1 /*
2 * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9 #include "internal/sockets.h"
10 #include <openssl/rand.h>
11
12 static const unsigned char alpn_ossltest[] = {
13 /* "\x08ossltest" (hex for EBCDIC resilience) */
14 0x08, 0x6f, 0x73, 0x73, 0x6c, 0x74, 0x65, 0x73, 0x74
15 };
16
DEF_FUNC(hf_unbind)17 DEF_FUNC(hf_unbind)
18 {
19 int ok = 0;
20 const char *name;
21
22 F_POP(name);
23 RADIX_PROCESS_set_obj(RP(), name, NULL);
24
25 ok = 1;
26 err:
27 return ok;
28 }
29
ssl_ctx_select_alpn(SSL * ssl,const unsigned char ** out,unsigned char * out_len,const unsigned char * in,unsigned int in_len,void * arg)30 static int ssl_ctx_select_alpn(SSL *ssl,
31 const unsigned char **out, unsigned char *out_len,
32 const unsigned char *in, unsigned int in_len,
33 void *arg)
34 {
35 if (SSL_select_next_proto((unsigned char **)out, out_len,
36 alpn_ossltest, sizeof(alpn_ossltest), in, in_len)
37 != OPENSSL_NPN_NEGOTIATED)
38 return SSL_TLSEXT_ERR_ALERT_FATAL;
39
40 return SSL_TLSEXT_ERR_OK;
41 }
42
keylog_cb(const SSL * ssl,const char * line)43 static void keylog_cb(const SSL *ssl, const char *line)
44 {
45 ossl_crypto_mutex_lock(RP()->gm);
46 BIO_printf(RP()->keylog_out, "%s", line);
47 (void)BIO_flush(RP()->keylog_out);
48 ossl_crypto_mutex_unlock(RP()->gm);
49 }
50
ssl_ctx_configure(SSL_CTX * ctx,int is_server)51 static int ssl_ctx_configure(SSL_CTX *ctx, int is_server)
52 {
53 if (!TEST_true(ossl_quic_set_diag_title(ctx, "quic_radix_test")))
54 return 0;
55
56 if (!is_server)
57 return 1;
58
59 if (RP()->keylog_out != NULL)
60 SSL_CTX_set_keylog_callback(ctx, keylog_cb);
61
62 if (!TEST_int_eq(SSL_CTX_use_certificate_file(ctx, cert_file,
63 SSL_FILETYPE_PEM),
64 1)
65 || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(ctx, key_file,
66 SSL_FILETYPE_PEM),
67 1))
68 return 0;
69
70 SSL_CTX_set_alpn_select_cb(ctx, ssl_ctx_select_alpn, NULL);
71 return 1;
72 }
73
ssl_create_bound_socket(uint16_t listen_port,int * p_fd,uint16_t * p_result_port)74 static int ssl_create_bound_socket(uint16_t listen_port,
75 int *p_fd, uint16_t *p_result_port)
76 {
77 int ok = 0;
78 int fd = -1;
79 BIO_ADDR *addr = NULL;
80 union BIO_sock_info_u info;
81 struct in_addr ina;
82
83 ina.s_addr = htonl(INADDR_LOOPBACK);
84
85 fd = BIO_socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP, 0);
86 if (!TEST_int_ge(fd, 0))
87 goto err;
88
89 if (!TEST_true(BIO_socket_nbio(fd, 1)))
90 goto err;
91
92 if (!TEST_ptr(addr = BIO_ADDR_new()))
93 goto err;
94
95 if (!TEST_true(BIO_ADDR_rawmake(addr, AF_INET,
96 &ina, sizeof(ina), 0)))
97 goto err;
98
99 if (!TEST_true(BIO_bind(fd, addr, 0)))
100 goto err;
101
102 info.addr = addr;
103 if (!TEST_true(BIO_sock_info(fd, BIO_SOCK_INFO_ADDRESS, &info)))
104 goto err;
105
106 if (!TEST_int_gt(BIO_ADDR_rawport(addr), 0))
107 goto err;
108
109 ok = 1;
110 err:
111 if (!ok && fd >= 0)
112 BIO_closesocket(fd);
113 else if (ok) {
114 *p_fd = fd;
115 if (p_result_port != NULL)
116 *p_result_port = BIO_ADDR_rawport(addr);
117 }
118 BIO_ADDR_free(addr);
119 return ok;
120 }
121
ssl_attach_bio_dgram(SSL * ssl,uint16_t local_port,uint16_t * actual_port)122 static int ssl_attach_bio_dgram(SSL *ssl,
123 uint16_t local_port, uint16_t *actual_port)
124 {
125 int s_fd = -1;
126 BIO *bio;
127
128 if (!TEST_true(ssl_create_bound_socket(local_port, &s_fd, actual_port)))
129 return 0;
130
131 if (!TEST_ptr(bio = BIO_new_dgram(s_fd, BIO_CLOSE))) {
132 BIO_closesocket(s_fd);
133 return 0;
134 }
135
136 SSL_set0_rbio(ssl, bio);
137 if (!TEST_true(BIO_up_ref(bio)))
138 return 0;
139
140 SSL_set0_wbio(ssl, bio);
141
142 return 1;
143 }
144
145 /*
146 * Test to make sure that SSL_accept_connection returns the same ssl object
147 * that is used in the various TLS callbacks
148 *
149 * Unlike TCP, QUIC processes new connections independently from their
