Test DTLS timeouts and retransmissions by dropping specific messages.

Provide a BIO that can drop specific messages in order to trigger and test DTLS timeouts and retransmissions. Note that the SSL buffering BIO (bbio) has to be removed to ensure that handshake messages are sent individually. This would have detected the recent DTLS breakage with retransmissions for a flight that includes a CCS.
author: jsing <> 2020-10-15 18:05:06 +0000
committer: jsing <> 2020-10-15 18:05:06 +0000
commit: 7c6ffc946324eead9f89ecc9ac680e2c861f8741 (patch)
tree: a53bbeff9461c2e47021a1ecc452d80f0821806f /src
parent: 698949bfcc12ecdf8b10bdffc544350feeeb348d (diff)
download: openbsd-7c6ffc946324eead9f89ecc9ac680e2c861f8741.tar.gz
openbsd-7c6ffc946324eead9f89ecc9ac680e2c861f8741.tar.bz2
openbsd-7c6ffc946324eead9f89ecc9ac680e2c861f8741.zip
1 files changed, 299 insertions, 5 deletions
diff --git a/src/regress/lib/libssl/dtls/dtlstest.c b/src/regress/lib/libssl/dtls/dtlstest.c
index 166302db48..c25800be19 100644
--- a/src/regress/lib/libssl/dtls/dtlstest.c
+++ b/src/regress/lib/libssl/dtls/dtlstest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dtlstest.c,v 1.2 2020/10/15 17:51:58 jsing Exp $ */
+/* $OpenBSD: dtlstest.c,v 1.3 2020/10/15 18:05:06 jsing Exp $ */
 /*
 * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
 *
@@ -35,6 +35,177 @@ char dtls_cookie[32];
 int debug = 0;
+static void
+hexdump(const unsigned char *buf, size_t len)
+{
+        size_t i;
+        for (i = 1; i <= len; i++)
+                fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n");
+        if (len % 8)
+                fprintf(stderr, "\n");
+}
+#define BIO_C_DROP_PACKET       1000
+#define BIO_C_DROP_RANDOM       1001
+struct bio_packet_monkey_ctx {
+        unsigned int drop_rand;
+        unsigned int drop_mask;
+};
+static int
+bio_packet_monkey_new(BIO *bio)
+{
+        struct bio_packet_monkey_ctx *ctx;
+        if ((ctx = calloc(1, sizeof(*ctx))) == NULL)
+                return 0;
+        bio->flags = 0;
+        bio->init = 1;
+        bio->num = 0;
+        bio->ptr = ctx;
+        return 1;
+}
+static int
+bio_packet_monkey_free(BIO *bio)
+{
+        struct bio_packet_monkey_ctx *ctx;
+        if (bio == NULL)
+                return 1;
+        ctx = bio->ptr;
+        free(ctx);
+        return 1;
+}
+static long
+bio_packet_monkey_ctrl(BIO *bio, int cmd, long num, void *ptr)
+{
+        struct bio_packet_monkey_ctx *ctx;
+        ctx = bio->ptr;
+        switch (cmd) {
+        case BIO_C_DROP_PACKET:
+                if (num < 1 || num > 31)
+                        return 0;
+                ctx->drop_mask |= 1 << ((unsigned int)num - 1);
+                return 1;
+        case BIO_C_DROP_RANDOM:
+                if (num < 0 || num > UINT_MAX)
+                        return 0;
+                ctx->drop_rand = (unsigned int)num;
+                return 1;
+        }
+        if (bio->next_bio == NULL)
+                return 0;
+        return BIO_ctrl(bio->next_bio, cmd, num, ptr);
+}
+static int
+bio_packet_monkey_read(BIO *bio, char *out, int out_len)
+{
+        struct bio_packet_monkey_ctx *ctx = bio->ptr;
+        int ret;
+        if (ctx == NULL || bio->next_bio == NULL)
+                return 0;
+        ret = BIO_read(bio->next_bio, out, out_len);
+        BIO_clear_retry_flags(bio);
+        if (ret <= 0 && BIO_should_retry(bio->next_bio))
+                BIO_set_retry_read(bio);
+        return ret;
+}
+static int
+bio_packet_monkey_write(BIO *bio, const char *in, int in_len)
+{
+        struct bio_packet_monkey_ctx *ctx = bio->ptr;
+        int drop = 0;
+        int ret;
+        if (ctx == NULL || bio->next_bio == NULL)
+                return 0;
+        if (ctx->drop_rand > 0) {
+                drop = arc4random_uniform(ctx->drop_rand) == 0;
+        } else if (ctx->drop_mask > 0) {
+                drop = ctx->drop_mask & 1;
+                ctx->drop_mask >>= 1;
+        }
+        if (debug) {
+                fprintf(stderr, "DEBUG: %s packet...\n",
+                    drop ? "dropping" : "writing");
+                hexdump(in, in_len);
