1#! /usr/bin/env perl 2# Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. 3# 4# Licensed under the Apache License 2.0 (the "License"). You may not use 5# this file except in compliance with the License. You can obtain a copy 6# in the file LICENSE in the source distribution or at 7# https://www.openssl.org/source/license.html 8 9use strict; 10use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file srctop_dir bldtop_dir/; 11use OpenSSL::Test::Utils; 12use File::Temp qw(tempfile); 13use TLSProxy::Proxy; 14 15my $test_name = "test_comp"; 16setup($test_name); 17 18plan skip_all => "TLSProxy isn't usable on $^O" 19 if $^O =~ /^(VMS)$/; 20 21plan skip_all => "$test_name needs the dynamic engine feature enabled" 22 if disabled("engine") || disabled("dynamic-engine"); 23 24plan skip_all => "$test_name needs the sock feature enabled" 25 if disabled("sock"); 26 27plan skip_all => "$test_name needs TLSv1.3 or TLSv1.2 enabled" 28 if disabled("tls1_3") && disabled("tls1_2"); 29 30use constant { 31 MULTIPLE_COMPRESSIONS => 0, 32 NON_NULL_COMPRESSION => 1 33}; 34my $testtype; 35 36my $proxy = TLSProxy::Proxy->new( 37 undef, 38 cmdstr(app(["openssl"]), display => 1), 39 srctop_file("apps", "server.pem"), 40 (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) 41); 42 43$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; 44plan tests => 4; 45 46SKIP: { 47 skip "TLSv1.2 disabled", 2 if disabled("tls1_2"); 48 #Test 1: Check that sending multiple compression methods in a TLSv1.2 49 # ClientHello succeeds 50 $proxy->clear(); 51 $proxy->filter(\&add_comp_filter); 52 $proxy->clientflags("-no_tls1_3"); 53 $testtype = MULTIPLE_COMPRESSIONS; 54 $proxy->start(); 55 ok(TLSProxy::Message->success(), "Non null compression"); 56 57 #Test 2: NULL compression method must be present in TLSv1.2 58 $proxy->clear(); 59 $proxy->clientflags("-no_tls1_3"); 60 $testtype = NON_NULL_COMPRESSION; 61 $proxy->start(); 62 ok(TLSProxy::Message->fail(), "NULL compression missing"); 63} 64 65SKIP: { 66 skip "TLSv1.3 disabled", 2 67 if disabled("tls1_3") || (disabled("ec") && disabled("dh")); 68 #Test 3: Check that sending multiple compression methods in a TLSv1.3 69 # ClientHello fails 70 $proxy->clear(); 71 $proxy->filter(\&add_comp_filter); 72 $testtype = MULTIPLE_COMPRESSIONS; 73 $proxy->start(); 74 ok(TLSProxy::Message->fail(), "Non null compression (TLSv1.3)"); 75 76 #Test 4: NULL compression method must be present in TLSv1.3 77 $proxy->clear(); 78 $testtype = NON_NULL_COMPRESSION; 79 $proxy->start(); 80 ok(TLSProxy::Message->fail(), "NULL compression missing (TLSv1.3)"); 81} 82 83sub add_comp_filter 84{ 85 my $proxy = shift; 86 my $flight; 87 my $message; 88 my @comp; 89 90 # Only look at the ClientHello 91 return if $proxy->flight != 0; 92 93 $message = ${$proxy->message_list}[0]; 94 95 return if (!defined $message 96 || $message->mt != TLSProxy::Message::MT_CLIENT_HELLO); 97 98 if ($testtype == MULTIPLE_COMPRESSIONS) { 99 @comp = ( 100 0x00, #Null compression method 101 0xff); #Unknown compression 102 } elsif ($testtype == NON_NULL_COMPRESSION) { 103 @comp = (0xff); #Unknown compression 104 } 105 $message->comp_meths(\@comp); 106 $message->comp_meth_len(scalar @comp); 107 $message->repack(); 108} 109