1 | /*
|
---|
2 | * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
|
---|
3 | *
|
---|
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use
|
---|
5 | * this file except in compliance with the License. You can obtain a copy
|
---|
6 | * in the file LICENSE in the source distribution or at
|
---|
7 | * https://www.openssl.org/source/license.html
|
---|
8 | */
|
---|
9 |
|
---|
10 | #include <string.h>
|
---|
11 | #include <openssl/bio.h>
|
---|
12 | #include <openssl/crypto.h>
|
---|
13 | #include <openssl/ssl.h>
|
---|
14 | #include <openssl/err.h>
|
---|
15 |
|
---|
16 | #include "helpers/ssltestlib.h"
|
---|
17 | #include "testutil.h"
|
---|
18 |
|
---|
19 | static char *cert = NULL;
|
---|
20 | static char *privkey = NULL;
|
---|
21 | static unsigned int timer_cb_count;
|
---|
22 |
|
---|
23 | #define NUM_TESTS 2
|
---|
24 |
|
---|
25 |
|
---|
26 | #define DUMMY_CERT_STATUS_LEN 12
|
---|
27 |
|
---|
28 | static unsigned char certstatus[] = {
|
---|
29 | SSL3_RT_HANDSHAKE, /* Content type */
|
---|
30 | 0xfe, 0xfd, /* Record version */
|
---|
31 | 0, 1, /* Epoch */
|
---|
32 | 0, 0, 0, 0, 0, 0x0f, /* Record sequence number */
|
---|
33 | 0, DTLS1_HM_HEADER_LENGTH + DUMMY_CERT_STATUS_LEN - 2,
|
---|
34 | SSL3_MT_CERTIFICATE_STATUS, /* Cert Status handshake message type */
|
---|
35 | 0, 0, DUMMY_CERT_STATUS_LEN, /* Message len */
|
---|
36 | 0, 5, /* Message sequence */
|
---|
37 | 0, 0, 0, /* Fragment offset */
|
---|
38 | 0, 0, DUMMY_CERT_STATUS_LEN - 2, /* Fragment len */
|
---|
39 | 0x80, 0x80, 0x80, 0x80, 0x80,
|
---|
40 | 0x80, 0x80, 0x80, 0x80, 0x80 /* Dummy data */
|
---|
41 | };
|
---|
42 |
|
---|
43 | #define RECORD_SEQUENCE 10
|
---|
44 |
|
---|
45 | static const char dummy_cookie[] = "0123456";
|
---|
46 |
|
---|
47 | static int generate_cookie_cb(SSL *ssl, unsigned char *cookie,
|
---|
48 | unsigned int *cookie_len)
|
---|
49 | {
|
---|
50 | memcpy(cookie, dummy_cookie, sizeof(dummy_cookie));
|
---|
51 | *cookie_len = sizeof(dummy_cookie);
|
---|
52 | return 1;
|
---|
53 | }
|
---|
54 |
|
---|
55 | static int verify_cookie_cb(SSL *ssl, const unsigned char *cookie,
|
---|
56 | unsigned int cookie_len)
|
---|
57 | {
|
---|
58 | return TEST_mem_eq(cookie, cookie_len, dummy_cookie, sizeof(dummy_cookie));
|
---|
59 | }
|
---|
60 |
|
---|
61 | static unsigned int timer_cb(SSL *s, unsigned int timer_us)
|
---|
62 | {
|
---|
63 | ++timer_cb_count;
|
---|
64 |
|
---|
65 | if (timer_us == 0)
|
---|
66 | return 50000;
|
---|
67 | else
|
---|
68 | return 2 * timer_us;
|
---|
69 | }
|
---|
70 |
|
---|
71 | static int test_dtls_unprocessed(int testidx)
|
---|
72 | {
|
---|
73 | SSL_CTX *sctx = NULL, *cctx = NULL;
|
---|
74 | SSL *serverssl1 = NULL, *clientssl1 = NULL;
|
---|
75 | BIO *c_to_s_fbio, *c_to_s_mempacket;
|
---|
76 | int testresult = 0;
|
---|
77 |
|
---|
78 | timer_cb_count = 0;
|
---|
79 |
|
---|
80 | if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(),
|
---|
