Add additional messages to the DTLS dropped records test

Ensure we are testing a handshake that includes a HelloVerifyRequest and
what happens if we drop it.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18654)

(cherry picked from commit a29ad912b82f50ef876bef99c66522dccd41b6f8)

diff --git a/test/dtlstest.c b/test/dtlstest.c
index 9b878ecc6aa4cee328837cad743875540cd739db..e01c4456453b7e0a2f3f29fdcca64e77cbc6b95c 100644 (file)
--- a/test/dtlstest.c
+++ b/test/dtlstest.c
@@ -42,6 +42,22 @@ static unsigned char certstatus[] = {
 
 #define RECORD_SEQUENCE 10
 
+static const char dummy_cookie[] = "0123456";
+
+static int generate_cookie_cb(SSL *ssl, unsigned char *cookie,
+                              unsigned int *cookie_len)
+{
+    memcpy(cookie, dummy_cookie, sizeof(dummy_cookie));
+    *cookie_len = sizeof(dummy_cookie);
+    return 1;
+}
+
+static int verify_cookie_cb(SSL *ssl, const unsigned char *cookie,
+                            unsigned int cookie_len)
+{
+    return TEST_mem_eq(cookie, cookie_len, dummy_cookie, sizeof(dummy_cookie));
+}
+
 static unsigned int timer_cb(SSL *s, unsigned int timer_us)
 {
     ++timer_cb_count;
@@ -127,6 +143,17 @@ static int test_dtls_unprocessed(int testidx)
     return testresult;
 }
 
+/* One record for the cookieless initial ClientHello */
+#define CLI_TO_SRV_COOKIE_EXCH 1
+
+/*
+ * In a resumption handshake we use 2 records for the initial ClientHello in
+ * this test because we are using a very small MTU and the ClientHello is
+ * bigger than in the non resumption case.
+ */
+#define CLI_TO_SRV_RESUME_COOKIE_EXCH 2
+#define SRV_TO_CLI_COOKIE_EXCH 1
+
 #define CLI_TO_SRV_EPOCH_0_RECS 3
 #define CLI_TO_SRV_EPOCH_1_RECS 1
 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
@@ -141,7 +168,8 @@ static int test_dtls_unprocessed(int testidx)
 #endif
 #define SRV_TO_CLI_EPOCH_1_RECS 1
 #define TOTAL_FULL_HAND_RECORDS \
-            (CLI_TO_SRV_EPOCH_0_RECS + CLI_TO_SRV_EPOCH_1_RECS + \
+            (CLI_TO_SRV_COOKIE_EXCH + SRV_TO_CLI_COOKIE_EXCH + \
+             CLI_TO_SRV_EPOCH_0_RECS + CLI_TO_SRV_EPOCH_1_RECS + \
              SRV_TO_CLI_EPOCH_0_RECS + SRV_TO_CLI_EPOCH_1_RECS)
 
 #define CLI_TO_SRV_RESUME_EPOCH_0_RECS 3
@@ -149,7 +177,8 @@ static int test_dtls_unprocessed(int testidx)
 #define SRV_TO_CLI_RESUME_EPOCH_0_RECS 2
 #define SRV_TO_CLI_RESUME_EPOCH_1_RECS 1
 #define TOTAL_RESUME_HAND_RECORDS \
-            (CLI_TO_SRV_RESUME_EPOCH_0_RECS + CLI_TO_SRV_RESUME_EPOCH_1_RECS + \
+            (CLI_TO_SRV_RESUME_COOKIE_EXCH + SRV_TO_CLI_COOKIE_EXCH + \
+             CLI_TO_SRV_RESUME_EPOCH_0_RECS + CLI_TO_SRV_RESUME_EPOCH_1_RECS + \
              SRV_TO_CLI_RESUME_EPOCH_0_RECS + SRV_TO_CLI_RESUME_EPOCH_1_RECS)
 
