1#! /usr/bin/env perl 2# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. 3# 4# Licensed under the OpenSSL license (the "License"). You may not use 5# this file except in compliance with the License. You can obtain a copy 6# in the file LICENSE in the source distribution or at 7# https://www.openssl.org/source/license.html 8 9use strict; 10use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file srctop_dir bldtop_dir/; 11use OpenSSL::Test::Utils; 12use File::Temp qw(tempfile); 13use TLSProxy::Proxy; 14 15my $test_name = "test_comp"; 16setup($test_name); 17 18plan skip_all => "TLSProxy isn't usable on $^O" 19 if $^O =~ /^(VMS)$/; 20 21plan skip_all => "$test_name needs the dynamic engine feature enabled" 22 if disabled("engine") || disabled("dynamic-engine"); 23 24plan skip_all => "$test_name needs the sock feature enabled" 25 if disabled("sock"); 26 27plan skip_all => "$test_name needs TLSv1.3 or TLSv1.2 enabled" 28 if disabled("tls1_3") && disabled("tls1_2"); 29 30$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; 31$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); 32 33use constant { 34 MULTIPLE_COMPRESSIONS => 0, 35 NON_NULL_COMPRESSION => 1 36}; 37my $testtype; 38 39my $proxy = TLSProxy::Proxy->new( 40 undef, 41 cmdstr(app(["openssl"]), display => 1), 42 srctop_file("apps", "server.pem"), 43 (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) 44); 45 46$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; 47plan tests => 4; 48 49SKIP: { 50 skip "TLSv1.2 disabled", 2 if disabled("tls1_2"); 51 #Test 1: Check that sending multiple compression methods in a TLSv1.2 52 # ClientHello succeeds 53 $proxy->clear(); 54 $proxy->filter(\&add_comp_filter); 55 $proxy->clientflags("-no_tls1_3"); 56 $testtype = MULTIPLE_COMPRESSIONS; 57 $proxy->start(); 58 ok(TLSProxy::Message->success(), "Non null compression"); 59 60 #Test 2: NULL compression method must be present in TLSv1.2 61 $proxy->clear(); 62 $proxy->clientflags("-no_tls1_3"); 63 $testtype = NON_NULL_COMPRESSION; 64 $proxy->start(); 65 ok(TLSProxy::Message->fail(), "NULL compression missing"); 66} 67 68SKIP: { 69 skip "TLSv1.3 disabled", 2 if disabled("tls1_3"); 70 #Test 3: Check that sending multiple compression methods in a TLSv1.3 71 # ClientHello fails 72 $proxy->clear(); 73 $proxy->filter(\&add_comp_filter); 74 $testtype = MULTIPLE_COMPRESSIONS; 75 $proxy->start(); 76 ok(TLSProxy::Message->fail(), "Non null compression (TLSv1.3)"); 77 78 #Test 4: NULL compression method must be present in TLSv1.3 79 $proxy->clear(); 80 $testtype = NON_NULL_COMPRESSION; 81 $proxy->start(); 82 ok(TLSProxy::Message->fail(), "NULL compression missing (TLSv1.3)"); 83} 84 85sub add_comp_filter 86{ 87 my $proxy = shift; 88 my $flight; 89 my $message; 90 my @comp; 91 92 # Only look at the ClientHello 93 return if $proxy->flight != 0; 94 95 $message = ${$proxy->message_list}[0]; 96 97 return if (!defined $message 98 || $message->mt != TLSProxy::Message::MT_CLIENT_HELLO); 99 100 if ($testtype == MULTIPLE_COMPRESSIONS) { 101 @comp = ( 102 0x00, #Null compression method 103 0xff); #Unknown compression 104 } elsif ($testtype == NON_NULL_COMPRESSION) { 105 @comp = (0xff); #Unknown compression 106 } 107 $message->comp_meths(\@comp); 108 $message->comp_meth_len(scalar @comp); 109 $message->repack(); 110} 111