Add the ability to mutate TLS handshake messages before they are written

We add callbacks so that TLS handshake messages can be modified by the test
framework before they are passed to the handshake hash, possibly encrypted
and written to the network. This enables us to simulate badly behaving
endpoints.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20030)

diff --git a/include/internal/quic_channel.h b/include/internal/quic_channel.h
index 4048bcd9c9fa41177b24f01a884af554d6402ce0..591c8cb76ef14fb4bfe369c4d21929ac35991c8e 100644 (file)
--- a/include/internal/quic_channel.h
+++ b/include/internal/quic_channel.h
@@ -195,6 +195,8 @@ int ossl_quic_channel_is_terminated(const QUIC_CHANNEL *ch,
 int ossl_quic_channel_is_active(const QUIC_CHANNEL *ch);
 int ossl_quic_channel_is_handshake_complete(const QUIC_CHANNEL *ch);
 
+SSL *ossl_quic_channel_get0_ssl(QUIC_CHANNEL *ch);
+
 # endif
 
 #endif

diff --git a/include/internal/quic_tserver.h b/include/internal/quic_tserver.h
index cd26c81042baf62c3c71b6bf7673b72254c0dc69..5cf0804a2dd100654d76a9122565f8558e0143b5 100644 (file)
--- a/include/internal/quic_tserver.h
+++ b/include/internal/quic_tserver.h
@@ -13,6 +13,7 @@
 # include <openssl/ssl.h>
 # include "internal/quic_stream.h"
 # include "internal/quic_channel.h"
+# include "internal/statem.h"
 
 # ifndef OPENSSL_NO_QUIC
 
@@ -43,10 +44,15 @@ QUIC_TSERVER *ossl_quic_tserver_new(const QUIC_TSERVER_ARGS *args,
 void ossl_quic_tserver_free(QUIC_TSERVER *srv);
 
 /* Set mutator callbacks for test framework support */
-int ossl_quic_tserver_set_mutator(QUIC_TSERVER *srv,
-                                  ossl_mutate_packet_cb mutatecb,
-                                  ossl_finish_mutate_cb finishmutatecb,
-                                  void *mutatearg);
+int ossl_quic_tserver_set_plain_packet_mutator(QUIC_TSERVER *srv,
+                                               ossl_mutate_packet_cb mutatecb,
+                                               ossl_finish_mutate_cb finishmutatecb,
+                                               void *mutatearg);
+
+int ossl_quic_tserver_set_handshake_mutator(QUIC_TSERVER *srv,
+                                            ossl_statem_mutate_handshake_cb mutate_handshake_cb,
+                                            ossl_statem_finish_mutate_handshake_cb finish_mutate_handshake_cb,
+                                            void *mutatearg);
 
 /* Advances the state machine. */
 int ossl_quic_tserver_tick(QUIC_TSERVER *srv);

diff --git a/ssl/statem/statem.h b/include/internal/statem.h
similarity index 85%
rename from ssl/statem/statem.h
rename to include/internal/statem.h
index 2b73eba6f68f598065765539a54746d4e22a01c1..d07871233751172c229516d050e2a2837f4275ba 100644 (file)
--- a/ssl/statem/statem.h
+++ b/include/internal/statem.h
@@ -77,6 +77,14 @@ typedef enum {
     CON_FUNC_DONT_SEND
 } CON_FUNC_RETURN;
 
+typedef int (*ossl_statem_mutate_handshake_cb)(unsigned char *msgin,
+                                               size_t inlen,
+                                               unsigned char **msgout,
+                                               size_t *outlen,
+                                               void *arg);
+
+typedef void (*ossl_statem_finish_mutate_handshake_cb)(void *arg);
+
 /*****************************************************************************
  *                                                                           *
  * This structure should be considered "opaque" to anything outside of the   *
@@ -106,6 +114,12 @@ struct ossl_statem_st {
     /* Should we skip the CertificateVerify message? */
     unsigned int no_cert_verify;
     int use_timer;
+
+    /* Test harness message mutator callbacks */
+    ossl_statem_mutate_handshake_cb mutate_handshake_cb;
+    ossl_statem_finish_mutate_handshake_cb finish_mutate_handshake_cb;
+    void *mutatearg;
+    unsigned int write_in_progress : 1;
 };
 typedef struct ossl_statem_st OSSL_STATEM;
 
