]>
Commit | Line | Data |
---|---|---|
6fc1748e | 1 | /* |
da1c088f | 2 | * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. |
6fc1748e | 3 | * |
909f1a2e | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
6fc1748e MC |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
edcd29ef | 10 | #include <string.h> |
6fc1748e MC |
11 | #include <openssl/bio.h> |
12 | #include <openssl/crypto.h> | |
13 | #include <openssl/ssl.h> | |
14 | #include <openssl/err.h> | |
15 | ||
20f8bc72 | 16 | #include "helpers/ssltestlib.h" |
6fc1748e MC |
17 | #include "testutil.h" |
18 | ||
19 | static char *cert = NULL; | |
20 | static char *privkey = NULL; | |
fa4b82cc | 21 | static unsigned int timer_cb_count; |
6fc1748e | 22 | |
ac9fc67a MC |
23 | #define NUM_TESTS 2 |
24 | ||
6fc1748e MC |
25 | |
26 | #define DUMMY_CERT_STATUS_LEN 12 | |
27 | ||
52a03d2a | 28 | static unsigned char certstatus[] = { |
6fc1748e MC |
29 | SSL3_RT_HANDSHAKE, /* Content type */ |
30 | 0xfe, 0xfd, /* Record version */ | |
31 | 0, 1, /* Epoch */ | |
32 | 0, 0, 0, 0, 0, 0x0f, /* Record sequence number */ | |
33 | 0, DTLS1_HM_HEADER_LENGTH + DUMMY_CERT_STATUS_LEN - 2, | |
34 | SSL3_MT_CERTIFICATE_STATUS, /* Cert Status handshake message type */ | |
35 | 0, 0, DUMMY_CERT_STATUS_LEN, /* Message len */ | |
36 | 0, 5, /* Message sequence */ | |
37 | 0, 0, 0, /* Fragment offset */ | |
38 | 0, 0, DUMMY_CERT_STATUS_LEN - 2, /* Fragment len */ | |
39 | 0x80, 0x80, 0x80, 0x80, 0x80, | |
40 | 0x80, 0x80, 0x80, 0x80, 0x80 /* Dummy data */ | |
41 | }; | |
42 | ||
ac9fc67a MC |
43 | #define RECORD_SEQUENCE 10 |
44 | ||
a29ad912 MC |
45 | static const char dummy_cookie[] = "0123456"; |
46 | ||
47 | static int generate_cookie_cb(SSL *ssl, unsigned char *cookie, | |
48 | unsigned int *cookie_len) | |
49 | { | |
50 | memcpy(cookie, dummy_cookie, sizeof(dummy_cookie)); | |
51 | *cookie_len = sizeof(dummy_cookie); | |
52 | return 1; | |
53 | } | |
54 | ||
55 | static int verify_cookie_cb(SSL *ssl, const unsigned char *cookie, | |
56 | unsigned int cookie_len) | |
57 | { | |
58 | return TEST_mem_eq(cookie, cookie_len, dummy_cookie, sizeof(dummy_cookie)); | |
59 | } | |
60 | ||
fa4b82cc AH |
61 | static unsigned int timer_cb(SSL *s, unsigned int timer_us) |
62 | { | |
63 | ++timer_cb_count; | |
64 | ||
65 | if (timer_us == 0) | |
61e96557 | 66 | return 50000; |
fa4b82cc AH |
67 | else |
68 | return 2 * timer_us; | |
69 | } | |
70 | ||
ac9fc67a | 71 | static int test_dtls_unprocessed(int testidx) |
6fc1748e MC |
72 | { |
73 | SSL_CTX *sctx = NULL, *cctx = NULL; | |
74 | SSL *serverssl1 = NULL, *clientssl1 = NULL; | |
75 | BIO *c_to_s_fbio, *c_to_s_mempacket; | |
76 | int testresult = 0; | |
77 | ||
fa4b82cc AH |
78 | timer_cb_count = 0; |
79 | ||
5e30f2fd | 80 | if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(), |
7d7f6834 | 81 | DTLS_client_method(), |
5c587fb6 | 82 | DTLS1_VERSION, 0, |
7d7f6834 | 83 | &sctx, &cctx, cert, privkey))) |
6fc1748e | 84 | return 0; |
6fc1748e | 85 | |
fdf31270 | 86 | #ifndef OPENSSL_NO_DTLS1_2 |
745dec3a P |
87 | if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "AES128-SHA"))) |
88 | goto end; | |
fdf31270 MC |
89 | #else |
