From e5895fba963b225b4275079fc84444579ae34b3d Mon Sep 17 00:00:00 2001 From: jsing <> Date: Sat, 19 Jun 2021 17:11:34 +0000 Subject: Add DTLS test cases that use non-zero initial epochs. In particular, test handling of 0xfffe and 0xffff - the latter results in wrapping to zero for the next epoch. One of these tests triggers a known bug in libssl, which will be fixed following this commit. --- src/regress/lib/libssl/dtls/Makefile | 9 ++++---- src/regress/lib/libssl/dtls/dtlstest.c | 40 +++++++++++++++++++++++++++++++++- 2 files changed, 44 insertions(+), 5 deletions(-) diff --git a/src/regress/lib/libssl/dtls/Makefile b/src/regress/lib/libssl/dtls/Makefile index 5d25cde2ee..79ca4077d3 100644 --- a/src/regress/lib/libssl/dtls/Makefile +++ b/src/regress/lib/libssl/dtls/Makefile @@ -1,10 +1,11 @@ -# $OpenBSD: Makefile,v 1.1 2020/10/14 15:49:14 jsing Exp $ +# $OpenBSD: Makefile,v 1.2 2021/06/19 17:11:34 jsing Exp $ -PROG= dtlstest -LDADD= -lssl -lcrypto -DPADD= ${LIBSSL} ${LIBCRYPTO} +PROG= dtlstest +LDADD= ${SSL_INT} -lcrypto +DPADD= ${LIBSSL} ${LIBCRYPTO} WARNINGS= Yes CFLAGS+= -DLIBRESSL_INTERNAL -Werror +CFLAGS+= -I${.CURDIR}/../../../../lib/libssl REGRESS_TARGETS= \ regress-dtlstest diff --git a/src/regress/lib/libssl/dtls/dtlstest.c b/src/regress/lib/libssl/dtls/dtlstest.c index 91b2599dda..30d8525971 100644 --- a/src/regress/lib/libssl/dtls/dtlstest.c +++ b/src/regress/lib/libssl/dtls/dtlstest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dtlstest.c,v 1.12 2021/06/19 16:29:51 jsing Exp $ */ +/* $OpenBSD: dtlstest.c,v 1.13 2021/06/19 17:11:34 jsing Exp $ */ /* * Copyright (c) 2020, 2021 Joel Sing * @@ -27,6 +27,8 @@ #include #include +#include "ssl_locl.h" + const char *server_ca_file; const char *server_cert_file; const char *server_key_file; @@ -35,6 +37,9 @@ char dtls_cookie[32]; int debug = 0; +void tls12_record_layer_set_initial_epoch(struct tls12_record_layer *rl, + uint16_t epoch); + static void hexdump(const unsigned char *buf, size_t len) { @@ -740,6 +745,7 @@ struct dtls_test { long ssl_options; int client_bbio_off; int server_bbio_off; + uint16_t initial_epoch; int write_after_accept; int shutdown_after_accept; struct dtls_delay client_delays[MAX_PACKET_DELAYS]; @@ -753,6 +759,16 @@ static const struct dtls_test dtls_tests[] = { .desc = "DTLS without cookies", .ssl_options = 0, }, + { + .desc = "DTLS without cookies (initial epoch 0xfffe)", + .ssl_options = 0, + .initial_epoch = 0xfffe, + }, + { + .desc = "DTLS without cookies (initial epoch 0xffff)", + .ssl_options = 0, + .initial_epoch = 0xffff, + }, { .desc = "DTLS with cookies", .ssl_options = SSL_OP_COOKIE_EXCHANGE, @@ -859,6 +875,22 @@ static const struct dtls_test dtls_tests[] = { .server_delays = { { 5, 2 } }, .write_after_accept = 1, }, + { + .desc = "DTLS with delayed server CCS (initial epoch 0xfffe)", + .ssl_options = SSL_OP_NO_TICKET, + .server_bbio_off = 1, + .initial_epoch = 0xfffe, + .server_delays = { { 5, 2 } }, + .write_after_accept = 1, + }, + { + .desc = "DTLS with delayed server CCS (initial epoch 0xffff)", + .ssl_options = SSL_OP_NO_TICKET, + .server_bbio_off = 1, + .initial_epoch = 0xffff, + .server_delays = { { 5, 2 } }, + .write_after_accept = 1, + }, { /* Send Finished after app data - this is currently buffered. */ .desc = "DTLS with delayed server Finished", @@ -932,9 +964,15 @@ dtlstest(const struct dtls_test *dt) if ((client = dtls_client(client_sock, &server_sin, dt->mtu)) == NULL) goto failure; + if ((server = dtls_server(server_sock, dt->ssl_options, dt->mtu)) == NULL) goto failure; + tls12_record_layer_set_initial_epoch(client->internal->rl, + dt->initial_epoch); + tls12_record_layer_set_initial_epoch(server->internal->rl, + dt->initial_epoch); + if (dt->client_bbio_off) SSL_set_info_callback(client, dtls_info_callback); if (dt->server_bbio_off) -- cgit v1.2.3-55-g6feb