test: add check that CH with epoch != 0 are ignored

2025-07-29 18:27:29 +02:00 · 2023-05-09 13:31:48 +00:00
parent 6c8811a737
commit 5773252e33
1 changed files with 71 additions and 0 deletions
--- a/tests/api.c
+++ b/tests/api.c
@ -65649,6 +65649,76 @@ static int test_override_alt_cert_chain(void)
 }
 #endif

+#if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13)
+
+
+static int test_dtls13_bad_epoch_ch(void)
+{
+    WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
+    WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
+    struct test_memio_ctx test_ctx;
+    const int EPOCH_OFF = 3;
+    int ret, err;
+
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+    ret = test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+        wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method);
+    if (ret != 0)
+        return TEST_FAIL;
+
+    /* disable hrr cookie so we can later check msgsReceived.got_client_hello
+     *  with just one message */
+    ret = wolfSSL_disable_hrr_cookie(ssl_s);
+    if (ret != WOLFSSL_SUCCESS)
+        return TEST_FAIL;
+
+    ret = wolfSSL_connect(ssl_c);
+    err = wolfSSL_get_error(ssl_c, ret);
+    if (ret == WOLFSSL_SUCCESS || err != WOLFSSL_ERROR_WANT_READ)
+        return TEST_FAIL;
+
+    if (test_ctx.s_len < EPOCH_OFF + 2)
+        return TEST_FAIL;
+
+    /* first CH should use epoch 0x0 */
+    if (test_ctx.s_buff[EPOCH_OFF] != 0x0 ||
+        test_ctx.s_buff[EPOCH_OFF + 1] != 0x0)
+        return TEST_FAIL;
+
+    /* change epoch to 2 */
+    test_ctx.s_buff[EPOCH_OFF + 1] = 0x2;
+
+    ret = wolfSSL_accept(ssl_s);
+    err = wolfSSL_get_error(ssl_s, ret);
+    if (ret == WOLFSSL_SUCCESS || err != WOLFSSL_ERROR_WANT_READ)
+        return TEST_FAIL;
+
+    if (ssl_s->msgsReceived.got_client_hello == 1)
+        return TEST_FAIL;
+
+    /* resend the CH */
+    ret = wolfSSL_dtls_got_timeout(ssl_c);
+    if (ret != WOLFSSL_SUCCESS)
+        return TEST_FAIL;
+
+    ret = test_memio_do_handshake(ssl_c, ssl_s, 10, NULL);
+    if (ret != 0)
+        return TEST_FAIL;
+
+    wolfSSL_free(ssl_c);
+    wolfSSL_CTX_free(ctx_c);
+    wolfSSL_free(ssl_s);
+    wolfSSL_CTX_free(ctx_s);
+
+    return TEST_SUCCESS;
+}
+#else
+static int test_dtls13_bad_epoch_ch(void)
+{
+    return TEST_SKIPPED;
+}
+#endif
+

 /*----------------------------------------------------------------------------*
 | Main
@ -66686,6 +66756,7 @@ TEST_CASE testCases[] = {
    TEST_DECL(test_extra_alerts_bad_psk),
    TEST_DECL(test_harden_no_secure_renegotiation),
    TEST_DECL(test_override_alt_cert_chain),
+    TEST_DECL(test_dtls13_bad_epoch_ch),
    /* If at some point a stub get implemented this test should fail indicating
     * a need to implement a new test case
     */