150 * acceptance, and so we need to pre-allocate tls objects to return during
151 * connection acceptance via the user_ssl. This is just a quic test to validate
152 * that:
153 * 1) The new callback to inform the user of a new pending ssl acceptance works
154 * properly
155 * 2) That the object returned from SSL_accept_connection matches the one passed
156 * to various callbacks
157 *
158 * It would be better as its own test, but currently the tserver used in the
159 * other quic_tests doesn't actually accept connections (it pre-creates them
160 * and fixes them up in place), so testing there is not feasible at the moment
161 *
162 * For details on this issue see:
163 * https://github.com/openssl/project/issues/918
164 */
165 static SSL *pending_ssl_obj = NULL;
166 static SSL *client_hello_ssl_obj = NULL;
167 static int check_pending_match = 0;
168 static int pending_cb_called = 0;
169 static int hello_cb_called = 0;
new_pending_cb(SSL_CTX * ctx,SSL * new_ssl,void * arg)170 static int new_pending_cb(SSL_CTX *ctx, SSL *new_ssl, void *arg)
171 {
172 pending_ssl_obj = new_ssl;
173 pending_cb_called = 1;
174 return 1;
175 }
176
client_hello_cb(SSL * s,int * al,void * arg)177 static int client_hello_cb(SSL *s, int *al, void *arg)
178 {
179 client_hello_ssl_obj = s;
180 hello_cb_called = 1;
181 return 1;
182 }
183
DEF_FUNC(hf_new_ssl)184 DEF_FUNC(hf_new_ssl)
185 {
186 int ok = 0;
187 const char *name;
188 SSL_CTX *ctx = NULL;
189 const SSL_METHOD *method;
190 SSL *ssl;
191 uint64_t flags;
192 int is_server, is_domain;
193
194 F_POP2(name, flags);
195
196 is_domain = ((flags & 2) != 0);
197 is_server = ((flags & 1) != 0);
198
199 method = is_server ? OSSL_QUIC_server_method() : OSSL_QUIC_client_method();
200 if (!TEST_ptr(ctx = SSL_CTX_new(method)))
201 goto err;
202
203 #if defined(OPENSSL_THREADS)
204 if (!TEST_true(SSL_CTX_set_domain_flags(ctx,
205 SSL_DOMAIN_FLAG_MULTI_THREAD
206 | SSL_DOMAIN_FLAG_BLOCKING)))
207 goto err;
208 #endif
209
210 if (!TEST_true(ssl_ctx_configure(ctx, is_server)))
211 goto err;
212
213 if (is_domain) {
214 if (!TEST_ptr(ssl = SSL_new_domain(ctx, 0)))
215 goto err;
216
217 } else if (is_server) {
218 SSL_CTX_set_new_pending_conn_cb(ctx, new_pending_cb, NULL);
219 SSL_CTX_set_client_hello_cb(ctx, client_hello_cb, NULL);
220 check_pending_match = 1;
221 if (!TEST_ptr(ssl = SSL_new_listener(ctx, 0)))
222 goto err;
223 } else {
224 if (!TEST_ptr(ssl = SSL_new(ctx)))
225 goto err;
226 }
227
228 if (!is_domain && !TEST_true(ssl_attach_bio_dgram(ssl, 0, NULL)))
229 goto err;
230
231 if (!TEST_true(RADIX_PROCESS_set_ssl(RP(), name, ssl))) {
232 SSL_free(ssl);
233 goto err;
234 }
235
236 ok = 1;
237 err:
238 /* SSL object will hold ref, we don't need it */
239 SSL_CTX_free(ctx);
240 return ok;
241 }
242
DEF_FUNC(hf_new_ssl_listener_from)243 DEF_FUNC(hf_new_ssl_listener_from)
244 {
245 int ok = 0;
246 SSL *domain, *listener;
247 const char *listener_name;
248 uint64_t flags;
249
250 REQUIRE_SSL(domain);
251 F_POP2(listener_name, flags);
252
253 if (!TEST_ptr_null(RADIX_PROCESS_get_obj(RP(), listener_name)))
254 goto err;
255
256 if (!TEST_ptr(listener = SSL_new_listener_from(domain, flags)))
257 goto err;
258
259 if (!TEST_true(ssl_attach_bio_dgram(listener, 0, NULL)))
260 goto err;
261
262 if (!TEST_true(RADIX_PROCESS_set_ssl(RP(), listener_name, listener))) {
263 SSL_free(listener);
264 goto err;
265 }
266
267 radix_activate_slot(0);
268
269 ok = 1;
270 err:
271 return ok;
272 }
273
DEF_FUNC(hf_listen)274 DEF_FUNC(hf_listen)
275 {
276 int ok = 0, r;
277 SSL *ssl;
278
279 REQUIRE_SSL(ssl);
280
281 r = SSL_listen(ssl);
282 if (!TEST_true(r))
283 goto err;
284
285 if (SSL_get0_domain(ssl) == NULL)
286 radix_activate_slot(0);
287
288 ok = 1;
289 err:
290 return ok;
291 }
292
DEF_FUNC(hf_new_stream)293 DEF_FUNC(hf_new_stream)
294 {
295 int ok = 0;
296 const char *stream_name;
