diff options
author | Jack Lloyd <[email protected]> | 2016-11-15 22:34:25 -0500 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2016-11-15 22:34:25 -0500 |
commit | 43d16fe3a821fd694b4db8edc9e33ca8a1715d99 (patch) | |
tree | 4606ec79686f1b192bfc1ef7d0f23ef39f0c3795 /src | |
parent | db3a868cb8c477dbd909bed53879f2124a443306 (diff) |
Fix TLS corruption tests.
There is a simple bit flip corruption test for the TLS stack: we
shouldn't negotiate correctly if any random bit gets flipped. But it
turns out this is not entirely true as the record layer version field
is effectively ignored except for distinguishing TLS vs DTLS. So a small
bitflip in that field is sometimes ignored, causing the test to fail.
Make sure we modify something in the body instead.
Diffstat (limited to 'src')
-rw-r--r-- | src/tests/tests.h | 11 | ||||
-rw-r--r-- | src/tests/unit_tls.cpp | 8 |
2 files changed, 11 insertions, 8 deletions
diff --git a/src/tests/tests.h b/src/tests/tests.h index fb8d357d4..fe5760c2b 100644 --- a/src/tests/tests.h +++ b/src/tests/tests.h @@ -330,7 +330,9 @@ class Test template<typename Alloc> static std::vector<uint8_t, Alloc> - mutate_vec(const std::vector<uint8_t, Alloc>& v, bool maybe_resize = false) + mutate_vec(const std::vector<uint8_t, Alloc>& v, + bool maybe_resize = false, + size_t min_offset = 0) { auto& rng = Test::rng(); @@ -344,10 +346,11 @@ class Test rng.randomize(&r[r.size() - add], add); } - if(r.size() > 0) + if(r.size() > min_offset) { - const size_t offset = rng.next_byte() % r.size(); - r[offset] ^= rng.next_nonzero_byte(); + const size_t offset = std::min<size_t>(min_offset, rng.next_byte() % r.size()); + const byte perturb = rng.next_nonzero_byte(); + r[offset] ^= perturb; } return r; diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp index ab37cffd1..4ebc54252 100644 --- a/src/tests/unit_tls.cpp +++ b/src/tests/unit_tls.cpp @@ -407,7 +407,7 @@ Test::Result test_tls_handshake(Botan::TLS::Protocol_Version offer_version, if(corrupt_server_data) { - input = Test::mutate_vec(input, true); + input = Test::mutate_vec(input, true, 5); size_t needed = server->received_data(input.data(), input.size()); size_t total_consumed = needed; @@ -438,7 +438,7 @@ Test::Result test_tls_handshake(Botan::TLS::Protocol_Version offer_version, if(corrupt_client_data) { - input = Test::mutate_vec(input, true); + input = Test::mutate_vec(input, true, 5); size_t needed = client->received_data(input.data(), input.size()); size_t total_consumed = 0; @@ -695,7 +695,7 @@ Test::Result test_dtls_handshake(Botan::TLS::Protocol_Version offer_version, { try { - input = Test::mutate_vec(input, true); + input = Test::mutate_vec(input, true, 5); size_t needed = server->received_data(input.data(), input.size()); if(needed > 0 && result.test_lt("Never requesting more than max protocol len", needed, 18*1024)) @@ -735,7 +735,7 @@ Test::Result test_dtls_handshake(Botan::TLS::Protocol_Version offer_version, { try { - input = Test::mutate_vec(input, true); + input = Test::mutate_vec(input, true, 5); size_t needed = client->received_data(input.data(), input.size()); if(needed > 0 && result.test_lt("Never requesting more than max protocol len", needed, 18*1024)) |