Commit 397f4f78 authored by Matt Caswell's avatar Matt Caswell
Browse files

Add a test to check the EC point formats extension appears when we expect 



The previous commit fixed a bug where the EC point formats extensions did
not appear in the ServerHello. This should have been caught by
70-test_sslmessages but that test never tries an EC ciphersuite. This
updates the test to do that.

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2153)
parent 3b58c54f

test/recipes/70-test_sslmessages.t

+27 −5
Original line number Diff line number Diff line
@@ -46,6 +46,9 @@ my $proxy = TLSProxy::Proxy->new( 
    [TLSProxy::Message::MT_CERTIFICATE,

        checkhandshake::ALL_HANDSHAKES

        & ~checkhandshake::RESUME_HANDSHAKE],

    (disabled("ec") ? () :

                      [TLSProxy::Message::MT_SERVER_KEY_EXCHANGE,

                          checkhandshake::EC_HANDSHAKE]),

    [TLSProxy::Message::MT_CERTIFICATE_STATUS,

        checkhandshake::OCSP_HANDSHAKE],

    #ServerKeyExchange handshakes not currently supported by TLSProxy
@@ -94,10 +97,14 @@ my $proxy = TLSProxy::Proxy->new( 
        checkhandshake::SERVER_NAME_CLI_EXTENSION],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,

        checkhandshake::STATUS_REQUEST_CLI_EXTENSION],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS,

        checkhandshake::DEFAULT_EXTENSIONS],

    (disabled("ec") ? () :

                      [TLSProxy::Message::MT_CLIENT_HELLO,

                       TLSProxy::Message::EXT_SUPPORTED_GROUPS,

                       checkhandshake::DEFAULT_EXTENSIONS]),

    (disabled("ec") ? () :

                      [TLSProxy::Message::MT_CLIENT_HELLO,

                       TLSProxy::Message::EXT_EC_POINT_FORMATS,

                       checkhandshake::DEFAULT_EXTENSIONS]),

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS,

        checkhandshake::DEFAULT_EXTENSIONS],

    [TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN,
@@ -135,6 +142,8 @@ my $proxy = TLSProxy::Proxy->new( 
        checkhandshake::SCT_SRV_EXTENSION],

    [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_NPN,

        checkhandshake::NPN_SRV_EXTENSION],

    [TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS,

        checkhandshake::EC_POINT_FORMAT_SRV_EXTENSION],

    [0,0,0]

);
@@ -143,7 +152,7 @@ my $proxy = TLSProxy::Proxy->new( 
$proxy->serverconnects(2);

$proxy->clientflags("-no_tls1_3 -sess_out ".$session);

$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";

plan tests => 20;

plan tests => 21;

checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,

               checkhandshake::DEFAULT_EXTENSIONS,

               "Default handshake test");
@@ -358,3 +367,16 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, 
               checkhandshake::DEFAULT_EXTENSIONS

               | checkhandshake::SRP_CLI_EXTENSION,

               "SRP extension test");



#Test 21: EC handshake

SKIP: {

    skip "No EC support in this OpenSSL build", 1 if disabled("ec");

    $proxy->clear();

    $proxy->clientflags("-no_tls1_3");

    $proxy->ciphers("ECDHE-RSA-AES128-SHA");

    $proxy->start();

    checkhandshake($proxy, checkhandshake::EC_HANDSHAKE,

                   checkhandshake::DEFAULT_EXTENSIONS

                   | checkhandshake::EC_POINT_FORMAT_SRV_EXTENSION,

                   "EC handshake test");

}

test/testlib/checkhandshake.pm

+4 −1
Original line number Diff line number Diff line
@@ -23,8 +23,9 @@ use constant { 
    CLIENT_AUTH_HANDSHAKE => 8,

    RENEG_HANDSHAKE => 16,

    NPN_HANDSHAKE => 32,

    EC_HANDSHAKE => 64,



    ALL_HANDSHAKES => 63

    ALL_HANDSHAKES => 127

};



use constant {
@@ -43,6 +44,8 @@ use constant { 
    NPN_CLI_EXTENSION => 0x00000800,

    NPN_SRV_EXTENSION => 0x00001000,

    SRP_CLI_EXTENSION => 0x00002000,

    #Client side for ec point formats is a default extension

    EC_POINT_FORMAT_SRV_EXTENSION => 0x00004000,

};



our @handmessages = ();

util/TLSProxy/Message.pm

+4 −0
Original line number Diff line number Diff line
@@ -83,6 +83,10 @@ use constant { 
    EXT_DUPLICATE_EXTENSION => 0xfde8

};



use constant {

    CIPHER_ADH_AES_128_SHA => 0x03000034

};



my $payload = "";

my $messlen = -1;

my $mt;

util/TLSProxy/Proxy.pm

+11 −0
Original line number Diff line number Diff line
@@ -25,6 +25,7 @@ my $have_IPv6 = 0; 
my $IP_factory;



my $is_tls13 = 0;

my $ciphersuite = undef;



sub new

{
@@ -108,6 +109,7 @@ sub clearClient 
    $self->{message_list} = [];

    $self->{clientflags} = "";

    $is_tls13 = 0;

    $ciphersuite = undef;



    TLSProxy::Message->clear();

    TLSProxy::Record->clear();
@@ -535,4 +537,13 @@ sub reneg 
    return $self->{reneg};

}



sub ciphersuite

{

    my $class = shift;

    if (@_) {

        $ciphersuite = shift;

    }

    return $ciphersuite;

}



1;

util/TLSProxy/ServerHello.pm

+1 −0
Original line number Diff line number Diff line
@@ -103,6 +103,7 @@ sub parse 
    $self->session_id_len($session_id_len);

    $self->session($session);

    $self->ciphersuite($ciphersuite);

    TLSProxy::Proxy->ciphersuite($ciphersuite);

    $self->comp_meth($comp_meth);

    $self->extension_data(\%extensions);