81 | DTLS_client_method(),
|
---|
82 | DTLS1_VERSION, 0,
|
---|
83 | &sctx, &cctx, cert, privkey)))
|
---|
84 | return 0;
|
---|
85 |
|
---|
86 | #ifndef OPENSSL_NO_DTLS1_2
|
---|
87 | if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "AES128-SHA")))
|
---|
88 | goto end;
|
---|
89 | #else
|
---|
90 | /* Default sigalgs are SHA1 based in <DTLS1.2 which is in security level 0 */
|
---|
91 | if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "AES128-SHA:@SECLEVEL=0"))
|
---|
92 | || !TEST_true(SSL_CTX_set_cipher_list(cctx,
|
---|
93 | "AES128-SHA:@SECLEVEL=0")))
|
---|
94 | goto end;
|
---|
95 | #endif
|
---|
96 |
|
---|
97 | c_to_s_fbio = BIO_new(bio_f_tls_dump_filter());
|
---|
98 | if (!TEST_ptr(c_to_s_fbio))
|
---|
99 | goto end;
|
---|
100 |
|
---|
101 | /* BIO is freed by create_ssl_connection on error */
|
---|
102 | if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1,
|
---|
103 | NULL, c_to_s_fbio)))
|
---|
104 | goto end;
|
---|
105 |
|
---|
106 | DTLS_set_timer_cb(clientssl1, timer_cb);
|
---|
107 |
|
---|
108 | if (testidx == 1)
|
---|
109 | certstatus[RECORD_SEQUENCE] = 0xff;
|
---|
110 |
|
---|
111 | /*
|
---|
112 | * Inject a dummy record from the next epoch. In test 0, this should never
|
---|
113 | * get used because the message sequence number is too big. In test 1 we set
|
---|
114 | * the record sequence number to be way off in the future.
|
---|
115 | */
|
---|
116 | c_to_s_mempacket = SSL_get_wbio(clientssl1);
|
---|
117 | c_to_s_mempacket = BIO_next(c_to_s_mempacket);
|
---|
118 | mempacket_test_inject(c_to_s_mempacket, (char *)certstatus,
|
---|
119 | sizeof(certstatus), 1, INJECT_PACKET_IGNORE_REC_SEQ);
|
---|
120 |
|
---|
121 | /*
|
---|
122 | * Create the connection. We use "create_bare_ssl_connection" here so that
|
---|
123 | * we can force the connection to not do "SSL_read" once partly connected.
|
---|
124 | * We don't want to accidentally read the dummy records we injected because
|
---|
125 | * they will fail to decrypt.
|
---|
126 | */
|
---|
127 | if (!TEST_true(create_bare_ssl_connection(serverssl1, clientssl1,
|
---|
128 | SSL_ERROR_NONE, 0)))
|
---|
129 | goto end;
|
---|
130 |
|
---|
131 | if (timer_cb_count == 0) {
|
---|
132 | printf("timer_callback was not called.\n");
|
---|
133 | goto end;
|
---|
134 | }
|
---|
135 |
|
---|
136 | testresult = 1;
|
---|
137 | end:
|
---|
138 | SSL_free(serverssl1);
|
---|
139 | SSL_free(clientssl1);
|
---|
140 | SSL_CTX_free(sctx);
|
---|
141 | SSL_CTX_free(cctx);
|
---|
142 |
|
---|
143 | return testresult;
|
---|
144 | }
|
---|
145 |
|
---|
146 | /* One record for the cookieless initial ClientHello */
|
---|
147 | #define CLI_TO_SRV_COOKIE_EXCH 1
|
---|
148 |
|
---|
149 | /*
|
---|
150 | * In a resumption handshake we use 2 records for the initial ClientHello in
|
---|
151 | * this test because we are using a very small MTU and the ClientHello is
|
---|
152 | * bigger than in the non resumption case.
