1 | /*
2 | * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
3 | *
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use
5 | * this file except in compliance with the License. You can obtain a copy
6 | * in the file LICENSE in the source distribution or at
7 | * https://www.openssl.org/source/license.html
8 | */
9 |
10 | #include <string.h>
11 | #include <openssl/bio.h>
12 | #include <openssl/crypto.h>
13 | #include <openssl/ssl.h>
14 | #include <openssl/err.h>
15 |
16 | #include "helpers/ssltestlib.h"
17 | #include "testutil.h"
18 |
19 | static char *cert = NULL;
20 | static char *privkey = NULL;
21 | static unsigned int timer_cb_count;
22 |
23 | #define NUM_TESTS 2
24 |
25 |
26 | #define DUMMY_CERT_STATUS_LEN 12
27 |
28 | static unsigned char certstatus[] = {
29 | SSL3_RT_HANDSHAKE, /* Content type */
30 | 0xfe, 0xfd, /* Record version */
31 | 0, 1, /* Epoch */
32 | 0, 0, 0, 0, 0, 0x0f, /* Record sequence number */
34 | SSL3_MT_CERTIFICATE_STATUS, /* Cert Status handshake message type */
35 | 0, 0, DUMMY_CERT_STATUS_LEN, /* Message len */
36 | 0, 5, /* Message sequence */
37 | 0, 0, 0, /* Fragment offset */
38 | 0, 0, DUMMY_CERT_STATUS_LEN - 2, /* Fragment len */
39 | 0x80, 0x80, 0x80, 0x80, 0x80,
40 | 0x80, 0x80, 0x80, 0x80, 0x80 /* Dummy data */
41 | };
42 |
43 | #define RECORD_SEQUENCE 10
44 |
45 | static const char dummy_cookie[] = "0123456";
46 |
47 | static int generate_cookie_cb(SSL *ssl, unsigned char *cookie,
48 | unsigned int *cookie_len)
49 | {
50 | memcpy(cookie, dummy_cookie, sizeof(dummy_cookie));
51 | *cookie_len = sizeof(dummy_cookie);
52 | return 1;
53 | }
54 |
55 | static int verify_cookie_cb(SSL *ssl, const unsigned char *cookie,
56 | unsigned int cookie_len)
57 | {
58 | return TEST_mem_eq(cookie, cookie_len, dummy_cookie, sizeof(dummy_cookie));
59 | }
60 |
61 | static unsigned int timer_cb(SSL *s, unsigned int timer_us)
62 | {
63 | ++timer_cb_count;
64 |
65 | if (timer_us == 0)
66 | return 50000;
67 | else
68 | return 2 * timer_us;
69 | }
70 |
71 | static int test_dtls_unprocessed(int testidx)
72 | {
73 | SSL_CTX *sctx = NULL, *cctx = NULL;
74 | SSL *serverssl1 = NULL, *clientssl1 = NULL;
75 | BIO *c_to_s_fbio, *c_to_s_mempacket;
76 | int testresult = 0;
77 |
78 | timer_cb_count = 0;
79 |
80 | if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(),
81 | DTLS_client_method(),
82 | DTLS1_VERSION, 0,
83 | &sctx, &cctx, cert, privkey)))
84 | return 0;
85 |
86 | #ifndef OPENSSL_NO_DTLS1_2
87 | if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "AES128-SHA")))
88 | goto end;
89 | #else
90 | /* Default sigalgs are SHA1 based in <DTLS1.2 which is in security level 0 */
91 | if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "AES128-SHA:@SECLEVEL=0"))
92 | || !TEST_true(SSL_CTX_set_cipher_list(cctx,
93 | "AES128-SHA:@SECLEVEL=0")))
94 | goto end;
95 | #endif
96 |
97 | c_to_s_fbio = BIO_new(bio_f_tls_dump_filter());
98 | if (!TEST_ptr(c_to_s_fbio))
99 | goto end;
100 |
101 | /* BIO is freed by create_ssl_connection on error */
102 | if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1,
103 | NULL, c_to_s_fbio)))
104 | goto end;
105 |
106 | DTLS_set_timer_cb(clientssl1, timer_cb);
107 |
108 | if (testidx == 1)
109 | certstatus[RECORD_SEQUENCE] = 0xff;
110 |
111 | /*
112 | * Inject a dummy record from the next epoch. In test 0, this should never
113 | * get used because the message sequence number is too big. In test 1 we set
114 | * the record sequence number to be way off in the future.