 #define TOTAL_RECORDS (TOTAL_FULL_HAND_RECORDS + TOTAL_RESUME_HAND_RECORDS)
@@ -167,7 +196,8 @@ static int test_dtls_drop_records(int idx)
     int testresult = 0;
     int epoch = 0;
     SSL_SESSION *sess = NULL;
-    int cli_to_srv_epoch0, cli_to_srv_epoch1, srv_to_cli_epoch0;
+    int cli_to_srv_cookie, cli_to_srv_epoch0, cli_to_srv_epoch1;
+    int srv_to_cli_epoch0;
 
     if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(),
                                        DTLS_client_method(),
@@ -186,6 +216,10 @@ static int test_dtls_drop_records(int idx)
     if (!TEST_true(SSL_CTX_set_dh_auto(sctx, 1)))
         goto end;
 
+    SSL_CTX_set_options(sctx, SSL_OP_COOKIE_EXCHANGE);
+    SSL_CTX_set_cookie_generate_cb(sctx, generate_cookie_cb);
+    SSL_CTX_set_cookie_verify_cb(sctx, verify_cookie_cb);
+
     if (idx >= TOTAL_FULL_HAND_RECORDS) {
         /* We're going to do a resumption handshake. Get a session first. */
         if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
@@ -204,11 +238,13 @@ static int test_dtls_drop_records(int idx)
         cli_to_srv_epoch0 = CLI_TO_SRV_RESUME_EPOCH_0_RECS;
         cli_to_srv_epoch1 = CLI_TO_SRV_RESUME_EPOCH_1_RECS;
         srv_to_cli_epoch0 = SRV_TO_CLI_RESUME_EPOCH_0_RECS;
+        cli_to_srv_cookie = CLI_TO_SRV_RESUME_COOKIE_EXCH;
         idx -= TOTAL_FULL_HAND_RECORDS;
     } else {
         cli_to_srv_epoch0 = CLI_TO_SRV_EPOCH_0_RECS;
         cli_to_srv_epoch1 = CLI_TO_SRV_EPOCH_1_RECS;
         srv_to_cli_epoch0 = SRV_TO_CLI_EPOCH_0_RECS;
+        cli_to_srv_cookie = CLI_TO_SRV_COOKIE_EXCH;
     }
 
     c_to_s_fbio = BIO_new(bio_f_tls_dump_filter());
@@ -229,18 +265,18 @@ static int test_dtls_drop_records(int idx)
     DTLS_set_timer_cb(serverssl, timer_cb);
 
     /* Work out which record to drop based on the test number */
-    if (idx >= cli_to_srv_epoch0 + cli_to_srv_epoch1) {
+    if (idx >= cli_to_srv_cookie + cli_to_srv_epoch0 + cli_to_srv_epoch1) {
         mempackbio = SSL_get_wbio(serverssl);
-        idx -= cli_to_srv_epoch0 + cli_to_srv_epoch1;
-        if (idx >= srv_to_cli_epoch0) {
+        idx -= cli_to_srv_cookie + cli_to_srv_epoch0 + cli_to_srv_epoch1;
+        if (idx >= SRV_TO_CLI_COOKIE_EXCH + srv_to_cli_epoch0) {
             epoch = 1;
-            idx -= srv_to_cli_epoch0;
+            idx -= SRV_TO_CLI_COOKIE_EXCH + srv_to_cli_epoch0;
         }
     } else {
         mempackbio = SSL_get_wbio(clientssl);
-        if (idx >= cli_to_srv_epoch0) {
+        if (idx >= cli_to_srv_cookie + cli_to_srv_epoch0) {
             epoch = 1;
-            idx -= cli_to_srv_epoch0;
+            idx -= cli_to_srv_cookie + cli_to_srv_epoch0;
         }
          mempackbio = BIO_next(mempackbio);
     }
@@ -270,22 +306,6 @@ static int test_dtls_drop_records(int idx)
 }
 #endif /* !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) */
 
-static const char dummy_cookie[] = "0123456";
-
-static int generate_cookie_cb(SSL *ssl, unsigned char *cookie,
-                              unsigned int *cookie_len)
-{
-    memcpy(cookie, dummy_cookie, sizeof(dummy_cookie));
-    *cookie_len = sizeof(dummy_cookie);
-    return 1;
-}
-
-static int verify_cookie_cb(SSL *ssl, const unsigned char *cookie,
-                            unsigned int cookie_len)
-{
-    return TEST_mem_eq(cookie, cookie_len, dummy_cookie, sizeof(dummy_cookie));
-}
-
 static int test_cookie(void)
 {
     SSL_CTX *sctx = NULL, *cctx = NULL;