The branch master has been updated via 4a432af895f7c0928760e76e05dd269bfbc267e1 (commit) via 5b79813b23c02e79e3856ac526f0aab3b8c2e811 (commit) from 033c181ba690ef234812c51d4c6cb7d8dd337cb7 (commit)
- Log ----------------------------------------------------------------- commit 4a432af895f7c0928760e76e05dd269bfbc267e1 Author: Matt Caswell <m...@openssl.org> Date: Thu Apr 19 16:44:17 2018 +0100 Add a test for SSL_pending() Reviewed-by: Rich Salz <rs...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6020) commit 5b79813b23c02e79e3856ac526f0aab3b8c2e811 Author: Matt Caswell <m...@openssl.org> Date: Thu Apr 19 16:42:39 2018 +0100 Fix SSL_pending() for DTLS DTLS was not correctly returning the number of pending bytes left in a call to SSL_pending(). This makes the detection of truncated packets almost impossible. Fixes #5478 Reviewed-by: Rich Salz <rs...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6020) ----------------------------------------------------------------------- Summary of changes: ssl/record/rec_layer_d1.c | 2 ++ test/sslapitest.c | 52 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 54 insertions(+) diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index ddb3a61..90029a2 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -418,6 +418,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, /* get new packet if necessary */ if ((SSL3_RECORD_get_length(rr) == 0) || (s->rlayer.rstate == SSL_ST_READ_BODY)) { + RECORD_LAYER_set_numrpipes(&s->rlayer, 0); iret = dtls1_get_record(s); if (iret <= 0) { iret = dtls1_read_failed(s, iret); @@ -430,6 +431,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, else goto start; } + RECORD_LAYER_set_numrpipes(&s->rlayer, 1); } /* diff --git a/test/sslapitest.c b/test/sslapitest.c index 25230c8..832746c 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -4401,6 +4401,57 @@ static int test_info_callback(int tst) return testresult; } +static int test_ssl_pending(int tst) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + char msg[] = "A test message"; + char buf[5]; + size_t written, readbytes; + + if (tst == 0) { + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), + TLS_client_method(), + TLS1_VERSION, TLS_MAX_VERSION, + &sctx, &cctx, cert, privkey))) + goto end; + } else { +#ifndef OPENSSL_NO_DTLS + if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(), + DTLS_client_method(), + DTLS1_VERSION, DTLS_MAX_VERSION, + &sctx, &cctx, cert, privkey))) + goto end; +#else + return 1; +#endif + } + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + + if (!TEST_true(SSL_write_ex(serverssl, msg, sizeof(msg), &written)) + || !TEST_size_t_eq(written, sizeof(msg)) + || !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)) + || !TEST_size_t_eq(readbytes, sizeof(buf)) + || !TEST_int_eq(SSL_pending(clientssl), (int)(written - readbytes))) + goto end; + + testresult = 1; + + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} + int setup_tests(void) { if (!TEST_ptr(cert = test_get_argument(0)) @@ -4492,6 +4543,7 @@ int setup_tests(void) ADD_ALL_TESTS(test_srp, 6); #endif ADD_ALL_TESTS(test_info_callback, 6); + ADD_ALL_TESTS(test_ssl_pending, 2); return 1; } _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits