2 * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include <openssl/configuration.h>
12 #include <openssl/bio.h>
13 #include "quictestlib.h"
14 #include "ssltestlib.h"
15 #include "../testutil.h"
16 #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
17 # include "../threadstest.h"
19 #include "internal/quic_wire_pkt.h"
20 #include "internal/quic_record_tx.h"
21 #include "internal/quic_error.h"
22 #include "internal/packet.h"
24 #define GROWTH_ALLOWANCE 1024
29 /* Plain packet mutations */
30 /* Header for the plaintext packet */
31 QUIC_PKT_HDR pplainhdr
;
32 /* iovec for the plaintext packet data buffer */
33 OSSL_QTX_IOVEC pplainio
;
34 /* Allocated size of the plaintext packet data buffer */
35 size_t pplainbuf_alloc
;
36 qtest_fault_on_packet_plain_cb pplaincb
;
39 /* Handshake message mutations */
40 /* Handshake message buffer */
41 unsigned char *handbuf
;
42 /* Allocated size of the handshake message buffer */
44 /* Actual length of the handshake message */
46 qtest_fault_on_handshake_cb handshakecb
;
48 qtest_fault_on_enc_ext_cb encextcb
;
51 /* Cipher packet mutations */
52 qtest_fault_on_packet_cipher_cb pciphercb
;
55 /* Datagram mutations */
56 qtest_fault_on_datagram_cb datagramcb
;
58 /* The currently processed message */
60 /* Allocated size of msg data buffer */
64 static void packet_plain_finish(void *arg
);
65 static void handshake_finish(void *arg
);
67 static BIO_METHOD
*get_bio_method(void);
69 int qtest_create_quic_objects(OSSL_LIB_CTX
*libctx
, SSL_CTX
*clientctx
,
70 char *certfile
, char *keyfile
,
71 int block
, QUIC_TSERVER
**qtserv
, SSL
**cssl
,
74 /* ALPN value as recognised by QUIC_TSERVER */
75 unsigned char alpn
[] = { 8, 'o', 's', 's', 'l', 't', 'e', 's', 't' };
76 QUIC_TSERVER_ARGS tserver_args
= {0};
77 BIO
*cbio
= NULL
, *sbio
= NULL
, *fisbio
= NULL
;
78 BIO_ADDR
*peeraddr
= NULL
;
79 struct in_addr ina
= {0};
84 *cssl
= SSL_new(clientctx
);
88 /* SSL_set_alpn_protos returns 0 for success! */
89 if (!TEST_false(SSL_set_alpn_protos(*cssl
, alpn
, sizeof(alpn
))))
92 if (!TEST_ptr(peeraddr
= BIO_ADDR_new()))
96 #if !defined(OPENSSL_NO_POSIX_IO)
100 * For blocking mode we need to create actual sockets rather than doing
101 * everything in memory
103 if (!TEST_true(create_test_sockets(&cfd
, &sfd
, SOCK_DGRAM
, peeraddr
)))
105 cbio
= BIO_new_dgram(cfd
, 1);
106 if (!TEST_ptr(cbio
)) {
111 sbio
= BIO_new_dgram(sfd
, 1);
112 if (!TEST_ptr(sbio
)) {
120 if (!TEST_true(BIO_new_bio_dgram_pair(&cbio
, 0, &sbio
, 0)))
123 if (!TEST_true(BIO_dgram_set_caps(cbio
, BIO_DGRAM_CAP_HANDLES_DST_ADDR
))
124 || !TEST_true(BIO_dgram_set_caps(sbio
, BIO_DGRAM_CAP_HANDLES_DST_ADDR
)))
127 /* Dummy server address */
128 if (!TEST_true(BIO_ADDR_rawmake(peeraddr
, AF_INET
, &ina
, sizeof(ina
),
