-
Notifications
You must be signed in to change notification settings - Fork 711
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
test: expand s2n_record_read testing to both TLS1.3 and TLS1.2 #4903
Conversation
cb1ec8e
to
8d38317
Compare
tests/unit/s2n_record_read_test.c
Outdated
/* Offset and corrupt the 6th byte, which is used by both TLS 1.2 and TLS 1.3 | ||
* during decryption | ||
*/ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would the last byte be simpler / more obvious?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Skipping the last byte does work but I prefer skipping the header len amount since that is the reason why this currently doesnt work.
// skipping last byte tested via
int last_byte = s2n_stuffer_data_available(&invalidation_stuffer) - 1;
...
EXPECT_SUCCESS(s2n_stuffer_skip_read(&invalidation_stuffer, last_byte));
3dff60e
to
2223ee6
Compare
2223ee6
to
82651d9
Compare
#4765
Description of changes:
A test in
s2n_record_read_test.c
passes for TLS1.2 but fails when TLS1.3 protocol is negotiated. This is unexpected since record reading behavior should be protocol independent.The test "corrupts" a payload by modifying the ContentType (first byte) and expects a decryption error. However, this doesn't work for TLS1.2 since ConentType is not used in decryption in TLS1.3.
The fix in this PR is to instead corrupt the 6th byte (the encrypted data), which should result in an error for both TLS1.2 and TLS1.3.
Testing:
Expand test to both the TLS1.2 andTLS1.3 protocol.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.