diff options
author | Michael Tuexen <tuexen@fh-muenster.de> | 2018-12-26 12:44:53 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-02-01 11:57:19 +0000 |
commit | 09d62b336d9e2a11b330d45d4f0f3f37cbb0d674 (patch) | |
tree | 15525fb485d6460fe0197194ffac5bed06f7a8b7 /test/handshake_helper.c | |
parent | a28e4890eed847e6122a1c4d50653566e0813f45 (diff) |
Fix end-point shared secret for DTLS/SCTP
When computing the end-point shared secret, don't take the
terminating NULL character into account.
Please note that this fix breaks interoperability with older
versions of OpenSSL, which are not fixed.
Fixes #7956
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7957)
Diffstat (limited to 'test/handshake_helper.c')
-rw-r--r-- | test/handshake_helper.c | 33 |
1 files changed, 32 insertions, 1 deletions
diff --git a/test/handshake_helper.c b/test/handshake_helper.c index a9ef753d8d..a85d22e368 100644 --- a/test/handshake_helper.c +++ b/test/handshake_helper.c @@ -22,6 +22,10 @@ #include "handshake_helper.h" #include "testutil.h" +#if !defined(OPENSSL_NO_SCTP) && !defined(OPENSSL_NO_SOCK) +#include <netinet/sctp.h> +#endif + HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void) { HANDSHAKE_RESULT *ret; @@ -1282,13 +1286,33 @@ static int peer_pkey_type(SSL *s) #if !defined(OPENSSL_NO_SCTP) && !defined(OPENSSL_NO_SOCK) static int set_sock_as_sctp(int sock) { + struct sctp_assocparams assocparams; + struct sctp_rtoinfo rto_info; + BIO *tmpbio; + + /* + * To allow tests to fail fast (within a second or so), reduce the + * retransmission timeouts and the number of retransmissions. + */ + memset(&rto_info, 0, sizeof(struct sctp_rtoinfo)); + rto_info.srto_initial = 100; + rto_info.srto_max = 200; + rto_info.srto_min = 50; + (void)setsockopt(sock, IPPROTO_SCTP, SCTP_RTOINFO, + (const void *)&rto_info, sizeof(struct sctp_rtoinfo)); + memset(&assocparams, 0, sizeof(struct sctp_assocparams)); + assocparams.sasoc_asocmaxrxt = 2; + (void)setsockopt(sock, IPPROTO_SCTP, SCTP_ASSOCINFO, + (const void *)&assocparams, + sizeof(struct sctp_assocparams)); + /* * For SCTP we have to set various options on the socket prior to * connecting. This is done automatically by BIO_new_dgram_sctp(). * We don't actually need the created BIO though so we free it again * immediately. */ - BIO *tmpbio = BIO_new_dgram_sctp(sock, BIO_NOCLOSE); + tmpbio = BIO_new_dgram_sctp(sock, BIO_NOCLOSE); if (tmpbio == NULL) return 0; @@ -1438,6 +1462,13 @@ static HANDSHAKE_RESULT *do_handshake_internal( return NULL; } +#if !defined(OPENSSL_NO_SCTP) && !defined(OPENSSL_NO_SOCK) + if (test_ctx->enable_client_sctp_label_bug) + SSL_CTX_set_mode(client_ctx, SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG); + if (test_ctx->enable_server_sctp_label_bug) + SSL_CTX_set_mode(server_ctx, SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG); +#endif + /* Setup SSL and buffers; additional configuration happens below. */ if (!create_peer(&server, server_ctx)) { TEST_note("creating server context"); |