2 * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include <openssl/configuration.h>
12 #include <openssl/bio.h>
13 #include "internal/e_os.h" /* For struct timeval */
14 #include "quictestlib.h"
15 #include "ssltestlib.h"
16 #include "../testutil.h"
17 #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
18 # include "../threadstest.h"
20 #include "internal/quic_ssl.h"
21 #include "internal/quic_wire_pkt.h"
22 #include "internal/quic_record_tx.h"
23 #include "internal/quic_error.h"
24 #include "internal/packet.h"
25 #include "internal/tsan_assist.h"
27 #define GROWTH_ALLOWANCE 1024
29 struct noise_args_data_st {
39 /* Plain packet mutations */
40 /* Header for the plaintext packet */
41 QUIC_PKT_HDR pplainhdr;
42 /* iovec for the plaintext packet data buffer */
43 OSSL_QTX_IOVEC pplainio;
44 /* Allocated size of the plaintext packet data buffer */
45 size_t pplainbuf_alloc;
46 qtest_fault_on_packet_plain_cb pplaincb;
49 /* Handshake message mutations */
50 /* Handshake message buffer */
51 unsigned char *handbuf;
52 /* Allocated size of the handshake message buffer */
54 /* Actual length of the handshake message */
56 qtest_fault_on_handshake_cb handshakecb;
58 qtest_fault_on_enc_ext_cb encextcb;
61 /* Cipher packet mutations */
62 qtest_fault_on_packet_cipher_cb pciphercb;
65 /* Datagram mutations */
66 qtest_fault_on_datagram_cb datagramcb;
68 /* The currently processed message */
70 /* Allocated size of msg data buffer */
72 struct noise_args_data_st noiseargs;
75 static void packet_plain_finish(void *arg);
76 static void handshake_finish(void *arg);
77 static OSSL_TIME qtest_get_time(void);
78 static void qtest_reset_time(void);
80 static int using_fake_time = 0;
81 static OSSL_TIME fake_now;
82 static CRYPTO_RWLOCK *fake_now_lock = NULL;
84 static OSSL_TIME fake_now_cb(void *arg)
86 return qtest_get_time();
89 static void noise_msg_callback(int write_p, int version, int content_type,
90 const void *buf, size_t len, SSL *ssl,
93 struct noise_args_data_st *noiseargs = (struct noise_args_data_st *)arg;
95 if (content_type == SSL3_RT_QUIC_FRAME_FULL) {
99 if (!PACKET_buf_init(&pkt, buf, len))
102 if (!ossl_quic_wire_peek_frame_header(&pkt, &frame_type, NULL))
105 if (frame_type == OSSL_QUIC_FRAME_TYPE_PING) {
107 * If either endpoint issues a ping frame then we are in danger
108 * of our noise being too much such that the connection itself
109 * fails. We back off on the noise for a bit to avoid that.
111 (void)BIO_ctrl(noiseargs->cbio, BIO_CTRL_NOISE_BACK_OFF, 0, NULL);
112 (void)BIO_ctrl(noiseargs->sbio, BIO_CTRL_NOISE_BACK_OFF, 0, NULL);
116 #ifndef OPENSSL_NO_SSL_TRACE
117 if ((noiseargs->flags & QTEST_FLAG_CLIENT_TRACE) != 0
118 && !SSL_is_server(ssl))
119 SSL_trace(write_p, version, content_type, buf, len, ssl,
120 noiseargs->tracebio);
124 int qtest_create_quic_objects(OSSL_LIB_CTX *libctx, SSL_CTX *clientctx,
125 SSL_CTX *serverctx, char *certfile, char *keyfile,
126 int flags, QUIC_TSERVER **qtserv, SSL **cssl,
127 QTEST_FAULT **fault, BIO **tracebio)
129 /* ALPN value as recognised by QUIC_TSERVER */
