From: Hugo Landau Date: Thu, 27 Jul 2023 12:50:45 +0000 (+0100) Subject: QUIC TEST: STREAM, MAX_DATA and MAX_STREAM_DATA testing X-Git-Tag: openssl-3.2.0-alpha1~244 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1623bf374d4ee3119629c33938fcd075bd79e6a8;p=thirdparty%2Fopenssl.git QUIC TEST: STREAM, MAX_DATA and MAX_STREAM_DATA testing Fixes https://github.com/openssl/project/issues/76 Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/21565) --- diff --git a/ssl/quic/quic_rx_depack.c b/ssl/quic/quic_rx_depack.c index 1b2b81e7f82..f7d0406e2bb 100644 --- a/ssl/quic/quic_rx_depack.c +++ b/ssl/quic/quic_rx_depack.c @@ -270,6 +270,9 @@ static int depack_do_frame_crypto(PACKET *pkt, QUIC_CHANNEL *ch, return 0; } + if (f.len == 0) + return 1; /* nothing to do */ + rstream = ch->crypto_recv[ackm_data->pkt_space]; if (!ossl_assert(rstream != NULL)) /* @@ -581,8 +584,13 @@ static int depack_do_frame_stream(PACKET *pkt, QUIC_CHANNEL *ch, * without copying by reffing the OSSL_QRX_PKT. In this case * ossl_qrx_pkt_release() will be eventually called when the data is no * longer needed. + * + * It is OK for the peer to send us a zero-length non-FIN STREAM frame, + * which is a no-op, aside from the fact that it ensures the stream exists. + * In this case we have nothing to report to the receive buffer. */ - if (!ossl_quic_rstream_queue_data(stream->rstream, parent_pkt, + if ((frame_data.len > 0 || frame_data.is_fin) + && !ossl_quic_rstream_queue_data(stream->rstream, parent_pkt, frame_data.offset, frame_data.data, frame_data.len, @@ -595,9 +603,9 @@ static int depack_do_frame_stream(PACKET *pkt, QUIC_CHANNEL *ch, * calling ossl_quic_rstream_available() where it is not necessary as it is * more expensive. */ - if (stream->recv_state != QUIC_RSTREAM_STATE_SIZE_KNOWN - || !ossl_quic_rstream_available(stream->rstream, &rs_avail, &rs_fin)) - return 0; + if (stream->recv_state == QUIC_RSTREAM_STATE_SIZE_KNOWN) + if (!ossl_quic_rstream_available(stream->rstream, &rs_avail, &rs_fin)) + return 0; if (rs_fin) ossl_quic_stream_map_notify_totally_received(&ch->qsm, stream); diff --git a/test/quic_multistream_test.c b/test/quic_multistream_test.c index 8ef5c707c82..fbe47b48850 100644 --- a/test/quic_multistream_test.c +++ b/test/quic_multistream_test.c @@ -2656,15 +2656,19 @@ static int script_32_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr, return 1; case 1: offset = 0; - flen = 0; + flen = 0; break; case 2: offset = (((uint64_t)1)<<62) - 1; - flen = 5; + flen = 5; break; case 3: offset = 1 * 1024 * 1024 * 1024; /* 1G */ - flen = 5; + flen = 5; + break; + case 4: + offset = 0; + flen = 1; break; } @@ -3958,6 +3962,189 @@ static const struct script_op script_62[] = { OP_END }; +/* 63. Fault injection - STREAM frame exceeding stream limit */ +static const struct script_op script_63[] = { + OP_S_SET_INJECT_PLAIN (script_32_inject_plain) + OP_C_SET_ALPN ("ossltest") + OP_C_CONNECT_WAIT () + OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) + + OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0)) + OP_C_WRITE (a, "apple", 5) + + OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) + OP_S_READ_EXPECT (a, "apple", 5) + + OP_SET_INJECT_WORD (S_BIDI_ID(5000) + 1, 4) + OP_S_WRITE (a, "orange", 6) + + OP_C_EXPECT_CONN_CLOSE_INFO(QUIC_ERR_STREAM_LIMIT_ERROR,0,0) + + OP_END +}; + +/* 64. Fault injection - STREAM - zero-length no-FIN is accepted */ +static const struct script_op script_64[] = { + OP_S_SET_INJECT_PLAIN (script_32_inject_plain) + OP_C_SET_ALPN ("ossltest") + OP_C_CONNECT_WAIT () + OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) + + OP_S_NEW_STREAM_UNI (a, S_UNI_ID(0)) + OP_S_WRITE (a, "apple", 5) + + OP_C_ACCEPT_STREAM_WAIT (a) + OP_C_READ_EXPECT (a, "apple", 5) + + OP_SET_INJECT_WORD (S_BIDI_ID(20) + 1, 1) + OP_S_WRITE (a, "orange", 6) + OP_C_READ_EXPECT (a, "orange", 