|
---|
153 | */
|
---|
154 | #define CLI_TO_SRV_RESUME_COOKIE_EXCH 2
|
---|
155 | #define SRV_TO_CLI_COOKIE_EXCH 1
|
---|
156 |
|
---|
157 | #define CLI_TO_SRV_EPOCH_0_RECS 3
|
---|
158 | #define CLI_TO_SRV_EPOCH_1_RECS 1
|
---|
159 | #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
|
---|
160 | # define SRV_TO_CLI_EPOCH_0_RECS 10
|
---|
161 | #else
|
---|
162 | /*
|
---|
163 | * In this case we have no ServerKeyExchange message, because we don't have
|
---|
164 | * ECDHE or DHE. When it is present it gets fragmented into 3 records in this
|
---|
165 | * test.
|
---|
166 | */
|
---|
167 | # define SRV_TO_CLI_EPOCH_0_RECS 9
|
---|
168 | #endif
|
---|
169 | #define SRV_TO_CLI_EPOCH_1_RECS 1
|
---|
170 | #define TOTAL_FULL_HAND_RECORDS \
|
---|
171 | (CLI_TO_SRV_COOKIE_EXCH + SRV_TO_CLI_COOKIE_EXCH + \
|
---|
172 | CLI_TO_SRV_EPOCH_0_RECS + CLI_TO_SRV_EPOCH_1_RECS + \
|
---|
173 | SRV_TO_CLI_EPOCH_0_RECS + SRV_TO_CLI_EPOCH_1_RECS)
|
---|
174 |
|
---|
175 | #define CLI_TO_SRV_RESUME_EPOCH_0_RECS 3
|
---|
176 | #define CLI_TO_SRV_RESUME_EPOCH_1_RECS 1
|
---|
177 | #define SRV_TO_CLI_RESUME_EPOCH_0_RECS 2
|
---|
178 | #define SRV_TO_CLI_RESUME_EPOCH_1_RECS 1
|
---|
179 | #define TOTAL_RESUME_HAND_RECORDS \
|
---|
180 | (CLI_TO_SRV_RESUME_COOKIE_EXCH + SRV_TO_CLI_COOKIE_EXCH + \
|
---|
181 | CLI_TO_SRV_RESUME_EPOCH_0_RECS + CLI_TO_SRV_RESUME_EPOCH_1_RECS + \
|
---|
182 | SRV_TO_CLI_RESUME_EPOCH_0_RECS + SRV_TO_CLI_RESUME_EPOCH_1_RECS)
|
---|
183 |
|
---|
184 | #define TOTAL_RECORDS (TOTAL_FULL_HAND_RECORDS + TOTAL_RESUME_HAND_RECORDS)
|
---|
185 |
|
---|
186 | /*
|
---|
187 | * We are assuming a ServerKeyExchange message is sent in this test. If we don't
|
---|
188 | * have either DH or EC, then it won't be
|
---|
189 | */
|
---|
190 | #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
|
---|
191 | static int test_dtls_drop_records(int idx)
|
---|
192 | {
|
---|
193 | SSL_CTX *sctx = NULL, *cctx = NULL;
|
---|
194 | SSL *serverssl = NULL, *clientssl = NULL;
|
---|
195 | BIO *c_to_s_fbio, *mempackbio;
|
---|
196 | int testresult = 0;
|
---|
197 | int epoch = 0;
|
---|
198 | SSL_SESSION *sess = NULL;
|
---|
199 | int cli_to_srv_cookie, cli_to_srv_epoch0, cli_to_srv_epoch1;
|
---|
200 | int srv_to_cli_epoch0;
|
---|
201 |
|
---|
202 | if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(),
|
---|
203 | DTLS_client_method(),
|
---|
204 | DTLS1_VERSION, 0,
|
---|
205 | &sctx, &cctx, cert, privkey)))
|
---|
206 | return 0;
|
---|
207 |
|
---|
208 | #ifdef OPENSSL_NO_DTLS1_2
|
---|
209 | /* Default sigalgs are SHA1 based in <DTLS1.2 which is in security level 0 */
|
---|
210 | if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0"))
|
---|
211 | || !TEST_true(SSL_CTX_set_cipher_list(cctx,
|
---|
212 | "DEFAULT:@SECLEVEL=0")))
|
---|
213 | goto end;
|
---|
214 | #endif
|
---|
215 |
|
---|
216 | if (!TEST_true(SSL_CTX_set_dh_auto(sctx, 1)))
|
---|
217 | goto end;
|
---|
218 |
|
---|
219 | SSL_CTX_set_options(sctx, SSL_OP_COOKIE_EXCHANGE);
|
---|
220 | SSL_CTX_set_cookie_generate_cb(sctx, generate_cookie_cb);
|
---|
221 | SSL_CTX_set_cookie_verify_cb(sctx, verify_cookie_cb);
|
---|
222 |
|
---|
223 | if (idx >= TOTAL_FULL_HAND_RECORDS) {
|
---|
224 | /* We're going to do a resumption handshake. Get a session first. */
|
---|
225 | if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
|
---|
226 | NULL, NULL))
|
---|
227 | || !TEST_true(create_ssl_connection(serverssl, clientssl,
|
---|
228 | SSL_ERROR_NONE))
|
---|
229 | || !TEST_ptr(sess = SSL_get1_session(clientssl)))
|
---|
230 | goto end;
|
---|
231 |
|
---|
232 | SSL_shutdown(clientssl);
|
---|
233 | SSL_shutdown(serverssl);
|
---|
234 | SSL_free(serverssl);
|
---|
235 | SSL_free(clientssl);
|
---|
236 | serverssl = clientssl = NULL;
|
---|
237 |
|
---|
238 | cli_to_srv_epoch0 = CLI_TO_SRV_RESUME_EPOCH_0_RECS;
|
---|
239 | cli_to_srv_epoch1 = CLI_TO_SRV_RESUME_EPOCH_1_RECS;
|
---|
240 | srv_to_cli_epoch0 = SRV_TO_CLI_RESUME_EPOCH_0_RECS;
|
---|
241 | cli_to_srv_cookie = CLI_TO_SRV_RESUME_COOKIE_EXCH;
|
---|
242 | idx -= TOTAL_FULL_HAND_RECORDS;
|
---|
243 | } else {
|
---|
244 | cli_to_srv_epoch0 = CLI_TO_SRV_EPOCH_0_RECS;
|
---|
245 | cli_to_srv_epoch1 = CLI_TO_SRV_EPOCH_1_RECS;
|
---|
246 | srv_to_cli_epoch0 = SRV_TO_CLI_EPOCH_0_RECS;
|
---|
247 | cli_to_srv_cookie = CLI_TO_SRV_COOKIE_EXCH;
|
---|
248 | }
|
---|
249 |
|
---|
250 | c_to_s_fbio = BIO_new(bio_f_tls_dump_filter());
|
---|
251 | if (!TEST_ptr(c_to_s_fbio))
|
---|
252 | goto end;
|
---|
253 |
|
---|
254 | /* BIO is freed by create_ssl_connection on error */
|
---|
255 | if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
|
---|
256 | NULL, c_to_s_fbio)))
|
---|
257 | goto end;
|
---|
258 |
|
---|
259 | if (sess != NULL) {
|
---|
260 | if (!TEST_true(SSL_set_session(clientssl, sess)))
|
---|
261 | goto end;
|
---|
262 | }
|
---|
263 |
|
---|
264 | DTLS_set_timer_cb(clientssl, timer_cb);
|
---|
265 | DTLS_set_timer_cb(serverssl, timer_cb);
|
---|
266 |
|
---|
267 | /* Work out which record to drop based on the test number */
|
---|
268 | if (idx >= cli_to_srv_cookie + cli_to_srv_epoch0 + cli_to_srv_epoch1) {
|
---|
269 | mempackbio = SSL_get_wbio(serverssl);
|
---|
270 | idx -= cli_to_srv_cookie + cli_to_srv_epoch0 + cli_to_srv_epoch1;
|
---|
271 | if (idx >= SRV_TO_CLI_COOKIE_EXCH + srv_to_cli_epoch0) {
|
---|
272 | epoch = 1;
|
---|
273 | idx -= SRV_TO_CLI_COOKIE_EXCH + srv_to_cli_epoch0;
|
---|
274 | }
|
---|
275 | } else {
|
---|
276 | mempackbio = SSL_get_wbio(clientssl);
|
---|
277 | if (idx >= cli_to_srv_cookie + cli_to_srv_epoch0) {
|
---|
278 | epoch = 1;
|
---|
279 | idx -= cli_to_srv_cookie + cli_to_srv_epoch0;
