diff options
| author | Matt Caswell <matt@openssl.org> | 2016-06-21 16:33:52 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2016-06-27 14:51:03 +0100 |
| commit | c3fd55d4a6ed1025c471603b67fbbbce606a5171 (patch) | |
| tree | 638c645bc73a32bdaacbc7cf4e1d367d131ebad6 /test/recipes | |
| parent | 63916e9a234c1e6bbf82cc21b7d2e39cdecb30d0 (diff) | |
| download | openssl-c3fd55d4a6ed1025c471603b67fbbbce606a5171.tar.gz | |
Add a test for fragmented alerts
The previous commit fixed a problem where fragmented alerts would cause an
infinite loop. This commit adds a test for these fragmented alerts.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Diffstat (limited to 'test/recipes')
| -rw-r--r-- | test/recipes/70-test_sslrecords.t | 62 |
1 files changed, 61 insertions, 1 deletions
diff --git a/test/recipes/70-test_sslrecords.t b/test/recipes/70-test_sslrecords.t index b0e37398fb..94aabdcf6d 100644 --- a/test/recipes/70-test_sslrecords.t +++ b/test/recipes/70-test_sslrecords.t @@ -38,7 +38,7 @@ my $proxy = TLSProxy::Proxy->new( my $content_type = TLSProxy::Record::RT_APPLICATION_DATA; my $inject_recs_num = 1; $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; -plan tests => 3; +plan tests => 4; ok(TLSProxy::Message->fail(), "Out of context empty records test"); #Test 2: Injecting in context empty records should succeed @@ -54,6 +54,14 @@ $inject_recs_num = 33; $proxy->start(); ok(TLSProxy::Message->fail(), "Too many in context empty records test"); +#Test 4: Injecting a fragmented fatal alert should fail. We actually expect no +# alerts to be sent from either side because *we* injected the fatal +# alert, i.e. this will look like a disorderly close +$proxy->clear(); +$proxy->filter(\&add_frag_alert_filter); +$proxy->start(); +ok(!TLSProxy::Message->end(), "Fragmented alert records test"); + sub add_empty_recs_filter { my $proxy = shift; @@ -78,3 +86,55 @@ sub add_empty_recs_filter push @{$proxy->record_list}, $record; } } + +sub add_frag_alert_filter +{ + my $proxy = shift; + my $byte; + + # We're only interested in the initial ClientHello + if ($proxy->flight != 0) { + return; + } + + # Add a zero length fragment first + #my $record = TLSProxy::Record->new( + # 0, + # TLSProxy::Record::RT_ALERT, + # TLSProxy::Record::VERS_TLS_1_2, + # 0, + # 0, + # 0, + # "", + # "" + #); + #push @{$proxy->record_list}, $record; + + # Now add the alert level (Fatal) as a seperate record + $byte = pack('C', TLSProxy::Message::AL_LEVEL_FATAL); + my $record = TLSProxy::Record->new( + 0, + TLSProxy::Record::RT_ALERT, + TLSProxy::Record::VERS_TLS_1_2, + 1, + 1, + 1, + $byte, + $byte + ); + push @{$proxy->record_list}, $record; + + # And finally the description (Unexpected message) in a third record + $byte = pack('C', TLSProxy::Message::AL_DESC_UNEXPECTED_MESSAGE); + $record = TLSProxy::Record->new( + 0, + TLSProxy::Record::RT_ALERT, + TLSProxy::Record::VERS_TLS_1_2, + 1, + 1, + 1, + $byte, + $byte + ); + push @{$proxy->record_list}, $record; +} |