+        }
+        if (drop)
+                return in_len;
+        ret = BIO_write(bio->next_bio, in, in_len);
+        BIO_clear_retry_flags(bio);
+        if (ret <= 0 && BIO_should_retry(bio->next_bio))
+                BIO_set_retry_write(bio);
+        return ret;
+}
+static int
+bio_packet_monkey_puts(BIO *bio, const char *str)
+{
+        return bio_packet_monkey_write(bio, str, strlen(str));
+}
+static const BIO_METHOD bio_packet_monkey = {
+        .type = BIO_TYPE_BUFFER,
+        .name = "packet monkey",
+        .bread = bio_packet_monkey_read,
+        .bwrite = bio_packet_monkey_write,
+        .bputs = bio_packet_monkey_puts,
+        .ctrl = bio_packet_monkey_ctrl,
+        .create = bio_packet_monkey_new,
+        .destroy = bio_packet_monkey_free
+};
+static const BIO_METHOD *
+BIO_f_packet_monkey(void)
+{
+        return &bio_packet_monkey;
+}
+static BIO *
+BIO_new_packet_monkey(void)
+{
+        return BIO_new(BIO_f_packet_monkey());
+}
+static int
+BIO_packet_monkey_drop(BIO *bio, int num)
+{
+        return BIO_ctrl(bio, BIO_C_DROP_PACKET, num, NULL);
+}
+#if 0
+static int
+BIO_packet_monkey_drop_random(BIO *bio, int num)
+{
+        return BIO_ctrl(bio, BIO_C_DROP_RANDOM, num, NULL);
+}
+#endif
 static int
 datagram_pair(int *client_sock, int *server_sock,
    struct sockaddr_in *server_sin)
@@ -109,6 +280,17 @@ dtls_cookie_verify(SSL *ssl, const unsigned char *cookie,
            memcmp(cookie, dtls_cookie, sizeof(dtls_cookie)) == 0;
 }
+static void
+dtls_info_callback(const SSL *ssl, int type, int val)
+{
+        /*
+         * Squeal's ahead... remove the bbio from the info callback, so we can
+         * drop specific messages. Ideally this would be an option for the SSL.
+         */
+        if (ssl->wbio == ssl->bbio)
+                ((SSL *)ssl)->wbio = BIO_pop(ssl->wbio);
+}
 static SSL *
 dtls_client(int sock, struct sockaddr_in *server_sin, long mtu)
 {
@@ -305,13 +487,19 @@ do_client_server_loop(SSL *client, ssl_func client_func, SSL *server,
        return client_done && server_done;
 }
+#define MAX_PACKET_DROPS 32
 struct dtls_test {
        const unsigned char *desc;
-        const long mtu;
+        long mtu;
-        const long ssl_options;
+        long ssl_options;
+        int client_bbio_off;
+        int server_bbio_off;
+        uint8_t client_drops[MAX_PACKET_DROPS];
+        uint8_t server_drops[MAX_PACKET_DROPS];
 };
-static struct dtls_test dtls_tests[] = {
+static const struct dtls_test dtls_tests[] = {
        {
                .desc = "DTLS without cookies",
                .ssl_options = 0,
@@ -323,18 +511,116 @@ static struct dtls_test dtls_tests[] = {
        {
                .desc = "DTLS with low MTU",
                .mtu = 256,
+                .ssl_options = 0,
        },
        {
                .desc = "DTLS with low MTU and cookies",
                .mtu = 256,
                .ssl_options = SSL_OP_COOKIE_EXCHANGE,
        },
+        {
+                .desc = "DTLS with dropped server response",
+                .ssl_options = 0,
+                .server_drops = { 1 },
+        },
+        {
+                .desc = "DTLS with two dropped server responses",
+                .ssl_options = 0,
+                .server_drops = { 1, 2 },
+        },
+        {
+                .desc = "DTLS with dropped ServerHello",
+                .ssl_options = 0,
+                .server_bbio_off = 1,
+                .server_drops = { 1 },
+        },
+        {
+                .desc = "DTLS with dropped server Certificate",
+                .ssl_options = 0,
+                .server_bbio_off = 1,
+                .server_drops = { 2 },
+        },
+        {
+                .desc = "DTLS with dropped ServerKeyExchange",
+                .ssl_options = 0,
+                .server_bbio_off = 1,
+                .server_drops = { 3 },
+        },
+#if 0
+        /*
+         * These three currently result in the server accept completing and the
+         * client looping on a timeout. Presumably the server should not
+         * complete until the client Finished is received...
