diff options
-rw-r--r-- | src/components/security_manager/src/ssl_context_impl.cc | 8 | ||||
-rw-r--r-- | test/components/security_manager/include/security_manager/crypto_manager_impl_test.h | 51 |
2 files changed, 58 insertions, 1 deletions
diff --git a/src/components/security_manager/src/ssl_context_impl.cc b/src/components/security_manager/src/ssl_context_impl.cc index 737c53fd03..cb7ea9b574 100644 --- a/src/components/security_manager/src/ssl_context_impl.cc +++ b/src/components/security_manager/src/ssl_context_impl.cc @@ -204,6 +204,8 @@ bool CryptoManagerImpl::SSLContextImpl::Encrypt( const int read_size = BIO_read(bioOut_, buffer_, len); DCHECK(len == read_size); if (read_size < 0) { + // Reset filter and connection deinitilization instead + BIO_reset(bioFilter_); return false; } *out_data_size = read_size; @@ -231,8 +233,12 @@ bool CryptoManagerImpl::SSLContextImpl::Decrypt( while (len) { EnsureBufferSizeEnough(len + offset); len = BIO_read(bioFilter_, buffer_ + offset, len); - if (len < 0) + // TODO(EZamakhov): investigate BIO_read return 0, -1 and -2 meanings + if (len < 0) { + // Reset filter and connection deinitilization instead + BIO_reset(bioFilter_); return false; + } *out_data_size += len; offset += len; len = BIO_ctrl_pending(bioFilter_); diff --git a/test/components/security_manager/include/security_manager/crypto_manager_impl_test.h b/test/components/security_manager/include/security_manager/crypto_manager_impl_test.h index 0f4b323a34..8d6d2af90c 100644 --- a/test/components/security_manager/include/security_manager/crypto_manager_impl_test.h +++ b/test/components/security_manager/include/security_manager/crypto_manager_impl_test.h @@ -256,6 +256,57 @@ TEST_F(SSLTest, Positive) { 4), 0); } +TEST_F(SSLTest, EcncryptionFail) { + + const uint8_t *server_buf; + const uint8_t *client_buf; + size_t server_buf_len; + size_t client_buf_len; + ASSERT_EQ(client_ctx->StartHandshake(&client_buf, + &client_buf_len), + security_manager::SSLContext::Handshake_Result_Success); + + while (!server_ctx->IsInitCompleted()) { + ASSERT_FALSE(client_buf == NULL); + ASSERT_GT(client_buf_len, 0u); + ASSERT_EQ(server_ctx->DoHandshakeStep(client_buf, client_buf_len, + &server_buf, &server_buf_len), + security_manager::SSLContext::Handshake_Result_Success); + ASSERT_FALSE(server_buf == NULL); + ASSERT_GT(server_buf_len, 0u); + + ASSERT_EQ(client_ctx->DoHandshakeStep(server_buf, server_buf_len, + &client_buf, &client_buf_len), + security_manager::SSLContext::Handshake_Result_Success); + } + + EXPECT_TRUE(client_ctx->IsInitCompleted()); + EXPECT_TRUE(server_ctx->IsInitCompleted()); + + // Encrypt text on client side + const uint8_t *text = reinterpret_cast<const uint8_t*>("abra"); + const uint8_t *encrypted_text = 0; + size_t text_len = 4; + size_t encrypted_text_len; + EXPECT_TRUE(client_ctx->Encrypt(text, text_len, &encrypted_text, &encrypted_text_len)); + ASSERT_NE(encrypted_text, (void*)NULL); + ASSERT_GT(encrypted_text_len, 0u); + + std::vector<uint8_t> broken(encrypted_text, encrypted_text + encrypted_text_len); + // Broke message + broken[encrypted_text_len / 2] ^= 0xFF; + + const uint8_t *out_text; + size_t out_text_size; + // Decrypt broken text on server side + EXPECT_FALSE(server_ctx->Decrypt(&broken[0], broken.size(), &out_text, &out_text_size)); + + // Check after broken message that server encryption and decryption fail + // Encrypte message on server side + EXPECT_FALSE(server_ctx->Decrypt(encrypted_text, encrypted_text_len, &out_text, &out_text_size)); + EXPECT_FALSE(server_ctx->Encrypt(text, text_len, &encrypted_text, &encrypted_text_len)); +} + /* TEST_F(SSLTest, DISABLED_BadData) { using security_manager::LastError; |