2
0

quictestlib.c 35 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231
  1. /*
  2. * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <assert.h>
  10. #include <openssl/configuration.h>
  11. #include <openssl/bio.h>
  12. #include "internal/e_os.h" /* For struct timeval */
  13. #include "quictestlib.h"
  14. #include "ssltestlib.h"
  15. #include "../testutil.h"
  16. #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
  17. # include "../threadstest.h"
  18. #endif
  19. #include "internal/quic_ssl.h"
  20. #include "internal/quic_wire_pkt.h"
  21. #include "internal/quic_record_tx.h"
  22. #include "internal/quic_error.h"
  23. #include "internal/packet.h"
  24. #include "internal/tsan_assist.h"
  25. #define GROWTH_ALLOWANCE 1024
  26. struct noise_args_data_st {
  27. BIO *cbio;
  28. BIO *sbio;
  29. BIO *tracebio;
  30. int flags;
  31. };
  32. struct qtest_fault {
  33. QUIC_TSERVER *qtserv;
  34. /* Plain packet mutations */
  35. /* Header for the plaintext packet */
  36. QUIC_PKT_HDR pplainhdr;
  37. /* iovec for the plaintext packet data buffer */
  38. OSSL_QTX_IOVEC pplainio;
  39. /* Allocated size of the plaintext packet data buffer */
  40. size_t pplainbuf_alloc;
  41. qtest_fault_on_packet_plain_cb pplaincb;
  42. void *pplaincbarg;
  43. /* Handshake message mutations */
  44. /* Handshake message buffer */
  45. unsigned char *handbuf;
  46. /* Allocated size of the handshake message buffer */
  47. size_t handbufalloc;
  48. /* Actual length of the handshake message */
  49. size_t handbuflen;
  50. qtest_fault_on_handshake_cb handshakecb;
  51. void *handshakecbarg;
  52. qtest_fault_on_enc_ext_cb encextcb;
  53. void *encextcbarg;
  54. /* Cipher packet mutations */
  55. qtest_fault_on_packet_cipher_cb pciphercb;
  56. void *pciphercbarg;
  57. /* Datagram mutations */
  58. qtest_fault_on_datagram_cb datagramcb;
  59. void *datagramcbarg;
  60. /* The currently processed message */
  61. BIO_MSG msg;
  62. /* Allocated size of msg data buffer */
  63. size_t msgalloc;
  64. struct noise_args_data_st noiseargs;
  65. };
  66. static void packet_plain_finish(void *arg);
  67. static void handshake_finish(void *arg);
  68. static OSSL_TIME qtest_get_time(void);
  69. static void qtest_reset_time(void);
  70. static int using_fake_time = 0;
  71. static OSSL_TIME fake_now;
  72. static CRYPTO_RWLOCK *fake_now_lock = NULL;
  73. static OSSL_TIME fake_now_cb(void *arg)
  74. {
  75. return qtest_get_time();
  76. }
  77. static void noise_msg_callback(int write_p, int version, int content_type,
  78. const void *buf, size_t len, SSL *ssl,
  79. void *arg)
  80. {
  81. struct noise_args_data_st *noiseargs = (struct noise_args_data_st *)arg;
  82. if (content_type == SSL3_RT_QUIC_FRAME_FULL) {
  83. PACKET pkt;
  84. uint64_t frame_type;
  85. if (!PACKET_buf_init(&pkt, buf, len))
  86. return;
  87. if (!ossl_quic_wire_peek_frame_header(&pkt, &frame_type, NULL))
  88. return;
  89. if (frame_type == OSSL_QUIC_FRAME_TYPE_PING) {
  90. /*
  91. * If either endpoint issues a ping frame then we are in danger
  92. * of our noise being too much such that the connection itself
  93. * fails. We back off on the noise for a bit to avoid that.
  94. */
  95. (void)BIO_ctrl(noiseargs->cbio, BIO_CTRL_NOISE_BACK_OFF, 0, NULL);
  96. (void)BIO_ctrl(noiseargs->sbio, BIO_CTRL_NOISE_BACK_OFF, 0, NULL);
  97. }
  98. }
  99. #ifndef OPENSSL_NO_SSL_TRACE
  100. if ((noiseargs->flags & QTEST_FLAG_CLIENT_TRACE) != 0
  101. && !SSL_is_server(ssl))
  102. SSL_trace(write_p, version, content_type, buf, len, ssl,
  103. noiseargs->tracebio);
  104. #endif