+         */
+        {
+                .desc = "DTLS with dropped ServerHelloDone",
+                .ssl_options = 0,
+                .server_bbio_off = 1,
+                .server_drops = { 4 },
+        },
+        {
+                .desc = "DTLS with dropped server CCS",
+                .ssl_options = 0,
+                .server_bbio_off = 1,
+                .server_drops = { 5 },
+        },
+        {
+                .desc = "DTLS with dropped server Finished",
+                .ssl_options = 0,
+                .server_bbio_off = 1,
+                .server_drops = { 6 },
+        },
+#endif
+        {
+                .desc = "DTLS with dropped ClientKeyExchange",
+                .ssl_options = 0,
+                .client_bbio_off = 1,
+                .client_drops = { 2 },
+        },
+        {
+                .desc = "DTLS with dropped Client CCS",
+                .ssl_options = 0,
+                .client_bbio_off = 1,
+                .client_drops = { 3 },
+        },
+        {
+                .desc = "DTLS with dropped client Finished",
+                .ssl_options = 0,
+                .client_bbio_off = 1,
+                .client_drops = { 4 },
+        },
 };
 #define N_DTLS_TESTS (sizeof(dtls_tests) / sizeof(*dtls_tests))
+static void
+dtlstest_packet_monkey(SSL *ssl, const uint8_t drops[])
+{
+        BIO *bio_monkey;
+        BIO *bio;
+        int i;
+        if ((bio_monkey = BIO_new_packet_monkey()) == NULL)
+                errx(1, "packet monkey");
+        for (i = 0; i < MAX_PACKET_DROPS; i++) {
+                if (drops[i] == 0)
+                        break;
+                if (!BIO_packet_monkey_drop(bio_monkey, drops[i]))
+                        errx(1, "drop failure");
+        }
+        if ((bio = SSL_get_wbio(ssl)) == NULL)
+                errx(1, "SSL has NULL bio");
+        BIO_up_ref(bio);
+        bio = BIO_push(bio_monkey, bio);
+        SSL_set_bio(ssl, bio, bio);
+}
 static int
-dtlstest(struct dtls_test *dt)
+dtlstest(const struct dtls_test *dt)
 {
        SSL *client = NULL, *server = NULL;
        struct sockaddr_in server_sin;
@@ -353,6 +639,14 @@ dtlstest(struct dtls_test *dt)
        if ((server = dtls_server(server_sock, dt->ssl_options, dt->mtu)) == NULL)
                goto failure;
+        if (dt->client_bbio_off)
+                SSL_set_info_callback(client, dtls_info_callback);
+        if (dt->server_bbio_off)
+                SSL_set_info_callback(server, dtls_info_callback);
+        dtlstest_packet_monkey(client, dt->client_drops);
+        dtlstest_packet_monkey(server, dt->server_drops);
        pfd[0].fd = client_sock;
        pfd[0].events = POLLOUT;
        pfd[1].fd = server_sock;
author	jsing <>	2020-10-15 18:05:06 +0000
committer	jsing <>	2020-10-15 18:05:06 +0000
commit	7c6ffc946324eead9f89ecc9ac680e2c861f8741 (patch)
tree	a53bbeff9461c2e47021a1ecc452d80f0821806f /src
parent	698949bfcc12ecdf8b10bdffc544350feeeb348d (diff)
download	openbsd-7c6ffc946324eead9f89ecc9ac680e2c861f8741.tar.gz openbsd-7c6ffc946324eead9f89ecc9ac680e2c861f8741.tar.bz2 openbsd-7c6ffc946324eead9f89ecc9ac680e2c861f8741.zip

diff --git a/src/regress/lib/libssl/dtls/dtlstest.c b/src/regress/lib/libssl/dtls/dtlstest.c index 166302db48..c25800be19 100644 --- a/src/regress/lib/libssl/dtls/dtlstest.c +++ b/src/regress/lib/libssl/dtls/dtlstest.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: dtlstest.c,v 1.2 2020/10/15 17:51:58 jsing Exp $ */	1	/* $OpenBSD: dtlstest.c,v 1.3 2020/10/15 18:05:06 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2020 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -35,6 +35,177 @@ char dtls_cookie[32];