90 | /* Default sigalgs are SHA1 based in <DTLS1.2 which is in security level 0 */ | |
91 | if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "AES128-SHA:@SECLEVEL=0")) | |
92 | || !TEST_true(SSL_CTX_set_cipher_list(cctx, | |
93 | "AES128-SHA:@SECLEVEL=0"))) | |
94 | goto end; | |
95 | #endif | |
6fc1748e MC |
96 | |
97 | c_to_s_fbio = BIO_new(bio_f_tls_dump_filter()); | |
745dec3a | 98 | if (!TEST_ptr(c_to_s_fbio)) |
6fc1748e | 99 | goto end; |
6fc1748e MC |
100 | |
101 | /* BIO is freed by create_ssl_connection on error */ | |
745dec3a P |
102 | if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1, |
103 | NULL, c_to_s_fbio))) | |
6fc1748e | 104 | goto end; |
6fc1748e | 105 | |
fa4b82cc AH |
106 | DTLS_set_timer_cb(clientssl1, timer_cb); |
107 | ||
ac9fc67a MC |
108 | if (testidx == 1) |
109 | certstatus[RECORD_SEQUENCE] = 0xff; | |
110 | ||
6fc1748e | 111 | /* |
ac9fc67a MC |
112 | * Inject a dummy record from the next epoch. In test 0, this should never |
113 | * get used because the message sequence number is too big. In test 1 we set | |
80c455d5 | 114 | * the record sequence number to be way off in the future. |
6fc1748e MC |
115 | */ |
116 | c_to_s_mempacket = SSL_get_wbio(clientssl1); | |
117 | c_to_s_mempacket = BIO_next(c_to_s_mempacket); | |
118 | mempacket_test_inject(c_to_s_mempacket, (char *)certstatus, | |
119 | sizeof(certstatus), 1, INJECT_PACKET_IGNORE_REC_SEQ); | |
120 | ||
80c455d5 MC |
121 | /* |
122 | * Create the connection. We use "create_bare_ssl_connection" here so that | |
c2969ff6 | 123 | * we can force the connection to not do "SSL_read" once partly connected. |
80c455d5 MC |
124 | * We don't want to accidentally read the dummy records we injected because |
125 | * they will fail to decrypt. | |
126 | */ | |
127 | if (!TEST_true(create_bare_ssl_connection(serverssl1, clientssl1, | |
26dad42e | 128 | SSL_ERROR_NONE, 0, 0))) |
6fc1748e | 129 | goto end; |
6fc1748e | 130 | |
fa4b82cc AH |
131 | if (timer_cb_count == 0) { |
132 | printf("timer_callback was not called.\n"); | |
133 | goto end; | |
134 | } | |
135 | ||
6fc1748e MC |
136 | testresult = 1; |
137 | end: | |
138 | SSL_free(serverssl1); | |
139 | SSL_free(clientssl1); | |
140 | SSL_CTX_free(sctx); | |
141 | SSL_CTX_free(cctx); | |
142 | ||
143 | return testresult; | |
144 | } | |
145 | ||
a29ad912 MC |
146 | /* One record for the cookieless initial ClientHello */ |
147 | #define CLI_TO_SRV_COOKIE_EXCH 1 | |
148 | ||
149 | /* | |
150 | * In a resumption handshake we use 2 records for the initial ClientHello in | |
151 | * this test because we are using a very small MTU and the ClientHello is | |
152 | * bigger than in the non resumption case. | |
153 | */ | |
154 | #define CLI_TO_SRV_RESUME_COOKIE_EXCH 2 | |
155 | #define SRV_TO_CLI_COOKIE_EXCH 1 | |
156 | ||
61e96557 MC |
157 | #define CLI_TO_SRV_EPOCH_0_RECS 3 |
158 | #define CLI_TO_SRV_EPOCH_1_RECS 1 | |
1aac20f5 | 159 | #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) |
5fd72d96 | 160 | # define SRV_TO_CLI_EPOCH_0_RECS 10 |
1aac20f5 MC |
161 | #else |
162 | /* | |
163 | * In this case we have no ServerKeyExchange message, because we don't have | |
164 | * ECDHE or DHE. When it is present it gets fragmented into 3 records in this | |
