diff options
author | Matt Caswell <matt@openssl.org> | 2017-02-02 16:06:50 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-02-14 13:14:25 +0000 |
commit | d542790b0767535bce903d9f6ad314357484d67f (patch) | |
tree | 3958de59164f835164e816a10f5935c5c1c99a0a /test/testlib | |
parent | 0adb6417403f4be801b8da28cb83efb60f79f66c (diff) |
Update the kex modes tests to check various HRR scenarios
Make sure we get an HRR in the right circumstances based on kex mode.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2341)
Diffstat (limited to 'test/testlib')
-rw-r--r-- | test/testlib/checkhandshake.pm | 29 |
1 files changed, 26 insertions, 3 deletions
diff --git a/test/testlib/checkhandshake.pm b/test/testlib/checkhandshake.pm index a023f5ec45..43efe81327 100644 --- a/test/testlib/checkhandshake.pm +++ b/test/testlib/checkhandshake.pm @@ -24,8 +24,10 @@ use constant { RENEG_HANDSHAKE => 16, NPN_HANDSHAKE => 32, EC_HANDSHAKE => 64, + HRR_HANDSHAKE => 128, + HRR_RESUME_HANDSHAKE => 256, - ALL_HANDSHAKES => 127 + ALL_HANDSHAKES => 511 }; use constant { @@ -49,7 +51,8 @@ use constant { PSK_CLI_EXTENSION => 0x00008000, PSK_SRV_EXTENSION => 0x00010000, KEY_SHARE_SRV_EXTENSION => 0x00020000, - PSK_KEX_MODES_EXTENSION => 0x00040000 + PSK_KEX_MODES_EXTENSION => 0x00040000, + KEY_SHARE_HRR_EXTENSION => 0x00080000 }; our @handmessages = (); @@ -68,6 +71,7 @@ sub checkhandshake($$$$) #First count the number of tests my $nextmess = 0; my $message = undef; + my $chnum = 0; for ($numtests = 0; $handmessages[$loop][1] != 0; $loop++) { next if (($handmessages[$loop][1] & $handtype) == 0); if (scalar @{$proxy->message_list} > $nextmess) { @@ -79,7 +83,10 @@ sub checkhandshake($$$$) $numtests++; next if (!defined $message); + $chnum = 1 if $message->mt() != TLSProxy::Message::MT_CLIENT_HELLO + && TLSProxy::Proxy::is_tls13(); next if ($message->mt() != TLSProxy::Message::MT_CLIENT_HELLO + && $message->mt() != TLSProxy::Message::MT_HELLO_RETRY_REQUEST && $message->mt() != TLSProxy::Message::MT_SERVER_HELLO && $message->mt() != TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS @@ -88,9 +95,14 @@ sub checkhandshake($$$$) next if $message->mt() == TLSProxy::Message::MT_CERTIFICATE && !TLSProxy::Proxy::is_tls13(); + my $extchnum = 0; for (my $extloop = 0; $extensions[$extloop][2] != 0; $extloop++) { + $extchnum = 1 if $extensions[$extloop][0] != TLSProxy::Message::MT_CLIENT_HELLO + && TLSProxy::Proxy::is_tls13(); + next if $extensions[$extloop][0] == TLSProxy::Message::MT_CLIENT_HELLO + && $extchnum != $chnum; next if ($message->mt() != $extensions[$extloop][0]); $numtests++; } @@ -101,6 +113,7 @@ sub checkhandshake($$$$) $nextmess = 0; $message = undef; + $chnum = 0; for ($loop = 0; $handmessages[$loop][1] != 0; $loop++) { next if (($handmessages[$loop][1] & $handtype) == 0); if (scalar @{$proxy->message_list} > $nextmess) { @@ -118,8 +131,11 @@ sub checkhandshake($$$$) "Message type check. Got ".$message->mt .", expected ".$handmessages[$loop][0]); } + $chnum = 1 if $message->mt() != TLSProxy::Message::MT_CLIENT_HELLO + && TLSProxy::Proxy::is_tls13(); next if ($message->mt() != TLSProxy::Message::MT_CLIENT_HELLO + && $message->mt() != TLSProxy::Message::MT_HELLO_RETRY_REQUEST && $message->mt() != TLSProxy::Message::MT_SERVER_HELLO && $message->mt() != TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS @@ -136,9 +152,16 @@ sub checkhandshake($$$$) } #Now check that we saw the extensions we expected my $msgexts = $message->extension_data(); - + my $extchnum = 0; for (my $extloop = 0, $extcount = 0; $extensions[$extloop][2] != 0; $extloop++) { + #In TLSv1.3 we can have two ClientHellos if there has been a + #HelloRetryRequest, and they may have different extensions. Skip + #if these are extensions for a different ClientHello + $extchnum = 1 if $extensions[$extloop][0] != TLSProxy::Message::MT_CLIENT_HELLO + && TLSProxy::Proxy::is_tls13(); + next if $extensions[$extloop][0] == TLSProxy::Message::MT_CLIENT_HELLO + && $extchnum != $chnum; next if ($message->mt() != $extensions[$extloop][0]); ok (($extensions[$extloop][2] & $exttype) == 0 || defined ($msgexts->{$extensions[$extloop][1]}), |