35		35
36	int debug = 0;	36	int debug = 0;
37		37
		38	static void
		39	hexdump(const unsigned char *buf, size_t len)
		40	{
		41	size_t i;
		42
		43	for (i = 1; i <= len; i++)
		44	fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n");
		45
		46	if (len % 8)
		47	fprintf(stderr, "\n");
		48	}
		49
		50	#define BIO_C_DROP_PACKET 1000
		51	#define BIO_C_DROP_RANDOM 1001
		52
		53	struct bio_packet_monkey_ctx {
		54	unsigned int drop_rand;
		55	unsigned int drop_mask;
		56	};
		57
		58	static int
		59	bio_packet_monkey_new(BIO *bio)
		60	{
		61	struct bio_packet_monkey_ctx *ctx;
		62
		63	if ((ctx = calloc(1, sizeof(*ctx))) == NULL)
		64	return 0;
		65
		66	bio->flags = 0;
		67	bio->init = 1;
		68	bio->num = 0;
		69	bio->ptr = ctx;
		70
		71	return 1;
		72	}
		73
		74	static int
		75	bio_packet_monkey_free(BIO *bio)
		76	{
		77	struct bio_packet_monkey_ctx *ctx;
		78
		79	if (bio == NULL)
		80	return 1;
		81
		82	ctx = bio->ptr;
		83	free(ctx);
		84
		85	return 1;
		86	}
		87
		88	static long
		89	bio_packet_monkey_ctrl(BIO bio, int cmd, long num, void ptr)
		90	{
		91	struct bio_packet_monkey_ctx *ctx;
		92
		93	ctx = bio->ptr;
		94
		95	switch (cmd) {
		96	case BIO_C_DROP_PACKET:
		97	if (num < 1 \|\| num > 31)
		98	return 0;
		99	ctx->drop_mask \|= 1 << ((unsigned int)num - 1);
		100	return 1;
		101
		102	case BIO_C_DROP_RANDOM:
		103	if (num < 0 \|\| num > UINT_MAX)
		104	return 0;
		105	ctx->drop_rand = (unsigned int)num;
		106	return 1;
		107	}
		108
		109	if (bio->next_bio == NULL)
		110	return 0;
		111
		112	return BIO_ctrl(bio->next_bio, cmd, num, ptr);
		113	}
		114
		115	static int
		116	bio_packet_monkey_read(BIO bio, char out, int out_len)
		117	{
		118	struct bio_packet_monkey_ctx *ctx = bio->ptr;
		119	int ret;
		120
		121	if (ctx == NULL \|\| bio->next_bio == NULL)
		122	return 0;
		123
		124	ret = BIO_read(bio->next_bio, out, out_len);
		125
		126	BIO_clear_retry_flags(bio);
		127	if (ret <= 0 && BIO_should_retry(bio->next_bio))
		128	BIO_set_retry_read(bio);
		129
		130	return ret;
		131	}
		132
		133	static int
		134	bio_packet_monkey_write(BIO bio, const char in, int in_len)
		135	{
		136	struct bio_packet_monkey_ctx *ctx = bio->ptr;
		137	int drop = 0;
		138	int ret;
		139
		140	if (ctx == NULL \|\| bio->next_bio == NULL)
		141	return 0;
		142
		143	if (ctx->drop_rand > 0) {
		144	drop = arc4random_uniform(ctx->drop_rand) == 0;
		145	} else if (ctx->drop_mask > 0) {
		146	drop = ctx->drop_mask & 1;
		147	ctx->drop_mask >>= 1;
		148	}
		149	if (debug) {
		150	fprintf(stderr, "DEBUG: %s packet...\n",
		151	drop ? "dropping" : "writing");
		152	hexdump(in, in_len);
		153	}
		154	if (drop)
		155	return in_len;
		156
		157	ret = BIO_write(bio->next_bio, in, in_len);
		158
		159	BIO_clear_retry_flags(bio);
		160	if (ret <= 0 && BIO_should_retry(bio->next_bio))
		161	BIO_set_retry_write(bio);
		162
		163	return ret;
		164	}
		165
		166	static int
		167	bio_packet_monkey_puts(BIO bio, const char str)
		168	{
		169	return bio_packet_monkey_write(bio, str, strlen(str));
		170	}
		171
		172	static const BIO_METHOD bio_packet_monkey = {
		173	.type = BIO_TYPE_BUFFER,
		174	.name = "packet monkey",
		175	.bread = bio_packet_monkey_read,
		176	.bwrite = bio_packet_monkey_write,
		177	.bputs = bio_packet_monkey_puts,
		178	.ctrl = bio_packet_monkey_ctrl,
		179	.create = bio_packet_monkey_new,
		180	.destroy = bio_packet_monkey_free
		181	};
		182
		183	static const BIO_METHOD *
		184	BIO_f_packet_monkey(void)
		185	{
		186	return &bio_packet_monkey;
