Implementation of 1/n-1 splitting countermeasure Rizzo/Duong-Beast

The code is refactored and improved to make it easier to insert the 1/n-1 splitting countermeasure Rizzo/Duong-Beast that is really done in one function clause in ssl:record_split_bin/3
author: Ingela Anderton Andin <[email protected]> 2011-11-23 14:15:45 +0100
committer: Ingela Anderton Andin <[email protected]> 2011-11-23 16:22:28 +0100
commit: fc668fb3dfbdd72d8f0d4e4af4500f070cdeb804 (patch)
tree: 368359b0974cae5b956ce301c83e863b656fe53a /lib/ssl/test/ssl_packet_SUITE.erl
parent: f545894e96d5898285eee8dce812c885cf208fb7 (diff)
download: otp-fc668fb3dfbdd72d8f0d4e4af4500f070cdeb804.tar.gz
otp-fc668fb3dfbdd72d8f0d4e4af4500f070cdeb804.tar.bz2
otp-fc668fb3dfbdd72d8f0d4e4af4500f070cdeb804.zip
1 files changed, 40 insertions, 6 deletions
diff --git a/lib/ssl/test/ssl_packet_SUITE.erl b/lib/ssl/test/ssl_packet_SUITE.erl
index 9d2599b778..4b74f57a60 100644
--- a/lib/ssl/test/ssl_packet_SUITE.erl
+++ b/lib/ssl/test/ssl_packet_SUITE.erl
@@ -158,14 +158,24 @@ all() ->
      packet_asn1_decode, packet_asn1_decode_list,
      packet_tpkt_decode, packet_tpkt_decode_list,
      packet_sunrm_decode, packet_sunrm_decode_list,
-     header_decode_one_byte, header_decode_two_bytes,
-     header_decode_two_bytes_one_sent,
-     header_decode_two_bytes_two_sent].
+     {group, header}
+    ].
 
 groups() -> 
-    [].
+    [{header, [], [ header_decode_one_byte,  
+		    header_decode_two_bytes, 
+		    header_decode_two_bytes_one_sent,
+		    header_decode_two_bytes_two_sent]}].
+
+init_per_group(header, Config) ->
+    case ssl_record:highest_protocol_version(ssl_record:supported_protocol_versions()) of
+	{3, N} when N < 2 ->
+	    {skip, ""};
+	_ ->
+	    Config
+    end;
 
-init_per_group(_GroupName, Config) ->
+init_per_group(_, Config) ->
     Config.
 
 end_per_group(_GroupName, Config) ->
@@ -2626,6 +2636,13 @@ active_once_raw(_, _, 0, _) ->
     ok;
 active_once_raw(Socket, Data, N, Acc) ->
     receive 
+	{ssl, Socket, Byte} when length(Byte) == 1 ->
+	    ssl:setopts(Socket, [{active, once}]),
+	    receive 
+		{ssl, Socket, _} ->
+		    ssl:setopts(Socket, [{active, once}]),
+		    active_once_raw(Socket, Data, N-1, [])
+	    end;
 	{ssl, Socket, Data} ->
 	    ssl:setopts(Socket, [{active, once}]),
 	    active_once_raw(Socket, Data, N-1, []);
@@ -2648,7 +2665,14 @@ active_once_packet(Socket,_, 0) ->
 	    {other, Other, ssl:session_info(Socket), 0}
     end;
 active_once_packet(Socket, Data, N) ->
-    receive 
+    receive 	
+	{ssl, Socket, Byte} when length(Byte) == 1 ->
+	    ssl:setopts(Socket, [{active, once}]),
+	    receive 
+		{ssl, Socket, _} ->
+		    ssl:setopts(Socket, [{active, once}]),
+		    active_once_packet(Socket, Data, N-1)
+	    end;
 	{ssl, Socket, Data} ->
 	    ok
     end,
@@ -2662,6 +2686,11 @@ active_raw(_Socket, _, 0, _) ->
     ok;
 active_raw(Socket, Data, N, Acc) ->
     receive 
+	{ssl, Socket, Byte} when length(Byte) == 1 ->
+	    receive
+		{ssl, Socket, _} ->
+		    active_raw(Socket, Data, N -1)
+	    end;
 	{ssl, Socket, Data} ->
 	    active_raw(Socket, Data, N-1, []);
 	{ssl, Socket, Other} ->
@@ -2682,6 +2711,11 @@ active_packet(Socket, _, 0) ->
     end;
 active_packet(Socket, Data, N) ->
     receive 
+	{ssl, Socket, Byte} when length(Byte) == 1 ->
+	    receive
+		{ssl, Socket, _} ->
+		    active_packet(Socket, Data, N -1)
+		end;
 	{ssl, Socket, Data} ->
 	    active_packet(Socket, Data, N -1);
 	Other ->
author	Ingela Anderton Andin <[email protected]>	2011-11-23 14:15:45 +0100
committer	Ingela Anderton Andin <[email protected]>	2011-11-23 16:22:28 +0100
commit	fc668fb3dfbdd72d8f0d4e4af4500f070cdeb804 (patch)
tree	368359b0974cae5b956ce301c83e863b656fe53a /lib/ssl/test/ssl_packet_SUITE.erl
parent	f545894e96d5898285eee8dce812c885cf208fb7 (diff)
download	otp-fc668fb3dfbdd72d8f0d4e4af4500f070cdeb804.tar.gz otp-fc668fb3dfbdd72d8f0d4e4af4500f070cdeb804.tar.bz2 otp-fc668fb3dfbdd72d8f0d4e4af4500f070cdeb804.zip