115 | */
116 | c_to_s_mempacket = SSL_get_wbio(clientssl1);
117 | c_to_s_mempacket = BIO_next(c_to_s_mempacket);
118 | mempacket_test_inject(c_to_s_mempacket, (char *)certstatus,
119 | sizeof(certstatus), 1, INJECT_PACKET_IGNORE_REC_SEQ);
120 |
121 | /*
122 | * Create the connection. We use "create_bare_ssl_connection" here so that
123 | * we can force the connection to not do "SSL_read" once partly connected.
124 | * We don't want to accidentally read the dummy records we injected because
125 | * they will fail to decrypt.
126 | */
127 | if (!TEST_true(create_bare_ssl_connection(serverssl1, clientssl1,
128 | SSL_ERROR_NONE, 0)))
129 | goto end;
130 |
131 | if (timer_cb_count == 0) {
132 | printf("timer_callback was not called.\n");
133 | goto end;
134 | }
135 |
136 | testresult = 1;
137 | end:
138 | SSL_free(serverssl1);
139 | SSL_free(clientssl1);
140 | SSL_CTX_free(sctx);
141 | SSL_CTX_free(cctx);
142 |
143 | return testresult;
144 | }
145 |
146 | /* One record for the cookieless initial ClientHello */
147 | #define CLI_TO_SRV_COOKIE_EXCH 1
148 |
149 | /*
150 | * In a resumption handshake we use 2 records for the initial ClientHello in
151 | * this test because we are using a very small MTU and the ClientHello is
152 | * bigger than in the non resumption case.
153 | */
155 | #define SRV_TO_CLI_COOKIE_EXCH 1
156 |
157 | #define CLI_TO_SRV_EPOCH_0_RECS 3
158 | #define CLI_TO_SRV_EPOCH_1_RECS 1
159 | #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
160 | # define SRV_TO_CLI_EPOCH_0_RECS 10
161 | #else
162 | /*
163 | * In this case we have no ServerKeyExchange message, because we don't have
164 | * ECDHE or DHE. When it is present it gets fragmented into 3 records in this
165 | * test.
166 | */
167 | # define SRV_TO_CLI_EPOCH_0_RECS 9
168 | #endif
169 | #define SRV_TO_CLI_EPOCH_1_RECS 1
174 |
175 | #define CLI_TO_SRV_RESUME_EPOCH_0_RECS 3
176 | #define CLI_TO_SRV_RESUME_EPOCH_1_RECS 1
177 | #define SRV_TO_CLI_RESUME_EPOCH_0_RECS 2
178 | #define SRV_TO_CLI_RESUME_EPOCH_1_RECS 1
183 |
185 |
186 | /*
187 | * We are assuming a ServerKeyExchange message is sent in this test. If we don't
188 | * have either DH or EC, then it won't be
189 | */
190 | #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
191 | static int test_dtls_drop_records(int idx)
192 | {
193 | SSL_CTX *sctx = NULL, *cctx = NULL;
194 | SSL *serverssl = NULL, *clientssl = NULL;
195 | BIO *c_to_s_fbio, *mempackbio;
196 | int testresult = 0;
197 | int epoch = 0;
198 | SSL_SESSION *sess = NULL;
199 | int cli_to_srv_cookie, cli_to_srv_epoch0, cli_to_srv_epoch1;
200 | int srv_to_cli_epoch0;
201 |
202 | if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(),
203 | DTLS_client_method(),
204 | DTLS1_VERSION, 0,
205 | &sctx, &cctx, cert, privkey)))
206 | return 0;
207 |
208 | #ifdef OPENSSL_NO_DTLS1_2
209 | /* Default sigalgs are SHA1 based in <DTLS1.2 which is in security level 0 */
210 | if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0"))
