1 /* 2 * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 #include "internal/sockets.h" 10 #include <openssl/rand.h> 11 12 static const unsigned char alpn_ossltest[] = { 13 /* "\x08ossltest" (hex for EBCDIC resilience) */ 14 0x08, 0x6f, 0x73, 0x73, 0x6c, 0x74, 0x65, 0x73, 0x74 15 }; 16 17 DEF_FUNC(hf_unbind) 18 { 19 int ok = 0; 20 const char *name; 21 22 F_POP(name); 23 RADIX_PROCESS_set_obj(RP(), name, NULL); 24 25 ok = 1; 26 err: 27 return ok; 28 } 29 30 static int ssl_ctx_select_alpn(SSL *ssl, 31 const unsigned char **out, unsigned char *out_len, 32 const unsigned char *in, unsigned int in_len, 33 void *arg) 34 { 35 if (SSL_select_next_proto((unsigned char **)out, out_len, 36 alpn_ossltest, sizeof(alpn_ossltest), in, in_len) 37 != OPENSSL_NPN_NEGOTIATED) 38 return SSL_TLSEXT_ERR_ALERT_FATAL; 39 40 return SSL_TLSEXT_ERR_OK; 41 } 42 43 static void keylog_cb(const SSL *ssl, const char *line) 44 { 45 ossl_crypto_mutex_lock(RP()->gm); 46 BIO_printf(RP()->keylog_out, "%s", line); 47 (void)BIO_flush(RP()->keylog_out); 48 ossl_crypto_mutex_unlock(RP()->gm); 49 } 50 51 static int ssl_ctx_configure(SSL_CTX *ctx, int is_server) 52 { 53 if (!TEST_true(ossl_quic_set_diag_title(ctx, "quic_radix_test"))) 54 return 0; 55 56 if (!is_server) 57 return 1; 58 59 if (RP()->keylog_out != NULL) 60 SSL_CTX_set_keylog_callback(ctx, keylog_cb); 61 62 if (!TEST_int_eq(SSL_CTX_use_certificate_file(ctx, cert_file, 63 SSL_FILETYPE_PEM), 64 1) 65 || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(ctx, key_file, 66 SSL_FILETYPE_PEM), 67 1)) 68 return 0; 69 70 SSL_CTX_set_alpn_select_cb(ctx, ssl_ctx_select_alpn, NULL); 71 return 1; 72 } 73 74 static int ssl_create_bound_socket(uint16_t listen_port, 75 int *p_fd, uint16_t *p_result_port) 76 { 77 int ok = 0; 78 int fd = -1; 79 BIO_ADDR *addr = NULL; 80 union BIO_sock_info_u info; 81 struct in_addr ina; 82 83 ina.s_addr = htonl(INADDR_LOOPBACK); 84 85 fd = BIO_socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP, 0); 86 if (!TEST_int_ge(fd, 0)) 87 goto err; 88 89 if (!TEST_true(BIO_socket_nbio(fd, 1))) 90 goto err; 91 92 if (!TEST_ptr(addr = BIO_ADDR_new())) 93 goto err; 94 95 if (!TEST_true(BIO_ADDR_rawmake(addr, AF_INET, 96 &ina, sizeof(ina), 0))) 97 goto err; 98 99 if (!TEST_true(BIO_bind(fd, addr, 0))) 100 goto err; 101 102 info.addr = addr; 103 if (!TEST_true(BIO_sock_info(fd, BIO_SOCK_INFO_ADDRESS, &info))) 104 goto err; 105 106 if (!TEST_int_gt(BIO_ADDR_rawport(addr), 0)) 107 goto err; 108 109 ok = 1; 110 err: 111 if (!ok && fd >= 0) 112 BIO_closesocket(fd); 113 else if (ok) { 114 *p_fd = fd; 115 if (p_result_port != NULL) 116 *p_result_port = BIO_ADDR_rawport(addr); 117 } 118 BIO_ADDR_free(addr); 119 return ok; 120 } 121 122 static int ssl_attach_bio_dgram(SSL *ssl, 123 uint16_t local_port, uint16_t *actual_port) 124 { 125 int s_fd = -1; 126 BIO *bio; 127 128 if (!TEST_true(ssl_create_bound_socket(local_port, &s_fd, actual_port))) 129 return 0; 130 131 if (!TEST_ptr(bio = BIO_new_dgram(s_fd, BIO_CLOSE))) { 132 BIO_closesocket(s_fd); 133 return 0; 134 } 135 136 SSL_set0_rbio(ssl, bio); 137 if (!TEST_true(BIO_up_ref(bio))) 138 return 0; 139 140 SSL_set0_wbio(ssl, bio); 141 142 return 1; 143 } 144 145 /* 146 * Test to make sure that SSL_accept_connection returns the same ssl object 147 * that is used in the various TLS callbacks 148 * 149 * Unlike TCP, QUIC processes new connections independently from their 150 * acceptance, and so we need to pre-allocate tls objects to return during 151 * connection acceptance via the user_ssl. This is just a quic test to validate 152 * that: 153 * 1) The new callback to inform