--- /dev/null
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/bio.h>
+#include <openssl/crypto.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
+#include "ssltestlib.h"
+#include "testutil.h"
+
+static char *cert = NULL;
+static char *privkey = NULL;
+
+
+#define DUMMY_CERT_STATUS_LEN 12
+
+unsigned char certstatus[] = {
+ SSL3_RT_HANDSHAKE, /* Content type */
+ 0xfe, 0xfd, /* Record version */
+ 0, 1, /* Epoch */
+ 0, 0, 0, 0, 0, 0x0f, /* Record sequence number */
+ 0, DTLS1_HM_HEADER_LENGTH + DUMMY_CERT_STATUS_LEN - 2,
+ SSL3_MT_CERTIFICATE_STATUS, /* Cert Status handshake message type */
+ 0, 0, DUMMY_CERT_STATUS_LEN, /* Message len */
+ 0, 5, /* Message sequence */
+ 0, 0, 0, /* Fragment offset */
+ 0, 0, DUMMY_CERT_STATUS_LEN - 2, /* Fragment len */
+ 0x80, 0x80, 0x80, 0x80, 0x80,
+ 0x80, 0x80, 0x80, 0x80, 0x80 /* Dummy data */
+};
+
+static int test_dtls_unprocessed(void)
+{
+ SSL_CTX *sctx = NULL, *cctx = NULL;
+ SSL *serverssl1 = NULL, *clientssl1 = NULL;
+ BIO *c_to_s_fbio, *c_to_s_mempacket;
+ int testresult = 0;
+
+ if (!create_ssl_ctx_pair(DTLS_server_method(), DTLS_client_method(), &sctx,
+ &cctx, cert, privkey)) {
+ printf("Unable to create SSL_CTX pair\n");
+ return 0;
+ }
+
+ if (!SSL_CTX_set_ecdh_auto(sctx, 1)) {
+ printf("Failed configuring auto ECDH\n");
+ }
+
+ if (!SSL_CTX_set_cipher_list(cctx, "ECDHE-RSA-AES256-SHA384")) {
+ printf("Failed setting cipher list\n");
+ }
+
+ c_to_s_fbio = BIO_new(bio_f_tls_dump_filter());
+ if (c_to_s_fbio == NULL) {
+ printf("Failed to create filter BIO\n");
+ goto end;
+ }
+
+ /* BIO is freed by create_ssl_connection on error */
+ if (!create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1, NULL,
+ c_to_s_fbio)) {
+ printf("Unable to create SSL objects\n");
+ ERR_print_errors_fp(stdout);
+ goto end;
+ }
+
+ /*
+ * Inject a dummy record from the next epoch. This should never get used
+ * because the message sequence number is too big
+ */
+ c_to_s_mempacket = SSL_get_wbio(clientssl1);
+ c_to_s_mempacket = BIO_next(c_to_s_mempacket);
+ mempacket_test_inject(c_to_s_mempacket, (char *)certstatus,
+ sizeof(certstatus), 1, INJECT_PACKET_IGNORE_REC_SEQ);
+
+ if (!create_ssl_connection(serverssl1, clientssl1)) {
+ printf("Unable to create SSL connection\n");
+ ERR_print_errors_fp(stdout);
+ goto end;
+ }
+
+ testresult = 1;
+ end:
+ SSL_free(serverssl1);
+ SSL_free(clientssl1);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+
+ return testresult;
+}
+
+int main(int argc, char *argv[])
+{
+ BIO *err = NULL;
+ int testresult = 0;
+
+ if (argc != 3) {
+ printf("Invalid argument count\n");
+ return 1;
+ }
+
+ cert = argv[1];
+ privkey = argv[2];
+
+ err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+ SSL_library_init();
+ SSL_load_error_strings();
+
+ CRYPTO_malloc_debug_init();
+ CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+ if (!test_dtls_unprocessed())
+ testresult = 1;
+
+ ERR_free_strings();
+ ERR_remove_thread_state(NULL);
+ EVP_cleanup();
+ CRYPTO_cleanup_all_ex_data();
+ CRYPTO_mem_leaks(err);
+ BIO_free(err);
+
+ if (!testresult)
+ printf("PASS\n");
+
+ return testresult;
+}
VERIFYEXTRATEST= verify_extra_test
CLIENTHELLOTEST= clienthellotest
SSLV2CONFTEST = sslv2conftest
+DTLSTEST = dtlstest
TESTS= alltests
$(EVPTEST)$(EXE_EXT) $(EVPEXTRATEST)$(EXE_EXT) $(IGETEST)$(EXE_EXT) $(JPAKETEST)$(EXE_EXT) $(SRPTEST)$(EXE_EXT) \
$(ASN1TEST)$(EXE_EXT) $(V3NAMETEST)$(EXE_EXT) $(HEARTBEATTEST)$(EXE_EXT) \
$(CONSTTIMETEST)$(EXE_EXT) $(VERIFYEXTRATEST)$(EXE_EXT) \
- $(CLIENTHELLOTEST)$(EXE_EXT) $(SSLV2CONFTEST)$(EXE_EXT)
+ $(CLIENTHELLOTEST)$(EXE_EXT) $(SSLV2CONFTEST)$(EXE_EXT) $(DTLSTEST)$(EXE_EXT)
# $(METHTEST)$(EXE_EXT)
$(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o \
$(EVPTEST).o $(EVPEXTRATEST).o $(IGETEST).o $(JPAKETEST).o $(ASN1TEST).o $(V3NAMETEST).o \
$(HEARTBEATTEST).o $(CONSTTIMETEST).o $(VERIFYEXTRATEST).o \
- $(CLIENTHELLOTEST).o $(SSLV2CONFTEST).o
+ $(CLIENTHELLOTEST).o $(SSLV2CONFTEST).o $(DTLSTEST).o ssltestlib.o
SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \
$(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \
$(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c $(RSATEST).c \
$(EVPTEST).c $(EVPEXTRATEST).c $(IGETEST).c $(JPAKETEST).c $(SRPTEST).c $(ASN1TEST).c \
$(V3NAMETEST).c $(HEARTBEATTEST).c $(CONSTTIMETEST).c $(VERIFYEXTRATEST).c \
- $(CLIENTHELLOTEST).c $(SSLV2CONFTEST).c
+ $(CLIENTHELLOTEST).c $(SSLV2CONFTEST).c $(DTLSTEST).c ssltestlib.c
EXHEADER=
-HEADER= testutil.h $(EXHEADER)
+HEADER= testutil.h ssltestlib.h $(EXHEADER)
