diff options
| author | Tomas Mraz <tomas@openssl.org> | 2022-03-22 16:33:52 +0100 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2022-03-30 11:34:49 +0200 |
| commit | db44b55aaa42141921217183667800425227b658 (patch) | |
| tree | 337635399d4c1d011429a90f0294efc888ff7549 /test | |
| parent | d204a50b898435fbf937316d5693008cebf62eef (diff) | |
Test processing of a duplicated HRR
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17936)
Diffstat (limited to 'test')
| -rw-r--r-- | test/recipes/70-test_tls13hrr.t | 51 |
1 files changed, 49 insertions, 2 deletions
diff --git a/test/recipes/70-test_tls13hrr.t b/test/recipes/70-test_tls13hrr.t index da38ae5bd4..a47a28549f 100644 --- a/test/recipes/70-test_tls13hrr.t +++ b/test/recipes/70-test_tls13hrr.t @@ -35,7 +35,8 @@ my $proxy = TLSProxy::Proxy->new( use constant { CHANGE_HRR_CIPHERSUITE => 0, - CHANGE_CH1_CIPHERSUITE => 1 + CHANGE_CH1_CIPHERSUITE => 1, + DUPLICATE_HRR => 2 }; #Test 1: A client should fail if the server changes the ciphersuite between the @@ -48,7 +49,7 @@ if (disabled("ec")) { } my $testtype = CHANGE_HRR_CIPHERSUITE; $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; -plan tests => 2; +plan tests => 3; ok(TLSProxy::Message->fail(), "Server ciphersuite changes"); #Test 2: It is an error if the client changes the offered ciphersuites so that @@ -64,6 +65,19 @@ $testtype = CHANGE_CH1_CIPHERSUITE; $proxy->start(); ok(TLSProxy::Message->fail(), "Client ciphersuite changes"); +#Test 3: A client should fail with unexpected_message alert if the server +# sends more than 1 HRR +my $fatal_alert = 0; +$proxy->clear(); +if (disabled("ec")) { + $proxy->serverflags("-curves ffdhe3072"); +} else { + $proxy->serverflags("-curves P-256"); +} +$testtype = DUPLICATE_HRR; +$proxy->start(); +ok($fatal_alert, "Server duplicated HRR"); + sub hrr_filter { my $proxy = shift; @@ -84,6 +98,39 @@ sub hrr_filter return; } + if ($testtype == DUPLICATE_HRR) { + # We're only interested in the HRR + # and the unexpected_message alert from client + if ($proxy->flight == 4) { + $fatal_alert = 1 + if @{$proxy->record_list}[-1]->is_fatal_alert(0) == 10; + return; + } + if ($proxy->flight != 3) { + return; + } + + # Find ServerHello record (HRR actually) and insert after that + my $i; + for ($i = 0; ${$proxy->record_list}[$i]->flight() < 1; $i++) { + next; + } + my $hrr_record = ${$proxy->record_list}[$i]; + my $dup_hrr = TLSProxy::Record->new(3, + $hrr_record->content_type(), + $hrr_record->version(), + $hrr_record->len(), + $hrr_record->sslv2(), + $hrr_record->len_real(), + $hrr_record->decrypt_len(), + $hrr_record->data(), + $hrr_record->decrypt_data()); + + $i++; + splice @{$proxy->record_list}, $i, 0, $dup_hrr; + return; + } + # CHANGE_CH1_CIPHERSUITE if ($proxy->flight != 0) { return; |