  105. }
  106. int qtest_create_quic_objects(OSSL_LIB_CTX *libctx, SSL_CTX *clientctx,
  107. SSL_CTX *serverctx, char *certfile, char *keyfile,
  108. int flags, QUIC_TSERVER **qtserv, SSL **cssl,
  109. QTEST_FAULT **fault, BIO **tracebio)
  110. {
  111. /* ALPN value as recognised by QUIC_TSERVER */
  112. unsigned char alpn[] = { 8, 'o', 's', 's', 'l', 't', 'e', 's', 't' };
  113. QUIC_TSERVER_ARGS tserver_args = {0};
  114. BIO *cbio = NULL, *sbio = NULL, *fisbio = NULL;
  115. BIO_ADDR *peeraddr = NULL;
  116. struct in_addr ina = {0};
  117. BIO *tmpbio = NULL;
  118. *qtserv = NULL;
  119. if (*cssl == NULL) {
  120. *cssl = SSL_new(clientctx);
  121. if (!TEST_ptr(*cssl))
  122. return 0;
  123. }
  124. if (fault != NULL) {
  125. *fault = OPENSSL_zalloc(sizeof(**fault));
  126. if (*fault == NULL)
  127. goto err;
  128. }
  129. #ifndef OPENSSL_NO_SSL_TRACE
  130. if ((flags & QTEST_FLAG_CLIENT_TRACE) != 0) {
  131. tmpbio = BIO_new_fp(stdout, BIO_NOCLOSE);
  132. if (!TEST_ptr(tmpbio))
  133. goto err;
  134. SSL_set_msg_callback(*cssl, SSL_trace);
  135. SSL_set_msg_callback_arg(*cssl, tmpbio);
  136. }
  137. #endif
  138. if (tracebio != NULL)
  139. *tracebio = tmpbio;
  140. /* SSL_set_alpn_protos returns 0 for success! */
  141. if (!TEST_false(SSL_set_alpn_protos(*cssl, alpn, sizeof(alpn))))
  142. goto err;
  143. if (!TEST_ptr(peeraddr = BIO_ADDR_new()))
  144. goto err;
  145. if ((flags & QTEST_FLAG_BLOCK) != 0) {
  146. #if !defined(OPENSSL_NO_POSIX_IO)
  147. int cfd, sfd;
  148. /*
  149. * For blocking mode we need to create actual sockets rather than doing
  150. * everything in memory
  151. */
  152. if (!TEST_true(create_test_sockets(&cfd, &sfd, SOCK_DGRAM, peeraddr)))
  153. goto err;
  154. cbio = BIO_new_dgram(cfd, 1);
  155. if (!TEST_ptr(cbio)) {
  156. close(cfd);
  157. close(sfd);
  158. goto err;
  159. }
  160. sbio = BIO_new_dgram(sfd, 1);
  161. if (!TEST_ptr(sbio)) {
  162. close(sfd);
  163. goto err;
  164. }
  165. #else
  166. goto err;
  167. #endif
  168. } else {
  169. if (!TEST_true(BIO_new_bio_dgram_pair(&cbio, 0, &sbio, 0)))
  170. goto err;
  171. if (!TEST_true(BIO_dgram_set_caps(cbio, BIO_DGRAM_CAP_HANDLES_DST_ADDR))
  172. || !TEST_true(BIO_dgram_set_caps(sbio, BIO_DGRAM_CAP_HANDLES_DST_ADDR)))
  173. goto err;
  174. /* Dummy server address */
  175. if (!TEST_true(BIO_ADDR_rawmake(peeraddr, AF_INET, &ina, sizeof(ina),
  176. htons(0))))
  177. goto err;
  178. }
  179. if ((flags & QTEST_FLAG_PACKET_SPLIT) != 0) {
  180. BIO *pktsplitbio = BIO_new(bio_f_pkt_split_dgram_filter());
  181. if (!TEST_ptr(pktsplitbio))
  182. goto err;
  183. cbio = BIO_push(pktsplitbio, cbio);
  184. pktsplitbio = BIO_new(bio_f_pkt_split_dgram_filter());
  185. if (!TEST_ptr(pktsplitbio))
  186. goto err;
  187. sbio = BIO_push(pktsplitbio, sbio);
  188. }
  189. if ((flags & QTEST_FLAG_NOISE) != 0) {
  190. BIO *noisebio;
  191. /*
  192. * It is an error to not have a QTEST_FAULT object when introducing noise
  193. */
  194. if (!TEST_ptr(fault))
  195. goto err;
  196. noisebio = BIO_new(bio_f_noisy_dgram_filter());
  197. if (!TEST_ptr(noisebio))
  198. goto err;
  199. cbio = BIO_push(noisebio, cbio);
  200. noisebio = BIO_new(bio_f_noisy_dgram_filter());
  201. if (!TEST_ptr(noisebio))
  202. goto err;
  203. sbio = BIO_push(noisebio, sbio);
  204. /*
  205. * TODO(QUIC SERVER):
  206. * Currently the simplistic handler of the quic tserver cannot cope
  207. * with noise introduced in the first packet received from the
  208. * client. This needs to be removed once we have proper server side
  209. * handling.