211 | || !TEST_true(SSL_CTX_set_cipher_list(cctx,
212 | "DEFAULT:@SECLEVEL=0")))
213 | goto end;
214 | #endif
215 |
216 | if (!TEST_true(SSL_CTX_set_dh_auto(sctx, 1)))
217 | goto end;
218 |
219 | SSL_CTX_set_options(sctx, SSL_OP_COOKIE_EXCHANGE);
220 | SSL_CTX_set_cookie_generate_cb(sctx, generate_cookie_cb);
221 | SSL_CTX_set_cookie_verify_cb(sctx, verify_cookie_cb);
222 |
223 | if (idx >= TOTAL_FULL_HAND_RECORDS) {
224 | /* We're going to do a resumption handshake. Get a session first. */
225 | if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
226 | NULL, NULL))
227 | || !TEST_true(create_ssl_connection(serverssl, clientssl,
229 | || !TEST_ptr(sess = SSL_get1_session(clientssl)))
230 | goto end;
231 |
232 | SSL_shutdown(clientssl);
233 | SSL_shutdown(serverssl);
234 | SSL_free(serverssl);
235 | SSL_free(clientssl);
236 | serverssl = clientssl = NULL;
237 |
238 | cli_to_srv_epoch0 = CLI_TO_SRV_RESUME_EPOCH_0_RECS;
239 | cli_to_srv_epoch1 = CLI_TO_SRV_RESUME_EPOCH_1_RECS;
240 | srv_to_cli_epoch0 = SRV_TO_CLI_RESUME_EPOCH_0_RECS;
241 | cli_to_srv_cookie = CLI_TO_SRV_RESUME_COOKIE_EXCH;
243 | } else {
244 | cli_to_srv_epoch0 = CLI_TO_SRV_EPOCH_0_RECS;
245 | cli_to_srv_epoch1 = CLI_TO_SRV_EPOCH_1_RECS;
246 | srv_to_cli_epoch0 = SRV_TO_CLI_EPOCH_0_RECS;
247 | cli_to_srv_cookie = CLI_TO_SRV_COOKIE_EXCH;
248 | }
249 |
250 | c_to_s_fbio = BIO_new(bio_f_tls_dump_filter());
251 | if (!TEST_ptr(c_to_s_fbio))
252 | goto end;
253 |
254 | /* BIO is freed by create_ssl_connection on error */
255 | if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
256 | NULL, c_to_s_fbio)))
257 | goto end;
258 |
259 | if (sess != NULL) {
260 | if (!TEST_true(SSL_set_session(clientssl, sess)))
261 | goto end;
262 | }
263 |
264 | DTLS_set_timer_cb(clientssl, timer_cb);
265 | DTLS_set_timer_cb(serverssl, timer_cb);
266 |
267 | /* Work out which record to drop based on the test number */
268 | if (idx >= cli_to_srv_cookie + cli_to_srv_epoch0 + cli_to_srv_epoch1) {
269 | mempackbio = SSL_get_wbio(serverssl);
270 | idx -= cli_to_srv_cookie + cli_to_srv_epoch0 + cli_to_srv_epoch1;
271 | if (idx >= SRV_TO_CLI_COOKIE_EXCH + srv_to_cli_epoch0) {
272 | epoch = 1;
273 | idx -= SRV_TO_CLI_COOKIE_EXCH + srv_to_cli_epoch0;
274 | }
275 | } else {
276 | mempackbio = SSL_get_wbio(clientssl);
277 | if (idx >= cli_to_srv_cookie + cli_to_srv_epoch0) {
278 | epoch = 1;
279 | idx -= cli_to_srv_cookie + cli_to_srv_epoch0;
280 | }
281 | mempackbio = BIO_next(mempackbio);
282 | }
283 | BIO_ctrl(mempackbio, MEMPACKET_CTRL_SET_DROP_EPOCH, epoch, NULL);
284 | BIO_ctrl(mempackbio, MEMPACKET_CTRL_SET_DROP_REC, idx, NULL);
285 |
286 | if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
287 | goto end;
288 |
289 | if (sess != NULL && !TEST_true(SSL_session_reused(clientssl)))
290 | goto end;
291 |
292 | /* If the test did what we planned then it should have dropped a record */
293 | if (!TEST_int_eq((int)BIO_ctrl(mempackbio, MEMPACKET_CTRL_GET_DROP_REC, 0,
