diff options
author | Matt Caswell <matt@openssl.org> | 2021-04-19 16:46:30 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2021-04-28 16:23:08 +0100 |
commit | e9b30d9f50a356b3b0a9d60e6fc877e08f68a40e (patch) | |
tree | a197d6346af07aa1ce93553dc336922367f033b0 /test/dtlstest.c | |
parent | f42e68dc473081393835b0ae7dad19d393ee589d (diff) | |
download | openssl-new-e9b30d9f50a356b3b0a9d60e6fc877e08f68a40e.tar.gz |
Test a Finished message at the wrong time results in unexpected message
We test that sending a Finished message instead of a ClientHello results
in an unexpected message error.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14930)
Diffstat (limited to 'test/dtlstest.c')
-rw-r--r-- | test/dtlstest.c | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/test/dtlstest.c b/test/dtlstest.c index 2d8aaf4709..4f0f9d549d 100644 --- a/test/dtlstest.c +++ b/test/dtlstest.c @@ -337,6 +337,79 @@ static int test_dtls_duplicate_records(void) return testresult; } +/* + * Test just sending a Finished message as the first message. Should fail due + * to an unexpected message. + */ +static int test_just_finished(void) +{ + int testresult = 0, ret; + SSL_CTX *sctx = NULL; + SSL *serverssl = NULL; + BIO *rbio = NULL, *wbio = NULL, *sbio = NULL; + unsigned char buf[] = { + /* Record header */ + SSL3_RT_HANDSHAKE, /* content type */ + (DTLS1_2_VERSION >> 8) & 0xff, /* protocol version hi byte */ + DTLS1_2_VERSION & 0xff, /* protocol version lo byte */ + 0, 0, /* epoch */ + 0, 0, 0, 0, 0, 0, /* record sequence */ + 0, DTLS1_HM_HEADER_LENGTH + SHA_DIGEST_LENGTH, /* record length */ + + /* Message header */ + SSL3_MT_FINISHED, /* message type */ + 0, 0, SHA_DIGEST_LENGTH, /* message length */ + 0, 0, /* message sequence */ + 0, 0, 0, /* fragment offset */ + 0, 0, SHA_DIGEST_LENGTH, /* fragment length */ + + /* Message body */ + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 + }; + + + if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(), + NULL, 0, 0, + &sctx, NULL, cert, privkey))) + return 0; + + serverssl = SSL_new(sctx); + rbio = BIO_new(BIO_s_mem()); + wbio = BIO_new(BIO_s_mem()); + + if (!TEST_ptr(serverssl) || !TEST_ptr(rbio) || !TEST_ptr(wbio)) + goto end; + + sbio = rbio; + SSL_set0_rbio(serverssl, rbio); + SSL_set0_wbio(serverssl, wbio); + rbio = wbio = NULL; + DTLS_set_timer_cb(serverssl, timer_cb); + + if (!TEST_int_eq(BIO_write(sbio, buf, sizeof(buf)), sizeof(buf))) + goto end; + + /* We expect the attempt to process the message to fail */ + if (!TEST_int_le(ret = SSL_accept(serverssl), 0)) + goto end; + + /* Check that we got the error we were expecting */ + if (!TEST_int_eq(SSL_get_error(serverssl, ret), SSL_ERROR_SSL)) + goto end; + + if (!TEST_int_eq(ERR_GET_REASON(ERR_get_error()), SSL_R_UNEXPECTED_MESSAGE)) + goto end; + + testresult = 1; + end: + BIO_free(rbio); + BIO_free(wbio); + SSL_free(serverssl); + SSL_CTX_free(sctx); + + return testresult; +} + OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n") int setup_tests(void) @@ -356,6 +429,7 @@ int setup_tests(void) #endif ADD_TEST(test_cookie); ADD_TEST(test_dtls_duplicate_records); + ADD_TEST(test_just_finished); return 1; } |