dtlstest.c revision 1.1.1.2
1 1.1 christos /* 2 1.1.1.2 christos * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. 3 1.1 christos * 4 1.1 christos * Licensed under the OpenSSL license (the "License"). You may not use 5 1.1 christos * this file except in compliance with the License. You can obtain a copy 6 1.1 christos * in the file LICENSE in the source distribution or at 7 1.1 christos * https://www.openssl.org/source/license.html 8 1.1 christos */ 9 1.1 christos 10 1.1 christos #include <openssl/bio.h> 11 1.1 christos #include <openssl/crypto.h> 12 1.1 christos #include <openssl/ssl.h> 13 1.1 christos #include <openssl/err.h> 14 1.1 christos 15 1.1 christos #include "ssltestlib.h" 16 1.1 christos #include "testutil.h" 17 1.1 christos 18 1.1 christos static char *cert = NULL; 19 1.1 christos static char *privkey = NULL; 20 1.1 christos 21 1.1 christos #define NUM_TESTS 2 22 1.1 christos 23 1.1 christos 24 1.1 christos #define DUMMY_CERT_STATUS_LEN 12 25 1.1 christos 26 1.1 christos static unsigned char certstatus[] = { 27 1.1 christos SSL3_RT_HANDSHAKE, /* Content type */ 28 1.1 christos 0xfe, 0xfd, /* Record version */ 29 1.1 christos 0, 1, /* Epoch */ 30 1.1 christos 0, 0, 0, 0, 0, 0x0f, /* Record sequence number */ 31 1.1 christos 0, DTLS1_HM_HEADER_LENGTH + DUMMY_CERT_STATUS_LEN - 2, 32 1.1 christos SSL3_MT_CERTIFICATE_STATUS, /* Cert Status handshake message type */ 33 1.1 christos 0, 0, DUMMY_CERT_STATUS_LEN, /* Message len */ 34 1.1 christos 0, 5, /* Message sequence */ 35 1.1 christos 0, 0, 0, /* Fragment offset */ 36 1.1 christos 0, 0, DUMMY_CERT_STATUS_LEN - 2, /* Fragment len */ 37 1.1 christos 0x80, 0x80, 0x80, 0x80, 0x80, 38 1.1 christos 0x80, 0x80, 0x80, 0x80, 0x80 /* Dummy data */ 39 1.1 christos }; 40 1.1 christos 41 1.1 christos #define RECORD_SEQUENCE 10 42 1.1 christos 43 1.1 christos static int test_dtls_unprocessed(int testidx) 44 1.1 christos { 45 1.1 christos SSL_CTX *sctx = NULL, *cctx = NULL; 46 1.1 christos SSL *serverssl1 = NULL, *clientssl1 = NULL; 47 1.1 christos BIO *c_to_s_fbio, *c_to_s_mempacket; 48 1.1 christos int testresult = 0; 49 1.1 christos 50 1.1 christos printf("Starting Test %d\n", testidx); 51 1.1 christos 52 1.1.1.2 christos if (!create_ssl_ctx_pair(DTLS_server_method(), DTLS_client_method(), 53 1.1.1.2 christos DTLS1_VERSION, DTLS_MAX_VERSION, &sctx, &cctx, 54 1.1.1.2 christos cert, privkey)) { 55 1.1 christos printf("Unable to create SSL_CTX pair\n"); 56 1.1 christos return 0; 57 1.1 christos } 58 1.1 christos 59 1.1 christos if (!SSL_CTX_set_cipher_list(cctx, "AES128-SHA")) { 60 1.1 christos printf("Failed setting cipher list\n"); 61 1.1 christos } 62 1.1 christos 63 1.1 christos c_to_s_fbio = BIO_new(bio_f_tls_dump_filter()); 64 1.1 christos if (c_to_s_fbio == NULL) { 65 1.1 christos printf("Failed to create filter BIO\n"); 66 1.1 christos goto end; 67 1.1 christos } 68 1.1 christos 69 1.1 christos /* BIO is freed by create_ssl_connection on error */ 70 1.1 christos if (!create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1, NULL, 71 1.1 christos c_to_s_fbio)) { 72 1.1 christos printf("Unable to create SSL objects\n"); 73 1.1 christos ERR_print_errors_fp(stdout); 74 1.1 christos goto end; 75 1.1 christos } 76 1.1 christos 77 1.1 christos if (testidx == 1) 78 1.1 christos certstatus[RECORD_SEQUENCE] = 0xff; 79 1.1 christos 80 1.1 christos /* 81 1.1 christos * Inject a dummy record from the next epoch. In test 0, this should never 82 1.1 christos * get used because the message sequence number is too big. In test 1 we set 83 1.1 christos * the record sequence number to be way off in the future. This should not 84 1.1 christos * have an impact on the record replay protection because the record should 85 1.1 christos * be dropped before it is marked as arrived 86 1.1 christos */ 87 1.1 christos c_to_s_mempacket = SSL_get_wbio(clientssl1); 88 1.1 christos c_to_s_mempacket = BIO_next(c_to_s_mempacket); 89 1.1 christos mempacket_test_inject(c_to_s_mempacket, (char *)certstatus, 90 1.1 christos sizeof(certstatus), 1, INJECT_PACKET_IGNORE_REC_SEQ); 91 1.1 christos 92 1.1 christos if (!create_ssl_connection(serverssl1, clientssl1)) { 93 1.1 christos printf("Unable to create SSL connection\n"); 94 1.1 christos ERR_print_errors_fp(stdout); 95 1.1 christos goto end; 96 1.1 christos } 97 1.1 christos 98 1.1 christos testresult = 1; 99 1.1 christos end: 100 1.1 christos SSL_free(serverssl1); 101 1.1 christos SSL_free(clientssl1); 102 1.1 christos SSL_CTX_free(sctx); 103 1.1 christos SSL_CTX_free(cctx); 104 1.1 christos 105 1.1 christos return testresult; 106 1.1 christos } 107 1.1 christos 108 1.1 christos int main(int argc, char *argv[]) 109 1.1 christos { 110 1.1 christos BIO *err = NULL; 111 1.1 christos int testresult = 1; 112 1.1 christos 113 1.1 christos if (argc != 3) { 114 1.1 christos printf("Invalid argument count\n"); 115 1.1 christos return 1; 116 1.1 christos } 117 1.1 christos 118 1.1 christos cert = argv[1]; 119 1.1 christos privkey = argv[2]; 120 1.1 christos 121 1.1 christos err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); 122 1.1 christos 123 1.1 christos CRYPTO_set_mem_debug(1); 124 1.1 christos CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); 125 1.1 christos 126 1.1 christos ADD_ALL_TESTS(test_dtls_unprocessed, NUM_TESTS); 127 1.1 christos 128 1.1 christos testresult = run_tests(argv[0]); 129 1.1 christos 130 1.1 christos bio_f_tls_dump_filter_free(); 131 1.1 christos bio_s_mempacket_test_free(); 132 1.1 christos 133 1.1 christos #ifndef OPENSSL_NO_CRYPTO_MDEBUG 134 1.1 christos if (CRYPTO_mem_leaks(err) <= 0) 135 1.1 christos testresult = 1; 136 1.1 christos #endif 137 1.1 christos BIO_free(err); 138 1.1 christos 139 1.1 christos if (!testresult) 140 1.1 christos printf("PASS\n"); 141 1.1 christos 142 1.1 christos return testresult; 143 1.1 christos } 144
Indexes created Sat Feb 28 05:31:39 UTC 2026