  210. */
  211. (void)BIO_ctrl(sbio, BIO_CTRL_NOISE_BACK_OFF, 0, NULL);
  212. (*fault)->noiseargs.cbio = cbio;
  213. (*fault)->noiseargs.sbio = sbio;
  214. (*fault)->noiseargs.tracebio = tmpbio;
  215. (*fault)->noiseargs.flags = flags;
  216. SSL_set_msg_callback(*cssl, noise_msg_callback);
  217. SSL_set_msg_callback_arg(*cssl, &(*fault)->noiseargs);
  218. }
  219. SSL_set_bio(*cssl, cbio, cbio);
  220. if (!TEST_true(SSL_set_blocking_mode(*cssl,
  221. (flags & QTEST_FLAG_BLOCK) != 0 ? 1 : 0)))
  222. goto err;
  223. if (!TEST_true(SSL_set1_initial_peer_addr(*cssl, peeraddr)))
  224. goto err;
  225. fisbio = BIO_new(qtest_get_bio_method());
  226. if (!TEST_ptr(fisbio))
  227. goto err;
  228. BIO_set_data(fisbio, fault == NULL ? NULL : *fault);
  229. if (!BIO_up_ref(sbio))
  230. goto err;
  231. if (!TEST_ptr(BIO_push(fisbio, sbio))) {
  232. BIO_free(sbio);
  233. goto err;
  234. }
  235. tserver_args.libctx = libctx;
  236. tserver_args.net_rbio = sbio;
  237. tserver_args.net_wbio = fisbio;
  238. tserver_args.alpn = NULL;
  239. if (serverctx != NULL && !TEST_true(SSL_CTX_up_ref(serverctx)))
  240. goto err;
  241. tserver_args.ctx = serverctx;
  242. if (fake_now_lock == NULL) {
  243. fake_now_lock = CRYPTO_THREAD_lock_new();
  244. if (fake_now_lock == NULL)
  245. goto err;
  246. }
  247. if ((flags & QTEST_FLAG_FAKE_TIME) != 0) {
  248. using_fake_time = 1;
  249. qtest_reset_time();
  250. tserver_args.now_cb = fake_now_cb;
  251. (void)ossl_quic_conn_set_override_now_cb(*cssl, fake_now_cb, NULL);
  252. } else {
  253. using_fake_time = 0;
  254. }
  255. if (!TEST_ptr(*qtserv = ossl_quic_tserver_new(&tserver_args, certfile,
  256. keyfile)))
  257. goto err;
  258. /* Ownership of fisbio and sbio is now held by *qtserv */
  259. sbio = NULL;
  260. fisbio = NULL;
  261. if ((flags & QTEST_FLAG_NOISE) != 0)
  262. ossl_quic_tserver_set_msg_callback(*qtserv, noise_msg_callback,
  263. &(*fault)->noiseargs);
  264. if (fault != NULL)
  265. (*fault)->qtserv = *qtserv;
  266. BIO_ADDR_free(peeraddr);
  267. return 1;
  268. err:
  269. SSL_CTX_free(tserver_args.ctx);
  270. BIO_ADDR_free(peeraddr);
  271. BIO_free_all(cbio);
  272. BIO_free_all(fisbio);
  273. BIO_free_all(sbio);
  274. SSL_free(*cssl);
  275. *cssl = NULL;
  276. ossl_quic_tserver_free(*qtserv);
  277. if (fault != NULL)
  278. OPENSSL_free(*fault);
  279. BIO_free(tmpbio);
  280. if (tracebio != NULL)
  281. *tracebio = NULL;
  282. return 0;
  283. }
  284. void qtest_add_time(uint64_t millis)
  285. {
  286. if (!CRYPTO_THREAD_write_lock(fake_now_lock))
  287. return;
  288. fake_now = ossl_time_add(fake_now, ossl_ms2time(millis));
  289. CRYPTO_THREAD_unlock(fake_now_lock);
  290. }
  291. static OSSL_TIME qtest_get_time(void)
  292. {
  293. OSSL_TIME ret;
  294. if (!CRYPTO_THREAD_read_lock(fake_now_lock))
  295. return ossl_time_zero();
  296. ret = fake_now;
  297. CRYPTO_THREAD_unlock(fake_now_lock);
  298. return ret;
  299. }
  300. static void qtest_reset_time(void)
  301. {
  302. if (!CRYPTO_THREAD_write_lock(fake_now_lock))
  303. return;
  304. fake_now = ossl_time_zero();
  305. CRYPTO_THREAD_unlock(fake_now_lock);
  306. /* zero time can have a special meaning, bump it */
  307. qtest_add_time(1);
  308. }
  309. QTEST_FAULT *qtest_create_injector(QUIC_TSERVER *ts)
  310. {
  311. QTEST_FAULT *f;
  312. f = OPENSSL_zalloc(sizeof(*f));
  313. if (f == NULL)
  314. return NULL;
  315. f->qtserv = ts;
  316. return f;
  317. }
  318. int qtest_supports_blocking(void)
  319. {
  320. #if !defined(OPENSSL_NO_POSIX_IO) && defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
  321. return 1;
  322. #else
  323. return 0;
  324. #endif
  325. }
  326. #define MAXLOOPS 1000
  327. #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
  328. static int globserverret = 0;
  329. static TSAN_QUALIFIER int abortserverthread = 0;
  330. static QUIC_TSERVER *globtserv;
  331. static const thread_t thread_zero;
  332. static void run_server_thread(void)
  333. {
  334. /*
  335. * This will operate in a busy loop because the server does not block,
  336. * but should be acceptable because it is local and we expect this to be
  337. * fast
  338. */
  339. globserverret = qtest_create_quic_connection(globtserv, NULL);
  340. }
  341. #endif
  342. int qtest_wait_for_timeout(SSL *s, QUIC_TSERVER *qtserv)
  343. {
  344. struct timeval tv;
  345. OSSL_TIME ctimeout, stimeout, mintimeout, now;
  346. int cinf;
  347. /* We don't need to wait in blocking mode */
  348. if (s == NULL || SSL_get_blocking_mode(s))
  349. return 1;
  350. /* Don't wait if either BIO has data waiting */
  351. if (BIO_pending(SSL_get_rbio(s)) > 0
  352. || BIO_pending(ossl_quic_tserver_get0_rbio(qtserv)) > 0)
  353. return 1;
  354. /*
  355. * Neither endpoint has data waiting to be read. We assume data transmission
  356. * is instantaneous due to using mem based BIOs, so there is no data "in
  357. * flight" and no more data will be sent by either endpoint until some time
  358. * based event has occurred. Therefore, wait for a timeout to occur. This
  359. * might happen if we are using the noisy BIO and datagrams have been lost.
