diff options
| author | Matt Caswell <matt@openssl.org> | 2017-03-10 13:54:32 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2017-03-10 15:29:24 +0000 |
| commit | 717afd9337abb2ec8f4b59c7c700fe417e746346 (patch) | |
| tree | 0f52d006fa82d901d1a681b60c1c9781916f50f6 /util/TLSProxy | |
| parent | 652a6b7ee1be26c1a5205a494b0245d41dc34e26 (diff) | |
Add a test to check that if a PSK extension is not last then we fail
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2896)
Diffstat (limited to 'util/TLSProxy')
| -rw-r--r-- | util/TLSProxy/ClientHello.pm | 37 | ||||
| -rw-r--r-- | util/TLSProxy/Message.pm | 4 |
2 files changed, 31 insertions, 10 deletions
diff --git a/util/TLSProxy/ClientHello.pm b/util/TLSProxy/ClientHello.pm index ec739d2970..2ae9d6f55d 100644 --- a/util/TLSProxy/ClientHello.pm +++ b/util/TLSProxy/ClientHello.pm @@ -114,6 +114,24 @@ sub process_extensions } } +sub extension_contents +{ + my $self = shift; + my $key = shift; + my $extension = ""; + + my $extdata = ${$self->extension_data}{$key}; + $extension .= pack("n", $key); + $extension .= pack("n", length($extdata)); + $extension .= $extdata; + if ($key == TLSProxy::Message::EXT_DUPLICATE_EXTENSION) { + $extension .= pack("n", $key); + $extension .= pack("n", length($extdata)); + $extension .= $extdata; + } + return $extension; +} + #Reconstruct the on-the-wire message data following changes sub set_message_contents { @@ -131,15 +149,16 @@ sub set_message_contents $data .= pack("C*", @{$self->comp_meths}); foreach my $key (keys %{$self->extension_data}) { - my $extdata = ${$self->extension_data}{$key}; - $extensions .= pack("n", $key); - $extensions .= pack("n", length($extdata)); - $extensions .= $extdata; - if ($key == TLSProxy::Message::EXT_DUPLICATE_EXTENSION) { - $extensions .= pack("n", $key); - $extensions .= pack("n", length($extdata)); - $extensions .= $extdata; - } + next if ($key == TLSProxy::Message::EXT_PSK); + $extensions .= $self->extension_contents($key); + } + #PSK extension always goes last... + if (defined ${$self->extension_data}{TLSProxy::Message::EXT_PSK}) { + $extensions .= $self->extension_contents(TLSProxy::Message::EXT_PSK); + } + #unless we have EXT_FORCE_LAST + if (defined ${$self->extension_data}{TLSProxy::Message::EXT_FORCE_LAST}) { + $extensions .= $self->extension_contents(TLSProxy::Message::EXT_FORCE_LAST); } $data .= pack('n', length($extensions)); diff --git a/util/TLSProxy/Message.pm b/util/TLSProxy/Message.pm index 88de55844b..39123fabef 100644 --- a/util/TLSProxy/Message.pm +++ b/util/TLSProxy/Message.pm @@ -85,7 +85,9 @@ use constant { # This extension is an unofficial extension only ever written by OpenSSL # (i.e. not read), and even then only when enabled. We use it to test # handling of duplicate extensions. - EXT_DUPLICATE_EXTENSION => 0xfde8 + EXT_DUPLICATE_EXTENSION => 0xfde8, + #Unknown extension that should appear last + EXT_FORCE_LAST => 0xffff }; use constant { |