#include "ssltestlib.h"
#include "testutil.h"
+#include "test_main_custom.h"
static char *cert = NULL;
static char *privkey = NULL;
+#define NUM_TESTS 2
+
#define DUMMY_CERT_STATUS_LEN 12
-unsigned char certstatus[] = {
+static unsigned char certstatus[] = {
SSL3_RT_HANDSHAKE, /* Content type */
0xfe, 0xfd, /* Record version */
0, 1, /* Epoch */
0x80, 0x80, 0x80, 0x80, 0x80 /* Dummy data */
};
-static int test_dtls_unprocessed(void)
+#define RECORD_SEQUENCE 10
+
+static int test_dtls_unprocessed(int testidx)
{
SSL_CTX *sctx = NULL, *cctx = NULL;
SSL *serverssl1 = NULL, *clientssl1 = NULL;
BIO *c_to_s_fbio, *c_to_s_mempacket;
int testresult = 0;
+ printf("Starting Test %d\n", testidx);
+
if (!create_ssl_ctx_pair(DTLS_server_method(), DTLS_client_method(), &sctx,
&cctx, cert, privkey)) {
printf("Unable to create SSL_CTX pair\n");
return 0;
}
- if (!SSL_CTX_set_cipher_list(cctx, "ECDHE-RSA-AES256-SHA384")) {
+ if (!SSL_CTX_set_cipher_list(cctx, "AES128-SHA")) {
printf("Failed setting cipher list\n");
}
goto end;
}
+ if (testidx == 1)
+ certstatus[RECORD_SEQUENCE] = 0xff;
+
/*
- * Inject a dummy record from the next epoch. This should never get used
- * because the message sequence number is too big
+ * Inject a dummy record from the next epoch. In test 0, this should never
+ * get used because the message sequence number is too big. In test 1 we set
+ * the record sequence number to be way off in the future. This should not
+ * have an impact on the record replay protection because the record should
+ * be dropped before it is marked as arrived
*/
c_to_s_mempacket = SSL_get_wbio(clientssl1);
c_to_s_mempacket = BIO_next(c_to_s_mempacket);
mempacket_test_inject(c_to_s_mempacket, (char *)certstatus,
sizeof(certstatus), 1, INJECT_PACKET_IGNORE_REC_SEQ);
- if (!create_ssl_connection(serverssl1, clientssl1)) {
+ if (!create_ssl_connection(serverssl1, clientssl1, SSL_ERROR_NONE)) {
printf("Unable to create SSL connection\n");
ERR_print_errors_fp(stdout);
goto end;
return testresult;
}
-int main(int argc, char *argv[])
+int test_main(int argc, char *argv[])
{
- BIO *err = NULL;
int testresult = 1;
if (argc != 3) {
cert = argv[1];
privkey = argv[2];
- err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
-
- CRYPTO_set_mem_debug(1);
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
- ADD_TEST(test_dtls_unprocessed);
+ ADD_ALL_TESTS(test_dtls_unprocessed, NUM_TESTS);
testresult = run_tests(argv[0]);
bio_f_tls_dump_filter_free();
bio_s_mempacket_test_free();
-#ifndef OPENSSL_NO_CRYPTO_MDEBUG
- if (CRYPTO_mem_leaks(err) <= 0)
- testresult = 1;
-#endif
- BIO_free(err);
-
- if (!testresult)
- printf("PASS\n");
-
return testresult;
}