165 | * test. | |
166 | */ | |
167 | # define SRV_TO_CLI_EPOCH_0_RECS 9 | |
168 | #endif | |
61e96557 MC |
169 | #define SRV_TO_CLI_EPOCH_1_RECS 1 |
170 | #define TOTAL_FULL_HAND_RECORDS \ | |
a29ad912 MC |
171 | (CLI_TO_SRV_COOKIE_EXCH + SRV_TO_CLI_COOKIE_EXCH + \ |
172 | CLI_TO_SRV_EPOCH_0_RECS + CLI_TO_SRV_EPOCH_1_RECS + \ | |
61e96557 MC |
173 | SRV_TO_CLI_EPOCH_0_RECS + SRV_TO_CLI_EPOCH_1_RECS) |
174 | ||
175 | #define CLI_TO_SRV_RESUME_EPOCH_0_RECS 3 | |
176 | #define CLI_TO_SRV_RESUME_EPOCH_1_RECS 1 | |
177 | #define SRV_TO_CLI_RESUME_EPOCH_0_RECS 2 | |
178 | #define SRV_TO_CLI_RESUME_EPOCH_1_RECS 1 | |
179 | #define TOTAL_RESUME_HAND_RECORDS \ | |
a29ad912 MC |
180 | (CLI_TO_SRV_RESUME_COOKIE_EXCH + SRV_TO_CLI_COOKIE_EXCH + \ |
181 | CLI_TO_SRV_RESUME_EPOCH_0_RECS + CLI_TO_SRV_RESUME_EPOCH_1_RECS + \ | |
61e96557 MC |
182 | SRV_TO_CLI_RESUME_EPOCH_0_RECS + SRV_TO_CLI_RESUME_EPOCH_1_RECS) |
183 | ||
184 | #define TOTAL_RECORDS (TOTAL_FULL_HAND_RECORDS + TOTAL_RESUME_HAND_RECORDS) | |
185 | ||
cbb85bda MC |
186 | /* |
187 | * We are assuming a ServerKeyExchange message is sent in this test. If we don't | |
188 | * have either DH or EC, then it won't be | |
189 | */ | |
190 | #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) | |
61e96557 MC |
191 | static int test_dtls_drop_records(int idx) |
192 | { | |
193 | SSL_CTX *sctx = NULL, *cctx = NULL; | |
194 | SSL *serverssl = NULL, *clientssl = NULL; | |
195 | BIO *c_to_s_fbio, *mempackbio; | |
196 | int testresult = 0; | |
197 | int epoch = 0; | |
198 | SSL_SESSION *sess = NULL; | |
a29ad912 MC |
199 | int cli_to_srv_cookie, cli_to_srv_epoch0, cli_to_srv_epoch1; |
200 | int srv_to_cli_epoch0; | |
61e96557 | 201 | |
5e30f2fd | 202 | if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(), |
61e96557 | 203 | DTLS_client_method(), |
5c587fb6 | 204 | DTLS1_VERSION, 0, |
61e96557 MC |
205 | &sctx, &cctx, cert, privkey))) |
206 | return 0; | |
207 | ||
fdf31270 MC |
208 | #ifdef OPENSSL_NO_DTLS1_2 |
209 | /* Default sigalgs are SHA1 based in <DTLS1.2 which is in security level 0 */ | |
210 | if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0")) | |
211 | || !TEST_true(SSL_CTX_set_cipher_list(cctx, | |
212 | "DEFAULT:@SECLEVEL=0"))) | |
213 | goto end; | |
214 | #endif | |
215 | ||
33c39a06 MC |
216 | if (!TEST_true(SSL_CTX_set_dh_auto(sctx, 1))) |
217 | goto end; | |
218 | ||
a29ad912 MC |
219 | SSL_CTX_set_options(sctx, SSL_OP_COOKIE_EXCHANGE); |
220 | SSL_CTX_set_cookie_generate_cb(sctx, generate_cookie_cb); | |
221 | SSL_CTX_set_cookie_verify_cb(sctx, verify_cookie_cb); | |
222 | ||
61e96557 MC |
223 | if (idx >= TOTAL_FULL_HAND_RECORDS) { |
224 | /* We're going to do a resumption handshake. Get a session first. */ | |
225 | if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, | |
226 | NULL, NULL)) | |
227 | || !TEST_true(create_ssl_connection(serverssl, clientssl, | |
228 | SSL_ERROR_NONE)) | |
229 | || !TEST_ptr(sess = SSL_get1_session(clientssl))) | |
230 | goto end; | |
231 | ||
232 | SSL_shutdown(clientssl); | |
233 | SSL_shutdown(serverssl); | |
234 | SSL_free(serverssl); | |
235 | SSL_free(clientssl); | |
236 | serverssl = clientssl = NULL; | |
237 | ||
