (h->blocking) { \ 1075 TEST_error("spin again in blocking mode"); \ 1076 goto out; \ 1077 } \ 1078 COMMON_SPIN_AGAIN(); \ 1079 } 1080 1081 for (;;) { 1082 SSL *c_tgt = h->c_conn; 1083 uint64_t s_stream_id = UINT64_MAX; 1084 1085 s_unlock(h, hl); 1086 1087 if (no_advance) { 1088 no_advance = 0; 1089 } else { 1090 if (!first) 1091 ++op_idx; 1092 1093 first = 0; 1094 offset = 0; 1095 op_start_time = ossl_time_now(); 1096 op_deadline = ossl_time_add(op_start_time, ossl_ms2time(60000)); 1097 } 1098 1099 if (!TEST_int_le(ossl_time_compare(ossl_time_now(), op_deadline), 0)) { 1100 TEST_error("op %zu timed out on thread %d", op_idx + 1, thread_idx); 1101 goto out; 1102 } 1103 1104 op = &script[op_idx]; 1105 1106 if (op->stream_name != NULL) { 1107 c_tgt = helper_local_get_c_stream(hl, op->stream_name); 1108 if (thread_idx < 0) 1109 s_stream_id = helper_get_s_stream(h, op->stream_name); 1110 else 1111 s_stream_id = UINT64_MAX; 1112 } 1113 1114 if (thread_idx < 0) { 1115 if (!h->blocking) { 1116 ossl_quic_tserver_tick(h->s); 1117 } 1118 #if defined(OPENSSL_THREADS) 1119 else if (h->blocking && !h->server_thread.ready) { 1120 ossl_crypto_mutex_lock(h->server_thread.m); 1121 h->server_thread.ready = 1; 1122 ossl_crypto_condvar_signal(h->server_thread.c); 1123 ossl_crypto_mutex_unlock(h->server_thread.m); 1124 } 1125 if (h->blocking) 1126 assert(h->s == NULL); 1127 #endif 1128 } 1129 1130 if (!hl->explicit_event_handling 1131 && (thread_idx >= 0 || connect_started)) 1132 SSL_handle_events(h->c_conn); 1133 1134 if (thread_idx >= 0) { 1135 /* Only allow certain opcodes on child threads. */ 1136 switch (op->op) { 1137 case OPK_END: 1138 case OPK_CHECK: 1139 case OPK_C_ACCEPT_STREAM_WAIT: 1140 case OPK_C_NEW_STREAM: 1141 case OPK_C_READ_EXPECT: 1142 case OPK_C_EXPECT_FIN: 1143 case OPK_C_WRITE: 1144 case OPK_C_WRITE_EX2: 1145 case OPK_C_CONCLUDE: 1146 case OPK_C_FREE_STREAM: 1147 case OPK_BEGIN_REPEAT: 1148 case OPK_END_REPEAT: 1149 case OPK_C_READ_FAIL_WAIT: 1150 case OPK_C_EXPECT_SSL_ERR: 1151 case OPK_EXPECT_ERR_REASON: 1152 case OPK_EXPECT_ERR_LIB: 1153 case OPK_POP_ERR: 1154 case OPK_SLEEP: 1155 break; 1156 1157 default: 1158 TEST_error("opcode %lu not allowed on child thread", 1159 (unsigned long)op->op); 1160 goto out; 1161 } 1162 } 1163 1164 switch (op->op) { 1165 case OPK_END: 1166 if (!TEST_size_t_eq(repeat_stack_len, 0)) 1167 goto out; 1168 1169 #if defined(OPENSSL_THREADS) 1170 if (thread_idx < 0) { 1171 int done; 1172 size_t i; 1173 1174 for (i = 0; i < h->num_threads; ++i) { 1175 if (h->threads[i].m == NULL) 1176 continue; 1177 1178 ossl_crypto_mutex_lock(h->threads[i].m); 1179 done = h->threads[i].done; 1180 ossl_crypto_mutex_unlock(h->threads[i].m); 1181 1182 if (!done) { 1183 if (!end_wait_warning) { 1184 TEST_info("still waiting for other threads to finish (%zu)", i); 1185 end_wait_warning = 1; 1186 } 1187 1188 S_SPIN_AGAIN(); 1189 } 1190 } 1191 } 1192 #endif 1193 1194 TEST_info("script \"%s\" finished on thread %d", script_name, thread_idx); 1195 testresult = 1; 1196 goto out; 1197 1198 case OPK_BEGIN_REPEAT: 1199 if (!TEST_size_t_lt(repeat_stack_len, OSSL_NELEM(repeat_stack_idx))) 1200 goto out; 1201 1202 if (!TEST_size_t_gt(op->arg1, 0)) 1203 goto out; 1204 1205 repeat_stack_idx[repeat_stack_len] = op_idx + 1; 1206 repeat_stack_done[repeat_stack_len] = 0; 1207 repeat_stack_limit[repeat_stack_len] = op->arg1; 1208 ++repeat_stack_len; 1209 break; 1210 1211 case OPK_C_SKIP_IF_UNBOUND: 1212 if (c_tgt != NULL) 1213 break; 1214 1215 op_idx += op->arg1; 1216 break; 1217 1218 case OPK_SKIP_IF_BLOCKING: 1219 if (!h->blocking) 1220 break; 1221 1222 op_idx += op->arg1; 1223 break; 1224 1225 case OPK_END_REPEAT: 1226 if (!TEST_size_t_gt(repeat_stack_len, 0)) 1227 goto out; 1228 1229 if (++repeat_stack_done[repeat_stack_len - 1] 1230 == repeat_stack_limit[repeat_stack_len - 1]) { 1231 --repeat_stack_len; 1232 } else { 1233 op_idx = repeat_stack_idx[repeat_stack_len - 1]; 1234 no_advance = 1; 1235 continue; 1236 } 1237 1238 break; 1239 1240 case OPK_CHECK: { 1241 int ok; 1242 1243 hl->check_op = op; 1244 ok = op->check_func(h, hl); 1245 hl->check_op = NULL; 1246 1247 if (thread_idx < 0 && h->check_spin_again) { 1248 h->check_spin_again = 0; 1249 S_SPIN_AGAIN(); 1250 } 1251 1252 if (!TEST_true(ok)) 1253 goto out; 1254 } break; 1255 1256 case OPK_C_SET_ALPN: { 1257 const char *alpn = op->arg0; 1258 size_t alpn_len = strlen(alpn); 1259 1260 if (!TEST_size_t_le(alpn_len, UINT8_MAX) 1261 || !TEST_ptr(tmp_buf = (unsigned char *)OPENSSL_malloc(alpn_len + 1))) 1262 goto out; 1263 1264 memcpy(tmp_buf + 1, alpn, alpn_len); 1265 tmp_buf[0] = (unsigned char)alpn_len; 1266 1267 /* 0 is the success case for SSL_set_alpn_protos(). */ 1268 if (!TEST_false(SSL_set_alpn_protos(h->c_conn, tmp_buf, 1269 alpn_len + 1))) 1270 goto out; 1271 1272 OPENSSL_free(tmp_buf); 1273 tmp_buf = NULL; 1274 } break; 1275 1276 case OPK_C_CONNECT_WAIT: { 1277 int ret; 1278 1279 connect_started = 1; 1280 1281 ret = SSL_connect(h->c_conn); 1282 if (!check_consistent_want(c_tgt, ret)) 1283 goto out; 1284 if (ret != 1) { 1285 if (!h->blocking && is_want(h->c_conn, ret)) 1286 C_SPIN_AGAIN(); 1287 1288 if (op->arg1 == 0 && !TEST_int_eq(ret, 1)) 1289 goto out; 1290 } 1291 } break; 1292 1293 case OPK_C_WRITE: { 1294 size_t bytes_written = 0; 1295 int r; 1296 1297 if (!TEST_ptr(c_tgt)) 1298 goto out; 1299 1300 r = SSL_write_ex(c_tgt, op->arg0, op->arg1, &bytes_written); 1301 if (!TEST_true(r) 1302 || !check_consistent_want(c_tgt, r) 1303 || !TEST_size_t_eq(bytes_written, op->arg1)) 1304 goto out; 1305 } break; 1306 1307 case OPK_C_WRITE_EX2: { 1308 size_t bytes_written = 0; 1309 int r; 1310 1311 if (!TEST_ptr(c_tgt)) 1312 goto out; 1313 1314 r = SSL_write_ex2(c_tgt, op->arg0, op->arg1, op->arg2, 1315 &bytes_written); 1316 if (!TEST_true(r) 1317 || !check_consistent_want(c_tgt, r) 1318 || !TEST_size_t_eq(bytes_written, op->arg1)) 1319 goto out; 1320 } break; 1321 1322 case OPK_S_WRITE: { 1323 size_t bytes_written = 0; 1324 1325 if (!TEST_uint64_t_ne(s_stream_id, UINT64_MAX)) 1326 goto out; 1327 1328 if (!TEST_true(ossl_quic_tserver_write(ACQUIRE_S(), s_stream_id, 1329 op->arg0, op->arg1, 1330 &bytes_written)) 1331 || !TEST_size_t_eq(bytes_written, op->arg1)) 1332 goto out; 1333 } break; 1334 1335 case OPK_C_CONCLUDE: { 1336 if (!TEST_true(SSL_stream_conclude(c_tgt, 0))) 1337 goto out; 1338 } break; 1339 1340 case OPK_S_CONCLUDE: { 1341 if (!TEST_uint64_t_ne(s_stream_id, UINT64_MAX)) 1342 goto out; 1343 1344 ossl_quic_tserver_conclude(ACQUIRE_S(), s_stream_id); 1345 } break; 1346 1347 case OPK_C_WAIT_FOR_DATA: { 1348 char buf[1]; 1349 size_t bytes_read = 0; 1350 1351 if (!TEST_ptr(c_tgt)) 1352 goto out; 1353 1354 if (!SSL_peek_ex(c_tgt, buf, sizeof(buf), &bytes_read) 1355 || bytes_read == 0) 1356 C_SPIN_AGAIN(); 1357 } break; 1358 1359 case OPK_C_READ_EXPECT: { 1360 size_t bytes_read = 0; 1361 int r; 1362 1363 if (op->arg1 > 0 && tmp_buf == NULL 1364 && !TEST_ptr(tmp_buf = OPENSSL_malloc(op->arg1))) 1365 goto out; 1366 1367 r = SSL_read_ex(c_tgt, tmp_buf + offset, op->arg1 - offset, 1368 &bytes_read); 1369 if (!check_consistent_want(c_tgt, r)) 1370 goto out; 1371 1372 if (!r) 1373 C_SPIN_AGAIN(); 1374 1375 if (bytes_read + offset != op->arg1) { 1376 offset += bytes_read; 1377 C_SPIN_AGAIN(); 1378 } 1379 1380 if (op->arg1 > 0 1381 && !TEST_mem_eq(tmp_buf, op->arg1, op->arg0, op->arg1)) 1382 goto out; 1383 1384 OPENSSL_free(tmp_buf); 1385 tmp_buf = NULL; 1386 } break; 1387 1388 case OPK_S_READ_EXPECT: { 1389 size_t bytes_read = 0; 1390 1391 if (!TEST_uint64_t_ne(s_stream_id, UINT64_MAX)) 1392 goto out; 1393 1394 if (op->arg1 > 0 && tmp_buf == NULL 1395 && !TEST_ptr(tmp_buf = OPENSSL_malloc(op->arg1))) 1396 goto out; 1397 1398 if (!TEST_true(ossl_quic_tserver_read(ACQUIRE_S(), s_stream_id, 1399 tmp_buf + offset, 1400 op->arg1 - offset, 1401 &bytes_read))) 1402 goto out; 1403 1404 if (bytes_read + offset != op->arg1) { 1405 offset += bytes_read; 1406 S_SPIN_AGAIN(); 1407 } 1408 1409 if (op->arg1 > 0 1410 && !TEST_mem_eq(tmp_buf, op->arg1, op->arg0, op->arg1)) 1411 goto out; 1412 1413 OPENSSL_free(tmp_buf); 1414 tmp_buf = NULL; 1415 } break; 1416 1417 case OPK_C_EXPECT_FIN: { 1418 char buf[1]; 1419 size_t bytes_read = 0; 1420 int r; 1421 1422 r = SSL_read_ex(c_tgt, buf, sizeof(buf), &bytes_read); 1423 if (!check_consistent_want(c_tgt, r) 1424 || !TEST_false(r) 1425 || !TEST_size_t_eq(bytes_read, 0)) 1426 goto out; 1427 1428 if (is_want(c_tgt, 0)) 1429 C_SPIN_AGAIN(); 1430 1431 if (!TEST_int_eq(SSL_get_error(c_tgt, 0), 1432 SSL_ERROR_ZERO_RETURN)) 1433 goto out; 1434 1435 if (!TEST_int_eq(SSL_want(c_tgt), SSL_NOTHING)) 1436 goto out; 1437 } break; 1438 1439 case OPK_S_EXPECT_FIN: { 1440 if (!TEST_uint64_t_ne(s_stream_id, UINT64_MAX)) 1441 goto out; 1442 1443 if (!ossl_quic_tserver_has_read_ended(ACQUIRE_S(), s_stream_id)) 1444 S_SPIN_AGAIN(); 1445 } break; 1446 1447 case OPK_C_DETACH: { 1448 SSL *c_stream; 1449 1450 if (!TEST_ptr_null(c_tgt)) 1451 goto out; /* don't overwrite existing stream with same name */ 1452 1453 if (!TEST_ptr(op->stream_name)) 1454 goto out; 1455 1456 if (!TEST_ptr(c_stream = ossl_quic_detach_stream(h->c_conn))) 1457 goto out; 1458 1459 if (!TEST_true(helper_local_set_c_stream(hl, op->stream_name, c_stream))) 1460 goto out; 1461 } break; 1462 1463 case OPK_C_ATTACH: { 1464 if (!TEST_ptr(c_tgt)) 1465 goto out; 1466 1467 if (!TEST_ptr(op->stream_name)) 1468 goto out; 1469 1470 if (!TEST_true(ossl_quic_attach_stream(h->c_conn, c_tgt))) 1471 goto out; 1472 1473 if (!TEST_true(helper_local_set_c_stream(hl, op->stream_name, NULL))) 1474 goto out; 1475 } break; 1476 1477 case OPK_C_NEW_STREAM: { 1478 SSL *c_stream; 1479 uint64_t flags = op->arg1; 1480 int allow_fail = ((flags & ALLOW_FAIL) != 0); 1481 1482 flags &= ~(uint64_t)ALLOW_FAIL; 1483 1484 if (!TEST_ptr_null(c_tgt)) 1485 goto out; /* don't overwrite existing stream with same name */ 1486 1487 if (!TEST_ptr(op->stream_name)) 1488 goto out; 1489 1490 c_stream = SSL_new_stream(h->c_conn, flags); 1491 if (!allow_fail && !TEST_ptr(c_stream)) 1492 goto out; 1493 1494 if (allow_fail && c_stream == NULL) { 1495 if (!TEST_size_t_eq(ERR_GET_REASON(ERR_get_error()), 1496 SSL_R_STREAM_COUNT_LIMITED)) 1497 goto out; 1498 1499 ++h->fail_count; 1500 break; 1501 } 1502 1503 if (op->arg2 != UINT64_MAX 1504 && !TEST_uint64_t_eq(SSL_get_stream_id(c_stream), 1505 op->arg2)) 1506 goto out; 1507 1508 if (!TEST_true(helper_local_set_c_stream(hl, op->stream_name, c_stream))) 1509 goto out; 1510 } break; 1511 1512 case OPK_S_NEW_STREAM: { 1513 uint64_t stream_id = UINT64_MAX; 1514 1515 if (!TEST_uint64_t_eq(s_stream_id, UINT64_MAX)) 1516 goto out; /* don't overwrite existing stream with same name */ 1517 1518 if (!TEST_ptr(op->stream_name)) 1519 goto out; 1520 1521 if (!TEST_true(ossl_quic_tserver_stream_new(ACQUIRE_S(), 1522 op->arg1 > 0, 1523 &stream_id))) 1524 goto out; 1525 1526 if (op->arg2 != UINT64_MAX 1527 && !TEST_uint64_t_eq(stream_id, op->arg2)) 1528 goto out; 1529 1530 if (!TEST_true(helper_set_s_stream(h, op->stream_name, 1531 stream_id))) 1532 goto out; 1533 } break; 1534 1535 case OPK_C_ACCEPT_STREAM_WAIT: { 1536 SSL *c_stream; 1537 1538 if (!TEST_ptr_null(c_tgt)) 1539 goto out; /* don't overwrite existing stream with same name */ 1540 1541 if (!TEST_ptr(op->stream_name)) 1542 goto out; 1543 1544 if ((c_stream = SSL_accept_stream(h->c_conn, 0)) == NULL) 1545 C_SPIN_AGAIN(); 1546 1547 if (!TEST_true(helper_local_set_c_stream(hl, op->stream_name, 1548 c_stream))) 1549 goto out; 1550 } break; 1551 1552 case OPK_S_ACCEPT_STREAM_WAIT: { 1553 uint64_t new_stream_id; 1554 1555 if (!TEST_uint64_t_eq(s_stream_id, UINT64_MAX)) 1556 goto out; 1557 1558 if (!TEST_ptr(op->stream_name)) 1559 goto out; 1560 1561 new_stream_id = ossl_quic_tserver_pop_incoming_stream(ACQUIRE_S()); 1562 if (new_stream_id == UINT64_MAX) 1563 S_SPIN_AGAIN(); 1564 1565 if (!TEST_true(helper_set_s_stream(h, op->stream_name, new_stream_id))) 1566 goto out; 1567 } break; 1568 1569 case OPK_C_ACCEPT_STREAM_NONE: { 1570 SSL *c_stream; 1571 1572 if (!TEST_ptr_null(c_stream = SSL_accept_stream(h->c_conn, 1573 SSL_ACCEPT_STREAM_NO_BLOCK))) { 1574 SSL_free(c_stream); 1575 goto out; 1576 } 1577 } break; 1578 1579 case OPK_C_FREE_STREAM: { 1580 if (!TEST_ptr(c_tgt) 1581 || !TEST_true(!SSL_is_connection(c_tgt))) 1582 goto out; 1583 1584 if (!TEST_ptr(op->stream_name)) 1585 goto out; 1586 1587 if (!TEST_true(helper_local_set_c_stream(hl, op->stream_name, NULL))) 1588 goto out; 1589 1590 SSL_free(c_tgt); 1591 c_tgt = NULL; 1592 } break; 1593 1594 case OPK_C_SET_DEFAULT_STREAM_MODE: { 1595 if (!TEST_ptr(c_tgt)) 1596 goto out; 1597 1598 if (!TEST_true(SSL_set_default_stream_mode(c_tgt, op->arg1))) 1599 goto out; 1600 } break; 1601 1602 case OPK_C_SET_INCOMING_STREAM_POLICY: { 1603 if (!TEST_ptr(c_tgt)) 1604 goto out; 1605 1606 if (!TEST_true(SSL_set_incoming_stream_policy(c_tgt, 1607 op->arg1, 0))) 1608 goto out; 1609 } break; 1610 1611 case OPK_C_SHUTDOWN_WAIT: { 1612 int ret; 1613 QUIC_CHANNEL *ch = ossl_quic_conn_get_channel(h->c_conn); 1614 SSL_SHUTDOWN_EX_ARGS args = { 0 }; 1615 1616 ossl_quic_engine_set_inhibit_tick(ossl_quic_channel_get0_engine(ch), 0); 1617 1618 if (!TEST_ptr(c_tgt)) 1619 goto out; 1620 1621 args.quic_reason = (const char *)op->arg0; 1622 1623 ret = SSL_shutdown_ex(c_tgt, op->arg1, &args, sizeof(args)); 1624 if (!TEST_int_ge(ret, 0)) 1625 goto out; 1626 1627 if (ret == 0) 1628 C_SPIN_AGAIN(); 1629 } break; 1630 1631 case OPK_S_SHUTDOWN: { 1632 ossl_quic_tserver_shutdown(ACQUIRE_S(), op->arg1); 1633 } break; 1634 1635 case OPK_C_EXPECT_CONN_CLOSE_INFO: { 1636 SSL_CONN_CLOSE_INFO cc_info = { 0 }; 1637 int expect_app = (op->arg1 & EXPECT_CONN_CLOSE_APP) != 0; 1638 int expect_remote = (op->arg1 & EXPECT_CONN_CLOSE_REMOTE) != 0; 1639 uint64_t error_code = op->arg2; 1640 1641 if (!TEST_ptr(c_tgt)) 1642 goto out; 1643 1644 if (h->blocking 1645 && !TEST_true(SSL_shutdown_ex(c_tgt, 1646 SSL_SHUTDOWN_FLAG_WAIT_PEER, 1647 NULL, 0))) 1648 goto out; 1649 1650 if (!SSL_get_conn_close_info(c_tgt, &cc_info, sizeof(cc_info))) 1651 C_SPIN_AGAIN(); 1652 1653 if (!TEST_int_eq(expect_app, 1654 (cc_info.flags 1655 & SSL_CONN_CLOSE_FLAG_TRANSPORT) 1656 == 0) 1657 || !TEST_int_eq(expect_remote, 1658 (cc_info.flags 1659 & SSL_CONN_CLOSE_FLAG_LOCAL) 1660 == 0) 1661 || !TEST_uint64_t_eq(error_code, cc_info.error_code)) { 1662 TEST_info("Connection close reason: %s", cc_info.reason); 1663 goto out; 1664 } 1665 } break; 1666 1667 case OPK_S_EXPECT_CONN_CLOSE_INFO: { 1668 const QUIC_TERMINATE_CAUSE *tc; 1669 int expect_app = (op->arg1 & EXPECT_CONN_CLOSE_APP) != 0; 1670 int expect_remote = (op->arg1 & EXPECT_CONN_CLOSE_REMOTE) != 0; 1671 uint64_t error_code = op->arg2; 1672 1673 if (!ossl_quic_tserver_is_term_any(ACQUIRE_S())) { 1674 ossl_quic_tserver_ping(ACQUIRE_S()); 1675 S_SPIN_AGAIN(); 1676 } 1677 1678 if (!TEST_ptr(tc = ossl_quic_tserver_get_terminate_cause(ACQUIRE_S()))) 1679 goto out; 1680 1681 if (!TEST_uint64_t_eq(error_code, tc->error_code) 1682 || !TEST_int_eq(expect_app, tc->app) 1683 || !TEST_int_eq(expect_remote, tc->remote)) 1684 goto out; 1685 } break; 1686 1687 case OPK_S_BIND_STREAM_ID: { 1688 if (!TEST_uint64_t_eq(s_stream_id, UINT64_MAX)) 1689 goto out; 1690 1691 if (!TEST_ptr(op->stream_name)) 1692 goto out; 1693 1694 if (!TEST_true(helper_set_s_stream(h, op->stream_name, op->arg2))) 1695 goto out; 1696 } break; 1697 1698 case OPK_S_UNBIND_STREAM_ID: { 1699 if (!TEST_uint64_t_ne(s_stream_id, UINT64_MAX)) 1700 goto out; 1701 1702 if (!TEST_ptr(op->stream_name)) 1703 goto out; 1704 1705 if (!TEST_true(helper_set_s_stream(h, op->stream_name, UINT64_MAX))) 1706 goto out; 1707 } break; 1708 1709 case OPK_C_WRITE_FAIL: { 1710 size_t bytes_written = 0; 1711 int r; 1712 1713 if (!TEST_ptr(c_tgt)) 1714 goto out; 1715 1716 r = SSL_write_ex(c_tgt, "apple", 5, &bytes_written); 1717 if (!TEST_false(r) 1718 || !check_consistent_want(c_tgt, r)) 1719 goto out; 1720 } break; 1721 1722 case OPK_S_WRITE_FAIL: { 1723 size_t bytes_written = 0; 1724 1725 if (!TEST_uint64_t_ne(s_stream_id, UINT64_MAX)) 1726 goto out; 1727 1728 if (!TEST_false(ossl_quic_tserver_write(ACQUIRE_S(), s_stream_id, 1729 (const unsigned char *)"apple", 5, 1730 &bytes_written))) 1731 goto out; 1732 } break; 1733 1734 case OPK_C_READ_FAIL: { 1735 size_t bytes_read = 0; 1736 char buf[1]; 1737 int r; 1738 1739 if (!TEST_ptr(c_tgt)) 1740 goto out; 1741 1742 r = SSL_read_ex(c_tgt, buf, sizeof(buf), &bytes_read); 1743 if (!TEST_false(r)) 1744 goto out; 1745 if (!check_consistent_want(c_tgt, r)) 1746 goto out; 1747 } break; 1748 1749 case OPK_C_READ_FAIL_WAIT: { 1750 size_t bytes_read = 0; 1751 char buf[1]; 1752 int r; 1753 1754 if (!TEST_ptr(c_tgt)) 1755 goto out; 1756 1757 r = SSL_read_ex(c_tgt, buf, sizeof(buf), &bytes_read); 1758 if (!TEST_false(r)) 1759 goto out; 1760 if (!check_consistent_want(c_tgt, r)) 1761 goto out; 1762 1763 if (is_want(c_tgt, 0)) 1764 C_SPIN_AGAIN(); 1765 } break; 1766 1767 case OPK_S_READ_FAIL: { 1768 int ret; 1769 size_t bytes_read = 0; 1770 unsigned char buf[1]; 1771 1772 if (!TEST_uint64_t_ne(s_stream_id, UINT64_MAX)) 1773 goto out; 1774 1775 ret = ossl_quic_tserver_read(ACQUIRE_S(), s_stream_id, 1776 buf, sizeof(buf), 1777 &bytes_read); 1778 if (!TEST_true(ret == 0 || (op->arg1 && bytes_read == 0))) 1779 goto out; 1780 } break; 1781 1782 case OPK_C_STREAM_RESET: 1783 case OPK_C_STREAM_RESET_FAIL: { 1784 SSL_STREAM_RESET_ARGS args = { 0 }; 1785 1786 if (!TEST_ptr(c_tgt)) 1787 goto out; 1788 1789 args.quic_error_code = op->arg2; 1790 if (op->op == OPK_C_STREAM_RESET) { 