  360. */
  361. if (!SSL_get_event_timeout(s, &tv, &cinf))
  362. return 0;
  363. if (using_fake_time)
  364. now = qtest_get_time();
  365. else
  366. now = ossl_time_now();
  367. ctimeout = cinf ? ossl_time_infinite() : ossl_time_from_timeval(tv);
  368. stimeout = ossl_time_subtract(ossl_quic_tserver_get_deadline(qtserv), now);
  369. mintimeout = ossl_time_min(ctimeout, stimeout);
  370. if (ossl_time_is_infinite(mintimeout))
  371. return 0;
  372. if (using_fake_time)
  373. qtest_add_time(ossl_time2ms(mintimeout));
  374. else
  375. OSSL_sleep(ossl_time2ms(mintimeout));
  376. return 1;
  377. }
  378. int qtest_create_quic_connection_ex(QUIC_TSERVER *qtserv, SSL *clientssl,
  379. int wanterr)
  380. {
  381. int retc = -1, rets = 0, abortctr = 0, ret = 0;
  382. int clienterr = 0, servererr = 0;
  383. #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
  384. /*
  385. * Pointless initialisation to avoid bogus compiler warnings about using
  386. * t uninitialised
  387. */
  388. thread_t t = thread_zero;
  389. if (clientssl != NULL)
  390. abortserverthread = 0;
  391. #endif
  392. if (!TEST_ptr(qtserv)) {
  393. goto err;
  394. } else if (clientssl == NULL) {
  395. retc = 1;
  396. } else if (SSL_get_blocking_mode(clientssl) > 0) {
  397. #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
  398. /*
  399. * clientssl is blocking. We will need a thread to complete the
  400. * connection
  401. */
  402. globtserv = qtserv;
  403. if (!TEST_true(run_thread(&t, run_server_thread)))
  404. goto err;
  405. qtserv = NULL;
  406. rets = 1;
  407. #else
  408. TEST_error("No thread support in this build");
  409. goto err;
  410. #endif
  411. }
  412. do {
  413. if (!clienterr && retc <= 0) {
  414. int err;
  415. retc = SSL_connect(clientssl);
  416. if (retc <= 0) {
  417. err = SSL_get_error(clientssl, retc);
  418. if (err == wanterr) {
  419. retc = 1;
  420. #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
  421. if (qtserv == NULL && rets > 0)
  422. tsan_store(&abortserverthread, 1);
  423. else
  424. #endif
  425. rets = 1;
  426. } else {
  427. if (err != SSL_ERROR_WANT_READ
  428. && err != SSL_ERROR_WANT_WRITE) {
  429. TEST_info("SSL_connect() failed %d, %d", retc, err);
  430. TEST_openssl_errors();
  431. clienterr = 1;
  432. }
  433. }
  434. }
  435. }
  436. qtest_add_time(1);
  437. if (clientssl != NULL)
  438. SSL_handle_events(clientssl);
  439. if (qtserv != NULL)
  440. ossl_quic_tserver_tick(qtserv);
  441. if (!servererr && rets <= 0) {
  442. servererr = ossl_quic_tserver_is_term_any(qtserv);
  443. if (!servererr)
  444. rets = ossl_quic_tserver_is_handshake_confirmed(qtserv);
  445. }
  446. if (clienterr && servererr)
  447. goto err;
  448. if (clientssl != NULL && ++abortctr == MAXLOOPS) {
  449. TEST_info("No progress made");
  450. goto err;
  451. }
  452. if ((retc <= 0 && !clienterr) || (rets <= 0 && !servererr)) {
  453. if (!qtest_wait_for_timeout(clientssl, qtserv))
  454. goto err;
  455. }
  456. } while ((retc <= 0 && !clienterr)
  457. || (rets <= 0 && !servererr
  458. #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
  459. && !tsan_load(&abortserverthread)
  460. #endif
  461. ));
  462. if (qtserv == NULL && rets > 0) {
  463. #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
  464. if (!TEST_true(wait_for_thread(t)) || !TEST_true(globserverret))
  465. goto err;
  466. #else
  467. TEST_error("Should not happen");
  468. goto err;
  469. #endif
  470. }
  471. if (!clienterr && !servererr)
  472. ret = 1;
  473. err:
  474. return ret;
  475. }
  476. int qtest_create_quic_connection(QUIC_TSERVER *qtserv, SSL *clientssl)
  477. {
  478. return qtest_create_quic_connection_ex(qtserv, clientssl, SSL_ERROR_NONE);
  479. }
  480. #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
  481. static TSAN_QUALIFIER int shutdowndone;
  482. static void run_server_shutdown_thread(void)
  483. {
  484. /*
  485. * This will operate in a busy loop because the server does not block,
  486. * but should be acceptable because it is local and we expect this to be
  487. * fast
  488. */
  489. do {
  490. ossl_quic_tserver_tick(globtserv);
  491. } while(!tsan_load(&shutdowndone));
  492. }
  493. #endif
  494. int qtest_shutdown(QUIC_TSERVER *qtserv, SSL *clientssl)
  495. {
  496. int tickserver = 1;
  497. int ret = 0;
  498. #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
  499. /*
  500. * Pointless initialisation to avoid bogus compiler warnings about using
  501. * t uninitialised
  502. */
  503. thread_t t = thread_zero;
  504. #endif
  505. if (SSL_get_blocking_mode(clientssl) > 0) {