133 SSL_set_bio(*cssl
, cbio
, cbio
);
135 if (!TEST_true(SSL_set_blocking_mode(*cssl
, block
)))
138 if (!TEST_true(SSL_set_initial_peer_addr(*cssl
, peeraddr
)))
142 *fault
= OPENSSL_zalloc(sizeof(**fault
));
147 fisbio
= BIO_new(get_bio_method());
148 if (!TEST_ptr(fisbio
))
151 BIO_set_data(fisbio
, fault
== NULL
? NULL
: *fault
);
153 if (!TEST_ptr(BIO_push(fisbio
, sbio
)))
156 tserver_args
.libctx
= libctx
;
157 tserver_args
.net_rbio
= sbio
;
158 tserver_args
.net_wbio
= fisbio
;
159 tserver_args
.alpn
= NULL
;
161 if (!TEST_ptr(*qtserv
= ossl_quic_tserver_new(&tserver_args
, certfile
,
165 /* Ownership of fisbio and sbio is now held by *qtserv */
170 (*fault
)->qtserv
= *qtserv
;
172 BIO_ADDR_free(peeraddr
);
176 BIO_ADDR_free(peeraddr
);
182 ossl_quic_tserver_free(*qtserv
);
184 OPENSSL_free(*fault
);
189 int qtest_supports_blocking(void)
191 #if !defined(OPENSSL_NO_POSIX_IO) && defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
198 #define MAXLOOPS 1000
200 #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
201 static int globserverret
= 0;
202 static QUIC_TSERVER
*globtserv
;
203 static const thread_t thread_zero
;
205 static void run_server_thread(void)
208 * This will operate in a busy loop because the server does not block,
209 * but should be acceptable because it is local and we expect this to be
212 globserverret
= qtest_create_quic_connection(globtserv
, NULL
);
216 int qtest_create_quic_connection(QUIC_TSERVER
*qtserv
, SSL
*clientssl
)
218 int retc
= -1, rets
= 0, err
, abortctr
= 0, ret
= 0;
219 int clienterr
= 0, servererr
= 0;
220 #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
222 * Pointless initialisation to avoid bogus compiler warnings about using
225 thread_t t
= thread_zero
;
228 if (!TEST_ptr(qtserv
)) {
230 } else if (clientssl
== NULL
) {
232 } else if (SSL_get_blocking_mode(clientssl
) > 0) {
233 #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
235 * clientssl is blocking. We will need a thread to complete the
239 if (!TEST_true(run_thread(&t
, run_server_thread
)))
245 TEST_error("No thread support in this build");
251 err
= SSL_ERROR_WANT_WRITE
;
252 while (!clienterr
&& retc
<= 0 && err
== SSL_ERROR_WANT_WRITE
) {
253 retc
= SSL_connect(clientssl
);
255 err
= SSL_get_error(clientssl
, retc
);
258 if (!clienterr
&& retc
<= 0 && err
!= SSL_ERROR_WANT_READ
) {
259 TEST_info("SSL_connect() failed %d, %d", retc
, err
);
260 TEST_openssl_errors();
265 * We're cheating. We don't take any notice of SSL_get_tick_timeout()
266 * and tick every time around the loop anyway. This is inefficient. We
267 * can get away with it in test code because we control both ends of
268 * the communications and don't expect network delays. This shouldn't
269 * be done in a real application.