@@ -116,6 +130,8 @@ typedef struct ossl_statem_st OSSL_STATEM;
  *                                                                           *
  *****************************************************************************/
 
+typedef struct ssl_connection_st SSL_CONNECTION;
+
 __owur int ossl_statem_accept(SSL *s);
 __owur int ossl_statem_connect(SSL *s);
 OSSL_HANDSHAKE_STATE ossl_statem_get_state(SSL_CONNECTION *s);
@@ -144,3 +160,8 @@ __owur int ossl_statem_export_early_allowed(SSL_CONNECTION *s);
 
 /* Flush the write BIO */
 int statem_flush(SSL_CONNECTION *s);
+
+int ossl_statem_set_mutator(SSL *s,
+                            ossl_statem_mutate_handshake_cb mutate_handshake_cb,
+                            ossl_statem_finish_mutate_handshake_cb finish_mutate_handshake_cb,
+                            void *mutatearg);

diff --git a/ssl/quic/quic_channel.c b/ssl/quic/quic_channel.c
index 293dddd29862c171ad8ec7bcead48feb8209e788..be438426ba043a40ba7da2f50dac837218e7763f 100644 (file)
--- a/ssl/quic/quic_channel.c
+++ b/ssl/quic/quic_channel.c
@@ -2081,3 +2081,8 @@ static int ch_server_on_new_conn(QUIC_CHANNEL *ch, const BIO_ADDR *peer,
     ch->doing_proactive_ver_neg = 0; /* not currently supported */
     return 1;
 }
+
+SSL *ossl_quic_channel_get0_ssl(QUIC_CHANNEL *ch)
+{
+    return ch->tls;
+}

diff --git a/ssl/quic/quic_tserver.c b/ssl/quic/quic_tserver.c
index 1bb17e8e53ed24f24aa91abff60e2c92b82bf302..2a6049b1349e58a477397cd37568d91b3250bfee 100644 (file)
--- a/ssl/quic/quic_tserver.c
+++ b/ssl/quic/quic_tserver.c
@@ -123,15 +123,26 @@ void ossl_quic_tserver_free(QUIC_TSERVER *srv)
 }
 
 /* Set mutator callbacks for test framework support */
-int ossl_quic_tserver_set_mutator(QUIC_TSERVER *srv,
-                                  ossl_mutate_packet_cb mutatecb,
-                                  ossl_finish_mutate_cb finishmutatecb,
-                                  void *mutatearg)
+int ossl_quic_tserver_set_plain_packet_mutator(QUIC_TSERVER *srv,
+                                               ossl_mutate_packet_cb mutatecb,
+                                               ossl_finish_mutate_cb finishmutatecb,
+                                               void *mutatearg)
 {
     return ossl_quic_channel_set_mutator(srv->ch, mutatecb, finishmutatecb,
                                          mutatearg);
 }
 
+int ossl_quic_tserver_set_handshake_mutator(QUIC_TSERVER *srv,
+                                            ossl_statem_mutate_handshake_cb mutate_handshake_cb,
+                                            ossl_statem_finish_mutate_handshake_cb finish_mutate_handshake_cb,
+                                            void *mutatearg)
+{
+    return ossl_statem_set_mutator(ossl_quic_channel_get0_ssl(srv->ch),
+                                   mutate_handshake_cb,
+                                   finish_mutate_handshake_cb,
+                                   mutatearg);
+}
+
 int ossl_quic_tserver_tick(QUIC_TSERVER *srv)
 {
     ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(srv->ch));

diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index 130cf385a96ec5535fc9cfdba2612cfc457a8598..f28f4419efa3fd56339b461ecda9a5bbedcfa4e2 100644 (file)
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -29,7 +29,7 @@
 # include <openssl/ct.h>
 # include "record/record.h"
 # include "internal/recordmethod.h"
-# include "statem/statem.h"
+# include "internal/statem.h"
 # include "internal/packet.h"
 # include "internal/dane.h"
 # include "internal/refcount.h"

diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 88f3b94f2e2b4d23e314b5779a329b19248a8e46..ebedbeefbb2c4f1f563fbaeb52b25ec5278e561a 100644 (file)
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -36,6 +36,23 @@ const unsigned char hrrrandom[] = {
     0x07, 0x9e, 0x09, 0xe2, 0xc8, 0xa8, 0x33, 0x9c
 };
 