the user of a new pending ssl acceptance works 154 * properly 155 * 2) That the object returned from SSL_accept_connection matches the one passed 156 * to various callbacks 157 * 158 * It would be better as its own test, but currently the tserver used in the 159 * other quic_tests doesn't actually accept connections (it pre-creates them 160 * and fixes them up in place), so testing there is not feasible at the moment 161 * 162 * For details on this issue see: 163 * https://github.com/openssl/project/issues/918 164 */ 165 static SSL *pending_ssl_obj = NULL; 166 static SSL *client_hello_ssl_obj = NULL; 167 static int check_pending_match = 0; 168 static int pending_cb_called = 0; 169 static int hello_cb_called = 0; 170 static int new_pending_cb(SSL_CTX *ctx, SSL *new_ssl, void *arg) 171 { 172 pending_ssl_obj = new_ssl; 173 pending_cb_called = 1; 174 return 1; 175 } 176 177 static int client_hello_cb(SSL *s, int *al, void *arg) 178 { 179 client_hello_ssl_obj = s; 180 hello_cb_called = 1; 181 return 1; 182 } 183 184 DEF_FUNC(hf_new_ssl) 185 { 186 int ok = 0; 187 const char *name; 188 SSL_CTX *ctx = NULL; 189 const SSL_METHOD *method; 190 SSL *ssl; 191 uint64_t flags; 192 int is_server, is_domain; 193 194 F_POP2(name, flags); 195 196 is_domain = ((flags & 2) != 0); 197 is_server = ((flags & 1) != 0); 198 199 method = is_server ? OSSL_QUIC_server_method() : OSSL_QUIC_client_method(); 200 if (!TEST_ptr(ctx = SSL_CTX_new(method))) 201 goto err; 202 203 #if defined(OPENSSL_THREADS) 204 if (!TEST_true(SSL_CTX_set_domain_flags(ctx, 205 SSL_DOMAIN_FLAG_MULTI_THREAD 206 | SSL_DOMAIN_FLAG_BLOCKING))) 207 goto err; 208 #endif 209 210 if (!TEST_true(ssl_ctx_configure(ctx, is_server))) 211 goto err; 212 213 if (is_domain) { 214 if (!TEST_ptr(ssl = SSL_new_domain(ctx, 0))) 215 goto err; 216 217 } else if (is_server) { 218 SSL_CTX_set_new_pending_conn_cb(ctx, new_pending_cb, NULL); 219 SSL_CTX_set_client_hello_cb(ctx, client_hello_cb, NULL); 220 check_pending_match = 1; 221 if (!TEST_ptr(ssl = SSL_new_listener(ctx, 0))) 222 goto err; 223 } else { 224 if (!TEST_ptr(ssl = SSL_new(ctx))) 225 goto err; 226 } 227 228 if (!is_domain && !TEST_true(ssl_attach_bio_dgram(ssl, 0, NULL))) 229 goto err; 230 231 if (!TEST_true(RADIX_PROCESS_set_ssl(RP(), name, ssl))) { 232 SSL_free(ssl); 233 goto err; 234 } 235 236 ok = 1; 237 err: 238 /* SSL object will hold ref, we don't need it */ 239 SSL_CTX_free(ctx); 240 return ok; 241 } 242 243 DEF_FUNC(hf_new_ssl_listener_from) 244 { 245 int ok = 0; 246 SSL *domain, *listener; 247 const char *listener_name; 248 uint64_t flags; 249 250 REQUIRE_SSL(domain); 251 F_POP2(listener_name, flags); 252 253 if (!TEST_ptr_null(RADIX_PROCESS_get_obj(RP(), listener_name))) 254 goto err; 255 256 if (!TEST_ptr(listener = SSL_new_listener_from(domain, flags))) 257 goto err; 258 259 if (!TEST_true(ssl_attach_bio_dgram(listener, 0, NULL))) 260 goto err; 261 262 if (!TEST_true(RADIX_PROCESS_set_ssl(RP(), listener_name, listener))) { 263 SSL_free(listener); 264 goto err; 265 } 266 267 radix_activate_slot(0); 268 269 ok = 1; 270 err: 271 return ok; 272 } 273 274 DEF_FUNC(hf_listen) 275 { 276 int ok = 0, r; 277 SSL *ssl; 278 279 REQUIRE_SSL(ssl); 280 281 r = SSL_listen(ssl); 282 if (!TEST_true(r)) 283 goto err; 284 285 if (SSL_get0_domain(ssl) == NULL) 286 radix_activate_slot(0); 287 288 ok = 1; 289 err: 290 return ok; 291 } 292 293 DEF_FUNC(hf_new_stream) 294 { 295 int ok = 0; 296 const char *stream_name; 297 SSL *conn, *stream; 298 uint64_t flags, do_accept; 299 300 F_POP2(flags, do_accept); 301 F_POP(stream_name); 302 REQUIRE_SSL(conn); 303 304 if (!TEST_ptr_null(RADIX_PROCESS_get_obj(RP(), stream_name))) 305 goto err; 306 307 if (do_accept) { 308 stream = SSL_accept_stream(conn, flags); 309 310 if (stream == NULL) 311 F_SPIN_AGAIN(); 312 } else { 313 stream = SSL_new_stream(conn, flags); 314 } 315 316 if (!TEST_ptr(stream)) 317 goto err; 318 319 /* TODO(QUIC RADIX): Implement wait behaviour */ 320 321 if (stream != NULL 322 && !TEST_true(RADIX_PROCESS_set_ssl(RP(), stream_name, stream))) { 323 SSL_free(stream); 324 goto err; 325 } 326 327 ok = 1; 328 err: 329 return ok; 330 } 331 332 DEF_FUNC(hf_accept_conn) 333 { 334 int ok = 0; 335 const char *conn_name; 336 uint64_t flags; 337 SSL *listener, *conn; 338 339 F_POP2(conn_name, flags); 340 REQUIRE_SSL(listener); 341 342 if (!TEST_ptr_null(RADIX_PROCESS_get_obj(RP(), conn_name))) 343 goto err; 344 345 conn = SSL_accept_connection(listener, flags); 346 if (conn == NULL) 347 F_SPIN_AGAIN(); 348 349 if (!TEST_true(RADIX_PROCESS_set_ssl(RP(), conn_name, conn))) { 350 SSL_free(conn); 351 goto err; 352 } 353 354 if (check_pending_match) { 355 if (!pending_cb_called || !hello_cb_called) { 356 TEST_info("Callbacks not called, skipping user_ssl check\n"); 357 } else { 358 if (!TEST_ptr_eq(pending_ssl_obj, client_hello_ssl_obj)) { 359 SSL_free(conn); 360 goto err; 361 } 362 if (!TEST_ptr_eq(pending_ssl_obj, conn)) { 363 SSL_free(conn); 364 goto err; 365 } 366 } 367 pending_ssl_obj = client_hello_ssl_obj = NULL; 368 check_pending_match = 0; 369 pending_cb_called = hello_cb_called = 0; 370 } 371 ok = 1; 372 err: 373 return ok; 374 } 375 376 DEF_FUNC(hf_accept_conn_none) 377 { 378 int ok = 0; 379 SSL *listener, *conn; 380 381 REQUIRE_SSL(listener); 382 383 conn = SSL_accept_connection(listener, SSL_ACCEPT_CONNECTION_NO_BLOCK); 384 if (!TEST_ptr_null(conn)) { 385 SSL_free(conn); 386 goto err; 387 } 388 389 ok = 1; 390 err: 391 return ok; 392 } 393 394 DEF_FUNC(hf_accept_stream_none) 395 { 396 int ok = 0; 397 const char *conn_name; 398 uint64_t flags; 399 SSL *conn, *stream; 400 401 F_POP2(conn_name, flags); 402 403 if (!TEST_ptr(conn = RADIX_PROCESS_get_ssl(RP(), conn_name))) 404 goto err; 405 406 stream = SSL_accept_stream(conn, flags); 407 if (!TEST_ptr_null(stream)) { 408 SSL_free(stream); 409 goto err; 410 } 411 412 ok = 1; 413 err: 414 return ok; 415 } 416 417 DEF_FUNC(hf_pop_err) 418 { 419 ERR_pop(); 420 421 return 1; 422 } 423 424 DEF_FUNC(hf_stream_reset) 425 { 426 int ok = 0; 427 const char *name; 428 SSL_STREAM_RESET_ARGS args = { 0 }; 429 SSL *ssl; 430 431 F_POP2(name, args.quic_error_code); 432 REQUIRE_SSL(ssl); 433 434 if (!TEST_true(SSL_stream_reset(ssl, &args, sizeof(args)))) 435 goto err; 436 437 ok = 1; 438 err: 439 return ok; 440 } 441 442 DEF_FUNC(hf_set_default_stream_mode) 443 { 444 int ok = 0; 445 uint64_t mode; 446 SSL *ssl; 447 448 F_POP(mode); 449 REQUIRE_SSL(ssl); 450 451 if (!TEST_true(SSL_set_default_stream_mode(ssl, (uint32_t)mode))) 452 goto err; 453 454 ok = 1; 455 err: 456 return ok; 457 } 458 459 DEF_FUNC(hf_set_incoming_stream_policy) 460 { 461 int ok = 0; 462 uint64_t policy, error_code; 463 SSL *ssl; 464 465 F_POP(error_code); 466 F_POP(policy); 467 REQUIRE_SSL(ssl); 468 469 if (!TEST_true(SSL_set_incoming_stream_policy(ssl, (int)policy, error_code))) 470 goto err; 471 472 ok = 1; 473 err: 474 return ok; 475 } 476 477 DEF_FUNC(hf_shutdown_wait) 478 { 479 int ok = 0, ret; 480 uint64_t flags; 481 SSL *ssl; 482 SSL_SHUTDOWN_EX_ARGS args = { 0 }; 483 QUIC_CHANNEL *ch; 484 485 F_POP(args.quic_reason); 486 F_POP(args.quic_error_code); 487 F_POP(flags); 488 REQUIRE_SSL(ssl); 489 490 ch = ossl_quic_conn_get_channel(ssl); 491 