130 unsigned char alpn[] = { 8, 'o', 's', 's', 'l', 't', 'e', 's', 't' };
131 QUIC_TSERVER_ARGS tserver_args = {0};
132 BIO *cbio = NULL, *sbio = NULL, *fisbio = NULL;
133 BIO_ADDR *peeraddr = NULL;
134 struct in_addr ina = {0};
139 *cssl = SSL_new(clientctx);
140 if (!TEST_ptr(*cssl))
145 *fault = OPENSSL_zalloc(sizeof(**fault));
150 #ifndef OPENSSL_NO_SSL_TRACE
151 if ((flags & QTEST_FLAG_CLIENT_TRACE) != 0) {
152 tmpbio = BIO_new_fp(stdout, BIO_NOCLOSE);
153 if (!TEST_ptr(tmpbio))
156 SSL_set_msg_callback(*cssl, SSL_trace);
157 SSL_set_msg_callback_arg(*cssl, tmpbio);
160 if (tracebio != NULL)
163 /* SSL_set_alpn_protos returns 0 for success! */
164 if (!TEST_false(SSL_set_alpn_protos(*cssl, alpn, sizeof(alpn))))
167 if (!TEST_ptr(peeraddr = BIO_ADDR_new()))
170 if ((flags & QTEST_FLAG_BLOCK) != 0) {
171 #if !defined(OPENSSL_NO_POSIX_IO)
175 * For blocking mode we need to create actual sockets rather than doing
176 * everything in memory
178 if (!TEST_true(create_test_sockets(&cfd, &sfd, SOCK_DGRAM, peeraddr)))
180 cbio = BIO_new_dgram(cfd, 1);
181 if (!TEST_ptr(cbio)) {
186 sbio = BIO_new_dgram(sfd, 1);
187 if (!TEST_ptr(sbio)) {
195 if (!TEST_true(BIO_new_bio_dgram_pair(&cbio, 0, &sbio, 0)))
198 if (!TEST_true(BIO_dgram_set_caps(cbio, BIO_DGRAM_CAP_HANDLES_DST_ADDR))
199 || !TEST_true(BIO_dgram_set_caps(sbio, BIO_DGRAM_CAP_HANDLES_DST_ADDR)))
202 /* Dummy server address */
203 if (!TEST_true(BIO_ADDR_rawmake(peeraddr, AF_INET, &ina, sizeof(ina),
208 if ((flags & QTEST_FLAG_PACKET_SPLIT) != 0) {
209 BIO *pktsplitbio = BIO_new(bio_f_pkt_split_dgram_filter());
211 if (!TEST_ptr(pktsplitbio))
213 cbio = BIO_push(pktsplitbio, cbio);
215 pktsplitbio = BIO_new(bio_f_pkt_split_dgram_filter());
216 if (!TEST_ptr(pktsplitbio))
218 sbio = BIO_push(pktsplitbio, sbio);
221 if ((flags & QTEST_FLAG_NOISE) != 0) {
225 * It is an error to not have a QTEST_FAULT object when introducing noise
227 if (!TEST_ptr(fault))
230 noisebio = BIO_new(bio_f_noisy_dgram_filter());
232 if (!TEST_ptr(noisebio))
234 cbio = BIO_push(noisebio, cbio);
236 noisebio = BIO_new(bio_f_noisy_dgram_filter());
238 if (!TEST_ptr(noisebio))
240 sbio = BIO_push(noisebio, sbio);
243 * Currently the simplistic handler of the quic tserver cannot cope
244 * with noise introduced in the first packet received from the
245 * client. This needs to be removed once we have proper server side
248 (void)BIO_ctrl(sbio, BIO_CTRL_NOISE_BACK_OFF, 0, NULL);
250 (*fault)->noiseargs.cbio = cbio;
251 (*fault)->noiseargs.sbio = sbio;
252 (*fault)->noiseargs.tracebio = tmpbio;
253 (*fault)->noiseargs.flags = flags;
255 SSL_set_msg_callback(*cssl, noise_msg_callback);
256 SSL_set_msg_callback_arg(*cssl, &(*fault)->noiseargs);
259 SSL_set_bio(*cssl, cbio, cbio);
261 if (!TEST_true(SSL_set_blocking_mode(*cssl,
262 (flags & QTEST_FLAG_BLOCK) != 0 ? 1 : 0)))
265 if (!TEST_true(SSL_set1_initial_peer_addr(*cssl, peeraddr)))
268 fisbio = BIO_new(qtest_get_bio_method());
269 if (!TEST_ptr(fisbio))
272 BIO_set_data(fisbio, fault == NULL ? NULL : *fault);
274 if (!BIO_up_ref(sbio))
276 if (!TEST_ptr(BIO_push(fisbio, sbio))) {
