From: Neil Horman Date: Fri, 15 Nov 2024 19:32:56 +0000 (-0500) Subject: Fixup tests to properly check version negotiation X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=54cbc3de7fb84928804f04d3ef2a830ea5bf550b;p=thirdparty%2Fopenssl.git Fixup tests to properly check version negotiation Currently the quic_multistream_test tests version negotiation..sort of. It uses a packet injector to force the tserver to send a version negotiation packet back to the client. Thats no longer needed as the server will respond to an invalid version properly. So alter script_74 to, instead of using the injector, use a quic channel mutator to invalidate the version provided in the initial packet. Then we attempt to connect. If the server responds with a version negotiation packet and the client restarts with the proper version, then the test passes, as the connection is extablished. Also, while we're in here, update the gen_version_neg function to properly insert a 0 version into the packet header for script_75, as version negotiation packets require that to be set, otherwise script_75 will fail now when the server notices this discrepancy. Reviewed-by: Tomas Mraz Reviewed-by: Saša Nedvědický (Merged from https://github.com/openssl/openssl/pull/25968) --- diff --git a/test/quic_multistream_test.c b/test/quic_multistream_test.c index a145e46fd24..3c9a5082020 100644 --- a/test/quic_multistream_test.c +++ b/test/quic_multistream_test.c @@ -4919,6 +4919,7 @@ static int generate_version_neg(WPACKET *wpkt, uint32_t version) QUIC_PKT_HDR hdr = {0}; hdr.type = QUIC_PKT_TYPE_VERSION_NEG; + hdr.version = 0; hdr.fixed = 1; hdr.dst_conn_id.id_len = 0; hdr.src_conn_id.id_len = 8; @@ -4980,10 +4981,64 @@ err: return rc; } -static const struct script_op script_74[] = { - OP_S_SET_INJECT_DATAGRAM (server_gen_version_neg) - OP_SET_INJECT_WORD (1, 0) +static int do_mutation = 0; +static QUIC_PKT_HDR *hdr_to_free = NULL; + +/* + * Check packets to transmit, if we have an initial packet + * Modify the version number to something incorrect + * so that we trigger a version negotiation + * Note, this is a use once function, it will only modify the + * first INITIAL packet it sees, after which it needs to be + * armed again + */ +static int script_74_alter_version(const QUIC_PKT_HDR *hdrin, + const OSSL_QTX_IOVEC *iovecin, size_t numin, + QUIC_PKT_HDR **hdrout, + const OSSL_QTX_IOVEC **iovecout, + size_t *numout, + void *arg) +{ + *hdrout = OPENSSL_memdup(hdrin, sizeof(QUIC_PKT_HDR)); + *iovecout = iovecin; + *numout = numin; + hdr_to_free = *hdrout; + if (do_mutation == 0) + return 1; + do_mutation = 0; + + if (hdrin->type == QUIC_PKT_TYPE_INITIAL) + (*hdrout)->version = 0xdeadbeef; + return 1; +} + +static void script_74_finish_mutation(void *arg) +{ + OPENSSL_free(hdr_to_free); +} + +/* + * Enable the packet mutator for the client channel + * So that when we send a Initial packet + * We modify the version to be something invalid + * to force a version negotiation + */ +static int script_74_arm_packet_mutator(struct helper *h, + struct helper_local *hl) +{ + QUIC_CHANNEL *ch = ossl_quic_conn_get_channel(h->c_conn); + + do_mutation = 1; + if (!ossl_quic_channel_set_mutator(ch, script_74_alter_version, + script_74_finish_mutation, + NULL)) + return 0; + return 1; +} + +static const struct script_op script_74[] = { + OP_CHECK (script_74_arm_packet_mutator, 0) OP_C_SET_ALPN ("ossltest") OP_C_CONNECT_WAIT ()