|
---|
280 | }
|
---|
281 | mempackbio = BIO_next(mempackbio);
|
---|
282 | }
|
---|
283 | BIO_ctrl(mempackbio, MEMPACKET_CTRL_SET_DROP_EPOCH, epoch, NULL);
|
---|
284 | BIO_ctrl(mempackbio, MEMPACKET_CTRL_SET_DROP_REC, idx, NULL);
|
---|
285 |
|
---|
286 | if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
|
---|
287 | goto end;
|
---|
288 |
|
---|
289 | if (sess != NULL && !TEST_true(SSL_session_reused(clientssl)))
|
---|
290 | goto end;
|
---|
291 |
|
---|
292 | /* If the test did what we planned then it should have dropped a record */
|
---|
293 | if (!TEST_int_eq((int)BIO_ctrl(mempackbio, MEMPACKET_CTRL_GET_DROP_REC, 0,
|
---|
294 | NULL), -1))
|
---|
295 | goto end;
|
---|
296 |
|
---|
297 | testresult = 1;
|
---|
298 | end:
|
---|
299 | SSL_SESSION_free(sess);
|
---|
300 | SSL_free(serverssl);
|
---|
301 | SSL_free(clientssl);
|
---|
302 | SSL_CTX_free(sctx);
|
---|
303 | SSL_CTX_free(cctx);
|
---|
304 |
|
---|
305 | return testresult;
|
---|
306 | }
|
---|
307 | #endif /* !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) */
|
---|
308 |
|
---|
309 | static int test_cookie(void)
|
---|
310 | {
|
---|
311 | SSL_CTX *sctx = NULL, *cctx = NULL;
|
---|
312 | SSL *serverssl = NULL, *clientssl = NULL;
|
---|
313 | int testresult = 0;
|
---|
314 |
|
---|
315 | if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(),
|
---|
316 | DTLS_client_method(),
|
---|
317 | DTLS1_VERSION, 0,
|
---|
318 | &sctx, &cctx, cert, privkey)))
|
---|
319 | return 0;
|
---|
320 |
|
---|
321 | SSL_CTX_set_options(sctx, SSL_OP_COOKIE_EXCHANGE);
|
---|
322 | SSL_CTX_set_cookie_generate_cb(sctx, generate_cookie_cb);
|
---|
323 | SSL_CTX_set_cookie_verify_cb(sctx, verify_cookie_cb);
|
---|
324 |
|
---|
325 | #ifdef OPENSSL_NO_DTLS1_2
|
---|
326 | /* Default sigalgs are SHA1 based in <DTLS1.2 which is in security level 0 */
|
---|
327 | if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0"))
|
---|
328 | || !TEST_true(SSL_CTX_set_cipher_list(cctx,
|
---|
329 | "DEFAULT:@SECLEVEL=0")))
|
---|
330 | goto end;
|
---|
331 | #endif
|
---|
332 |
|
---|
333 | if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
|
---|
334 | NULL, NULL))
|
---|
335 | || !TEST_true(create_ssl_connection(serverssl, clientssl,
|
---|
336 | SSL_ERROR_NONE)))
|
---|
337 | goto end;
|
---|
338 |
|
---|
339 | testresult = 1;
|
---|
340 | end:
|
---|
341 | SSL_free(serverssl);
|
---|
342 | SSL_free(clientssl);
|
---|
343 | SSL_CTX_free(sctx);
|
---|
344 | SSL_CTX_free(cctx);
|
---|
345 |
|
---|
346 | return testresult;
|
---|
347 | }
|
---|
348 |
|
---|
349 | static int test_dtls_duplicate_records(void)
|
---|
350 | {
|
---|
351 | SSL_CTX *sctx = NULL, *cctx = NULL;
|
---|
352 | SSL *serverssl = NULL, *clientssl = NULL;
|
---|
353 | int testresult = 0;
|
---|
354 |
|
---|