  506. #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
  507. /*
  508. * clientssl is blocking. We will need a thread to complete the
  509. * connection
  510. */
  511. globtserv = qtserv;
  512. shutdowndone = 0;
  513. if (!TEST_true(run_thread(&t, run_server_shutdown_thread)))
  514. return 0;
  515. tickserver = 0;
  516. #else
  517. TEST_error("No thread support in this build");
  518. return 0;
  519. #endif
  520. }
  521. /* Busy loop in non-blocking mode. It should be quick because its local */
  522. for (;;) {
  523. int rc = SSL_shutdown(clientssl);
  524. if (rc == 1) {
  525. ret = 1;
  526. break;
  527. }
  528. if (rc < 0)
  529. break;
  530. if (tickserver)
  531. ossl_quic_tserver_tick(qtserv);
  532. }
  533. #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
  534. tsan_store(&shutdowndone, 1);
  535. if (!tickserver) {
  536. if (!TEST_true(wait_for_thread(t)))
  537. ret = 0;
  538. }
  539. #endif
  540. return ret;
  541. }
  542. int qtest_check_server_transport_err(QUIC_TSERVER *qtserv, uint64_t code)
  543. {
  544. const QUIC_TERMINATE_CAUSE *cause;
  545. ossl_quic_tserver_tick(qtserv);
  546. /*
  547. * Check that the server has closed with the specified code from the client
  548. */
  549. if (!TEST_true(ossl_quic_tserver_is_term_any(qtserv)))
  550. return 0;
  551. cause = ossl_quic_tserver_get_terminate_cause(qtserv);
  552. if (!TEST_ptr(cause)
  553. || !TEST_true(cause->remote)
  554. || !TEST_false(cause->app)
  555. || !TEST_uint64_t_eq(cause->error_code, code))
  556. return 0;
  557. return 1;
  558. }
  559. int qtest_check_server_protocol_err(QUIC_TSERVER *qtserv)
  560. {
  561. return qtest_check_server_transport_err(qtserv, QUIC_ERR_PROTOCOL_VIOLATION);
  562. }
  563. int qtest_check_server_frame_encoding_err(QUIC_TSERVER *qtserv)
  564. {
  565. return qtest_check_server_transport_err(qtserv, QUIC_ERR_FRAME_ENCODING_ERROR);
  566. }
  567. void qtest_fault_free(QTEST_FAULT *fault)
  568. {
  569. if (fault == NULL)
  570. return;
  571. packet_plain_finish(fault);
  572. handshake_finish(fault);
  573. OPENSSL_free(fault);
  574. }
  575. static int packet_plain_mutate(const QUIC_PKT_HDR *hdrin,
  576. const OSSL_QTX_IOVEC *iovecin, size_t numin,
  577. QUIC_PKT_HDR **hdrout,
  578. const OSSL_QTX_IOVEC **iovecout,
  579. size_t *numout,
  580. void *arg)
  581. {
  582. QTEST_FAULT *fault = arg;
  583. size_t i, bufsz = 0;
  584. unsigned char *cur;
  585. /* Coalesce our data into a single buffer */
  586. /* First calculate required buffer size */
  587. for (i = 0; i < numin; i++)
  588. bufsz += iovecin[i].buf_len;
  589. fault->pplainio.buf_len = bufsz;
  590. /* Add an allowance for possible growth */
  591. bufsz += GROWTH_ALLOWANCE;
  592. fault->pplainio.buf = cur = OPENSSL_malloc(bufsz);
  593. if (cur == NULL) {
  594. fault->pplainio.buf_len = 0;
  595. return 0;
  596. }
  597. fault->pplainbuf_alloc = bufsz;
  598. /* Copy in the data from the input buffers */
  599. for (i = 0; i < numin; i++) {
  600. memcpy(cur, iovecin[i].buf, iovecin[i].buf_len);
  601. cur += iovecin[i].buf_len;
  602. }
  603. fault->pplainhdr = *hdrin;
  604. /* Cast below is safe because we allocated the buffer */
  605. if (fault->pplaincb != NULL
  606. && !fault->pplaincb(fault, &fault->pplainhdr,
  607. (unsigned char *)fault->pplainio.buf,
  608. fault->pplainio.buf_len, fault->pplaincbarg))
  609. return 0;
  610. *hdrout = &fault->pplainhdr;
  611. *iovecout = &fault->pplainio;
  612. *numout = 1;
  613. return 1;
  614. }
  615. static void packet_plain_finish(void *arg)
  616. {
  617. QTEST_FAULT *fault = arg;
  618. /* Cast below is safe because we allocated the buffer */
  619. OPENSSL_free((unsigned char *)fault->pplainio.buf);
  620. fault->pplainio.buf_len = 0;
  621. fault->pplainbuf_alloc = 0;
  622. fault->pplainio.buf = NULL;
  623. }
  624. int qtest_fault_set_packet_plain_listener(QTEST_FAULT *fault,
  625. qtest_fault_on_packet_plain_cb pplaincb,
  626. void *pplaincbarg)
  627. {
  628. fault->pplaincb = pplaincb;
  629. fault->pplaincbarg = pplaincbarg;
  630. return ossl_quic_tserver_set_plain_packet_mutator(fault->qtserv,
  631. packet_plain_mutate,
  632. packet_plain_finish,
  633. fault);
  634. }
  635. /* To be called from a packet_plain_listener callback */
  636. int qtest_fault_resize_plain_packet(QTEST_FAULT *fault, size_t newlen)
  637. {
  638. unsigned char *buf;
  639. size_t oldlen = fault->pplainio.buf_len;
  640. /*
  641. * Alloc'd size should always be non-zero, so if this fails we've been
  642. * incorrectly called
  643. */
  644. if (fault->pplainbuf_alloc == 0)
  645. return 0;
  646. if (newlen > fault->pplainbuf_alloc) {
