From: Neil Horman Date: Wed, 26 Mar 2025 15:17:31 +0000 (-0400) Subject: Extend backoff period in noisydgram BIO users X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=131fff1b09e07eeb5db8b99d7e8f502d8c4fb1e5;p=thirdparty%2Fopenssl.git Extend backoff period in noisydgram BIO users Initially tests that were written which make use of the noisy dgram BIO, were done under the assumption that, despite any packet mangling done by the noisy dgram bio, the connection would still be established. This was initiall guaranteed by configuring the BIO to avoid corrupting/dropping/duplicating/re-injecting the first packet received, thus ensuring that the client and server hello frames would make it to the peer successfully. This implicitly made the assumption that the client and server hellos were contained within a single datagram, which until recently was true. However, with the introduction of ML-KEM keyshares, the above assumption no longer holds. Large ML-KEM keyshares generally expand these TLS messages accross multiple datagrams, and so it is now possible that those initial records can become corrupted/lost etc, leading to unexpected connection failures. Lets fix it by restoring the guarantee that these tests were written under by making the backoff time configurable to a number of frames, and configuring the quic connection objects used in the test to not drop the first two initial frames, once again guaranteeing that the client and server hello arrive at the peer uncorrupted, so that we get a good connection established. Fixes #27103 Reviewed-by: Matt Caswell Reviewed-by: Saša Nedvědický Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/27169) --- diff --git a/test/helpers/noisydgrambio.c b/test/helpers/noisydgrambio.c index 2edd9835bbe..270162d2733 100644 --- a/test/helpers/noisydgrambio.c +++ b/test/helpers/noisydgrambio.c @@ -56,7 +56,7 @@ static long noisy_dgram_ctrl(BIO *bio, int cmd, long num, void *ptr) data = BIO_get_data(bio); if (!TEST_ptr(data)) return 0; - data->backoff = 1; + data->backoff = (int)num; ret = 1; break; } @@ -363,8 +363,8 @@ static int noisy_dgram_recvmmsg(BIO *bio, BIO_MSG *msg, size_t stride, i++, thismsg++, data->this_dgram++) { uint64_t reinject; int should_drop; - uint16_t flip; - size_t flip_offset; + uint16_t flip = 0; + size_t flip_offset = 0; /* If we have a message to reinject then insert it now */ if (data->reinject_dgram > 0 @@ -399,13 +399,15 @@ static int noisy_dgram_recvmmsg(BIO *bio, BIO_MSG *msg, size_t stride, * we always ensure that the next datagram does not get dropped so * that the connection always survives. After that we can resume * with normal noise + * Note that the backoff value is configurable via BIO ctrl, + * allowing for multiframe backoff. */ #ifdef OSSL_NOISY_DGRAM_DEBUG printf("**Back off applied\n"); #endif should_drop = 0; flip = 0; - data->backoff = 0; + data->backoff--; } flip_bits(thismsg->data, thismsg->data_len, flip, flip_offset); diff --git a/test/helpers/quictestlib.c b/test/helpers/quictestlib.c index a03afd5606a..032505a65e2 100644 --- a/test/helpers/quictestlib.c +++ b/test/helpers/quictestlib.c @@ -109,8 +109,8 @@ static void noise_msg_callback(int write_p, int version, int content_type, * of our noise being too much such that the connection itself * fails. We back off on the noise for a bit to avoid that. */ - (void)BIO_ctrl(noiseargs->cbio, BIO_CTRL_NOISE_BACK_OFF, 0, NULL); - (void)BIO_ctrl(noiseargs->sbio, BIO_CTRL_NOISE_BACK_OFF, 0, NULL); + (void)BIO_ctrl(noiseargs->cbio, BIO_CTRL_NOISE_BACK_OFF, 1, NULL); + (void)BIO_ctrl(noiseargs->sbio, BIO_CTRL_NOISE_BACK_OFF, 1, NULL); } } @@ -273,7 +273,7 @@ int qtest_create_quic_objects(OSSL_LIB_CTX *libctx, SSL_CTX *clientctx, goto err; } - (void)BIO_ctrl(sbio, BIO_CTRL_NOISE_BACK_OFF, 0, NULL); + (void)BIO_ctrl(sbio, BIO_CTRL_NOISE_BACK_OFF, 2, NULL); (*fault)->noiseargs.cbio = cbio; (*fault)->noiseargs.sbio = sbio;