355 | if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(),
|
---|
356 | DTLS_client_method(),
|
---|
357 | DTLS1_VERSION, 0,
|
---|
358 | &sctx, &cctx, cert, privkey)))
|
---|
359 | return 0;
|
---|
360 |
|
---|
361 | #ifdef OPENSSL_NO_DTLS1_2
|
---|
362 | /* Default sigalgs are SHA1 based in <DTLS1.2 which is in security level 0 */
|
---|
363 | if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0"))
|
---|
364 | || !TEST_true(SSL_CTX_set_cipher_list(cctx,
|
---|
365 | "DEFAULT:@SECLEVEL=0")))
|
---|
366 | goto end;
|
---|
367 | #endif
|
---|
368 |
|
---|
369 | if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
|
---|
370 | NULL, NULL)))
|
---|
371 | goto end;
|
---|
372 |
|
---|
373 | DTLS_set_timer_cb(clientssl, timer_cb);
|
---|
374 | DTLS_set_timer_cb(serverssl, timer_cb);
|
---|
375 |
|
---|
376 | BIO_ctrl(SSL_get_wbio(clientssl), MEMPACKET_CTRL_SET_DUPLICATE_REC, 1, NULL);
|
---|
377 | BIO_ctrl(SSL_get_wbio(serverssl), MEMPACKET_CTRL_SET_DUPLICATE_REC, 1, NULL);
|
---|
378 |
|
---|
379 | if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
|
---|
380 | goto end;
|
---|
381 |
|
---|
382 | testresult = 1;
|
---|
383 | end:
|
---|
384 | SSL_free(serverssl);
|
---|
385 | SSL_free(clientssl);
|
---|
386 | SSL_CTX_free(sctx);
|
---|
387 | SSL_CTX_free(cctx);
|
---|
388 |
|
---|
389 | return testresult;
|
---|
390 | }
|
---|
391 |
|
---|
392 | /*
|
---|
393 | * Test just sending a Finished message as the first message. Should fail due
|
---|
394 | * to an unexpected message.
|
---|
395 | */
|
---|
396 | static int test_just_finished(void)
|
---|
397 | {
|
---|
398 | int testresult = 0, ret;
|
---|
399 | SSL_CTX *sctx = NULL;
|
---|
400 | SSL *serverssl = NULL;
|
---|
401 | BIO *rbio = NULL, *wbio = NULL, *sbio = NULL;
|
---|
402 | unsigned char buf[] = {
|
---|
403 | /* Record header */
|
---|
404 | SSL3_RT_HANDSHAKE, /* content type */
|
---|
405 | (DTLS1_2_VERSION >> 8) & 0xff, /* protocol version hi byte */
|
---|
406 | DTLS1_2_VERSION & 0xff, /* protocol version lo byte */
|
---|
407 | 0, 0, /* epoch */
|
---|
408 | 0, 0, 0, 0, 0, 0, /* record sequence */
|
---|
409 | 0, DTLS1_HM_HEADER_LENGTH + SHA_DIGEST_LENGTH, /* record length */
|
---|
410 |
|
---|
411 | /* Message header */
|
---|
412 | SSL3_MT_FINISHED, /* message type */
|
---|
413 | 0, 0, SHA_DIGEST_LENGTH, /* message length */
|
---|
414 | 0, 0, /* message sequence */
|
---|
415 | 0, 0, 0, /* fragment offset */
|
---|
416 | 0, 0, SHA_DIGEST_LENGTH, /* fragment length */
|
---|
417 |
|
---|
418 | /* Message body */
|
---|
419 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
|
---|
420 | };
|
---|
421 |
|
---|
422 |
|
---|
423 | if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(),
|
---|
424 | NULL, 0, 0,
|
---|
425 | &sctx, NULL, cert, privkey)))
|
---|
426 | return 0;
|
---|
