diff options
author | Matt Caswell <matt@openssl.org> | 2019-01-04 16:55:15 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-01-07 09:39:10 +0000 |
commit | 9effc496ad8a9b0ec737c69cc0fddf610a045ea4 (patch) | |
tree | 313a9b0b35c3e2961a8fb482bf28d7325da65933 /util/perl | |
parent | 23fed8ba0ec895e1b2a089cae380697f15170afc (diff) | |
download | openssl-9effc496ad8a9b0ec737c69cc0fddf610a045ea4.tar.gz |
Add a test for correct handling of the cryptopro bug extension
This was complicated by the fact that we were using this extension for our
duplicate extension handling tests. In order to add tests for cryptopro
bug the duplicate extension handling tests needed to change first.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7984)
Diffstat (limited to 'util/perl')
-rw-r--r-- | util/perl/TLSProxy/Certificate.pm | 5 | ||||
-rw-r--r-- | util/perl/TLSProxy/ClientHello.pm | 7 | ||||
-rw-r--r-- | util/perl/TLSProxy/EncryptedExtensions.pm | 5 | ||||
-rw-r--r-- | util/perl/TLSProxy/Message.pm | 16 | ||||
-rw-r--r-- | util/perl/TLSProxy/ServerHello.pm | 2 |
5 files changed, 14 insertions, 21 deletions
diff --git a/util/perl/TLSProxy/Certificate.pm b/util/perl/TLSProxy/Certificate.pm index 70c9faea72..03f6619954 100644 --- a/util/perl/TLSProxy/Certificate.pm +++ b/util/perl/TLSProxy/Certificate.pm @@ -138,11 +138,6 @@ sub set_message_contents $extensions .= pack("n", $key); $extensions .= pack("n", length($extdata)); $extensions .= $extdata; - if ($key == TLSProxy::Message::EXT_DUPLICATE_EXTENSION) { - $extensions .= pack("n", $key); - $extensions .= pack("n", length($extdata)); - $extensions .= $extdata; - } } $data = pack('C', length($self->context())); $data .= $self->context; diff --git a/util/perl/TLSProxy/ClientHello.pm b/util/perl/TLSProxy/ClientHello.pm index 7ae3dba901..c49bc23671 100644 --- a/util/perl/TLSProxy/ClientHello.pm +++ b/util/perl/TLSProxy/ClientHello.pm @@ -124,11 +124,6 @@ sub extension_contents $extension .= pack("n", $key); $extension .= pack("n", length($extdata)); $extension .= $extdata; - if ($key == TLSProxy::Message::EXT_DUPLICATE_EXTENSION) { - $extension .= pack("n", $key); - $extension .= pack("n", length($extdata)); - $extension .= $extdata; - } return $extension; } @@ -151,6 +146,8 @@ sub set_message_contents foreach my $key (keys %{$self->extension_data}) { next if ($key == TLSProxy::Message::EXT_PSK); $extensions .= $self->extension_contents($key); + #Add extension twice if we are duplicating that extension + $extensions .= $self->extension_contents($key) if ($key == $self->dupext); } #PSK extension always goes last... if (defined ${$self->extension_data}{TLSProxy::Message::EXT_PSK}) { diff --git a/util/perl/TLSProxy/EncryptedExtensions.pm b/util/perl/TLSProxy/EncryptedExtensions.pm index f56f3c4270..4fd445b41e 100644 --- a/util/perl/TLSProxy/EncryptedExtensions.pm +++ b/util/perl/TLSProxy/EncryptedExtensions.pm @@ -81,11 +81,6 @@ sub set_message_contents $extensions .= pack("n", $key); $extensions .= pack("n", length($extdata)); $extensions .= $extdata; - if ($key == TLSProxy::Message::EXT_DUPLICATE_EXTENSION) { - $extensions .= pack("n", $key); - $extensions .= pack("n", length($extdata)); - $extensions .= $extdata; - } } $data = pack('n', length($extensions)); diff --git a/util/perl/TLSProxy/Message.pm b/util/perl/TLSProxy/Message.pm index 642afb58cb..71803698c2 100644 --- a/util/perl/TLSProxy/Message.pm +++ b/util/perl/TLSProxy/Message.pm @@ -86,10 +86,7 @@ use constant { EXT_SIG_ALGS_CERT => 50, EXT_RENEGOTIATE => 65281, EXT_NPN => 13172, - # This extension is an unofficial extension only ever written by OpenSSL - # (i.e. not read), and even then only when enabled. We use it to test - # handling of duplicate extensions. - EXT_DUPLICATE_EXTENSION => 0xfde8, + EXT_CRYPTOPRO_BUG_EXTENSION => 0xfde8, EXT_UNKNOWN => 0xfffe, #Unknown extension that should appear last EXT_FORCE_LAST => 0xffff @@ -420,7 +417,8 @@ sub new records => $records, mt => $mt, startoffset => $startoffset, - message_frag_lens => $message_frag_lens + message_frag_lens => $message_frag_lens, + dupext => -1 }; return bless $self, $class; @@ -575,6 +573,14 @@ sub encoded_length my $self = shift; return TLS_MESSAGE_HEADER_LENGTH + length($self->data); } +sub dupext +{ + my $self = shift; + if (@_) { + $self->{dupext} = shift; + } + return $self->{dupext}; +} sub successondata { my $class = shift; diff --git a/util/perl/TLSProxy/ServerHello.pm b/util/perl/TLSProxy/ServerHello.pm index 94e7ab5f39..14eb813d5e 100644 --- a/util/perl/TLSProxy/ServerHello.pm +++ b/util/perl/TLSProxy/ServerHello.pm @@ -154,7 +154,7 @@ sub set_message_contents $extensions .= pack("n", $key); $extensions .= pack("n", length($extdata)); $extensions .= $extdata; - if ($key == TLSProxy::Message::EXT_DUPLICATE_EXTENSION) { + if ($key == $self->dupext) { $extensions .= pack("n", $key); $extensions .= pack("n", length($extdata)); $extensions .= $extdata; |