diff options
author | Tomas Mraz <tomas@openssl.org> | 2022-03-22 16:33:52 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2022-03-30 11:35:36 +0200 |
commit | 70b0be4239cb67db7e6e24dda6b6c37b4ade59bc (patch) | |
tree | bd681c164adb369df904333750da35953dafd3b4 /test | |
parent | 3ea839373e2428ffed8dda44f11c60b6ba8aeb88 (diff) |
Test processing of a duplicated HRR
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17936)
(cherry picked from commit db44b55aaa42141921217183667800425227b658)
Diffstat (limited to 'test')
-rw-r--r-- | test/recipes/70-test_tls13hrr.t | 51 |
1 files changed, 49 insertions, 2 deletions
diff --git a/test/recipes/70-test_tls13hrr.t b/test/recipes/70-test_tls13hrr.t index 845d40aed9..a7d0d2667f 100644 --- a/test/recipes/70-test_tls13hrr.t +++ b/test/recipes/70-test_tls13hrr.t @@ -37,7 +37,8 @@ my $proxy = TLSProxy::Proxy->new( use constant { CHANGE_HRR_CIPHERSUITE => 0, - CHANGE_CH1_CIPHERSUITE => 1 + CHANGE_CH1_CIPHERSUITE => 1, + DUPLICATE_HRR => 2 }; #Test 1: A client should fail if the server changes the ciphersuite between the @@ -50,7 +51,7 @@ if (disabled("ec")) { } my $testtype = CHANGE_HRR_CIPHERSUITE; $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; -plan tests => 2; +plan tests => 3; ok(TLSProxy::Message->fail(), "Server ciphersuite changes"); #Test 2: It is an error if the client changes the offered ciphersuites so that @@ -66,6 +67,19 @@ $testtype = CHANGE_CH1_CIPHERSUITE; $proxy->start(); ok(TLSProxy::Message->fail(), "Client ciphersuite changes"); +#Test 3: A client should fail with unexpected_message alert if the server +# sends more than 1 HRR +my $fatal_alert = 0; +$proxy->clear(); +if (disabled("ec")) { + $proxy->serverflags("-curves ffdhe3072"); +} else { + $proxy->serverflags("-curves P-256"); +} +$testtype = DUPLICATE_HRR; +$proxy->start(); +ok($fatal_alert, "Server duplicated HRR"); + sub hrr_filter { my $proxy = shift; @@ -86,6 +100,39 @@ sub hrr_filter return; } + if ($testtype == DUPLICATE_HRR) { + # We're only interested in the HRR + # and the unexpected_message alert from client + if ($proxy->flight == 4) { + $fatal_alert = 1 + if @{$proxy->record_list}[-1]->is_fatal_alert(0) == 10; + return; + } + if ($proxy->flight != 3) { + return; + } + + # Find ServerHello record (HRR actually) and insert after that + my $i; + for ($i = 0; ${$proxy->record_list}[$i]->flight() < 1; $i++) { + next; + } + my $hrr_record = ${$proxy->record_list}[$i]; + my $dup_hrr = TLSProxy::Record->new(3, + $hrr_record->content_type(), + $hrr_record->version(), + $hrr_record->len(), + $hrr_record->sslv2(), + $hrr_record->len_real(), + $hrr_record->decrypt_len(), + $hrr_record->data(), + $hrr_record->decrypt_data()); + + $i++; + splice @{$proxy->record_list}, $i, 0, $dup_hrr; + return; + } + # CHANGE_CH1_CIPHERSUITE if ($proxy->flight != 0) { return; |