diff options
| author | Jack Lloyd <[email protected]> | 2019-05-24 03:45:49 -0400 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2019-05-24 03:45:49 -0400 |
| commit | 0494e6a4c3f077aa6adfec8131e798fb7d6b0e5d (patch) | |
| tree | 836da16953f0c4932cab51a9aacfe4592a610b74 /src | |
| parent | f5c0d868f685c5e67c164b03cb8129985fd56bee (diff) | |
| parent | bbfdccd62d8d2d163e6115aa8f881d3cbfe963b1 (diff) | |
Merge GH #1972 Fix more BoGo DTLS tests
Diffstat (limited to 'src')
| -rw-r--r-- | src/bogo_shim/bogo_shim.cpp | 17 | ||||
| -rw-r--r-- | src/bogo_shim/config.json | 14 |
2 files changed, 11 insertions, 20 deletions
diff --git a/src/bogo_shim/bogo_shim.cpp b/src/bogo_shim/bogo_shim.cpp index f7d713162..161d2a3c6 100644 --- a/src/bogo_shim/bogo_shim.cpp +++ b/src/bogo_shim/bogo_shim.cpp @@ -1222,16 +1222,15 @@ class Shim_Callbacks final : public Botan::TLS::Callbacks if(m_is_datagram) { shim_log("sending record of len " + std::to_string(size)); - const uint8_t hdr[5] = { - 'P', - static_cast<uint8_t>((size >> 24) & 0xFF), - static_cast<uint8_t>((size >> 16) & 0xFF), - static_cast<uint8_t>((size >> 8) & 0xFF), - static_cast<uint8_t>(size & 0xFF), - }; - m_socket.write(hdr, sizeof(hdr)); - m_socket.write(data, size); + std::vector<uint8_t> packet(size + 5); + + packet[0] = 'P'; + for(size_t i = 0; i != 4; ++i) + packet[i+1] = static_cast<uint8_t>((size >> (24-8*i)) & 0xFF); + std::memcpy(packet.data() + 5, data, size); + + m_socket.write(packet.data(), packet.size()); } else { diff --git a/src/bogo_shim/config.json b/src/bogo_shim/config.json index 7b95c9f5d..0193416af 100644 --- a/src/bogo_shim/config.json +++ b/src/bogo_shim/config.json @@ -75,7 +75,7 @@ "TLS*-NoTicket-NoAccept": "BoGo expects that if ticket is issued stateful resumption is impossible", - "CheckLeafCurve": "Botan ignores this", + "CheckLeafCurve": "Botan doesn't care what curve an ECDSA cert uses", "CertificateVerificationDoesNotFailOnResume*": "Botan doesn't support reverify on resume", "CertificateVerificationFailsOnResume*": "Botan doesn't support reverify on resume", @@ -95,6 +95,7 @@ "ClientAuth-Verify-ECDSA-SHA1-TLS12": "BoringSSL will sign SHA-1 and SHA-512 with ECDSA but not accept them.", "AppDataAfterChangeCipherSpec-DTLS*": "BoringSSL DTLS drops out of order AppData, we reject", + "MTUExceeded": "BoringSSL splits DTLS handshakes differently", "*Renegotiate-Server-Forbidden*": "Testing some BoringSSL specific restriction", "Resume-Client-NoResume-TLS1-TLS11": "BoGo expects resumption attempt sends latest version", @@ -121,8 +122,6 @@ "RSAPSSSupport-ConfigPSS-NoCerts-TLS12-Server": "Not possible to disable PSS", "RSAPSSSupport-Default-NoCerts-TLS12-Server": "Not possible to disable PSS", - "SRTP-Server-IgnoreMKI-*": "Non-empty MKI is rejected", - "DTLS-Retransmit*": "Shim needs timeout support", "DTLS-StrayRetransmitFinished-ClientFull": "Needs investigation", @@ -136,14 +135,7 @@ "Unclean-Shutdown": "Needs investigation", "Unclean-Shutdown-Alert": "Needs investigation", - "MTUExceeded": "BoringSSL splits DTLS handshakes differently", - - "MinimumVersion-Client-TLS12-TLS1-DTLS": "Client sends expected alert, server doesn't receive it. Needs investigation", - "ClientOCSPCallback-FailNoStaple-*-DTLS*": "Client sends expected alert, server doesn't receive it. Needs investigation", - "MinimumVersion-Client2-TLS12-TLS1-DTLS": "Client sends expected alert, server doesn't receive it. Needs investigation", - "SendBogusAlertType-DTLS": "Client sends expected alert, server doesn't receive it. Needs investigation", - "TrailingMessageData-*-DTLS*": "Client sends expected alert, server doesn't receive it. Needs investigation", - "WrongMessageType-*-DTLS*": "Client sends expected alert, server doesn't receive it. Needs investigation", + "SRTP-Server-IgnoreMKI-*": "Non-empty MKI is rejected (bug)", "Renegotiate-Client-Packed": "Packing HelloRequest with Finished loses the HelloRequest (bug)", "SendHalfHelloRequest*PackHandshake": "Packing HelloRequest with Finished loses the HelloRequest (bug)", |