1 files changed, 160 insertions, 17 deletions
diff --git a/src/regress/lib/libssl/dtls/dtlstest.c b/src/regress/lib/libssl/dtls/dtlstest.c
index becc500c90..91b2599dda 100644
--- a/src/regress/lib/libssl/dtls/dtlstest.c
+++ b/src/regress/lib/libssl/dtls/dtlstest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dtlstest.c,v 1.11 2021/06/19 15:52:41 jsing Exp $ */
+/* $OpenBSD: dtlstest.c,v 1.12 2021/06/19 16:29:51 jsing Exp $ */
 /*
 * Copyright (c) 2020, 2021 Joel Sing <jsing@openbsd.org>
 *
@@ -294,13 +294,11 @@ BIO_packet_monkey_delay(BIO *bio, int num, int count)
        return BIO_ctrl(bio, BIO_C_DELAY_PACKET, num, NULL);
 }
-#if 0
 static int
 BIO_packet_monkey_delay_flush(BIO *bio)
 {
        return BIO_ctrl(bio, BIO_C_DELAY_FLUSH, 0, NULL);
 }
-#endif
 static int
 BIO_packet_monkey_drop(BIO *bio, int num)
@@ -513,13 +511,60 @@ do_connect(SSL *ssl, const char *name, int *done, short *events)
 {
        int ssl_ret;
-        if ((ssl_ret = SSL_connect(ssl)) == 1) {
+        if ((ssl_ret = SSL_connect(ssl)) != 1)
-                fprintf(stderr, "INFO: %s connect done\n", name);
+                return ssl_error(ssl, name, "connect", ssl_ret, events);
-                *done = 1;
-                return 1;
+        fprintf(stderr, "INFO: %s connect done\n", name);
+        *done = 1;
+        return 1;
+}
+static int
+do_connect_read(SSL *ssl, const char *name, int *done, short *events)
+{
+        uint8_t buf[2048];
+        int ssl_ret;
+        int i;
+        if ((ssl_ret = SSL_connect(ssl)) != 1)
+                return ssl_error(ssl, name, "connect", ssl_ret, events);
+        fprintf(stderr, "INFO: %s connect done\n", name);
+        *done = 1;
+        for (i = 0; i < 3; i++) {
+                fprintf(stderr, "INFO: %s reading after connect\n", name);
+                if ((ssl_ret = SSL_read(ssl, buf, sizeof(buf))) != 3) {
+                        fprintf(stderr, "ERROR: %s read failed\n", name);
+                        return 0;
+                }
        }
-        return ssl_error(ssl, name, "connect", ssl_ret, events);
+        return 1;
+}
+static int
+do_connect_shutdown(SSL *ssl, const char *name, int *done, short *events)
+{
+        uint8_t buf[2048];
+        int ssl_ret;
+        if ((ssl_ret = SSL_connect(ssl)) != 1)
+                return ssl_error(ssl, name, "connect", ssl_ret, events);
+        fprintf(stderr, "INFO: %s connect done\n", name);
+        *done = 1;
+        ssl_ret = SSL_read(ssl, buf, sizeof(buf));
+        if (SSL_get_error(ssl, ssl_ret) != SSL_ERROR_ZERO_RETURN) {
+                fprintf(stderr, "FAIL: %s did not receive close-notify\n", name);
+                return 0;
+        }
+        fprintf(stderr, "INFO: %s received close-notify\n", name);
+        return 1;
 }
 static int
@@ -527,13 +572,66 @@ do_accept(SSL *ssl, const char *name, int *done, short *events)
 {
        int ssl_ret;
-        if ((ssl_ret = SSL_accept(ssl)) == 1) {
+        if ((ssl_ret = SSL_accept(ssl)) != 1)
-                fprintf(stderr, "INFO: %s accept done\n", name);
+                return ssl_error(ssl, name, "accept", ssl_ret, events);
-                *done = 1;
-                return 1;
+        fprintf(stderr, "INFO: %s accept done\n", name);
+        *done = 1;
+        return 1;
+}
+static int
+do_accept_write(SSL *ssl, const char *name, int *done, short *events)
+{
+        int ssl_ret;
+        BIO *bio;
+        int i;
+        if ((ssl_ret = SSL_accept(ssl)) != 1)
+                return ssl_error(ssl, name, "accept", ssl_ret, events);
+        fprintf(stderr, "INFO: %s accept done\n", name);
+        for (i = 0; i < 3; i++) {
+                fprintf(stderr, "INFO: %s writing after accept\n", name);
+                if ((ssl_ret = SSL_write(ssl, "abc", 3)) != 3) {