297 SSL *conn, *stream;
298 uint64_t flags, do_accept;
299
300 F_POP2(flags, do_accept);
301 F_POP(stream_name);
302 REQUIRE_SSL(conn);
303
304 if (!TEST_ptr_null(RADIX_PROCESS_get_obj(RP(), stream_name)))
305 goto err;
306
307 if (do_accept) {
308 stream = SSL_accept_stream(conn, flags);
309
310 if (stream == NULL)
311 F_SPIN_AGAIN();
312 } else {
313 stream = SSL_new_stream(conn, flags);
314 }
315
316 if (!TEST_ptr(stream))
317 goto err;
318
319 /* TODO(QUIC RADIX): Implement wait behaviour */
320
321 if (stream != NULL
322 && !TEST_true(RADIX_PROCESS_set_ssl(RP(), stream_name, stream))) {
323 SSL_free(stream);
324 goto err;
325 }
326
327 ok = 1;
328 err:
329 return ok;
330 }
331
DEF_FUNC(hf_accept_conn)332 DEF_FUNC(hf_accept_conn)
333 {
334 int ok = 0;
335 const char *conn_name;
336 uint64_t flags;
337 SSL *listener, *conn;
338
339 F_POP2(conn_name, flags);
340 REQUIRE_SSL(listener);
341
342 if (!TEST_ptr_null(RADIX_PROCESS_get_obj(RP(), conn_name)))
343 goto err;
344
345 conn = SSL_accept_connection(listener, flags);
346 if (conn == NULL)
347 F_SPIN_AGAIN();
348
349 if (!TEST_true(RADIX_PROCESS_set_ssl(RP(), conn_name, conn))) {
350 SSL_free(conn);
351 goto err;
352 }
353
354 if (check_pending_match) {
355 if (!pending_cb_called || !hello_cb_called) {
356 TEST_info("Callbacks not called, skipping user_ssl check\n");
357 } else {
358 if (!TEST_ptr_eq(pending_ssl_obj, client_hello_ssl_obj)) {
359 SSL_free(conn);
360 goto err;
361 }
362 if (!TEST_ptr_eq(pending_ssl_obj, conn)) {
363 SSL_free(conn);
364 goto err;
365 }
366 }
367 pending_ssl_obj = client_hello_ssl_obj = NULL;
368 check_pending_match = 0;
369 pending_cb_called = hello_cb_called = 0;
370 }
371 ok = 1;
372 err:
373 return ok;
374 }
375
DEF_FUNC(hf_accept_conn_none)376 DEF_FUNC(hf_accept_conn_none)
377 {
378 int ok = 0;
379 SSL *listener, *conn;
380
381 REQUIRE_SSL(listener);
382
383 conn = SSL_accept_connection(listener, SSL_ACCEPT_CONNECTION_NO_BLOCK);
384 if (!TEST_ptr_null(conn)) {
385 SSL_free(conn);
386 goto err;
387 }
388
389 ok = 1;
390 err:
391 return ok;
392 }
393
DEF_FUNC(hf_accept_stream_none)394 DEF_FUNC(hf_accept_stream_none)
395 {
396 int ok = 0;
397 const char *conn_name;
398 uint64_t flags;
399 SSL *conn, *stream;
400
401 F_POP2(conn_name, flags);
402
403 if (!TEST_ptr(conn = RADIX_PROCESS_get_ssl(RP(), conn_name)))
404 goto err;
405
406 stream = SSL_accept_stream(conn, flags);
407 if (!TEST_ptr_null(stream)) {
408 SSL_free(stream);
409 goto err;
410 }
411
412 ok = 1;
413 err:
414 return ok;
415 }
416
DEF_FUNC(hf_pop_err)417 DEF_FUNC(hf_pop_err)
418 {
419 ERR_pop();
420
421 return 1;
422 }
423
DEF_FUNC(hf_stream_reset)424 DEF_FUNC(hf_stream_reset)
425 {
426 int ok = 0;
427 const char *name;
428 SSL_STREAM_RESET_ARGS args = { 0 };
429 SSL *ssl;
430
431 F_POP2(name, args.quic_error_code);
432 REQUIRE_SSL(ssl);
433
434 if (!TEST_true(SSL_stream_reset(ssl, &args, sizeof(args))))
435 goto err;
436
437 ok = 1;
438 err:
439 return ok;
440 }
441
DEF_FUNC(hf_set_default_stream_mode)442 DEF_FUNC(hf_set_default_stream_mode)
443 {
444 int ok = 0;
445 uint64_t mode;
446 SSL *ssl;
447
448 F_POP(mode);
449 REQUIRE_SSL(ssl);
450
451 if (!TEST_true(SSL_set_default_stream_mode(ssl, (uint32_t)mode)))
452 goto err;
453
454 ok = 1;
455 err:
456 return ok;
457 }
458
DEF_FUNC(hf_set_incoming_stream_policy)459 DEF_FUNC(hf_set_incoming_stream_policy)
460 {
461 int ok = 0;
462 uint64_t policy, error_code;
463 SSL *ssl;
464
465 F_POP(error_code);
466 F_POP(policy);
467 REQUIRE_SSL(ssl);
468
469 if (!TEST_true(SSL_set_incoming_stream_policy(ssl, (int)policy, error_code)))
470 goto err;
471
472 ok = 1;
473 err:
474 return ok;
475 }
476
DEF_FUNC(hf_shutdown_wait)477 DEF_FUNC(hf_shutdown_wait)
478 {
479 int ok = 0, ret;
480 uint64_t flags;
481 SSL *ssl;
482 SSL_SHUTDOWN_EX_ARGS args = { 0 };
483 QUIC_CHANNEL *ch;
484