427 |
|
---|
428 | serverssl = SSL_new(sctx);
|
---|
429 | rbio = BIO_new(BIO_s_mem());
|
---|
430 | wbio = BIO_new(BIO_s_mem());
|
---|
431 |
|
---|
432 | if (!TEST_ptr(serverssl) || !TEST_ptr(rbio) || !TEST_ptr(wbio))
|
---|
433 | goto end;
|
---|
434 |
|
---|
435 | sbio = rbio;
|
---|
436 | SSL_set0_rbio(serverssl, rbio);
|
---|
437 | SSL_set0_wbio(serverssl, wbio);
|
---|
438 | rbio = wbio = NULL;
|
---|
439 | DTLS_set_timer_cb(serverssl, timer_cb);
|
---|
440 |
|
---|
441 | if (!TEST_int_eq(BIO_write(sbio, buf, sizeof(buf)), sizeof(buf)))
|
---|
442 | goto end;
|
---|
443 |
|
---|
444 | /* We expect the attempt to process the message to fail */
|
---|
445 | if (!TEST_int_le(ret = SSL_accept(serverssl), 0))
|
---|
446 | goto end;
|
---|
447 |
|
---|
448 | /* Check that we got the error we were expecting */
|
---|
449 | if (!TEST_int_eq(SSL_get_error(serverssl, ret), SSL_ERROR_SSL))
|
---|
450 | goto end;
|
---|
451 |
|
---|
452 | if (!TEST_int_eq(ERR_GET_REASON(ERR_get_error()), SSL_R_UNEXPECTED_MESSAGE))
|
---|
453 | goto end;
|
---|
454 |
|
---|
455 | testresult = 1;
|
---|
456 | end:
|
---|
457 | BIO_free(rbio);
|
---|
458 | BIO_free(wbio);
|
---|
459 | SSL_free(serverssl);
|
---|
460 | SSL_CTX_free(sctx);
|
---|
461 |
|
---|
462 | return testresult;
|
---|
463 | }
|
---|
464 |
|
---|
465 | /*
|
---|
466 | * Test that swapping an app data record so that it is received before the
|
---|
467 | * Finished message still works.
|
---|
468 | */
|
---|
469 | static int test_swap_app_data(void)
|
---|
470 | {
|
---|
471 | SSL_CTX *sctx = NULL, *cctx = NULL;
|
---|
472 | SSL *sssl = NULL, *cssl = NULL;
|
---|
473 | int testresult = 0;
|
---|
474 | BIO *bio;
|
---|
475 | char msg[] = { 0x00, 0x01, 0x02, 0x03 };
|
---|
476 | char buf[10];
|
---|
477 |
|
---|
478 | if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(),
|
---|
479 | DTLS_client_method(),
|
---|
480 | DTLS1_VERSION, 0,
|
---|
481 | &sctx, &cctx, cert, privkey)))
|
---|
482 | return 0;
|
---|
483 |
|
---|
484 | #ifndef OPENSSL_NO_DTLS1_2
|
---|
485 | if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "AES128-SHA")))
|
---|
486 | goto end;
|
---|
487 | #else
|
---|
488 | /* Default sigalgs are SHA1 based in <DTLS1.2 which is in security level 0 */
|
---|
489 | if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "AES128-SHA:@SECLEVEL=0"))
|
---|
490 | || !TEST_true(SSL_CTX_set_cipher_list(cctx,
|
---|
491 | "AES128-SHA:@SECLEVEL=0")))
|
---|
492 | goto end;
|
---|
493 | #endif
|
---|
494 |
|
---|
495 | if (!TEST_true(create_ssl_objects(sctx, cctx, &sssl, &cssl,
|
---|
496 | NULL, NULL)))
|
---|
497 | goto end;
|
---|
498 |
|
---|
499 | /* Send flight 1: ClientHello */
|
---|
500 | if (!TEST_int_le(SSL_connect(cssl), 0))
|
---|
501 | goto end;
|
---|
502 |
|
---|
