@@ -282,6 +282,72 @@ int test_tls13_null_cipher_bad_hmac(void)
282282}
283283
284284
285+ /* F-2913 and F-2914: the TLSX_SecureRenegotiation_Parse
286+ * ConstantCompare against the cached Finished verify_data must reject
287+ * a mismatch on both the client and server sides. */
288+ int test_scr_verify_data_mismatch (void )
289+ {
290+ EXPECT_DECLS ;
291+ #if defined(HAVE_SECURE_RENEGOTIATION ) && !defined(WOLFSSL_NO_TLS12 ) && \
292+ defined(BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ) && \
293+ defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES )
294+ int side ;
295+
296+ for (side = 0 ; side < 2 ; side ++ ) {
297+ struct test_memio_ctx test_ctx ;
298+ WOLFSSL_CTX * ctx_c = NULL ;
299+ WOLFSSL_CTX * ctx_s = NULL ;
300+ WOLFSSL * ssl_c = NULL ;
301+ WOLFSSL * ssl_s = NULL ;
302+ WOLFSSL * failing ;
303+ byte data ;
304+ int ret ;
305+
306+ XMEMSET (& test_ctx , 0 , sizeof (test_ctx ));
307+ test_ctx .c_ciphers = test_ctx .s_ciphers =
308+ "ECDHE-RSA-AES128-GCM-SHA256" ;
309+
310+ ExpectIntEQ (test_memio_setup (& test_ctx , & ctx_c , & ctx_s , & ssl_c ,
311+ & ssl_s , wolfTLSv1_2_client_method ,
312+ wolfTLSv1_2_server_method ), 0 );
313+ ExpectIntEQ (wolfSSL_CTX_UseSecureRenegotiation (ctx_c ),
314+ WOLFSSL_SUCCESS );
315+ ExpectIntEQ (wolfSSL_CTX_UseSecureRenegotiation (ctx_s ),
316+ WOLFSSL_SUCCESS );
317+ ExpectIntEQ (wolfSSL_UseSecureRenegotiation (ssl_c ), WOLFSSL_SUCCESS );
318+ ExpectIntEQ (wolfSSL_UseSecureRenegotiation (ssl_s ), WOLFSSL_SUCCESS );
319+
320+ ExpectIntEQ (test_memio_do_handshake (ssl_c , ssl_s , 10 , NULL ), 0 );
321+
322+ /* side 0: corrupt the client's copy; side 1: corrupt the
323+ * server's copy. */
324+ if (side == 0 ) {
325+ if (ssl_c != NULL && ssl_c -> secure_renegotiation != NULL )
326+ ssl_c -> secure_renegotiation -> server_verify_data [0 ] ^= 0xFF ;
327+ failing = ssl_c ;
328+ }
329+ else {
330+ if (ssl_s != NULL && ssl_s -> secure_renegotiation != NULL )
331+ ssl_s -> secure_renegotiation -> client_verify_data [0 ] ^= 0xFF ;
332+ failing = ssl_s ;
333+ }
334+
335+ ret = wolfSSL_Rehandshake (ssl_c );
336+ (void )ret ;
337+ (void )wolfSSL_read (ssl_s , & data , 1 );
338+ (void )wolfSSL_read (ssl_c , & data , 1 );
339+ ExpectIntEQ (wolfSSL_get_error (failing , 0 ),
340+ WC_NO_ERR_TRACE (SECURE_RENEGOTIATION_E ));
341+
342+ wolfSSL_free (ssl_c );
343+ wolfSSL_free (ssl_s );
344+ wolfSSL_CTX_free (ctx_c );
345+ wolfSSL_CTX_free (ctx_s );
346+ }
347+ #endif
348+ return EXPECT_RESULT ();
349+ }
350+
285351int test_wolfSSL_DisableExtendedMasterSecret (void )
286352{
287353 EXPECT_DECLS ;
0 commit comments