485 F_POP(args.quic_reason);
486 F_POP(args.quic_error_code);
487 F_POP(flags);
488 REQUIRE_SSL(ssl);
489
490 ch = ossl_quic_conn_get_channel(ssl);
491 ossl_quic_engine_set_inhibit_tick(ossl_quic_channel_get0_engine(ch), 0);
492
493 ret = SSL_shutdown_ex(ssl, flags, &args, sizeof(args));
494 if (!TEST_int_ge(ret, 0))
495 goto err;
496
497 if (ret == 0)
498 F_SPIN_AGAIN();
499
500 ok = 1;
501 err:
502 return ok;
503 }
504
DEF_FUNC(hf_conclude)505 DEF_FUNC(hf_conclude)
506 {
507 int ok = 0;
508 SSL *ssl;
509
510 REQUIRE_SSL(ssl);
511
512 if (!TEST_true(SSL_stream_conclude(ssl, 0)))
513 goto err;
514
515 ok = 1;
516 err:
517 return ok;
518 }
519
is_want(SSL * s,int ret)520 static int is_want(SSL *s, int ret)
521 {
522 int ec = SSL_get_error(s, ret);
523
524 return ec == SSL_ERROR_WANT_READ || ec == SSL_ERROR_WANT_WRITE;
525 }
526
check_consistent_want(SSL * s,int ret)527 static int check_consistent_want(SSL *s, int ret)
528 {
529 int ec = SSL_get_error(s, ret);
530 int w = SSL_want(s);
531
532 int ok = TEST_true(
533 (ec == SSL_ERROR_NONE && w == SSL_NOTHING)
534 || (ec == SSL_ERROR_ZERO_RETURN && w == SSL_NOTHING)
535 || (ec == SSL_ERROR_SSL && w == SSL_NOTHING)
536 || (ec == SSL_ERROR_SYSCALL && w == SSL_NOTHING)
537 || (ec == SSL_ERROR_WANT_READ && w == SSL_READING)
538 || (ec == SSL_ERROR_WANT_WRITE && w == SSL_WRITING)
539 || (ec == SSL_ERROR_WANT_CLIENT_HELLO_CB && w == SSL_CLIENT_HELLO_CB)
540 || (ec == SSL_ERROR_WANT_X509_LOOKUP && w == SSL_X509_LOOKUP)
541 || (ec == SSL_ERROR_WANT_RETRY_VERIFY && w == SSL_RETRY_VERIFY));
542
543 if (!ok)
544 TEST_error("got error=%d, want=%d", ec, w);
545
546 return ok;
547 }
548
DEF_FUNC(hf_write)549 DEF_FUNC(hf_write)
550 {
551 int ok = 0, r;
552 SSL *ssl;
553 const void *buf;
554 size_t buf_len, bytes_written = 0;
555
556 F_POP2(buf, buf_len);
557 REQUIRE_SSL(ssl);
558
559 r = SSL_write_ex(ssl, buf, buf_len, &bytes_written);
560 if (!TEST_true(r)
561 || !check_consistent_want(ssl, r)
562 || !TEST_size_t_eq(bytes_written, buf_len))
563 goto err;
564
565 ok = 1;
566 err:
567 return ok;
568 }
569
DEF_FUNC(hf_write_rand)570 DEF_FUNC(hf_write_rand)
571 {
572 int ok = 0, r;
573 SSL *ssl;
574 void *buf = NULL;
575 size_t buf_len, bytes_written = 0;
576
577 F_POP(buf_len);
578 REQUIRE_SSL(ssl);
579
580 while (buf_len > 0) {
581 size_t thislen = buf_len > 1024 ? 1024 : buf_len;
582
583 if (buf == NULL)
584 buf = OPENSSL_malloc(thislen);
585 if (!TEST_ptr(buf))
586 goto err;
587 if (!TEST_int_eq(RAND_bytes(buf, thislen), 1))
588 goto err;
589 r = SSL_write_ex(ssl, buf, thislen, &bytes_written);
590 if (!TEST_true(r)
591 || !check_consistent_want(ssl, r)
592 || !TEST_size_t_eq(bytes_written, thislen))
593 goto err;
594
595 buf_len -= thislen;
596 }
597
598 ok = 1;
599 err:
600 OPENSSL_free(buf);
601 return ok;
602 }
603
DEF_FUNC(hf_write_ex2)604 DEF_FUNC(hf_write_ex2)
605 {
606 int ok = 0, r;
607 SSL *ssl;
608 const void *buf;
609 size_t buf_len, bytes_written = 0;
610 uint64_t flags;
611
612 F_POP(flags);
613 F_POP2(buf, buf_len);
614 REQUIRE_SSL(ssl);
615
616 r = SSL_write_ex2(ssl, buf, buf_len, flags, &bytes_written);
617 if (!TEST_true(r)
618 || !check_consistent_want(ssl, r)
619 || !TEST_size_t_eq(bytes_written, buf_len))
620 goto err;
621
622 ok = 1;
623 err:
624 return ok;
625 }
626
DEF_FUNC(hf_write_fail)627 DEF_FUNC(hf_write_fail)
628 {
629 int ok = 0, ret;
630 SSL *ssl;
631 size_t bytes_written = 0;
632
633 REQUIRE_SSL(ssl);
634
635 ret = SSL_write_ex(ssl, "apple", 5, &bytes_written);
636 if (!TEST_false(ret)
637 || !TEST_true(check_consistent_want(ssl, ret))
638 || !TEST_size_t_eq(bytes_written, 0))
639 goto err;
640
641 ok = 1;
642 err:
643 return ok;
644 }
645
DEF_FUNC(hf_read_expect)646 DEF_FUNC(hf_read_expect)
647 {
648 int ok = 0, r;
649 SSL *ssl;
650 const void *buf;
651 size_t buf_len, bytes_read = 0;
652
653 F_POP2(buf, buf_len);