294 | NULL), -1))
295 | goto end;
296 |
297 | testresult = 1;
298 | end:
299 | SSL_SESSION_free(sess);
300 | SSL_free(serverssl);
301 | SSL_free(clientssl);
302 | SSL_CTX_free(sctx);
303 | SSL_CTX_free(cctx);
304 |
305 | return testresult;
306 | }
307 | #endif /* !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) */
308 |
309 | static int test_cookie(void)
310 | {
311 | SSL_CTX *sctx = NULL, *cctx = NULL;
312 | SSL *serverssl = NULL, *clientssl = NULL;
313 | int testresult = 0;
314 |
315 | if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(),
316 | DTLS_client_method(),
317 | DTLS1_VERSION, 0,
318 | &sctx, &cctx, cert, privkey)))
319 | return 0;
320 |
321 | SSL_CTX_set_options(sctx, SSL_OP_COOKIE_EXCHANGE);
322 | SSL_CTX_set_cookie_generate_cb(sctx, generate_cookie_cb);
323 | SSL_CTX_set_cookie_verify_cb(sctx, verify_cookie_cb);
324 |
325 | #ifdef OPENSSL_NO_DTLS1_2
326 | /* Default sigalgs are SHA1 based in <DTLS1.2 which is in security level 0 */
327 | if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0"))
328 | || !TEST_true(SSL_CTX_set_cipher_list(cctx,
329 | "DEFAULT:@SECLEVEL=0")))
330 | goto end;
331 | #endif
332 |
333 | if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
334 | NULL, NULL))
335 | || !TEST_true(create_ssl_connection(serverssl, clientssl,
337 | goto end;
338 |
339 | testresult = 1;
340 | end:
341 | SSL_free(serverssl);
342 | SSL_free(clientssl);
343 | SSL_CTX_free(sctx);
344 | SSL_CTX_free(cctx);
345 |
346 | return testresult;
347 | }
348 |
349 | static int test_dtls_duplicate_records(void)
350 | {
351 | SSL_CTX *sctx = NULL, *cctx = NULL;
352 | SSL *serverssl = NULL, *clientssl = NULL;
353 | int testresult = 0;
354 |
355 | if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(),
356 | DTLS_client_method(),
357 | DTLS1_VERSION, 0,
358 | &sctx, &cctx, cert, privkey)))
359 | return 0;
360 |
361 | #ifdef OPENSSL_NO_DTLS1_2
362 | /* Default sigalgs are SHA1 based in <DTLS1.2 which is in security level 0 */
363 | if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0"))
364 | || !TEST_true(SSL_CTX_set_cipher_list(cctx,
365 | "DEFAULT:@SECLEVEL=0")))
366 | goto end;
367 | #endif
368 |
369 | if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
370 | NULL, NULL)))
371 | goto end;
372 |
373 | DTLS_set_timer_cb(clientssl, timer_cb);
374 | DTLS_set_timer_cb(serverssl, timer_cb);
375 |
376 | BIO_ctrl(SSL_get_wbio(clientssl), MEMPACKET_CTRL_SET_DUPLICATE_REC, 1, NULL);
377 | BIO_ctrl(SSL_get_wbio(serverssl), MEMPACKET_CTRL_SET_DUPLICATE_REC, 1, NULL);
378 |
379 | if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
380 | goto end;
381 |
382 | testresult = 1;
383 | end:
384 | SSL_free(serverssl);
385 | SSL_free(clientssl);
386 | SSL_CTX_free(sctx);
387 | SSL_CTX_free(cctx);
388 |
389 | return testresult;
390 | }
391 |
392 | /*
393 | * Test just sending a Finished message as the first message. Should fail due
394 | * to an unexpected message.
