Project homepage Mailing List  Warmcat.com  API Docs  Github Mirror 
{"schema":"libjg2-1", "vpath":"/git/", "avatar":"/git/avatar/", "alang":"", "gen_ut":1753166526, "reponame":"openssl", "desc":"OpenSSL", "owner": { "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" },"url":"https://warmcat.com/repo/openssl", "f":3, "items": [ {"schema":"libjg2-1", "cid":"c1fcc55af56f4a05fbbfd524b68b9afd", "commit": {"type":"commit", "time": 1533719818, "time_ofs": 60, "oid_tree": { "oid": "e0df9037d184402424c411e627afc6948ecfcce6", "alias": []}, "oid":{ "oid": "f460e8396f8cb1be1bbd6a8a22d7e24b80d8a607", "alias": []}, "msg": "Add a test for unencrypted alert", "sig_commit": { "git_time": { "time": 1533719818, "offset": 60 }, "name": "Matt Caswell", "email": "matt@openssl.org", "md5": "10f7b441a32d5790efad9fc68cae4af2" }, "sig_author": { "git_time": { "time": 1533655351, "offset": 60 }, "name": "Matt Caswell", "email": "matt@openssl.org", "md5": "10f7b441a32d5790efad9fc68cae4af2" }}, "body": "Add a test for unencrypted alert\n\nTest that a server can handle an unecrypted alert when normally the next\nmessage is encrypted.\n\nReviewed-by: Rich Salz \u003crsalz@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/6887)\n" , "diff": "diff --git a/test/recipes/70-test_tls13alerts.t b/test/recipes/70-test_tls13alerts.t\nnew file mode 100644\nindex 0000000..7111d40\n--- /dev/null\n+++ b/test/recipes/70-test_tls13alerts.t\n@@ -0,0 +1,56 @@\n+#! /usr/bin/env perl\n+# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.\n+#\n+# Licensed under the OpenSSL license (the \u0022License\u0022). You may not use\n+# this file except in compliance with the License. You can obtain a copy\n+# in the file LICENSE in the source distribution or at\n+# https://www.openssl.org/source/license.html\n+\n+use strict;\n+use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/;\n+use OpenSSL::Test::Utils;\n+use TLSProxy::Proxy;\n+\n+my $test_name \u003d \u0022test_tls13alerts\u0022;\n+setup($test_name);\n+\n+plan skip_all \u003d\u003e \u0022TLSProxy isn't usable on $^O\u0022\n+ if $^O \u003d~ /^(VMS)$/;\n+\n+plan skip_all \u003d\u003e \u0022$test_name needs the dynamic engine feature enabled\u0022\n+ if disabled(\u0022engine\u0022) || disabled(\u0022dynamic-engine\u0022);\n+\n+plan skip_all \u003d\u003e \u0022$test_name needs the sock feature enabled\u0022\n+ if disabled(\u0022sock\u0022);\n+\n+plan skip_all \u003d\u003e \u0022$test_name needs TLS1.3 enabled\u0022\n+ if disabled(\u0022tls1_3\u0022);\n+\n+$ENV{OPENSSL_ia32cap} \u003d '~0x200000200000000';\n+\n+my $proxy \u003d TLSProxy::Proxy-\u003enew(\n+ undef,\n+ cmdstr(app([\u0022openssl\u0022]), display \u003d\u003e 1),\n+ srctop_file(\u0022apps\u0022, \u0022server.pem\u0022),\n+ (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE})\n+);\n+\n+#Test 1: We test that a server can handle an unencrypted alert when normally the\n+# next message is encrypted\n+$proxy-\u003efilter(\u005c\u0026alert_filter);\n+$proxy-\u003estart() or plan skip_all \u003d\u003e \u0022Unable to start up Proxy for tests\u0022;\n+plan tests \u003d\u003e 1;\n+my $alert \u003d TLSProxy::Message-\u003ealert();\n+ok(TLSProxy::Message-\u003efail() \u0026\u0026 !$alert-\u003eserver() \u0026\u0026 !$alert-\u003eencrypted(), \u0022Client sends an unecrypted alert\u0022);\n+\n+sub alert_filter\n+{\n+ my $proxy \u003d shift;\n+\n+ if ($proxy-\u003eflight !