ALL= $(GENERAL) $(SRC) $(HEADER)
test_gen test_req test_pkcs7 test_verify test_dh test_dsa \
test_ss test_ca test_engine test_evp test_evp_extra test_ssl test_tsa test_ige \
test_jpake test_srp test_cms test_ocsp test_v3name test_heartbeat \
- test_constant_time test_verify_extra test_clienthello test_sslv2conftest
+ test_constant_time test_verify_extra test_clienthello test_sslv2conftest \
+ test_dtls
test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt
../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
@echo $(START) $@
../util/shlib_wrap.sh ./$(SSLV2CONFTEST)
+test_dtls: $(DTLSTEST)$(EXE_EXT)
+ @echo $(START) $@
+ ../util/shlib_wrap.sh ./$(DTLSTEST) ../apps/server.pem ../apps/server.pem
+
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
fi; \
LIBRARIES="$(LIBSSL) $(LIBCRYPTO) $(LIBKRB5)"; \
$(MAKE) -f $(TOP)/Makefile.shared -e \
- CC="$${CC}" APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \
+ CC="$${CC}" APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o $$exobj" \
LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
link_app.$${shlib_target}
$(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o
@target=$(SSLV2CONFTEST) $(BUILD_CMD)
+$(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO)
+ @target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD)
+
#$(AESTEST).o: $(AESTEST).c
# $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
dsatest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
dsatest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
dsatest.o: ../include/openssl/symhacks.h dsatest.c
+dtlstest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+dtlstest.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+dtlstest.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+dtlstest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+dtlstest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+dtlstest.o: ../include/openssl/err.h ../include/openssl/evp.h
+dtlstest.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
+dtlstest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+dtlstest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+dtlstest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+dtlstest.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+dtlstest.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
+dtlstest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+dtlstest.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+dtlstest.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+dtlstest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+dtlstest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+dtlstest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h dtlstest.c
+dtlstest.o: ssltestlib.h testutil.h
ecdhtest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
ecdhtest.o: ../include/openssl/bn.h ../include/openssl/crypto.h
ecdhtest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
ssltest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
ssltest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
ssltest.o: ../include/openssl/x509v3.h ssltest.c
+ssltestlib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ssltestlib.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+ssltestlib.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
+ssltestlib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ssltestlib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+ssltestlib.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+ssltestlib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+ssltestlib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ssltestlib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssltestlib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ssltestlib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssltestlib.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
+ssltestlib.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+ssltestlib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssltestlib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssltestlib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ssltestlib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ssltestlib.o: ../include/openssl/x509_vfy.h ssltestlib.c ssltestlib.h
sslv2conftest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
sslv2conftest.o: ../include/openssl/buffer.h ../include/openssl/comp.h
sslv2conftest.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
projects / openssl.git / commitdiff