Skip to content

T
Third Party Openssl

OpenHarmony / Third Party Openssl
1 年多 前同步成功

通知 10
Star 18
Fork 1
T
Third Party Openssl
提交 05594f4a 编写于 作者: B Benjamin Kaduk 提交者: Benjamin Kaduk
浏览文件
操作

Add tests for deprecated sigalgs with TLS 1.3 ClientHellos 

Test for each of DSA, SHA1, and SHA224.

Use the symbolic names for SignatureScheme comparisons just added.
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3326)
上级 81813776
隐藏空白更改
内联 并排
Showing with 84 addition and 2 deletion
test/recipes/70-test_sslsigalgs.t
浏览文件 @ 05594f4a
......@@ -39,7 +39,9 @@ use constant {
EMPTY_SIG_ALGS_EXT => 1,
NO_KNOWN_SIG_ALGS => 2,
NO_PSS_SIG_ALGS => 3,
PSS_ONLY_SIG_ALGS => 4
PSS_ONLY_SIG_ALGS => 4,
PURE_SIGALGS => 5,
COMPAT_SIGALGS => 6
};
#Note: Throughout this test we override the default ciphersuites where TLSv1.2
......@@ -48,7 +50,7 @@ use constant {
#Test 1: Default sig algs should succeed
$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
plan tests => 16;
plan tests => 18;
ok(TLSProxy::Message->success, "Default sigalgs");
my $testtype;
......@@ -197,6 +199,29 @@ SKIP: {
ok(TLSProxy::Message->success, "No TLSv1.2 sigalgs, ECDSA");
}
my ($dsa_status, $sha1_status, $sha224_status);
SKIP: {
skip "TLSv1.3 disabled", 2 if disabled("tls1_3") || disabled("dsa");
#Test 17: signature_algorithms with 1.3-only ClientHello
$testtype = PURE_SIGALGS;
$dsa_status = $sha1_status = $sha224_status = 0;
$proxy->clear();
$proxy->clientflags("-tls1_3");
$proxy->filter(\&modify_sigalgs_filter);
$proxy->start();
ok($dsa_status && $sha1_status && $sha224_status,
"DSA/SHA2 sigalg sent for 1.3-only ClientHello");
#Test 18: signature_algorithms with backwards compatible ClientHello
$testtype = COMPAT_SIGALGS;
$dsa_status = $sha1_status = $sha224_status = 0;
$proxy->clear();
$proxy->filter(\&modify_sigalgs_filter);
$proxy->start();
ok($dsa_status && $sha1_status && $sha224_status,
"DSA sigalg not sent for compat ClientHello");
}
sub sigalgs_filter
......@@ -232,3 +257,60 @@ sub sigalgs_filter
}
}
}
sub modify_sigalgs_filter
{
my $proxy = shift;
# We're only interested in the initial ClientHello
return if ($proxy->flight != 0);
foreach my $message (@{$proxy->message_list}) {
my $ext;
my @algs;
if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) {
if ($testtype == PURE_SIGALGS) {
my $ok = 1;
$ext = $message->extension_data->{TLSProxy::Message::EXT_SIG_ALGS};
@algs = unpack('S>*', $ext);
# unpack will unpack the length as well
shift @algs;
foreach (@algs) {
if ($_ == TLSProxy::Message::SIG_ALG_DSA_SHA256
|| $_ == TLSProxy::Message::SIG_ALG_DSA_SHA384
|| $_ == TLSProxy::Message::SIG_ALG_DSA_SHA512
|| $_ == TLSProxy::Message::OSSL_SIG_ALG_DSA_SHA224
|| $_ == TLSProxy::Message::SIG_ALG_RSA_PKCS1_SHA1
|| $_ == TLSProxy::Message::SIG_ALG_DSA_SHA1
|| $_ == TLSProxy::Message::SIG_ALG_ECDSA_SHA1) {
$ok = 0;
}
}
$sha1_status = $dsa_status = $sha224_status = 1 if ($ok);
} elsif ($testtype == COMPAT_SIGALGS) {
$ext = $message->extension_data->{TLSProxy::Message::EXT_SIG_ALGS};
@algs = unpack('S>*', $ext);
# unpack will unpack the length as well
shift @algs;
foreach (@algs) {
if ($_ == TLSProxy::Message::SIG_ALG_DSA_SHA256
|| $_ == TLSProxy::Message::SIG_ALG_DSA_SHA384
|| $_ == TLSProxy::Message::SIG_ALG_DSA_SHA512) {
$dsa_status = 1;
}
if ($_ == TLSProxy::Message::SIG_ALG_RSA_PKCS1_SHA1
|| $_ == TLSProxy::Message::SIG_ALG_DSA_SHA1
|| $_ == TLSProxy::Message::SIG_ALG_ECDSA_SHA1) {
$sha1_status = 1;
}
if ($_ == TLSProxy::Message::OSSL_SIG_ALG_RSA_PKCS1_SHA224
|| $_ == TLSProxy::Message::OSSL_SIG_ALG_DSA_SHA224
|| $_ == TLSProxy::Message::OSSL_SIG_ALG_ECDSA_SHA224) {
$sha224_status = 1;
}
}
}
}
}
}
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册