105901b04Schristos#! /usr/bin/env perl 2*66bae5e7Schristos# Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. 305901b04Schristos# 4*66bae5e7Schristos# Licensed under the Apache License 2.0 (the "License"). You may not use 505901b04Schristos# this file except in compliance with the License. You can obtain a copy 605901b04Schristos# in the file LICENSE in the source distribution or at 705901b04Schristos# https://www.openssl.org/source/license.html 805901b04Schristos 905901b04Schristosuse strict; 1005901b04Schristosuse OpenSSL::Test qw/:DEFAULT cmdstr srctop_file srctop_dir bldtop_dir/; 1105901b04Schristosuse OpenSSL::Test::Utils; 1205901b04Schristosuse File::Temp qw(tempfile); 1305901b04Schristosuse TLSProxy::Proxy; 1405901b04Schristos 1505901b04Schristosmy $test_name = "test_comp"; 1605901b04Schristossetup($test_name); 1705901b04Schristos 1805901b04Schristosplan skip_all => "TLSProxy isn't usable on $^O" 1905901b04Schristos if $^O =~ /^(VMS)$/; 2005901b04Schristos 2105901b04Schristosplan skip_all => "$test_name needs the dynamic engine feature enabled" 2205901b04Schristos if disabled("engine") || disabled("dynamic-engine"); 2305901b04Schristos 2405901b04Schristosplan skip_all => "$test_name needs the sock feature enabled" 2505901b04Schristos if disabled("sock"); 2605901b04Schristos 2705901b04Schristosplan skip_all => "$test_name needs TLSv1.3 or TLSv1.2 enabled" 2805901b04Schristos if disabled("tls1_3") && disabled("tls1_2"); 2905901b04Schristos 3005901b04Schristos$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; 3105901b04Schristos 3205901b04Schristosuse constant { 3305901b04Schristos MULTIPLE_COMPRESSIONS => 0, 3405901b04Schristos NON_NULL_COMPRESSION => 1 3505901b04Schristos}; 3605901b04Schristosmy $testtype; 3705901b04Schristos 3805901b04Schristosmy $proxy = TLSProxy::Proxy->new( 3905901b04Schristos undef, 4005901b04Schristos cmdstr(app(["openssl"]), display => 1), 4105901b04Schristos srctop_file("apps", "server.pem"), 4205901b04Schristos (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) 4305901b04Schristos); 4405901b04Schristos 4505901b04Schristos$proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; 4605901b04Schristosplan tests => 4; 4705901b04Schristos 4805901b04SchristosSKIP: { 4905901b04Schristos skip "TLSv1.2 disabled", 2 if disabled("tls1_2"); 5005901b04Schristos #Test 1: Check that sending multiple compression methods in a TLSv1.2 5105901b04Schristos # ClientHello succeeds 5205901b04Schristos $proxy->clear(); 5305901b04Schristos $proxy->filter(\&add_comp_filter); 5405901b04Schristos $proxy->clientflags("-no_tls1_3"); 5505901b04Schristos $testtype = MULTIPLE_COMPRESSIONS; 5605901b04Schristos $proxy->start(); 5705901b04Schristos ok(TLSProxy::Message->success(), "Non null compression"); 5805901b04Schristos 5905901b04Schristos #Test 2: NULL compression method must be present in TLSv1.2 6005901b04Schristos $proxy->clear(); 6105901b04Schristos $proxy->clientflags("-no_tls1_3"); 6205901b04Schristos $testtype = NON_NULL_COMPRESSION; 6305901b04Schristos $proxy->start(); 6405901b04Schristos ok(TLSProxy::Message->fail(), "NULL compression missing"); 6505901b04Schristos} 6605901b04Schristos 6705901b04SchristosSKIP: { 68*66bae5e7Schristos skip "TLSv1.3 disabled", 2 69*66bae5e7Schristos if disabled("tls1_3") || (disabled("ec") && disabled("dh")); 7005901b04Schristos #Test 3: Check that sending multiple compression methods in a TLSv1.3 7105901b04Schristos # ClientHello fails 7205901b04Schristos $proxy->clear(); 7305901b04Schristos $proxy->filter(\&add_comp_filter); 7405901b04Schristos $testtype = MULTIPLE_COMPRESSIONS; 7505901b04Schristos $proxy->start(); 7605901b04Schristos ok(TLSProxy::Message->fail(), "Non null compression (TLSv1.3)"); 7705901b04Schristos 7805901b04Schristos #Test 4: NULL compression method must be present in TLSv1.3 7905901b04Schristos $proxy->clear(); 8005901b04Schristos $testtype = NON_NULL_COMPRESSION; 8105901b04Schristos $proxy->start(); 8205901b04Schristos ok(TLSProxy::Message->fail(), "NULL compression missing (TLSv1.3)"); 8305901b04Schristos} 8405901b04Schristos 8505901b04Schristossub add_comp_filter 8605901b04Schristos{ 8705901b04Schristos my $proxy = shift; 8805901b04Schristos my $flight; 8905901b04Schristos my $message; 9005901b04Schristos my @comp; 9105901b04Schristos 9205901b04Schristos # Only look at the ClientHello 9305901b04Schristos return if $proxy->flight != 0; 9405901b04Schristos 9505901b04Schristos $message = ${$proxy->message_list}[0]; 9605901b04Schristos 9705901b04Schristos return if (!defined $message 9805901b04Schristos || $message->mt != TLSProxy::Message::MT_CLIENT_HELLO); 9905901b04Schristos 10005901b04Schristos if ($testtype == MULTIPLE_COMPRESSIONS) { 10105901b04Schristos @comp = ( 10205901b04Schristos 0x00, #Null compression method 10305901b04Schristos 0xff); #Unknown compression 10405901b04Schristos } elsif ($testtype == NON_NULL_COMPRESSION) { 10505901b04Schristos @comp = (0xff); #Unknown compression 10605901b04Schristos } 10705901b04Schristos $message->comp_meths(\@comp); 10805901b04Schristos $message->comp_meth_len(scalar @comp); 10905901b04Schristos $message->repack(); 11005901b04Schristos} 111