281 tserver_args.libctx = libctx;
282 tserver_args.net_rbio = sbio;
283 tserver_args.net_wbio = fisbio;
284 tserver_args.alpn = NULL;
285 if (serverctx != NULL && !TEST_true(SSL_CTX_up_ref(serverctx)))
287 tserver_args.ctx = serverctx;
288 if (fake_now_lock == NULL) {
289 fake_now_lock = CRYPTO_THREAD_lock_new();
290 if (fake_now_lock == NULL)
293 if ((flags & QTEST_FLAG_FAKE_TIME) != 0) {
296 tserver_args.now_cb = fake_now_cb;
297 (void)ossl_quic_conn_set_override_now_cb(*cssl, fake_now_cb, NULL);
302 if (!TEST_ptr(*qtserv = ossl_quic_tserver_new(&tserver_args, certfile,
306 /* Ownership of fisbio and sbio is now held by *qtserv */
310 if ((flags & QTEST_FLAG_NOISE) != 0)
311 ossl_quic_tserver_set_msg_callback(*qtserv, noise_msg_callback,
312 &(*fault)->noiseargs);
315 (*fault)->qtserv = *qtserv;
317 BIO_ADDR_free(peeraddr);
321 SSL_CTX_free(tserver_args.ctx);
322 BIO_ADDR_free(peeraddr);
324 BIO_free_all(fisbio);
328 ossl_quic_tserver_free(*qtserv);
330 OPENSSL_free(*fault);
332 if (tracebio != NULL)
338 void qtest_add_time(uint64_t millis)
340 if (!CRYPTO_THREAD_write_lock(fake_now_lock))
342 fake_now = ossl_time_add(fake_now, ossl_ms2time(millis));
343 CRYPTO_THREAD_unlock(fake_now_lock);
346 static OSSL_TIME qtest_get_time(void)
350 if (!CRYPTO_THREAD_read_lock(fake_now_lock))
351 return ossl_time_zero();
353 CRYPTO_THREAD_unlock(fake_now_lock);
357 static void qtest_reset_time(void)
359 if (!CRYPTO_THREAD_write_lock(fake_now_lock))
361 fake_now = ossl_time_zero();
362 CRYPTO_THREAD_unlock(fake_now_lock);
363 /* zero time can have a special meaning, bump it */
367 QTEST_FAULT *qtest_create_injector(QUIC_TSERVER *ts)
371 f = OPENSSL_zalloc(sizeof(*f));
380 int qtest_supports_blocking(void)
382 #if !defined(OPENSSL_NO_POSIX_IO) && defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
389 #define MAXLOOPS 1000
391 #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
392 static int globserverret = 0;
393 static TSAN_QUALIFIER int abortserverthread = 0;
394 static QUIC_TSERVER *globtserv;
395 static const thread_t thread_zero;
397 static void run_server_thread(void)
400 * This will operate in a busy loop because the server does not block,
401 * but should be acceptable because it is local and we expect this to be
404 globserverret = qtest_create_quic_connection(globtserv, NULL);
408 int qtest_wait_for_timeout(SSL *s, QUIC_TSERVER *qtserv)
411 OSSL_TIME ctimeout, stimeout, mintimeout, now;
414 /* We don't need to wait in blocking mode */
415 if (s == NULL || SSL_get_blocking_mode(s))
418 /* Don't wait if either BIO has data waiting */
419 if (BIO_pending(SSL_get_rbio(s)) > 0
420 || BIO_pending(ossl_quic_tserver_get0_rbio(qtserv)) > 0)
424 * Neither endpoint has data waiting to be read. We assume data transmission
425 * is instantaneous due to using mem based BIOs, so there is no data "in
426 * flight" and no more data will be sent by either endpoint until some time
427 * based event has occurred. Therefore, wait for a timeout to occur. This
428 * might happen if we are using the noisy BIO and datagrams have been lost.