  647. /* This exceeds our growth allowance. Fail */
  648. return 0;
  649. }
  650. /* Cast below is safe because we allocated the buffer */
  651. buf = (unsigned char *)fault->pplainio.buf;
  652. if (newlen > oldlen) {
  653. /* Extend packet with 0 bytes */
  654. memset(buf + oldlen, 0, newlen - oldlen);
  655. } /* else we're truncating or staying the same */
  656. fault->pplainio.buf_len = newlen;
  657. fault->pplainhdr.len = newlen;
  658. return 1;
  659. }
  660. /*
  661. * Prepend frame data into a packet. To be called from a packet_plain_listener
  662. * callback
  663. */
  664. int qtest_fault_prepend_frame(QTEST_FAULT *fault, const unsigned char *frame,
  665. size_t frame_len)
  666. {
  667. unsigned char *buf;
  668. size_t old_len;
  669. /*
  670. * Alloc'd size should always be non-zero, so if this fails we've been
  671. * incorrectly called
  672. */
  673. if (fault->pplainbuf_alloc == 0)
  674. return 0;
  675. /* Cast below is safe because we allocated the buffer */
  676. buf = (unsigned char *)fault->pplainio.buf;
  677. old_len = fault->pplainio.buf_len;
  678. /* Extend the size of the packet by the size of the new frame */
  679. if (!TEST_true(qtest_fault_resize_plain_packet(fault,
  680. old_len + frame_len)))
  681. return 0;
  682. memmove(buf + frame_len, buf, old_len);
  683. memcpy(buf, frame, frame_len);
  684. return 1;
  685. }
  686. static int handshake_mutate(const unsigned char *msgin, size_t msginlen,
  687. unsigned char **msgout, size_t *msgoutlen,
  688. void *arg)
  689. {
  690. QTEST_FAULT *fault = arg;
  691. unsigned char *buf;
  692. unsigned long payloadlen;
  693. unsigned int msgtype;
  694. PACKET pkt;
  695. buf = OPENSSL_malloc(msginlen + GROWTH_ALLOWANCE);
  696. if (buf == NULL)
  697. return 0;
  698. fault->handbuf = buf;
  699. fault->handbuflen = msginlen;
  700. fault->handbufalloc = msginlen + GROWTH_ALLOWANCE;
  701. memcpy(buf, msgin, msginlen);
  702. if (!PACKET_buf_init(&pkt, buf, msginlen)
  703. || !PACKET_get_1(&pkt, &msgtype)
  704. || !PACKET_get_net_3(&pkt, &payloadlen)
  705. || PACKET_remaining(&pkt) != payloadlen)
  706. return 0;
  707. /* Parse specific message types */
  708. switch (msgtype) {
  709. case SSL3_MT_ENCRYPTED_EXTENSIONS:
  710. {
  711. QTEST_ENCRYPTED_EXTENSIONS ee;
  712. if (fault->encextcb == NULL)
  713. break;
  714. /*
  715. * The EncryptedExtensions message is very simple. It just has an
  716. * extensions block in it and nothing else.
  717. */
  718. ee.extensions = (unsigned char *)PACKET_data(&pkt);
  719. ee.extensionslen = payloadlen;
  720. if (!fault->encextcb(fault, &ee, payloadlen, fault->encextcbarg))
  721. return 0;
  722. }
  723. default:
  724. /* No specific handlers for these message types yet */
  725. break;
  726. }
  727. if (fault->handshakecb != NULL
  728. && !fault->handshakecb(fault, buf, fault->handbuflen,
  729. fault->handshakecbarg))
  730. return 0;
  731. *msgout = buf;
  732. *msgoutlen = fault->handbuflen;
  733. return 1;
  734. }
  735. static void handshake_finish(void *arg)
  736. {
  737. QTEST_FAULT *fault = arg;
  738. OPENSSL_free(fault->handbuf);
  739. fault->handbuf = NULL;
  740. }
  741. int qtest_fault_set_handshake_listener(QTEST_FAULT *fault,
  742. qtest_fault_on_handshake_cb handshakecb,
  743. void *handshakecbarg)
  744. {
  745. fault->handshakecb = handshakecb;
  746. fault->handshakecbarg = handshakecbarg;
  747. return ossl_quic_tserver_set_handshake_mutator(fault->qtserv,
  748. handshake_mutate,
  749. handshake_finish,
  750. fault);
  751. }
  752. int qtest_fault_set_hand_enc_ext_listener(QTEST_FAULT *fault,
  753. qtest_fault_on_enc_ext_cb encextcb,
  754. void *encextcbarg)
  755. {
  756. fault->encextcb = encextcb;
  757. fault->encextcbarg = encextcbarg;
  758. return ossl_quic_tserver_set_handshake_mutator(fault->qtserv,
  759. handshake_mutate,
  760. handshake_finish,
  761. fault);
  762. }
  763. /* To be called from a handshake_listener callback */
  764. int qtest_fault_resize_handshake(QTEST_FAULT *fault, size_t newlen)
  765. {
  766. unsigned char *buf;
  767. size_t oldlen = fault->handbuflen;
  768. /*
  769. * Alloc'd size should always be non-zero, so if this fails we've been
  770. * incorrectly called
  771. */
  772. if (fault->handbufalloc == 0)
  773. return 0;
  774. if (newlen > fault->handbufalloc) {
  775. /* This exceeds our growth allowance. Fail */
  776. return 0;
  777. }
  778. buf = (unsigned char *)fault->handbuf;
  779. if (newlen > oldlen) {
  780. /* Extend packet with 0 bytes */
  781. memset(buf + oldlen, 0, newlen - oldlen);