395 | */
396 | static int test_just_finished(void)
397 | {
398 | int testresult = 0, ret;
399 | SSL_CTX *sctx = NULL;
400 | SSL *serverssl = NULL;
401 | BIO *rbio = NULL, *wbio = NULL, *sbio = NULL;
402 | unsigned char buf[] = {
403 | /* Record header */
404 | SSL3_RT_HANDSHAKE, /* content type */
405 | (DTLS1_2_VERSION >> 8) & 0xff, /* protocol version hi byte */
406 | DTLS1_2_VERSION & 0xff, /* protocol version lo byte */
407 | 0, 0, /* epoch */
408 | 0, 0, 0, 0, 0, 0, /* record sequence */
409 | 0, DTLS1_HM_HEADER_LENGTH + SHA_DIGEST_LENGTH, /* record length */
410 |
411 | /* Message header */
412 | SSL3_MT_FINISHED, /* message type */
413 | 0, 0, SHA_DIGEST_LENGTH, /* message length */
414 | 0, 0, /* message sequence */
415 | 0, 0, 0, /* fragment offset */
416 | 0, 0, SHA_DIGEST_LENGTH, /* fragment length */
417 |
418 | /* Message body */
419 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
420 | };
421 |
422 |
423 | if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(),
424 | NULL, 0, 0,
425 | &sctx, NULL, cert, privkey)))
426 | return 0;
427 |
428 | serverssl = SSL_new(sctx);
429 | rbio = BIO_new(BIO_s_mem());
430 | wbio = BIO_new(BIO_s_mem());
431 |
432 | if (!TEST_ptr(serverssl) || !TEST_ptr(rbio) || !TEST_ptr(wbio))
433 | goto end;
434 |
435 | sbio = rbio;
436 | SSL_set0_rbio(serverssl, rbio);
437 | SSL_set0_wbio(serverssl, wbio);
438 | rbio = wbio = NULL;
439 | DTLS_set_timer_cb(serverssl, timer_cb);
440 |
441 | if (!TEST_int_eq(BIO_write(sbio, buf, sizeof(buf)), sizeof(buf)))
442 | goto end;
443 |
444 | /* We expect the attempt to process the message to fail */
445 | if (!TEST_int_le(ret = SSL_accept(serverssl), 0))
446 | goto end;
447 |
448 | /* Check that we got the error we were expecting */
449 | if (!TEST_int_eq(SSL_get_error(serverssl, ret), SSL_ERROR_SSL))
450 | goto end;
451 |
452 | if (!TEST_int_eq(ERR_GET_REASON(ERR_get_error()), SSL_R_UNEXPECTED_MESSAGE))
453 | goto end;
454 |
455 | testresult = 1;
456 | end:
457 | BIO_free(rbio);
458 | BIO_free(wbio);
459 | SSL_free(serverssl);
460 | SSL_CTX_free(sctx);
461 |
462 | return testresult;
463 | }
464 |
465 | /*
466 | * Test that swapping later records before Finished or CCS still works
467 | * Test 0: Test receiving a handshake record early from next epoch on server side
468 | * Test 1: Test receiving a handshake record early from next epoch on client side
469 | * Test 2: Test receiving an app data record early from next epoch on client side
470 | * Test 3: Test receiving an app data before Finished on client side
471 | */
472 | static int test_swap_records(int idx)
473 | {
474 | SSL_CTX *sctx = NULL, *cctx = NULL;
475 | SSL *sssl = NULL, *cssl = NULL;
476 | int testresult = 0;
477 | BIO *bio;
478 | char msg[] = { 0x00, 0x01, 0x02, 0x03 };
479 | char buf[10];
480 |
481 | if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(),
482 | DTLS_client_method(),
483 | DTLS1_VERSION, 0,
484 | &sctx, &cctx, cert, privkey)))
485 | return 0;
486 |
487 | #ifndef OPENSSL_NO_DTLS1_2
488 | if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "AES128-SHA")))
489 | goto end;
490 | #else
491 | /* Default sigalgs are SHA1 based in <DTLS1.2 which is in security level 0 */
492 | if (!TEST_true(SSL_CTX_set_cipher_list(sctx, "AES128-SHA:@SECLEVEL=0"))
493 | || !TEST_true(SSL_CTX_set_cipher_list(cctx,
494 | "AES128-SHA:@SECLEVEL=0")))
495 | goto end;
496 | #endif