ossl_quic_engine_set_inhibit_tick(ossl_quic_channel_get0_engine(ch), 0); 492 493 ret = SSL_shutdown_ex(ssl, flags, &args, sizeof(args)); 494 if (!TEST_int_ge(ret, 0)) 495 goto err; 496 497 if (ret == 0) 498 F_SPIN_AGAIN(); 499 500 ok = 1; 501 err: 502 return ok; 503 } 504 505 DEF_FUNC(hf_conclude) 506 { 507 int ok = 0; 508 SSL *ssl; 509 510 REQUIRE_SSL(ssl); 511 512 if (!TEST_true(SSL_stream_conclude(ssl, 0))) 513 goto err; 514 515 ok = 1; 516 err: 517 return ok; 518 } 519 520 static int is_want(SSL *s, int ret) 521 { 522 int ec = SSL_get_error(s, ret); 523 524 return ec == SSL_ERROR_WANT_READ || ec == SSL_ERROR_WANT_WRITE; 525 } 526 527 static int check_consistent_want(SSL *s, int ret) 528 { 529 int ec = SSL_get_error(s, ret); 530 int w = SSL_want(s); 531 532 int ok = TEST_true( 533 (ec == SSL_ERROR_NONE && w == SSL_NOTHING) 534 || (ec == SSL_ERROR_ZERO_RETURN && w == SSL_NOTHING) 535 || (ec == SSL_ERROR_SSL && w == SSL_NOTHING) 536 || (ec == SSL_ERROR_SYSCALL && w == SSL_NOTHING) 537 || (ec == SSL_ERROR_WANT_READ && w == SSL_READING) 538 || (ec == SSL_ERROR_WANT_WRITE && w == SSL_WRITING) 539 || (ec == SSL_ERROR_WANT_CLIENT_HELLO_CB && w == SSL_CLIENT_HELLO_CB) 540 || (ec == SSL_ERROR_WANT_X509_LOOKUP && w == SSL_X509_LOOKUP) 541 || (ec == SSL_ERROR_WANT_RETRY_VERIFY && w == SSL_RETRY_VERIFY)); 542 543 if (!ok) 544 TEST_error("got error=%d, want=%d", ec, w); 545 546 return ok; 547 } 548 549 DEF_FUNC(hf_write) 550 { 551 int ok = 0, r; 552 SSL *ssl; 553 const void *buf; 554 size_t buf_len, bytes_written = 0; 555 556 F_POP2(buf, buf_len); 557 REQUIRE_SSL(ssl); 558 559 r = SSL_write_ex(ssl, buf, buf_len, &bytes_written); 560 if (!TEST_true(r) 561 || !check_consistent_want(ssl, r) 562 || !TEST_size_t_eq(bytes_written, buf_len)) 563 goto err; 564 565 ok = 1; 566 err: 567 return ok; 568 } 569 570 DEF_FUNC(hf_write_rand) 571 { 572 int ok = 0, r; 573 SSL *ssl; 574 void *buf = NULL; 575 size_t buf_len, bytes_written = 0; 576 577 F_POP(buf_len); 578 REQUIRE_SSL(ssl); 579 580 while (buf_len > 0) { 581 size_t thislen = buf_len > 1024 ? 1024 : buf_len; 582 583 if (buf == NULL) 584 buf = OPENSSL_malloc(thislen); 585 if (!TEST_ptr(buf)) 586 goto err; 587 if (!TEST_int_eq(RAND_bytes(buf, thislen), 1)) 588 goto err; 589 r = SSL_write_ex(ssl, buf, thislen, &bytes_written); 590 if (!TEST_true(r) 591 || !check_consistent_want(ssl, r) 592 || !TEST_size_t_eq(bytes_written, thislen)) 593 goto err; 594 595 buf_len -= thislen; 596 } 597 598 ok = 1; 599 err: 600 OPENSSL_free(buf); 601 return ok; 602 } 603 604 DEF_FUNC(hf_write_ex2) 605 { 606 int ok = 0, r; 607 SSL *ssl; 608 const void *buf; 609 size_t buf_len, bytes_written = 0; 610 uint64_t flags; 611 612 F_POP(flags); 613 F_POP2(buf, buf_len); 614 REQUIRE_SSL(ssl); 615 616 r = SSL_write_ex2(ssl, buf, buf_len, flags, &bytes_written); 617 if (!TEST_true(r) 618 || !check_consistent_want(ssl, r) 619 || !TEST_size_t_eq(bytes_written, buf_len)) 620 goto err; 621 622 ok = 1; 623 err: 624 return ok; 625 } 626 627 DEF_FUNC(hf_write_fail) 628 { 629 int ok = 0, ret; 630 SSL *ssl; 631 size_t bytes_written = 0; 632 633 REQUIRE_SSL(ssl); 634 635 ret = SSL_write_ex(ssl, "apple", 5, &bytes_written); 636 if (!TEST_false(ret) 637 || !TEST_true(check_consistent_want(ssl, ret)) 638 || !TEST_size_t_eq(bytes_written, 0)) 639 goto err; 640 641 ok = 1; 642 err: 643 return ok; 644 } 645 646 DEF_FUNC(hf_read_expect) 647 { 648 int ok = 0, r; 649 SSL *ssl; 650 const void *buf; 651 size_t buf_len, bytes_read = 0; 652 653 F_POP2(buf, buf_len); 654 REQUIRE_SSL(ssl); 655 656 if (buf_len > 0 && RT()->tmp_buf == NULL 657 && !TEST_ptr(RT()->tmp_buf = OPENSSL_malloc(buf_len))) 