238 | cli_to_srv_epoch0 = CLI_TO_SRV_RESUME_EPOCH_0_RECS; | |
239 | cli_to_srv_epoch1 = CLI_TO_SRV_RESUME_EPOCH_1_RECS; | |
240 | srv_to_cli_epoch0 = SRV_TO_CLI_RESUME_EPOCH_0_RECS; | |
a29ad912 | 241 | cli_to_srv_cookie = CLI_TO_SRV_RESUME_COOKIE_EXCH; |
61e96557 MC |
242 | idx -= TOTAL_FULL_HAND_RECORDS; |
243 | } else { | |
244 | cli_to_srv_epoch0 = CLI_TO_SRV_EPOCH_0_RECS; | |
245 | cli_to_srv_epoch1 = CLI_TO_SRV_EPOCH_1_RECS; | |
246 | srv_to_cli_epoch0 = SRV_TO_CLI_EPOCH_0_RECS; | |
a29ad912 | 247 | cli_to_srv_cookie = CLI_TO_SRV_COOKIE_EXCH; |
61e96557 MC |
248 | } |
249 | ||
250 | c_to_s_fbio = BIO_new(bio_f_tls_dump_filter()); | |
251 | if (!TEST_ptr(c_to_s_fbio)) | |
252 | goto end; | |
253 | ||
254 | /* BIO is freed by create_ssl_connection on error */ | |
255 | if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, | |
256 | NULL, c_to_s_fbio))) | |
257 | goto end; | |
258 | ||
259 | if (sess != NULL) { | |
260 | if (!TEST_true(SSL_set_session(clientssl, sess))) | |
261 | goto end; | |
262 | } | |
263 | ||
264 | DTLS_set_timer_cb(clientssl, timer_cb); | |
265 | DTLS_set_timer_cb(serverssl, timer_cb); | |
266 | ||
267 | /* Work out which record to drop based on the test number */ | |
a29ad912 | 268 | if (idx >= cli_to_srv_cookie + cli_to_srv_epoch0 + cli_to_srv_epoch1) { |
61e96557 | 269 | mempackbio = SSL_get_wbio(serverssl); |
a29ad912 MC |
270 | idx -= cli_to_srv_cookie + cli_to_srv_epoch0 + cli_to_srv_epoch1; |
271 | if (idx >= SRV_TO_CLI_COOKIE_EXCH + srv_to_cli_epoch0) { | |
61e96557 | 272 | epoch = 1; |
a29ad912 | 273 | idx -= SRV_TO_CLI_COOKIE_EXCH + srv_to_cli_epoch0; |
61e96557 MC |
274 | } |
275 | } else { | |
276 | mempackbio = SSL_get_wbio(clientssl); | |
a29ad912 | 277 | if (idx >= cli_to_srv_cookie + cli_to_srv_epoch0) { |
61e96557 | 278 | epoch = 1; |
a29ad912 | 279 | idx -= cli_to_srv_cookie + cli_to_srv_epoch0; |
61e96557 MC |
280 | } |
281 | mempackbio = BIO_next(mempackbio); | |
282 | } | |
283 | BIO_ctrl(mempackbio, MEMPACKET_CTRL_SET_DROP_EPOCH, epoch, NULL); | |
284 | BIO_ctrl(mempackbio, MEMPACKET_CTRL_SET_DROP_REC, idx, NULL); | |
285 | ||
286 | if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) | |
287 | goto end; | |
288 | ||
289 | if (sess != NULL && !TEST_true(SSL_session_reused(clientssl))) | |
290 | goto end; | |
291 | ||
292 | /* If the test did what we planned then it should have dropped a record */ | |
293 | if (!TEST_int_eq((int)BIO_ctrl(mempackbio, MEMPACKET_CTRL_GET_DROP_REC, 0, | |
294 | NULL), -1)) | |
295 | goto end; | |
296 | ||
297 | testresult = 1; | |
298 | end: | |
299 | SSL_SESSION_free(sess); | |
300 | SSL_free(serverssl); | |
301 | SSL_free(clientssl); | |
302 | SSL_CTX_free(sctx); | |
303 | SSL_CTX_free(cctx); | |
304 | ||
305 | return testresult; | |
306 | } | |
cbb85bda | 307 | #endif /* !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) */ |
61e96557 | 308 | |
edcd29ef MC |
309 | static int test_cookie(void) |
310 | { | |
311 | SSL_CTX *sctx = NULL, *cctx = NULL; | |
312 | SSL *serverssl = NULL, *clientssl = NULL; | |
313 | int testresult = 0; | |
314 | ||
5e30f2fd | 315 | if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(), |
edcd29ef | 316 | DTLS_client_method(), |