  782. } /* else we're truncating or staying the same */
  783. fault->handbuflen = newlen;
  784. return 1;
  785. }
  786. /* To be called from message specific listener callbacks */
  787. int qtest_fault_resize_message(QTEST_FAULT *fault, size_t newlen)
  788. {
  789. /* First resize the underlying message */
  790. if (!qtest_fault_resize_handshake(fault, newlen + SSL3_HM_HEADER_LENGTH))
  791. return 0;
  792. /* Fixup the handshake message header */
  793. fault->handbuf[1] = (unsigned char)((newlen >> 16) & 0xff);
  794. fault->handbuf[2] = (unsigned char)((newlen >> 8) & 0xff);
  795. fault->handbuf[3] = (unsigned char)((newlen ) & 0xff);
  796. return 1;
  797. }
  798. int qtest_fault_delete_extension(QTEST_FAULT *fault,
  799. unsigned int exttype, unsigned char *ext,
  800. size_t *extlen,
  801. BUF_MEM *old_ext)
  802. {
  803. PACKET pkt, sub, subext;
  804. WPACKET old_ext_wpkt;
  805. unsigned int type;
  806. const unsigned char *start, *end;
  807. size_t newlen, w;
  808. size_t msglen = fault->handbuflen;
  809. if (!PACKET_buf_init(&pkt, ext, *extlen))
  810. return 0;
  811. /* Extension block starts with 2 bytes for extension block length */
  812. if (!PACKET_as_length_prefixed_2(&pkt, &sub))
  813. return 0;
  814. do {
  815. start = PACKET_data(&sub);
  816. if (!PACKET_get_net_2(&sub, &type)
  817. || !PACKET_get_length_prefixed_2(&sub, &subext))
  818. return 0;
  819. } while (type != exttype);
  820. /* Found it */
  821. end = PACKET_data(&sub);
  822. if (old_ext != NULL) {
  823. if (!WPACKET_init(&old_ext_wpkt, old_ext))
  824. return 0;
  825. if (!WPACKET_memcpy(&old_ext_wpkt, PACKET_data(&subext),
  826. PACKET_remaining(&subext))
  827. || !WPACKET_get_total_written(&old_ext_wpkt, &w)) {
  828. WPACKET_cleanup(&old_ext_wpkt);
  829. return 0;
  830. }
  831. WPACKET_finish(&old_ext_wpkt);
  832. old_ext->length = w;
  833. }
  834. /*
  835. * If we're not the last extension we need to move the rest earlier. The
  836. * cast below is safe because we own the underlying buffer and we're no
  837. * longer making PACKET calls.
  838. */
  839. if (end < ext + *extlen)
  840. memmove((unsigned char *)start, end, end - start);
  841. /*
  842. * Calculate new extensions payload length =
  843. * Original length
  844. * - 2 extension block length bytes
  845. * - length of removed extension
  846. */
  847. newlen = *extlen - 2 - (end - start);
  848. /* Fixup the length bytes for the extension block */
  849. ext[0] = (unsigned char)((newlen >> 8) & 0xff);
  850. ext[1] = (unsigned char)((newlen ) & 0xff);
  851. /*
  852. * Length of the whole extension block is the new payload length plus the
  853. * 2 bytes for the length
  854. */
  855. *extlen = newlen + 2;
  856. /* We can now resize the message */
  857. if ((size_t)(end - start) + SSL3_HM_HEADER_LENGTH > msglen)
  858. return 0; /* Should not happen */
  859. msglen -= (end - start) + SSL3_HM_HEADER_LENGTH;
  860. if (!qtest_fault_resize_message(fault, msglen))
  861. return 0;
  862. return 1;
  863. }
  864. #define BIO_TYPE_CIPHER_PACKET_FILTER (0x80 | BIO_TYPE_FILTER)
  865. static BIO_METHOD *pcipherbiometh = NULL;
  866. # define BIO_MSG_N(array, stride, n) (*(BIO_MSG *)((char *)(array) + (n)*(stride)))
  867. static int pcipher_sendmmsg(BIO *b, BIO_MSG *msg, size_t stride,
  868. size_t num_msg, uint64_t flags,
  869. size_t *num_processed)
  870. {
  871. QTEST_FAULT *fault;
  872. BIO *next = BIO_next(b);
  873. ossl_ssize_t ret = 0;
  874. size_t i = 0, tmpnump;
  875. QUIC_PKT_HDR hdr;
  876. PACKET pkt;
  877. unsigned char *tmpdata;
  878. if (next == NULL)
  879. return 0;
  880. fault = BIO_get_data(b);
  881. if (fault == NULL
  882. || (fault->pciphercb == NULL && fault->datagramcb == NULL))
  883. return BIO_sendmmsg(next, msg, stride, num_msg, flags, num_processed);
  884. if (num_msg == 0) {
  885. *num_processed = 0;
  886. return 1;
  887. }
  888. for (i = 0; i < num_msg; ++i) {
  889. fault->msg = BIO_MSG_N(msg, stride, i);
  890. /* Take a copy of the data so that callbacks can modify it */
  891. tmpdata = OPENSSL_malloc(fault->msg.data_len + GROWTH_ALLOWANCE);
  892. if (tmpdata == NULL)
  893. return 0;
  894. memcpy(tmpdata, fault->msg.data, fault->msg.data_len);
  895. fault->msg.data = tmpdata;
  896. fault->msgalloc = fault->msg.data_len + GROWTH_ALLOWANCE;
  897. if (fault->pciphercb != NULL) {
  898. if (!PACKET_buf_init(&pkt, fault->msg.data, fault->msg.data_len))
  899. return 0;
  900. do {
  901. if (!ossl_quic_wire_decode_pkt_hdr(&pkt,
  902. /*
  903. * TODO(QUIC SERVER):
  904. * Needs to be set to the actual short header CID length
  905. * when testing the server implementation.
