From 397f4f78760480f982adaeed98ccb10bda4d3fbb Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Wed, 28 Dec 2016 15:01:57 +0000
Subject: Add a test to check the EC point formats extension appears when we
 expect

The previous commit fixed a bug where the EC point formats extensions did
not appear in the ServerHello. This should have been caught by
70-test_sslmessages but that test never tries an EC ciphersuite. This
updates the test to do that.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2153)
---
 util/TLSProxy/Message.pm           |  4 ++++
 util/TLSProxy/Proxy.pm             | 11 +++++++++++
 util/TLSProxy/ServerHello.pm       |  1 +
 util/TLSProxy/ServerKeyExchange.pm |  6 +++---
 4 files changed, 19 insertions(+), 3 deletions(-)

(limited to 'util/TLSProxy')

diff --git a/util/TLSProxy/Message.pm b/util/TLSProxy/Message.pm
index e5c42c83c4..7837787a03 100644
--- a/util/TLSProxy/Message.pm
+++ b/util/TLSProxy/Message.pm
@@ -83,6 +83,10 @@ use constant {
     EXT_DUPLICATE_EXTENSION => 0xfde8
 };
 
+use constant {
+    CIPHER_ADH_AES_128_SHA => 0x03000034
+};
+
 my $payload = "";
 my $messlen = -1;
 my $mt;
diff --git a/util/TLSProxy/Proxy.pm b/util/TLSProxy/Proxy.pm
index 65615891f8..84ca3a7510 100644
--- a/util/TLSProxy/Proxy.pm
+++ b/util/TLSProxy/Proxy.pm
@@ -25,6 +25,7 @@ my $have_IPv6 = 0;
 my $IP_factory;
 
 my $is_tls13 = 0;
+my $ciphersuite = undef;
 
 sub new
 {
@@ -108,6 +109,7 @@ sub clearClient
     $self->{message_list} = [];
     $self->{clientflags} = "";
     $is_tls13 = 0;
+    $ciphersuite = undef;
 
     TLSProxy::Message->clear();
     TLSProxy::Record->clear();
@@ -535,4 +537,13 @@ sub reneg
     return $self->{reneg};
 }
 
+sub ciphersuite
+{
+    my $class = shift;
+    if (@_) {
+        $ciphersuite = shift;
+    }
+    return $ciphersuite;
+}
+
 1;
diff --git a/util/TLSProxy/ServerHello.pm b/util/TLSProxy/ServerHello.pm
index 5a038c902b..1abdd053e1 100644
--- a/util/TLSProxy/ServerHello.pm
+++ b/util/TLSProxy/ServerHello.pm
@@ -103,6 +103,7 @@ sub parse
     $self->session_id_len($session_id_len);
     $self->session($session);
     $self->ciphersuite($ciphersuite);
+    TLSProxy::Proxy->ciphersuite($ciphersuite);
     $self->comp_meth($comp_meth);
     $self->extension_data(\%extensions);
 
diff --git a/util/TLSProxy/ServerKeyExchange.pm b/util/TLSProxy/ServerKeyExchange.pm
index 6e5b4cdcb4..7640b3f55b 100644
--- a/util/TLSProxy/ServerKeyExchange.pm
+++ b/util/TLSProxy/ServerKeyExchange.pm
@@ -42,9 +42,9 @@ sub parse
 {
     my $self = shift;
 
-    #Minimal SKE parsing. Only supports DHE at the moment (if its not DHE
-    #the parsing data will be trash...which is ok as long as we don't try to
-    #use it)
+    #Minimal SKE parsing. Only supports one known DHE ciphersuite at the moment
+    return if (TLSProxy::Proxy->ciphersuite()
+               != TLSProxy::Message::CIPHER_ADH_AES_128_SHA);
 
     my $p_len = unpack('n', $self->data);
     my $ptr = 2;
-- 
cgit v1.2.3