+int ossl_statem_set_mutator(SSL *s,
+                            ossl_statem_mutate_handshake_cb mutate_handshake_cb,
+                            ossl_statem_finish_mutate_handshake_cb finish_mutate_handshake_cb,
+                            void *mutatearg)
+{
+    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
+
+    if (sc == NULL)
+        return 0;
+
+    sc->statem.mutate_handshake_cb = mutate_handshake_cb;
+    sc->statem.mutatearg = mutatearg;
+    sc->statem.finish_mutate_handshake_cb = finish_mutate_handshake_cb;
+
+    return 1;
+}
+
 /*
  * send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or
  * SSL3_RT_CHANGE_CIPHER_SPEC)
@@ -46,6 +63,32 @@ int ssl3_do_write(SSL_CONNECTION *s, int type)
     size_t written = 0;
     SSL *ssl = SSL_CONNECTION_GET_SSL(s);
 
+    /*
+     * If we're running the test suite then we may need to mutate the message
+     * we've been asked to write. Does not happen in normal operation.
+     */
+    if (s->statem.mutate_handshake_cb != NULL
+            && !s->statem.write_in_progress
+            && type == SSL3_RT_HANDSHAKE
+            && s->init_num >= SSL3_HM_HEADER_LENGTH) {
+        unsigned char *msg;
+        size_t msglen;
+
+        if (!s->statem.mutate_handshake_cb((unsigned char *)s->init_buf->data,
+                                           s->init_num,
+                                           &msg, &msglen,
+                                           s->statem.mutatearg))
+            return -1;
+        if (msglen < SSL3_HM_HEADER_LENGTH
+                || !BUF_MEM_grow(s->init_buf, msglen))
+            return -1;
+        memcpy(s->init_buf->data, msg, msglen);
+        s->init_num = msglen;
+        s->init_msg = s->init_buf->data + SSL3_HM_HEADER_LENGTH;
+        s->statem.finish_mutate_handshake_cb(s->statem.mutatearg);
+        s->statem.write_in_progress = 1;
+    }
+
     ret = ssl3_write_bytes(ssl, type, &s->init_buf->data[s->init_off],
                            s->init_num, &written);
     if (ret < 0)
@@ -65,6 +108,7 @@ int ssl3_do_write(SSL_CONNECTION *s, int type)
                                  written))
                 return -1;
     if (written == s->init_num) {
+        s->statem.write_in_progress = 0;
         if (s->msg_callback)
             s->msg_callback(1, s->version, type, s->init_buf->data,
                             (size_t)(s->init_off + s->init_num), ssl,

diff --git a/test/helpers/quictestlib.c b/test/helpers/quictestlib.c
index 34672a5913b05dc26f62d1230daaf2ba7aa8cadb..a4af783034d977c5845ed5ec4335a08968339f19 100644 (file)
--- a/test/helpers/quictestlib.c
+++ b/test/helpers/quictestlib.c
@@ -240,8 +240,10 @@ int ossl_quic_fault_set_packet_plain_listener(OSSL_QUIC_FAULT *fault,
     fault->pplaincb = pplaincb;
     fault->pplaincbarg = pplaincbarg;
 
-    return ossl_quic_tserver_set_mutator(fault->qtserv, packet_plain_mutate,
-                                         packet_plain_finish, fault);
+    return ossl_quic_tserver_set_plain_packet_mutator(fault->qtserv,
+                                                      packet_plain_mutate,
+                                                      packet_plain_finish,
+                                                      fault);
 }
 
 /* To be called from a packet_plain_listener callback */