tests: add SCR verify_data mismatch test (F-2913, F-2914)

Cover both branches of TLSX_SecureRenegotiation_Parse's ConstantCompare
against the cached Finished verify_data: a single memio test loops
over client-side and server-side corruption, renegotiates, and
asserts the offending peer surfaces SECURE_RENEGOTIATION_E.
This commit is contained in:
Juliusz Sosinowicz
2026-04-15 14:58:21 +02:00
parent d97d0370d1
commit 920e175dd6
3 changed files with 68 additions and 0 deletions
+1
View File
@@ -37506,6 +37506,7 @@ TEST_CASE testCases[] = {
TEST_DECL(test_tls_ems_resumption_downgrade),
TEST_DECL(test_tls12_chacha20_poly1305_bad_tag),
TEST_DECL(test_tls13_null_cipher_bad_hmac),
TEST_DECL(test_scr_verify_data_mismatch),
TEST_DECL(test_wolfSSL_DisableExtendedMasterSecret),
TEST_DECL(test_certificate_authorities_certificate_request),
TEST_DECL(test_certificate_authorities_client_hello),
+66
View File
@@ -284,6 +284,72 @@ int test_tls13_null_cipher_bad_hmac(void)
}
/* F-2913 and F-2914: the TLSX_SecureRenegotiation_Parse
* ConstantCompare against the cached Finished verify_data must reject
* a mismatch on both the client and server sides. */
int test_scr_verify_data_mismatch(void)
{
EXPECT_DECLS;
#if defined(HAVE_SECURE_RENEGOTIATION) && !defined(WOLFSSL_NO_TLS12) && \
defined(BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) && \
defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)
int side;
for (side = 0; side < 2; side++) {
struct test_memio_ctx test_ctx;
WOLFSSL_CTX *ctx_c = NULL;
WOLFSSL_CTX *ctx_s = NULL;
WOLFSSL *ssl_c = NULL;
WOLFSSL *ssl_s = NULL;
WOLFSSL *failing;
byte data;
int ret;
XMEMSET(&test_ctx, 0, sizeof(test_ctx));
test_ctx.c_ciphers = test_ctx.s_ciphers =
"ECDHE-RSA-AES128-GCM-SHA256";
ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c,
&ssl_s, wolfTLSv1_2_client_method,
wolfTLSv1_2_server_method), 0);
ExpectIntEQ(wolfSSL_CTX_UseSecureRenegotiation(ctx_c),
WOLFSSL_SUCCESS);
ExpectIntEQ(wolfSSL_CTX_UseSecureRenegotiation(ctx_s),
WOLFSSL_SUCCESS);
ExpectIntEQ(wolfSSL_UseSecureRenegotiation(ssl_c), WOLFSSL_SUCCESS);
ExpectIntEQ(wolfSSL_UseSecureRenegotiation(ssl_s), WOLFSSL_SUCCESS);
ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
/* side 0: corrupt the client's copy; side 1: corrupt the
* server's copy. */
if (side == 0) {
if (ssl_c != NULL && ssl_c->secure_renegotiation != NULL)
ssl_c->secure_renegotiation->server_verify_data[0] ^= 0xFF;
failing = ssl_c;
}
else {
if (ssl_s != NULL && ssl_s->secure_renegotiation != NULL)
ssl_s->secure_renegotiation->client_verify_data[0] ^= 0xFF;
failing = ssl_s;
}
ret = wolfSSL_Rehandshake(ssl_c);
(void)ret;
(void)wolfSSL_read(ssl_s, &data, 1);
(void)wolfSSL_read(ssl_c, &data, 1);
ExpectIntEQ(wolfSSL_get_error(failing, 0),
WC_NO_ERR_TRACE(SECURE_RENEGOTIATION_E));
wolfSSL_free(ssl_c);
wolfSSL_free(ssl_s);
wolfSSL_CTX_free(ctx_c);
wolfSSL_CTX_free(ctx_s);
}
#endif
return EXPECT_RESULT();
}
int test_wolfSSL_DisableExtendedMasterSecret(void)
{
EXPECT_DECLS;
+1
View File
@@ -26,6 +26,7 @@ int test_tls_ems_downgrade(void);
int test_tls_ems_resumption_downgrade(void);
int test_tls12_chacha20_poly1305_bad_tag(void);
int test_tls13_null_cipher_bad_hmac(void);
int test_scr_verify_data_mismatch(void);
int test_wolfSSL_DisableExtendedMasterSecret(void);
int test_certificate_authorities_certificate_request(void);
int test_certificate_authorities_client_hello(void);