1791 if (!TEST_true(SSL_stream_reset(c_tgt, &args, sizeof(args)))) 1792 goto out; 1793 } else { 1794 if (!TEST_false(SSL_stream_reset(c_tgt, &args, sizeof(args)))) 1795 goto out; 1796 } 1797 } break; 1798 1799 case OPK_NEW_THREAD: { 1800 #if !defined(OPENSSL_THREADS) 1801 /* 1802 * If this test script requires threading and we do not have 1803 * support for it, skip the rest of it. 1804 */ 1805 TEST_skip("threading not supported, skipping"); 1806 testresult = 1; 1807 goto out; 1808 #else 1809 size_t i; 1810 1811 if (!TEST_ptr_null(h->threads)) { 1812 TEST_error("max one NEW_THREAD operation per script"); 1813 goto out; 1814 } 1815 1816 h->threads = OPENSSL_zalloc(op->arg1 * sizeof(struct child_thread_args)); 1817 if (!TEST_ptr(h->threads)) 1818 goto out; 1819 1820 h->num_threads = op->arg1; 1821 1822 for (i = 0; i < op->arg1; ++i) { 1823 h->threads[i].h = h; 1824 h->threads[i].script = op->arg0; 1825 h->threads[i].script_name = script_name; 1826 h->threads[i].thread_idx = i; 1827 1828 h->threads[i].m = ossl_crypto_mutex_new(); 1829 if (!TEST_ptr(h->threads[i].m)) 1830 goto out; 1831 1832 h->threads[i].t 1833 = ossl_crypto_thread_native_start(run_script_child_thread, 1834 &h->threads[i], 1); 1835 if (!TEST_ptr(h->threads[i].t)) 1836 goto out; 1837 } 1838 #endif 1839 } break; 1840 1841 case OPK_C_CLOSE_SOCKET: { 1842 BIO_closesocket(h->c_fd); 1843 h->c_fd = -1; 1844 } break; 1845 1846 case OPK_C_EXPECT_SSL_ERR: { 1847 if (!TEST_size_t_eq((size_t)SSL_get_error(c_tgt, 0), op->arg1)) 1848 goto out; 1849 if (!TEST_int_eq(SSL_want(c_tgt), SSL_NOTHING)) 1850 goto out; 1851 } break; 1852 1853 case OPK_EXPECT_ERR_REASON: { 1854 if (!TEST_size_t_eq((size_t)ERR_GET_REASON(ERR_peek_last_error()), op->arg1)) 1855 goto out; 1856 } break; 1857 1858 case OPK_EXPECT_ERR_LIB: { 1859 if (!TEST_size_t_eq((size_t)ERR_GET_LIB(ERR_peek_last_error()), op->arg1)) 1860 goto out; 1861 } break; 1862 1863 case OPK_POP_ERR: 1864 ERR_pop(); 1865 break; 1866 1867 case OPK_SLEEP: { 1868 OSSL_sleep(op->arg2); 1869 } break; 1870 1871 case OPK_S_SET_INJECT_PLAIN: 1872 h->qtf_packet_plain_cb = op->qtf_packet_plain_cb; 1873 1874 if (!TEST_true(qtest_fault_set_packet_plain_listener(h->qtf, 1875 h->qtf_packet_plain_cb != NULL ? helper_packet_plain_listener : NULL, 1876 h))) 1877 goto out; 1878 1879 break; 1880 1881 case OPK_S_SET_INJECT_HANDSHAKE: 1882 h->qtf_handshake_cb = op->qtf_handshake_cb; 1883 1884 if (!TEST_true(qtest_fault_set_handshake_listener(h->qtf, 1885 h->qtf_handshake_cb != NULL ? helper_handshake_listener : NULL, 1886 h))) 1887 goto out; 1888 1889 break; 1890 1891 case OPK_S_SET_INJECT_DATAGRAM: 1892 h->qtf_datagram_cb = op->qtf_datagram_cb; 1893 1894 if (!TEST_true(qtest_fault_set_datagram_listener(h->qtf, 1895 h->qtf_datagram_cb != NULL ? helper_datagram_listener : NULL, 1896 h))) 1897 goto out; 1898 1899 break; 1900 1901 case OPK_SET_INJECT_WORD: 1902 /* 1903 * Must hold server tick lock - callbacks can be called from other 1904 * thread when running test in blocking mode (tsan). 1905 */ 1906 ACQUIRE_S(); 1907 h->inject_word0 = op->arg1; 1908 h->inject_word1 = op->arg2; 1909 break; 1910 1911 case OPK_C_INHIBIT_TICK: { 1912 QUIC_CHANNEL *ch = ossl_quic_conn_get_channel(h->c_conn); 1913 1914 ossl_quic_engine_set_inhibit_tick(ossl_quic_channel_get0_engine(ch), 1915 op->arg1); 1916 } break; 1917 1918 case OPK_C_SET_WRITE_BUF_SIZE: 1919 if (!TEST_ptr(c_tgt)) 1920 goto out; 1921 1922 if (!TEST_true(ossl_quic_set_write_buffer_size(c_tgt, op->arg1))) 1923 goto out; 1924 1925 break; 1926 1927 case OPK_S_NEW_TICKET: 1928 if (!TEST_true(ossl_quic_tserver_new_ticket(ACQUIRE_S()))) 1929 goto out; 1930 break; 1931 1932 default: 1933 TEST_error("unknown op"); 1934 goto out; 1935 } 1936 } 1937 1938 out: 1939 s_unlock(h, hl); /* idempotent */ 1940 if (!testresult) { 1941 size_t i; 1942 const QUIC_TERMINATE_CAUSE *tcause; 1943 const char *e_str, *f_str; 1944 1945 TEST_error("failed in script \"%s\" at op %zu, thread %d\n", 1946 script_name, op_idx + 1, thread_idx); 1947 1948 for (i = 0; i < repeat_stack_len; ++i) 1949 TEST_info("while repeating, iteration %zu of %zu, starting at script op %zu", 1950 repeat_stack_done[i], 1951 repeat_stack_limit[i], 1952 repeat_stack_idx[i]); 1953 1954 ERR_print_errors_fp(stderr); 1955 1956 if (h->c_conn != NULL) { 1957 SSL_CONN_CLOSE_INFO cc_info = { 0 }; 1958 1959 if (SSL_get_conn_close_info(h->c_conn, &cc_info, sizeof(cc_info))) { 1960 e_str = ossl_quic_err_to_string(cc_info.error_code); 1961 f_str = ossl_quic_frame_type_to_string(cc_info.frame_type); 1962 1963 if (e_str == NULL) 1964 e_str = "?"; 1965 if (f_str == NULL) 1966 f_str = "?"; 1967 1968 TEST_info("client side is closed: %llu(%s)/%llu(%s), " 1969 "%s, %s, reason: \"%s\"", 1970 (unsigned long long)cc_info.error_code, 1971 e_str, 1972 (unsigned long long)cc_info.frame_type, 1973 f_str, 1974 (cc_info.flags & SSL_CONN_CLOSE_FLAG_LOCAL) != 0 1975 ? "local" 1976 : "remote", 1977 (cc_info.flags & SSL_CONN_CLOSE_FLAG_TRANSPORT) != 0 1978 ? "transport" 1979 : "app", 1980 cc_info.reason != NULL ? cc_info.reason : "-"); 1981 } 1982 } 1983 1984 tcause = (h->s != NULL 1985 ? ossl_quic_tserver_get_terminate_cause(h->s) 1986 : NULL); 1987 if (tcause != NULL) { 1988 e_str = ossl_quic_err_to_string(tcause->error_code); 1989 f_str = ossl_quic_frame_type_to_string(tcause->frame_type); 1990 1991 if (e_str == NULL) 1992 e_str = "?"; 1993 if (f_str == NULL) 1994 f_str = "?"; 1995 1996 TEST_info("server side is closed: %llu(%s)/%llu(%s), " 1997 "%s, %s, reason: \"%s\"", 1998 (unsigned long long)tcause->error_code, 1999 e_str, 2000 (unsigned long long)tcause->frame_type, 2001 f_str, 2002 tcause->remote ? "remote" : "local", 2003 tcause->app ? "app" : "transport", 2004 tcause->reason != NULL ? tcause->reason : "-"); 2005 } 2006 } 2007 2008 OPENSSL_free(tmp_buf); 2009 helper_local_cleanup(hl); 2010 return testresult; 2011 } 2012 2013 static int run_script(const struct script_op *script, 2014 const char *script_name, 2015 int free_order, 2016 int blocking) 2017 { 2018 int testresult = 0; 2019 struct helper h; 2020 2021 if (!TEST_true(helper_init(&h, script_name, 2022 free_order, blocking, 1))) 2023 goto out; 2024 2025 if (!TEST_true(run_script_worker(&h, script, script_name, -1))) 2026 goto out; 2027 2028 #if defined(OPENSSL_THREADS) 2029 if (!TEST_true(join_threads(h.threads, h.num_threads))) 2030 goto out; 2031 #endif 2032 2033 testresult = 1; 2034 out: 2035 helper_cleanup(&h); 2036 return testresult; 2037 } 2038 2039 #if defined(OPENSSL_THREADS) 2040 static CRYPTO_THREAD_RETVAL run_script_child_thread(void *arg) 2041 { 2042 int testresult; 2043 struct child_thread_args *args = arg; 2044 2045 testresult = run_script_worker(args->h, args->script, 2046 args->script_name, 2047 args->thread_idx); 2048 2049 ossl_crypto_mutex_lock(args->m); 2050 args->testresult = testresult; 2051 args->done = 1; 2052 ossl_crypto_mutex_unlock(args->m); 2053 return 1; 2054 } 2055 #endif 2056 2057 /* 1. Simple single-stream test */ 2058 static const struct script_op script_1[] = { 2059 OP_C_SET_ALPN("ossltest") 2060 OP_C_CONNECT_WAIT() 2061 OP_C_WRITE(DEFAULT, "apple", 5) 2062 OP_C_CONCLUDE(DEFAULT) 2063 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 2064 OP_S_READ_EXPECT(a, "apple", 5) 2065 OP_S_EXPECT_FIN(a) 2066 OP_S_WRITE(a, "orange", 6) 2067 OP_S_CONCLUDE(a) 2068 OP_C_READ_EXPECT(DEFAULT, "orange", 6) 2069 OP_C_EXPECT_FIN(DEFAULT) 2070 OP_END 2071 }; 2072 2073 /* 2. Multi-stream test */ 2074 static const struct script_op script_2[] = { 2075 OP_C_SET_ALPN("ossltest") 2076 OP_C_CONNECT_WAIT() 2077 OP_C_SET_INCOMING_STREAM_POLICY(SSL_INCOMING_STREAM_POLICY_ACCEPT) 2078 OP_C_WRITE(DEFAULT, "apple", 5) 2079 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 2080 OP_S_READ_EXPECT(a, "apple", 5) 2081 OP_S_WRITE(a, "orange", 6) 2082 OP_C_READ_EXPECT(DEFAULT, "orange", 6) 2083 2084 OP_C_NEW_STREAM_BIDI(b, C_BIDI_ID(1)) 2085 OP_C_WRITE(b, "flamingo", 8) 2086 OP_C_CONCLUDE(b) 2087 OP_S_BIND_STREAM_ID(b, C_BIDI_ID(1)) 2088 OP_S_READ_EXPECT(b, "flamingo", 8) 2089 OP_S_EXPECT_FIN(b) 2090 OP_S_WRITE(b, "gargoyle", 8) 2091 OP_S_CONCLUDE(b) 2092 OP_C_READ_EXPECT(b, "gargoyle", 8) 2093 OP_C_EXPECT_FIN(b) 2094 2095 OP_C_NEW_STREAM_UNI(c, C_UNI_ID(0)) 2096 OP_C_WRITE(c, "elephant", 8) 2097 OP_C_CONCLUDE(c) 2098 OP_S_BIND_STREAM_ID(c, C_UNI_ID(0)) 2099 OP_S_READ_EXPECT(c, "elephant", 8) 2100 OP_S_EXPECT_FIN(c) 2101 OP_S_WRITE_FAIL(c) 2102 2103 OP_C_ACCEPT_STREAM_NONE() 2104 2105 OP_S_NEW_STREAM_BIDI(d, S_BIDI_ID(0)) 2106 OP_S_WRITE(d, "frog", 4) 2107 OP_S_CONCLUDE(d) 2108 2109 OP_C_ACCEPT_STREAM_WAIT(d) 2110 OP_C_ACCEPT_STREAM_NONE() 2111 OP_C_READ_EXPECT(d, "frog", 4) 2112 OP_C_EXPECT_FIN(d) 2113 2114 OP_S_NEW_STREAM_BIDI(e, S_BIDI_ID(1)) 2115 OP_S_WRITE(e, "mixture", 7) 2116 OP_S_CONCLUDE(e) 2117 2118 OP_C_ACCEPT_STREAM_WAIT(e) 2119 OP_C_READ_EXPECT(e, "mixture", 7) 2120 OP_C_EXPECT_FIN(e) 2121 OP_C_WRITE(e, "ramble", 6) 2122 OP_S_READ_EXPECT(e, "ramble", 6) 2123 OP_C_CONCLUDE(e) 2124 OP_S_EXPECT_FIN(e) 2125 2126 OP_S_NEW_STREAM_UNI(f, S_UNI_ID(0)) 2127 OP_S_WRITE(f, "yonder", 6) 2128 OP_S_CONCLUDE(f) 2129 2130 OP_C_ACCEPT_STREAM_WAIT(f) 2131 OP_C_ACCEPT_STREAM_NONE() 2132 OP_C_READ_EXPECT(f, "yonder", 6) 2133 OP_C_EXPECT_FIN(f) 2134 OP_C_WRITE_FAIL(f) 2135 2136 OP_C_SET_INCOMING_STREAM_POLICY(SSL_INCOMING_STREAM_POLICY_REJECT) 2137 OP_S_NEW_STREAM_BIDI(g, S_BIDI_ID(2)) 2138 OP_S_WRITE(g, "unseen", 6) 2139 OP_S_CONCLUDE(g) 2140 2141 OP_C_ACCEPT_STREAM_NONE() 2142 2143 OP_C_SET_INCOMING_STREAM_POLICY(SSL_INCOMING_STREAM_POLICY_AUTO) 2144 OP_S_NEW_STREAM_BIDI(h, S_BIDI_ID(3)) 2145 OP_S_WRITE(h, "UNSEEN", 6) 2146 OP_S_CONCLUDE(h) 2147 2148 OP_C_ACCEPT_STREAM_NONE() 2149 2150 /* 2151 * Streams g, h should have been rejected, so server should have got 2152 * STOP_SENDING/RESET_STREAM. 2153 */ 2154 OP_CHECK(check_rejected, S_BIDI_ID(2)) 2155 OP_CHECK(check_rejected, S_BIDI_ID(3)) 2156 2157 OP_END 2158 }; 2159 2160 /* 3. Default stream detach/reattach test */ 2161 static const struct script_op script_3[] = { 2162 OP_C_SET_ALPN("ossltest") 2163 OP_C_CONNECT_WAIT() 2164 2165 OP_C_WRITE(DEFAULT, "apple", 5) 2166 OP_C_DETACH(a) /* DEFAULT becomes stream 'a' */ 2167 OP_C_WRITE_FAIL(DEFAULT) 2168 2169 OP_C_WRITE(a, "by", 2) 2170 2171 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 2172 OP_S_READ_EXPECT(a, "appleby", 7) 2173 2174 OP_S_WRITE(a, "hello", 5) 2175 OP_C_READ_EXPECT(a, "hello", 5) 2176 2177 OP_C_WRITE_FAIL(DEFAULT) 2178 OP_C_ATTACH(a) 2179 OP_C_WRITE(DEFAULT, "is here", 7) 2180 OP_S_READ_EXPECT(a, "is here", 7) 2181 2182 OP_C_DETACH(a) 2183 OP_C_CONCLUDE(a) 2184 OP_S_EXPECT_FIN(a) 2185 2186 OP_END 2187 }; 2188 2189 /* 4. Default stream mode test */ 2190 static const struct script_op script_4[] = { 2191 OP_C_SET_ALPN("ossltest") 2192 OP_C_CONNECT_WAIT() 2193 2194 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 2195 OP_C_WRITE_FAIL(DEFAULT) 2196 2197 OP_S_NEW_STREAM_BIDI(a, S_BIDI_ID(0)) 2198 OP_S_WRITE(a, "apple", 5) 2199 2200 OP_C_READ_FAIL(DEFAULT) 2201 2202 OP_C_ACCEPT_STREAM_WAIT(a) 2203 OP_C_READ_EXPECT(a, "apple", 5) 2204 2205 OP_C_ATTACH(a) 2206 OP_C_WRITE(DEFAULT, "orange", 6) 2207 OP_S_READ_EXPECT(a, "orange", 6) 2208 2209 OP_END 2210 }; 2211 2212 /* 5. Test stream reset functionality */ 2213 static const struct script_op script_5[] = { 2214 OP_C_SET_ALPN("ossltest") 2215 OP_C_CONNECT_WAIT() 2216 2217 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 2218 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0)) 2219 OP_C_NEW_STREAM_BIDI(b, C_BIDI_ID(1)) 2220 2221 OP_C_WRITE(a, "apple", 5) 2222 OP_C_STREAM_RESET(a, 42) 2223 2224 OP_C_WRITE(b, "strawberry", 10) 2225 2226 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 2227 OP_S_BIND_STREAM_ID(b, C_BIDI_ID(1)) 2228 OP_S_READ_EXPECT(b, "strawberry", 10) 2229 /* Reset disrupts read of already sent data */ 2230 OP_S_READ_FAIL(a, 0) 2231 OP_CHECK(check_stream_reset, C_BIDI_ID(0)) 2232 2233 OP_END 2234 }; 2235 2236 /* 6. Test STOP_SENDING functionality */ 2237 static const struct script_op script_6[] = { 2238 OP_C_SET_ALPN("ossltest") 2239 OP_C_CONNECT_WAIT() 2240 2241 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 2242 OP_S_NEW_STREAM_BIDI(a, S_BIDI_ID(0)) 2243 OP_S_WRITE(a, "apple", 5) 2244 2245 OP_C_ACCEPT_STREAM_WAIT(a) 2246 OP_C_FREE_STREAM(a) 2247 OP_C_ACCEPT_STREAM_NONE() 2248 2249 OP_CHECK(check_stream_stopped, S_BIDI_ID(0)) 2250 2251 OP_END 2252 }; 2253 2254 /* 7. Unidirectional default stream mode test (client sends first) */ 2255 static const struct script_op script_7[] = { 2256 OP_C_SET_ALPN("ossltest") 2257 OP_C_CONNECT_WAIT() 2258 2259 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_AUTO_UNI) 2260 OP_C_WRITE(DEFAULT, "apple", 5) 2261 2262 OP_S_BIND_STREAM_ID(a, C_UNI_ID(0)) 2263 OP_S_READ_EXPECT(a, "apple", 5) 2264 OP_S_WRITE_FAIL(a) 2265 2266 OP_END 2267 }; 2268 2269 /* 8. Unidirectional default stream mode test (server sends first) */ 2270 static const struct script_op script_8[] = { 2271 OP_C_SET_ALPN("ossltest") 2272 OP_C_CONNECT_WAIT() 2273 2274 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_AUTO_UNI) 2275 OP_S_NEW_STREAM_UNI(a, S_UNI_ID(0)) 2276 OP_S_WRITE(a, "apple", 5) 2277 OP_C_READ_EXPECT(DEFAULT, "apple", 5) 2278 OP_C_WRITE_FAIL(DEFAULT) 2279 2280 OP_END 2281 }; 2282 2283 /* 9. Unidirectional default stream mode test (server sends first on bidi) */ 2284 static const struct script_op script_9[] = { 2285 OP_C_SET_ALPN("ossltest") 2286 OP_C_CONNECT_WAIT() 2287 2288 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_AUTO_UNI) 2289 OP_S_NEW_STREAM_BIDI(a, S_BIDI_ID(0)) 2290 OP_S_WRITE(a, "apple", 5) 2291 OP_C_READ_EXPECT(DEFAULT, "apple", 5) 2292 OP_C_WRITE(DEFAULT, "orange", 6) 2293 OP_S_READ_EXPECT(a, "orange", 6) 2294 2295 OP_END 2296 }; 2297 2298 /* 10. Shutdown */ 2299 static const struct script_op script_10[] = { 2300 OP_C_SET_ALPN("ossltest") 2301 OP_C_CONNECT_WAIT() 2302 2303 OP_C_WRITE(DEFAULT, "apple", 5) 2304 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 2305 OP_S_READ_EXPECT(a, "apple", 5) 2306 2307 OP_C_SHUTDOWN_WAIT(NULL, 0) 2308 OP_C_EXPECT_CONN_CLOSE_INFO(0, 1, 0) 2309 OP_S_EXPECT_CONN_CLOSE_INFO(0, 1, 1) 2310 2311 OP_END 2312 }; 2313 2314 /* 11. Many threads accepted on the same client connection */ 2315 static const struct script_op script_11_child[] = { 2316 OP_C_ACCEPT_STREAM_WAIT(a) 2317 OP_C_READ_EXPECT(a, "foo", 3) 2318 OP_SLEEP(10) 2319 OP_C_EXPECT_FIN(a) 2320 2321 OP_END 2322 }; 2323 2324 static const struct script_op script_11[] = { 2325 OP_C_SET_ALPN("ossltest") 2326 OP_C_CONNECT_WAIT() 2327 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 2328 2329 OP_NEW_THREAD(5, script_11_child) 2330 2331 OP_S_NEW_STREAM_BIDI(a, ANY_ID) 2332 OP_S_WRITE(a, "foo", 3) 2333 OP_S_CONCLUDE(a) 2334 2335 OP_S_NEW_STREAM_BIDI(b, ANY_ID) 2336 OP_S_WRITE(b, "foo", 3) 2337 OP_S_CONCLUDE(b) 2338 2339 OP_S_NEW_STREAM_BIDI(c, ANY_ID) 2340 OP_S_WRITE(c, "foo", 3) 2341 OP_S_CONCLUDE(c) 2342 2343 OP_S_NEW_STREAM_BIDI(d, ANY_ID) 2344 OP_S_WRITE(d, "foo", 3) 2345 OP_S_CONCLUDE(d) 2346 2347 OP_S_NEW_STREAM_BIDI(e, ANY_ID) 2348 OP_S_WRITE(e, "foo", 3) 2349 OP_S_CONCLUDE(e) 2350 2351 OP_END 2352 }; 2353 2354 /* 12. Many threads initiated on the same client connection */ 2355 static const struct script_op script_12_child[] = { 2356 OP_C_NEW_STREAM_BIDI(a, ANY_ID) 2357 OP_C_WRITE(a, "foo", 3) 2358 OP_C_CONCLUDE(a) 2359 OP_C_FREE_STREAM(a) 2360 2361 OP_END 2362 }; 2363 2364 static const struct script_op script_12[] = { 2365 OP_C_SET_ALPN("ossltest") 2366 OP_C_CONNECT_WAIT() 2367 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 2368 2369 OP_NEW_THREAD(5, script_12_child) 2370 2371 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 2372 OP_S_READ_EXPECT(a, "foo", 3) 2373 OP_S_EXPECT_FIN(a) 2374 OP_S_BIND_STREAM_ID(b, C_BIDI_ID(1)) 2375 OP_S_READ_EXPECT(b, "foo", 3) 2376 OP_S_EXPECT_FIN(b) 2377 OP_S_BIND_STREAM_ID(c, C_BIDI_ID(2)) 2378 OP_S_READ_EXPECT(c, "foo", 3) 2379 OP_S_EXPECT_FIN(c) 2380 OP_S_BIND_STREAM_ID(d, C_BIDI_ID(3)) 2381 OP_S_READ_EXPECT(d, "foo", 3) 2382 OP_S_EXPECT_FIN(d) 2383 OP_S_BIND_STREAM_ID(e, C_BIDI_ID(4)) 2384 OP_S_READ_EXPECT(e, "foo", 3) 2385 OP_S_EXPECT_FIN(e) 2386 2387 OP_END 2388 }; 2389 2390 /* 13. Many threads accepted on the same client connection (stress test) */ 2391 static const struct script_op script_13_child[] = { 2392 OP_BEGIN_REPEAT(10) 2393 2394 OP_C_ACCEPT_STREAM_WAIT(a) 2395 OP_C_READ_EXPECT(a, "foo", 3) 2396 OP_C_EXPECT_FIN(a) 2397 OP_C_FREE_STREAM(a) 2398 2399 OP_END_REPEAT() 2400 2401 OP_END 2402 }; 2403 2404 static const struct script_op script_13[] = { 2405 OP_C_SET_ALPN("ossltest") 2406 OP_C_CONNECT_WAIT() 2407 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 2408 2409 OP_NEW_THREAD(5, script_13_child) 2410 2411 OP_BEGIN_REPEAT(50) 2412 2413 OP_S_NEW_STREAM_BIDI(a, ANY_ID) 2414 OP_S_WRITE(a, "foo", 3) 2415 OP_S_CONCLUDE(a) 2416 OP_S_UNBIND_STREAM_ID(a) 2417 2418 OP_END_REPEAT() 2419 2420 OP_END 2421 }; 2422 2423 /* 14. Many threads initiating on the same client connection (stress test) */ 2424 static const struct script_op script_14_child[] = { 2425 OP_BEGIN_REPEAT(10) 2426 2427 OP_C_NEW_STREAM_BIDI(a, ANY_ID) 2428 OP_C_WRITE(a, "foo", 3) 2429 OP_C_CONCLUDE(a) 2430 OP_C_FREE_STREAM(a) 2431 2432 OP_END_REPEAT() 2433 2434 OP_END 2435 }; 2436 2437 static const struct script_op script_14[] = { 2438 OP_C_SET_ALPN("ossltest") 2439 OP_C_CONNECT_WAIT() 2440 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 2441 2442 OP_NEW_THREAD(5, script_14_child) 2443 2444 OP_BEGIN_REPEAT(50) 2445 2446 OP_S_ACCEPT_STREAM_WAIT(a) 2447 