Loading test/recipes/70-test_sslrecords.t +46 −6 Original line number Diff line number Diff line Loading @@ -44,7 +44,7 @@ if (!disabled("tls1_1")) { $num_tests++; } if (!disabled("tls1_3")) { $num_tests++; $num_tests += 3; } plan tests => $num_tests; ok(TLSProxy::Message->fail(), "Out of context empty records test"); Loading Loading @@ -148,14 +148,29 @@ $proxy->filter(\&change_version); $proxy->start(); ok(TLSProxy::Message->fail(), "Changed record version in TLS1.2"); #Test 13: Sending a different record version in TLS1.3 should succeed #TLS1.3 specific tests if (!disabled("tls1_3")) { #Test 13: Sending a different record version in TLS1.3 should succeed $proxy->clear(); $proxy->filter(\&change_version); $proxy->start(); ok(TLSProxy::Message->success(), "Changed record version in TLS1.3"); #Test 14: Sending an unrecognised record type in TLS1.3 should fail $proxy->clear(); $proxy->filter(\&add_unknown_record_type); $proxy->start(); ok(TLSProxy::Message->fail(), "Unrecognised record type in TLS1.3"); #Test 15: Sending an outer record type other than app data once encrypted #should fail $proxy->clear(); $proxy->filter(\&change_outer_record_type); $proxy->start(); ok(TLSProxy::Message->fail(), "Wrong outer record type in TLS1.3"); } sub add_empty_recs_filter { my $proxy = shift; Loading Loading @@ -388,13 +403,13 @@ sub add_unknown_record_type my $proxy = shift; # We'll change a record after the initial version neg has taken place if ($proxy->flight != 2) { if ($proxy->flight != 1) { return; } my $lastrec = ${$proxy->record_list}[-1]; my $record = TLSProxy::Record->new( 2, 1, TLSProxy::Record::RT_UNKNOWN, $lastrec->version(), 1, Loading @@ -405,7 +420,14 @@ sub add_unknown_record_type "X" ); unshift @{$proxy->record_list}, $record; #Find ServerHello record and insert after that my $i; for ($i = 0; ${$proxy->record_list}[$i]->flight() < 1; $i++) { next; } $i++; splice @{$proxy->record_list}, $i, 0, $record; } sub change_version Loading @@ -419,3 +441,21 @@ sub change_version (${$proxy->record_list}[-1])->version(TLSProxy::Record::VERS_TLS_1_1); } sub change_outer_record_type { my $proxy = shift; # We'll change a record after the initial version neg has taken place if ($proxy->flight != 1) { return; } #Find ServerHello record and change record after that my $i; for ($i = 0; ${$proxy->record_list}[$i]->flight() < 1; $i++) { next; } $i++; ${$proxy->record_list}[$i]->outer_content_type(TLSProxy::Record::RT_HANDSHAKE); } util/TLSProxy/Record.pm +11 −2 Original line number Diff line number Diff line Loading @@ -195,7 +195,8 @@ sub new data => $data, decrypt_data => $decrypt_data, orig_decrypt_data => $decrypt_data, encrypted => 0 encrypted => 0, outer_content_type => RT_APPLICATION_DATA }; return bless $self, $class; Loading Loading @@ -289,7 +290,7 @@ sub reconstruct_record $data = pack('n', $self->len | 0x8000); } else { if (TLSProxy::Proxy->is_tls13() && $self->encrypted) { $data = pack('Cnn', RT_APPLICATION_DATA, $self->version, $data = pack('Cnn', $self->outer_content_type, $self->version, $self->len + 1); $tls13_enc = 1; } else { Loading Loading @@ -386,4 +387,12 @@ sub encrypted } return $self->{encrypted}; } sub outer_content_type { my $self = shift; if (@_) { $self->{outer_content_type} = shift; } return $self->{outer_content_type}; } 1; Loading