		187	}
		188
		189	static BIO *
		190	BIO_new_packet_monkey(void)
		191	{
		192	return BIO_new(BIO_f_packet_monkey());
		193	}
		194
		195	static int
		196	BIO_packet_monkey_drop(BIO *bio, int num)
		197	{
		198	return BIO_ctrl(bio, BIO_C_DROP_PACKET, num, NULL);
		199	}
		200
		201	#if 0
		202	static int
		203	BIO_packet_monkey_drop_random(BIO *bio, int num)
		204	{
		205	return BIO_ctrl(bio, BIO_C_DROP_RANDOM, num, NULL);
		206	}
		207	#endif
		208
38	static int	209	static int
39	datagram_pair(int client_sock, int server_sock,	210	datagram_pair(int client_sock, int server_sock,
40	struct sockaddr_in *server_sin)	211	struct sockaddr_in *server_sin)
@@ -109,6 +280,17 @@ dtls_cookie_verify(SSL ssl, const unsigned char cookie,
109	memcmp(cookie, dtls_cookie, sizeof(dtls_cookie)) == 0;	280	memcmp(cookie, dtls_cookie, sizeof(dtls_cookie)) == 0;
110	}	281	}
111		282
		283	static void
		284	dtls_info_callback(const SSL *ssl, int type, int val)
		285	{
		286	/*
		287	* Squeal's ahead... remove the bbio from the info callback, so we can
		288	* drop specific messages. Ideally this would be an option for the SSL.
		289	*/
		290	if (ssl->wbio == ssl->bbio)
		291	((SSL *)ssl)->wbio = BIO_pop(ssl->wbio);
		292	}
		293
112	static SSL *	294	static SSL *
113	dtls_client(int sock, struct sockaddr_in *server_sin, long mtu)	295	dtls_client(int sock, struct sockaddr_in *server_sin, long mtu)
114	{	296	{
@@ -305,13 +487,19 @@ do_client_server_loop(SSL client, ssl_func client_func, SSL server,
305	return client_done && server_done;	487	return client_done && server_done;
306	}	488	}
307		489
		490	#define MAX_PACKET_DROPS 32
		491
308	struct dtls_test {	492	struct dtls_test {
309	const unsigned char *desc;	493	const unsigned char *desc;
310	const long mtu;	494	long mtu;
311	const long ssl_options;	495	long ssl_options;
		496	int client_bbio_off;
		497	int server_bbio_off;
		498	uint8_t client_drops[MAX_PACKET_DROPS];
		499	uint8_t server_drops[MAX_PACKET_DROPS];
312	};	500	};
313		501
314	static struct dtls_test dtls_tests[] = {	502	static const struct dtls_test dtls_tests[] = {
315	{	503	{
316	.desc = "DTLS without cookies",	504	.desc = "DTLS without cookies",
317	.ssl_options = 0,	505	.ssl_options = 0,
@@ -323,18 +511,116 @@ static struct dtls_test dtls_tests[] = {
323	{	511	{
324	.desc = "DTLS with low MTU",	512	.desc = "DTLS with low MTU",
325	.mtu = 256,	513	.mtu = 256,
		514	.ssl_options = 0,
326	},	515	},
327	{	516	{
328	.desc = "DTLS with low MTU and cookies",	517	.desc = "DTLS with low MTU and cookies",
329	.mtu = 256,	518	.mtu = 256,
330	.ssl_options = SSL_OP_COOKIE_EXCHANGE,	519	.ssl_options = SSL_OP_COOKIE_EXCHANGE,
331	},	520	},
		521	{
		522	.desc = "DTLS with dropped server response",
		523	.ssl_options = 0,
		524	.server_drops = { 1 },
		525	},
		526	{
		527	.desc = "DTLS with two dropped server responses",
		528	.ssl_options = 0,
		529	.server_drops = { 1, 2 },
		530	},
		531	{
		532	.desc = "DTLS with dropped ServerHello",
		533	.ssl_options = 0,
		534	.server_bbio_off = 1,
		535	.server_drops = { 1 },
		536	},
		537	{
		538	.desc = "DTLS with dropped server Certificate",
		539	.ssl_options = 0,
		540	.server_bbio_off = 1,
		541	.server_drops = { 2 },
		542	},
		543	{
		544	.desc = "DTLS with dropped ServerKeyExchange",
		545	.ssl_options = 0,
		546	.server_bbio_off = 1,
		547	.server_drops = { 3 },
		548	},
		549	#if 0
		550	/*
		551	* These three currently result in the server accept completing and the
		552	* client looping on a timeout. Presumably the server should not
		553	* complete until the client Finished is received...