+                        fprintf(stderr, "ERROR: %s write failed\n", name);
+                        return 0;
+                }
        }
-        return ssl_error(ssl, name, "accept", ssl_ret, events);
+        if ((bio = SSL_get_wbio(ssl)) == NULL)
+                errx(1, "SSL has NULL bio");
+        /* Flush any delayed packets. */
+        BIO_packet_monkey_delay_flush(bio);
+        *done = 1;
+        return 1;
+}
+static int
+do_accept_shutdown(SSL *ssl, const char *name, int *done, short *events)
+{
+        int ssl_ret;
+        BIO *bio;
+        if ((ssl_ret = SSL_accept(ssl)) != 1)
+                return ssl_error(ssl, name, "accept", ssl_ret, events);
+        fprintf(stderr, "INFO: %s accept done\n", name);
+        SSL_shutdown(ssl);
+        if ((bio = SSL_get_wbio(ssl)) == NULL)
+                errx(1, "SSL has NULL bio");
+        /* Flush any delayed packets. */
+        BIO_packet_monkey_delay_flush(bio);
+        *done = 1;
+        return 1;
 }
 static int
@@ -582,11 +680,11 @@ do_shutdown(SSL *ssl, const char *name, int *done, short *events)
        return ssl_error(ssl, name, "shutdown", ssl_ret, events);
 }
-typedef int (*ssl_func)(SSL *ssl, const char *name, int *done, short *events);
+typedef int (ssl_func)(SSL *ssl, const char *name, int *done, short *events);
 static int
-do_client_server_loop(SSL *client, ssl_func client_func, SSL *server,
+do_client_server_loop(SSL *client, ssl_func *client_func, SSL *server,
-    ssl_func server_func, struct pollfd pfd[2])
+    ssl_func *server_func, struct pollfd pfd[2])
 {
        int client_done = 0, server_done = 0;
        int i = 0;
@@ -642,6 +740,8 @@ struct dtls_test {
        long ssl_options;
        int client_bbio_off;
        int server_bbio_off;
+        int write_after_accept;
+        int shutdown_after_accept;
        struct dtls_delay client_delays[MAX_PACKET_DELAYS];
        struct dtls_delay server_delays[MAX_PACKET_DELAYS];
        uint8_t client_drops[MAX_PACKET_DROPS];
@@ -748,6 +848,33 @@ static const struct dtls_test dtls_tests[] = {
                .client_bbio_off = 1,
                .client_delays = { { 3, 2 } },
        },
+        {
+                /*
+                 * Send CCS after server Finished - note app data will be
+                 * dropped if we send the CCS after app data.
+                 */
+                .desc = "DTLS with delayed server CCS",
+                .ssl_options = SSL_OP_NO_TICKET,
+                .server_bbio_off = 1,
+                .server_delays = { { 5, 2 } },
+                .write_after_accept = 1,
+        },
+        {
+                /* Send Finished after app data - this is currently buffered. */
+                .desc = "DTLS with delayed server Finished",
+                .ssl_options = SSL_OP_NO_TICKET,
+                .server_bbio_off = 1,
+                .server_delays = { { 6, 3 } },
+                .write_after_accept = 1,
+        },
+        {
+                /* Send CCS after server finished and close-notify. */
+                .desc = "DTLS with delayed server CCS (close-notify)",
+                .ssl_options = SSL_OP_NO_TICKET,
+                .server_bbio_off = 1,
+                .server_delays = { { 5, 3 } },
+                .shutdown_after_accept = 1,
+        },
 };
 #define N_DTLS_TESTS (sizeof(dtls_tests) / sizeof(*dtls_tests))
@@ -791,6 +918,7 @@ static int
 dtlstest(const struct dtls_test *dt)
 {
        SSL *client = NULL, *server = NULL;
+        ssl_func *connect_func, *accept_func;
        struct sockaddr_in server_sin;
        struct pollfd pfd[2];
        int client_sock = -1;
@@ -820,11 +948,25 @@ dtlstest(const struct dtls_test *dt)
        pfd[1].fd = server_sock;
        pfd[1].events = POLLIN;
-        if (!do_client_server_loop(client, do_connect, server, do_accept, pfd)) {
+        accept_func = do_accept;
+        connect_func = do_connect;
+        if (dt->write_after_accept) {
+                accept_func = do_accept_write;
+                connect_func = do_connect_read;
+        } else if (dt->shutdown_after_accept) {
+                accept_func = do_accept_shutdown;
+                connect_func = do_connect_shutdown;
+        }
+        if (!do_client_server_loop(client, connect_func, server, accept_func, pfd)) {
                fprintf(stderr, "FAIL: client and server handshake failed\n");
                goto failure;
        }
+        if (dt->write_after_accept || dt->shutdown_after_accept)
+                goto done;
        pfd[0].events = POLLIN;
        pfd[1].events = POLLOUT;
@@ -849,6 +991,7 @@ dtlstest(const struct dtls_test *dt)
                goto failure;
        }
+ done:
        fprintf(stderr, "INFO: Done!\n");
        failed = 0;

diff --git a/src/regress/lib/libssl/dtls/dtlstest.c b/src/regress/lib/libssl/dtls/dtlstest.c index becc500c90..91b2599dda 100644 --- a/src/regress/lib/libssl/dtls/dtlstest.c +++ b/src/regress/lib/libssl/dtls/dtlstest.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: dtlstest.c,v 1.11 2021/06/19 15:52:41 jsing Exp $ */	1	/* $OpenBSD: dtlstest.c,v 1.12 2021/06/19 16:29:51 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2020, 2021 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2020, 2021 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -294,13 +294,11 @@ BIO_packet_monkey_delay(BIO *bio, int num, int count)
294	return BIO_ctrl(bio, BIO_C_DELAY_PACKET, num, NULL);	294	return BIO_ctrl(bio, BIO_C_DELAY_PACKET, num, NULL);
295	}	295	}
296		296
297	#if 0
298	static int	297	static int
299	BIO_packet_monkey_delay_flush(BIO *bio)	298	BIO_packet_monkey_delay_flush(BIO *bio)
300	{	299	{
301	return BIO_ctrl(bio, BIO_C_DELAY_FLUSH, 0, NULL);	300	return BIO_ctrl(bio, BIO_C_DELAY_FLUSH, 0, NULL);
302	}	301	}
303	#endif
304		302
305	static int	303	static int
306	BIO_packet_monkey_drop(BIO *bio, int num)	304	BIO_packet_monkey_drop(BIO *bio, int num)
@@ -513,13 +511,60 @@ do_connect(SSL ssl, const char name, int done, short events)
513	{	511	{
514	int ssl_ret;	512	int ssl_ret;
515		513
516	if ((ssl_ret = SSL_connect(ssl)) == 1) {	514	if ((ssl_ret = SSL_connect(ssl)) != 1)
517	fprintf(stderr, "INFO: %s connect done\n", name);	515	return ssl_error(ssl, name, "connect", ssl_ret, events);
518	*done = 1;	516
519	return 1;	517	fprintf(stderr, "INFO: %s connect done\n", name);
		518	*done = 1;
		519
		520	return 1;
		521	}
		522
		523	static int
		524	do_connect_read(SSL ssl, const char name, int done, short events)
		525	{
		526	uint8_t buf[2048];
		527	int ssl_ret;
		528	int i;
		529
		530	if ((ssl_ret = SSL_connect(ssl)) != 1)
		531	return ssl_error(ssl, name, "connect", ssl_ret, events);
		532
		533	fprintf(stderr, "INFO: %s connect done\n", name);
		534	*done = 1;
		535
		536	for (i = 0; i < 3; i++) {
		537	fprintf(stderr, "INFO: %s reading after connect\n", name);
		538	if ((ssl_ret = SSL_read(ssl, buf, sizeof(buf))) != 3) {
		539	fprintf(stderr, "ERROR: %s read failed\n", name);
		540	return 0;
		541	}
520	}	542	}
521		543
522	return ssl_error(ssl, name, "connect", ssl_ret, events);	544	return 1;
		545	}
		546
		547	static int
		548	do_connect_shutdown(SSL ssl, const char name, int done, short events)
		549	{
		550	uint8_t buf[2048];
		551	int ssl_ret;
		552
		553	if ((ssl_ret = SSL_connect(ssl)) != 1)
		554	return ssl_error(ssl, name, "connect", ssl_ret, events);
		555
		556	fprintf(stderr, "INFO: %s connect done\n", name);
		557	*done = 1;
		558
		559	ssl_ret = SSL_read(ssl, buf, sizeof(buf));
		560	if (SSL_get_error(ssl, ssl_ret) != SSL_ERROR_ZERO_RETURN) {
		561	fprintf(stderr, "FAIL: %s did not receive close-notify\n", name);