5c587fb6 | 317 | DTLS1_VERSION, 0, |
edcd29ef MC |
318 | &sctx, &cctx, cert, privkey))) |
319 | return 0; | |
320 | ||
321 | SSL_CTX_set_options(sctx, SSL_OP_COOKIE_EXCHANGE); | |
322 | SSL_CTX_set_cookie_generate_cb(sctx, generate_cookie_cb); | |
323 | SSL_CTX_set_cookie_verify_cb(sctx, verify_cookie_cb); | |
324 | ||
fdf31270 MC |
325 | #ifdef OPENSSL_NO_DTLS1_2 |
326 | /* Default sigalgs are SHA1 based in <DTLS1.2 which is in security level 0 */ | |
327 | if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0")) | |
328 | || !TEST_true(SSL_CTX_set_cipher_list(cctx, | |
329 | "DEFAULT:@SECLEVEL=0"))) | |
330 | goto end; | |
331 | #endif | |
332 | ||
edcd29ef MC |
333 | if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, |
334 | NULL, NULL)) | |
335 | || !TEST_true(create_ssl_connection(serverssl, clientssl, | |
336 | SSL_ERROR_NONE))) | |
337 | goto end; | |
338 | ||
339 | testresult = 1; | |
340 | end: | |
341 | SSL_free(serverssl); | |
342 | SSL_free(clientssl); | |
343 | SSL_CTX_free(sctx); | |
344 | SSL_CTX_free(cctx); | |
345 | ||
346 | return testresult; | |
347 | } | |
348 | ||
f1358634 MC |
349 | static int test_dtls_duplicate_records(void) |
350 | { | |
351 | SSL_CTX *sctx = NULL, *cctx = NULL; | |
352 | SSL *serverssl = NULL, *clientssl = NULL; | |
353 | int testresult = 0; | |
354 | ||
5e30f2fd | 355 | if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(), |
f1358634 | 356 | DTLS_client_method(), |
5c587fb6 | 357 | DTLS1_VERSION, 0, |
f1358634 MC |
358 | &sctx, &cctx, cert, privkey))) |
359 | return 0; | |
360 | ||
fdf31270 MC |
361 | #ifdef OPENSSL_NO_DTLS1_2 |
362 | /* Default sigalgs are SHA1 based in <DTLS1.2 which is in security level 0 */ | |
363 | if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0")) | |
364 | || !TEST_true(SSL_CTX_set_cipher_list(cctx, | |
365 | "DEFAULT:@SECLEVEL=0"))) | |
366 | goto end; | |
367 | #endif | |
368 | ||
f1358634 MC |
369 | if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, |
370 | NULL, NULL))) | |
371 | goto end; | |
372 | ||
373 | DTLS_set_timer_cb(clientssl, timer_cb); | |
374 | DTLS_set_timer_cb(serverssl, timer_cb); | |
375 | ||
376 | BIO_ctrl(SSL_get_wbio(clientssl), MEMPACKET_CTRL_SET_DUPLICATE_REC, 1, NULL); | |
377 | BIO_ctrl(SSL_get_wbio(serverssl), MEMPACKET_CTRL_SET_DUPLICATE_REC, 1, NULL); | |
378 | ||
379 | if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) | |
380 | goto end; | |
381 | ||
382 | testresult = 1; | |
383 | end: | |
384 | SSL_free(serverssl); | |
385 | SSL_free(clientssl); | |
386 | SSL_CTX_free(sctx); | |
387 | SSL_CTX_free(cctx); | |
388 | ||
389 | return testresult; | |
390 | } | |
edcd29ef | 391 | |
e9b30d9f MC |
392 | /* |
393 | * Test just sending a Finished message as the first message. Should fail due | |
394 | * to an unexpected message. | |
395 | */ | |
396 | static int test_just_finished(void) | |
397 | { | |
398 | int testresult = 0, ret; | |
399 | SSL_CTX *sctx = NULL; | |
400 | SSL *serverssl = NULL; | |
401 | BIO *rbio = NULL, *wbio = NULL, *sbio = NULL; | |
402 | unsigned char buf[] = { | |
403 | /* Record header */ | |
404 | SSL3_RT_HANDSHAKE, /* content type */ | |
405 | (DTLS1_2_VERSION >> 8) & 0xff, /* protocol version hi byte */ | |