430 if (!SSL_get_event_timeout(s, &tv, &cinf))
434 now = qtest_get_time();
436 now = ossl_time_now();
438 ctimeout = cinf ? ossl_time_infinite() : ossl_time_from_timeval(tv);
439 stimeout = ossl_time_subtract(ossl_quic_tserver_get_deadline(qtserv), now);
440 mintimeout = ossl_time_min(ctimeout, stimeout);
441 if (ossl_time_is_infinite(mintimeout))
445 qtest_add_time(ossl_time2ms(mintimeout));
447 OSSL_sleep(ossl_time2ms(mintimeout));
452 int qtest_create_quic_connection_ex(QUIC_TSERVER *qtserv, SSL *clientssl,
455 int retc = -1, rets = 0, abortctr = 0, ret = 0;
456 int clienterr = 0, servererr = 0;
457 #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
459 * Pointless initialisation to avoid bogus compiler warnings about using
462 thread_t t = thread_zero;
464 if (clientssl != NULL)
465 abortserverthread = 0;
468 if (!TEST_ptr(qtserv)) {
470 } else if (clientssl == NULL) {
472 } else if (SSL_get_blocking_mode(clientssl) > 0) {
473 #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
475 * clientssl is blocking. We will need a thread to complete the
479 if (!TEST_true(run_thread(&t, run_server_thread)))
485 TEST_error("No thread support in this build");
491 if (!clienterr && retc <= 0) {
494 retc = SSL_connect(clientssl);
496 err = SSL_get_error(clientssl, retc);
498 if (err == wanterr) {
500 #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
501 if (qtserv == NULL && rets > 0)
502 tsan_store(&abortserverthread, 1);
507 if (err != SSL_ERROR_WANT_READ
508 && err != SSL_ERROR_WANT_WRITE) {
509 TEST_info("SSL_connect() failed %d, %d", retc, err);
510 TEST_openssl_errors();
518 if (clientssl != NULL)
519 SSL_handle_events(clientssl);
521 ossl_quic_tserver_tick(qtserv);
523 if (!servererr && rets <= 0) {
524 servererr = ossl_quic_tserver_is_term_any(qtserv);
526 rets = ossl_quic_tserver_is_handshake_confirmed(qtserv);
529 if (clienterr && servererr)
532 if (clientssl != NULL && ++abortctr == MAXLOOPS) {
533 TEST_info("No progress made");
537 if ((retc <= 0 && !clienterr) || (rets <= 0 && !servererr)) {
538 if (!qtest_wait_for_timeout(clientssl, qtserv))
541 } while ((retc <= 0 && !clienterr)
542 || (rets <= 0 && !servererr
543 #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
544 && !tsan_load(&abortserverthread)
548 if (qtserv == NULL && rets > 0) {
549 #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
550 if (!TEST_true(wait_for_thread(t)) || !TEST_true(globserverret))
553 TEST_error("Should not happen");
558 if (!clienterr && !servererr)
564 int qtest_create_quic_connection(QUIC_TSERVER *qtserv, SSL *clientssl)
566 return qtest_create_quic_connection_ex(qtserv, clientssl, SSL_ERROR_NONE);
569 #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
570 static TSAN_QUALIFIER int shutdowndone;
572 static void run_server_shutdown_thread(void)
575 * This will operate in a busy loop because the server does not block,
576 * but should be acceptable because it is local and we expect this to be
580 ossl_quic_tserver_tick(globtserv);
581 } while(!tsan_load(&shutdowndone));
585 int qtest_shutdown(QUIC_TSERVER *qtserv, SSL *clientssl)
589 #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
591 * Pointless initialisation to avoid bogus compiler warnings about using
594 thread_t t = thread_zero;
597 if (SSL_get_blocking_mode(clientssl) > 0) {
598 #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
600 * clientssl is blocking. We will need a thread to complete the
605 if (!TEST_true(run_thread(&t, run_server_shutdown_thread)))