658 goto err; 659 660 r = SSL_read_ex(ssl, RT()->tmp_buf + RT()->tmp_buf_offset, 661 buf_len - RT()->tmp_buf_offset, 662 &bytes_read); 663 if (!TEST_true(check_consistent_want(ssl, r))) 664 goto err; 665 666 if (!r) 667 F_SPIN_AGAIN(); 668 669 if (bytes_read + RT()->tmp_buf_offset != buf_len) { 670 RT()->tmp_buf_offset += bytes_read; 671 F_SPIN_AGAIN(); 672 } 673 674 if (buf_len > 0 675 && !TEST_mem_eq(RT()->tmp_buf, buf_len, buf, buf_len)) 676 goto err; 677 678 OPENSSL_free(RT()->tmp_buf); 679 RT()->tmp_buf = NULL; 680 RT()->tmp_buf_offset = 0; 681 682 ok = 1; 683 err: 684 return ok; 685 } 686 687 DEF_FUNC(hf_read_fail) 688 { 689 int ok = 0, r; 690 SSL *ssl; 691 char buf[1] = { 0 }; 692 size_t bytes_read = 0; 693 uint64_t do_wait; 694 695 F_POP(do_wait); 696 REQUIRE_SSL(ssl); 697 698 r = SSL_read_ex(ssl, buf, sizeof(buf), &bytes_read); 699 if (!TEST_false(r) 700 || !TEST_true(check_consistent_want(ssl, r)) 701 || !TEST_size_t_eq(bytes_read, 0)) 702 goto err; 703 704 if (do_wait && is_want(ssl, 0)) 705 F_SPIN_AGAIN(); 706 707 ok = 1; 708 err: 709 return ok; 710 } 711 712 DEF_FUNC(hf_connect_wait) 713 { 714 int ok = 0, ret; 715 SSL *ssl; 716 717 REQUIRE_SSL(ssl); 718 719 /* if not started */ 720 if (RT()->scratch0 == 0) { 721 if (!TEST_true(SSL_set_blocking_mode(ssl, 0))) 722 return 0; 723 724 /* 0 is the success case for SSL_set_alpn_protos(). */ 725 if (!TEST_false(SSL_set_alpn_protos(ssl, alpn_ossltest, 726 sizeof(alpn_ossltest)))) 727 goto err; 728 } 729 730 RT()->scratch0 = 1; /* connect started */ 731 ret = SSL_connect(ssl); 732 radix_activate_slot(0); 733 if (!TEST_true(check_consistent_want(ssl, ret))) 734 goto err; 735 736 if (ret != 1) { 737 if (is_want(ssl, ret)) 738 F_SPIN_AGAIN(); 739 740 if (!TEST_int_eq(ret, 1)) 741 goto err; 742 } 743 744 ok = 1; 745 err: 746 RT()->scratch0 = 0; 747 return ok; 748 } 749 750 DEF_FUNC(hf_detach) 751 { 752 int ok = 0; 753 const char *conn_name, *stream_name; 754 SSL *conn, *stream; 755 756 F_POP2(conn_name, stream_name); 757 if (!TEST_ptr(conn = RADIX_PROCESS_get_ssl(RP(), conn_name))) 758 goto err; 759 760 if (!TEST_ptr(stream = ossl_quic_detach_stream(conn))) 761 goto err; 762 763 if (!TEST_true(RADIX_PROCESS_set_ssl(RP(), stream_name, stream))) { 764 SSL_free(stream); 765 goto err; 766 } 767 768 ok = 1; 769 err: 770 return ok; 771 } 772 773 DEF_FUNC(hf_attach) 774 { 775 int ok = 0; 776 const char *conn_name, *stream_name; 777 SSL *conn, *stream; 778 779 F_POP2(conn_name, stream_name); 780 781 if (!TEST_ptr(conn = RADIX_PROCESS_get_ssl(RP(), conn_name))) 782 goto err; 783 784 if (!TEST_ptr(stream = RADIX_PROCESS_get_ssl(RP(), stream_name))) 785 goto err; 786 787 if (!TEST_true(ossl_quic_attach_stream(conn, stream))) 788 goto err; 789 790 if (!TEST_true(RADIX_PROCESS_set_ssl(RP(), stream_name, NULL))) 791 goto err; 792 793 ok = 1; 794 err: 795 return ok; 796 } 797 798 DEF_FUNC(hf_expect_fin) 799 { 800 int ok = 0, ret; 801 SSL *ssl; 802 char buf[1]; 803 size_t bytes_read = 0; 804 805 REQUIRE_SSL(ssl); 806 807 ret = SSL_read_ex(ssl, buf, sizeof(buf), &bytes_read); 808 if (!TEST_true(check_consistent_want(ssl, ret)) 809 || !TEST_false(ret) 810 || !TEST_size_t_eq(bytes_read, 0)) 811 goto err; 812 813 if (is_want(ssl, 0)) 814 F_SPIN_AGAIN(); 815 816 if (!TEST_int_eq(SSL_get_error(ssl, 0), 817 SSL_ERROR_ZERO_RETURN)) 818 goto err; 819 820 if (!TEST_int_eq(SSL_want(ssl), SSL_NOTHING)) 821 goto err; 822 823 ok = 1; 824 err: 825 return ok; 826 } 827 828 DEF_FUNC(hf_expect_conn_close_info) 829 { 830 int ok = 0; 831 SSL *ssl; 832 SSL_CONN_CLOSE_INFO cc_info = { 0 }; 833 uint64_t error_code, expect_app, expect_remote; 