654 REQUIRE_SSL(ssl);
655
656 if (buf_len > 0 && RT()->tmp_buf == NULL
657 && !TEST_ptr(RT()->tmp_buf = OPENSSL_malloc(buf_len)))
658 goto err;
659
660 r = SSL_read_ex(ssl, RT()->tmp_buf + RT()->tmp_buf_offset,
661 buf_len - RT()->tmp_buf_offset,
662 &bytes_read);
663 if (!TEST_true(check_consistent_want(ssl, r)))
664 goto err;
665
666 if (!r)
667 F_SPIN_AGAIN();
668
669 if (bytes_read + RT()->tmp_buf_offset != buf_len) {
670 RT()->tmp_buf_offset += bytes_read;
671 F_SPIN_AGAIN();
672 }
673
674 if (buf_len > 0
675 && !TEST_mem_eq(RT()->tmp_buf, buf_len, buf, buf_len))
676 goto err;
677
678 OPENSSL_free(RT()->tmp_buf);
679 RT()->tmp_buf = NULL;
680 RT()->tmp_buf_offset = 0;
681
682 ok = 1;
683 err:
684 return ok;
685 }
686
DEF_FUNC(hf_read_fail)687 DEF_FUNC(hf_read_fail)
688 {
689 int ok = 0, r;
690 SSL *ssl;
691 char buf[1] = { 0 };
692 size_t bytes_read = 0;
693 uint64_t do_wait;
694
695 F_POP(do_wait);
696 REQUIRE_SSL(ssl);
697
698 r = SSL_read_ex(ssl, buf, sizeof(buf), &bytes_read);
699 if (!TEST_false(r)
700 || !TEST_true(check_consistent_want(ssl, r))
701 || !TEST_size_t_eq(bytes_read, 0))
702 goto err;
703
704 if (do_wait && is_want(ssl, 0))
705 F_SPIN_AGAIN();
706
707 ok = 1;
708 err:
709 return ok;
710 }
711
DEF_FUNC(hf_connect_wait)712 DEF_FUNC(hf_connect_wait)
713 {
714 int ok = 0, ret;
715 SSL *ssl;
716
717 REQUIRE_SSL(ssl);
718
719 /* if not started */
720 if (RT()->scratch0 == 0) {
721 if (!TEST_true(SSL_set_blocking_mode(ssl, 0)))
722 return 0;
723
724 /* 0 is the success case for SSL_set_alpn_protos(). */
725 if (!TEST_false(SSL_set_alpn_protos(ssl, alpn_ossltest,
726 sizeof(alpn_ossltest))))
727 goto err;
728 }
729
730 RT()->scratch0 = 1; /* connect started */
731 ret = SSL_connect(ssl);
732 radix_activate_slot(0);
733 if (!TEST_true(check_consistent_want(ssl, ret)))
734 goto err;
735
736 if (ret != 1) {
737 if (is_want(ssl, ret))
738 F_SPIN_AGAIN();
739
740 if (!TEST_int_eq(ret, 1))
741 goto err;
742 }
743
744 ok = 1;
745 err:
746 RT()->scratch0 = 0;
747 return ok;
748 }
749
DEF_FUNC(hf_detach)750 DEF_FUNC(hf_detach)
751 {
752 int ok = 0;
753 const char *conn_name, *stream_name;
754 SSL *conn, *stream;
755
756 F_POP2(conn_name, stream_name);
757 if (!TEST_ptr(conn = RADIX_PROCESS_get_ssl(RP(), conn_name)))
758 goto err;
759
760 if (!TEST_ptr(stream = ossl_quic_detach_stream(conn)))
761 goto err;
762
763 if (!TEST_true(RADIX_PROCESS_set_ssl(RP(), stream_name, stream))) {
764 SSL_free(stream);
765 goto err;
766 }
767
768 ok = 1;
769 err:
770 return ok;
771 }
772
DEF_FUNC(hf_attach)773 DEF_FUNC(hf_attach)
774 {
775 int ok = 0;
776 const char *conn_name, *stream_name;
777 SSL *conn, *stream;
778
779 F_POP2(conn_name, stream_name);
780
781 if (!TEST_ptr(conn = RADIX_PROCESS_get_ssl(RP(), conn_name)))
782 goto err;
783
784 if (!TEST_ptr(stream = RADIX_PROCESS_get_ssl(RP(), stream_name)))
785 goto err;
786
787 if (!TEST_true(ossl_quic_attach_stream(conn, stream)))
788 goto err;
789
790 if (!TEST_true(RADIX_PROCESS_set_ssl(RP(), stream_name, NULL)))
791 goto err;
792
793 ok = 1;
794 err:
795 return ok;
796 }
797
DEF_FUNC(hf_expect_fin)798 DEF_FUNC(hf_expect_fin)
799 {
800 int ok = 0, ret;
801 SSL *ssl;
802 char buf[1];
803 size_t bytes_read = 0;
804
805 REQUIRE_SSL(ssl);
806
807 ret = SSL_read_ex(ssl, buf, sizeof(buf), &bytes_read);
808 if (!TEST_true(check_consistent_want(ssl, ret))
809 || !TEST_false(ret)
810 || !TEST_size_t_eq(bytes_read, 0))
811 goto err;
812
813 if (is_want(ssl, 0))
814 F_SPIN_AGAIN();
815
816 if (!TEST_int_eq(SSL_get_error(ssl, 0),
817 SSL_ERROR_ZERO_RETURN))
818 goto err;
819
820 if (!TEST_int_eq(SSL_want(ssl), SSL_NOTHING))
821 goto err;
822
823 ok = 1;
824 err:
825 return ok;
826 }
827
DEF_FUNC(hf_expect_conn_close_info)828 DEF_FUNC(hf_expect_conn_close_info)
829 {
830 int ok = 0;
831 SSL *ssl;
832 SSL_CONN_CLOSE_INFO cc_info = { 0 };