		562	return 0;
		563	}
		564
		565	fprintf(stderr, "INFO: %s received close-notify\n", name);
		566
		567	return 1;
523	}	568	}
524		569
525	static int	570	static int
@@ -527,13 +572,66 @@ do_accept(SSL ssl, const char name, int done, short events)
527	{	572	{
528	int ssl_ret;	573	int ssl_ret;
529		574
530	if ((ssl_ret = SSL_accept(ssl)) == 1) {	575	if ((ssl_ret = SSL_accept(ssl)) != 1)
531	fprintf(stderr, "INFO: %s accept done\n", name);	576	return ssl_error(ssl, name, "accept", ssl_ret, events);
532	*done = 1;	577
533	return 1;	578	fprintf(stderr, "INFO: %s accept done\n", name);
		579	*done = 1;
		580
		581	return 1;
		582	}
		583
		584	static int
		585	do_accept_write(SSL ssl, const char name, int done, short events)
		586	{
		587	int ssl_ret;
		588	BIO *bio;
		589	int i;
		590
		591	if ((ssl_ret = SSL_accept(ssl)) != 1)
		592	return ssl_error(ssl, name, "accept", ssl_ret, events);
		593
		594	fprintf(stderr, "INFO: %s accept done\n", name);
		595
		596	for (i = 0; i < 3; i++) {
		597	fprintf(stderr, "INFO: %s writing after accept\n", name);
		598	if ((ssl_ret = SSL_write(ssl, "abc", 3)) != 3) {
		599	fprintf(stderr, "ERROR: %s write failed\n", name);
		600	return 0;
		601	}
534	}	602	}
535		603
536	return ssl_error(ssl, name, "accept", ssl_ret, events);	604	if ((bio = SSL_get_wbio(ssl)) == NULL)
		605	errx(1, "SSL has NULL bio");
		606
		607	/* Flush any delayed packets. */
		608	BIO_packet_monkey_delay_flush(bio);
		609
		610	*done = 1;
		611	return 1;
		612	}
		613
		614	static int
		615	do_accept_shutdown(SSL ssl, const char name, int done, short events)
		616	{
		617	int ssl_ret;
		618	BIO *bio;
		619
		620	if ((ssl_ret = SSL_accept(ssl)) != 1)
		621	return ssl_error(ssl, name, "accept", ssl_ret, events);
		622
		623	fprintf(stderr, "INFO: %s accept done\n", name);
		624
		625	SSL_shutdown(ssl);
		626
		627	if ((bio = SSL_get_wbio(ssl)) == NULL)
		628	errx(1, "SSL has NULL bio");
		629
		630	/* Flush any delayed packets. */
		631	BIO_packet_monkey_delay_flush(bio);
		632
		633	*done = 1;
		634	return 1;
537	}	635	}
538		636
539	static int	637	static int
@@ -582,11 +680,11 @@ do_shutdown(SSL ssl, const char name, int done, short events)
582	return ssl_error(ssl, name, "shutdown", ssl_ret, events);	680	return ssl_error(ssl, name, "shutdown", ssl_ret, events);
583	}	681	}
584		682
585	typedef int (ssl_func)(SSL ssl, const char name, int done, short *events);	683	typedef int (ssl_func)(SSL ssl, const char name, int done, short events);
586		684
587	static int	685	static int
588	do_client_server_loop(SSL client, ssl_func client_func, SSL server,	686	do_client_server_loop(SSL client, ssl_func client_func, SSL *server,
589	ssl_func server_func, struct pollfd pfd[2])	687	ssl_func *server_func, struct pollfd pfd[2])
590	{	688	{
591	int client_done = 0, server_done = 0;	689	int client_done = 0, server_done = 0;
592	int i = 0;	690	int i = 0;
@@ -642,6 +740,8 @@ struct dtls_test {
642	long ssl_options;	740	long ssl_options;
643	int client_bbio_off;	741	int client_bbio_off;
644	int server_bbio_off;	742	int server_bbio_off;
		743	int write_after_accept;
		744	int shutdown_after_accept;
645	struct dtls_delay client_delays[MAX_PACKET_DELAYS];	745	struct dtls_delay client_delays[MAX_PACKET_DELAYS];
646	struct dtls_delay server_delays[MAX_PACKET_DELAYS];	746	struct dtls_delay server_delays[MAX_PACKET_DELAYS];
647	uint8_t client_drops[MAX_PACKET_DROPS];	747	uint8_t client_drops[MAX_PACKET_DROPS];
@@ -748,6 +848,33 @@ static const struct dtls_test dtls_tests[] = {
748	.client_bbio_off = 1,	848	.client_bbio_off = 1,
749	.client_delays = { { 3, 2 } },	849	.client_delays = { { 3, 2 } },
750	},	850	},
		851	{
		852	/*
		853	* Send CCS after server Finished - note app data will be
		854	* dropped if we send the CCS after app data.
