From 920e175dd62bb1c6304ce6546bfee628a4d5c897 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Wed, 15 Apr 2026 14:58:21 +0200 Subject: [PATCH] tests: add SCR verify_data mismatch test (F-2913, F-2914) Cover both branches of TLSX_SecureRenegotiation_Parse's ConstantCompare against the cached Finished verify_data: a single memio test loops over client-side and server-side corruption, renegotiates, and asserts the offending peer surfaces SECURE_RENEGOTIATION_E. --- tests/api.c | 1 + tests/api/test_tls_ext.c | 66 ++++++++++++++++++++++++++++++++++++++++ tests/api/test_tls_ext.h | 1 + 3 files changed, 68 insertions(+) diff --git a/tests/api.c b/tests/api.c index 8e4b76d029..3792778f52 100644 --- a/tests/api.c +++ b/tests/api.c @@ -37506,6 +37506,7 @@ TEST_CASE testCases[] = { TEST_DECL(test_tls_ems_resumption_downgrade), TEST_DECL(test_tls12_chacha20_poly1305_bad_tag), TEST_DECL(test_tls13_null_cipher_bad_hmac), + TEST_DECL(test_scr_verify_data_mismatch), TEST_DECL(test_wolfSSL_DisableExtendedMasterSecret), TEST_DECL(test_certificate_authorities_certificate_request), TEST_DECL(test_certificate_authorities_client_hello), diff --git a/tests/api/test_tls_ext.c b/tests/api/test_tls_ext.c index 976a3d9490..9c2368ef2e 100644 --- a/tests/api/test_tls_ext.c +++ b/tests/api/test_tls_ext.c @@ -284,6 +284,72 @@ int test_tls13_null_cipher_bad_hmac(void) } +/* F-2913 and F-2914: the TLSX_SecureRenegotiation_Parse + * ConstantCompare against the cached Finished verify_data must reject + * a mismatch on both the client and server sides. */ +int test_scr_verify_data_mismatch(void) +{ + EXPECT_DECLS; +#if defined(HAVE_SECURE_RENEGOTIATION) && !defined(WOLFSSL_NO_TLS12) && \ + defined(BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) && \ + defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) + int side; + + for (side = 0; side < 2; side++) { + struct test_memio_ctx test_ctx; + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL_CTX *ctx_s = NULL; + WOLFSSL *ssl_c = NULL; + WOLFSSL *ssl_s = NULL; + WOLFSSL *failing; + byte data; + int ret; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + test_ctx.c_ciphers = test_ctx.s_ciphers = + "ECDHE-RSA-AES128-GCM-SHA256"; + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, + &ssl_s, wolfTLSv1_2_client_method, + wolfTLSv1_2_server_method), 0); + ExpectIntEQ(wolfSSL_CTX_UseSecureRenegotiation(ctx_c), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_UseSecureRenegotiation(ctx_s), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_UseSecureRenegotiation(ssl_c), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_UseSecureRenegotiation(ssl_s), WOLFSSL_SUCCESS); + + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + /* side 0: corrupt the client's copy; side 1: corrupt the + * server's copy. */ + if (side == 0) { + if (ssl_c != NULL && ssl_c->secure_renegotiation != NULL) + ssl_c->secure_renegotiation->server_verify_data[0] ^= 0xFF; + failing = ssl_c; + } + else { + if (ssl_s != NULL && ssl_s->secure_renegotiation != NULL) + ssl_s->secure_renegotiation->client_verify_data[0] ^= 0xFF; + failing = ssl_s; + } + + ret = wolfSSL_Rehandshake(ssl_c); + (void)ret; + (void)wolfSSL_read(ssl_s, &data, 1); + (void)wolfSSL_read(ssl_c, &data, 1); + ExpectIntEQ(wolfSSL_get_error(failing, 0), + WC_NO_ERR_TRACE(SECURE_RENEGOTIATION_E)); + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + } +#endif + return EXPECT_RESULT(); +} + int test_wolfSSL_DisableExtendedMasterSecret(void) { EXPECT_DECLS; diff --git a/tests/api/test_tls_ext.h b/tests/api/test_tls_ext.h index 275888adf0..bbf3250969 100644 --- a/tests/api/test_tls_ext.h +++ b/tests/api/test_tls_ext.h @@ -26,6 +26,7 @@ int test_tls_ems_downgrade(void); int test_tls_ems_resumption_downgrade(void); int test_tls12_chacha20_poly1305_bad_tag(void); int test_tls13_null_cipher_bad_hmac(void); +int test_scr_verify_data_mismatch(void); int test_wolfSSL_DisableExtendedMasterSecret(void); int test_certificate_authorities_certificate_request(void); int test_certificate_authorities_client_hello(void);