OP_S_READ_EXPECT(a, "foo", 3) 2448 OP_S_EXPECT_FIN(a) 2449 OP_S_UNBIND_STREAM_ID(a) 2450 2451 OP_END_REPEAT() 2452 2453 OP_END 2454 }; 2455 2456 /* 15. Client sending large number of streams, MAX_STREAMS test */ 2457 static const struct script_op script_15[] = { 2458 OP_C_SET_ALPN("ossltest") 2459 OP_C_CONNECT_WAIT() 2460 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 2461 2462 /* 2463 * This will cause a protocol violation to be raised by the server if we are 2464 * not handling the stream limit correctly on the TX side. 2465 */ 2466 OP_BEGIN_REPEAT(200) 2467 2468 OP_C_NEW_STREAM_BIDI_EX(a, ANY_ID, SSL_STREAM_FLAG_ADVANCE) 2469 OP_C_WRITE(a, "foo", 3) 2470 OP_C_CONCLUDE(a) 2471 OP_C_FREE_STREAM(a) 2472 2473 OP_END_REPEAT() 2474 2475 /* Prove the connection is still good. */ 2476 OP_S_NEW_STREAM_BIDI(a, S_BIDI_ID(0)) 2477 OP_S_WRITE(a, "bar", 3) 2478 OP_S_CONCLUDE(a) 2479 2480 OP_C_ACCEPT_STREAM_WAIT(a) 2481 OP_C_READ_EXPECT(a, "bar", 3) 2482 OP_C_EXPECT_FIN(a) 2483 2484 /* 2485 * Drain the queue of incoming streams. We should be able to get all 200 2486 * even though only 100 can be initiated at a time. 2487 */ 2488 OP_BEGIN_REPEAT(200) 2489 2490 OP_S_ACCEPT_STREAM_WAIT(b) 2491 OP_S_READ_EXPECT(b, "foo", 3) 2492 OP_S_EXPECT_FIN(b) 2493 OP_S_UNBIND_STREAM_ID(b) 2494 2495 OP_END_REPEAT() 2496 2497 OP_END 2498 }; 2499 2500 /* 16. Server sending large number of streams, MAX_STREAMS test */ 2501 static const struct script_op script_16[] = { 2502 OP_C_SET_ALPN("ossltest") 2503 OP_C_CONNECT_WAIT() 2504 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 2505 2506 /* 2507 * This will cause a protocol violation to be raised by the client if we are 2508 * not handling the stream limit correctly on the TX side. 2509 */ 2510 OP_BEGIN_REPEAT(200) 2511 2512 OP_S_NEW_STREAM_BIDI(a, ANY_ID) 2513 OP_S_WRITE(a, "foo", 3) 2514 OP_S_CONCLUDE(a) 2515 OP_S_UNBIND_STREAM_ID(a) 2516 2517 OP_END_REPEAT() 2518 2519 /* Prove that the connection is still good. */ 2520 OP_C_NEW_STREAM_BIDI(a, ANY_ID) 2521 OP_C_WRITE(a, "bar", 3) 2522 OP_C_CONCLUDE(a) 2523 2524 OP_S_ACCEPT_STREAM_WAIT(b) 2525 OP_S_READ_EXPECT(b, "bar", 3) 2526 OP_S_EXPECT_FIN(b) 2527 2528 /* Drain the queue of incoming streams. */ 2529 OP_BEGIN_REPEAT(200) 2530 2531 OP_C_ACCEPT_STREAM_WAIT(b) 2532 OP_C_READ_EXPECT(b, "foo", 3) 2533 OP_C_EXPECT_FIN(b) 2534 OP_C_FREE_STREAM(b) 2535 2536 OP_END_REPEAT() 2537 2538 OP_END 2539 }; 2540 2541 /* 17. Key update test - unlimited */ 2542 static const struct script_op script_17[] = { 2543 OP_C_SET_ALPN("ossltest") 2544 OP_C_CONNECT_WAIT() 2545 2546 OP_C_WRITE(DEFAULT, "apple", 5) 2547 2548 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 2549 OP_S_READ_EXPECT(a, "apple", 5) 2550 2551 OP_CHECK(override_key_update, 1) 2552 2553 OP_BEGIN_REPEAT(200) 2554 2555 OP_C_WRITE(DEFAULT, "apple", 5) 2556 OP_S_READ_EXPECT(a, "apple", 5) 2557 2558 /* 2559 * TXKU frequency is bounded by RTT because a previous TXKU needs to be 2560 * acknowledged by the peer first before another one can be begin. By 2561 * waiting this long, we eliminate any such concern and ensure as many key 2562 * updates as possible can occur for the purposes of this test. 2563 */ 2564 OP_CHECK(skip_time_ms, 100) 2565 2566 OP_END_REPEAT() 2567 2568 /* At least 5 RXKUs detected */ 2569 OP_CHECK(check_key_update_ge, 5) 2570 2571 /* 2572 * Prove the connection is still healthy by sending something in both 2573 * directions. 2574 */ 2575 OP_C_WRITE(DEFAULT, "xyzzy", 5) 2576 OP_S_READ_EXPECT(a, "xyzzy", 5) 2577 2578 OP_S_WRITE(a, "plugh", 5) 2579 OP_C_READ_EXPECT(DEFAULT, "plugh", 5) 2580 2581 OP_END 2582 }; 2583 2584 /* 18. Key update test - RTT-bounded */ 2585 static const struct script_op script_18[] = { 2586 OP_C_SET_ALPN("ossltest") 2587 OP_C_CONNECT_WAIT() 2588 2589 OP_C_WRITE(DEFAULT, "apple", 5) 2590 2591 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 2592 OP_S_READ_EXPECT(a, "apple", 5) 2593 2594 OP_CHECK(override_key_update, 1) 2595 2596 OP_BEGIN_REPEAT(200) 2597 2598 OP_C_WRITE(DEFAULT, "apple", 5) 2599 OP_S_READ_EXPECT(a, "apple", 5) 2600 OP_CHECK(skip_time_ms, 8) 2601 2602 OP_END_REPEAT() 2603 2604 /* 2605 * This time we simulate far less time passing between writes, so there are 2606 * fewer opportunities to initiate TXKUs. Note that we ask for a TXKU every 2607 * 1 packet above, which is absurd; thus this ensures we only actually 2608 * generate TXKUs when we are allowed to. 2609 */ 2610 OP_CHECK(check_key_update_lt, 240) 2611 2612 /* 2613 * Prove the connection is still healthy by sending something in both 2614 * directions. 2615 */ 2616 OP_C_WRITE(DEFAULT, "xyzzy", 5) 2617 OP_S_READ_EXPECT(a, "xyzzy", 5) 2618 2619 OP_S_WRITE(a, "plugh", 5) 2620 OP_C_READ_EXPECT(DEFAULT, "plugh", 5) 2621 2622 OP_END 2623 }; 2624 2625 /* 19. Key update test - artificially triggered */ 2626 static const struct script_op script_19[] = { 2627 OP_C_SET_ALPN("ossltest") 2628 OP_C_CONNECT_WAIT() 2629 2630 OP_C_WRITE(DEFAULT, "apple", 5) 2631 2632 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 2633 OP_S_READ_EXPECT(a, "apple", 5) 2634 2635 OP_C_WRITE(DEFAULT, "orange", 6) 2636 OP_S_READ_EXPECT(a, "orange", 6) 2637 2638 OP_S_WRITE(a, "strawberry", 10) 2639 OP_C_READ_EXPECT(DEFAULT, "strawberry", 10) 2640 2641 OP_CHECK(check_key_update_lt, 1) 2642 OP_CHECK(trigger_key_update, 0) 2643 2644 OP_C_WRITE(DEFAULT, "orange", 6) 2645 OP_S_READ_EXPECT(a, "orange", 6) 2646 OP_S_WRITE(a, "ok", 2) 2647 2648 OP_C_READ_EXPECT(DEFAULT, "ok", 2) 2649 OP_CHECK(check_key_update_ge, 1) 2650 2651 OP_END 2652 }; 2653 2654 /* 20. Multiple threads accept stream with socket forcibly closed (error test) */ 2655 static int script_20_trigger(struct helper *h, volatile uint64_t *counter) 2656 { 2657 #if defined(OPENSSL_THREADS) 2658 ossl_crypto_mutex_lock(h->misc_m); 2659 ++*counter; 2660 ossl_crypto_condvar_broadcast(h->misc_cv); 2661 ossl_crypto_mutex_unlock(h->misc_m); 2662 #endif 2663 return 1; 2664 } 2665 2666 static int script_20_wait(struct helper *h, volatile uint64_t *counter, uint64_t threshold) 2667 { 2668 #if defined(OPENSSL_THREADS) 2669 int stop = 0; 2670 2671 ossl_crypto_mutex_lock(h->misc_m); 2672 while (!stop) { 2673 stop = (*counter >= threshold); 2674 if (stop) 2675 break; 2676 2677 ossl_crypto_condvar_wait(h->misc_cv, h->misc_m); 2678 } 2679 2680 ossl_crypto_mutex_unlock(h->misc_m); 2681 #endif 2682 return 1; 2683 } 2684 2685 static int script_20_trigger1(struct helper *h, struct helper_local *hl) 2686 { 2687 return script_20_trigger(h, &h->scratch0); 2688 } 2689 2690 static int script_20_wait1(struct helper *h, struct helper_local *hl) 2691 { 2692 return script_20_wait(h, &h->scratch0, hl->check_op->arg2); 2693 } 2694 2695 static int script_20_trigger2(struct helper *h, struct helper_local *hl) 2696 { 2697 return script_20_trigger(h, &h->scratch1); 2698 } 2699 2700 static int script_20_wait2(struct helper *h, struct helper_local *hl) 2701 { 2702 return script_20_wait(h, &h->scratch1, hl->check_op->arg2); 2703 } 2704 2705 static const struct script_op script_20_child[] = { 2706 OP_C_ACCEPT_STREAM_WAIT(a) 2707 OP_C_READ_EXPECT(a, "foo", 3) 2708 2709 OP_CHECK(script_20_trigger1, 0) 2710 OP_CHECK(script_20_wait2, 1) 2711 2712 OP_C_READ_FAIL_WAIT(a) 2713 OP_C_EXPECT_SSL_ERR(a, SSL_ERROR_SYSCALL) 2714 2715 OP_EXPECT_ERR_LIB(ERR_LIB_SSL) 2716 OP_EXPECT_ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN) 2717 2718 OP_POP_ERR() 2719 OP_EXPECT_ERR_LIB(ERR_LIB_SSL) 2720 OP_EXPECT_ERR_REASON(SSL_R_QUIC_NETWORK_ERROR) 2721 2722 OP_C_FREE_STREAM(a) 2723 2724 OP_END 2725 }; 2726 2727 static const struct script_op script_20[] = { 2728 OP_C_SET_ALPN("ossltest") 2729 OP_C_CONNECT_WAIT() 2730 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 2731 2732 OP_NEW_THREAD(5, script_20_child) 2733 2734 OP_BEGIN_REPEAT(5) 2735 2736 OP_S_NEW_STREAM_BIDI(a, ANY_ID) 2737 OP_S_WRITE(a, "foo", 3) 2738 OP_S_UNBIND_STREAM_ID(a) 2739 2740 OP_END_REPEAT() 2741 2742 OP_CHECK(script_20_wait1, 5) 2743 2744 OP_C_CLOSE_SOCKET() 2745 OP_CHECK(script_20_trigger2, 0) 2746 2747 OP_END 2748 }; 2749 2750 /* 21. Fault injection - unknown frame in 1-RTT packet */ 2751 static int script_21_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr, 2752 unsigned char *buf, size_t len) 2753 { 2754 int ok = 0; 2755 WPACKET wpkt; 2756 unsigned char frame_buf[21]; 2757 size_t written; 2758 2759 if (h->inject_word0 == 0 || hdr->type != h->inject_word0) 2760 return 1; 2761 2762 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf, 2763 sizeof(frame_buf), 0))) 2764 return 0; 2765 2766 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word1))) 2767 goto err; 2768 2769 switch (h->inject_word1) { 2770 case OSSL_QUIC_FRAME_TYPE_PATH_CHALLENGE: 2771 case OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE: 2772 case OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID: 2773 /* 2774 * These cases to be formatted properly need a single uint64_t 2775 */ 2776 if (!TEST_true(WPACKET_put_bytes_u64(&wpkt, (uint64_t)0))) 2777 goto err; 2778 break; 2779 case OSSL_QUIC_FRAME_TYPE_MAX_DATA: 2780 case OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_UNI: 2781 case OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_BIDI: 2782 case OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_BIDI: 2783 case OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_UNI: 2784 case OSSL_QUIC_FRAME_TYPE_DATA_BLOCKED: 2785 /* 2786 * These cases require a single vlint 2787 */ 2788 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, (uint64_t)0))) 2789 goto err; 2790 break; 2791 case OSSL_QUIC_FRAME_TYPE_STOP_SENDING: 2792 case OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA: 2793 case OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED: 2794 /* 2795 * These cases require 2 variable integers 2796 */ 2797 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, (uint64_t)0))) 2798 goto err; 2799 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, (uint64_t)0))) 2800 goto err; 2801 break; 2802 case OSSL_QUIC_FRAME_TYPE_STREAM: 2803 case OSSL_QUIC_FRAME_TYPE_RESET_STREAM: 2804 case OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_APP: 2805 /* 2806 * These cases require 3 variable integers 2807 */ 2808 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, (uint64_t)0))) 2809 goto err; 2810 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, (uint64_t)0))) 2811 goto err; 2812 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, (uint64_t)0))) 2813 goto err; 2814 break; 2815 case OSSL_QUIC_FRAME_TYPE_NEW_TOKEN: 2816 /* 2817 * Special case for new token 2818 */ 2819 2820 /* New token length, cannot be zero */ 2821 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, (uint64_t)1))) 2822 goto err; 2823 2824 /* 1 bytes of token data, to match the above length */ 2825 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, (uint8_t)0))) 2826 goto err; 2827 break; 2828 case OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID: 2829 /* 2830 * Special case for New Connection ids, has a combination 2831 * of vlints and fixed width values 2832 */ 2833 2834 /* seq number */ 2835 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, (uint64_t)0))) 2836 goto err; 2837 2838 /* retire prior to */ 2839 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, (uint64_t)0))) 2840 goto err; 2841 2842 /* Connection id length, arbitrary at 1 bytes */ 2843 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, (uint8_t)1))) 2844 goto err; 2845 2846 /* The connection id, to match the above length */ 2847 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, (uint8_t)0))) 2848 goto err; 2849 2850 /* 16 bytes total for the SRT */ 2851 if (!TEST_true(WPACKET_memset(&wpkt, 0, 16))) 2852 goto err; 2853 2854 break; 2855 } 2856 2857 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written))) 2858 goto err; 2859 2860 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written)) 2861 goto err; 2862 2863 ok = 1; 2864 err: 2865 if (ok) 2866 WPACKET_finish(&wpkt); 2867 else 2868 WPACKET_cleanup(&wpkt); 2869 return ok; 2870 } 2871 2872 static const struct script_op script_21[] = { 2873 OP_S_SET_INJECT_PLAIN(script_21_inject_plain) 2874 OP_C_SET_ALPN("ossltest") 2875 OP_C_CONNECT_WAIT() 2876 2877 OP_C_WRITE(DEFAULT, "apple", 5) 2878 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 2879 OP_S_READ_EXPECT(a, "apple", 5) 2880 2881 OP_SET_INJECT_WORD(QUIC_PKT_TYPE_1RTT, OSSL_QUIC_VLINT_MAX) 2882 2883 OP_S_WRITE(a, "orange", 6) 2884 2885 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR, 0, 0) 2886 2887 OP_END 2888 }; 2889 2890 /* 22. Fault injection - non-zero packet header reserved bits */ 2891 static int script_22_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr, 2892 unsigned char *buf, size_t len) 2893 { 2894 if (h->inject_word0 == 0) 2895 return 1; 2896 2897 hdr->reserved = 1; 2898 return 1; 2899 } 2900 2901 static const struct script_op script_22[] = { 2902 OP_S_SET_INJECT_PLAIN(script_22_inject_plain) 2903 OP_C_SET_ALPN("ossltest") 2904 OP_C_CONNECT_WAIT() 2905 2906 OP_C_WRITE(DEFAULT, "apple", 5) 2907 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 2908 OP_S_READ_EXPECT(a, "apple", 5) 2909 2910 OP_SET_INJECT_WORD(1, 0) 2911 2912 OP_S_WRITE(a, "orange", 6) 2913 2914 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_PROTOCOL_VIOLATION, 0, 0) 2915 2916 OP_END 2917 }; 2918 2919 /* 23. Fault injection - empty NEW_TOKEN */ 2920 static int script_23_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr, 2921 unsigned char *buf, size_t len) 2922 { 2923 int ok = 0; 2924 WPACKET wpkt; 2925 unsigned char frame_buf[16]; 2926 size_t written; 2927 2928 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT) 2929 return 1; 2930 2931 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf, 2932 sizeof(frame_buf), 0))) 2933 return 0; 2934 2935 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_FRAME_TYPE_NEW_TOKEN)) 2936 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, 0))) 2937 goto err; 2938 2939 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written))) 2940 goto err; 2941 2942 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written)) 2943 goto err; 2944 2945 ok = 1; 2946 err: 2947 if (ok) 2948 WPACKET_finish(&wpkt); 2949 else 2950 WPACKET_cleanup(&wpkt); 2951 return ok; 2952 } 2953 2954 static const struct script_op script_23[] = { 2955 OP_S_SET_INJECT_PLAIN(script_23_inject_plain) 2956 OP_C_SET_ALPN("ossltest") 2957 OP_C_CONNECT_WAIT() 2958 2959 OP_C_WRITE(DEFAULT, "apple", 5) 2960 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 2961 OP_S_READ_EXPECT(a, "apple", 5) 2962 2963 OP_SET_INJECT_WORD(1, 0) 2964 2965 OP_S_WRITE(a, "orange", 6) 2966 2967 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR, 0, 0) 2968 2969 OP_END 2970 }; 2971 2972 /* 24. Fault injection - excess value of MAX_STREAMS_BIDI */ 2973 static int script_24_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr, 2974 unsigned char *buf, size_t len) 2975 { 2976 int ok = 0; 2977 WPACKET wpkt; 2978 unsigned char frame_buf[16]; 2979 size_t written; 2980 2981 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT) 2982 return 1; 2983 2984 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf, 2985 sizeof(frame_buf), 0))) 2986 return 0; 2987 2988 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word1)) 2989 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, (((uint64_t)1) << 60) + 1))) 2990 goto err; 2991 2992 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written))) 2993 goto err; 2994 2995 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written)) 2996 goto err; 2997 2998 ok = 1; 2999 err: 3000 if (ok) 3001 WPACKET_finish(&wpkt); 3002 else 3003 WPACKET_cleanup(&wpkt); 3004 return ok; 3005 } 3006 3007 static const struct script_op script_24[] = { 3008 OP_S_SET_INJECT_PLAIN(script_24_inject_plain) 3009 OP_C_SET_ALPN("ossltest") 3010 OP_C_CONNECT_WAIT() 3011 3012 OP_C_WRITE(DEFAULT, "apple", 5) 3013 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 3014 OP_S_READ_EXPECT(a, "apple", 5) 3015 3016 OP_SET_INJECT_WORD(1, OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_BIDI) 3017 3018 OP_S_WRITE(a, "orange", 6) 3019 3020 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR, 0, 0) 3021 3022 OP_END 3023 }; 3024 3025 /* 25. Fault injection - excess value of MAX_STREAMS_UNI */ 3026 static const struct script_op script_25[] = { 3027 OP_S_SET_INJECT_PLAIN(script_24_inject_plain) 3028 OP_C_SET_ALPN("ossltest") 3029 OP_C_CONNECT_WAIT() 3030 3031 OP_C_WRITE(DEFAULT, "apple", 5) 3032 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 3033 OP_S_READ_EXPECT(a, "apple", 5) 3034 3035 OP_SET_INJECT_WORD(1, OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_UNI) 3036 3037 OP_S_WRITE(a, "orange", 6) 3038 3039 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR, 0, 0) 3040 3041 OP_END 3042 }; 3043 3044 /* 26. Fault injection - excess value of STREAMS_BLOCKED_BIDI */ 3045 static const struct script_op script_26[] = { 3046 OP_S_SET_INJECT_PLAIN(script_24_inject_plain) 3047 OP_C_SET_ALPN("ossltest") 3048 OP_C_CONNECT_WAIT() 3049 3050 OP_C_WRITE(DEFAULT, "apple", 5) 3051 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 3052 OP_S_READ_EXPECT(a, "apple", 5) 3053 3054 OP_SET_INJECT_WORD(1, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_BIDI) 3055 3056 OP_S_WRITE(a, "orange", 6) 3057 3058 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_LIMIT_ERROR, 0, 0) 3059 3060 OP_END 3061 }; 3062 3063 /* 27. Fault injection - excess value of STREAMS_BLOCKED_UNI */ 3064 static const struct script_op script_27[] = { 3065 