833 uint64_t error_code, expect_app, expect_remote;
834
835 F_POP(error_code);
836 F_POP2(expect_app, expect_remote);
837 REQUIRE_SSL(ssl);
838
839 /* TODO BLOCKING */
840
841 if (!SSL_get_conn_close_info(ssl, &cc_info, sizeof(cc_info)))
842 F_SPIN_AGAIN();
843
844 if (!TEST_int_eq((int)expect_app,
845 (cc_info.flags & SSL_CONN_CLOSE_FLAG_TRANSPORT) == 0)
846 || !TEST_int_eq((int)expect_remote,
847 (cc_info.flags & SSL_CONN_CLOSE_FLAG_LOCAL) == 0)
848 || !TEST_uint64_t_eq(error_code, cc_info.error_code)) {
849 TEST_info("connection close reason: %s", cc_info.reason);
850 goto err;
851 }
852
853 ok = 1;
854 err:
855 return ok;
856 }
857
DEF_FUNC(hf_wait_for_data)858 DEF_FUNC(hf_wait_for_data)
859 {
860 int ok = 0;
861 SSL *ssl;
862 char buf[1];
863 size_t bytes_read = 0;
864
865 REQUIRE_SSL(ssl);
866
867 if (!SSL_peek_ex(ssl, buf, sizeof(buf), &bytes_read)
868 || bytes_read == 0)
869 F_SPIN_AGAIN();
870
871 ok = 1;
872 err:
873 return ok;
874 }
875
DEF_FUNC(hf_expect_err)876 DEF_FUNC(hf_expect_err)
877 {
878 int ok = 0;
879 uint64_t lib, reason;
880
881 F_POP2(lib, reason);
882 if (!TEST_size_t_eq((size_t)ERR_GET_LIB(ERR_peek_last_error()),
883 (size_t)lib)
884 || !TEST_size_t_eq((size_t)ERR_GET_REASON(ERR_peek_last_error()),
885 (size_t)reason))
886 goto err;
887
888 ok = 1;
889 err:
890 return ok;
891 }
892
DEF_FUNC(hf_expect_ssl_err)893 DEF_FUNC(hf_expect_ssl_err)
894 {
895 int ok = 0;
896 uint64_t expected;
897 SSL *ssl;
898
899 F_POP(expected);
900 REQUIRE_SSL(ssl);
901
902 if (!TEST_size_t_eq((size_t)SSL_get_error(ssl, 0), (size_t)expected)
903 || !TEST_int_eq(SSL_want(ssl), SSL_NOTHING))
904 goto err;
905
906 ok = 1;
907 err:
908 return ok;
909 }
910
DEF_FUNC(hf_expect_stream_id)911 DEF_FUNC(hf_expect_stream_id)
912 {
913 int ok = 0;
914 SSL *ssl;
915 uint64_t expected, actual;
916
917 F_POP(expected);
918 REQUIRE_SSL(ssl);
919
920 actual = SSL_get_stream_id(ssl);
921 if (!TEST_uint64_t_eq(actual, expected))
922 goto err;
923
924 ok = 1;
925 err:
926 return ok;
927 }
928
DEF_FUNC(hf_select_ssl)929 DEF_FUNC(hf_select_ssl)
930 {
931 int ok = 0;
932 uint64_t slot;
933 const char *name;
934 RADIX_OBJ *obj;
935
936 F_POP2(slot, name);
937 if (!TEST_ptr(obj = RADIX_PROCESS_get_obj(RP(), name)))
938 goto err;
939
940 if (!TEST_uint64_t_lt(slot, NUM_SLOTS))
941 goto err;
942
943 RT()->slot[slot] = obj;
944 RT()->ssl[slot] = obj->ssl;
945 ok = 1;
946 err:
947 return ok;
948 }
949
DEF_FUNC(hf_clear_slot)950 DEF_FUNC(hf_clear_slot)
951 {
952 int ok = 0;
953 uint64_t slot;
954
955 F_POP(slot);
956 if (!TEST_uint64_t_lt(slot, NUM_SLOTS))
957 goto err;
958
959 RT()->slot[slot] = NULL;
960 RT()->ssl[slot] = NULL;
961 ok = 1;
962 err:
963 return ok;
964 }
965
DEF_FUNC(hf_skip_time)966 DEF_FUNC(hf_skip_time)
967 {
968 int ok = 0;
969 uint64_t ms;
970
971 F_POP(ms);
972
973 radix_skip_time(ossl_ms2time(ms));
974 ok = 1;
975 err:
976 return ok;
977 }
978
DEF_FUNC(hf_set_peer_addr_from)979 DEF_FUNC(hf_set_peer_addr_from)
980 {
981 int ok = 0;
982 SSL *dst_ssl, *src_ssl;
983 BIO *dst_bio, *src_bio;
984 int src_fd = -1;
985 union BIO_sock_info_u src_info;
986 BIO_ADDR *src_addr = NULL;
987
988 REQUIRE_SSL_N(0, dst_ssl);
989 REQUIRE_SSL_N(1, src_ssl);
990 dst_bio = SSL_get_rbio(dst_ssl);
991 src_bio = SSL_get_rbio(src_ssl);
992 if (!TEST_ptr(dst_bio) || !TEST_ptr(src_bio))
993 goto err;
994
995 if (!TEST_ptr(src_addr = BIO_ADDR_new()))
996 goto err;
997
998 if (!TEST_true(BIO_get_fd(src_bio, &src_fd))
999 || !TEST_int_ge(src_fd, 0))
1000 goto err;
1001
1002 src_info.addr = src_addr;
1003 if (!TEST_true(BIO_sock_info(src_fd, BIO_SOCK_INFO_ADDRESS, &src_info))
1004 || !TEST_int_ge(ntohs(BIO_ADDR_rawport(src_addr)), 0))
1005 goto err;
1006
1007 /*
1008 * Could use SSL_set_initial_peer_addr here, but set it on the
1009 * BIO_s_datagram instead and make sure we pick it up automatically.
