2 # Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
4 # Licensed under the OpenSSL license (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
10 use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/;
11 use OpenSSL::Test::Utils;
14 my $test_name = "test_sslrecords";
17 plan skip_all => "TLSProxy isn't usable on $^O"
18 if $^O =~ /^(VMS|MSWin32)$/;
20 plan skip_all => "$test_name needs the dynamic engine feature enabled"
21 if disabled("engine") || disabled("dynamic-engine");
23 plan skip_all => "$test_name needs the sock feature enabled"
26 plan skip_all => "$test_name needs TLSv1.2 enabled"
27 if disabled("tls1_2");
29 $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
30 my $proxy = TLSProxy::Proxy->new(
31 \&add_empty_recs_filter,
32 cmdstr(app(["openssl"]), display => 1),
33 srctop_file("apps", "server.pem"),
34 (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})
37 #Test 1: Injecting out of context empty records should fail
38 my $content_type = TLSProxy::Record::RT_APPLICATION_DATA;
39 my $inject_recs_num = 1;
40 $proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
42 ok(TLSProxy::Message->fail(), "Out of context empty records test");
44 #Test 2: Injecting in context empty records should succeed
46 $content_type = TLSProxy::Record::RT_HANDSHAKE;
48 ok(TLSProxy::Message->success(), "In context empty records test");
50 #Test 3: Injecting too many in context empty records should fail
52 #We allow 32 consecutive in context empty records
53 $inject_recs_num = 33;
55 ok(TLSProxy::Message->fail(), "Too many in context empty records test");
57 #Test 4: Injecting a fragmented fatal alert should fail. We actually expect no
58 # alerts to be sent from either side because *we* injected the fatal
59 # alert, i.e. this will look like a disorderly close
61 $proxy->filter(\&add_frag_alert_filter);
63 ok(!TLSProxy::Message->end(), "Fragmented alert records test");
65 sub add_empty_recs_filter
69 # We're only interested in the initial ClientHello
70 if ($proxy->flight != 0) {
74 for (my $i = 0; $i < $inject_recs_num; $i++) {
75 my $record = TLSProxy::Record->new(
78 TLSProxy::Record::VERS_TLS_1_2,
86 push @{$proxy->record_list}, $record;
90 sub add_frag_alert_filter
95 # We're only interested in the initial ClientHello
96 if ($proxy->flight != 0) {
100 # Add a zero length fragment first
101 #my $record = TLSProxy::Record->new(
103 # TLSProxy::Record::RT_ALERT,
104 # TLSProxy::Record::VERS_TLS_1_2,
111 #push @{$proxy->record_list}, $record;
113 # Now add the alert level (Fatal) as a separate record
114 $byte = pack('C', TLSProxy::Message::AL_LEVEL_FATAL);
115 my $record = TLSProxy::Record->new(
117 TLSProxy::Record::RT_ALERT,
118 TLSProxy::Record::VERS_TLS_1_2,
125 push @{$proxy->record_list}, $record;
127 # And finally the description (Unexpected message) in a third record
128 $byte = pack('C', TLSProxy::Message::AL_DESC_UNEXPECTED_MESSAGE);
129 $record = TLSProxy::Record->new(
131 TLSProxy::Record::RT_ALERT,
132 TLSProxy::Record::VERS_TLS_1_2,
139 push @{$proxy->record_list}, $record;