		554	*/
		555	{
		556	.desc = "DTLS with dropped ServerHelloDone",
		557	.ssl_options = 0,
		558	.server_bbio_off = 1,
		559	.server_drops = { 4 },
		560	},
		561	{
		562	.desc = "DTLS with dropped server CCS",
		563	.ssl_options = 0,
		564	.server_bbio_off = 1,
		565	.server_drops = { 5 },
		566	},
		567	{
		568	.desc = "DTLS with dropped server Finished",
		569	.ssl_options = 0,
		570	.server_bbio_off = 1,
		571	.server_drops = { 6 },
		572	},
		573	#endif
		574	{
		575	.desc = "DTLS with dropped ClientKeyExchange",
		576	.ssl_options = 0,
		577	.client_bbio_off = 1,
		578	.client_drops = { 2 },
		579	},
		580	{
		581	.desc = "DTLS with dropped Client CCS",
		582	.ssl_options = 0,
		583	.client_bbio_off = 1,
		584	.client_drops = { 3 },
		585	},
		586	{
		587	.desc = "DTLS with dropped client Finished",
		588	.ssl_options = 0,
		589	.client_bbio_off = 1,
		590	.client_drops = { 4 },
		591	},
332	};	592	};
333		593
334	#define N_DTLS_TESTS (sizeof(dtls_tests) / sizeof(*dtls_tests))	594	#define N_DTLS_TESTS (sizeof(dtls_tests) / sizeof(*dtls_tests))
335		595
		596	static void
		597	dtlstest_packet_monkey(SSL *ssl, const uint8_t drops[])
		598	{
		599	BIO *bio_monkey;
		600	BIO *bio;
		601	int i;
		602
		603	if ((bio_monkey = BIO_new_packet_monkey()) == NULL)
		604	errx(1, "packet monkey");
		605
		606	for (i = 0; i < MAX_PACKET_DROPS; i++) {
		607	if (drops[i] == 0)
		608	break;
		609	if (!BIO_packet_monkey_drop(bio_monkey, drops[i]))
		610	errx(1, "drop failure");
		611	}
		612
		613	if ((bio = SSL_get_wbio(ssl)) == NULL)
		614	errx(1, "SSL has NULL bio");
		615
		616	BIO_up_ref(bio);
		617	bio = BIO_push(bio_monkey, bio);
		618
		619	SSL_set_bio(ssl, bio, bio);
		620	}
		621
336	static int	622	static int
337	dtlstest(struct dtls_test *dt)	623	dtlstest(const struct dtls_test *dt)
338	{	624	{
339	SSL client = NULL, server = NULL;	625	SSL client = NULL, server = NULL;
340	struct sockaddr_in server_sin;	626	struct sockaddr_in server_sin;
@@ -353,6 +639,14 @@ dtlstest(struct dtls_test *dt)
353	if ((server = dtls_server(server_sock, dt->ssl_options, dt->mtu)) == NULL)	639	if ((server = dtls_server(server_sock, dt->ssl_options, dt->mtu)) == NULL)
354	goto failure;	640	goto failure;
355		641
		642	if (dt->client_bbio_off)
		643	SSL_set_info_callback(client, dtls_info_callback);
		644	if (dt->server_bbio_off)
		645	SSL_set_info_callback(server, dtls_info_callback);
		646
		647	dtlstest_packet_monkey(client, dt->client_drops);
		648	dtlstest_packet_monkey(server, dt->server_drops);
		649
356	pfd[0].fd = client_sock;	650	pfd[0].fd = client_sock;
357	pfd[0].events = POLLOUT;	651	pfd[0].events = POLLOUT;
358	pfd[1].fd = server_sock;	652	pfd[1].fd = server_sock;