271 if (!clienterr
&& retc
<= 0)
272 SSL_handle_events(clientssl
);
273 if (!servererr
&& rets
<= 0) {
274 ossl_quic_tserver_tick(qtserv
);
275 servererr
= ossl_quic_tserver_is_term_any(qtserv
);
277 rets
= ossl_quic_tserver_is_handshake_confirmed(qtserv
);
280 if (clienterr
&& servererr
)
283 if (clientssl
!= NULL
&& ++abortctr
== MAXLOOPS
) {
284 TEST_info("No progress made");
287 } while ((retc
<= 0 && !clienterr
) || (rets
<= 0 && !servererr
));
289 if (qtserv
== NULL
&& rets
> 0) {
290 #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
291 if (!TEST_true(wait_for_thread(t
)) || !TEST_true(globserverret
))
294 TEST_error("Should not happen");
299 if (!clienterr
&& !servererr
)
305 int qtest_shutdown(QUIC_TSERVER
*qtserv
, SSL
*clientssl
)
307 /* Busy loop in non-blocking mode. It should be quick because its local */
308 while (SSL_shutdown(clientssl
) != 1)
309 ossl_quic_tserver_tick(qtserv
);
314 int qtest_check_server_transport_err(QUIC_TSERVER
*qtserv
, uint64_t code
)
316 const QUIC_TERMINATE_CAUSE
*cause
;
318 ossl_quic_tserver_tick(qtserv
);
321 * Check that the server has closed with the specified code from the client
323 if (!TEST_true(ossl_quic_tserver_is_term_any(qtserv
)))
326 cause
= ossl_quic_tserver_get_terminate_cause(qtserv
);
328 || !TEST_true(cause
->remote
)
329 || !TEST_uint64_t_eq(cause
->error_code
, code
))
335 int qtest_check_server_protocol_err(QUIC_TSERVER
*qtserv
)
337 return qtest_check_server_transport_err(qtserv
, QUIC_ERR_PROTOCOL_VIOLATION
);
340 void qtest_fault_free(QTEST_FAULT
*fault
)
345 packet_plain_finish(fault
);
346 handshake_finish(fault
);
351 static int packet_plain_mutate(const QUIC_PKT_HDR
*hdrin
,
352 const OSSL_QTX_IOVEC
*iovecin
, size_t numin
,
353 QUIC_PKT_HDR
**hdrout
,
354 const OSSL_QTX_IOVEC
**iovecout
,
358 QTEST_FAULT
*fault
= arg
;
362 /* Coalesce our data into a single buffer */
364 /* First calculate required buffer size */
365 for (i
= 0; i
< numin
; i
++)
366 bufsz
+= iovecin
[i
].buf_len
;
368 fault
->pplainio
.buf_len
= bufsz
;
370 /* Add an allowance for possible growth */
371 bufsz
+= GROWTH_ALLOWANCE
;
373 fault
->pplainio
.buf
= cur
= OPENSSL_malloc(bufsz
);
375 fault
->pplainio
.buf_len
= 0;
379 fault
->pplainbuf_alloc
= bufsz
;
381 /* Copy in the data from the input buffers */
382 for (i
= 0; i
< numin
; i
++) {
383 memcpy(cur
, iovecin
[i
].buf
, iovecin
[i
].buf_len
);
384 cur
+= iovecin
[i
].buf_len
;
387 fault
->pplainhdr
= *hdrin
;
389 /* Cast below is safe because we allocated the buffer */
390 if (fault
->pplaincb
!= NULL
391 && !fault
->pplaincb(fault
, &fault
->pplainhdr
,
392 (unsigned char *)fault
->pplainio
.buf
,
393 fault
->pplainio
.buf_len
, fault
->pplaincbarg
))
396 *hdrout
= &fault
->pplainhdr
;
397 *iovecout
= &fault
->pplainio
;
403 static void packet_plain_finish(void *arg
)
405 QTEST_FAULT
*fault
= arg
;
407 /* Cast below is safe because we allocated the buffer */
408 OPENSSL_free((unsigned char *)fault
->pplainio
.buf
);
409 fault
->pplainio
.buf_len
= 0;
410 fault
->pplainbuf_alloc
= 0;
411 fault
->pplainio
.buf
= NULL
;
414 int qtest_fault_set_packet_plain_listener(QTEST_FAULT
*fault
,
415 qtest_fault_on_packet_plain_cb pplaincb
