[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Fri Apr 20 10:55:43 UTC 2018
The branch master has been updated
via 4a432af895f7c0928760e76e05dd269bfbc267e1 (commit)
via 5b79813b23c02e79e3856ac526f0aab3b8c2e811 (commit)
from 033c181ba690ef234812c51d4c6cb7d8dd337cb7 (commit)
- Log -----------------------------------------------------------------
commit 4a432af895f7c0928760e76e05dd269bfbc267e1
Author: Matt Caswell <matt at openssl.org>
Date: Thu Apr 19 16:44:17 2018 +0100
Add a test for SSL_pending()
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6020)
commit 5b79813b23c02e79e3856ac526f0aab3b8c2e811
Author: Matt Caswell <matt at openssl.org>
Date: Thu Apr 19 16:42:39 2018 +0100
Fix SSL_pending() for DTLS
DTLS was not correctly returning the number of pending bytes left in
a call to SSL_pending(). This makes the detection of truncated packets
almost impossible.
Fixes #5478
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6020)
-----------------------------------------------------------------------
Summary of changes:
ssl/record/rec_layer_d1.c | 2 ++
test/sslapitest.c | 52 +++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 54 insertions(+)
diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c
index ddb3a61..90029a2 100644
--- a/ssl/record/rec_layer_d1.c
+++ b/ssl/record/rec_layer_d1.c
@@ -418,6 +418,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
/* get new packet if necessary */
if ((SSL3_RECORD_get_length(rr) == 0)
|| (s->rlayer.rstate == SSL_ST_READ_BODY)) {
+ RECORD_LAYER_set_numrpipes(&s->rlayer, 0);
iret = dtls1_get_record(s);
if (iret <= 0) {
iret = dtls1_read_failed(s, iret);
@@ -430,6 +431,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
else
goto start;
}
+ RECORD_LAYER_set_numrpipes(&s->rlayer, 1);
}
/*
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 25230c8..832746c 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -4401,6 +4401,57 @@ static int test_info_callback(int tst)
return testresult;
}
+static int test_ssl_pending(int tst)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+ char msg[] = "A test message";
+ char buf[5];
+ size_t written, readbytes;
+
+ if (tst == 0) {
+ if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
+ TLS_client_method(),
+ TLS1_VERSION, TLS_MAX_VERSION,
+ &sctx, &cctx, cert, privkey)))
+ goto end;
+ } else {
+#ifndef OPENSSL_NO_DTLS
+ if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(),
+ DTLS_client_method(),
+ DTLS1_VERSION, DTLS_MAX_VERSION,
+ &sctx, &cctx, cert, privkey)))
+ goto end;
+#else
+ return 1;
+#endif
+ }
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL))
+ || !TEST_true(create_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE)))
+ goto end;
+
+ if (!TEST_true(SSL_write_ex(serverssl, msg, sizeof(msg), &written))
+ || !TEST_size_t_eq(written, sizeof(msg))
+ || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
+ || !TEST_size_t_eq(readbytes, sizeof(buf))
+ || !TEST_int_eq(SSL_pending(clientssl), (int)(written - readbytes)))
+ goto end;
+
+ testresult = 1;
+
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+
+ return testresult;
+}
+
int setup_tests(void)
{
if (!TEST_ptr(cert = test_get_argument(0))
@@ -4492,6 +4543,7 @@ int setup_tests(void)
ADD_ALL_TESTS(test_srp, 6);
#endif
ADD_ALL_TESTS(test_info_callback, 6);
+ ADD_ALL_TESTS(test_ssl_pending, 2);
return 1;
}
More information about the openssl-commits
mailing list