Fixup tests to properly check version negotiation

Currently the quic_multistream_test tests version negotiation..sort of.

It uses a packet injector to force the tserver to send a version
negotiation packet back to the client.  Thats no longer needed as the
server will respond to an invalid version properly.

So alter script_74 to, instead of using the injector, use a quic channel
mutator to invalidate the version provided in the initial packet.  Then
we attempt to connect.  If the server responds with a version
negotiation packet and the client restarts with the proper version, then
the test passes, as the connection is extablished.

Also, while we're in here, update the gen_version_neg function to
properly insert a 0 version into the packet header for script_75, as
version negotiation packets require that to be set, otherwise script_75
will fail now when the server notices this discrepancy.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25968)

diff --git a/test/quic_multistream_test.c b/test/quic_multistream_test.c
index a145e46fd248075f5bfc4170e1a9bebbe7a39e67..3c9a50820208bd0a265d4b17dd80cd44ffd58760 100644 (file)
--- a/test/quic_multistream_test.c
+++ b/test/quic_multistream_test.c
@@ -4919,6 +4919,7 @@ static int generate_version_neg(WPACKET *wpkt, uint32_t version)
     QUIC_PKT_HDR hdr = {0};
 
     hdr.type                = QUIC_PKT_TYPE_VERSION_NEG;
+    hdr.version             = 0;
     hdr.fixed               = 1;
     hdr.dst_conn_id.id_len  = 0;
     hdr.src_conn_id.id_len  = 8;
@@ -4980,10 +4981,64 @@ err:
     return rc;
 }
 
-static const struct script_op script_74[] = {
-    OP_S_SET_INJECT_DATAGRAM (server_gen_version_neg)
-    OP_SET_INJECT_WORD       (1, 0)
+static int do_mutation = 0;
+static QUIC_PKT_HDR *hdr_to_free = NULL;
+
+/*
+ * Check packets to transmit, if we have an initial packet
+ * Modify the version number to something incorrect
+ * so that we trigger a version negotiation
+ * Note, this is a use once function, it will only modify the
+ * first INITIAL packet it sees, after which it needs to be
+ * armed again
+ */
+static int script_74_alter_version(const QUIC_PKT_HDR *hdrin,
+                                   const OSSL_QTX_IOVEC *iovecin, size_t numin,
+                                   QUIC_PKT_HDR **hdrout,
+                                   const OSSL_QTX_IOVEC **iovecout,
+                                   size_t *numout,
+                                   void *arg)
+{
+    *hdrout = OPENSSL_memdup(hdrin, sizeof(QUIC_PKT_HDR));
+    *iovecout = iovecin;
+    *numout = numin;
+    hdr_to_free = *hdrout;
 
+    if (do_mutation == 0)
+        return 1;
+    do_mutation = 0;
+
+    if (hdrin->type == QUIC_PKT_TYPE_INITIAL)
+        (*hdrout)->version = 0xdeadbeef;
+    return 1;
+}
+
+static void script_74_finish_mutation(void *arg)
+{
+    OPENSSL_free(hdr_to_free);
+}
+
+/*
+ * Enable the packet mutator for the client channel
+ * So that when we send a Initial packet
+ * We modify the version to be something invalid
+ * to force a version negotiation
+ */
+static int script_74_arm_packet_mutator(struct helper *h,
+                                        struct helper_local *hl)
+{
+    QUIC_CHANNEL *ch = ossl_quic_conn_get_channel(h->c_conn);
+
+    do_mutation = 1;
+    if (!ossl_quic_channel_set_mutator(ch, script_74_alter_version,
+                                       script_74_finish_mutation,
+                                       NULL))
+        return 0;
+    return 1;
+}
+
+static const struct script_op script_74[] = {
+    OP_CHECK                (script_74_arm_packet_mutator, 0)
     OP_C_SET_ALPN            ("ossltest")
     OP_C_CONNECT_WAIT        ()