6) + + OP_END +}; + +/* 65. Fault injection - CRYPTO - zero-length is accepted */ +static int script_65_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr, + unsigned char *buf, size_t len) +{ + int ok = 0; + unsigned char frame_buf[64]; + size_t written; + WPACKET wpkt; + + if (h->inject_word0 == 0) + return 1; + + --h->inject_word0; + + if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf, + sizeof(frame_buf), 0))) + return 0; + + if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_FRAME_TYPE_CRYPTO)) + || !TEST_true(WPACKET_quic_write_vlint(&wpkt, 0)) + || !TEST_true(WPACKET_quic_write_vlint(&wpkt, 0))) + goto err; + + if (!TEST_true(WPACKET_get_total_written(&wpkt, &written))) + goto err; + + if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written)) + goto err; + + ok = 1; +err: + if (ok) + WPACKET_finish(&wpkt); + else + WPACKET_cleanup(&wpkt); + return ok; +} + +static const struct script_op script_65[] = { + OP_S_SET_INJECT_PLAIN (script_65_inject_plain) + OP_C_SET_ALPN ("ossltest") + OP_C_CONNECT_WAIT () + OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) + + OP_C_NEW_STREAM_BIDI (a, C_BIDI_ID(0)) + OP_C_WRITE (a, "apple", 5) + + OP_S_BIND_STREAM_ID (a, C_BIDI_ID(0)) + OP_S_READ_EXPECT (a, "apple", 5) + + OP_SET_INJECT_WORD (1, 0) + OP_S_WRITE (a, "orange", 6) + OP_C_READ_EXPECT (a, "orange", 6) + + OP_END +}; + +/* 66. Fault injection - large MAX_STREAM_DATA */ +static int script_66_inject_plain(struct helper *h, QUIC_PKT_HDR *hdr, + unsigned char *buf, size_t len) +{ + int ok = 0; + WPACKET wpkt; + unsigned char frame_buf[64]; + size_t written; + + if (h->inject_word0 == 0) + return 1; + + if (!TEST_true(WPACKET_init_static_len(&wpkt, frame_buf, + sizeof(frame_buf), 0))) + return 0; + + if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, h->inject_word1))) + goto err; + + if (h->inject_word1 == OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA) + if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, /* stream ID */ + h->inject_word0 - 1))) + goto err; + + if (!TEST_true(WPACKET_quic_write_vlint(&wpkt, OSSL_QUIC_VLINT_MAX))) + goto err; + + if (!TEST_true(WPACKET_get_total_written(&wpkt, &written))) + goto err; + + if (!qtest_fault_prepend_frame(h->qtf, frame_buf, written)) + goto err; + + ok = 1; +err: + if (ok) + WPACKET_finish(&wpkt); + else + WPACKET_cleanup(&wpkt); + return ok; +} + +static const struct script_op script_66[] = { + OP_S_SET_INJECT_PLAIN (script_66_inject_plain) + OP_C_SET_ALPN ("ossltest") + OP_C_CONNECT_WAIT () + OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) + + OP_S_NEW_STREAM_BIDI (a, S_BIDI_ID(0)) + OP_S_WRITE (a, "apple", 5) + + OP_C_ACCEPT_STREAM_WAIT (a) + OP_C_READ_EXPECT (a, "apple", 5) + + OP_SET_INJECT_WORD (S_BIDI_ID(0) + 1, OSSL_QUIC_FRAME_TYPE_MAX_STREAM_DATA) + OP_S_WRITE (a, "orange", 6) + OP_C_READ_EXPECT (a, "orange", 6) + OP_C_WRITE (a, "Strawberry", 10) + OP_S_READ_EXPECT (a, "Strawberry", 10) + + OP_END +}; + +/* 67. Fault injection - large MAX_DATA */ +static const struct script_op script_67[] = { + OP_S_SET_INJECT_PLAIN (script_66_inject_plain) + OP_C_SET_ALPN ("ossltest") + OP_C_CONNECT_WAIT () + OP_C_SET_DEFAULT_STREAM_MODE(SSL_DEFAULT_STREAM_MODE_NONE) + + OP_S_NEW_STREAM_BIDI (a, S_BIDI_ID(0)) + OP_S_WRITE (a, "apple", 5) + + OP_C_ACCEPT_STREAM_WAIT (a) + OP_C_READ_EXPECT (a, "apple", 5) + + OP_SET_INJECT_WORD (1, OSSL_QUIC_FRAME_TYPE_MAX_DATA) + OP_S_WRITE (a, "orange", 6) + OP_C_READ_EXPECT (a, "orange", 6) + OP_C_WRITE (a, "Strawberry", 10) + OP_S_READ_EXPECT (a, "Strawberry", 10) + + OP_END +}; + static const struct script_op *const scripts[] = { script_1, script_2, @@ -4021,6 +4208,11 @@ static const struct script_op *const scripts[] = { script_60, script_61, script_62, + script_63, + script_64, + script_65, + script_66, + script_67, }; static int test_script(int idx)