The branch OpenSSL_1_1_1-stable has been updated via 6c529877cda2f52d352fa4eec1d85786bd4c2d8d (commit) via a6a83827a0e3a0f793783cef882bd790342d76aa (commit) from a66c361a773e697b5c6bb805ae37d2c4c8d32cb1 (commit)
- Log ----------------------------------------------------------------- commit 6c529877cda2f52d352fa4eec1d85786bd4c2d8d Author: Matt Caswell <m...@openssl.org> Date: Thu Oct 18 10:12:20 2018 +0100 Test DTLS cookie generation and verification Reviewed-by: Paul Dale <paul.d...@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7431) (cherry picked from commit edcd29efd32c51f298ad5ab438e2d4cc5411e9a9) commit a6a83827a0e3a0f793783cef882bd790342d76aa Author: Matt Caswell <m...@openssl.org> Date: Thu Oct 18 10:12:07 2018 +0100 Fix a DTLS memory leak Fixes #7428 Reviewed-by: Paul Dale <paul.d...@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7431) (cherry picked from commit 01666a8c1db3ecfb999e1a8f2c5436d114f95681) ----------------------------------------------------------------------- Summary of changes: ssl/statem/statem_srvr.c | 4 +++- test/dtlstest.c | 51 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 54 insertions(+), 1 deletion(-) diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index ac5fd09..7d0e9d0 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1519,8 +1519,10 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt) * So check cookie length... */ if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) { - if (clienthello->dtls_cookie_len == 0) + if (clienthello->dtls_cookie_len == 0) { + OPENSSL_free(clienthello); return MSG_PROCESS_FINISHED_READING; + } } } diff --git a/test/dtlstest.c b/test/dtlstest.c index c41aac8..5afd7e9 100644 --- a/test/dtlstest.c +++ b/test/dtlstest.c @@ -7,6 +7,7 @@ * https://www.openssl.org/source/license.html */ +#include <string.h> #include <openssl/bio.h> #include <openssl/crypto.h> #include <openssl/ssl.h> @@ -240,6 +241,55 @@ static int test_dtls_drop_records(int idx) return testresult; } +static const char dummy_cookie[] = "0123456"; + +static int generate_cookie_cb(SSL *ssl, unsigned char *cookie, + unsigned int *cookie_len) +{ + memcpy(cookie, dummy_cookie, sizeof(dummy_cookie)); + *cookie_len = sizeof(dummy_cookie); + return 1; +} + +static int verify_cookie_cb(SSL *ssl, const unsigned char *cookie, + unsigned int cookie_len) +{ + return TEST_mem_eq(cookie, cookie_len, dummy_cookie, sizeof(dummy_cookie)); +} + +static int test_cookie(void) +{ + SSL_CTX *sctx = NULL, *cctx = NULL; + SSL *serverssl = NULL, *clientssl = NULL; + int testresult = 0; + + if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(), + DTLS_client_method(), + DTLS1_VERSION, DTLS_MAX_VERSION, + &sctx, &cctx, cert, privkey))) + return 0; + + SSL_CTX_set_options(sctx, SSL_OP_COOKIE_EXCHANGE); + SSL_CTX_set_cookie_generate_cb(sctx, generate_cookie_cb); + SSL_CTX_set_cookie_verify_cb(sctx, verify_cookie_cb); + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + + testresult = 1; + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} + + int setup_tests(void) { if (!TEST_ptr(cert = test_get_argument(0)) @@ -248,6 +298,7 @@ int setup_tests(void) ADD_ALL_TESTS(test_dtls_unprocessed, NUM_TESTS); ADD_ALL_TESTS(test_dtls_drop_records, TOTAL_RECORDS); + ADD_TEST(test_cookie); return 1; } _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits