From a2a0c86bb0d602253d02ded2a848ed69e8cc425a Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 2 Aug 2016 17:24:54 +0100 Subject: Add some SSLv2 ClientHello tests Test that we handle a TLS ClientHello in an SSLv2 record correctly. Reviewed-by: Tim Hudson --- util/TLSProxy/Message.pm | 3 ++- util/TLSProxy/Record.pm | 14 +++++++++++++- util/TLSProxy/ServerHello.pm | 20 ++++++++++++++++---- 3 files changed, 31 insertions(+), 6 deletions(-) (limited to 'util') diff --git a/util/TLSProxy/Message.pm b/util/TLSProxy/Message.pm index b8db22fb85..321e080ea3 100644 --- a/util/TLSProxy/Message.pm +++ b/util/TLSProxy/Message.pm @@ -37,7 +37,8 @@ use constant { #Alert descriptions use constant { AL_DESC_CLOSE_NOTIFY => 0, - AL_DESC_UNEXPECTED_MESSAGE => 10 + AL_DESC_UNEXPECTED_MESSAGE => 10, + AL_DESC_NO_RENEGOTIATION => 100 }; my %message_type = ( diff --git a/util/TLSProxy/Record.pm b/util/TLSProxy/Record.pm index 2a605e33a7..423bad3bf1 100644 --- a/util/TLSProxy/Record.pm +++ b/util/TLSProxy/Record.pm @@ -98,6 +98,7 @@ sub get_records $content_type, $version, $len, + 0, $len_real, $decrypt_len, substr($packet, TLS_RECORD_HEADER_LENGTH, $len_real), @@ -167,6 +168,7 @@ sub new $content_type, $version, $len, + $sslv2, $len_real, $decrypt_len, $data, @@ -177,6 +179,7 @@ sub new content_type => $content_type, version => $version, len => $len, + sslv2 => $sslv2, len_real => $len_real, decrypt_len => $decrypt_len, data => $data, @@ -247,7 +250,11 @@ sub reconstruct_record my $self = shift; my $data; - $data = pack('Cnn', $self->content_type, $self->version, $self->len); + if ($self->sslv2) { + $data = pack('n', $self->len | 0x8000); + } else { + $data = pack('Cnn', $self->content_type, $self->version, $self->len); + } $data .= $self->data; return $data; @@ -269,6 +276,11 @@ sub version my $self = shift; return $self->{version}; } +sub sslv2 +{ + my $self = shift; + return $self->{sslv2}; +} sub len_real { my $self = shift; diff --git a/util/TLSProxy/ServerHello.pm b/util/TLSProxy/ServerHello.pm index ee2fd727d2..79a8be9a89 100644 --- a/util/TLSProxy/ServerHello.pm +++ b/util/TLSProxy/ServerHello.pm @@ -56,13 +56,25 @@ sub parse my $comp_meth = unpack('C', substr($self->data, $ptr)); $ptr++; my $extensions_len = unpack('n', substr($self->data, $ptr)); - $ptr += 2; + if (!defined $extensions_len) { + $extensions_len = 0; + } else { + $ptr += 2; + } #For now we just deal with this as a block of data. In the future we will #want to parse this - my $extension_data = substr($self->data, $ptr); + my $extension_data; + if ($extensions_len != 0) { + $extension_data = substr($self->data, $ptr); - if (length($extension_data) != $extensions_len) { - die "Invalid extension length\n"; + if (length($extension_data) != $extensions_len) { + die "Invalid extension length\n"; + } + } else { + if (length($self->data) != $ptr) { + die "Invalid extension length\n"; + } + $extension_data = ""; } my %extensions = (); while (length($extension_data) >= 4) { -- cgit v1.2.3