diff options
| author | Matt Caswell <matt@openssl.org> | 2015-08-07 14:40:00 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2015-08-11 20:27:46 +0100 |
| commit | c2a34c58f56980b80f034e8295210146b5c247c3 (patch) | |
| tree | bd86b7f472d1da67d8d9f7fd156cca0a64033109 | |
| parent | a1accbb1d704da9a25b18e7053ee191a8f510d93 (diff) | |
Add a test for 0 p value in anon DH SKE
When using an anon DH ciphersuite a client should reject a 0 value for p.
Reviewed-by: Richard Levitte <levitte@openssl.org>
| -rw-r--r-- | test/Makefile | 7 | ||||
| -rwxr-xr-x | test/sslskewith0ptest.pl | 89 |
2 files changed, 95 insertions, 1 deletions
diff --git a/test/Makefile b/test/Makefile index 1f27894de2..5cd024acb0 100644 --- a/test/Makefile +++ b/test/Makefile @@ -73,6 +73,7 @@ CLIENTHELLOTEST= clienthellotest PACKETTEST= packettest SSLVERTOLTEST= sslvertoltest.pl SSLEXTENSIONTEST= sslextensiontest.pl +SSLSKEWITH0PTEST= sslskewith0ptest.pl TESTS= alltests @@ -159,7 +160,7 @@ alltests: \ test_srp test_cms test_v3name test_ocsp \ test_gost2814789 test_heartbeat test_p5_crpt2 \ test_constant_time test_verify_extra test_clienthello test_packet \ - test_sslvertol test_sslextension + test_sslvertol test_sslextension test_sslskewith0p test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt @echo $(START) $@ @@ -429,6 +430,10 @@ test_sslextension: ../apps/openssl$(EXE_EXT) @echo $(START) $@ PERL5LIB=$$PERL5LIB:../util ../util/shlib_wrap.sh ./$(SSLEXTENSIONTEST) "OPENSSL_ia32cap='~0x200000200000000' ../apps/openssl$(EXE_EXT)" ../apps/server.pem +test_sslskewith0p: ../apps/openssl$(EXE_EXT) + @echo $(START) $@ + PERL5LIB=$$PERL5LIB:../util ../util/shlib_wrap.sh ./$(SSLSKEWITH0PTEST) "OPENSSL_ia32cap='~0x200000200000000' ../apps/openssl$(EXE_EXT)" ../apps/server.pem + update: local_depend @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi diff --git a/test/sslskewith0ptest.pl b/test/sslskewith0ptest.pl new file mode 100755 index 0000000000..63f83980a8 --- /dev/null +++ b/test/sslskewith0ptest.pl @@ -0,0 +1,89 @@ +#!/usr/bin/perl +# Written by Matt Caswell for the OpenSSL project. +# ==================================================================== +# Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# 3. All advertising materials mentioning features or use of this +# software must display the following acknowledgment: +# "This product includes software developed by the OpenSSL Project +# for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +# +# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +# endorse or promote products derived from this software without +# prior written permission. For written permission, please contact +# openssl-core@openssl.org. +# +# 5. Products derived from this software may not be called "OpenSSL" +# nor may "OpenSSL" appear in their names without prior written +# permission of the OpenSSL Project. +# +# 6. Redistributions of any form whatsoever must retain the following +# acknowledgment: +# "This product includes software developed by the OpenSSL Project +# for use in the OpenSSL Toolkit (http://www.openssl.org/)" +# +# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +# OF THE POSSIBILITY OF SUCH DAMAGE. +# ==================================================================== +# +# This product includes cryptographic software written by Eric Young +# (eay@cryptsoft.com). This product includes software written by Tim +# Hudson (tjh@cryptsoft.com). + +use strict; +use TLSProxy::Proxy; + +my $proxy = TLSProxy::Proxy->new( + \&ske_0_p_filter, + @ARGV +); + +#We must use an anon DHE cipher for this test +$proxy->cipherc('ADH-AES128-SHA:@SECLEVEL=0'); +$proxy->ciphers('ADH-AES128-SHA:@SECLEVEL=0'); + +$proxy->start(); +TLSProxy::Message->fail or die "FAILED: ServerKeyExchange with 0 p\n"; + +print "SUCCESS: ServerKeyExchange with 0 p\n"; + +sub ske_0_p_filter +{ + my $proxy = shift; + + # We're only interested in the SKE - always in flight 1 + if ($proxy->flight != 1) { + return; + } + + foreach my $message (@{$proxy->message_list}) { + if ($message->mt == TLSProxy::Message::MT_SERVER_KEY_EXCHANGE) { + #Set p to a value of 0 + $message->p(pack('C', 0)); + + $message->repack(); + } + } +} |