[openssl-commits] [openssl] OpenSSL_1_1_1-stable update

Matt Caswell matt at openssl.org
Fri Oct 19 13:23:27 UTC 2018


The branch OpenSSL_1_1_1-stable has been updated
       via  6c529877cda2f52d352fa4eec1d85786bd4c2d8d (commit)
       via  a6a83827a0e3a0f793783cef882bd790342d76aa (commit)
      from  a66c361a773e697b5c6bb805ae37d2c4c8d32cb1 (commit)


- Log -----------------------------------------------------------------
commit 6c529877cda2f52d352fa4eec1d85786bd4c2d8d
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Oct 18 10:12:20 2018 +0100

    Test DTLS cookie generation and verification
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/7431)
    
    (cherry picked from commit edcd29efd32c51f298ad5ab438e2d4cc5411e9a9)

commit a6a83827a0e3a0f793783cef882bd790342d76aa
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Oct 18 10:12:07 2018 +0100

    Fix a DTLS memory leak
    
    Fixes #7428
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/7431)
    
    (cherry picked from commit 01666a8c1db3ecfb999e1a8f2c5436d114f95681)

-----------------------------------------------------------------------

Summary of changes:
 ssl/statem/statem_srvr.c |  4 +++-
 test/dtlstest.c          | 51 ++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 54 insertions(+), 1 deletion(-)

diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index ac5fd09..7d0e9d0 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1519,8 +1519,10 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
              * So check cookie length...
              */
             if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {
-                if (clienthello->dtls_cookie_len == 0)
+                if (clienthello->dtls_cookie_len == 0) {
+                    OPENSSL_free(clienthello);
                     return MSG_PROCESS_FINISHED_READING;
+                }
             }
         }
 
diff --git a/test/dtlstest.c b/test/dtlstest.c
index c41aac8..5afd7e9 100644
--- a/test/dtlstest.c
+++ b/test/dtlstest.c
@@ -7,6 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include <string.h>
 #include <openssl/bio.h>
 #include <openssl/crypto.h>
 #include <openssl/ssl.h>
@@ -240,6 +241,55 @@ static int test_dtls_drop_records(int idx)
     return testresult;
 }
 
+static const char dummy_cookie[] = "0123456";
+
+static int generate_cookie_cb(SSL *ssl, unsigned char *cookie,
+                              unsigned int *cookie_len)
+{
+    memcpy(cookie, dummy_cookie, sizeof(dummy_cookie));
+    *cookie_len = sizeof(dummy_cookie);
+    return 1;
+}
+
+static int verify_cookie_cb(SSL *ssl, const unsigned char *cookie,
+                            unsigned int cookie_len)
+{
+    return TEST_mem_eq(cookie, cookie_len, dummy_cookie, sizeof(dummy_cookie));
+}
+
+static int test_cookie(void)
+{
+    SSL_CTX *sctx = NULL, *cctx = NULL;
+    SSL *serverssl = NULL, *clientssl = NULL;
+    int testresult = 0;
+
+    if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(),
+                                       DTLS_client_method(),
+                                       DTLS1_VERSION, DTLS_MAX_VERSION,
+                                       &sctx, &cctx, cert, privkey)))
+        return 0;
+
+    SSL_CTX_set_options(sctx, SSL_OP_COOKIE_EXCHANGE);
+    SSL_CTX_set_cookie_generate_cb(sctx, generate_cookie_cb);
+    SSL_CTX_set_cookie_verify_cb(sctx, verify_cookie_cb);
+
+    if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+                                      NULL, NULL))
+            || !TEST_true(create_ssl_connection(serverssl, clientssl,
+                                                SSL_ERROR_NONE)))
+        goto end;
+
+    testresult = 1;
+ end:
+    SSL_free(serverssl);
+    SSL_free(clientssl);
+    SSL_CTX_free(sctx);
+    SSL_CTX_free(cctx);
+
+    return testresult;
+}
+
+
 int setup_tests(void)
 {
     if (!TEST_ptr(cert = test_get_argument(0))
@@ -248,6 +298,7 @@ int setup_tests(void)
 
     ADD_ALL_TESTS(test_dtls_unprocessed, NUM_TESTS);
     ADD_ALL_TESTS(test_dtls_drop_records, TOTAL_RECORDS);
+    ADD_TEST(test_cookie);
 
     return 1;
 }


More information about the openssl-commits mailing list