1010 */
1011 if (!TEST_true(BIO_dgram_set_peer(dst_bio, src_addr)))
1012 goto err;
1013
1014 ok = 1;
1015 err:
1016 BIO_ADDR_free(src_addr);
1017 return ok;
1018 }
1019
DEF_FUNC(hf_sleep)1020 DEF_FUNC(hf_sleep)
1021 {
1022 int ok = 0;
1023 uint64_t ms;
1024
1025 F_POP(ms);
1026
1027 OSSL_sleep(ms);
1028
1029 ok = 1;
1030 err:
1031 return ok;
1032 }
1033
1034 #define OP_UNBIND(name) \
1035 (OP_PUSH_PZ(#name), \
1036 OP_FUNC(hf_unbind))
1037
1038 #define OP_SELECT_SSL(slot, name) \
1039 (OP_PUSH_U64(slot), \
1040 OP_PUSH_PZ(#name), \
1041 OP_FUNC(hf_select_ssl))
1042
1043 #define OP_CLEAR_SLOT(slot) \
1044 (OP_PUSH_U64(slot), \
1045 OP_FUNC(hf_clear_slot))
1046
1047 #define OP_CONNECT_WAIT(name) \
1048 (OP_SELECT_SSL(0, name), \
1049 OP_FUNC(hf_connect_wait))
1050
1051 #define OP_LISTEN(name) \
1052 (OP_SELECT_SSL(0, name), \
1053 OP_FUNC(hf_listen))
1054
1055 #define OP_NEW_SSL_C(name) \
1056 (OP_PUSH_PZ(#name), \
1057 OP_PUSH_U64(0), \
1058 OP_FUNC(hf_new_ssl))
1059
1060 #define OP_NEW_SSL_L(name) \
1061 (OP_PUSH_PZ(#name), \
1062 OP_PUSH_U64(1), \
1063 OP_FUNC(hf_new_ssl))
1064
1065 #define OP_NEW_SSL_D(name) \
1066 (OP_PUSH_PZ(#name), \
1067 OP_PUSH_U64(3), \
1068 OP_FUNC(hf_new_ssl))
1069
1070 #define OP_NEW_SSL_L_LISTEN(name) \
1071 (OP_NEW_SSL_L(name), \
1072 OP_LISTEN(name))
1073
1074 #define OP_NEW_SSL_L_FROM(domain_name, listener_name, flags) \
1075 (OP_SELECT_SSL(0, domain_name), \
1076 OP_PUSH_PZ(#listener_name), \
1077 OP_PUSH_U64(flags), \
1078 OP_FUNC(hf_new_ssl_listener_from))
1079
1080 #define OP_NEW_SSL_L_FROM_LISTEN(domain_name, listener_name, flags) \
1081 (OP_NEW_SSL_L_FROM(domain_name, listener_name, flags), \
1082 OP_LISTEN(listener_name))
1083
1084 #define OP_SET_PEER_ADDR_FROM(dst_name, src_name) \
1085 (OP_SELECT_SSL(0, dst_name), \
1086 OP_SELECT_SSL(1, src_name), \
1087 OP_FUNC(hf_set_peer_addr_from))
1088
1089 #define OP_SIMPLE_PAIR_CONN() \
1090 (OP_NEW_SSL_L_LISTEN(L), \
1091 OP_NEW_SSL_C(C), \
1092 OP_SET_PEER_ADDR_FROM(C, L), \
1093 OP_CONNECT_WAIT(C))
1094
1095 #define OP_SIMPLE_PAIR_CONN_D() \
1096 (OP_NEW_SSL_D(Ds), \
1097 OP_NEW_SSL_L_FROM_LISTEN(Ds, L, 0), \
1098 OP_NEW_SSL_C(C), \
1099 OP_SET_PEER_ADDR_FROM(C, L), \
1100 OP_CONNECT_WAIT(C))
1101
1102 #define OP_SIMPLE_PAIR_CONN_ND() \
1103 (OP_SIMPLE_PAIR_CONN(), \
1104 OP_SET_DEFAULT_STREAM_MODE(C, SSL_DEFAULT_STREAM_MODE_NONE))
1105
1106 #define OP_NEW_STREAM(conn_name, stream_name, flags) \
1107 (OP_SELECT_SSL(0, conn_name), \
1108 OP_PUSH_PZ(#stream_name), \
1109 OP_PUSH_U64(flags), \
1110 OP_PUSH_U64(0), \
1111 OP_FUNC(hf_new_stream))
1112
1113 #define OP_ACCEPT_STREAM_WAIT(conn_name, stream_name, flags) \
1114 (OP_SELECT_SSL(0, conn_name), \
1115 OP_PUSH_PZ(#stream_name), \
1116 OP_PUSH_U64(flags), \
1117 OP_PUSH_U64(1), \
1118 OP_FUNC(hf_new_stream))
1119
1120 #define OP_ACCEPT_STREAM_NONE(conn_name) \
1121 (OP_SELECT_SSL(0, conn_name), \
1122 OP_FUNC(hf_accept_stream_none))
1123
1124 #define OP_ACCEPT_CONN_WAIT(listener_name, conn_name, flags) \
1125 (OP_SELECT_SSL(0, listener_name), \
1126 OP_PUSH_PZ(#conn_name), \
1127 OP_PUSH_U64(flags), \
1128 OP_FUNC(hf_accept_conn))
1129
1130 #define OP_ACCEPT_CONN_WAIT_ND(listener_name, conn_name, flags) \
1131 (OP_ACCEPT_CONN_WAIT(listener_name, conn_name, flags), \
1132 OP_SET_DEFAULT_STREAM_MODE(conn_name, SSL_DEFAULT_STREAM_MODE_NONE))
1133
1134 #define OP_ACCEPT_CONN_NONE(listener_name) \
1135 (OP_SELECT_SSL(0, listener_name), \
1136 OP_FUNC(hf_accept_conn_none))
1137
1138 #define OP_ACCEPT_CONN_WAIT1(listener_name, conn_name, flags) \
1139 (OP_ACCEPT_CONN_WAIT(listener_name, conn_name, flags), \
