diff options
author | Matt Caswell <matt@openssl.org> | 2019-01-18 15:24:57 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-01-24 13:39:38 +0000 |
commit | 80c455d5ae405e855391e298a2bf8a24629dd95d (patch) | |
tree | 6be1fb350cbf48c795bec820907f70690387a968 /test/dtlstest.c | |
parent | 5cae2d349b561a84dbfc93d6b6abc5fb7263fb7c (diff) | |
download | openssl-80c455d5ae405e855391e298a2bf8a24629dd95d.tar.gz |
Make sure we trigger retransmits in DTLS testing
During a DTLS handshake we may need to periodically handle timeouts in the
DTLS timer to ensure retransmits due to lost packets are performed. However,
one peer will always complete a handshake before the other. The DTLS timer
stops once the handshake has finished so any handshake messages lost after
that point will not automatically get retransmitted simply by calling
DTLSv1_handle_timeout(). However attempting an SSL_read implies a
DTLSv1_handle_timeout() and additionally will process records received from
the peer. If those records are themselves retransmits then we know that the
peer has not completed its handshake yet and a retransmit of our final
flight automatically occurs.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8047)
Diffstat (limited to 'test/dtlstest.c')
-rw-r--r-- | test/dtlstest.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/test/dtlstest.c b/test/dtlstest.c index 0b048869d6..d196fb55dc 100644 --- a/test/dtlstest.c +++ b/test/dtlstest.c @@ -87,17 +87,21 @@ static int test_dtls_unprocessed(int testidx) /* * Inject a dummy record from the next epoch. In test 0, this should never * get used because the message sequence number is too big. In test 1 we set - * the record sequence number to be way off in the future. This should not - * have an impact on the record replay protection because the record should - * be dropped before it is marked as arrived + * the record sequence number to be way off in the future. */ c_to_s_mempacket = SSL_get_wbio(clientssl1); c_to_s_mempacket = BIO_next(c_to_s_mempacket); mempacket_test_inject(c_to_s_mempacket, (char *)certstatus, sizeof(certstatus), 1, INJECT_PACKET_IGNORE_REC_SEQ); - if (!TEST_true(create_ssl_connection(serverssl1, clientssl1, - SSL_ERROR_NONE))) + /* + * Create the connection. We use "create_bare_ssl_connection" here so that + * we can force the connection to not do "SSL_read" once partly conencted. + * We don't want to accidentally read the dummy records we injected because + * they will fail to decrypt. + */ + if (!TEST_true(create_bare_ssl_connection(serverssl1, clientssl1, + SSL_ERROR_NONE, 0))) goto end; if (timer_cb_count == 0) { |