		855	*/
		856	.desc = "DTLS with delayed server CCS",
		857	.ssl_options = SSL_OP_NO_TICKET,
		858	.server_bbio_off = 1,
		859	.server_delays = { { 5, 2 } },
		860	.write_after_accept = 1,
		861	},
		862	{
		863	/* Send Finished after app data - this is currently buffered. */
		864	.desc = "DTLS with delayed server Finished",
		865	.ssl_options = SSL_OP_NO_TICKET,
		866	.server_bbio_off = 1,
		867	.server_delays = { { 6, 3 } },
		868	.write_after_accept = 1,
		869	},
		870	{
		871	/* Send CCS after server finished and close-notify. */
		872	.desc = "DTLS with delayed server CCS (close-notify)",
		873	.ssl_options = SSL_OP_NO_TICKET,
		874	.server_bbio_off = 1,
		875	.server_delays = { { 5, 3 } },
		876	.shutdown_after_accept = 1,
		877	},
751	};	878	};
752		879
753	#define N_DTLS_TESTS (sizeof(dtls_tests) / sizeof(*dtls_tests))	880	#define N_DTLS_TESTS (sizeof(dtls_tests) / sizeof(*dtls_tests))
@@ -791,6 +918,7 @@ static int
791	dtlstest(const struct dtls_test *dt)	918	dtlstest(const struct dtls_test *dt)
792	{	919	{
793	SSL client = NULL, server = NULL;	920	SSL client = NULL, server = NULL;
		921	ssl_func connect_func, accept_func;
794	struct sockaddr_in server_sin;	922	struct sockaddr_in server_sin;
795	struct pollfd pfd[2];	923	struct pollfd pfd[2];
796	int client_sock = -1;	924	int client_sock = -1;
@@ -820,11 +948,25 @@ dtlstest(const struct dtls_test *dt)
820	pfd[1].fd = server_sock;	948	pfd[1].fd = server_sock;
821	pfd[1].events = POLLIN;	949	pfd[1].events = POLLIN;
822		950
823	if (!do_client_server_loop(client, do_connect, server, do_accept, pfd)) {	951	accept_func = do_accept;
		952	connect_func = do_connect;
		953
		954	if (dt->write_after_accept) {
		955	accept_func = do_accept_write;
		956	connect_func = do_connect_read;
		957	} else if (dt->shutdown_after_accept) {
		958	accept_func = do_accept_shutdown;
		959	connect_func = do_connect_shutdown;
		960	}
		961
		962	if (!do_client_server_loop(client, connect_func, server, accept_func, pfd)) {
824	fprintf(stderr, "FAIL: client and server handshake failed\n");	963	fprintf(stderr, "FAIL: client and server handshake failed\n");
825	goto failure;	964	goto failure;
826	}	965	}
827		966
		967	if (dt->write_after_accept \|\| dt->shutdown_after_accept)
		968	goto done;
		969
828	pfd[0].events = POLLIN;	970	pfd[0].events = POLLIN;
829	pfd[1].events = POLLOUT;	971	pfd[1].events = POLLOUT;
830		972
@@ -849,6 +991,7 @@ dtlstest(const struct dtls_test *dt)
849	goto failure;	991	goto failure;
850	}	992	}
851		993
		994	done:
852	fprintf(stderr, "INFO: Done!\n");	995	fprintf(stderr, "INFO: Done!\n");
853		996
854	failed = 0;	997	failed = 0;