aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/test
diff options
context:
space:
mode:
authorDanil Zagoskin <[email protected]>2014-03-09 18:48:07 +0400
committerIngela Anderton Andin <[email protected]>2014-03-14 15:39:22 +0100
commit6d2f4bb8fd96049a18cc6b123db4a28bad9ef73a (patch)
treeaa9937ed252747c6fb2d429b2e5d914c9f2a6d84 /lib/ssl/test
parentf076fc4126dd597d8681b18c23d2c76fbd4b9672 (diff)
downloadotp-6d2f4bb8fd96049a18cc6b123db4a28bad9ef73a.tar.gz
otp-6d2f4bb8fd96049a18cc6b123db4a28bad9ef73a.tar.bz2
otp-6d2f4bb8fd96049a18cc6b123db4a28bad9ef73a.zip
Add test for unknown elliptic curve supported by client
When TLS client sends a Supported Elliptic Curves Client Hello Extension containing an unknown curve enum value, a server crashes with a function_clause instead of just ignoring specified unknown curve.
Diffstat (limited to 'lib/ssl/test')
-rw-r--r--lib/ssl/test/ssl_handshake_SUITE.erl12
1 files changed, 12 insertions, 0 deletions
diff --git a/lib/ssl/test/ssl_handshake_SUITE.erl b/lib/ssl/test/ssl_handshake_SUITE.erl
index 7e8e8d2611..6d020c472b 100644
--- a/lib/ssl/test/ssl_handshake_SUITE.erl
+++ b/lib/ssl/test/ssl_handshake_SUITE.erl
@@ -34,6 +34,7 @@ suite() -> [{ct_hooks,[ts_install_cth]}].
all() -> [decode_hello_handshake,
decode_single_hello_extension_correctly,
+ decode_supported_elliptic_curves_hello_extension_correctly,
decode_unknown_hello_extension_correctly,
encode_single_hello_sni_extension_correctly].
@@ -67,6 +68,17 @@ decode_single_hello_extension_correctly(_Config) ->
#renegotiation_info{renegotiated_connection = <<0>>}
= Extensions#hello_extensions.renegotiation_info.
+decode_supported_elliptic_curves_hello_extension_correctly(_Config) ->
+ % List of supported and unsupported curves (RFC4492:S5.1.1)
+ ClientEllipticCurves = [0, tls_v1:oid_to_enum(?sect233k1), 37, tls_v1:oid_to_enum(?sect193r2), 16#badc],
+ % Construct extension binary - modified version of ssl_handshake:encode_hello_extensions([#elliptic_curves{}], _)
+ EllipticCurveList = << <<X:16>> || X <- ClientEllipticCurves>>,
+ ListLen = byte_size(EllipticCurveList),
+ Len = ListLen + 2,
+ Extension = <<?UINT16(?ELLIPTIC_CURVES_EXT), ?UINT16(Len), ?UINT16(ListLen), EllipticCurveList/binary>>,
+ % after decoding we should see only valid curves
+ #hello_extensions{elliptic_curves = DecodedCurves} = ssl_handshake:decode_hello_extensions(Extension),
+ #elliptic_curves{elliptic_curve_list = [?sect233k1, ?sect193r2]} = DecodedCurves.
decode_unknown_hello_extension_correctly(_Config) ->
FourByteUnknown = <<16#CA,16#FE, ?UINT16(4), 3, 0, 1, 2>>,