summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--test/dtlstest.c20
1 files changed, 16 insertions, 4 deletions
diff --git a/test/dtlstest.c b/test/dtlstest.c
index c2aa7ee71a..06db5d28bd 100644
--- a/test/dtlstest.c
+++ b/test/dtlstest.c
@@ -18,6 +18,8 @@
static char *cert = NULL;
static char *privkey = NULL;
+#define NUM_TESTS 2
+
#define DUMMY_CERT_STATUS_LEN 12
@@ -36,13 +38,17 @@ unsigned char certstatus[] = {
0x80, 0x80, 0x80, 0x80, 0x80 /* Dummy data */
};
-static int test_dtls_unprocessed(void)
+#define RECORD_SEQUENCE 10
+
+static int test_dtls_unprocessed(int testidx)
{
SSL_CTX *sctx = NULL, *cctx = NULL;
SSL *serverssl1 = NULL, *clientssl1 = NULL;
BIO *c_to_s_fbio, *c_to_s_mempacket;
int testresult = 0;
+ printf("Starting Test %d\n", testidx);
+
if (!create_ssl_ctx_pair(DTLS_server_method(), DTLS_client_method(), &sctx,
&cctx, cert, privkey)) {
printf("Unable to create SSL_CTX pair\n");
@@ -67,9 +73,15 @@ static int test_dtls_unprocessed(void)
goto end;
}
+ if (testidx == 1)
+ certstatus[RECORD_SEQUENCE] = 0xff;
+
/*
- * Inject a dummy record from the next epoch. This should never get used
- * because the message sequence number is too big
+ * Inject a dummy record from the next epoch. In test 0, this should never
+ * get used because the message sequence number is too big. In test 1 we set
+ * the record sequence number to be way off in the future. This should not
+ * have an impact on the record replay protection because the record should
+ * be dropped before it is marked as arrived
*/
c_to_s_mempacket = SSL_get_wbio(clientssl1);
c_to_s_mempacket = BIO_next(c_to_s_mempacket);
@@ -110,7 +122,7 @@ int main(int argc, char *argv[])
CRYPTO_set_mem_debug(1);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
- ADD_TEST(test_dtls_unprocessed);
+ ADD_ALL_TESTS(test_dtls_unprocessed, NUM_TESTS);
testresult = run_tests(argv[0]);