610 TEST_error("No thread support in this build");
615 /* Busy loop in non-blocking mode. It should be quick because its local */
617 int rc = SSL_shutdown(clientssl);
628 ossl_quic_tserver_tick(qtserv);
631 #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
632 tsan_store(&shutdowndone, 1);
634 if (!TEST_true(wait_for_thread(t)))
642 int qtest_check_server_transport_err(QUIC_TSERVER *qtserv, uint64_t code)
644 const QUIC_TERMINATE_CAUSE *cause;
646 ossl_quic_tserver_tick(qtserv);
649 * Check that the server has closed with the specified code from the client
651 if (!TEST_true(ossl_quic_tserver_is_term_any(qtserv)))
654 cause = ossl_quic_tserver_get_terminate_cause(qtserv);
656 || !TEST_true(cause->remote)
657 || !TEST_false(cause->app)
658 || !TEST_uint64_t_eq(cause->error_code, code))
664 int qtest_check_server_protocol_err(QUIC_TSERVER *qtserv)
666 return qtest_check_server_transport_err(qtserv, QUIC_ERR_PROTOCOL_VIOLATION);
669 int qtest_check_server_frame_encoding_err(QUIC_TSERVER *qtserv)
671 return qtest_check_server_transport_err(qtserv, QUIC_ERR_FRAME_ENCODING_ERROR);
674 void qtest_fault_free(QTEST_FAULT *fault)
679 packet_plain_finish(fault);
680 handshake_finish(fault);
685 static int packet_plain_mutate(const QUIC_PKT_HDR *hdrin,
686 const OSSL_QTX_IOVEC *iovecin, size_t numin,
687 QUIC_PKT_HDR **hdrout,
688 const OSSL_QTX_IOVEC **iovecout,
692 QTEST_FAULT *fault = arg;
696 /* Coalesce our data into a single buffer */
698 /* First calculate required buffer size */
699 for (i = 0; i < numin; i++)
700 bufsz += iovecin[i].buf_len;
702 fault->pplainio.buf_len = bufsz;
704 /* Add an allowance for possible growth */
705 bufsz += GROWTH_ALLOWANCE;
707 fault->pplainio.buf = cur = OPENSSL_malloc(bufsz);
709 fault->pplainio.buf_len = 0;
713 fault->pplainbuf_alloc = bufsz;
715 /* Copy in the data from the input buffers */
716 for (i = 0; i < numin; i++) {
717 memcpy(cur, iovecin[i].buf, iovecin[i].buf_len);
718 cur += iovecin[i].buf_len;
721 fault->pplainhdr = *hdrin;
723 /* Cast below is safe because we allocated the buffer */
724 if (fault->pplaincb != NULL
725 && !fault->pplaincb(fault, &fault->pplainhdr,
726 (unsigned char *)fault->pplainio.buf,
727 fault->pplainio.buf_len, fault->pplaincbarg))
730 *hdrout = &fault->pplainhdr;
731 *iovecout = &fault->pplainio;
737 static void packet_plain_finish(void *arg)
739 QTEST_FAULT *fault = arg;
741 /* Cast below is safe because we allocated the buffer */
742 OPENSSL_free((unsigned char *)fault->pplainio.buf);
743 fault->pplainio.buf_len = 0;
744 fault->pplainbuf_alloc = 0;
745 fault->pplainio.buf = NULL;
748 int qtest_fault_set_packet_plain_listener(QTEST_FAULT *fault,
749 qtest_fault_on_packet_plain_cb pplaincb,
752 fault->pplaincb = pplaincb;
753 fault->pplaincbarg = pplaincbarg;
755 return ossl_quic_tserver_set_plain_packet_mutator(fault->qtserv,
761 /* To be called from a packet_plain_listener callback */
762 int qtest_fault_resize_plain_packet(QTEST_FAULT *fault, size_t newlen)
765 size_t oldlen = fault->pplainio.buf_len;
768 * Alloc'd size should always be non-zero, so if this fails we've been
771 if (fault->pplainbuf_alloc == 0)
774 if (newlen > fault->pplainbuf_alloc) {
775 /* This exceeds our growth allowance. Fail */
779 /* Cast below is safe because we allocated the buffer */
780 buf = (unsigned char *)fault->pplainio.buf;
782 if (newlen > oldlen) {
783 /* Extend packet with 0 bytes */
784 memset(buf + oldlen, 0, newlen - oldlen);
