diff options
author | Matt Caswell <matt@openssl.org> | 2019-01-18 15:24:57 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-01-24 13:39:38 +0000 |
commit | 80c455d5ae405e855391e298a2bf8a24629dd95d (patch) | |
tree | 6be1fb350cbf48c795bec820907f70690387a968 /test/ssltestlib.c | |
parent | 5cae2d349b561a84dbfc93d6b6abc5fb7263fb7c (diff) |
Make sure we trigger retransmits in DTLS testing
During a DTLS handshake we may need to periodically handle timeouts in the
DTLS timer to ensure retransmits due to lost packets are performed. However,
one peer will always complete a handshake before the other. The DTLS timer
stops once the handshake has finished so any handshake messages lost after
that point will not automatically get retransmitted simply by calling
DTLSv1_handle_timeout(). However attempting an SSL_read implies a
DTLSv1_handle_timeout() and additionally will process records received from
the peer. If those records are themselves retransmits then we know that the
peer has not completed its handshake yet and a retransmit of our final
flight automatically occurs.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8047)
Diffstat (limited to 'test/ssltestlib.c')
-rw-r--r-- | test/ssltestlib.c | 31 |
1 files changed, 24 insertions, 7 deletions
diff --git a/test/ssltestlib.c b/test/ssltestlib.c index 78c0e8eb79..2f662674e7 100644 --- a/test/ssltestlib.c +++ b/test/ssltestlib.c @@ -835,8 +835,12 @@ int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl, /* * Create an SSL connection, but does not ready any post-handshake * NewSessionTicket messages. + * If |read| is set and we're using DTLS then we will attempt to SSL_read on + * the connection once we've completed one half of it, to ensure any retransmits + * get triggered. */ -int create_bare_ssl_connection(SSL *serverssl, SSL *clientssl, int want) +int create_bare_ssl_connection(SSL *serverssl, SSL *clientssl, int want, + int read) { int retc = -1, rets = -1, err, abortctr = 0; int clienterr = 0, servererr = 0; @@ -874,11 +878,24 @@ int create_bare_ssl_connection(SSL *serverssl, SSL *clientssl, int want) return 0; if (clienterr && servererr) return 0; - if (isdtls) { - if (rets > 0 && retc <= 0) - DTLSv1_handle_timeout(serverssl); - if (retc > 0 && rets <= 0) - DTLSv1_handle_timeout(clientssl); + if (isdtls && read) { + unsigned char buf[20]; + + /* Trigger any retransmits that may be appropriate */ + if (rets > 0 && retc <= 0) { + if (SSL_read(serverssl, buf, sizeof(buf)) > 0) { + /* We don't expect this to succeed! */ + TEST_info("Unexpected SSL_read() success!"); + return 0; + } + } + if (retc > 0 && rets <= 0) { + if (SSL_read(clientssl, buf, sizeof(buf)) > 0) { + /* We don't expect this to succeed! */ + TEST_info("Unexpected SSL_read() success!"); + return 0; + } + } } if (++abortctr == MAXLOOPS) { TEST_info("No progress made"); @@ -907,7 +924,7 @@ int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want) unsigned char buf; size_t readbytes; - if (!create_bare_ssl_connection(serverssl, clientssl, want)) + if (!create_bare_ssl_connection(serverssl, clientssl, want, 1)) return 0; /* |