OP_S_SET_INJECT_PLAIN(script_24_inject_plain) 3066 OP_C_SET_ALPN("ossltest") 3067 OP_C_CONNECT_WAIT() 3068 3069 OP_C_WRITE(DEFAULT, "apple", 5) 3070 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 3071 OP_S_READ_EXPECT(a, "apple", 5) 3072 3073 OP_SET_INJECT_WORD(1, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_UNI) 3074 3075 OP_S_WRITE(a, "orange", 6) 3076 3077 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_LIMIT_ERROR, 0, 0) 3078 3079 OP_END 3080 }; 3081 3082 /* 28. Fault injection - received RESET_STREAM for send-only stream */ 3083 static int script_28_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr, 3084 unsigned char *buf, size_t len) 3085 { 3086 int ok = 0; 3087 WPACKET wpkt; 3088 unsigned char frame_buf[32]; 3089 size_t written; 3090 3091 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT) 3092 return 1; 3093 3094 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf, 3095 sizeof(frame_buf), 0))) 3096 return 0; 3097 3098 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word1)) 3099 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, /* stream ID */ 3100 h->inject_word0 - 1)) 3101 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, 123)) 3102 || (h->inject_word1 == OSSL_QUIC_FRAME_TYPE_RESET_STREAM 3103 && !TEST_true(WPACKET_quic_write_vlint(&wpkt, 5)))) /* final size */ 3104 goto err; 3105 3106 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written))) 3107 goto err; 3108 3109 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written)) 3110 goto err; 3111 3112 ok = 1; 3113 err: 3114 if (ok) 3115 WPACKET_finish(&wpkt); 3116 else 3117 WPACKET_cleanup(&wpkt); 3118 return ok; 3119 } 3120 3121 static const struct script_op script_28[] = { 3122 OP_S_SET_INJECT_PLAIN(script_28_inject_plain) 3123 OP_C_SET_ALPN("ossltest") 3124 OP_C_CONNECT_WAIT() 3125 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 3126 3127 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0)) 3128 OP_C_WRITE(a, "orange", 6) 3129 3130 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 3131 OP_S_READ_EXPECT(a, "orange", 6) 3132 3133 OP_C_NEW_STREAM_UNI(b, C_UNI_ID(0)) 3134 OP_C_WRITE(b, "apple", 5) 3135 3136 OP_S_BIND_STREAM_ID(b, C_UNI_ID(0)) 3137 OP_S_READ_EXPECT(b, "apple", 5) 3138 3139 OP_SET_INJECT_WORD(C_UNI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_RESET_STREAM) 3140 OP_S_WRITE(a, "fruit", 5) 3141 3142 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR, 0, 0) 3143 3144 OP_END 3145 }; 3146 3147 /* 29. Fault injection - received RESET_STREAM for nonexistent send-only stream */ 3148 static const struct script_op script_29[] = { 3149 OP_S_SET_INJECT_PLAIN(script_28_inject_plain) 3150 OP_C_SET_ALPN("ossltest") 3151 OP_C_CONNECT_WAIT() 3152 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 3153 3154 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0)) 3155 OP_C_WRITE(a, "orange", 6) 3156 3157 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 3158 OP_S_READ_EXPECT(a, "orange", 6) 3159 3160 OP_C_NEW_STREAM_UNI(b, C_UNI_ID(0)) 3161 OP_C_WRITE(b, "apple", 5) 3162 3163 OP_S_BIND_STREAM_ID(b, C_UNI_ID(0)) 3164 OP_S_READ_EXPECT(b, "apple", 5) 3165 3166 OP_SET_INJECT_WORD(C_UNI_ID(1) + 1, OSSL_QUIC_FRAME_TYPE_RESET_STREAM) 3167 OP_S_WRITE(a, "fruit", 5) 3168 3169 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR, 0, 0) 3170 3171 OP_END 3172 }; 3173 3174 /* 30. Fault injection - received STOP_SENDING for receive-only stream */ 3175 static const struct script_op script_30[] = { 3176 OP_S_SET_INJECT_PLAIN(script_28_inject_plain) 3177 OP_C_SET_ALPN("ossltest") 3178 OP_C_CONNECT_WAIT() 3179 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 3180 3181 OP_S_NEW_STREAM_UNI(a, S_UNI_ID(0)) 3182 OP_S_WRITE(a, "apple", 5) 3183 3184 OP_C_ACCEPT_STREAM_WAIT(a) 3185 OP_C_READ_EXPECT(a, "apple", 5) 3186 3187 OP_SET_INJECT_WORD(S_UNI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_STOP_SENDING) 3188 OP_S_WRITE(a, "orange", 6) 3189 3190 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR, 0, 0) 3191 3192 OP_END 3193 }; 3194 3195 /* 31. Fault injection - received STOP_SENDING for nonexistent receive-only stream */ 3196 static const struct script_op script_31[] = { 3197 OP_S_SET_INJECT_PLAIN(script_28_inject_plain) 3198 OP_C_SET_ALPN("ossltest") 3199 OP_C_CONNECT_WAIT() 3200 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 3201 3202 OP_S_NEW_STREAM_UNI(a, S_UNI_ID(0)) 3203 OP_S_WRITE(a, "apple", 5) 3204 3205 OP_C_ACCEPT_STREAM_WAIT(a) 3206 OP_C_READ_EXPECT(a, "apple", 5) 3207 3208 OP_SET_INJECT_WORD(C_UNI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_STOP_SENDING) 3209 OP_S_WRITE(a, "orange", 6) 3210 3211 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR, 0, 0) 3212 3213 OP_END 3214 }; 3215 3216 /* 32. Fault injection - STREAM frame for nonexistent stream */ 3217 static int script_32_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr, 3218 unsigned char *buf, size_t len) 3219 { 3220 int ok = 0; 3221 WPACKET wpkt; 3222 unsigned char frame_buf[64]; 3223 size_t written; 3224 uint64_t type = OSSL_QUIC_FRAME_TYPE_STREAM_OFF_LEN, offset, flen, i; 3225 3226 if (hdr->type != QUIC_PKT_TYPE_1RTT) 3227 return 1; 3228 3229 switch (h->inject_word1) { 3230 default: 3231 return 0; 3232 case 0: 3233 return 1; 3234 case 1: 3235 offset = 0; 3236 flen = 0; 3237 break; 3238 case 2: 3239 offset = (((uint64_t)1) << 62) - 1; 3240 flen = 5; 3241 break; 3242 case 3: 3243 offset = 1 * 1024 * 1024 * 1024; /* 1G */ 3244 flen = 5; 3245 break; 3246 case 4: 3247 offset = 0; 3248 flen = 1; 3249 break; 3250 } 3251 3252 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf, 3253 sizeof(frame_buf), 0))) 3254 return 0; 3255 3256 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, type)) 3257 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, /* stream ID */ 3258 h->inject_word0 - 1)) 3259 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, offset)) 3260 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, flen))) 3261 goto err; 3262 3263 for (i = 0; i < flen; ++i) 3264 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x42))) 3265 goto err; 3266 3267 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written))) 3268 goto err; 3269 3270 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written)) 3271 goto err; 3272 3273 ok = 1; 3274 err: 3275 if (ok) 3276 WPACKET_finish(&wpkt); 3277 else 3278 WPACKET_cleanup(&wpkt); 3279 return ok; 3280 } 3281 3282 static const struct script_op script_32[] = { 3283 OP_S_SET_INJECT_PLAIN(script_32_inject_plain) 3284 OP_C_SET_ALPN("ossltest") 3285 OP_C_CONNECT_WAIT() 3286 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 3287 3288 OP_S_NEW_STREAM_UNI(a, S_UNI_ID(0)) 3289 OP_S_WRITE(a, "apple", 5) 3290 3291 OP_C_ACCEPT_STREAM_WAIT(a) 3292 OP_C_READ_EXPECT(a, "apple", 5) 3293 3294 OP_SET_INJECT_WORD(C_UNI_ID(0) + 1, 1) 3295 OP_S_WRITE(a, "orange", 6) 3296 3297 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR, 0, 0) 3298 3299 OP_END 3300 }; 3301 3302 /* 33. Fault injection - STREAM frame with illegal offset */ 3303 static const struct script_op script_33[] = { 3304 OP_S_SET_INJECT_PLAIN(script_32_inject_plain) 3305 OP_C_SET_ALPN("ossltest") 3306 OP_C_CONNECT_WAIT() 3307 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 3308 3309 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0)) 3310 OP_C_WRITE(a, "apple", 5) 3311 3312 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 3313 OP_S_READ_EXPECT(a, "apple", 5) 3314 3315 OP_SET_INJECT_WORD(C_BIDI_ID(0) + 1, 2) 3316 OP_S_WRITE(a, "orange", 6) 3317 3318 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR, 0, 0) 3319 3320 OP_END 3321 }; 3322 3323 /* 34. Fault injection - STREAM frame which exceeds FC */ 3324 static const struct script_op script_34[] = { 3325 OP_S_SET_INJECT_PLAIN(script_32_inject_plain) 3326 OP_C_SET_ALPN("ossltest") 3327 OP_C_CONNECT_WAIT() 3328 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 3329 3330 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0)) 3331 OP_C_WRITE(a, "apple", 5) 3332 3333 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 3334 OP_S_READ_EXPECT(a, "apple", 5) 3335 3336 OP_SET_INJECT_WORD(C_BIDI_ID(0) + 1, 3) 3337 OP_S_WRITE(a, "orange", 6) 3338 3339 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FLOW_CONTROL_ERROR, 0, 0) 3340 3341 OP_END 3342 }; 3343 3344 /* 35. Fault injection - MAX_STREAM_DATA for receive-only stream */ 3345 static const struct script_op script_35[] = { 3346 OP_S_SET_INJECT_PLAIN(script_28_inject_plain) 3347 OP_C_SET_ALPN("ossltest") 3348 OP_C_CONNECT_WAIT() 3349 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 3350 3351 OP_S_NEW_STREAM_UNI(a, S_UNI_ID(0)) 3352 OP_S_WRITE(a, "apple", 5) 3353 3354 OP_C_ACCEPT_STREAM_WAIT(a) 3355 OP_C_READ_EXPECT(a, "apple", 5) 3356 3357 OP_SET_INJECT_WORD(S_UNI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA) 3358 OP_S_WRITE(a, "orange", 6) 3359 3360 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR, 0, 0) 3361 3362 OP_END 3363 }; 3364 3365 /* 36. Fault injection - MAX_STREAM_DATA for nonexistent stream */ 3366 static const struct script_op script_36[] = { 3367 OP_S_SET_INJECT_PLAIN(script_28_inject_plain) 3368 OP_C_SET_ALPN("ossltest") 3369 OP_C_CONNECT_WAIT() 3370 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 3371 3372 OP_S_NEW_STREAM_UNI(a, S_UNI_ID(0)) 3373 OP_S_WRITE(a, "apple", 5) 3374 3375 OP_C_ACCEPT_STREAM_WAIT(a) 3376 OP_C_READ_EXPECT(a, "apple", 5) 3377 3378 OP_SET_INJECT_WORD(C_BIDI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA) 3379 OP_S_WRITE(a, "orange", 6) 3380 3381 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR, 0, 0) 3382 3383 OP_END 3384 }; 3385 3386 /* 37. Fault injection - STREAM_DATA_BLOCKED for send-only stream */ 3387 static const struct script_op script_37[] = { 3388 OP_S_SET_INJECT_PLAIN(script_28_inject_plain) 3389 OP_C_SET_ALPN("ossltest") 3390 OP_C_CONNECT_WAIT() 3391 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 3392 3393 OP_C_NEW_STREAM_UNI(a, C_UNI_ID(0)) 3394 OP_C_WRITE(a, "apple", 5) 3395 3396 OP_S_BIND_STREAM_ID(a, C_UNI_ID(0)) 3397 OP_S_READ_EXPECT(a, "apple", 5) 3398 3399 OP_S_NEW_STREAM_UNI(b, S_UNI_ID(0)) 3400 OP_SET_INJECT_WORD(C_UNI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED) 3401 OP_S_WRITE(b, "orange", 5) 3402 3403 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR, 0, 0) 3404 3405 OP_END 3406 }; 3407 3408 /* 38. Fault injection - STREAM_DATA_BLOCKED for non-existent stream */ 3409 static const struct script_op script_38[] = { 3410 OP_S_SET_INJECT_PLAIN(script_28_inject_plain) 3411 OP_C_SET_ALPN("ossltest") 3412 OP_C_CONNECT_WAIT() 3413 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 3414 3415 OP_C_NEW_STREAM_UNI(a, C_UNI_ID(0)) 3416 OP_C_WRITE(a, "apple", 5) 3417 3418 OP_S_BIND_STREAM_ID(a, C_UNI_ID(0)) 3419 OP_S_READ_EXPECT(a, "apple", 5) 3420 3421 OP_SET_INJECT_WORD(C_BIDI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED) 3422 3423 OP_S_NEW_STREAM_UNI(b, S_UNI_ID(0)) 3424 OP_S_WRITE(b, "orange", 5) 3425 3426 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR, 0, 0) 3427 3428 OP_END 3429 }; 3430 3431 /* 39. Fault injection - NEW_CONN_ID with zero-len CID */ 3432 static int script_39_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr, 3433 unsigned char *buf, size_t len) 3434 { 3435 int ok = 0; 3436 WPACKET wpkt; 3437 unsigned char frame_buf[64]; 3438 size_t i, written; 3439 uint64_t seq_no = 0, retire_prior_to = 0; 3440 QUIC_CONN_ID new_cid = { 0 }; 3441 QUIC_CHANNEL *ch = ossl_quic_tserver_get_channel(h->s_priv); 3442 3443 if (hdr->type != QUIC_PKT_TYPE_1RTT) 3444 return 1; 3445 3446 switch (h->inject_word1) { 3447 case 0: 3448 return 1; 3449 case 1: 3450 new_cid.id_len = 0; 3451 break; 3452 case 2: 3453 new_cid.id_len = 21; 3454 break; 3455 case 3: 3456 new_cid.id_len = 1; 3457 new_cid.id[0] = 0x55; 3458 3459 seq_no = 0; 3460 retire_prior_to = 1; 3461 break; 3462 case 4: 3463 /* Use our actual CID so we don't break connectivity. */ 3464 ossl_quic_channel_get_diag_local_cid(ch, &new_cid); 3465 3466 seq_no = 2; 3467 retire_prior_to = 2; 3468 break; 3469 case 5: 3470 /* 3471 * Use a bogus CID which will need to be ignored if connectivity is to 3472 * be continued. 3473 */ 3474 new_cid.id_len = 8; 3475 new_cid.id[0] = 0x55; 3476 3477 seq_no = 1; 3478 retire_prior_to = 1; 3479 break; 3480 } 3481 3482 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf, 3483 sizeof(frame_buf), 0))) 3484 return 0; 3485 3486 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID)) 3487 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, seq_no)) /* seq no */ 3488 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, retire_prior_to)) /* retire prior to */ 3489 || !TEST_true(WPACKET_put_bytes_u8(&wpkt, new_cid.id_len))) /* len */ 3490 goto err; 3491 3492 for (i = 0; i < new_cid.id_len && i < OSSL_NELEM(new_cid.id); ++i) 3493 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, new_cid.id[i]))) 3494 goto err; 3495 3496 for (; i < new_cid.id_len; ++i) 3497 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x55))) 3498 goto err; 3499 3500 for (i = 0; i < QUIC_STATELESS_RESET_TOKEN_LEN; ++i) 3501 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x42))) 3502 goto err; 3503 3504 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written))) 3505 goto err; 3506 3507 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written)) 3508 goto err; 3509 3510 ok = 1; 3511 err: 3512 if (ok) 3513 WPACKET_finish(&wpkt); 3514 else 3515 WPACKET_cleanup(&wpkt); 3516 return ok; 3517 } 3518 3519 static const struct script_op script_39[] = { 3520 OP_S_SET_INJECT_PLAIN(script_39_inject_plain) 3521 OP_C_SET_ALPN("ossltest") 3522 OP_C_CONNECT_WAIT() 3523 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 3524 3525 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0)) 3526 OP_C_WRITE(a, "apple", 5) 3527 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 3528 OP_S_READ_EXPECT(a, "apple", 5) 3529 3530 OP_SET_INJECT_WORD(0, 1) 3531 OP_S_WRITE(a, "orange", 5) 3532 3533 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR, 0, 0) 3534 3535 OP_END 3536 }; 3537 3538 /* 40. Shutdown flush test */ 3539 static const unsigned char script_40_data[1024] = "strawberry"; 3540 3541 static const struct script_op script_40[] = { 3542 OP_C_SET_ALPN("ossltest") 3543 OP_C_CONNECT_WAIT() 3544 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 3545 3546 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0)) 3547 OP_C_WRITE(a, "apple", 5) 3548 3549 OP_C_INHIBIT_TICK(1) 3550 OP_C_SET_WRITE_BUF_SIZE(a, 1024 * 100 * 3) 3551 3552 OP_BEGIN_REPEAT(100) 3553 3554 OP_C_WRITE(a, script_40_data, sizeof(script_40_data)) 3555 3556 OP_END_REPEAT() 3557 3558 OP_C_CONCLUDE(a) 3559 OP_C_SHUTDOWN_WAIT(NULL, 0) /* disengages tick inhibition */ 3560 3561 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 3562 OP_S_READ_EXPECT(a, "apple", 5) 3563 3564 OP_BEGIN_REPEAT(100) 3565 3566 OP_S_READ_EXPECT(a, script_40_data, sizeof(script_40_data)) 3567 3568 OP_END_REPEAT() 3569 3570 OP_S_EXPECT_FIN(a) 3571 3572 OP_C_EXPECT_CONN_CLOSE_INFO(0, 1, 0) 3573 OP_S_EXPECT_CONN_CLOSE_INFO(0, 1, 1) 3574 3575 OP_END 3576 }; 3577 3578 /* 41. Fault injection - PATH_CHALLENGE yields PATH_RESPONSE */ 3579 static const uint64_t path_challenge = UINT64_C(0xbdeb9451169c83aa); 3580 3581 static int script_41_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr, 3582 unsigned char *buf, size_t len) 3583 { 3584 int ok = 0; 3585 WPACKET wpkt; 3586 unsigned char frame_buf[16]; 3587 size_t written; 3588 3589 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT) 3590 return 1; 3591 3592 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf, 3593 sizeof(frame_buf), 0))) 3594 return 0; 3595 3596 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word1)) 3597 || !TEST_true(WPACKET_put_bytes_u64(&wpkt, path_challenge))) 3598 goto err; 3599 3600 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written)) 3601 || !TEST_size_t_eq(written, 9)) 3602 goto err; 3603 3604 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written)) 3605 goto err; 3606 3607 --h->inject_word0; 3608 ok = 1; 3609 err: 3610 if (ok) 3611 WPACKET_finish(&wpkt); 3612 else 3613 WPACKET_cleanup(&wpkt); 3614 return ok; 3615 } 3616 3617 static void script_41_trace(int write_p, int version, int content_type, 3618 const void *buf, size_t len, SSL *ssl, void *arg) 3619 { 3620 uint64_t frame_type, frame_data; 3621 int was_minimal; 3622 struct helper *h = arg; 3623 PACKET pkt; 3624 3625 if (version != OSSL_QUIC1_VERSION 3626 || content_type != SSL3_RT_QUIC_FRAME_FULL 3627 || len < 1) 3628 return; 3629 3630 if (!TEST_true(PACKET_buf_init(&pkt, buf, len))) { 3631 ++h->scratch1; 3632 return; 3633 } 3634 3635 if (!TEST_true(ossl_quic_wire_peek_frame_header(&pkt, &frame_type, 3636 &was_minimal))) { 3637 ++h->scratch1; 3638 return; 3639 } 3640 3641 if (frame_type != OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE) 3642 return; 3643 3644 if (!TEST_true(ossl_quic_wire_decode_frame_path_response(&pkt, &frame_data)) 3645 || !TEST_uint64_t_eq(frame_data, path_challenge)) { 3646 ++h->scratch1; 3647 return; 3648 } 3649 3650 ++h->scratch0; 3651 } 3652 3653 static int script_41_setup(struct helper *h, struct helper_local *hl) 3654 { 3655 ossl_quic_tserver_set_msg_callback(ACQUIRE_S(), script_41_trace, h); 3656 return 1; 3657 } 3658 3659 static int script_41_check(struct helper *h, struct helper_local *hl) 3660 { 3661 /* At least one valid challenge/response echo? */ 3662 if (!TEST_uint64_t_gt(h->scratch0, 0)) 3663 return 0; 3664 3665 /* No failed tests? */ 3666 if (!TEST_uint64_t_eq(h->scratch1, 0)) 3667 return 0; 3668 3669 return 1; 3670 } 3671 3672 static const struct script_op script_41[] = { 3673 OP_S_SET_INJECT_PLAIN(script_41_inject_plain) 3674 OP_C_SET_ALPN("ossltest") 3675 OP_C_CONNECT_WAIT() 3676 OP_CHECK(script_41_setup, 0) 3677 3678 OP_C_WRITE(DEFAULT, "apple", 5) 3679 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 3680 OP_S_READ_EXPECT(a, "apple", 5) 3681 3682 OP_SET_INJECT_WORD(1, OSSL_QUIC_FRAME_TYPE_PATH_CHALLENGE) 3683 3684 OP_S_WRITE(a, "orange", 6) 3685 OP_C_READ_EXPECT(DEFAULT, "orange", 6) 3686 3687 OP_C_WRITE(DEFAULT, "strawberry", 10) 3688 OP_S_READ_EXPECT(a, "strawberry", 10) 3689 3690 OP_CHECK(script_41_check, 0) 3691 OP_END 3692 }; 3693 3694 /* 42. Fault injection - CRYPTO frame with illegal offset */ 3695 static int script_42_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr, 3696 unsigned char *buf, size_t len) 3697 { 3698 int ok = 0; 3699 unsigned char frame_buf[64]; 3700 size_t written; 3701 WPACKET wpkt; 3702 3703 if (h->inject_word0 == 0) 3704 return 1; 3705 3706 --h->inject_word0; 3707 3708 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf, 3709 sizeof(frame_buf), 0))) 3710 return 0; 3711 3712 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_FRAME_TYPE_CRYPTO)) 3713 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word1)) 3714 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, 1)) 3715 || !TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x42))) 3716 goto err; 3717 3718 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written))) 3719 goto err; 3720 3721 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written)) 3722 goto err; 3723 3724 ok = 1; 3725 err: 3726 if (ok) 3727 WPACKET_finish(&wpkt); 3728 else 3729 WPACKET_cleanup(&wpkt); 3730 return ok; 3731 } 3732 3733 static const struct script_op script_42[] = { 3734 OP_S_SET_INJECT_PLAIN(script_42_inject_plain) 3735 OP_C_SET_ALPN("ossltest") 3736 OP_C_CONNECT_WAIT() 3737 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 3738 3739 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0)) 3740 OP_C_WRITE(a, "apple", 5) 3741 3742 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 3743 OP_S_READ_EXPECT(a, "apple", 5) 3744 3745 OP_SET_INJECT_WORD(1, (((uint64_t)1) << 62) - 1) 3746 OP_S_WRITE(a, "orange", 6) 3747 3748 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR, 0, 0) 3749 3750 OP_END 3751 }; 3752 3753 /* 43. Fault injection - CRYPTO frame exceeding FC */ 3754 static const struct script_op script_43[] = { 3755 OP_S_SET_INJECT_PLAIN(script_42_inject_plain) 3756 OP_C_SET_ALPN("ossltest") 3757 OP_C_CONNECT_WAIT() 3758 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 3759 3760 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0)) 3761 OP_C_WRITE(a, "apple", 5) 3762 3763 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 3764 OP_S_READ_EXPECT(a, "apple", 5) 3765 3766 OP_SET_INJECT_WORD(1, 0x100000 /* 1 MiB */) 3767 OP_S_WRITE(a, "orange", 6) 3768 3769 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_CRYPTO_BUFFER_EXCEEDED, 0, 0) 3770 3771 OP_END 3772 }; 3773 3774 /* 44. Fault injection - PADDING */ 3775 static int script_44_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr, 3776 unsigned char *buf, size_t len) 3777 { 3778 int ok = 0; 3779 WPACKET wpkt; 3780 unsigned char frame_buf[16]; 3781 size_t written; 3782 3783 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT) 3784 return 1; 3785 3786 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf, 3787 sizeof(frame_buf), 0))) 3788 return 0; 3789 3790 if (!TEST_true(ossl_quic_wire_encode_padding(&wpkt, 1))) 3791 goto err; 3792 3793 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written))) 3794 goto err; 3795 3796 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written)) 3797 goto err; 3798 3799 ok = 1; 3800 err: 3801 if (ok) 3802 WPACKET_finish(&wpkt); 3803 else 3804 WPACKET_cleanup(&wpkt); 3805 return ok; 3806 } 3807 3808 static const struct script_op script_44[] = { 3809 OP_S_SET_INJECT_PLAIN(script_44_inject_plain) 3810 OP_C_SET_ALPN("ossltest") 3811 OP_C_CONNECT_WAIT() 3812 3813 OP_C_WRITE(DEFAULT, "apple", 5) 3814 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 3815 OP_S_READ_EXPECT(a, "apple", 5) 3816 3817 OP_SET_INJECT_WORD(1, 0) 3818 3819 OP_S_WRITE(a, "Strawberry", 10) 3820 OP_C_READ_EXPECT(DEFAULT, "Strawberry", 10) 3821 3822 OP_END 3823 }; 3824 3825 /* 45. PING must generate ACK */ 3826 static int force_ping(struct helper *h, struct helper_local *hl) 3827 { 3828 QUIC_CHANNEL *ch = ossl_quic_tserver_get_channel(ACQUIRE_S()); 3829 3830 h->scratch0 = ossl_quic_channel_get_diag_num_rx_ack(ch); 3831 3832 if (!TEST_true(ossl_quic_tserver_ping(ACQUIRE_S()))) 3833 return 0; 3834 3835 return 1; 3836 } 3837 3838 static int wait_incoming_acks_increased(struct helper *h, struct helper_local *hl) 3839 { 3840 QUIC_CHANNEL *ch = ossl_quic_tserver_get_channel(ACQUIRE_S()); 3841 uint16_t count; 3842 3843 count = ossl_quic_channel_get_diag_num_rx_ack(ch); 3844 3845 if (count == h->scratch0) { 3846 h->check_spin_again = 1; 3847 return 0; 3848 } 3849 3850 return 1; 3851 } 3852 3853 static const struct script_op script_45[] = { 3854 OP_C_SET_ALPN("ossltest") 3855 OP_C_CONNECT_WAIT() 3856 3857 OP_C_WRITE(DEFAULT, "apple", 5) 3858 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 3859 OP_S_READ_EXPECT(a, "apple", 5) 3860 3861 OP_BEGIN_REPEAT(2) 3862 3863 OP_CHECK(force_ping, 0) 3864 OP_CHECK(wait_incoming_acks_increased, 0) 3865 3866 OP_END_REPEAT() 3867 3868 OP_S_WRITE(a, "Strawberry", 10) 3869 OP_C_READ_EXPECT(DEFAULT, "Strawberry", 10) 3870 3871 OP_END 3872 }; 3873 3874 /* 46. Fault injection - ACK - malformed initial range */ 3875 static int script_46_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr, 3876 unsigned char *buf, size_t len) 3877 { 3878 int ok = 0; 3879 WPACKET wpkt; 3880 unsigned char frame_buf[16]; 3881 size_t written; 3882 uint64_t type = 0, largest_acked = 0, first_range = 0, range_count = 0; 3883 uint64_t agap = 0, alen = 0; 3884 uint64_t ect0 = 0, ect1 = 0, ecnce = 0; 3885 3886 if (h->inject_word0 == 0) 3887 return 1; 3888 3889 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf, 3890 sizeof(frame_buf), 0))) 3891 return 0; 3892 3893 type = OSSL_QUIC_FRAME_TYPE_ACK_WITHOUT_ECN; 3894 3895 switch (h->inject_word0) { 3896 case 1: 3897 largest_acked = 100; 3898 first_range = 101; 3899 range_count = 0; 3900 break; 3901 case 2: 3902 largest_acked = 100; 3903 first_range = 80; 3904 /* [20..100]; [0..18] */ 3905 range_count = 1; 3906 agap = 0; 3907 alen = 19; 3908 break; 3909 case 3: 3910 largest_acked = 100; 3911 first_range = 80; 3912 range_count = 1; 3913 agap = 18; 3914 alen = 1; 3915 break; 3916 case 4: 3917 type = OSSL_QUIC_FRAME_TYPE_ACK_WITH_ECN; 3918 largest_acked = 100; 3919 first_range = 1; 3920 range_count = 0; 3921 break; 3922 case 5: 3923 type = OSSL_QUIC_FRAME_TYPE_ACK_WITH_ECN; 3924 largest_acked = 0; 3925 first_range = 0; 3926 range_count = 0; 3927 ect0 = 0; 3928 ect1 = 50; 3929 ecnce = 200; 3930 break; 3931 } 3932 3933 h->inject_word0 = 0; 3934 3935 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, type)) 3936 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, largest_acked)) 3937 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, /*ack_delay=*/0)) 3938 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, /*ack_range_count=*/range_count)) 3939 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, /*first_ack_range=*/first_range))) 3940 goto err; 3941 3942 if (range_count > 0) 3943 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, /*range[0].gap=*/agap)) 3944 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, /*range[0].len=*/alen))) 3945 goto err; 3946 3947 if (type == OSSL_QUIC_FRAME_TYPE_ACK_WITH_ECN) 3948 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, ect0)) 3949 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, ect1)) 3950 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, ecnce))) 3951 goto err; 3952 3953 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written))) 3954 goto err; 3955 3956 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written)) 3957 goto err; 3958 3959 ok = 1; 3960 err: 3961 if (ok) 3962 WPACKET_finish(&wpkt); 3963 else 3964 WPACKET_cleanup(&wpkt); 3965 return ok; 3966 } 3967 3968 static const struct script_op script_46[] = { 3969 OP_S_SET_INJECT_PLAIN(script_46_inject_plain) 3970 OP_C_SET_ALPN("ossltest") 3971 OP_C_CONNECT_WAIT() 3972 3973 OP_C_WRITE(DEFAULT, "apple", 5) 3974 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 3975 OP_S_READ_EXPECT(a, "apple", 5) 3976 3977 OP_SET_INJECT_WORD(1, 0) 3978 3979 OP_S_WRITE(a, "Strawberry", 10) 3980 3981 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR, 0, 0) 3982 3983 OP_END 3984 }; 3985 3986 /* 47. Fault injection - ACK - malformed subsequent range */ 3987 static const struct script_op script_47[] = { 3988 OP_S_SET_INJECT_PLAIN(script_46_inject_plain) 3989 OP_C_SET_ALPN("ossltest") 3990 OP_C_CONNECT_WAIT() 3991 3992 OP_C_WRITE(DEFAULT, "apple", 5) 3993 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 3994 OP_S_READ_EXPECT(a, "apple", 5) 3995 3996 OP_SET_INJECT_WORD(2, 0) 3997 3998 OP_S_WRITE(a, "Strawberry", 10) 3999 4000 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR, 0, 0) 4001 4002 OP_END 4003 }; 4004 4005 /* 48. Fault injection - ACK - malformed subsequent range */ 4006 static const struct script_op script_48[] = { 4007 OP_S_SET_INJECT_PLAIN(script_46_inject_plain) 4008 OP_C_SET_ALPN("ossltest") 4009 OP_C_CONNECT_WAIT() 4010 4011 OP_C_WRITE(DEFAULT, "apple", 5) 4012 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 4013 OP_S_READ_EXPECT(a, "apple", 5) 4014 4015 OP_SET_INJECT_WORD(3, 0) 4016 4017 OP_S_WRITE(a, "Strawberry", 10) 4018 4019 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR, 0, 0) 4020 4021 OP_END 4022 }; 4023 4024 /* 49. Fault injection - ACK - fictional PN */ 4025 static const struct script_op script_49[] = { 4026 OP_S_SET_INJECT_PLAIN(script_46_inject_plain) 4027 OP_C_SET_ALPN("ossltest") 4028 OP_C_CONNECT_WAIT() 4029 4030 OP_C_WRITE(DEFAULT, "apple", 5) 4031 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 4032 OP_S_READ_EXPECT(a, "apple", 5) 4033 4034 OP_SET_INJECT_WORD(4, 0) 4035 4036 OP_S_WRITE(a, "Strawberry", 10) 4037 OP_C_READ_EXPECT(DEFAULT, "Strawberry", 10) 4038 4039 OP_END 4040 }; 4041 4042 /* 50. Fault injection - ACK - duplicate PN */ 4043 static const struct script_op script_50[] = { 4044 OP_S_SET_INJECT_PLAIN(script_46_inject_plain) 4045 OP_C_SET_ALPN("ossltest") 4046 OP_C_CONNECT_WAIT() 4047 4048 OP_C_WRITE(DEFAULT, "apple", 5) 4049 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 4050 OP_S_READ_EXPECT(a, "apple", 5) 4051 4052 OP_BEGIN_REPEAT(2) 4053 4054 OP_SET_INJECT_WORD(5, 0) 4055 4056 OP_S_WRITE(a, "Strawberry", 10) 4057 OP_C_READ_EXPECT(DEFAULT, "Strawberry", 10) 4058 4059 OP_END_REPEAT() 4060 4061 OP_END 4062 }; 4063 4064 /* 51. Fault injection - PATH_RESPONSE is ignored */ 4065 static const struct script_op script_51[] = { 4066 OP_S_SET_INJECT_PLAIN(script_41_inject_plain) 4067 OP_C_SET_ALPN("ossltest") 4068 OP_C_CONNECT_WAIT() 4069 4070 OP_C_WRITE(DEFAULT, "apple", 5) 4071 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 4072 OP_S_READ_EXPECT(a, "apple", 5) 4073 4074 OP_SET_INJECT_WORD(1, OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE) 4075 4076 OP_S_WRITE(a, "orange", 6) 4077 OP_C_READ_EXPECT(DEFAULT, "orange", 6) 4078 4079 OP_C_WRITE(DEFAULT, "Strawberry", 10) 4080 OP_S_READ_EXPECT(a, "Strawberry", 10) 4081 4082 OP_END 4083 }; 4084 4085 /* 52. Fault injection - ignore BLOCKED frames with bogus values */ 4086 static int script_52_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr, 4087 unsigned char *buf, size_t len) 4088 { 4089 int ok = 0; 4090 unsigned char frame_buf[64]; 4091 size_t written; 4092 WPACKET wpkt; 4093 uint64_t type = h->inject_word1; 4094 4095 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT) 4096 return 1; 4097 4098 --h->inject_word0; 4099 4100 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf, 4101 sizeof(frame_buf), 0))) 4102 return 0; 4103 4104 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, type))) 4105 goto err; 4106 4107 if (type == OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED) 4108 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, C_BIDI_ID(0)))) 4109 goto err; 4110 4111 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, 0xFFFFFF))) 4112 goto err; 4113 4114 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written))) 4115 goto err; 4116 4117 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written)) 4118 goto err; 4119 4120 ok = 1; 4121 err: 4122 if (ok) 4123 WPACKET_finish(&wpkt); 4124 else 4125 WPACKET_cleanup(&wpkt); 4126 return ok; 4127 } 4128 4129 static const struct script_op script_52[] = { 4130 OP_S_SET_INJECT_PLAIN(script_52_inject_plain) 4131 OP_C_SET_ALPN("ossltest") 4132 OP_C_CONNECT_WAIT() 4133 4134 OP_C_WRITE(DEFAULT, "apple", 5) 4135 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 4136 OP_S_READ_EXPECT(a, "apple", 5) 4137 4138 OP_SET_INJECT_WORD(1, OSSL_QUIC_FRAME_TYPE_DATA_BLOCKED) 4139 4140 OP_S_WRITE(a, "orange", 6) 4141 OP_C_READ_EXPECT(DEFAULT, "orange", 6) 4142 4143 OP_C_WRITE(DEFAULT, "Strawberry", 10) 4144 OP_S_READ_EXPECT(a, "Strawberry", 10) 4145 4146 OP_SET_INJECT_WORD(1, OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED) 4147 4148 OP_S_WRITE(a, "orange", 6) 4149 OP_C_READ_EXPECT(DEFAULT, "orange", 6) 4150 4151 OP_C_WRITE(DEFAULT, "Strawberry", 10) 4152 OP_S_READ_EXPECT(a, "Strawberry", 10) 4153 4154 OP_SET_INJECT_WORD(1, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_UNI) 4155 4156 OP_S_WRITE(a, "orange", 6) 4157 OP_C_READ_EXPECT(DEFAULT, "orange", 6) 4158 4159 OP_C_WRITE(DEFAULT, "Strawberry", 10) 4160 OP_S_READ_EXPECT(a, "Strawberry", 10) 4161 4162 OP_SET_INJECT_WORD(1, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_BIDI) 4163 4164 OP_S_WRITE(a, "orange", 6) 4165 OP_C_READ_EXPECT(DEFAULT, "orange", 6) 4166 4167 OP_C_WRITE(DEFAULT, "Strawberry", 10) 4168 OP_S_READ_EXPECT(a, "Strawberry", 10) 4169 4170 OP_END 4171 }; 4172 4173 /* 53. Fault injection - excess CRYPTO buffer size */ 4174 static int script_53_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr, 4175 unsigned char *buf, size_t len) 4176 { 4177 int ok = 0; 4178 size_t written; 4179 WPACKET wpkt; 4180 uint64_t offset = 0, data_len = 100; 4181 unsigned char *frame_buf = NULL; 4182 size_t frame_len, i; 4183 4184 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT) 4185 return 1; 4186 4187 h->inject_word0 = 0; 4188 4189 switch (h->inject_word1) { 4190 case 0: 4191 /* 4192 * Far out offset which will not have been reached during handshake. 4193 * This will not be delivered to the QUIC_TLS instance since it will be 4194 * waiting for in-order delivery of previous bytes. This tests our flow 4195 * control on CRYPTO stream buffering. 4196 */ 4197 offset = 100000; 4198 data_len = 1; 4199 break; 4200 } 4201 4202 frame_len = 1 + 8 + 8 + (size_t)data_len; 4203 if (!TEST_ptr(frame_buf = OPENSSL_malloc(frame_len))) 4204 return 0; 4205 4206 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf, frame_len, 0))) 4207 goto err; 4208 4209 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_FRAME_TYPE_CRYPTO)) 4210 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, offset)) 4211 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, data_len))) 4212 goto err; 4213 4214 for (i = 0; i < data_len; ++i) 4215 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x42))) 4216 goto err; 4217 4218 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written))) 4219 goto err; 4220 4221 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written)) 4222 goto err; 4223 4224 ok = 1; 4225 err: 4226 if (ok) 4227 WPACKET_finish(&wpkt); 4228 else 4229 WPACKET_cleanup(&wpkt); 4230 OPENSSL_free(frame_buf); 4231 return ok; 4232 } 4233 4234 static const struct script_op script_53[] = { 4235 OP_S_SET_INJECT_PLAIN(script_53_inject_plain) 4236 OP_C_SET_ALPN("ossltest") 4237 OP_C_CONNECT_WAIT() 4238 4239 OP_C_WRITE(DEFAULT, "apple", 5) 4240 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 4241 OP_S_READ_EXPECT(a, "apple", 5) 4242 4243 OP_SET_INJECT_WORD(1, 0) 4244 OP_S_WRITE(a, "Strawberry", 10) 4245 4246 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_CRYPTO_BUFFER_EXCEEDED, 0, 0) 4247 4248 OP_END 4249 }; 4250 4251 /* 54. Fault injection - corrupted crypto stream data */ 4252 static int script_54_inject_handshake(struct helper *h, 4253 unsigned char *buf, size_t buf_len) 4254 { 4255 size_t i; 4256 4257 for (i = 0; i < buf_len; ++i) 4258 buf[i] ^= 0xff; 4259 4260 return 1; 4261 } 4262 4263 static const struct script_op script_54[] = { 4264 OP_S_SET_INJECT_HANDSHAKE(script_54_inject_handshake) 4265 OP_C_SET_ALPN("ossltest") 4266 OP_C_CONNECT_WAIT_OR_FAIL() 4267 4268 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_CRYPTO_UNEXPECTED_MESSAGE, 0, 0) 4269 4270 OP_END 4271 }; 4272 4273 /* 55. Fault injection - NEW_CONN_ID with >20 byte CID */ 4274 static const struct script_op script_55[] = { 4275 OP_S_SET_INJECT_PLAIN(script_39_inject_plain) 4276 OP_C_SET_ALPN("ossltest") 4277 OP_C_CONNECT_WAIT() 4278 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 4279 4280 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0)) 4281 OP_C_WRITE(a, "apple", 5) 4282 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 4283 OP_S_READ_EXPECT(a, "apple", 5) 4284 4285 OP_SET_INJECT_WORD(0, 2) 4286 OP_S_WRITE(a, "orange", 5) 4287 4288 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR, 0, 0) 4289 4290 OP_END 4291 }; 4292 4293 /* 56. Fault injection - NEW_CONN_ID with seq no < retire prior to */ 4294 static const struct script_op script_56[] = { 4295 OP_S_SET_INJECT_PLAIN(script_39_inject_plain) 4296 OP_C_SET_ALPN("ossltest") 4297 OP_C_CONNECT_WAIT() 4298 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 4299 4300 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0)) 4301 OP_C_WRITE(a, "apple", 5) 4302 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 4303 OP_S_READ_EXPECT(a, "apple", 5) 4304 4305 OP_SET_INJECT_WORD(0, 3) 4306 OP_S_WRITE(a, "orange", 5) 4307 4308 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR, 0, 0) 4309 4310 OP_END 4311 }; 4312 4313 /* 57. Fault injection - NEW_CONN_ID with lower seq so ignored */ 4314 static const struct script_op script_57[] = { 4315 OP_S_SET_INJECT_PLAIN(script_39_inject_plain) 4316 OP_C_SET_ALPN("ossltest") 4317 OP_C_CONNECT_WAIT() 4318 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 4319 4320 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0)) 4321 OP_C_WRITE(a, "apple", 5) 4322 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 4323 OP_S_READ_EXPECT(a, "apple", 5) 4324 4325 OP_SET_INJECT_WORD(0, 4) 4326 OP_S_WRITE(a, "orange", 5) 4327 OP_C_READ_EXPECT(a, "orange", 5) 4328 4329 OP_C_WRITE(a, "Strawberry", 10) 4330 OP_S_READ_EXPECT(a, "Strawberry", 10) 4331 4332 /* 4333 * Now we send a NEW_CONN_ID with a bogus CID. However the sequence number 4334 * is old so it should be ignored and we should still be able to 4335 * communicate. 