aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2016-11-15 22:34:25 -0500
committerJack Lloyd <[email protected]>2016-11-15 22:34:25 -0500
commit43d16fe3a821fd694b4db8edc9e33ca8a1715d99 (patch)
tree4606ec79686f1b192bfc1ef7d0f23ef39f0c3795 /src
parentdb3a868cb8c477dbd909bed53879f2124a443306 (diff)
Fix TLS corruption tests.
There is a simple bit flip corruption test for the TLS stack: we shouldn't negotiate correctly if any random bit gets flipped. But it turns out this is not entirely true as the record layer version field is effectively ignored except for distinguishing TLS vs DTLS. So a small bitflip in that field is sometimes ignored, causing the test to fail. Make sure we modify something in the body instead.
Diffstat (limited to 'src')
-rw-r--r--src/tests/tests.h11
-rw-r--r--src/tests/unit_tls.cpp8
2 files changed, 11 insertions, 8 deletions
diff --git a/src/tests/tests.h b/src/tests/tests.h
index fb8d357d4..fe5760c2b 100644
--- a/src/tests/tests.h
+++ b/src/tests/tests.h
@@ -330,7 +330,9 @@ class Test
template<typename Alloc>
static std::vector<uint8_t, Alloc>
- mutate_vec(const std::vector<uint8_t, Alloc>& v, bool maybe_resize = false)
+ mutate_vec(const std::vector<uint8_t, Alloc>& v,
+ bool maybe_resize = false,
+ size_t min_offset = 0)
{
auto& rng = Test::rng();
@@ -344,10 +346,11 @@ class Test
rng.randomize(&r[r.size() - add], add);
}
- if(r.size() > 0)
+ if(r.size() > min_offset)
{
- const size_t offset = rng.next_byte() % r.size();
- r[offset] ^= rng.next_nonzero_byte();
+ const size_t offset = std::min<size_t>(min_offset, rng.next_byte() % r.size());
+ const byte perturb = rng.next_nonzero_byte();
+ r[offset] ^= perturb;
}
return r;
diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp
index ab37cffd1..4ebc54252 100644
--- a/src/tests/unit_tls.cpp
+++ b/src/tests/unit_tls.cpp
@@ -407,7 +407,7 @@ Test::Result test_tls_handshake(Botan::TLS::Protocol_Version offer_version,
if(corrupt_server_data)
{
- input = Test::mutate_vec(input, true);
+ input = Test::mutate_vec(input, true, 5);
size_t needed = server->received_data(input.data(), input.size());
size_t total_consumed = needed;
@@ -438,7 +438,7 @@ Test::Result test_tls_handshake(Botan::TLS::Protocol_Version offer_version,
if(corrupt_client_data)
{
- input = Test::mutate_vec(input, true);
+ input = Test::mutate_vec(input, true, 5);
size_t needed = client->received_data(input.data(), input.size());
size_t total_consumed = 0;
@@ -695,7 +695,7 @@ Test::Result test_dtls_handshake(Botan::TLS::Protocol_Version offer_version,
{
try
{
- input = Test::mutate_vec(input, true);
+ input = Test::mutate_vec(input, true, 5);
size_t needed = server->received_data(input.data(), input.size());
if(needed > 0 && result.test_lt("Never requesting more than max protocol len", needed, 18*1024))
@@ -735,7 +735,7 @@ Test::Result test_dtls_handshake(Botan::TLS::Protocol_Version offer_version,
{
try
{
- input = Test::mutate_vec(input, true);
+ input = Test::mutate_vec(input, true, 5);
size_t needed = client->received_data(input.data(), input.size());
if(needed > 0 && result.test_lt("Never requesting more than max protocol len", needed, 18*1024))