1140 OP_ACCEPT_CONN_NONE(listener_name))
1141
1142 #define OP_ACCEPT_CONN_WAIT1_ND(listener_name, conn_name, flags) \
1143 (OP_ACCEPT_CONN_WAIT_ND(listener_name, conn_name, flags), \
1144 OP_ACCEPT_CONN_NONE(listener_name))
1145
1146 #define OP_WRITE(name, buf, buf_len) \
1147 (OP_SELECT_SSL(0, name), \
1148 OP_PUSH_BUFP(buf, buf_len), \
1149 OP_FUNC(hf_write))
1150
1151 #define OP_WRITE_RAND(name, buf_len) \
1152 (OP_SELECT_SSL(0, name), \
1153 OP_PUSH_SIZE(buf_len), \
1154 OP_FUNC(hf_write_rand))
1155
1156 #define OP_WRITE_B(name, buf) \
1157 OP_WRITE(name, (buf), sizeof(buf))
1158
1159 #define OP_WRITE_EX2(name, buf, buf_len, flags) \
1160 (OP_SELECT_SSL(0, name), \
1161 OP_PUSH_BUFP(buf, buf_len), \
1162 OP_PUSH_U64(flags), \
1163 OP_FUNC(hf_write_ex2))
1164
1165 #define OP_WRITE_FAIL(name) \
1166 (OP_SELECT_SSL(0, name), \
1167 OP_FUNC(hf_write_fail))
1168
1169 #define OP_CONCLUDE(name) \
1170 (OP_SELECT_SSL(0, name), \
1171 OP_FUNC(hf_conclude))
1172
1173 #define OP_READ_EXPECT(name, buf, buf_len) \
1174 (OP_SELECT_SSL(0, name), \
1175 OP_PUSH_BUFP(buf, buf_len), \
1176 OP_FUNC(hf_read_expect))
1177
1178 #define OP_READ_EXPECT_B(name, buf) \
1179 OP_READ_EXPECT(name, (buf), sizeof(buf))
1180
1181 #define OP_READ_FAIL() \
1182 (OP_SELECT_SSL(0, name), \
1183 OP_PUSH_U64(0), \
1184 OP_FUNC(hf_read_fail))
1185
1186 #define OP_READ_FAIL_WAIT(name) \
1187 (OP_SELECT_SSL(0, name), \
1188 OP_PUSH_U64(1), \
1189 OP_FUNC(hf_read_fail)
1190
1191 #define OP_POP_ERR() \
1192 OP_FUNC(hf_pop_err)
1193
1194 #define OP_SET_DEFAULT_STREAM_MODE(name, mode) \
1195 (OP_SELECT_SSL(0, name), \
1196 OP_PUSH_U64(mode), \
1197 OP_FUNC(hf_set_default_stream_mode))
1198
1199 #define OP_SET_INCOMING_STREAM_POLICY(name, policy, error_code) \
1200 (OP_SELECT_SSL(0, name), \
1201 OP_PUSH_U64(policy), \
1202 OP_PUSH_U64(error_code), \
1203 OP_FUNC(hf_set_incoming_stream_policy))
1204
1205 #define OP_STREAM_RESET(name, error_code) \
1206 (OP_SELECT_SSL(0, name), \
1207 OP_PUSH_U64(flags), \
1208 OP_PUSH_U64(error_code), \
1209 OP_FUNC(hf_stream_reset))
1210
1211 #define OP_SHUTDOWN_WAIT(name, flags, error_code, reason) \
1212 (OP_SELECT_SSL(0, name), \
1213 OP_PUSH_U64(flags), \
1214 OP_PUSH_U64(error_code), \
1215 OP_PUSH_PZ(reason), \
1216 OP_FUNC(hf_shutdown_wait))
1217
1218 #define OP_DETACH(conn_name, stream_name) \
1219 (OP_SELECT_SSL(0, conn_name), \
1220 OP_PUSH_PZ(#stream_name), \
1221 OP_FUNC(hf_detach))
1222
1223 #define OP_ATTACH(conn_name, stream_name) \
1224 (OP_SELECT_SSL(0, conn_name), \
1225 OP_PUSH_PZ(stream_name), \
1226 OP_FUNC(hf_attach))
1227
1228 #define OP_EXPECT_FIN(name) \
1229 (OP_SELECT_SSL(0, name), \
1230 OP_FUNC(hf_expect_fin))
1231
1232 #define OP_EXPECT_CONN_CLOSE_INFO(name, error_code, expect_app, expect_remote) \
1233 (OP_SELECT_SSL(0, name), \
1234 OP_PUSH_U64(expect_app), \
1235 OP_PUSH_U64(expect_remote), \
1236 OP_PUSH_U64(error_code), \
1237 OP_FUNC(hf_expect_conn_close_info))
1238
1239 #define OP_WAIT_FOR_DATA(name) \
1240 (OP_SELECT_SSL(0, name), \
1241 OP_FUNC(hf_wait_for_data))
1242
1243 #define OP_EXPECT_ERR(lib, reason) \
1244 (OP_PUSH_U64(lib), \
1245 OP_PUSH_U64(reason), \
1246 OP_FUNC(hf_expect_err))
1247
1248 #define OP_EXPECT_SSL_ERR(name, expected) \
1249 (OP_SELECT_SSL(0, name), \
1250 OP_PUSH_U64(expected), \
1251 OP_FUNC(hf_expect_ssl_err))
1252
1253 #define OP_EXPECT_STREAM_ID(expected) \
1254 (OP_PUSH_U64(expected), \
1255 OP_FUNC(hf_expect_stream_id))
1256
1257 #define OP_SKIP_TIME(ms) \
1258 (OP_PUSH_U64(ms), \
1259 OP_FUNC(hf_skip_time))
1260
1261 #define OP_SLEEP(ms) \
1262 (OP_PUSH_U64(ms), \
1263 OP_FUNC(hf_sleep))
1264