834 835 F_POP(error_code); 836 F_POP2(expect_app, expect_remote); 837 REQUIRE_SSL(ssl); 838 839 /* TODO BLOCKING */ 840 841 if (!SSL_get_conn_close_info(ssl, &cc_info, sizeof(cc_info))) 842 F_SPIN_AGAIN(); 843 844 if (!TEST_int_eq((int)expect_app, 845 (cc_info.flags & SSL_CONN_CLOSE_FLAG_TRANSPORT) == 0) 846 || !TEST_int_eq((int)expect_remote, 847 (cc_info.flags & SSL_CONN_CLOSE_FLAG_LOCAL) == 0) 848 || !TEST_uint64_t_eq(error_code, cc_info.error_code)) { 849 TEST_info("connection close reason: %s", cc_info.reason); 850 goto err; 851 } 852 853 ok = 1; 854 err: 855 return ok; 856 } 857 858 DEF_FUNC(hf_wait_for_data) 859 { 860 int ok = 0; 861 SSL *ssl; 862 char buf[1]; 863 size_t bytes_read = 0; 864 865 REQUIRE_SSL(ssl); 866 867 if (!SSL_peek_ex(ssl, buf, sizeof(buf), &bytes_read) 868 || bytes_read == 0) 869 F_SPIN_AGAIN(); 870 871 ok = 1; 872 err: 873 return ok; 874 } 875 876 DEF_FUNC(hf_expect_err) 877 { 878 int ok = 0; 879 uint64_t lib, reason; 880 881 F_POP2(lib, reason); 882 if (!TEST_size_t_eq((size_t)ERR_GET_LIB(ERR_peek_last_error()), 883 (size_t)lib) 884 || !TEST_size_t_eq((size_t)ERR_GET_REASON(ERR_peek_last_error()), 885 (size_t)reason)) 886 goto err; 887 888 ok = 1; 889 err: 890 return ok; 891 } 892 893 DEF_FUNC(hf_expect_ssl_err) 894 { 895 int ok = 0; 896 uint64_t expected; 897 SSL *ssl; 898 899 F_POP(expected); 900 REQUIRE_SSL(ssl); 901 902 if (!TEST_size_t_eq((size_t)SSL_get_error(ssl, 0), (size_t)expected) 903 || !TEST_int_eq(SSL_want(ssl), SSL_NOTHING)) 904 goto err; 905 906 ok = 1; 907 err: 908 return ok; 909 } 910 911 DEF_FUNC(hf_expect_stream_id) 912 { 913 int ok = 0; 914 SSL *ssl; 915 uint64_t expected, actual; 916 917 F_POP(expected); 918 REQUIRE_SSL(ssl); 919 920 actual = SSL_get_stream_id(ssl); 921 if (!TEST_uint64_t_eq(actual, expected)) 922 goto err; 923 924 ok = 1; 925 err: 926 return ok; 927 } 928 929 DEF_FUNC(hf_select_ssl) 930 { 931 int ok = 0; 932 uint64_t slot; 933 const char *name; 934 RADIX_OBJ *obj; 935 936 F_POP2(slot, name); 937 if (!TEST_ptr(obj = RADIX_PROCESS_get_obj(RP(), name))) 938 goto err; 939 940 if (!TEST_uint64_t_lt(slot, NUM_SLOTS)) 941 goto err; 942 943 RT()->slot[slot] = obj; 944 RT()->ssl[slot] = obj->ssl; 945 ok = 1; 946 err: 947 return ok; 948 } 949 950 DEF_FUNC(hf_clear_slot) 951 { 952 int ok = 0; 953 uint64_t slot; 954 955 F_POP(slot); 956 if (!TEST_uint64_t_lt(slot, NUM_SLOTS)) 957 goto err; 958 959 RT()->slot[slot] = NULL; 960 RT()->ssl[slot] = NULL; 961 ok = 1; 962 err: 963 return ok; 964 } 965 966 DEF_FUNC(hf_skip_time) 967 { 968 int ok = 0; 969 uint64_t ms; 970 971 F_POP(ms); 972 973 radix_skip_time(ossl_ms2time(ms)); 974 ok = 1; 975 err: 976 return ok; 977 } 978 979 DEF_FUNC(hf_set_peer_addr_from) 980 { 981 int ok = 0; 982 SSL *dst_ssl, *src_ssl; 983 BIO *dst_bio, *src_bio; 984 int src_fd = -1; 985 union BIO_sock_info_u src_info; 986 BIO_ADDR *src_addr = NULL; 987 988 REQUIRE_SSL_N(0, dst_ssl); 989 REQUIRE_SSL_N(1, src_ssl); 990 dst_bio = SSL_get_rbio(dst_ssl); 991 src_bio = SSL_get_rbio(src_ssl); 992 if (!TEST_ptr(dst_bio) || !TEST_ptr(src_bio)) 993 goto err; 994 995 if (!TEST_ptr(src_addr = BIO_ADDR_new())) 996 goto err; 997 998 if (!TEST_true(BIO_get_fd(src_bio, &src_fd)) 999 || !TEST_int_ge(src_fd, 0)) 1000 goto err; 1001 1002 src_info.addr = src_addr; 1003 if (!TEST_true(BIO_sock_info(src_fd, BIO_SOCK_INFO_ADDRESS, &src_info)) 1004 || !TEST_int_ge(ntohs(BIO_ADDR_rawport(src_addr)), 0)) 1005 goto err; 1006 1007 /* 1008 * Could use SSL_set_initial_peer_addr here, but set it on the 1009 * BIO_s_datagram instead and make sure we pick it up automatically. 