785 } /* else we're truncating or staying the same */
787 fault->pplainio.buf_len = newlen;
788 fault->pplainhdr.len = newlen;
794 * Prepend frame data into a packet. To be called from a packet_plain_listener
797 int qtest_fault_prepend_frame(QTEST_FAULT *fault, const unsigned char *frame,
804 * Alloc'd size should always be non-zero, so if this fails we've been
807 if (fault->pplainbuf_alloc == 0)
810 /* Cast below is safe because we allocated the buffer */
811 buf = (unsigned char *)fault->pplainio.buf;
812 old_len = fault->pplainio.buf_len;
814 /* Extend the size of the packet by the size of the new frame */
815 if (!TEST_true(qtest_fault_resize_plain_packet(fault,
816 old_len + frame_len)))
819 memmove(buf + frame_len, buf, old_len);
820 memcpy(buf, frame, frame_len);
825 static int handshake_mutate(const unsigned char *msgin, size_t msginlen,
826 unsigned char **msgout, size_t *msgoutlen,
829 QTEST_FAULT *fault = arg;
831 unsigned long payloadlen;
832 unsigned int msgtype;
835 buf = OPENSSL_malloc(msginlen + GROWTH_ALLOWANCE);
839 fault->handbuf = buf;
840 fault->handbuflen = msginlen;
841 fault->handbufalloc = msginlen + GROWTH_ALLOWANCE;
842 memcpy(buf, msgin, msginlen);
844 if (!PACKET_buf_init(&pkt, buf, msginlen)
845 || !PACKET_get_1(&pkt, &msgtype)
846 || !PACKET_get_net_3(&pkt, &payloadlen)
847 || PACKET_remaining(&pkt) != payloadlen)
850 /* Parse specific message types */
852 case SSL3_MT_ENCRYPTED_EXTENSIONS:
854 QTEST_ENCRYPTED_EXTENSIONS ee;
856 if (fault->encextcb == NULL)
860 * The EncryptedExtensions message is very simple. It just has an
861 * extensions block in it and nothing else.
863 ee.extensions = (unsigned char *)PACKET_data(&pkt);
864 ee.extensionslen = payloadlen;
865 if (!fault->encextcb(fault, &ee, payloadlen, fault->encextcbarg))
870 /* No specific handlers for these message types yet */
874 if (fault->handshakecb != NULL
875 && !fault->handshakecb(fault, buf, fault->handbuflen,
876 fault->handshakecbarg))
880 *msgoutlen = fault->handbuflen;
885 static void handshake_finish(void *arg)
887 QTEST_FAULT *fault = arg;
889 OPENSSL_free(fault->handbuf);
890 fault->handbuf = NULL;
893 int qtest_fault_set_handshake_listener(QTEST_FAULT *fault,
894 qtest_fault_on_handshake_cb handshakecb,
895 void *handshakecbarg)
897 fault->handshakecb = handshakecb;
898 fault->handshakecbarg = handshakecbarg;
900 return ossl_quic_tserver_set_handshake_mutator(fault->qtserv,
906 int qtest_fault_set_hand_enc_ext_listener(QTEST_FAULT *fault,
907 qtest_fault_on_enc_ext_cb encextcb,
910 fault->encextcb = encextcb;
911 fault->encextcbarg = encextcbarg;
913 return ossl_quic_tserver_set_handshake_mutator(fault->qtserv,
919 /* To be called from a handshake_listener callback */
920 int qtest_fault_resize_handshake(QTEST_FAULT *fault, size_t newlen)
923 size_t oldlen = fault->handbuflen;
926 * Alloc'd size should always be non-zero, so if this fails we've been
929 if (fault->handbufalloc == 0)
932 if (newlen > fault->handbufalloc) {
933 /* This exceeds our growth allowance. Fail */
937 buf = (unsigned char *)fault->handbuf;
939 if (newlen > oldlen) {
940 /* Extend packet with 0 bytes */
941 memset(buf + oldlen, 0, newlen - oldlen);
942 } /* else we're truncating or staying the same */
944 fault->handbuflen = newlen;
948 /* To be called from message specific listener callbacks */
949 int qtest_fault_resize_message(QTEST_FAULT *fault, size_t newlen)
951 /* First resize the underlying message */