,
418 fault
->pplaincb
= pplaincb
;
419 fault
->pplaincbarg
= pplaincbarg
;
421 return ossl_quic_tserver_set_plain_packet_mutator(fault
->qtserv
,
427 /* To be called from a packet_plain_listener callback */
428 int qtest_fault_resize_plain_packet(QTEST_FAULT
*fault
, size_t newlen
)
431 size_t oldlen
= fault
->pplainio
.buf_len
;
434 * Alloc'd size should always be non-zero, so if this fails we've been
437 if (fault
->pplainbuf_alloc
== 0)
440 if (newlen
> fault
->pplainbuf_alloc
) {
441 /* This exceeds our growth allowance. Fail */
445 /* Cast below is safe because we allocated the buffer */
446 buf
= (unsigned char *)fault
->pplainio
.buf
;
448 if (newlen
> oldlen
) {
449 /* Extend packet with 0 bytes */
450 memset(buf
+ oldlen
, 0, newlen
- oldlen
);
451 } /* else we're truncating or staying the same */
453 fault
->pplainio
.buf_len
= newlen
;
454 fault
->pplainhdr
.len
= newlen
;
460 * Prepend frame data into a packet. To be called from a packet_plain_listener
463 int qtest_fault_prepend_frame(QTEST_FAULT
*fault
, unsigned char *frame
,
470 * Alloc'd size should always be non-zero, so if this fails we've been
473 if (fault
->pplainbuf_alloc
== 0)
476 /* Cast below is safe because we allocated the buffer */
477 buf
= (unsigned char *)fault
->pplainio
.buf
;
478 old_len
= fault
->pplainio
.buf_len
;
480 /* Extend the size of the packet by the size of the new frame */
481 if (!TEST_true(qtest_fault_resize_plain_packet(fault
,
482 old_len
+ frame_len
)))
485 memmove(buf
+ frame_len
, buf
, old_len
);
486 memcpy(buf
, frame
, frame_len
);
491 static int handshake_mutate(const unsigned char *msgin
, size_t msginlen
,
492 unsigned char **msgout
, size_t *msgoutlen
,
495 QTEST_FAULT
*fault
= arg
;
497 unsigned long payloadlen
;
498 unsigned int msgtype
;
501 buf
= OPENSSL_malloc(msginlen
+ GROWTH_ALLOWANCE
);
505 fault
->handbuf
= buf
;
506 fault
->handbuflen
= msginlen
;
507 fault
->handbufalloc
= msginlen
+ GROWTH_ALLOWANCE
;
508 memcpy(buf
, msgin
, msginlen
);
510 if (!PACKET_buf_init(&pkt
, buf
, msginlen
)
511 || !PACKET_get_1(&pkt
, &msgtype
)
512 || !PACKET_get_net_3(&pkt
, &payloadlen
)
513 || PACKET_remaining(&pkt
) != payloadlen
)
516 /* Parse specific message types */
518 case SSL3_MT_ENCRYPTED_EXTENSIONS
:
520 QTEST_ENCRYPTED_EXTENSIONS ee
;
522 if (fault
->encextcb
== NULL
)
526 * The EncryptedExtensions message is very simple. It just has an
527 * extensions block in it and nothing else.
529 ee
.extensions
= (unsigned char *)PACKET_data(&pkt
);
530 ee
.extensionslen
= payloadlen
;
531 if (!fault
->encextcb(fault
, &ee
, payloadlen
, fault
->encextcbarg
))
536 /* No specific handlers for these message types yet */
540 if (fault
->handshakecb
!= NULL
541 && !fault
->handshakecb(fault
, buf
, fault
->handbuflen
,
542 fault
->handshakecbarg
))
546 *msgoutlen
= fault
->handbuflen
;
551 static void handshake_finish(void *arg
)
553 QTEST_FAULT
*fault
= arg
;
555 OPENSSL_free(fault
->handbuf
);
556 fault
->handbuf
= NULL
;
559 int qtest_fault_set_handshake_listener(QTEST_FAULT
*fault
,
560 qtest_fault_on_handshake_cb handshakecb
,
561 void *handshakecbarg
)
563 fault
->handshakecb
= handshakecb
;
564 fault
->handshakecbarg
= handshakecbarg
;
566 return ossl_quic_tserver_set_handshake_mutator(fault
->qtserv
,
572 int qtest_fault_set_hand_enc_ext_listener(QTEST_FAULT
*fault
,
573 qtest_fault_on_enc_ext_cb encextcb
,
576 fault
->encextcb
= encextcb
;
577 fault
->encextcbarg
= encextcbarg
;
579 return ossl_quic_tserver_set_handshake_mutator(fault
->qtserv
,
585 /* To be called from a handshake_listener callback */
586 int qtest_fault_resize_handshake(QTEST_FAULT
*fault
, size_t newlen
)
589 size_t oldlen
= fault
->handbuflen
;
592 * Alloc'd size should always be non-zero, so if this fails we've been
595 if (fault
->handbufalloc
== 0)
598 if (newlen
> fault
->handbufalloc
) {
599 /* This exceeds our growth allowance. Fail */
603 buf
= (unsigned char *)fault
->handbuf
;
605 if (newlen
> oldlen
) {
606 /* Extend packet with 0 bytes */
607 memset(buf
+ oldlen
, 0, newlen
- oldlen
);
608 } /* else we're truncating or staying the same */
610 fault
->handbuflen
= newlen
;
614 /* To be called from message specific listener callbacks */
615 int qtest_fault_resize_message(QTEST_FAULT
*fault
, size_t newlen
)
617 /* First resize the underlying message */
618 if (!qtest_fault_resize_handshake(fault
, newlen
+ SSL3_HM_HEADER_LENGTH
))
621 /* Fixup the handshake message header */
622 fault
->handbuf
[1] = (unsigned char)((newlen
>> 16) & 0xff);
623 fault
->handbuf
[2] = (unsigned char)((newlen
>> 8) & 0xff);
624 fault
->handbuf
[3] = (unsigned char)((newlen
) & 0xff);
629 int qtest_fault_delete_extension(QTEST_FAULT
*fault
,
630 unsigned int exttype
, unsigned char *ext
,
633 PACKET pkt
, sub
, subext
;
635 const unsigned char *start
, *end
;
637 size_t msglen
= fault
->handbuflen
;
639 if (!PACKET_buf_init(&pkt
, ext
, *extlen
))
642 /* Extension block starts with 2 bytes for extension block length */
643 if (!PACKET_as_length_prefixed_2(&pkt
, &sub
))
647 start
= PACKET_data(&sub
);
648 if (!PACKET_get_net_2(&sub
, &type
)
649 || !PACKET_get_length_prefixed_2(&sub
, &subext
))
651 } while (type
!= exttype
);
654 end
= PACKET_data(&sub
);
657 * If we're not the last extension we need to move the rest earlier. The
658 * cast below is safe because we own the underlying buffer and we're no
659 * longer making PACKET calls.
661 if (end
< ext
+ *extlen
)
662 memmove((unsigned char *)start
, end
, end
- start
);
665 * Calculate new extensions payload length =
667 * - 2 extension block length bytes
668 * - length of removed extension
670 newlen
= *extlen
- 2 - (end
- start
);
672 /* Fixup the length bytes for the extension block */
673 ext
[0] = (unsigned char)((newlen
>> 8) & 0xff);
674 ext
[1] = (unsigned char)((newlen
) & 0xff);
677 * Length of the whole extension block is the new payload length plus the
678 * 2 bytes for the length
680 *extlen
= newlen
+ 2;
682 /* We can now resize the message */
683 if ((size_t)(end
- start
) + SSL3_HM_HEADER_LENGTH
> msglen
)
684 return 0; /* Should not happen */
685 msglen
-= (end
- start
) + SSL3_HM_HEADER_LENGTH
;
686 if (!qtest_fault_resize_message(fault
, msglen
))
692 #define BIO_TYPE_CIPHER_PACKET_FILTER (0x80 | BIO_TYPE_FILTER)
694 static BIO_METHOD
*pcipherbiometh
= NULL
;
696 # define BIO_MSG_N(array, stride, n) (*(BIO_MSG *)((char *)(array) + (n)*(stride)))