406 | DTLS1_2_VERSION & 0xff, /* protocol version lo byte */ | |
407 | 0, 0, /* epoch */ | |
408 | 0, 0, 0, 0, 0, 0, /* record sequence */ | |
409 | 0, DTLS1_HM_HEADER_LENGTH + SHA_DIGEST_LENGTH, /* record length */ | |
410 | ||
411 | /* Message header */ | |
412 | SSL3_MT_FINISHED, /* message type */ | |
413 | 0, 0, SHA_DIGEST_LENGTH, /* message length */ | |
414 | 0, 0, /* message sequence */ | |
415 | 0, 0, 0, /* fragment offset */ | |
416 | 0, 0, SHA_DIGEST_LENGTH, /* fragment length */ | |
417 | ||
418 | /* Message body */ | |
419 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 | |
420 | }; | |
421 | ||
422 | ||
423 | if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(), | |
424 | NULL, 0, 0, | |
425 | &sctx, NULL, cert, privkey))) | |
426 | return 0; | |
427 | ||
a6843e6a MC |
428 | #ifdef OPENSSL_NO_DTLS1_2 |
429 | /* DTLSv1 is not allowed at the default security level */ | |
430 | if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0"))) | |
431 | goto end; | |
432 | #endif | |
433 | ||
e9b30d9f MC |
434 | serverssl = SSL_new(sctx); |
435 | rbio = BIO_new(BIO_s_mem()); | |
436 | wbio = BIO_new(BIO_s_mem()); | |
437 | ||
438 | if (!TEST_ptr(serverssl) || !TEST_ptr(rbio) || !TEST_ptr(wbio)) | |
439 | goto end; | |
440 | ||
441 | sbio = rbio; | |
442 | SSL_set0_rbio(serverssl, rbio); | |
443 | SSL_set0_wbio(serverssl, wbio); | |
444 | rbio = wbio = NULL; | |
445 | DTLS_set_timer_cb(serverssl, timer_cb); | |
446 | ||
447 | if (!TEST_int_eq(BIO_write(sbio, buf, sizeof(buf)), sizeof(buf))) | |
448 | goto end; | |
449 | ||
450 | /* We expect the attempt to process the message to fail */ | |
451 | if (!TEST_int_le(ret = SSL_accept(serverssl), 0)) | |
452 | goto end; | |
453 | ||
454 | /* Check that we got the error we were expecting */ | |
455 | if (!TEST_int_eq(SSL_get_error(serverssl, ret), SSL_ERROR_SSL)) | |
456 | goto end; | |
457 | ||
458 | if (!TEST_int_eq(ERR_GET_REASON(ERR_get_error()), SSL_R_UNEXPECTED_MESSAGE)) | |
459 | goto end; | |
460 | ||
461 | testresult = 1; | |
462 | end: | |
463 | BIO_free(rbio); | |
464 | BIO_free(wbio); | |
465 | SSL_free(serverssl); | |
466 | SSL_CTX_free(sctx); | |
467 | ||
468 | return testresult; | |
469 | } | |
470 | ||
e1c153d3 | 471 | /* |
8189fe24 MC |
472 | * Test that swapping later records before Finished or CCS still works |
473 | * Test 0: Test receiving a handshake record early from next epoch on server side | |
474 | * Test 1: Test receiving a handshake record early from next epoch on client side | |
475 | * Test 2: Test receiving an app data record early from next epoch on client side | |
476 | * Test 3: Test receiving an app data before Finished on client side | |
e1c153d3 | 477 | */ |
8189fe24 | 478 | static int test_swap_records(int idx) |
4000827f MC |
479 | { |
480 | SSL_CTX *sctx = NULL, *cctx = NULL; | |
481 | SSL *sssl = NULL, *cssl = NULL; | |
482 | int testresult = 0; | |
483 | BIO *bio; | |
484 | char msg[] = { 0x00, 0x01, 0x02, 0x03 }; | |
485 | char buf[10]; | |
486 | ||
487 | if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(), | |
488 | DTLS_client_method(), | |
489 | DTLS1_VERSION, 0, | |
490 | &sctx, &cctx, cert, privkey))) | |
