diff options
| author | Matt Caswell <matt@openssl.org> | 2016-12-28 15:01:57 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2016-12-29 13:32:54 +0000 |
| commit | 397f4f78760480f982adaeed98ccb10bda4d3fbb (patch) | |
| tree | e585c2b778e89cf433a41633e04a825e5130c5e4 /util/TLSProxy | |
| parent | 3b58c54f26b826abd55a513494ef892e7ad069ad (diff) | |
Add a test to check the EC point formats extension appears when we expect
The previous commit fixed a bug where the EC point formats extensions did
not appear in the ServerHello. This should have been caught by
70-test_sslmessages but that test never tries an EC ciphersuite. This
updates the test to do that.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2153)
Diffstat (limited to 'util/TLSProxy')
| -rw-r--r-- | util/TLSProxy/Message.pm | 4 | ||||
| -rw-r--r-- | util/TLSProxy/Proxy.pm | 11 | ||||
| -rw-r--r-- | util/TLSProxy/ServerHello.pm | 1 | ||||
| -rw-r--r-- | util/TLSProxy/ServerKeyExchange.pm | 6 |
4 files changed, 19 insertions, 3 deletions
diff --git a/util/TLSProxy/Message.pm b/util/TLSProxy/Message.pm index e5c42c83c4..7837787a03 100644 --- a/util/TLSProxy/Message.pm +++ b/util/TLSProxy/Message.pm @@ -83,6 +83,10 @@ use constant { EXT_DUPLICATE_EXTENSION => 0xfde8 }; +use constant { + CIPHER_ADH_AES_128_SHA => 0x03000034 +}; + my $payload = ""; my $messlen = -1; my $mt; diff --git a/util/TLSProxy/Proxy.pm b/util/TLSProxy/Proxy.pm index 65615891f8..84ca3a7510 100644 --- a/util/TLSProxy/Proxy.pm +++ b/util/TLSProxy/Proxy.pm @@ -25,6 +25,7 @@ my $have_IPv6 = 0; my $IP_factory; my $is_tls13 = 0; +my $ciphersuite = undef; sub new { @@ -108,6 +109,7 @@ sub clearClient $self->{message_list} = []; $self->{clientflags} = ""; $is_tls13 = 0; + $ciphersuite = undef; TLSProxy::Message->clear(); TLSProxy::Record->clear(); @@ -535,4 +537,13 @@ sub reneg return $self->{reneg}; } +sub ciphersuite +{ + my $class = shift; + if (@_) { + $ciphersuite = shift; + } + return $ciphersuite; +} + 1; diff --git a/util/TLSProxy/ServerHello.pm b/util/TLSProxy/ServerHello.pm index 5a038c902b..1abdd053e1 100644 --- a/util/TLSProxy/ServerHello.pm +++ b/util/TLSProxy/ServerHello.pm @@ -103,6 +103,7 @@ sub parse $self->session_id_len($session_id_len); $self->session($session); $self->ciphersuite($ciphersuite); + TLSProxy::Proxy->ciphersuite($ciphersuite); $self->comp_meth($comp_meth); $self->extension_data(\%extensions); diff --git a/util/TLSProxy/ServerKeyExchange.pm b/util/TLSProxy/ServerKeyExchange.pm index 6e5b4cdcb4..7640b3f55b 100644 --- a/util/TLSProxy/ServerKeyExchange.pm +++ b/util/TLSProxy/ServerKeyExchange.pm @@ -42,9 +42,9 @@ sub parse { my $self = shift; - #Minimal SKE parsing. Only supports DHE at the moment (if its not DHE - #the parsing data will be trash...which is ok as long as we don't try to - #use it) + #Minimal SKE parsing. Only supports one known DHE ciphersuite at the moment + return if (TLSProxy::Proxy->ciphersuite() + != TLSProxy::Message::CIPHER_ADH_AES_128_SHA); my $p_len = unpack('n', $self->data); my $ptr = 2; |