X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;ds=sidebyside;f=test%2Fsslcorrupttest.c;h=8ccad16f28f492d12b46c76cbe0381d652f12344;hb=38a322a5f29ae0b4a9bd42233310835487d875ac;hp=34ac8f774c3cd513ed589cef99fe31eb5d98be77;hpb=70d8b304d01b9e0c4ec182db20c33aa0698cda51;p=oweals%2Fopenssl.git

diff --git a/test/sslcorrupttest.c b/test/sslcorrupttest.c
index 34ac8f774c..8ccad16f28 100644
--- a/test/sslcorrupttest.c
+++ b/test/sslcorrupttest.c
@@ -7,9 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include <string.h>
 #include "ssltestlib.h"
 #include "testutil.h"
 
+static int docorrupt = 0;
+
 static void copy_flags(BIO *bio)
 {
     int flags;
@@ -37,7 +40,7 @@ static int tls_corrupt_write(BIO *bio, const char *in, int inl)
     BIO *next = BIO_next(bio);
     char *copy;
 
-    if (in[0] == SSL3_RT_APPLICATION_DATA) {
+    if (docorrupt) {
         copy = BUF_memdup(in, inl);
         TEST_check(copy != NULL);
         /* corrupt last bit of application data */
@@ -182,6 +185,10 @@ static int test_ssl_corrupt(int testidx)
     BIO *c_to_s_fbio;
     int testresult = 0;
     static unsigned char junk[16000] = { 0 };
+    STACK_OF(SSL_CIPHER) *ciphers;
+    const SSL_CIPHER *currcipher;
+
+    docorrupt = 0;
 
     printf("Starting Test %d, %s\n", testidx, cipher_list[testidx]);
 
@@ -196,6 +203,29 @@ static int test_ssl_corrupt(int testidx)
         goto end;
     }
 
+    ciphers = SSL_CTX_get_ciphers(cctx);
+    if (ciphers == NULL || sk_SSL_CIPHER_num(ciphers) != 1) {
+        printf("Unexpected ciphers set\n");
+        goto end;
+    }
+    currcipher = sk_SSL_CIPHER_value(ciphers, 0);
+    if (currcipher == NULL) {
+        printf("Failed getting the current cipher\n");
+        goto end;
+    }
+
+    /*
+     * If we haven't got a TLSv1.3 cipher, then we mustn't attempt to use
+     * TLSv1.3. Version negotiation happens before cipher selection, so we will
+     * get a "no shared cipher" error.
+     */
+    if (strcmp(SSL_CIPHER_get_version(currcipher), "TLSv1.3") != 0) {
+        if (!SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION)) {
+            printf("Failed setting max protocol version\n");
+            goto end;
+        }
+    }
+
     c_to_s_fbio = BIO_new(bio_f_tls_corrupt_filter());
     if (c_to_s_fbio == NULL) {
         printf("Failed to create filter BIO\n");
@@ -210,12 +240,14 @@ static int test_ssl_corrupt(int testidx)
         goto end;
     }
 
-    if (!create_ssl_connection(server, client)) {
+    if (!create_ssl_connection(server, client, SSL_ERROR_NONE)) {
         printf("Unable to create SSL connection\n");
         ERR_print_errors_fp(stdout);
         goto end;
     }
 
+    docorrupt = 1;
+
     if (SSL_write(client, junk, sizeof(junk)) < 0) {
         printf("Unable to SSL_write\n");
         ERR_print_errors_fp(stdout);