491 | return 0; | |
492 | ||
493 | #ifndef OPENSSL_NO_DTLS1_2 | |
494 | if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "AES128-SHA"))) | |
495 | goto end; | |
496 | #else | |
497 | /* Default sigalgs are SHA1 based in <DTLS1.2 which is in security level 0 */ | |
498 | if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "AES128-SHA:@SECLEVEL=0")) | |
499 | || !TEST_true(SSL_CTX_set_cipher_list(cctx, | |
500 | "AES128-SHA:@SECLEVEL=0"))) | |
501 | goto end; | |
502 | #endif | |
503 | ||
504 | if (!TEST_true(create_ssl_objects(sctx, cctx, &sssl, &cssl, | |
505 | NULL, NULL))) | |
506 | goto end; | |
507 | ||
508 | /* Send flight 1: ClientHello */ | |
509 | if (!TEST_int_le(SSL_connect(cssl), 0)) | |
510 | goto end; | |
511 | ||
512 | /* Recv flight 1, send flight 2: ServerHello, Certificate, ServerHelloDone */ | |
513 | if (!TEST_int_le(SSL_accept(sssl), 0)) | |
514 | goto end; | |
515 | ||
516 | /* Recv flight 2, send flight 3: ClientKeyExchange, CCS, Finished */ | |
517 | if (!TEST_int_le(SSL_connect(cssl), 0)) | |
518 | goto end; | |
519 | ||
8189fe24 MC |
520 | if (idx == 0) { |
521 | /* Swap Finished and CCS within the datagram */ | |
522 | bio = SSL_get_wbio(cssl); | |
523 | if (!TEST_ptr(bio) | |
524 | || !TEST_true(mempacket_swap_epoch(bio))) | |
525 | goto end; | |
526 | } | |
527 | ||
528 | /* Recv flight 3, send flight 4: datagram 0(NST, CCS) datagram 1(Finished) */ | |
4000827f MC |
529 | if (!TEST_int_gt(SSL_accept(sssl), 0)) |
530 | goto end; | |
531 | ||
8189fe24 | 532 | /* Send flight 4 (cont'd): datagram 2(app data) */ |
4000827f MC |
533 | if (!TEST_int_eq(SSL_write(sssl, msg, sizeof(msg)), (int)sizeof(msg))) |
534 | goto end; | |
535 | ||
536 | bio = SSL_get_wbio(sssl); | |
8189fe24 | 537 | if (!TEST_ptr(bio)) |
4000827f | 538 | goto end; |
8189fe24 MC |
539 | if (idx == 1) { |
540 | /* Finished comes before NST/CCS */ | |
541 | if (!TEST_true(mempacket_move_packet(bio, 0, 1))) | |
542 | goto end; | |
543 | } else if (idx == 2) { | |
544 | /* App data comes before NST/CCS */ | |
545 | if (!TEST_true(mempacket_move_packet(bio, 0, 2))) | |
546 | goto end; | |
547 | } else if (idx == 3) { | |
548 | /* App data comes before Finished */ | |
549 | bio = SSL_get_wbio(sssl); | |
550 | if (!TEST_true(mempacket_move_packet(bio, 1, 2))) | |
551 | goto end; | |
552 | } | |
4000827f MC |
553 | |
554 | /* | |
555 | * Recv flight 4 (datagram 1): NST, CCS, + flight 5: app data | |
556 | * + flight 4 (datagram 2): Finished | |
557 | */ | |
558 | if (!TEST_int_gt(SSL_connect(cssl), 0)) | |
559 | goto end; | |
560 | ||
8189fe24 MC |
561 | if (idx == 0 || idx == 1) { |
562 | /* App data was not received early, so it should not be pending */ | |
563 | if (!TEST_int_eq(SSL_pending(cssl), 0) | |
564 | || !TEST_false(SSL_has_pending(cssl))) | |
565 | goto end; | |
566 | ||
567 | } else { | |
568 | /* We received the app data early so it should be buffered already */ | |
569 | if (!TEST_int_eq(SSL_pending(cssl), (int)sizeof(msg)) | |
570 | || !TEST_true(SSL_has_pending(cssl))) | |
571 | goto end; | |
572 | } | |
4000827f MC |
573 | |
574 | /* | |
8189fe24 MC |
575 | * Recv flight 5 (app data) |
576 | */ | |
4000827f MC |
