diff options
Diffstat (limited to '')
| -rw-r--r-- | src/regress/lib/libssl/dtls/Makefile | 9 | ||||
| -rw-r--r-- | src/regress/lib/libssl/dtls/dtlstest.c | 40 |
2 files changed, 44 insertions, 5 deletions
diff --git a/src/regress/lib/libssl/dtls/Makefile b/src/regress/lib/libssl/dtls/Makefile index 5d25cde2ee..79ca4077d3 100644 --- a/src/regress/lib/libssl/dtls/Makefile +++ b/src/regress/lib/libssl/dtls/Makefile | |||
| @@ -1,10 +1,11 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.1 2020/10/14 15:49:14 jsing Exp $ | 1 | # $OpenBSD: Makefile,v 1.2 2021/06/19 17:11:34 jsing Exp $ |
| 2 | 2 | ||
| 3 | PROG= dtlstest | 3 | PROG= dtlstest |
| 4 | LDADD= -lssl -lcrypto | 4 | LDADD= ${SSL_INT} -lcrypto |
| 5 | DPADD= ${LIBSSL} ${LIBCRYPTO} | 5 | DPADD= ${LIBSSL} ${LIBCRYPTO} |
| 6 | WARNINGS= Yes | 6 | WARNINGS= Yes |
| 7 | CFLAGS+= -DLIBRESSL_INTERNAL -Werror | 7 | CFLAGS+= -DLIBRESSL_INTERNAL -Werror |
| 8 | CFLAGS+= -I${.CURDIR}/../../../../lib/libssl | ||
| 8 | 9 | ||
| 9 | REGRESS_TARGETS= \ | 10 | REGRESS_TARGETS= \ |
| 10 | regress-dtlstest | 11 | regress-dtlstest |
diff --git a/src/regress/lib/libssl/dtls/dtlstest.c b/src/regress/lib/libssl/dtls/dtlstest.c index 91b2599dda..30d8525971 100644 --- a/src/regress/lib/libssl/dtls/dtlstest.c +++ b/src/regress/lib/libssl/dtls/dtlstest.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: dtlstest.c,v 1.12 2021/06/19 16:29:51 jsing Exp $ */ | 1 | /* $OpenBSD: dtlstest.c,v 1.13 2021/06/19 17:11:34 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2020, 2021 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2020, 2021 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -27,6 +27,8 @@ | |||
| 27 | #include <openssl/err.h> | 27 | #include <openssl/err.h> |
| 28 | #include <openssl/ssl.h> | 28 | #include <openssl/ssl.h> |
| 29 | 29 | ||
| 30 | #include "ssl_locl.h" | ||
| 31 | |||
| 30 | const char *server_ca_file; | 32 | const char *server_ca_file; |
| 31 | const char *server_cert_file; | 33 | const char *server_cert_file; |
| 32 | const char *server_key_file; | 34 | const char *server_key_file; |
| @@ -35,6 +37,9 @@ char dtls_cookie[32]; | |||
| 35 | 37 | ||
| 36 | int debug = 0; | 38 | int debug = 0; |
| 37 | 39 | ||
| 40 | void tls12_record_layer_set_initial_epoch(struct tls12_record_layer *rl, | ||
| 41 | uint16_t epoch); | ||
| 42 | |||
| 38 | static void | 43 | static void |
| 39 | hexdump(const unsigned char *buf, size_t len) | 44 | hexdump(const unsigned char *buf, size_t len) |
| 40 | { | 45 | { |
| @@ -740,6 +745,7 @@ struct dtls_test { | |||
| 740 | long ssl_options; | 745 | long ssl_options; |
| 741 | int client_bbio_off; | 746 | int client_bbio_off; |
| 742 | int server_bbio_off; | 747 | int server_bbio_off; |
| 748 | uint16_t initial_epoch; | ||
| 743 | int write_after_accept; | 749 | int write_after_accept; |
| 744 | int shutdown_after_accept; | 750 | int shutdown_after_accept; |