952 if (!qtest_fault_resize_handshake(fault, newlen + SSL3_HM_HEADER_LENGTH))
955 /* Fixup the handshake message header */
956 fault->handbuf[1] = (unsigned char)((newlen >> 16) & 0xff);
957 fault->handbuf[2] = (unsigned char)((newlen >> 8) & 0xff);
958 fault->handbuf[3] = (unsigned char)((newlen ) & 0xff);
963 int qtest_fault_delete_extension(QTEST_FAULT *fault,
964 unsigned int exttype, unsigned char *ext,
968 PACKET pkt, sub, subext;
969 WPACKET old_ext_wpkt;
971 const unsigned char *start, *end;
973 size_t msglen = fault->handbuflen;
975 if (!PACKET_buf_init(&pkt, ext, *extlen))
978 /* Extension block starts with 2 bytes for extension block length */
979 if (!PACKET_as_length_prefixed_2(&pkt, &sub))
983 start = PACKET_data(&sub);
984 if (!PACKET_get_net_2(&sub, &type)
985 || !PACKET_get_length_prefixed_2(&sub, &subext))
987 } while (type != exttype);
990 end = PACKET_data(&sub);
992 if (old_ext != NULL) {
993 if (!WPACKET_init(&old_ext_wpkt, old_ext))
996 if (!WPACKET_memcpy(&old_ext_wpkt, PACKET_data(&subext),
997 PACKET_remaining(&subext))
998 || !WPACKET_get_total_written(&old_ext_wpkt, &w)) {
999 WPACKET_cleanup(&old_ext_wpkt);
1003 WPACKET_finish(&old_ext_wpkt);
1004 old_ext->length = w;
1008 * If we're not the last extension we need to move the rest earlier. The
1009 * cast below is safe because we own the underlying buffer and we're no
1010 * longer making PACKET calls.
1012 if (end < ext + *extlen)
1013 memmove((unsigned char *)start, end, end - start);
1016 * Calculate new extensions payload length =
1018 * - 2 extension block length bytes
1019 * - length of removed extension
1021 newlen = *extlen - 2 - (end - start);
1023 /* Fixup the length bytes for the extension block */
1024 ext[0] = (unsigned char)((newlen >> 8) & 0xff);
1025 ext[1] = (unsigned char)((newlen ) & 0xff);
1028 * Length of the whole extension block is the new payload length plus the
1029 * 2 bytes for the length
1031 *extlen = newlen + 2;
1033 /* We can now resize the message */
1034 if ((size_t)(end - start) + SSL3_HM_HEADER_LENGTH > msglen)
1035 return 0; /* Should not happen */
1036 msglen -= (end - start) + SSL3_HM_HEADER_LENGTH;
1037 if (!qtest_fault_resize_message(fault, msglen))
1043 #define BIO_TYPE_CIPHER_PACKET_FILTER (0x80 | BIO_TYPE_FILTER)
1045 static BIO_METHOD *pcipherbiometh = NULL;
1047 # define BIO_MSG_N(array, stride, n) (*(BIO_MSG *)((char *)(array) + (n)*(stride)))
1049 static int pcipher_sendmmsg(BIO *b, BIO_MSG *msg, size_t stride,
1050 size_t num_msg, uint64_t flags,
1051 size_t *num_processed)
1054 BIO *next = BIO_next(b);
1055 ossl_ssize_t ret = 0;
1056 size_t i = 0, tmpnump;
1059 unsigned char *tmpdata;
1064 fault = BIO_get_data(b);
1066 || (fault->pciphercb == NULL && fault->datagramcb == NULL))
1067 return BIO_sendmmsg(next, msg, stride, num_msg, flags, num_processed);
1074 for (i = 0; i < num_msg; ++i) {
1075 fault->msg = BIO_MSG_N(msg, stride, i);
1077 /* Take a copy of the data so that callbacks can modify it */
1078 tmpdata = OPENSSL_malloc(fault->msg.data_len + GROWTH_ALLOWANCE);
1079 if (tmpdata == NULL)
1081 memcpy(tmpdata, fault->msg.data, fault->msg.data_len);
1082 fault->msg.data = tmpdata;
1083 fault->msgalloc = fault->msg.data_len + GROWTH_ALLOWANCE;
1085 if (fault->pciphercb != NULL) {
1086 if (!PACKET_buf_init(&pkt, fault->msg.data, fault->msg.data_len))
1090 if (!ossl_quic_wire_decode_pkt_hdr(&pkt,
1092 * TODO(QUIC SERVER):
1093 * Needs to be set to the actual short header CID length
1094 * when testing the server implementation.
