The branch OpenSSL_1_1_1-stable has been updated
via 6c529877cda2f52d352fa4eec1d85786bd4c2d8d (commit)
via a6a83827a0e3a0f793783cef882bd790342d76aa (commit)
from a66c361a773e697b5c6bb805ae37d2c4c8d32cb1 (commit)
- Log -----------------------------------------------------------------
commit 6c529877cda2f52d352fa4eec1d85786bd4c2d8d
Author: Matt Caswell <m...@openssl.org>
Date: Thu Oct 18 10:12:20 2018 +0100
Test DTLS cookie generation and verification
Reviewed-by: Paul Dale <paul.d...@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7431)
(cherry picked from commit edcd29efd32c51f298ad5ab438e2d4cc5411e9a9)
commit a6a83827a0e3a0f793783cef882bd790342d76aa
Author: Matt Caswell <m...@openssl.org>
Date: Thu Oct 18 10:12:07 2018 +0100
Fix a DTLS memory leak
Fixes #7428
Reviewed-by: Paul Dale <paul.d...@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7431)
(cherry picked from commit 01666a8c1db3ecfb999e1a8f2c5436d114f95681)
-----------------------------------------------------------------------
Summary of changes:
ssl/statem/statem_srvr.c | 4 +++-
test/dtlstest.c | 51 ++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 54 insertions(+), 1 deletion(-)
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index ac5fd09..7d0e9d0 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1519,8 +1519,10 @@ MSG_PROCESS_RETURN tls_process_client_hello(SSL *s,
PACKET *pkt)
* So check cookie length...
*/
if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {
- if (clienthello->dtls_cookie_len == 0)
+ if (clienthello->dtls_cookie_len == 0) {
+ OPENSSL_free(clienthello);
return MSG_PROCESS_FINISHED_READING;
+ }
}
}
diff --git a/test/dtlstest.c b/test/dtlstest.c
index c41aac8..5afd7e9 100644
--- a/test/dtlstest.c
+++ b/test/dtlstest.c
@@ -7,6 +7,7 @@
* https://www.openssl.org/source/license.html
*/
+#include <string.h>
#include <openssl/bio.h>
#include <openssl/crypto.h>
#include <openssl/ssl.h>
@@ -240,6 +241,55 @@ static int test_dtls_drop_records(int idx)
return testresult;
}
+static const char dummy_cookie[] = "0123456";
+
+static int generate_cookie_cb(SSL *ssl, unsigned char *cookie,
+ unsigned int *cookie_len)
+{
+ memcpy(cookie, dummy_cookie, sizeof(dummy_cookie));
+ *cookie_len = sizeof(dummy_cookie);
+ return 1;
+}
+
+static int verify_cookie_cb(SSL *ssl, const unsigned char *cookie,
+ unsigned int cookie_len)
+{
+ return TEST_mem_eq(cookie, cookie_len, dummy_cookie, sizeof(dummy_cookie));
+}
+
+static int test_cookie(void)
+{
+ SSL_CTX *sctx = NULL, *cctx = NULL;
+ SSL *serverssl = NULL, *clientssl = NULL;
+ int testresult = 0;
+
+ if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(),
+ DTLS_client_method(),
+ DTLS1_VERSION, DTLS_MAX_VERSION,
+ &sctx, &cctx, cert, privkey)))
+ return 0;
+
+ SSL_CTX_set_options(sctx, SSL_OP_COOKIE_EXCHANGE);
+ SSL_CTX_set_cookie_generate_cb(sctx, generate_cookie_cb);
+ SSL_CTX_set_cookie_verify_cb(sctx, verify_cookie_cb);
+
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
+ NULL, NULL))
+ || !TEST_true(create_ssl_connection(serverssl, clientssl,
+ SSL_ERROR_NONE)))
+ goto end;
+
+ testresult = 1;
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+
+ return testresult;
+}
+
+
int setup_tests(void)
{
if (!TEST_ptr(cert = test_get_argument(0))
@@ -248,6 +298,7 @@ int setup_tests(void)
ADD_ALL_TESTS(test_dtls_unprocessed, NUM_TESTS);
ADD_ALL_TESTS(test_dtls_drop_records, TOTAL_RECORDS);
+ ADD_TEST(test_cookie);
return 1;
}
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