4336 */ 4337 OP_SET_INJECT_WORD(0, 5) 4338 OP_S_WRITE(a, "raspberry", 9) 4339 OP_C_READ_EXPECT(a, "raspberry", 9) 4340 4341 OP_C_WRITE(a, "peach", 5) 4342 OP_S_READ_EXPECT(a, "peach", 5) 4343 4344 OP_END 4345 }; 4346 4347 /* 58. Fault injection - repeated HANDSHAKE_DONE */ 4348 static int script_58_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr, 4349 unsigned char *buf, size_t len) 4350 { 4351 int ok = 0; 4352 unsigned char frame_buf[64]; 4353 size_t written; 4354 WPACKET wpkt; 4355 4356 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT) 4357 return 1; 4358 4359 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf, 4360 sizeof(frame_buf), 0))) 4361 return 0; 4362 4363 if (h->inject_word0 == 1) { 4364 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_FRAME_TYPE_HANDSHAKE_DONE))) 4365 goto err; 4366 } else { 4367 /* Needless multi-byte encoding */ 4368 if (!TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x40)) 4369 || !TEST_true(WPACKET_put_bytes_u8(&wpkt, 0x1E))) 4370 goto err; 4371 } 4372 4373 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written))) 4374 goto err; 4375 4376 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written)) 4377 goto err; 4378 4379 ok = 1; 4380 err: 4381 if (ok) 4382 WPACKET_finish(&wpkt); 4383 else 4384 WPACKET_cleanup(&wpkt); 4385 return ok; 4386 } 4387 4388 static const struct script_op script_58[] = { 4389 OP_S_SET_INJECT_PLAIN(script_58_inject_plain) 4390 OP_C_SET_ALPN("ossltest") 4391 OP_C_CONNECT_WAIT() 4392 4393 OP_C_WRITE(DEFAULT, "apple", 5) 4394 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 4395 OP_S_READ_EXPECT(a, "apple", 5) 4396 4397 OP_SET_INJECT_WORD(1, 0) 4398 4399 OP_S_WRITE(a, "orange", 6) 4400 OP_C_READ_EXPECT(DEFAULT, "orange", 6) 4401 4402 OP_C_WRITE(DEFAULT, "Strawberry", 10) 4403 OP_S_READ_EXPECT(a, "Strawberry", 10) 4404 4405 OP_END 4406 }; 4407 4408 /* 59. Fault injection - multi-byte frame encoding */ 4409 static const struct script_op script_59[] = { 4410 OP_S_SET_INJECT_PLAIN(script_58_inject_plain) 4411 OP_C_SET_ALPN("ossltest") 4412 OP_C_CONNECT_WAIT() 4413 4414 OP_C_WRITE(DEFAULT, "apple", 5) 4415 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 4416 OP_S_READ_EXPECT(a, "apple", 5) 4417 4418 OP_SET_INJECT_WORD(2, 0) 4419 4420 OP_S_WRITE(a, "orange", 6) 4421 4422 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_PROTOCOL_VIOLATION, 0, 0) 4423 4424 OP_END 4425 }; 4426 4427 /* 60. Connection close reason truncation */ 4428 static char long_reason[2048]; 4429 4430 static int init_reason(struct helper *h, struct helper_local *hl) 4431 { 4432 memset(long_reason, '~', sizeof(long_reason)); 4433 memcpy(long_reason, "This is a long reason string.", 29); 4434 long_reason[OSSL_NELEM(long_reason) - 1] = '\0'; 4435 return 1; 4436 } 4437 4438 static int check_shutdown_reason(struct helper *h, struct helper_local *hl) 4439 { 4440 const QUIC_TERMINATE_CAUSE *tc = ossl_quic_tserver_get_terminate_cause(ACQUIRE_S()); 4441 4442 if (tc == NULL) { 4443 h->check_spin_again = 1; 4444 return 0; 4445 } 4446 4447 if (!TEST_size_t_ge(tc->reason_len, 50) 4448 || !TEST_mem_eq(long_reason, tc->reason_len, 4449 tc->reason, tc->reason_len)) 4450 return 0; 4451 4452 return 1; 4453 } 4454 4455 static const struct script_op script_60[] = { 4456 OP_C_SET_ALPN("ossltest") 4457 OP_C_CONNECT_WAIT() 4458 4459 OP_C_WRITE(DEFAULT, "apple", 5) 4460 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 4461 OP_S_READ_EXPECT(a, "apple", 5) 4462 4463 OP_CHECK(init_reason, 0) 4464 OP_C_SHUTDOWN_WAIT(long_reason, 0) 4465 OP_CHECK(check_shutdown_reason, 0) 4466 4467 OP_END 4468 }; 4469 4470 /* 61. Fault injection - RESET_STREAM exceeding stream count FC */ 4471 static int script_61_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr, 4472 unsigned char *buf, size_t len) 4473 { 4474 int ok = 0; 4475 WPACKET wpkt; 4476 unsigned char frame_buf[32]; 4477 size_t written; 4478 4479 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT) 4480 return 1; 4481 4482 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf, 4483 sizeof(frame_buf), 0))) 4484 return 0; 4485 4486 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word0)) 4487 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, /* stream ID */ 4488 h->inject_word1)) 4489 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, 123)) 4490 || (h->inject_word0 == OSSL_QUIC_FRAME_TYPE_RESET_STREAM 4491 && !TEST_true(WPACKET_quic_write_vlint(&wpkt, 0)))) /* final size */ 4492 goto err; 4493 4494 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written))) 4495 goto err; 4496 4497 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written)) 4498 goto err; 4499 4500 ok = 1; 4501 err: 4502 if (ok) 4503 WPACKET_finish(&wpkt); 4504 else 4505 WPACKET_cleanup(&wpkt); 4506 return ok; 4507 } 4508 4509 static const struct script_op script_61[] = { 4510 OP_S_SET_INJECT_PLAIN(script_61_inject_plain) 4511 OP_C_SET_ALPN("ossltest") 4512 OP_C_CONNECT_WAIT() 4513 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 4514 4515 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0)) 4516 OP_C_WRITE(a, "orange", 6) 4517 4518 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 4519 OP_S_READ_EXPECT(a, "orange", 6) 4520 4521 OP_SET_INJECT_WORD(OSSL_QUIC_FRAME_TYPE_RESET_STREAM, 4522 S_BIDI_ID(OSSL_QUIC_VLINT_MAX / 4)) 4523 OP_S_WRITE(a, "fruit", 5) 4524 4525 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_LIMIT_ERROR, 0, 0) 4526 4527 OP_END 4528 }; 4529 4530 /* 62. Fault injection - STOP_SENDING with high ID */ 4531 static const struct script_op script_62[] = { 4532 OP_S_SET_INJECT_PLAIN(script_61_inject_plain) 4533 OP_C_SET_ALPN("ossltest") 4534 OP_C_CONNECT_WAIT() 4535 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 4536 4537 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0)) 4538 OP_C_WRITE(a, "orange", 6) 4539 4540 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 4541 OP_S_READ_EXPECT(a, "orange", 6) 4542 4543 OP_SET_INJECT_WORD(OSSL_QUIC_FRAME_TYPE_STOP_SENDING, 4544 C_BIDI_ID(OSSL_QUIC_VLINT_MAX / 4)) 4545 OP_S_WRITE(a, "fruit", 5) 4546 4547 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_STATE_ERROR, 0, 0) 4548 4549 OP_END 4550 }; 4551 4552 /* 63. Fault injection - STREAM frame exceeding stream limit */ 4553 static const struct script_op script_63[] = { 4554 OP_S_SET_INJECT_PLAIN(script_32_inject_plain) 4555 OP_C_SET_ALPN("ossltest") 4556 OP_C_CONNECT_WAIT() 4557 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 4558 4559 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0)) 4560 OP_C_WRITE(a, "apple", 5) 4561 4562 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 4563 OP_S_READ_EXPECT(a, "apple", 5) 4564 4565 OP_SET_INJECT_WORD(S_BIDI_ID(5000) + 1, 4) 4566 OP_S_WRITE(a, "orange", 6) 4567 4568 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_STREAM_LIMIT_ERROR, 0, 0) 4569 4570 OP_END 4571 }; 4572 4573 /* 64. Fault injection - STREAM - zero-length no-FIN is accepted */ 4574 static const struct script_op script_64[] = { 4575 OP_S_SET_INJECT_PLAIN(script_32_inject_plain) 4576 OP_C_SET_ALPN("ossltest") 4577 OP_C_CONNECT_WAIT() 4578 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 4579 4580 OP_S_NEW_STREAM_UNI(a, S_UNI_ID(0)) 4581 OP_S_WRITE(a, "apple", 5) 4582 4583 OP_C_ACCEPT_STREAM_WAIT(a) 4584 OP_C_READ_EXPECT(a, "apple", 5) 4585 4586 OP_SET_INJECT_WORD(S_BIDI_ID(20) + 1, 1) 4587 OP_S_WRITE(a, "orange", 6) 4588 OP_C_READ_EXPECT(a, "orange", 6) 4589 4590 OP_END 4591 }; 4592 4593 /* 65. Fault injection - CRYPTO - zero-length is accepted */ 4594 static int script_65_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr, 4595 unsigned char *buf, size_t len) 4596 { 4597 int ok = 0; 4598 unsigned char frame_buf[64]; 4599 size_t written; 4600 WPACKET wpkt; 4601 4602 if (h->inject_word0 == 0) 4603 return 1; 4604 4605 --h->inject_word0; 4606 4607 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf, 4608 sizeof(frame_buf), 0))) 4609 return 0; 4610 4611 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_FRAME_TYPE_CRYPTO)) 4612 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, 0)) 4613 || !TEST_true(WPACKET_quic_write_vlint(&wpkt, 0))) 4614 goto err; 4615 4616 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written))) 4617 goto err; 4618 4619 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written)) 4620 goto err; 4621 4622 ok = 1; 4623 err: 4624 if (ok) 4625 WPACKET_finish(&wpkt); 4626 else 4627 WPACKET_cleanup(&wpkt); 4628 return ok; 4629 } 4630 4631 static const struct script_op script_65[] = { 4632 OP_S_SET_INJECT_PLAIN(script_65_inject_plain) 4633 OP_C_SET_ALPN("ossltest") 4634 OP_C_CONNECT_WAIT() 4635 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 4636 4637 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0)) 4638 OP_C_WRITE(a, "apple", 5) 4639 4640 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 4641 OP_S_READ_EXPECT(a, "apple", 5) 4642 4643 OP_SET_INJECT_WORD(1, 0) 4644 OP_S_WRITE(a, "orange", 6) 4645 OP_C_READ_EXPECT(a, "orange", 6) 4646 4647 OP_END 4648 }; 4649 4650 /* 66. Fault injection - large MAX_STREAM_DATA */ 4651 static int script_66_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr, 4652 unsigned char *buf, size_t len) 4653 { 4654 int ok = 0; 4655 WPACKET wpkt; 4656 unsigned char frame_buf[64]; 4657 size_t written; 4658 4659 if (h->inject_word0 == 0 || hdr->type != QUIC_PKT_TYPE_1RTT) 4660 return 1; 4661 4662 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf, 4663 sizeof(frame_buf), 0))) 4664 return 0; 4665 4666 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word1))) 4667 goto err; 4668 4669 if (h->inject_word1 == OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA) 4670 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, /* stream ID */ 4671 h->inject_word0 - 1))) 4672 goto err; 4673 4674 if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_VLINT_MAX))) 4675 goto err; 4676 4677 if (!TEST_true(WPACKET_get_total_written(&wpkt, &written))) 4678 goto err; 4679 4680 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written)) 4681 goto err; 4682 4683 ok = 1; 4684 err: 4685 if (ok) 4686 WPACKET_finish(&wpkt); 4687 else 4688 WPACKET_cleanup(&wpkt); 4689 return ok; 4690 } 4691 4692 static const struct script_op script_66[] = { 4693 OP_S_SET_INJECT_PLAIN(script_66_inject_plain) 4694 OP_C_SET_ALPN("ossltest") 4695 OP_C_CONNECT_WAIT() 4696 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 4697 4698 OP_S_NEW_STREAM_BIDI(a, S_BIDI_ID(0)) 4699 OP_S_WRITE(a, "apple", 5) 4700 4701 OP_C_ACCEPT_STREAM_WAIT(a) 4702 OP_C_READ_EXPECT(a, "apple", 5) 4703 4704 OP_SET_INJECT_WORD(S_BIDI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA) 4705 OP_S_WRITE(a, "orange", 6) 4706 OP_C_READ_EXPECT(a, "orange", 6) 4707 OP_C_WRITE(a, "Strawberry", 10) 4708 OP_S_READ_EXPECT(a, "Strawberry", 10) 4709 4710 OP_END 4711 }; 4712 4713 /* 67. Fault injection - large MAX_DATA */ 4714 static const struct script_op script_67[] = { 4715 OP_S_SET_INJECT_PLAIN(script_66_inject_plain) 4716 OP_C_SET_ALPN("ossltest") 4717 OP_C_CONNECT_WAIT() 4718 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 4719 4720 OP_S_NEW_STREAM_BIDI(a, S_BIDI_ID(0)) 4721 OP_S_WRITE(a, "apple", 5) 4722 4723 OP_C_ACCEPT_STREAM_WAIT(a) 4724 OP_C_READ_EXPECT(a, "apple", 5) 4725 4726 OP_SET_INJECT_WORD(1, OSSL_QUIC_FRAME_TYPE_MAX_DATA) 4727 OP_S_WRITE(a, "orange", 6) 4728 OP_C_READ_EXPECT(a, "orange", 6) 4729 OP_C_WRITE(a, "Strawberry", 10) 4730 OP_S_READ_EXPECT(a, "Strawberry", 10) 4731 4732 OP_END 4733 }; 4734 4735 /* 68. Fault injection - Unexpected TLS messages */ 4736 static int script_68_inject_handshake(struct helper *h, unsigned char *msg, 4737 size_t msglen) 4738 { 4739 const unsigned char *data; 4740 size_t datalen; 4741 const unsigned char certreq[] = { 4742 SSL3_MT_CERTIFICATE_REQUEST, /* CertificateRequest message */ 4743 0, 0, 12, /* Length of message */ 4744 1, 1, /* certificate_request_context */ 4745 0, 8, /* Extensions block length */ 4746 0, TLSEXT_TYPE_signature_algorithms, /* sig_algs extension*/ 4747 0, 4, /* 4 bytes of sig algs extension*/ 4748 0, 2, /* sigalgs list is 2 bytes long */ 4749 8, 4 /* rsa_pss_rsae_sha256 */ 4750 }; 4751 const unsigned char keyupdate[] = { 4752 SSL3_MT_KEY_UPDATE, /* KeyUpdate message */ 4753 0, 0, 1, /* Length of message */ 4754 SSL_KEY_UPDATE_NOT_REQUESTED /* update_not_requested */ 4755 }; 4756 4757 /* We transform the NewSessionTicket message into something else */ 4758 switch (h->inject_word0) { 4759 case 0: 4760 return 1; 4761 4762 case 1: 4763 /* CertificateRequest message */ 4764 data = certreq; 4765 datalen = sizeof(certreq); 4766 break; 4767 4768 case 2: 4769 /* KeyUpdate message */ 4770 data = keyupdate; 4771 datalen = sizeof(keyupdate); 4772 break; 4773 4774 default: 4775 return 0; 4776 } 4777 4778 if (!TEST_true(qtest_fault_resize_message(h->qtf, 4779 datalen - SSL3_HM_HEADER_LENGTH))) 4780 return 0; 4781 4782 memcpy(msg, data, datalen); 4783 4784 return 1; 4785 } 4786 4787 /* Send a CerticateRequest message post-handshake */ 4788 static const struct script_op script_68[] = { 4789 OP_S_SET_INJECT_HANDSHAKE(script_68_inject_handshake) 4790 OP_C_SET_ALPN("ossltest") 4791 OP_C_CONNECT_WAIT() 4792 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 4793 4794 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0)) 4795 OP_C_WRITE(a, "apple", 5) 4796 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 4797 OP_S_READ_EXPECT(a, "apple", 5) 4798 4799 OP_SET_INJECT_WORD(1, 0) 4800 OP_S_NEW_TICKET() 4801 OP_S_WRITE(a, "orange", 6) 4802 4803 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_PROTOCOL_VIOLATION, 0, 0) 4804 4805 OP_END 4806 }; 4807 4808 /* 69. Send a TLS KeyUpdate message post-handshake */ 4809 static const struct script_op script_69[] = { 4810 OP_S_SET_INJECT_HANDSHAKE(script_68_inject_handshake) 4811 OP_C_SET_ALPN("ossltest") 4812 OP_C_CONNECT_WAIT() 4813 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 4814 4815 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0)) 4816 OP_C_WRITE(a, "apple", 5) 4817 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 4818 OP_S_READ_EXPECT(a, "apple", 5) 4819 4820 OP_SET_INJECT_WORD(2, 0) 4821 OP_S_NEW_TICKET() 4822 OP_S_WRITE(a, "orange", 6) 4823 4824 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_CRYPTO_ERR_BEGIN 4825 + SSL_AD_UNEXPECTED_MESSAGE, 4826 0, 0) 4827 4828 OP_END 4829 }; 4830 4831 static int set_max_early_data(struct helper *h, struct helper_local *hl) 4832 { 4833 4834 if (!TEST_true(ossl_quic_tserver_set_max_early_data(ACQUIRE_S(), 4835 (uint32_t)hl->check_op->arg2))) 4836 return 0; 4837 4838 return 1; 4839 } 4840 4841 /* 70. Send a TLS NewSessionTicket message with invalid max_early_data */ 4842 static const struct script_op script_70[] = { 4843 OP_C_SET_ALPN("ossltest") 4844 OP_C_CONNECT_WAIT() 4845 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 4846 4847 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0)) 4848 OP_C_WRITE(a, "apple", 5) 4849 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 4850 OP_S_READ_EXPECT(a, "apple", 5) 4851 4852 OP_CHECK(set_max_early_data, 0xfffffffe) 4853 OP_S_NEW_TICKET() 4854 OP_S_WRITE(a, "orange", 6) 4855 4856 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_PROTOCOL_VIOLATION, 0, 0) 4857 4858 OP_END 4859 }; 4860 4861 /* 71. Send a TLS NewSessionTicket message with valid max_early_data */ 4862 static const struct script_op script_71[] = { 4863 OP_C_SET_ALPN("ossltest") 4864 OP_C_CONNECT_WAIT() 4865 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 4866 4867 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0)) 4868 OP_C_WRITE(a, "apple", 5) 4869 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 4870 OP_S_READ_EXPECT(a, "apple", 5) 4871 4872 OP_CHECK(set_max_early_data, 0xffffffff) 4873 OP_S_NEW_TICKET() 4874 OP_S_WRITE(a, "orange", 6) 4875 OP_C_READ_EXPECT(a, "orange", 6) 4876 4877 OP_END 4878 }; 4879 4880 /* 72. Test that APL stops handing out streams after limit reached (bidi) */ 4881 static int script_72_check(struct helper *h, struct helper_local *hl) 4882 { 4883 if (!TEST_uint64_t_ge(h->fail_count, 50)) 4884 return 0; 4885 4886 return 1; 4887 } 4888 4889 static const struct script_op script_72[] = { 4890 OP_C_SET_ALPN("ossltest") 4891 OP_C_CONNECT_WAIT() 4892 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 4893 4894 /* 4895 * Request more streams than a server will initially hand out and test that 4896 * they fail properly. 4897 */ 4898 OP_BEGIN_REPEAT(200) 4899 4900 OP_C_NEW_STREAM_BIDI_EX(a, ANY_ID, ALLOW_FAIL | SSL_STREAM_FLAG_NO_BLOCK) 4901 OP_C_SKIP_IF_UNBOUND(a, 2) 4902 OP_C_WRITE(a, "apple", 5) 4903 OP_C_FREE_STREAM(a) 4904 4905 OP_END_REPEAT() 4906 4907 OP_CHECK(script_72_check, 0) 4908 4909 OP_END 4910 }; 4911 4912 /* 73. Test that APL stops handing out streams after limit reached (uni) */ 4913 static const struct script_op script_73[] = { 4914 OP_C_SET_ALPN("ossltest") 4915 OP_C_CONNECT_WAIT() 4916 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 4917 4918 /* 4919 * Request more streams than a server will initially hand out and test that 4920 * they fail properly. 4921 */ 4922 OP_BEGIN_REPEAT(200) 4923 4924 OP_C_NEW_STREAM_UNI_EX(a, ANY_ID, ALLOW_FAIL | SSL_STREAM_FLAG_NO_BLOCK) 4925 OP_C_SKIP_IF_UNBOUND(a, 2) 4926 OP_C_WRITE(a, "apple", 5) 4927 OP_C_FREE_STREAM(a) 4928 4929 OP_END_REPEAT() 4930 4931 OP_CHECK(script_72_check, 0) 4932 4933 OP_END 4934 }; 4935 4936 /* 74. Version negotiation: QUIC_VERSION_1 ignored */ 4937 static int generate_version_neg(WPACKET *wpkt, uint32_t version) 4938 { 4939 QUIC_PKT_HDR hdr = { 0 }; 4940 4941 hdr.type = QUIC_PKT_TYPE_VERSION_NEG; 4942 hdr.version = 0; 4943 hdr.fixed = 1; 4944 hdr.dst_conn_id.id_len = 0; 4945 hdr.src_conn_id.id_len = 8; 4946 memset(hdr.src_conn_id.id, 0x55, 8); 4947 4948 if (!TEST_true(ossl_quic_wire_encode_pkt_hdr(wpkt, 0, &hdr, NULL))) 4949 return 0; 4950 4951 if (!TEST_true(WPACKET_put_bytes_u32(wpkt, version))) 4952 return 0; 4953 4954 return 1; 4955 } 4956 4957 static int server_gen_version_neg(struct helper *h, BIO_MSG *msg, size_t stride) 4958 { 4959 int rc = 0, have_wpkt = 0; 4960 size_t l; 4961 WPACKET wpkt; 4962 BUF_MEM *buf = NULL; 4963 uint32_t version; 4964 4965 switch (h->inject_word0) { 4966 case 0: 4967 return 1; 4968 case 1: 4969 version = QUIC_VERSION_1; 4970 break; 4971 default: 4972 version = 0x5432abcd; 4973 break; 4974 } 4975 4976 if (!TEST_ptr(buf = BUF_MEM_new())) 4977 goto err; 4978 4979 if (!TEST_true(WPACKET_init(&wpkt, buf))) 4980 goto err; 4981 4982 have_wpkt = 1; 4983 4984 generate_version_neg(&wpkt, version); 4985 4986 if (!TEST_true(WPACKET_get_total_written(&wpkt, &l))) 4987 goto err; 4988 4989 if (!TEST_true(qtest_fault_resize_datagram(h->qtf, l))) 4990 return 0; 4991 4992 memcpy(msg->data, buf->data, l); 4993 h->inject_word0 = 0; 4994 4995 rc = 1; 4996 err: 4997 if (have_wpkt) 4998 WPACKET_finish(&wpkt); 4999 5000 BUF_MEM_free(buf); 5001 return rc; 5002 } 5003 5004 static int do_mutation = 0; 5005 static QUIC_PKT_HDR *hdr_to_free = NULL; 5006 5007 /* 5008 * Check packets to transmit, if we have an initial packet 5009 * Modify the version number to something incorrect 5010 * so that we trigger a version negotiation 5011 * Note, this is a use once function, it will only modify the 5012 * first INITIAL packet it sees, after which it needs to be 5013 * armed again 5014 */ 5015 static int script_74_alter_version(const QUIC_PKT_HDR *hdrin, 5016 const OSSL_QTX_IOVEC *iovecin, size_t numin, 5017 QUIC_PKT_HDR **hdrout, 5018 const OSSL_QTX_IOVEC **iovecout, 5019 size_t *numout, 5020 void *arg) 5021 { 5022 *hdrout = OPENSSL_memdup(hdrin, sizeof(QUIC_PKT_HDR)); 5023 *iovecout = iovecin; 5024 *numout = numin; 5025 hdr_to_free = *hdrout; 5026 5027 if (do_mutation == 0) 5028 return 1; 5029 do_mutation = 0; 5030 5031 if (hdrin->type == QUIC_PKT_TYPE_INITIAL) 5032 (*hdrout)->version = 0xdeadbeef; 5033 return 1; 5034 } 5035 5036 static void script_74_finish_mutation(void *arg) 5037 { 5038 OPENSSL_free(hdr_to_free); 5039 } 5040 5041 /* 5042 * Enable the packet mutator for the client channel 5043 * So that when we send a Initial packet 5044 * We modify the version to be something invalid 5045 * to force a version negotiation 5046 */ 5047 static int script_74_arm_packet_mutator(struct helper *h, 5048 struct helper_local *hl) 5049 { 5050 QUIC_CHANNEL *ch = ossl_quic_conn_get_channel(h->c_conn); 5051 5052 do_mutation = 1; 5053 if (!ossl_quic_channel_set_mutator(ch, script_74_alter_version, 5054 script_74_finish_mutation, 5055 NULL)) 5056 return 0; 5057 return 1; 5058 } 5059 5060 static const struct script_op script_74[] = { 5061 OP_CHECK(script_74_arm_packet_mutator, 0) 5062 OP_C_SET_ALPN("ossltest") 5063 OP_C_CONNECT_WAIT() 5064 5065 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 5066 5067 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0)) 5068 OP_C_WRITE(a, "apple", 5) 5069 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 5070 OP_S_READ_EXPECT(a, "apple", 5) 5071 5072 OP_END 5073 }; 5074 5075 /* 75. Version negotiation: Unknown version causes connection abort */ 5076 static const struct script_op script_75[] = { 5077 OP_S_SET_INJECT_DATAGRAM(server_gen_version_neg) 5078 OP_SET_INJECT_WORD(2, 0) 5079 5080 OP_C_SET_ALPN("ossltest") 5081 OP_C_CONNECT_WAIT_OR_FAIL() 5082 5083 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_CONNECTION_REFUSED, 0, 0) 5084 5085 OP_END 5086 }; 5087 5088 /* 76. Test peer-initiated shutdown wait */ 5089 static int script_76_check(struct helper *h, struct helper_local *hl) 5090 { 5091 if (!TEST_false(SSL_shutdown_ex(h->c_conn, 5092 SSL_SHUTDOWN_FLAG_WAIT_PEER 5093 | SSL_SHUTDOWN_FLAG_NO_BLOCK, 5094 NULL, 0))) 5095 return 0; 5096 5097 return 1; 5098 } 5099 5100 static const struct script_op script_76[] = { 5101 OP_C_SET_ALPN("ossltest") 5102 OP_C_CONNECT_WAIT() 5103 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 5104 5105 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0)) 5106 OP_C_WRITE(a, "apple", 5) 5107 5108 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 5109 OP_S_READ_EXPECT(a, "apple", 5) 5110 5111 /* Check a WAIT_PEER call doesn't succeed yet. */ 5112 OP_CHECK(script_76_check, 0) 5113 OP_S_SHUTDOWN(42) 5114 5115 OP_C_SHUTDOWN_WAIT(NULL, SSL_SHUTDOWN_FLAG_WAIT_PEER) 5116 OP_C_EXPECT_CONN_CLOSE_INFO(42, 1, 1) 5117 5118 OP_END 5119 }; 5120 5121 /* 77. Ensure default stream popping operates correctly */ 5122 static const struct script_op script_77[] = { 5123 OP_C_SET_ALPN("ossltest") 5124 OP_C_CONNECT_WAIT() 5125 5126 OP_C_SET_INCOMING_STREAM_POLICY(SSL_INCOMING_STREAM_POLICY_ACCEPT) 5127 5128 OP_S_NEW_STREAM_BIDI(a, S_BIDI_ID(0)) 5129 OP_S_WRITE(a, "Strawberry", 10) 5130 5131 OP_C_READ_EXPECT(DEFAULT, "Strawberry", 10) 5132 5133 OP_S_NEW_STREAM_BIDI(b, S_BIDI_ID(1)) 5134 OP_S_WRITE(b, "xyz", 3) 5135 5136 OP_C_ACCEPT_STREAM_WAIT(b) 5137 OP_C_READ_EXPECT(b, "xyz", 3) 5138 5139 OP_END 5140 }; 5141 5142 /* 78. Post-connection session ticket handling */ 5143 static size_t new_session_count; 5144 5145 static int on_new_session(SSL *s, SSL_SESSION *sess) 5146 { 5147 ++new_session_count; 5148 return 0; /* do not ref session, we aren't keeping it */ 5149 } 5150 5151 static int setup_session(struct helper *h, struct helper_local *hl) 5152 { 5153 SSL_CTX_set_session_cache_mode(h->c_ctx, SSL_SESS_CACHE_BOTH); 5154 SSL_CTX_sess_set_new_cb(h->c_ctx, on_new_session); 5155 return 1; 5156 } 5157 5158 static int trigger_late_session_ticket(struct helper *h, struct helper_local *hl) 5159 { 5160 new_session_count = 0; 5161 5162 if (!TEST_true(ossl_quic_tserver_new_ticket(ACQUIRE_S()))) 5163 return 0; 5164 5165 return 1; 5166 } 5167 5168 static int check_got_session_ticket(struct helper *h, struct helper_local *hl) 5169 { 5170 if (!TEST_size_t_gt(new_session_count, 0)) 5171 return 0; 5172 5173 return 1; 5174 } 5175 5176 static int check_idle_timeout(struct helper *h, struct helper_local *hl); 5177 5178 static const struct script_op script_78[] = { 5179 OP_C_SET_ALPN("ossltest") 5180 OP_CHECK(setup_session, 0) 5181 OP_C_CONNECT_WAIT() 5182 5183 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 5184 5185 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0)) 5186 OP_C_WRITE(a, "apple", 5) 5187 5188 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 5189 OP_S_READ_EXPECT(a, "apple", 5) 5190 5191 OP_S_WRITE(a, "orange", 6) 5192 OP_C_READ_EXPECT(a, "orange", 6) 5193 5194 OP_CHECK(trigger_late_session_ticket, 0) 5195 5196 OP_S_WRITE(a, "Strawberry", 10) 5197 OP_C_READ_EXPECT(a, "Strawberry", 10) 5198 5199 OP_CHECK(check_got_session_ticket, 0) 5200 OP_CHECK2(check_idle_timeout, 5201 SSL_VALUE_CLASS_FEATURE_NEGOTIATED, 30000) 5202 5203 OP_END 5204 }; 5205 5206 /* 79. Optimised FIN test */ 5207 static const struct script_op script_79[] = { 5208 OP_C_SET_ALPN("ossltest") 5209 OP_C_CONNECT_WAIT() 5210 OP_C_WRITE_EX2(DEFAULT, "apple", 5, SSL_WRITE_FLAG_CONCLUDE) 5211 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 5212 OP_S_READ_EXPECT(a, "apple", 5) 5213 OP_S_EXPECT_FIN(a) 5214 OP_S_WRITE(a, "orange", 6) 5215 OP_S_CONCLUDE(a) 5216 OP_C_READ_EXPECT(DEFAULT, "orange", 6) 5217 OP_C_EXPECT_FIN(DEFAULT) 5218 OP_END 5219 }; 5220 5221 /* 80. Stateless reset detection test */ 5222 static QUIC_STATELESS_RESET_TOKEN test_reset_token = { 5223 { 0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef, 0xde, 0xad, 0xbe, 0xef, 5224 0xde, 0xad, 0xbe, 0xef } 5225 }; 5226 5227 /* 5228 * Generate a packet in the following format: 5229 * https://www.rfc-editor.org/rfc/rfc9000.html#name-stateless-reset 5230 * Stateless Reset { 5231 * Fixed Bits (2): 1 5232 * Unpredictable bits (38..) 5233 * Stateless reset token (128) 5234 * } 5235 */ 5236 static int script_80_send_stateless_reset(struct helper *h, QUIC_PKT_HDR *hdr, 5237 unsigned char *buf, size_t len) 5238 { 5239 unsigned char databuf[64]; 5240 5241 if (h->inject_word1 == 0) 5242 return 1; 5243 5244 h->inject_word1 = 0; 5245 5246 fprintf(stderr, "Sending stateless reset\n"); 5247 5248 RAND_bytes(databuf, 64); 5249 databuf[0] = 0x40; 5250 memcpy(&databuf[48], test_reset_token.token, 5251 sizeof(test_reset_token.token)); 5252 5253 if (!TEST_int_eq(SSL_inject_net_dgram(h->c_conn, databuf, sizeof(databuf), 5254 NULL, h->s_net_bio_addr), 5255 1)) 5256 return 0; 5257 5258 return 1; 5259 } 5260 5261 static int script_80_gen_new_conn_id(struct helper *h, QUIC_PKT_HDR *hdr, 5262 unsigned char *buf, size_t len) 5263 { 5264 int rc = 0; 5265 size_t l; 5266 unsigned char frame_buf[64]; 5267 WPACKET wpkt; 5268 QUIC_CONN_ID new_cid = { 0 }; 5269 OSSL_QUIC_FRAME_NEW_CONN_ID ncid = { 0 }; 5270 QUIC_CHANNEL *ch = ossl_quic_tserver_get_channel(ACQUIRE_S_NOHL()); 5271 5272 if (h->inject_word0 == 0) 5273 return 1; 5274 5275 h->inject_word0 = 0; 5276 5277 fprintf(stderr, "sending new conn id\n"); 5278 if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf, 5279 sizeof(frame_buf), 0))) 5280 return 0; 5281 5282 ossl_quic_channel_get_diag_local_cid(ch, &new_cid); 5283 5284 ncid.seq_num = 2; 5285 ncid.retire_prior_to = 2; 5286 ncid.conn_id = new_cid; 5287 memcpy(ncid.stateless_reset.token, test_reset_token.token, 5288 sizeof(test_reset_token.token)); 5289 5290 if (!TEST_true(ossl_quic_wire_encode_frame_new_conn_id(&wpkt, &ncid))) 5291 goto err; 5292 5293 if (!TEST_true(WPACKET_get_total_written(&wpkt, &l))) 5294 goto err; 5295 5296 if (!qtest_fault_prepend_frame(h->qtf, frame_buf, l)) 5297 goto err; 5298 5299 rc = 1; 5300 err: 5301 if (rc) 5302 WPACKET_finish(&wpkt); 5303 else 5304 WPACKET_cleanup(&wpkt); 5305 5306 return rc; 5307 } 5308 5309 static int script_80_inject_pkt(struct helper *h, QUIC_PKT_HDR *hdr, 5310 unsigned char *buf, size_t len) 5311 { 5312 if (h->inject_word1 == 1) 5313 return script_80_send_stateless_reset(h, hdr, buf, len); 5314 else if (h->inject_word0 == 1) 5315 return script_80_gen_new_conn_id(h, hdr, buf, len); 5316 5317 return 1; 5318 } 5319 5320 static const struct script_op script_80[] = { 5321 OP_S_SET_INJECT_PLAIN(script_80_inject_pkt) 5322 OP_C_SET_ALPN("ossltest") 5323 OP_C_CONNECT_WAIT() 5324 OP_C_WRITE(DEFAULT, "apple", 5) 5325 OP_C_CONCLUDE(DEFAULT) 5326 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 5327 OP_S_READ_EXPECT(a, "apple", 5) 5328 OP_SET_INJECT_WORD(1, 0) 5329 OP_S_WRITE(a, "apple", 5) 5330 OP_C_READ_EXPECT(DEFAULT, "apple", 5) 5331 OP_SET_INJECT_WORD(0, 1) 5332 OP_S_WRITE(a, "apple", 5) 5333 OP_C_EXPECT_CONN_CLOSE_INFO(0, 0, 1) 5334 OP_END 5335 }; 5336 5337 /* 81. Idle timeout configuration */ 5338 static int modify_idle_timeout(struct helper *h, struct helper_local *hl) 5339 { 5340 uint64_t v = 0; 5341 5342 /* Test bad value is rejected. */ 5343 if (!TEST_false(SSL_set_feature_request_uint(h->c_conn, 5344 SSL_VALUE_QUIC_IDLE_TIMEOUT, 5345 (1ULL << 62)))) 5346 return 0; 5347 5348 /* Set value. */ 5349 if (!TEST_true(SSL_set_feature_request_uint(h->c_conn, 5350 SSL_VALUE_QUIC_IDLE_TIMEOUT, 5351 hl->check_op->arg2))) 5352 return 0; 5353 5354 if (!TEST_true(SSL_get_feature_request_uint(h->c_conn, 5355 SSL_VALUE_QUIC_IDLE_TIMEOUT, 5356 &v))) 5357 return 0; 5358 5359 if (!TEST_uint64_t_eq(v, hl->check_op->arg2)) 5360 return 0; 5361 5362 return 1; 5363 } 5364 5365 static int check_idle_timeout(struct helper *h, struct helper_local *hl) 5366 { 5367 uint64_t v = 0; 5368 5369 if (!TEST_true(SSL_get_value_uint(h->c_conn, hl->check_op->arg1, 5370 SSL_VALUE_QUIC_IDLE_TIMEOUT, 5371 &v))) 5372 return 0; 5373 5374 if (!TEST_uint64_t_eq(v, hl->check_op->arg2)) 5375 return 0; 5376 5377 return 1; 5378 } 5379 5380 static const struct script_op script_81[] = { 5381 OP_C_SET_ALPN("ossltest") 5382 OP_CHECK(modify_idle_timeout, 25000) 5383 OP_C_CONNECT_WAIT() 5384 5385 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 5386 5387 OP_CHECK2(check_idle_timeout, 5388 SSL_VALUE_CLASS_FEATURE_PEER_REQUEST, 30000) 5389 OP_CHECK2(check_idle_timeout, 5390 SSL_VALUE_CLASS_FEATURE_NEGOTIATED, 25000) 5391 5392 OP_END 5393 }; 5394 5395 /* 82. Negotiated default idle timeout if not configured */ 5396 static const struct script_op script_82[] = { 5397 OP_C_SET_ALPN("ossltest") 5398 OP_C_CONNECT_WAIT() 5399 5400 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 5401 5402 OP_CHECK2(check_idle_timeout, 5403 SSL_VALUE_CLASS_FEATURE_PEER_REQUEST, 30000) 5404 OP_CHECK2(check_idle_timeout, 5405 SSL_VALUE_CLASS_FEATURE_NEGOTIATED, 30000) 5406 5407 OP_END 5408 }; 5409 5410 /* 83. No late changes to idle timeout */ 5411 static int cannot_change_idle_timeout(struct helper *h, struct helper_local *hl) 5412 { 5413 uint64_t v = 0; 5414 5415 if (!TEST_true(SSL_get_feature_request_uint(h->c_conn, 5416 SSL_VALUE_QUIC_IDLE_TIMEOUT, 5417 &v))) 5418 return 0; 5419 5420 if (!TEST_uint64_t_eq(v, 30000)) 5421 return 0; 5422 5423 if (!TEST_false(SSL_set_feature_request_uint(h->c_conn, 5424 SSL_VALUE_QUIC_IDLE_TIMEOUT, 5425 5000))) 5426 return 0; 5427 5428 return 1; 5429 } 5430 5431 static const struct script_op script_83[] = { 5432 OP_C_SET_ALPN("ossltest") 5433 OP_C_CONNECT_WAIT() 5434 5435 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 5436 5437 OP_CHECK(cannot_change_idle_timeout, 0) 5438 OP_CHECK2(check_idle_timeout, 5439 SSL_VALUE_CLASS_FEATURE_PEER_REQUEST, 30000) 5440 OP_CHECK2(check_idle_timeout, 5441 SSL_VALUE_CLASS_FEATURE_NEGOTIATED, 30000) 5442 5443 OP_END 5444 }; 5445 5446 /* 84. Test query of available streams */ 5447 static int check_avail_streams(struct helper *h, struct helper_local *hl) 5448 { 5449 uint64_t v = 0; 5450 5451 switch (hl->check_op->arg1) { 5452 case 0: 5453 if (!TEST_true(SSL_get_quic_stream_bidi_local_avail(h->c_conn, &v))) 5454 return 0; 5455 break; 5456 case 1: 5457 if (!TEST_true(SSL_get_quic_stream_bidi_remote_avail(h->c_conn, &v))) 5458 return 0; 5459 break; 5460 case 2: 5461 if (!TEST_true(SSL_get_quic_stream_uni_local_avail(h->c_conn, &v))) 5462 return 0; 5463 break; 5464 case 3: 5465 if (!TEST_true(SSL_get_quic_stream_uni_remote_avail(h->c_conn, &v))) 5466 return 0; 5467 break; 5468 default: 5469 return 0; 5470 } 5471 5472 if (!TEST_uint64_t_eq(v, hl->check_op->arg2)) 5473 return 0; 5474 5475 return 1; 5476 } 5477 5478 static int set_event_handling_mode_conn(struct helper *h, struct helper_local *hl); 5479 static int reenable_test_event_handling(struct helper *h, struct helper_local *hl); 5480 5481 static int check_write_buf_stat(struct helper *h, struct helper_local *hl) 5482 { 5483 SSL *c_a; 5484 uint64_t size, used, avail; 5485 5486 if (!TEST_ptr(c_a = helper_local_get_c_stream(hl, "a"))) 5487 return 0; 5488 5489 if (!TEST_true(SSL_get_stream_write_buf_size(c_a, &size)) 5490 || !TEST_true(SSL_get_stream_write_buf_used(c_a, &used)) 5491 || !TEST_true(SSL_get_stream_write_buf_avail(c_a, &avail)) 5492 || !TEST_uint64_t_ge(size, avail) 5493 || !TEST_uint64_t_ge(size, used) 5494 || !TEST_uint64_t_eq(avail + used, size)) 5495 return 0; 5496 5497 if (!TEST_uint64_t_eq(used, hl->check_op->arg1)) 5498 return 0; 5499 5500 return 1; 5501 } 5502 5503 static const struct script_op script_84[] = { 5504 OP_C_SET_ALPN("ossltest") 5505 OP_C_CONNECT_WAIT() 5506 5507 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 5508 5509 OP_CHECK2(check_avail_streams, 0, 100) 5510 OP_CHECK2(check_avail_streams, 1, 100) 5511 OP_CHECK2(check_avail_streams, 2, 100) 5512 OP_CHECK2(check_avail_streams, 3, 100) 5513 5514 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0)) 5515 5516 OP_CHECK2(check_avail_streams, 0, 99) 5517 OP_CHECK2(check_avail_streams, 1, 100) 5518 OP_CHECK2(check_avail_streams, 2, 100) 5519 OP_CHECK2(check_avail_streams, 3, 100) 5520 5521 OP_C_NEW_STREAM_UNI(b, C_UNI_ID(0)) 5522 5523 OP_CHECK2(check_avail_streams, 