577 | if (!TEST_int_eq(SSL_read(cssl, buf, sizeof(buf)), (int)sizeof(msg))) |
578 | goto end; | |
579 | ||
580 | testresult = 1; | |
581 | end: | |
582 | SSL_free(cssl); | |
583 | SSL_free(sssl); | |
584 | SSL_CTX_free(cctx); | |
585 | SSL_CTX_free(sctx); | |
26dad42e MC |
586 | |
587 | return testresult; | |
588 | } | |
589 | ||
590 | /* Confirm that we can create a connections using DTLSv1_listen() */ | |
591 | static int test_listen(void) | |
592 | { | |
593 | SSL_CTX *sctx = NULL, *cctx = NULL; | |
594 | SSL *serverssl = NULL, *clientssl = NULL; | |
595 | int testresult = 0; | |
596 | ||
597 | if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(), | |
598 | DTLS_client_method(), | |
599 | DTLS1_VERSION, 0, | |
600 | &sctx, &cctx, cert, privkey))) | |
601 | return 0; | |
602 | ||
603 | #ifdef OPENSSL_NO_DTLS1_2 | |
604 | /* Default sigalgs are SHA1 based in <DTLS1.2 which is in security level 0 */ | |
605 | if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0")) | |
606 | || !TEST_true(SSL_CTX_set_cipher_list(cctx, | |
607 | "DEFAULT:@SECLEVEL=0"))) | |
608 | goto end; | |
609 | #endif | |
610 | ||
611 | SSL_CTX_set_cookie_generate_cb(sctx, generate_cookie_cb); | |
612 | SSL_CTX_set_cookie_verify_cb(sctx, verify_cookie_cb); | |
613 | ||
614 | if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, | |
615 | NULL, NULL))) | |
616 | goto end; | |
617 | ||
618 | DTLS_set_timer_cb(clientssl, timer_cb); | |
619 | DTLS_set_timer_cb(serverssl, timer_cb); | |
620 | ||
621 | /* | |
622 | * The last parameter to create_bare_ssl_connection() requests that | |
2913b5c0 | 623 | * DTLSv1_listen() is used. |
26dad42e MC |
624 | */ |
625 | if (!TEST_true(create_bare_ssl_connection(serverssl, clientssl, | |
626 | SSL_ERROR_NONE, 1, 1))) | |
627 | goto end; | |
628 | ||
629 | testresult = 1; | |
630 | end: | |
631 | SSL_free(serverssl); | |
632 | SSL_free(clientssl); | |
633 | SSL_CTX_free(sctx); | |
634 | SSL_CTX_free(cctx); | |
635 | ||
4000827f MC |
636 | return testresult; |
637 | } | |
638 | ||
a43ce58f SL |
639 | OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n") |
640 | ||
ad887416 | 641 | int setup_tests(void) |
6fc1748e | 642 | { |
8d242823 MC |
643 | if (!test_skip_common_options()) { |
644 | TEST_error("Error parsing test options\n"); | |
645 | return 0; | |
646 | } | |
647 | ||
ad887416 P |
648 | if (!TEST_ptr(cert = test_get_argument(0)) |
649 | || !TEST_ptr(privkey = test_get_argument(1))) | |
650 | return 0; | |
6fc1748e | 651 | |
ac9fc67a | 652 | ADD_ALL_TESTS(test_dtls_unprocessed, NUM_TESTS); |
cbb85bda | 653 | #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) |
61e96557 | 654 | ADD_ALL_TESTS(test_dtls_drop_records, TOTAL_RECORDS); |
cbb85bda | 655 | #endif |
edcd29ef | 656 | ADD_TEST(test_cookie); |
f1358634 | 657 | ADD_TEST(test_dtls_duplicate_records); |
e9b30d9f | 658 | ADD_TEST(test_just_finished); |
8189fe24 | 659 | ADD_ALL_TESTS(test_swap_records, 4); |
26dad42e | 660 | ADD_TEST(test_listen); |
61e96557 | 661 | |
ad887416 P |
662 | return 1; |
663 | } | |
6fc1748e | 664 | |
ad887416 P |
665 | void cleanup_tests(void) |
666 | { | |
6fc1748e MC |
667 | bio_f_tls_dump_filter_free(); |
668 | bio_s_mempacket_test_free(); | |
6fc1748e | 669 | } |