test/recipes/70-test_sslrecords.t +46 −6 Original line number Diff line number Diff line Loading @@ -44,7 +44,7 @@ if (!disabled("tls1_1")) { $num_tests++; } if (!disabled("tls1_3")) { $num_tests++; $num_tests += 3; } plan tests => $num_tests; ok(TLSProxy::Message->fail(), "Out of context empty records test"); Loading Loading @@ -148,14 +148,29 @@ $proxy->filter(\&change_version); $proxy->start(); ok(TLSProxy::Message->fail(), "Changed record version in TLS1.2"); #Test 13: Sending a different record version in TLS1.3 should succeed #TLS1.3 specific tests if (!disabled("tls1_3")) { #Test 13: Sending a different record version in TLS1.3 should succeed $proxy->clear(); $proxy->filter(\&change_version); $proxy->start(); ok(TLSProxy::Message->success(), "Changed record version in TLS1.3"); #Test 14: Sending an unrecognised record type in TLS1.3 should fail $proxy->clear(); $proxy->filter(\&add_unknown_record_type); $proxy->start(); ok(TLSProxy::Message->fail(), "Unrecognised record type in TLS1.3"); #Test 15: Sending an outer record type other than app data once encrypted #should fail $proxy->clear(); $proxy->filter(\&change_outer_record_type); $proxy->start(); ok(TLSProxy::Message->fail(), "Wrong outer record type in TLS1.3"); } sub add_empty_recs_filter { my $proxy = shift; Loading Loading @@ -388,13 +403,13 @@ sub add_unknown_record_type my $proxy = shift; # We'll change a record after the initial version neg has taken place if ($proxy->flight != 2) { if ($proxy->flight != 1) { return; } my $lastrec = ${$proxy->record_list}[-1]; my $record = TLSProxy::Record->new( 2, 1, TLSProxy::Record::RT_UNKNOWN, $lastrec->version(), 1, Loading @@ -405,7 +420,14 @@ sub add_unknown_record_type "X" ); unshift @{$proxy->record_list}, $record; #Find ServerHello record and insert after that my $i; for ($i = 0; ${$proxy->record_list}[$i]->flight() < 1; $i++) { next; } $i++; splice @{$proxy->record_list}, $i, 0, $record; } sub change_version Loading @@ -419,3 +441,21 @@ sub change_version (${$proxy->record_list}[-1])->version(TLSProxy::Record::VERS_TLS_1_1); } sub change_outer_record_type { my $proxy = shift; # We'll change a record after the initial version neg has taken place if ($proxy->flight != 1) { return; } #Find ServerHello record and change record after that my $i; for ($i = 0; ${$proxy->record_list}[$i]->flight() < 1; $i++) { next; } $i++; ${$proxy->record_list}[$i]->outer_content_type(TLSProxy::Record::RT_HANDSHAKE); }
util/TLSProxy/Record.pm +11 −2 Original line number Diff line number Diff line Loading @@ -195,7 +195,8 @@ sub new data => $data, decrypt_data => $decrypt_data, orig_decrypt_data => $decrypt_data, encrypted => 0 encrypted => 0, outer_content_type => RT_APPLICATION_DATA }; return bless $self, $class; Loading Loading @@ -289,7 +290,7 @@ sub reconstruct_record $data = pack('n', $self->len | 0x8000); } else { if (TLSProxy::Proxy->is_tls13() && $self->encrypted) { $data = pack('Cnn', RT_APPLICATION_DATA, $self->version, $data = pack('Cnn', $self->outer_content_type, $self->version, $self->len + 1); $tls13_enc = 1; } else { Loading Loading @@ -386,4 +387,12 @@ sub encrypted } return $self->{encrypted}; } sub outer_content_type { my $self = shift; if (@_) { $self->{outer_content_type} = shift; } return $self->{outer_content_type}; } 1;
Rich Salz <rsalz@openssl.org>Rich Salz <rsalz@openssl.org>