  906. */
  907. 0,
  908. 1,
  909. 0, &hdr, NULL))
  910. goto out;
  911. /*
  912. * hdr.data is const - but its our buffer so casting away the
  913. * const is safe
  914. */
  915. if (!fault->pciphercb(fault, &hdr, (unsigned char *)hdr.data,
  916. hdr.len, fault->pciphercbarg))
  917. goto out;
  918. /*
  919. * At the moment modifications to hdr by the callback
  920. * are ignored. We might need to rewrite the QUIC header to
  921. * enable tests to change this. We also don't yet have a
  922. * mechanism for the callback to change the encrypted data
  923. * length. It's not clear if that's needed or not.
  924. */
  925. } while (PACKET_remaining(&pkt) > 0);
  926. }
  927. if (fault->datagramcb != NULL
  928. && !fault->datagramcb(fault, &fault->msg, stride,
  929. fault->datagramcbarg))
  930. goto out;
  931. if (!BIO_sendmmsg(next, &fault->msg, stride, 1, flags, &tmpnump)) {
  932. *num_processed = i;
  933. goto out;
  934. }
  935. OPENSSL_free(fault->msg.data);
  936. fault->msg.data = NULL;
  937. fault->msgalloc = 0;
  938. }
  939. *num_processed = i;
  940. out:
  941. ret = i > 0;
  942. OPENSSL_free(fault->msg.data);
  943. fault->msg.data = NULL;
  944. return ret;
  945. }
  946. static long pcipher_ctrl(BIO *b, int cmd, long larg, void *parg)
  947. {
  948. BIO *next = BIO_next(b);
  949. if (next == NULL)
  950. return -1;
  951. return BIO_ctrl(next, cmd, larg, parg);
  952. }
  953. BIO_METHOD *qtest_get_bio_method(void)
  954. {
  955. BIO_METHOD *tmp;
  956. if (pcipherbiometh != NULL)
  957. return pcipherbiometh;
  958. tmp = BIO_meth_new(BIO_TYPE_CIPHER_PACKET_FILTER, "Cipher Packet Filter");
  959. if (!TEST_ptr(tmp))
  960. return NULL;
  961. if (!TEST_true(BIO_meth_set_sendmmsg(tmp, pcipher_sendmmsg))
  962. || !TEST_true(BIO_meth_set_ctrl(tmp, pcipher_ctrl)))
  963. goto err;
  964. pcipherbiometh = tmp;
  965. tmp = NULL;
  966. err:
  967. BIO_meth_free(tmp);
  968. return pcipherbiometh;
  969. }
  970. int qtest_fault_set_packet_cipher_listener(QTEST_FAULT *fault,
  971. qtest_fault_on_packet_cipher_cb pciphercb,
  972. void *pciphercbarg)
  973. {
  974. fault->pciphercb = pciphercb;
  975. fault->pciphercbarg = pciphercbarg;
  976. return 1;
  977. }
  978. int qtest_fault_set_datagram_listener(QTEST_FAULT *fault,
  979. qtest_fault_on_datagram_cb datagramcb,
  980. void *datagramcbarg)
  981. {
  982. fault->datagramcb = datagramcb;
  983. fault->datagramcbarg = datagramcbarg;
  984. return 1;
  985. }
  986. /* To be called from a datagram_listener callback */
  987. int qtest_fault_resize_datagram(QTEST_FAULT *fault, size_t newlen)
  988. {
  989. if (newlen > fault->msgalloc)
  990. return 0;
  991. if (newlen > fault->msg.data_len)
  992. memset((unsigned char *)fault->msg.data + fault->msg.data_len, 0,
  993. newlen - fault->msg.data_len);
  994. fault->msg.data_len = newlen;
  995. return 1;
  996. }
  997. int bio_msg_copy(BIO_MSG *dst, BIO_MSG *src)
  998. {
  999. /*
  1000. * Note it is assumed that the originally allocated data sizes for dst and
  1001. * src are the same
  1002. */
  1003. memcpy(dst->data, src->data, src->data_len);
  1004. dst->data_len = src->data_len;
  1005. dst->flags = src->flags;
  1006. if (dst->local != NULL) {
  1007. if (src->local != NULL) {
  1008. if (!TEST_true(BIO_ADDR_copy(dst->local, src->local)))
  1009. return 0;
  1010. } else {
  1011. BIO_ADDR_clear(dst->local);
  1012. }
  1013. }
  1014. if (!TEST_true(BIO_ADDR_copy(dst->peer, src->peer)))
  1015. return 0;
  1016. return 1;
  1017. }