summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjsing <>2021-06-19 17:11:34 +0000
committerjsing <>2021-06-19 17:11:34 +0000
commite5895fba963b225b4275079fc84444579ae34b3d (patch)
tree67b7e06bf058f9c0d6a827da4793aa95dcbceae5
parent25a25bb407e9ed4f33e3dd3ec0f0cf289c46ee5e (diff)
downloadopenbsd-e5895fba963b225b4275079fc84444579ae34b3d.tar.gz
openbsd-e5895fba963b225b4275079fc84444579ae34b3d.tar.bz2
openbsd-e5895fba963b225b4275079fc84444579ae34b3d.zip
Add DTLS test cases that use non-zero initial epochs.
In particular, test handling of 0xfffe and 0xffff - the latter results in wrapping to zero for the next epoch. One of these tests triggers a known bug in libssl, which will be fixed following this commit.
Diffstat
-rw-r--r--src/regress/lib/libssl/dtls/Makefile9
-rw-r--r--src/regress/lib/libssl/dtls/dtlstest.c40
2 files changed, 44 insertions, 5 deletions
diff --git a/src/regress/lib/libssl/dtls/Makefile b/src/regress/lib/libssl/dtls/Makefile
index 5d25cde2ee..79ca4077d3 100644
--- a/src/regress/lib/libssl/dtls/Makefile
+++ b/src/regress/lib/libssl/dtls/Makefile
@@ -1,10 +1,11 @@
1# $OpenBSD: Makefile,v 1.1 2020/10/14 15:49:14 jsing Exp $ 1# $OpenBSD: Makefile,v 1.2 2021/06/19 17:11:34 jsing Exp $
2 2
3PROG= dtlstest 3PROG= dtlstest
4LDADD= -lssl -lcrypto 4LDADD= ${SSL_INT} -lcrypto
5DPADD= ${LIBSSL} ${LIBCRYPTO} 5DPADD= ${LIBSSL} ${LIBCRYPTO}
6WARNINGS= Yes 6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror 7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8CFLAGS+= -I${.CURDIR}/../../../../lib/libssl
8 9
9REGRESS_TARGETS= \ 10REGRESS_TARGETS= \
10 regress-dtlstest 11 regress-dtlstest
diff --git a/src/regress/lib/libssl/dtls/dtlstest.c b/src/regress/lib/libssl/dtls/dtlstest.c
index 91b2599dda..30d8525971 100644
--- a/src/regress/lib/libssl/dtls/dtlstest.c
+++ b/src/regress/lib/libssl/dtls/dtlstest.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dtlstest.c,v 1.12 2021/06/19 16:29:51 jsing Exp $ */ 1/* $OpenBSD: dtlstest.c,v 1.13 2021/06/19 17:11:34 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2020, 2021 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2020, 2021 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -27,6 +27,8 @@
27#include <openssl/err.h> 27#include <openssl/err.h>
28#include <openssl/ssl.h> 28#include <openssl/ssl.h>
29 29
30#include "ssl_locl.h"
31
30const char *server_ca_file; 32const char *server_ca_file;
31const char *server_cert_file; 33const char *server_cert_file;
32const char *server_key_file; 34const char *server_key_file;
@@ -35,6 +37,9 @@ char dtls_cookie[32];
35 37
36int debug = 0; 38int debug = 0;
37 39
40void tls12_record_layer_set_initial_epoch(struct tls12_record_layer *rl,
41 uint16_t epoch);
42
38static void 43static void
39hexdump(const unsigned char *buf, size_t len) 44hexdump(const unsigned char *buf, size_t len)
40{ 45{
@@ -740,6 +745,7 @@ struct dtls_test {
740 long ssl_options; 745 long ssl_options;
741 int client_bbio_off; 746 int client_bbio_off;
742 int server_bbio_off; 747 int server_bbio_off;
748 uint16_t initial_epoch;
743 int write_after_accept; 749 int write_after_accept;
744 int shutdown_after_accept; 750 int shutdown_after_accept;
745 struct dtls_delay client_delays[MAX_PACKET_DELAYS]; 751 struct dtls_delay client_delays[MAX_PACKET_DELAYS];
@@ -754,6 +760,16 @@ static const struct dtls_test dtls_tests[] = {
754 .ssl_options = 0, 760 .ssl_options = 0,
755 }, 761 },
756 { 762 {
763 .desc = "DTLS without cookies (initial epoch 0xfffe)",
764 .ssl_options = 0,
765 .initial_epoch = 0xfffe,
766 },
767 {
768 .desc = "DTLS without cookies (initial epoch 0xffff)",
769 .ssl_options = 0,
770 .initial_epoch = 0xffff,
771 },
772 {
757 .desc = "DTLS with cookies", 773 .desc = "DTLS with cookies",
758 .ssl_options = SSL_OP_COOKIE_EXCHANGE, 774 .ssl_options = SSL_OP_COOKIE_EXCHANGE,
759 }, 775 },
@@ -860,6 +876,22 @@ static const struct dtls_test dtls_tests[] = {
860 .write_after_accept = 1, 876 .write_after_accept = 1,
861 }, 877 },
862 { 878 {
879 .desc = "DTLS with delayed server CCS (initial epoch 0xfffe)",
880 .ssl_options = SSL_OP_NO_TICKET,
881 .server_bbio_off = 1,
882 .initial_epoch = 0xfffe,
883 .server_delays = { { 5, 2 } },
884 .write_after_accept = 1,
885 },
886 {
887 .desc = "DTLS with delayed server CCS (initial epoch 0xffff)",
888 .ssl_options = SSL_OP_NO_TICKET,
889 .server_bbio_off = 1,
890 .initial_epoch = 0xffff,
891 .server_delays = { { 5, 2 } },
892 .write_after_accept = 1,
893 },
894 {
863 /* Send Finished after app data - this is currently buffered. */ 895 /* Send Finished after app data - this is currently buffered. */
864 .desc = "DTLS with delayed server Finished", 896 .desc = "DTLS with delayed server Finished",
865 .ssl_options = SSL_OP_NO_TICKET, 897 .ssl_options = SSL_OP_NO_TICKET,
@@ -932,9 +964,15 @@ dtlstest(const struct dtls_test *dt)
932 964
933 if ((client = dtls_client(client_sock, &server_sin, dt->mtu)) == NULL) 965 if ((client = dtls_client(client_sock, &server_sin, dt->mtu)) == NULL)
934 goto failure; 966 goto failure;
967
935 if ((server = dtls_server(server_sock, dt->ssl_options, dt->mtu)) == NULL) 968 if ((server = dtls_server(server_sock, dt->ssl_options, dt->mtu)) == NULL)
936 goto failure; 969 goto failure;
937 970
971 tls12_record_layer_set_initial_epoch(client->internal->rl,
972 dt->initial_epoch);
973 tls12_record_layer_set_initial_epoch(server->internal->rl,
974 dt->initial_epoch);
975
938 if (dt->client_bbio_off) 976 if (dt->client_bbio_off)
939 SSL_set_info_callback(client, dtls_info_callback); 977 SSL_set_info_callback(client, dtls_info_callback);
940 if (dt->server_bbio_off) 978 if (dt->server_bbio_off)
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 22:05:14 +0000