1102 * hdr.data is const - but its our buffer so casting away the
1105 if (!fault->pciphercb(fault, &hdr, (unsigned char *)hdr.data,
1106 hdr.len, fault->pciphercbarg))
1110 * At the moment modifications to hdr by the callback
1111 * are ignored. We might need to rewrite the QUIC header to
1112 * enable tests to change this. We also don't yet have a
1113 * mechanism for the callback to change the encrypted data
1114 * length. It's not clear if that's needed or not.
1116 } while (PACKET_remaining(&pkt) > 0);
1119 if (fault->datagramcb != NULL
1120 && !fault->datagramcb(fault, &fault->msg, stride,
1121 fault->datagramcbarg))
1124 if (!BIO_sendmmsg(next, &fault->msg, stride, 1, flags, &tmpnump)) {
1129 OPENSSL_free(fault->msg.data);
1130 fault->msg.data = NULL;
1131 fault->msgalloc = 0;
1137 OPENSSL_free(fault->msg.data);
1138 fault->msg.data = NULL;
1142 static long pcipher_ctrl(BIO *b, int cmd, long larg, void *parg)
1144 BIO *next = BIO_next(b);
1149 return BIO_ctrl(next, cmd, larg, parg);
1152 BIO_METHOD *qtest_get_bio_method(void)
1156 if (pcipherbiometh != NULL)
1157 return pcipherbiometh;
1159 tmp = BIO_meth_new(BIO_TYPE_CIPHER_PACKET_FILTER, "Cipher Packet Filter");
1164 if (!TEST_true(BIO_meth_set_sendmmsg(tmp, pcipher_sendmmsg))
1165 || !TEST_true(BIO_meth_set_ctrl(tmp, pcipher_ctrl)))
1168 pcipherbiometh = tmp;
1172 return pcipherbiometh;
1175 int qtest_fault_set_packet_cipher_listener(QTEST_FAULT *fault,
1176 qtest_fault_on_packet_cipher_cb pciphercb,
1179 fault->pciphercb = pciphercb;
1180 fault->pciphercbarg = pciphercbarg;
1185 int qtest_fault_set_datagram_listener(QTEST_FAULT *fault,
1186 qtest_fault_on_datagram_cb datagramcb,
1187 void *datagramcbarg)
1189 fault->datagramcb = datagramcb;
1190 fault->datagramcbarg = datagramcbarg;
1195 /* To be called from a datagram_listener callback */
1196 int qtest_fault_resize_datagram(QTEST_FAULT *fault, size_t newlen)
1198 if (newlen > fault->msgalloc)
1201 if (newlen > fault->msg.data_len)
1202 memset((unsigned char *)fault->msg.data + fault->msg.data_len, 0,
1203 newlen - fault->msg.data_len);
1205 fault->msg.data_len = newlen;
1210 int bio_msg_copy(BIO_MSG *dst, BIO_MSG *src)
1213 * Note it is assumed that the originally allocated data sizes for dst and
1216 memcpy(dst->data, src->data, src->data_len);
1217 dst->data_len = src->data_len;
1218 dst->flags = src->flags;
1219 if (dst->local != NULL) {
1220 if (src->local != NULL) {
1221 if (!TEST_true(BIO_ADDR_copy(dst->local, src->local)))
1224 BIO_ADDR_clear(dst->local);
1227 if (!TEST_true(BIO_ADDR_copy(dst->peer, src->peer)))