\u003d 1) {\n+ return;\n+ }\n+\n+ ${$proxy-\u003emessage_list}[1]-\u003esession_id_len(1);\n+ ${$proxy-\u003emessage_list}[1]-\u003erepack();\n+}\ndiff --git a/util/perl/TLSProxy/Alert.pm b/util/perl/TLSProxy/Alert.pm\nnew file mode 100644\nindex 0000000..e66883d\n--- /dev/null\n+++ b/util/perl/TLSProxy/Alert.pm\n@@ -0,0 +1,51 @@\n+# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.\n+#\n+# Licensed under the OpenSSL license (the \u0022License\u0022). You may not use\n+# this file except in compliance with the License. You can obtain a copy\n+# in the file LICENSE in the source distribution or at\n+# https://www.openssl.org/source/license.html\n+\n+use strict;\n+\n+package TLSProxy::Alert;\n+\n+sub new\n+{\n+ my $class \u003d shift;\n+ my ($server,\n+ $encrypted,\n+ $level,\n+ $description) \u003d @_;\n+ \n+ my $self \u003d {\n+ server \u003d\u003e $server,\n+ encrypted \u003d\u003e $encrypted,\n+ level \u003d\u003e $level,\n+ description \u003d\u003e $description\n+ };\n+\n+ return bless $self, $class;\n+}\n+\n+#Read only accessors\n+sub server\n+{\n+ my $self \u003d shift;\n+ return $self-\u003e{server};\n+}\n+sub encrypted\n+{\n+ my $self \u003d shift;\n+ return $self-\u003e{encrypted};\n+}\n+sub level\n+{\n+ my $self \u003d shift;\n+ return $self-\u003e{level};\n+}\n+sub description\n+{\n+ my $self \u003d shift;\n+ return $self-\u003e{description};\n+}\n+1;\ndiff --git a/util/perl/TLSProxy/Message.pm b/util/perl/TLSProxy/Message.pm\nindex 56570f9..44952ad 100644\n--- a/util/perl/TLSProxy/Message.pm\n+++ b/util/perl/TLSProxy/Message.pm\n@@ -9,6 +9,8 @@ use strict;\n \n package TLSProxy::Message;\n \n+use TLSProxy::Alert;\n+\n use constant TLS_MESSAGE_HEADER_LENGTH \u003d\u003e 4;\n \n #Message types\n@@ -140,6 +142,7 @@ my @message_rec_list \u003d ();\n my @message_frag_lens \u003d ();\n my $ciphersuite \u003d 0;\n my $successondata \u003d 0;\n+my $alert;\n \n sub clear\n {\n@@ -152,6 +155,7 @@ sub clear\n $successondata \u003d 0;\n @message_rec_list \u003d ();\n @message_frag_lens \u003d ();\n+ $alert \u003d undef;\n }\n \n #Class method to extract messages from a record\n@@ -281,6 +285,11 @@ sub get_messages\n if ($alertlev \u003d\u003d AL_LEVEL_FATAL || $alertdesc \u003d\u003d AL_DESC_CLOSE_NOTIFY) {\n $end \u003d 1;\n }\n+ $alert \u003d TLSProxy::Alert-\u003enew(\n+ $server,\n+ $record-\u003eencrypted,\n+ $alertlev,\n+ $alertdesc);\n }\n \n return @messages;\n@@ -388,6 +397,12 @@ sub fail\n my $class \u003d shift;\n return !$success \u0026\u0026 $end;\n }\n+\n+sub alert\n+{\n+ return $alert;\n+}\n+\n sub new\n {\n my $class \u003d shift;\ndiff --git a/util/perl/TLSProxy/Record.pm b/util/perl/TLSProxy/Record.pm\nindex 9de51b3..8db50d0 100644\n--- a/util/perl/TLSProxy/Record.pm\n+++ b/util/perl/TLSProxy/Record.pm\n@@ -97,7 +97,9 @@ sub get_records\n $data # decrypt_data\n );\n \n- if ($content_type !\u003d RT_CCS) {\n+ if ($content_type !\u003d RT_CCS\n+ \u0026\u0026 (!TLSProxy::Proxy-\u003eis_tls13()\n+ || $content_type !\u003d RT_ALERT)) {\n if (($server \u0026\u0026 $server_encrypting)\n || (!$server \u0026\u0026 $client_encrypting)) {\n if (!TLSProxy::Proxy-\u003eis_tls13() \u0026\u0026 $etm) {\n","s":{"c":1753166526,"u": 40531}} ],"g": 42414,"chitpc": 0,"ehitpc": 0,"indexed":0 , "ab": 0, "si": 0, "db":0, "di":0, "sat":0, "lfc": "0000"}