698 static int pcipher_sendmmsg(BIO
*b
, BIO_MSG
*msg
, size_t stride
,
699 size_t num_msg
, uint64_t flags
,
700 size_t *num_processed
)
703 BIO
*next
= BIO_next(b
);
704 ossl_ssize_t ret
= 0;
705 size_t i
= 0, tmpnump
;
708 unsigned char *tmpdata
;
713 fault
= BIO_get_data(b
);
715 || (fault
->pciphercb
== NULL
&& fault
->datagramcb
== NULL
))
716 return BIO_sendmmsg(next
, msg
, stride
, num_msg
, flags
, num_processed
);
723 for (i
= 0; i
< num_msg
; ++i
) {
724 fault
->msg
= BIO_MSG_N(msg
, stride
, i
);
726 /* Take a copy of the data so that callbacks can modify it */
727 tmpdata
= OPENSSL_malloc(fault
->msg
.data_len
+ GROWTH_ALLOWANCE
);
730 memcpy(tmpdata
, fault
->msg
.data
, fault
->msg
.data_len
);
731 fault
->msg
.data
= tmpdata
;
732 fault
->msgalloc
= fault
->msg
.data_len
+ GROWTH_ALLOWANCE
;
734 if (fault
->pciphercb
!= NULL
) {
735 if (!PACKET_buf_init(&pkt
, fault
->msg
.data
, fault
->msg
.data_len
))
739 if (!ossl_quic_wire_decode_pkt_hdr(&pkt
,
740 0 /* TODO(QUIC): Not sure how this should be set*/, 1,
745 * hdr.data is const - but its our buffer so casting away the
748 if (!fault
->pciphercb(fault
, &hdr
, (unsigned char *)hdr
.data
,
749 hdr
.len
, fault
->pciphercbarg
))
753 * TODO(QUIC): At the moment modifications to hdr by the callback
754 * are ignored. We might need to rewrite the QUIC header to
755 * enable tests to change this. We also don't yet have a
756 * mechanism for the callback to change the encrypted data
757 * length. It's not clear if that's needed or not.
759 } while (PACKET_remaining(&pkt
) > 0);
762 if (fault
->datagramcb
!= NULL
763 && !fault
->datagramcb(fault
, &fault
->msg
, stride
,
764 fault
->datagramcbarg
))
767 if (!BIO_sendmmsg(next
, &fault
->msg
, stride
, 1, flags
, &tmpnump
)) {
772 OPENSSL_free(fault
->msg
.data
);
773 fault
->msg
.data
= NULL
;
780 OPENSSL_free(fault
->msg
.data
);
781 fault
->msg
.data
= NULL
;
785 static long pcipher_ctrl(BIO
*b
, int cmd
, long larg
, void *parg
)
787 BIO
*next
= BIO_next(b
);
792 return BIO_ctrl(next
, cmd
, larg
, parg
);
795 static BIO_METHOD
*get_bio_method(void)
799 if (pcipherbiometh
!= NULL
)
800 return pcipherbiometh
;
802 tmp
= BIO_meth_new(BIO_TYPE_CIPHER_PACKET_FILTER
, "Cipher Packet Filter");
807 if (!TEST_true(BIO_meth_set_sendmmsg(tmp
, pcipher_sendmmsg
))
808 || !TEST_true(BIO_meth_set_ctrl(tmp
, pcipher_ctrl
)))
811 pcipherbiometh
= tmp
;
815 return pcipherbiometh
;
818 int qtest_fault_set_packet_cipher_listener(QTEST_FAULT
*fault
,
819 qtest_fault_on_packet_cipher_cb pciphercb
,
822 fault
->pciphercb
= pciphercb
;
823 fault
->pciphercbarg
= pciphercbarg
;
828 int qtest_fault_set_datagram_listener(QTEST_FAULT
*fault
,
829 qtest_fault_on_datagram_cb datagramcb
,
832 fault
->datagramcb
= datagramcb
;
833 fault
->datagramcbarg
= datagramcbarg
;
838 /* To be called from a datagram_listener callback */
839 int qtest_fault_resize_datagram(QTEST_FAULT
*fault
, size_t newlen
)
841 if (newlen
> fault
->msgalloc
)
844 if (newlen
> fault
->msg
.data_len
)
845 memset((unsigned char *)fault
->msg
.data
+ fault
->msg
.data_len
, 0,
846 newlen
- fault
->msg
.data_len
);
848 fault
->msg
.data_len
= newlen
;