503 | /* Recv flight 1, send flight 2: ServerHello, Certificate, ServerHelloDone */
|
---|
504 | if (!TEST_int_le(SSL_accept(sssl), 0))
|
---|
505 | goto end;
|
---|
506 |
|
---|
507 | /* Recv flight 2, send flight 3: ClientKeyExchange, CCS, Finished */
|
---|
508 | if (!TEST_int_le(SSL_connect(cssl), 0))
|
---|
509 | goto end;
|
---|
510 |
|
---|
511 | /* Recv flight 3, send flight 4: datagram 1(NST, CCS) datagram 2(Finished) */
|
---|
512 | if (!TEST_int_gt(SSL_accept(sssl), 0))
|
---|
513 | goto end;
|
---|
514 |
|
---|
515 | /* Send flight 5: app data */
|
---|
516 | if (!TEST_int_eq(SSL_write(sssl, msg, sizeof(msg)), (int)sizeof(msg)))
|
---|
517 | goto end;
|
---|
518 |
|
---|
519 | bio = SSL_get_wbio(sssl);
|
---|
520 | if (!TEST_ptr(bio)
|
---|
521 | || !TEST_true(mempacket_swap_recent(bio)))
|
---|
522 | goto end;
|
---|
523 |
|
---|
524 | /*
|
---|
525 | * Recv flight 4 (datagram 1): NST, CCS, + flight 5: app data
|
---|
526 | * + flight 4 (datagram 2): Finished
|
---|
527 | */
|
---|
528 | if (!TEST_int_gt(SSL_connect(cssl), 0))
|
---|
529 | goto end;
|
---|
530 |
|
---|
531 | /* The app data should be buffered already */
|
---|
532 | if (!TEST_int_eq(SSL_pending(cssl), (int)sizeof(msg))
|
---|
533 | || !TEST_true(SSL_has_pending(cssl)))
|
---|
534 | goto end;
|
---|
535 |
|
---|
536 | /*
|
---|
537 | * Recv flight 5 (app data)
|
---|
538 | * We already buffered this so it should be available.
|
---|
539 | */
|
---|
540 | if (!TEST_int_eq(SSL_read(cssl, buf, sizeof(buf)), (int)sizeof(msg)))
|
---|
541 | goto end;
|
---|
542 |
|
---|
543 | testresult = 1;
|
---|
544 | end:
|
---|
545 | SSL_free(cssl);
|
---|
546 | SSL_free(sssl);
|
---|
547 | SSL_CTX_free(cctx);
|
---|
548 | SSL_CTX_free(sctx);
|
---|
549 | return testresult;
|
---|
550 | }
|
---|
551 |
|
---|
552 | OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n")
|
---|
553 |
|
---|
554 | int setup_tests(void)
|
---|
555 | {
|
---|
556 | if (!test_skip_common_options()) {
|
---|
557 | TEST_error("Error parsing test options\n");
|
---|
558 | return 0;
|
---|
559 | }
|
---|
560 |
|
---|
561 | if (!TEST_ptr(cert = test_get_argument(0))
|
---|
562 | || !TEST_ptr(privkey = test_get_argument(1)))
|
---|
563 | return 0;
|
---|
564 |
|
---|
565 | ADD_ALL_TESTS(test_dtls_unprocessed, NUM_TESTS);
|
---|
566 | #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
|
---|
567 | ADD_ALL_TESTS(test_dtls_drop_records, TOTAL_RECORDS);
|
---|
568 | #endif
|
---|
569 | ADD_TEST(test_cookie);
|
---|
570 | ADD_TEST(test_dtls_duplicate_records);
|
---|
571 | ADD_TEST(test_just_finished);
|
---|
572 | ADD_TEST(test_swap_app_data);
|
---|
573 |
|
---|
574 | return 1;
|
---|
575 | }
|
---|
576 |
|
---|
577 | void cleanup_tests(void)
|
---|
578 | {
|
---|
579 | bio_f_tls_dump_filter_free();
|
---|
580 | bio_s_mempacket_test_free();
|
---|
581 | }
|
---|