* https://www.openssl.org/source/license.html
*/
+#include <string.h>
#include "ssltestlib.h"
#include "testutil.h"
+static int docorrupt = 0;
+
static void copy_flags(BIO *bio)
{
int flags;
BIO *next = BIO_next(bio);
char *copy;
- if (in[0] == SSL3_RT_APPLICATION_DATA) {
+ if (docorrupt) {
copy = BUF_memdup(in, inl);
TEST_check(copy != NULL);
/* corrupt last bit of application data */
* with apps/server.pem used even in other tests. For this reason
* |cipher_list| is initialized with RSA ciphers' names. This
* naturally means that if test is to be re-purposed for other
- * type of key, then NIS_auth_* filter below would need adjustment.
+ * type of key, then NID_auth_* filter below would need adjustment.
*/
static const char **cipher_list = NULL;
BIO *c_to_s_fbio;
int testresult = 0;
static unsigned char junk[16000] = { 0 };
+ STACK_OF(SSL_CIPHER) *ciphers;
+ const SSL_CIPHER *currcipher;
+
+ docorrupt = 0;
printf("Starting Test %d, %s\n", testidx, cipher_list[testidx]);
goto end;
}
+ ciphers = SSL_CTX_get_ciphers(cctx);
+ if (ciphers == NULL || sk_SSL_CIPHER_num(ciphers) != 1) {
+ printf("Unexpected ciphers set\n");
+ goto end;
+ }
+ currcipher = sk_SSL_CIPHER_value(ciphers, 0);
+ if (currcipher == NULL) {
+ printf("Failed getting the current cipher\n");
+ goto end;
+ }
+
+ /*
+ * If we haven't got a TLSv1.3 cipher, then we mustn't attempt to use
+ * TLSv1.3. Version negotiation happens before cipher selection, so we will
+ * get a "no shared cipher" error.
+ */
+ if (strcmp(SSL_CIPHER_get_version(currcipher), "TLSv1.3") != 0) {
+ if (!SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION)) {
+ printf("Failed setting max protocol version\n");
+ goto end;
+ }
+ }
+
c_to_s_fbio = BIO_new(bio_f_tls_corrupt_filter());
if (c_to_s_fbio == NULL) {
printf("Failed to create filter BIO\n");
goto end;
}
+ docorrupt = 1;
+
if (SSL_write(client, junk, sizeof(junk)) < 0) {
printf("Unable to SSL_write\n");
ERR_print_errors_fp(stdout);
projects / openssl.git / blobdiff