1010 */ 1011 if (!TEST_true(BIO_dgram_set_peer(dst_bio, src_addr))) 1012 goto err; 1013 1014 ok = 1; 1015 err: 1016 BIO_ADDR_free(src_addr); 1017 return ok; 1018 } 1019 1020 DEF_FUNC(hf_sleep) 1021 { 1022 int ok = 0; 1023 uint64_t ms; 1024 1025 F_POP(ms); 1026 1027 OSSL_sleep(ms); 1028 1029 ok = 1; 1030 err: 1031 return ok; 1032 } 1033 1034 #define OP_UNBIND(name) \ 1035 (OP_PUSH_PZ(#name), \ 1036 OP_FUNC(hf_unbind)) 1037 1038 #define OP_SELECT_SSL(slot, name) \ 1039 (OP_PUSH_U64(slot), \ 1040 OP_PUSH_PZ(#name), \ 1041 OP_FUNC(hf_select_ssl)) 1042 1043 #define OP_CLEAR_SLOT(slot) \ 1044 (OP_PUSH_U64(slot), \ 1045 OP_FUNC(hf_clear_slot)) 1046 1047 #define OP_CONNECT_WAIT(name) \ 1048 (OP_SELECT_SSL(0, name), \ 1049 OP_FUNC(hf_connect_wait)) 1050 1051 #define OP_LISTEN(name) \ 1052 (OP_SELECT_SSL(0, name), \ 1053 OP_FUNC(hf_listen)) 1054 1055 #define OP_NEW_SSL_C(name) \ 1056 (OP_PUSH_PZ(#name), \ 1057 OP_PUSH_U64(0), \ 1058 OP_FUNC(hf_new_ssl)) 1059 1060 #define OP_NEW_SSL_L(name) \ 1061 (OP_PUSH_PZ(#name), \ 1062 OP_PUSH_U64(1), \ 1063 OP_FUNC(hf_new_ssl)) 1064 1065 #define OP_NEW_SSL_D(name) \ 1066 (OP_PUSH_PZ(#name), \ 1067 OP_PUSH_U64(3), \ 1068 OP_FUNC(hf_new_ssl)) 1069 1070 #define OP_NEW_SSL_L_LISTEN(name) \ 1071 (OP_NEW_SSL_L(name), \ 1072 OP_LISTEN(name)) 1073 1074 #define OP_NEW_SSL_L_FROM(domain_name, listener_name, flags) \ 1075 (OP_SELECT_SSL(0, domain_name), \ 1076 OP_PUSH_PZ(#listener_name), \ 1077 OP_PUSH_U64(flags), \ 1078 OP_FUNC(hf_new_ssl_listener_from)) 1079 1080 #define OP_NEW_SSL_L_FROM_LISTEN(domain_name, listener_name, flags) \ 1081 (OP_NEW_SSL_L_FROM(domain_name, listener_name, flags), \ 1082 OP_LISTEN(listener_name)) 1083 1084 #define OP_SET_PEER_ADDR_FROM(dst_name, src_name) \ 1085 (OP_SELECT_SSL(0, dst_name), \ 1086 OP_SELECT_SSL(1, src_name), \ 1087 OP_FUNC(hf_set_peer_addr_from)) 1088 1089 #define OP_SIMPLE_PAIR_CONN() \ 1090 (OP_NEW_SSL_L_LISTEN(L), \ 1091 OP_NEW_SSL_C(C), \ 1092 OP_SET_PEER_ADDR_FROM(C, L), \ 1093 OP_CONNECT_WAIT(C)) 1094 1095 #define OP_SIMPLE_PAIR_CONN_D() \ 1096 (OP_NEW_SSL_D(Ds), \ 1097 OP_NEW_SSL_L_FROM_LISTEN(Ds, L, 0), \ 1098 OP_NEW_SSL_C(C), \ 1099 OP_SET_PEER_ADDR_FROM(C, L), \ 1100 OP_CONNECT_WAIT(C)) 1101 1102 #define OP_SIMPLE_PAIR_CONN_ND() \ 1103 (OP_SIMPLE_PAIR_CONN(), \ 1104 OP_SET_DEFAULT_STREAM_MODE(C, SSL_DEFAULT_STREAM_MODE_NONE)) 1105 1106 #define OP_NEW_STREAM(conn_name, stream_name, flags) \ 1107 (OP_SELECT_SSL(0, conn_name), \ 1108 OP_PUSH_PZ(#stream_name), \ 1109 OP_PUSH_U64(flags), \ 1110 OP_PUSH_U64(0), \ 1111 OP_FUNC(hf_new_stream)) 1112 1113 #define OP_ACCEPT_STREAM_WAIT(conn_name, stream_name, flags) \ 1114 (OP_SELECT_SSL(0, conn_name), \ 1115 OP_PUSH_PZ(#stream_name), \ 1116 OP_PUSH_U64(flags), \ 1117 OP_PUSH_U64(1), \ 1118 OP_FUNC(hf_new_stream)) 1119 1120 #define OP_ACCEPT_STREAM_NONE(conn_name) \ 1121 (OP_SELECT_SSL(0, conn_name), \ 1122 OP_FUNC(hf_accept_stream_none)) 1123 1124 #define OP_ACCEPT_CONN_WAIT(listener_name, conn_name, flags) \ 1125 (OP_SELECT_SSL(0, listener_name), \ 1126 OP_PUSH_PZ(#conn_name), \ 1127 OP_PUSH_U64(flags), \ 1128 OP_FUNC(hf_accept_conn)) 1129 1130 #define OP_ACCEPT_CONN_WAIT_ND(listener_name, conn_name, flags) \ 1131 (OP_ACCEPT_CONN_WAIT(listener_name, conn_name, flags), \ 1132 OP_SET_DEFAULT_STREAM_MODE(conn_name, SSL_DEFAULT_STREAM_MODE_NONE)) 1133 1134 #define OP_ACCEPT_CONN_NONE(listener_name) \ 1135 (OP_SELECT_SSL(0, listener_name), \ 1136 OP_FUNC(hf_accept_conn_none)) 1137 1138 #define OP_ACCEPT_CONN_WAIT1(listener_name, conn_name, flags) \ 1139 (OP_ACCEPT_CONN_WAIT(listener_name, conn_name, flags), \ 1140 OP_ACCEPT_CONN_NONE(listener_name)) 1141 1142 #define OP_ACCEPT_CONN_WAIT1_ND(listener_name, conn_name, flags) \ 1143 (OP_ACCEPT_CONN_WAIT_ND(listener_name, conn_name, flags), \ 1144 OP_ACCEPT_CONN_NONE(listener_name)) 1145 1146 #define OP_WRITE(name, buf, buf_len) \ 1147 (OP_SELECT_SSL(0, name), \ 1148 OP_PUSH_BUFP(buf, buf_len), \ 1149 OP_FUNC(hf_write)) 1150 1151 #define OP_WRITE_RAND(name, buf_len) \ 1152 (OP_SELECT_SSL(0, name), \ 1153 OP_PUSH_SIZE(buf_len), \ 1154 OP_FUNC(hf_write_rand)) 1155 1156 #define OP_WRITE_B(name, buf) \ 1157 OP_WRITE(name, (buf), sizeof(buf)) 1158 1159 #define OP_WRITE_EX2(name, buf, buf_len, flags) \ 1160 (OP_SELECT_SSL(0, name), \ 1161 OP_PUSH_BUFP(buf, buf_len), \ 1162 OP_PUSH_U64(flags), \ 1163 OP_FUNC(hf_write_ex2)) 1164 1165 #define OP_WRITE_FAIL(name) \ 1166 (OP_SELECT_SSL(0, name), \ 1167 OP_FUNC(hf_write_fail)) 1168 1169 #define OP_CONCLUDE(name) \ 1170 (OP_SELECT_SSL(0, name), \ 1171 OP_FUNC(hf_conclude)) 1172 1173 #define OP_READ_EXPECT(name, buf, buf_len) \ 1174 (OP_SELECT_SSL(0, name), \ 1175 OP_PUSH_BUFP(buf, buf_len), \ 1176 OP_FUNC(hf_read_expect)) 1177 1178 #define OP_READ_EXPECT_B(name, buf) \ 1179 OP_READ_EXPECT(name, (buf), sizeof(buf)) 1180 1181 #define OP_READ_FAIL() \ 1182 (OP_SELECT_SSL(0, name), \ 1183 OP_PUSH_U64(0), \ 1184 OP_FUNC(hf_read_fail)) 1185 1186 #define OP_READ_FAIL_WAIT(name) \ 1187 (OP_SELECT_SSL(0, name), \ 1188 OP_PUSH_U64(1), \ 1189 OP_FUNC(hf_read_fail) 1190 1191 #define OP_POP_ERR() \ 1192 OP_FUNC(hf_pop_err) 1193 1194 #define OP_SET_DEFAULT_STREAM_MODE(name, mode) \ 1195 (OP_SELECT_SSL(0, name), \ 1196 OP_PUSH_U64(mode), \ 1197 OP_FUNC(hf_set_default_stream_mode)) 1198 1199 #define OP_SET_INCOMING_STREAM_POLICY(name, policy, error_code) \ 1200 (OP_SELECT_SSL(0, name), \ 1201 OP_PUSH_U64(policy), \ 1202 OP_PUSH_U64(error_code), \ 1203 OP_FUNC(hf_set_incoming_stream_policy)) 1204 1205 #define OP_STREAM_RESET(name, error_code) \ 1206 (OP_SELECT_SSL(0, name), \ 1207 OP_PUSH_U64(flags), \ 1208 OP_PUSH_U64(error_code), \ 1209 OP_FUNC(hf_stream_reset)) 1210 1211 #define OP_SHUTDOWN_WAIT(name, flags, error_code, reason) \ 1212 (OP_SELECT_SSL(0, name), \ 1213 OP_PUSH_U64(flags), \ 1214 OP_PUSH_U64(error_code), \ 1215 OP_PUSH_PZ(reason), \ 1216 OP_FUNC(hf_shutdown_wait)) 1217 1218 #define OP_DETACH(conn_name, stream_name) \ 1219 (OP_SELECT_SSL(0, conn_name), \ 1220 OP_PUSH_PZ(#stream_name), \ 1221 OP_FUNC(hf_detach)) 1222 1223 #define OP_ATTACH(conn_name, stream_name) \ 1224 (OP_SELECT_SSL(0, conn_name), \ 1225 OP_PUSH_PZ(stream_name), \ 1226 OP_FUNC(hf_attach)) 1227 1228 #define OP_EXPECT_FIN(name) \ 1229 (OP_SELECT_SSL(0, name), \ 1230 OP_FUNC(hf_expect_fin)) 1231 1232 #define OP_EXPECT_CONN_CLOSE_INFO(name, error_code, expect_app, expect_remote) \ 1233 (OP_SELECT_SSL(0, name), \ 1234 OP_PUSH_U64(expect_app), \ 1235 OP_PUSH_U64(expect_remote), \ 1236 OP_PUSH_U64(error_code), \ 1237 OP_FUNC(hf_expect_conn_close_info)) 1238 1239 #define OP_WAIT_FOR_DATA(name) \ 1240 (OP_SELECT_SSL(0, name), \ 1241 OP_FUNC(hf_wait_for_data)) 1242 1243 #define OP_EXPECT_ERR(lib, reason) \ 1244 (OP_PUSH_U64(lib), \ 1245 OP_PUSH_U64(reason), \ 1246 OP_FUNC(hf_expect_err)) 1247 1248 #define OP_EXPECT_SSL_ERR(name, expected) \ 1249 (OP_SELECT_SSL(0, name), \ 1250 OP_PUSH_U64(expected), \ 1251 OP_FUNC(hf_expect_ssl_err)) 1252 1253 #define OP_EXPECT_STREAM_ID(expected) \ 1254 (OP_PUSH_U64(expected), \ 1255 OP_FUNC(hf_expect_stream_id)) 1256 1257 #define OP_SKIP_TIME(ms) \ 1258 (OP_PUSH_U64(ms), \ 1259 OP_FUNC(hf_skip_time)) 1260 1261 #define OP_SLEEP(ms) \ 1262 (OP_PUSH_U64(ms), \ 1263 OP_FUNC(hf_sleep)) 1264
Indexes created Mon Mar 02 05:31:46 UTC 2026