497 |
498 | if (!TEST_true(create_ssl_objects(sctx, cctx, &sssl, &cssl,
499 | NULL, NULL)))
500 | goto end;
501 |
502 | /* Send flight 1: ClientHello */
503 | if (!TEST_int_le(SSL_connect(cssl), 0))
504 | goto end;
505 |
506 | /* Recv flight 1, send flight 2: ServerHello, Certificate, ServerHelloDone */
507 | if (!TEST_int_le(SSL_accept(sssl), 0))
508 | goto end;
509 |
510 | /* Recv flight 2, send flight 3: ClientKeyExchange, CCS, Finished */
511 | if (!TEST_int_le(SSL_connect(cssl), 0))
512 | goto end;
513 |
514 | if (idx == 0) {
515 | /* Swap Finished and CCS within the datagram */
516 | bio = SSL_get_wbio(cssl);
517 | if (!TEST_ptr(bio)
518 | || !TEST_true(mempacket_swap_epoch(bio)))
519 | goto end;
520 | }
521 |
522 | /* Recv flight 3, send flight 4: datagram 0(NST, CCS) datagram 1(Finished) */
523 | if (!TEST_int_gt(SSL_accept(sssl), 0))
524 | goto end;
525 |
526 | /* Send flight 4 (cont'd): datagram 2(app data) */
527 | if (!TEST_int_eq(SSL_write(sssl, msg, sizeof(msg)), (int)sizeof(msg)))
528 | goto end;
529 |
530 | bio = SSL_get_wbio(sssl);
531 | if (!TEST_ptr(bio))
532 | goto end;
533 | if (idx == 1) {
534 | /* Finished comes before NST/CCS */
535 | if (!TEST_true(mempacket_move_packet(bio, 0, 1)))
536 | goto end;
537 | } else if (idx == 2) {
538 | /* App data comes before NST/CCS */
539 | if (!TEST_true(mempacket_move_packet(bio, 0, 2)))
540 | goto end;
541 | } else if (idx == 3) {
542 | /* App data comes before Finished */
543 | bio = SSL_get_wbio(sssl);
544 | if (!TEST_true(mempacket_move_packet(bio, 1, 2)))
545 | goto end;
546 | }
547 |
548 | /*
549 | * Recv flight 4 (datagram 1): NST, CCS, + flight 5: app data
550 | * + flight 4 (datagram 2): Finished
551 | */
552 | if (!TEST_int_gt(SSL_connect(cssl), 0))
553 | goto end;
554 |
555 | if (idx == 0 || idx == 1) {
556 | /* App data was not received early, so it should not be pending */
557 | if (!TEST_int_eq(SSL_pending(cssl), 0)
558 | || !TEST_false(SSL_has_pending(cssl)))
559 | goto end;
560 |
561 | } else {
562 | /* We received the app data early so it should be buffered already */
563 | if (!TEST_int_eq(SSL_pending(cssl), (int)sizeof(msg))
564 | || !TEST_true(SSL_has_pending(cssl)))
565 | goto end;
566 | }
567 |
568 | /*
569 | * Recv flight 5 (app data)
570 | */
571 | if (!TEST_int_eq(SSL_read(cssl, buf, sizeof(buf)), (int)sizeof(msg)))
572 | goto end;
573 |
574 | testresult = 1;
575 | end:
576 | SSL_free(cssl);
577 | SSL_free(sssl);
578 | SSL_CTX_free(cctx);
579 | SSL_CTX_free(sctx);
580 | return testresult;
581 | }
582 |
583 | OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n")
584 |
585 | int setup_tests(void)
586 | {
587 | if (!test_skip_common_options()) {
588 | TEST_error("Error parsing test options\n");
589 | return 0;
590 | }
591 |
592 | if (!TEST_ptr(cert = test_get_argument(0))
593 | || !TEST_ptr(privkey = test_get_argument(1)))
594 | return 0;
595 |
596 | ADD_ALL_TESTS(test_dtls_unprocessed, NUM_TESTS);
597 | #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
598 | ADD_ALL_TESTS(test_dtls_drop_records, TOTAL_RECORDS);
599 | #endif
600 | ADD_TEST(test_cookie);
601 | ADD_TEST(test_dtls_duplicate_records);
602 | ADD_TEST(test_just_finished);
603 | ADD_ALL_TESTS(test_swap_records, 4);
604 |
605 | return 1;
606 | }
607 |
608 | void cleanup_tests(void)
609 | {
610 | bio_f_tls_dump_filter_free();
611 | bio_s_mempacket_test_free();
612 | }