0, 99) 5524 OP_CHECK2(check_avail_streams, 1, 100) 5525 OP_CHECK2(check_avail_streams, 2, 99) 5526 OP_CHECK2(check_avail_streams, 3, 100) 5527 5528 OP_S_NEW_STREAM_BIDI(c, S_BIDI_ID(0)) 5529 OP_S_WRITE(c, "x", 1) 5530 5531 OP_C_ACCEPT_STREAM_WAIT(c) 5532 OP_C_READ_EXPECT(c, "x", 1) 5533 5534 OP_CHECK2(check_avail_streams, 0, 99) 5535 OP_CHECK2(check_avail_streams, 1, 99) 5536 OP_CHECK2(check_avail_streams, 2, 99) 5537 OP_CHECK2(check_avail_streams, 3, 100) 5538 5539 OP_S_NEW_STREAM_UNI(d, S_UNI_ID(0)) 5540 OP_S_WRITE(d, "x", 1) 5541 5542 OP_C_ACCEPT_STREAM_WAIT(d) 5543 OP_C_READ_EXPECT(d, "x", 1) 5544 5545 OP_CHECK2(check_avail_streams, 0, 99) 5546 OP_CHECK2(check_avail_streams, 1, 99) 5547 OP_CHECK2(check_avail_streams, 2, 99) 5548 OP_CHECK2(check_avail_streams, 3, 99) 5549 5550 OP_CHECK2(check_write_buf_stat, 0, 0) 5551 OP_CHECK(set_event_handling_mode_conn, 5552 SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT) 5553 OP_C_WRITE(a, "apple", 5) 5554 OP_CHECK2(check_write_buf_stat, 5, 0) 5555 5556 OP_CHECK(reenable_test_event_handling, 0) 5557 5558 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 5559 OP_S_READ_EXPECT(a, "apple", 5) 5560 OP_S_WRITE(a, "orange", 6) 5561 OP_C_READ_EXPECT(a, "orange", 6) 5562 5563 OP_END 5564 }; 5565 5566 /* 85. Test SSL_poll (lite, non-blocking) */ 5567 ossl_unused static int script_85_poll(struct helper *h, struct helper_local *hl) 5568 { 5569 int ok = 1, ret, expected_ret = 1; 5570 static const struct timeval timeout = { 0 }; 5571 size_t result_count, expected_result_count = 0; 5572 SSL_POLL_ITEM items[5] = { 0 }, *item = items; 5573 SSL *c_a, *c_b, *c_c, *c_d; 5574 size_t i; 5575 uint64_t mode, expected_revents[5] = { 0 }; 5576 5577 if (!TEST_ptr(c_a = helper_local_get_c_stream(hl, "a")) 5578 || !TEST_ptr(c_b = helper_local_get_c_stream(hl, "b")) 5579 || !TEST_ptr(c_c = helper_local_get_c_stream(hl, "c")) 5580 || !TEST_ptr(c_d = helper_local_get_c_stream(hl, "d"))) 5581 return 0; 5582 5583 item->desc = SSL_as_poll_descriptor(c_a); 5584 item->events = UINT64_MAX; 5585 item->revents = UINT64_MAX; 5586 ++item; 5587 5588 item->desc = SSL_as_poll_descriptor(c_b); 5589 item->events = UINT64_MAX; 5590 item->revents = UINT64_MAX; 5591 ++item; 5592 5593 item->desc = SSL_as_poll_descriptor(c_c); 5594 item->events = UINT64_MAX; 5595 item->revents = UINT64_MAX; 5596 ++item; 5597 5598 item->desc = SSL_as_poll_descriptor(c_d); 5599 item->events = UINT64_MAX; 5600 item->revents = UINT64_MAX; 5601 ++item; 5602 5603 item->desc = SSL_as_poll_descriptor(h->c_conn); 5604 item->events = UINT64_MAX; 5605 item->revents = UINT64_MAX; 5606 ++item; 5607 5608 result_count = SIZE_MAX; 5609 ret = SSL_poll(items, OSSL_NELEM(items), sizeof(SSL_POLL_ITEM), 5610 &timeout, 0, 5611 &result_count); 5612 5613 mode = hl->check_op->arg2; 5614 switch (mode) { 5615 case 0: 5616 /* No incoming data yet */ 5617 expected_revents[0] = SSL_POLL_EVENT_W; 5618 expected_revents[1] = SSL_POLL_EVENT_W; 5619 expected_revents[2] = SSL_POLL_EVENT_W; 5620 expected_revents[3] = SSL_POLL_EVENT_W; 5621 expected_revents[4] = SSL_POLL_EVENT_OS; 5622 expected_result_count = 5; 5623 break; 5624 case 1: 5625 /* Expect more events */ 5626 expected_revents[0] = SSL_POLL_EVENT_W | SSL_POLL_EVENT_R; 5627 expected_revents[1] = SSL_POLL_EVENT_W | SSL_POLL_EVENT_ER; 5628 expected_revents[2] = SSL_POLL_EVENT_EW; 5629 expected_revents[3] = SSL_POLL_EVENT_W; 5630 expected_revents[4] = SSL_POLL_EVENT_OS | SSL_POLL_EVENT_ISB; 5631 expected_result_count = 5; 5632 break; 5633 default: 5634 return 0; 5635 } 5636 5637 if (!TEST_int_eq(ret, expected_ret) 5638 || !TEST_size_t_eq(result_count, expected_result_count)) 5639 ok = 0; 5640 5641 for (i = 0; i < OSSL_NELEM(items); ++i) 5642 if (!TEST_uint64_t_eq(items[i].revents, expected_revents[i])) { 5643 TEST_error("mismatch at index %zu in poll results, mode %d", 5644 i, (int)mode); 5645 ok = 0; 5646 } 5647 5648 return ok; 5649 } 5650 5651 static const struct script_op script_85[] = { 5652 OP_C_SET_ALPN("ossltest") 5653 OP_C_CONNECT_WAIT() 5654 5655 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 5656 5657 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0)) 5658 OP_C_WRITE(a, "flamingo", 8) 5659 5660 OP_C_NEW_STREAM_BIDI(b, C_BIDI_ID(1)) 5661 OP_C_WRITE(b, "orange", 6) 5662 5663 OP_C_NEW_STREAM_BIDI(c, C_BIDI_ID(2)) 5664 OP_C_WRITE(c, "Strawberry", 10) 5665 5666 OP_C_NEW_STREAM_BIDI(d, C_BIDI_ID(3)) 5667 OP_C_WRITE(d, "sync", 4) 5668 5669 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 5670 OP_S_BIND_STREAM_ID(b, C_BIDI_ID(1)) 5671 OP_S_BIND_STREAM_ID(c, C_BIDI_ID(2)) 5672 OP_S_BIND_STREAM_ID(d, C_BIDI_ID(3)) 5673 5674 /* Check nothing readable yet. */ 5675 OP_CHECK(script_85_poll, 0) 5676 5677 /* Send something that will make client sockets readable. */ 5678 OP_S_READ_EXPECT(a, "flamingo", 8) 5679 OP_S_WRITE(a, "herringbone", 11) 5680 5681 /* Send something that will make 'b' reset. */ 5682 OP_S_SET_INJECT_PLAIN(script_28_inject_plain) 5683 OP_SET_INJECT_WORD(C_BIDI_ID(1) + 1, OSSL_QUIC_FRAME_TYPE_RESET_STREAM) 5684 5685 /* Ensure sync. */ 5686 OP_S_READ_EXPECT(d, "sync", 4) 5687 OP_S_WRITE(d, "x", 1) 5688 OP_C_READ_EXPECT(d, "x", 1) 5689 5690 /* Send something that will make 'c' reset. */ 5691 OP_S_SET_INJECT_PLAIN(script_28_inject_plain) 5692 OP_SET_INJECT_WORD(C_BIDI_ID(2) + 1, OSSL_QUIC_FRAME_TYPE_STOP_SENDING) 5693 5694 OP_S_NEW_STREAM_BIDI(z, S_BIDI_ID(0)) 5695 OP_S_WRITE(z, "z", 1) 5696 5697 /* Ensure sync. */ 5698 OP_S_WRITE(d, "x", 1) 5699 OP_C_READ_EXPECT(d, "x", 1) 5700 5701 /* Check a is now readable. */ 5702 OP_CHECK(script_85_poll, 1) 5703 5704 OP_END 5705 }; 5706 5707 /* 86. Event Handling Mode Configuration */ 5708 static int set_event_handling_mode_conn(struct helper *h, struct helper_local *hl) 5709 { 5710 hl->explicit_event_handling = 1; 5711 return SSL_set_event_handling_mode(h->c_conn, hl->check_op->arg2); 5712 } 5713 5714 static int reenable_test_event_handling(struct helper *h, struct helper_local *hl) 5715 { 5716 hl->explicit_event_handling = 0; 5717 return 1; 5718 } 5719 5720 static ossl_unused int set_event_handling_mode_stream(struct helper *h, struct helper_local *hl) 5721 { 5722 SSL *ssl = helper_local_get_c_stream(hl, "a"); 5723 5724 if (!TEST_ptr(ssl)) 5725 return 0; 5726 5727 return SSL_set_event_handling_mode(ssl, hl->check_op->arg2); 5728 } 5729 5730 static const struct script_op script_86[] = { 5731 OP_SKIP_IF_BLOCKING(23) 5732 5733 OP_C_SET_ALPN("ossltest") 5734 OP_C_CONNECT_WAIT() 5735 5736 OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) 5737 5738 /* Turn on explicit handling mode. */ 5739 OP_CHECK(set_event_handling_mode_conn, 5740 SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT) 5741 5742 /* 5743 * Create a new stream and write data. This won't get sent 5744 * to the network net because we are in explicit mode 5745 * and we haven't called SSL_handle_events(). 5746 */ 5747 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0)) 5748 OP_C_WRITE(a, "apple", 5) 5749 5750 /* Put connection back into implicit handling mode. */ 5751 OP_CHECK(set_event_handling_mode_conn, 5752 SSL_VALUE_EVENT_HANDLING_MODE_IMPLICIT) 5753 5754 /* Override at stream level. */ 5755 OP_CHECK(set_event_handling_mode_stream, 5756 SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT) 5757 OP_C_WRITE(a, "orange", 6) 5758 OP_C_CONCLUDE(a) 5759 5760 /* 5761 * Confirm the data isn't going to arrive. OP_SLEEP is always undesirable 5762 * but we have no reasonable way to synchronise on something not arriving 5763 * given all network traffic is essentially stopped and there are no other 5764 * signals arriving from the peer which could be used for synchronisation. 5765 * Slow OSes will pass this anyway (fail-open). 5766 */ 5767 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 5768 5769 OP_BEGIN_REPEAT(20) 5770 OP_S_READ_FAIL(a, 1) 5771 OP_SLEEP(10) 5772 OP_END_REPEAT() 5773 5774 /* Now let the data arrive and confirm it arrives. */ 5775 OP_CHECK(reenable_test_event_handling, 0) 5776 OP_S_READ_EXPECT(a, "appleorange", 11) 5777 OP_S_EXPECT_FIN(a) 5778 5779 /* Back into explicit mode. */ 5780 OP_CHECK(set_event_handling_mode_conn, 5781 SSL_VALUE_EVENT_HANDLING_MODE_EXPLICIT) 5782 OP_S_WRITE(a, "ok", 2) 5783 OP_C_READ_FAIL(a) 5784 5785 /* Works once event handling is done. */ 5786 OP_CHECK(reenable_test_event_handling, 0) 5787 OP_C_READ_EXPECT(a, "ok", 2) 5788 5789 OP_END 5790 }; 5791 5792 /* 87. Test stream reset functionality */ 5793 static const struct script_op script_87[] = { 5794 OP_C_SET_ALPN("ossltest") 5795 OP_C_CONNECT_WAIT() 5796 OP_C_NEW_STREAM_BIDI(a, C_BIDI_ID(0)) 5797 OP_C_WRITE(a, "apple", 5) 5798 OP_C_CONCLUDE(a) 5799 OP_S_BIND_STREAM_ID(a, C_BIDI_ID(0)) 5800 OP_S_READ_EXPECT(a, "apple", 5) 5801 OP_S_EXPECT_FIN(a) 5802 OP_S_WRITE(a, "orange", 6) 5803 OP_C_READ_EXPECT(a, "orange", 6) 5804 OP_S_CONCLUDE(a) 5805 OP_C_EXPECT_FIN(a) 5806 OP_SLEEP(1000) 5807 OP_C_STREAM_RESET_FAIL(a, 42) 5808 OP_END 5809 }; 5810 5811 static const struct script_op *const scripts[] = { 5812 script_1, 5813 script_2, 5814 script_3, 5815 script_4, 5816 script_5, 5817 script_6, 5818 script_7, 5819 script_8, 5820 script_9, 5821 script_10, 5822 script_11, 5823 script_12, 5824 script_13, 5825 script_14, 5826 script_15, 5827 script_16, 5828 script_17, 5829 script_18, 5830 script_19, 5831 script_20, 5832 script_21, 5833 script_22, 5834 script_23, 5835 script_24, 5836 script_25, 5837 script_26, 5838 script_27, 5839 script_28, 5840 script_29, 5841 script_30, 5842 script_31, 5843 script_32, 5844 script_33, 5845 script_34, 5846 script_35, 5847 script_36, 5848 script_37, 5849 script_38, 5850 script_39, 5851 script_40, 5852 script_41, 5853 script_42, 5854 script_43, 5855 script_44, 5856 script_45, 5857 script_46, 5858 script_47, 5859 script_48, 5860 script_49, 5861 script_50, 5862 script_51, 5863 script_52, 5864 script_53, 5865 script_54, 5866 script_55, 5867 script_56, 5868 script_57, 5869 script_58, 5870 script_59, 5871 script_60, 5872 script_61, 5873 script_62, 5874 script_63, 5875 script_64, 5876 script_65, 5877 script_66, 5878 script_67, 5879 script_68, 5880 script_69, 5881 script_70, 5882 script_71, 5883 script_72, 5884 script_73, 5885 script_74, 5886 script_75, 5887 script_76, 5888 script_77, 5889 script_78, 5890 script_79, 5891 script_80, 5892 script_81, 5893 script_82, 5894 script_83, 5895 script_84, 5896 script_85, 5897 script_86, 5898 script_87 5899 }; 5900 5901 static int test_script(int idx) 5902 { 5903 int script_idx, free_order, blocking; 5904 char script_name[64]; 5905 5906 free_order = idx % 2; 5907 idx /= 2; 5908 5909 blocking = idx % 2; 5910 idx /= 2; 5911 5912 script_idx = idx; 5913 5914 if (blocking && free_order) 5915 return 1; /* don't need to test free_order twice */ 5916 5917 #if !defined(OPENSSL_THREADS) 5918 if (blocking) { 5919 TEST_skip("cannot test in blocking mode without threads"); 5920 return 1; 5921 } 5922 #endif 5923 5924 BIO_snprintf(script_name, sizeof(script_name), "script %d", script_idx + 1); 5925 5926 TEST_info("Running script %d (order=%d, blocking=%d)", script_idx + 1, 5927 free_order, blocking); 5928 return run_script(scripts[script_idx], script_name, free_order, blocking); 5929 } 5930 5931 /* Dynamically generated tests. */ 5932 static struct script_op dyn_frame_types_script[] = { 5933 OP_S_SET_INJECT_PLAIN(script_21_inject_plain) 5934 OP_SET_INJECT_WORD(0, 0) /* dynamic */ 5935 5936 OP_C_SET_ALPN("ossltest") 5937 OP_C_CONNECT_WAIT_OR_FAIL() 5938 5939 OP_C_EXPECT_CONN_CLOSE_INFO(OSSL_QUIC_ERR_FRAME_ENCODING_ERROR, 0, 0) 5940 5941 OP_END 5942 }; 5943 5944 struct forbidden_frame_type { 5945 uint64_t pkt_type, frame_type, expected_err; 5946 }; 5947 5948 static const struct forbidden_frame_type forbidden_frame_types[] = { 5949 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_VLINT_MAX, OSSL_QUIC_ERR_FRAME_ENCODING_ERROR }, 5950 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_VLINT_MAX, OSSL_QUIC_ERR_FRAME_ENCODING_ERROR }, 5951 { QUIC_PKT_TYPE_1RTT, OSSL_QUIC_VLINT_MAX, OSSL_QUIC_ERR_FRAME_ENCODING_ERROR }, 5952 5953 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_STREAM, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 5954 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_RESET_STREAM, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 5955 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_STOP_SENDING, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 5956 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_NEW_TOKEN, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 5957 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_MAX_DATA, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 5958 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 5959 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_BIDI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 5960 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_UNI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 5961 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_DATA_BLOCKED, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 5962 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 5963 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_BIDI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 5964 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_UNI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 5965 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 5966 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 5967 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_PATH_CHALLENGE, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 5968 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 5969 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_APP, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 5970 { QUIC_PKT_TYPE_INITIAL, OSSL_QUIC_FRAME_TYPE_HANDSHAKE_DONE, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 5971 5972 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_STREAM, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 5973 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_RESET_STREAM, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 5974 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_STOP_SENDING, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 5975 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_NEW_TOKEN, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 5976 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_MAX_DATA, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 5977 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 5978 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_BIDI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 5979 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_MAX_STREAMS_UNI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 5980 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_DATA_BLOCKED, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 5981 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_STREAM_DATA_BLOCKED, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 5982 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_BIDI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 5983 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_STREAMS_BLOCKED_UNI, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 5984 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_NEW_CONN_ID, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 5985 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 5986 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_PATH_CHALLENGE, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 5987 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_PATH_RESPONSE, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 5988 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_CONN_CLOSE_APP, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 5989 { QUIC_PKT_TYPE_HANDSHAKE, OSSL_QUIC_FRAME_TYPE_HANDSHAKE_DONE, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 5990 5991 /* Client uses a zero-length CID so this is not allowed. */ 5992 { QUIC_PKT_TYPE_1RTT, OSSL_QUIC_FRAME_TYPE_RETIRE_CONN_ID, OSSL_QUIC_ERR_PROTOCOL_VIOLATION }, 5993 }; 5994 5995 static ossl_unused int test_dyn_frame_types(int idx) 5996 { 5997 size_t i; 5998 char script_name[64]; 5999 struct script_op *s = dyn_frame_types_script; 6000 6001 for (i = 0; i < OSSL_NELEM(dyn_frame_types_script); ++i) 6002 if (s[i].op == OPK_SET_INJECT_WORD) { 6003 s[i].arg1 = (size_t)forbidden_frame_types[idx].pkt_type; 6004 s[i].arg2 = forbidden_frame_types[idx].frame_type; 6005 } else if (s[i].op == OPK_C_EXPECT_CONN_CLOSE_INFO) { 6006 s[i].arg2 = forbidden_frame_types[idx].expected_err; 6007 } 6008 6009 BIO_snprintf(script_name, sizeof(script_name), 6010 "dyn script %d", idx); 6011 6012 return run_script(dyn_frame_types_script, script_name, 0, 0); 6013 } 6014 6015 OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n") 6016 6017 int setup_tests(void) 6018 { 6019 #if defined(_PUT_MODEL_) 6020 return TEST_skip("QUIC is not supported by this build"); 6021 #endif 6022 6023 if (!test_skip_common_options()) { 6024 TEST_error("Error parsing test options\n"); 6025 return 0; 6026 } 6027 6028 if (!TEST_ptr(certfile = test_get_argument(0)) 6029 || !TEST_ptr(keyfile = test_get_argument(1))) 6030 return 0; 6031 6032 ADD_ALL_TESTS(test_dyn_frame_types, OSSL_NELEM(forbidden_frame_types)); 6033 ADD_ALL_TESTS(test_script, OSSL_NELEM(scripts) * 2 * 2); 6034 return 1; 6035 } 6036
Indexes created Tue Mar 03 05:31:39 UTC 2026