/*
- * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
*
- * Licensed under the OpenSSL license (the "License"). You may not use
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
* Note that unlike other SSL tests, we don't test against our own SSL
* server method. Firstly because we don't have one; we *only* support
* DTLS1_BAD_VER as a client. And secondly because even if that were
- * fixed up it's the wrong thing to test against — because if changes
+ * fixed up it's the wrong thing to test against - because if changes
* are made in generic DTLS code which don't take DTLS1_BAD_VER into
* account, there's plenty of scope for making those changes such that
* they break *both* the client and the server in the same way.
*/
#include <string.h>
+#include <openssl/core_names.h>
+#include <openssl/params.h>
#include <openssl/opensslconf.h>
#include <openssl/bio.h>
#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/kdf.h>
-
-#include "../ssl/packet_locl.h"
-#include "../e_os.h" /* for OSSL_NELEM() */
-
-#include "test_main.h"
+#include "internal/packet.h"
+#include "internal/nelem.h"
#include "testutil.h"
/* For DTLS1_BAD_VER packets the MAC doesn't include the handshake header */
long len;
unsigned char *data;
int cookie_found = 0;
- unsigned int u;
+ unsigned int u = 0;
len = BIO_get_mem_data(wbio, (char **)&data);
if (!PACKET_buf_init(&pkt, data, len))
static unsigned char seq[6] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
static unsigned char ver[2] = { 0x01, 0x00 }; /* DTLS1_BAD_VER */
unsigned char lenbytes[2];
- HMAC_CTX *ctx;
+ EVP_MAC *hmac;
+ EVP_MAC_CTX *ctx;
EVP_CIPHER_CTX *enc_ctx;
unsigned char iv[16];
unsigned char pad;
unsigned char *enc;
+ OSSL_PARAM params[3];
seq[0] = (seqnr >> 40) & 0xff;
seq[1] = (seqnr >> 32) & 0xff;
memcpy(enc, msg, len);
/* Append HMAC to data */
- ctx = HMAC_CTX_new();
- HMAC_Init_ex(ctx, mac_key, 20, EVP_sha1(), NULL);
- HMAC_Update(ctx, epoch, 2);
- HMAC_Update(ctx, seq, 6);
- HMAC_Update(ctx, &type, 1);
- HMAC_Update(ctx, ver, 2); /* Version */
- lenbytes[0] = len >> 8;
- lenbytes[1] = len & 0xff;
- HMAC_Update(ctx, lenbytes, 2); /* Length */
- HMAC_Update(ctx, enc, len); /* Finally the data itself */
- HMAC_Final(ctx, enc + len, NULL);
- HMAC_CTX_free(ctx);
+ hmac = EVP_MAC_fetch(NULL, "HMAC", NULL);
+ ctx = EVP_MAC_CTX_new(hmac);
+ EVP_MAC_free(hmac);
+ params[0] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
+ "SHA1", 0);
+ params[1] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
+ mac_key, 20);
+ params[2] = OSSL_PARAM_construct_end();
+ EVP_MAC_CTX_set_params(ctx, params);
+ EVP_MAC_init(ctx);
+ EVP_MAC_update(ctx, epoch, 2);
+ EVP_MAC_update(ctx, seq, 6);
+ EVP_MAC_update(ctx, &type, 1);
+ EVP_MAC_update(ctx, ver, 2); /* Version */
+ lenbytes[0] = (unsigned char)(len >> 8);
+ lenbytes[1] = (unsigned char)(len);
+ EVP_MAC_update(ctx, lenbytes, 2); /* Length */
+ EVP_MAC_update(ctx, enc, len); /* Finally the data itself */
+ EVP_MAC_final(ctx, enc + len, NULL, SHA_DIGEST_LENGTH);
+ EVP_MAC_CTX_free(ctx);
/* Append padding bytes */
len += SHA_DIGEST_LENGTH;
BIO_write(rbio, ver, 2);
BIO_write(rbio, epoch, 2);
BIO_write(rbio, seq, 6);
- lenbytes[0] = (len + sizeof(iv)) >> 8;
- lenbytes[1] = (len + sizeof(iv)) & 0xff;
+ lenbytes[0] = (unsigned char)((len + sizeof(iv)) >> 8);
+ lenbytes[1] = (unsigned char)(len + sizeof(iv));
BIO_write(rbio, lenbytes, 2);
BIO_write(rbio, iv, sizeof(iv));
if (!TEST_true(send_record(rbio, SSL3_RT_APPLICATION_DATA, tests[i].seq,
&tests[i].seq, sizeof(uint64_t)))) {
- TEST_error("Failed to send data seq #0x%lx (%d)\n",
- tests[i].seq, i);
+ TEST_error("Failed to send data seq #0x%x%08x (%d)\n",
+ (unsigned int)(tests[i].seq >> 32), (unsigned int)tests[i].seq, i);
goto end;
}
ret = SSL_read(con, recv_buf, 2 * sizeof(uint64_t));
if (!TEST_int_eq(ret, (int)sizeof(uint64_t))) {
- TEST_error("SSL_read failed or wrong size on seq#0x%lx (%d)\n",
- tests[i].seq, i);
+ TEST_error("SSL_read failed or wrong size on seq#0x%x%08x (%d)\n",
+ (unsigned int)(tests[i].seq >> 32), (unsigned int)tests[i].seq, i);
goto end;
}
if (!TEST_true(recv_buf[0] == tests[i].seq))
return testresult;
}
-void register_tests(void)
+int setup_tests(void)
{
ADD_TEST(test_bad_dtls);
+ return 1;
}