| 745 | struct dtls_delay client_delays[MAX_PACKET_DELAYS]; | 751 | struct dtls_delay client_delays[MAX_PACKET_DELAYS]; |
| @@ -754,6 +760,16 @@ static const struct dtls_test dtls_tests[] = { | |||
| 754 | .ssl_options = 0, | 760 | .ssl_options = 0, |
| 755 | }, | 761 | }, |
| 756 | { | 762 | { |
| 763 | .desc = "DTLS without cookies (initial epoch 0xfffe)", | ||
| 764 | .ssl_options = 0, | ||
| 765 | .initial_epoch = 0xfffe, | ||
| 766 | }, | ||
| 767 | { | ||
| 768 | .desc = "DTLS without cookies (initial epoch 0xffff)", | ||
| 769 | .ssl_options = 0, | ||
| 770 | .initial_epoch = 0xffff, | ||
| 771 | }, | ||
| 772 | { | ||
| 757 | .desc = "DTLS with cookies", | 773 | .desc = "DTLS with cookies", |
| 758 | .ssl_options = SSL_OP_COOKIE_EXCHANGE, | 774 | .ssl_options = SSL_OP_COOKIE_EXCHANGE, |
| 759 | }, | 775 | }, |
| @@ -860,6 +876,22 @@ static const struct dtls_test dtls_tests[] = { | |||
| 860 | .write_after_accept = 1, | 876 | .write_after_accept = 1, |
| 861 | }, | 877 | }, |
| 862 | { | 878 | { |
| 879 | .desc = "DTLS with delayed server CCS (initial epoch 0xfffe)", | ||
| 880 | .ssl_options = SSL_OP_NO_TICKET, | ||
| 881 | .server_bbio_off = 1, | ||
| 882 | .initial_epoch = 0xfffe, | ||
| 883 | .server_delays = { { 5, 2 } }, | ||
| 884 | .write_after_accept = 1, | ||
| 885 | }, | ||
| 886 | { | ||
| 887 | .desc = "DTLS with delayed server CCS (initial epoch 0xffff)", | ||
| 888 | .ssl_options = SSL_OP_NO_TICKET, | ||
| 889 | .server_bbio_off = 1, | ||
| 890 | .initial_epoch = 0xffff, | ||
| 891 | .server_delays = { { 5, 2 } }, | ||
| 892 | .write_after_accept = 1, | ||
| 893 | }, | ||
| 894 | { | ||
| 863 | /* Send Finished after app data - this is currently buffered. */ | 895 | /* Send Finished after app data - this is currently buffered. */ |
| 864 | .desc = "DTLS with delayed server Finished", | 896 | .desc = "DTLS with delayed server Finished", |
| 865 | .ssl_options = SSL_OP_NO_TICKET, | 897 | .ssl_options = SSL_OP_NO_TICKET, |
| @@ -932,9 +964,15 @@ dtlstest(const struct dtls_test *dt) | |||
| 932 | 964 | ||
| 933 | if ((client = dtls_client(client_sock, &server_sin, dt->mtu)) == NULL) | 965 | if ((client = dtls_client(client_sock, &server_sin, dt->mtu)) == NULL) |
| 934 | goto failure; | 966 | goto failure; |
| 967 | |||
| 935 | if ((server = dtls_server(server_sock, dt->ssl_options, dt->mtu)) == NULL) | 968 | if ((server = dtls_server(server_sock, dt->ssl_options, dt->mtu)) == NULL) |
| 936 | goto failure; | 969 | goto failure; |
| 937 | 970 | ||
| 971 | tls12_record_layer_set_initial_epoch(client->internal->rl, | ||
| 972 | dt->initial_epoch); | ||
| 973 | tls12_record_layer_set_initial_epoch(server->internal->rl, | ||
| 974 | dt->initial_epoch); | ||
| 975 | |||
| 938 | if (dt->client_bbio_off) | 976 | if (dt->client_bbio_off) |
| 939 | SSL_set_info_callback(client, dtls_info_callback); | 977 | SSL_set_info_callback(client, dtls_info_callback); |
| 940 | if (dt->server_bbio_off) | 978 | if (dt->server_bbio_off) |