De-obfuscate

[openssl.git] / test / dtlstest.c

diff --git a/test/dtlstest.c b/test/dtlstest.c
index c2aa7ee71a1cbcca454246ed7a097ccace5d731d..bc22d3254c2075b712cab9b44f870887970331ad 100644 (file)
--- a/test/dtlstest.c
+++ b/test/dtlstest.c
@@ -14,14 +14,17 @@
 
 #include "ssltestlib.h"
 #include "testutil.h"
+#include "test_main_custom.h"
 
 static char *cert = NULL;
 static char *privkey = NULL;
 
+#define NUM_TESTS   2
+
 
 #define DUMMY_CERT_STATUS_LEN  12
 
-unsigned char certstatus[] = {
+static unsigned char certstatus[] = {
     SSL3_RT_HANDSHAKE, /* Content type */
     0xfe, 0xfd, /* Record version */
     0, 1, /* Epoch */
@@ -36,20 +39,24 @@ unsigned char certstatus[] = {
     0x80, 0x80, 0x80, 0x80, 0x80 /* Dummy data */
 };
 
-static int test_dtls_unprocessed(void)
+#define RECORD_SEQUENCE 10
+
+static int test_dtls_unprocessed(int testidx)
 {
     SSL_CTX *sctx = NULL, *cctx = NULL;
     SSL *serverssl1 = NULL, *clientssl1 = NULL;
     BIO *c_to_s_fbio, *c_to_s_mempacket;
     int testresult = 0;
 
+    printf("Starting Test %d\n", testidx);
+
     if (!create_ssl_ctx_pair(DTLS_server_method(), DTLS_client_method(), &sctx,
                              &cctx, cert, privkey)) {
         printf("Unable to create SSL_CTX pair\n");
         return 0;
     }
 
-    if (!SSL_CTX_set_cipher_list(cctx, "ECDHE-RSA-AES256-SHA384")) {
+    if (!SSL_CTX_set_cipher_list(cctx, "AES128-SHA")) {
         printf("Failed setting cipher list\n");
     }
 
@@ -67,16 +74,22 @@ static int test_dtls_unprocessed(void)
         goto end;
     }
 
+    if (testidx == 1)
+        certstatus[RECORD_SEQUENCE] = 0xff;
+
     /*
-     * Inject a dummy record from the next epoch. This should never get used
-     * because the message sequence number is too big
+     * Inject a dummy record from the next epoch. In test 0, this should never
+     * get used because the message sequence number is too big. In test 1 we set
+     * the record sequence number to be way off in the future. This should not
+     * have an impact on the record replay protection because the record should
+     * be dropped before it is marked as arrived
      */
     c_to_s_mempacket = SSL_get_wbio(clientssl1);
     c_to_s_mempacket = BIO_next(c_to_s_mempacket);
     mempacket_test_inject(c_to_s_mempacket, (char *)certstatus,
                           sizeof(certstatus), 1, INJECT_PACKET_IGNORE_REC_SEQ);
 
-    if (!create_ssl_connection(serverssl1, clientssl1)) {
+    if (!create_ssl_connection(serverssl1, clientssl1, SSL_ERROR_NONE)) {
         printf("Unable to create SSL connection\n");
         ERR_print_errors_fp(stdout);
         goto end;
@@ -92,9 +105,8 @@ static int test_dtls_unprocessed(void)
     return testresult;
 }
 
-int main(int argc, char *argv[])
+int test_main(int argc, char *argv[])
 {
-    BIO *err = NULL;
     int testresult = 1;
 
     if (argc != 3) {
@@ -105,26 +117,12 @@ int main(int argc, char *argv[])
     cert = argv[1];
     privkey = argv[2];
 
-    err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
-
-    CRYPTO_set_mem_debug(1);
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
-    ADD_TEST(test_dtls_unprocessed);
+    ADD_ALL_TESTS(test_dtls_unprocessed, NUM_TESTS);
 
     testresult = run_tests(argv[0]);
 
     bio_f_tls_dump_filter_free();
     bio_s_mempacket_test_free();
 
-#ifndef OPENSSL_NO_CRYPTO_MDEBUG
-    if (CRYPTO_mem_leaks(err) <= 0)
-        testresult = 1;
-#endif
-    BIO_free(err);
-
-    if (!testresult)
-        printf("PASS\n");
-
     return testresult;
 }