]>
Commit | Line | Data |
---|---|---|
c5a56992 AP |
1 | /* |
2 | * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * | |
4 | * Licensed under the OpenSSL license (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
b4eee58a | 10 | #include <string.h> |
c5a56992 AP |
11 | #include "ssltestlib.h" |
12 | #include "testutil.h" | |
13 | ||
e60ce9c4 MC |
14 | static int docorrupt = 0; |
15 | ||
c5a56992 AP |
16 | static void copy_flags(BIO *bio) |
17 | { | |
18 | int flags; | |
19 | BIO *next = BIO_next(bio); | |
20 | ||
21 | flags = BIO_test_flags(next, BIO_FLAGS_SHOULD_RETRY | BIO_FLAGS_RWS); | |
22 | BIO_clear_flags(bio, BIO_FLAGS_SHOULD_RETRY | BIO_FLAGS_RWS); | |
23 | BIO_set_flags(bio, flags); | |
24 | } | |
25 | ||
26 | static int tls_corrupt_read(BIO *bio, char *out, int outl) | |
27 | { | |
28 | int ret; | |
29 | BIO *next = BIO_next(bio); | |
30 | ||
31 | ret = BIO_read(next, out, outl); | |
32 | copy_flags(bio); | |
33 | ||
34 | return ret; | |
35 | } | |
36 | ||
37 | static int tls_corrupt_write(BIO *bio, const char *in, int inl) | |
38 | { | |
39 | int ret; | |
40 | BIO *next = BIO_next(bio); | |
41 | char *copy; | |
42 | ||
e60ce9c4 | 43 | if (docorrupt) { |
c5a56992 AP |
44 | copy = BUF_memdup(in, inl); |
45 | TEST_check(copy != NULL); | |
46 | /* corrupt last bit of application data */ | |
47 | copy[inl-1] ^= 1; | |
48 | ret = BIO_write(next, copy, inl); | |
49 | OPENSSL_free(copy); | |
50 | } else { | |
51 | ret = BIO_write(next, in, inl); | |
52 | } | |
53 | copy_flags(bio); | |
54 | ||
55 | return ret; | |
56 | } | |
57 | ||
58 | static long tls_corrupt_ctrl(BIO *bio, int cmd, long num, void *ptr) | |
59 | { | |
60 | long ret; | |
61 | BIO *next = BIO_next(bio); | |
62 | ||
63 | if (next == NULL) | |
64 | return 0; | |
65 | ||
66 | switch (cmd) { | |
67 | case BIO_CTRL_DUP: | |
68 | ret = 0L; | |
69 | break; | |
70 | default: | |
71 | ret = BIO_ctrl(next, cmd, num, ptr); | |
72 | break; | |
73 | } | |
74 | return ret; | |
75 | } | |
76 | ||
77 | static int tls_corrupt_gets(BIO *bio, char *buf, int size) | |
78 | { | |
79 | /* We don't support this - not needed anyway */ | |
80 | return -1; | |
81 | } | |
82 | ||
83 | static int tls_corrupt_puts(BIO *bio, const char *str) | |
84 | { | |
85 | /* We don't support this - not needed anyway */ | |
86 | return -1; | |
87 | } | |
88 | ||
89 | static int tls_corrupt_new(BIO *bio) | |
90 | { | |
91 | BIO_set_init(bio, 1); | |
92 | ||
93 | return 1; | |
94 | } | |
95 | ||
96 | static int tls_corrupt_free(BIO *bio) | |
97 | { | |
98 | BIO_set_init(bio, 0); | |
99 | ||
100 | return 1; | |
101 | } | |
102 | ||
103 | #define BIO_TYPE_CUSTOM_FILTER (0x80 | BIO_TYPE_FILTER) | |
104 | ||
105 | static BIO_METHOD *method_tls_corrupt = NULL; | |
106 | ||
107 | /* Note: Not thread safe! */ | |
108 | static const BIO_METHOD *bio_f_tls_corrupt_filter(void) | |
109 | { | |
110 | if (method_tls_corrupt == NULL) { | |
111 | method_tls_corrupt = BIO_meth_new(BIO_TYPE_CUSTOM_FILTER, | |
112 | "TLS corrupt filter"); | |
113 | if ( method_tls_corrupt == NULL | |
114 | || !BIO_meth_set_write(method_tls_corrupt, tls_corrupt_write) | |
115 | || !BIO_meth_set_read(method_tls_corrupt, tls_corrupt_read) | |
116 | || !BIO_meth_set_puts(method_tls_corrupt, tls_corrupt_puts) | |
117 | || !BIO_meth_set_gets(method_tls_corrupt, tls_corrupt_gets) | |
118 | || !BIO_meth_set_ctrl(method_tls_corrupt, tls_corrupt_ctrl) | |
119 | || !BIO_meth_set_create(method_tls_corrupt, tls_corrupt_new) | |
120 | || !BIO_meth_set_destroy(method_tls_corrupt, tls_corrupt_free)) | |
121 | return NULL; | |
122 | } | |
123 | return method_tls_corrupt; | |
124 | } | |
125 | ||
126 | static void bio_f_tls_corrupt_filter_free(void) | |
127 | { | |
128 | BIO_meth_free(method_tls_corrupt); | |
129 | } | |
130 | ||
131 | /* | |
132 | * The test is supposed to be executed with RSA key, customarily | |
133 | * with apps/server.pem used even in other tests. For this reason | |
134 | * |cipher_list| is initialized with RSA ciphers' names. This | |
135 | * naturally means that if test is to be re-purposed for other | |
70d8b304 | 136 | * type of key, then NID_auth_* filter below would need adjustment. |
c5a56992 AP |
137 | */ |
138 | static const char **cipher_list = NULL; | |
139 | ||
140 | static int setup_cipher_list() | |
141 | { | |
142 | SSL_CTX *ctx = NULL; | |
143 | SSL *ssl = NULL; | |
144 | static STACK_OF(SSL_CIPHER) *sk_ciphers = NULL; | |
145 | int i, numciphers; | |
146 | ||
147 | ctx = SSL_CTX_new(TLS_server_method()); | |
148 | TEST_check(ctx != NULL); | |
149 | ssl = SSL_new(ctx); | |
150 | TEST_check(ssl != NULL); | |
151 | sk_ciphers = SSL_get1_supported_ciphers(ssl); | |
152 | TEST_check(sk_ciphers != NULL); | |
153 | ||
154 | /* | |
155 | * The |cipher_list| will be filled only with names of RSA ciphers, | |
156 | * so that some of the allocated space will be wasted, but the loss | |
157 | * is deemed acceptable... | |
158 | */ | |
159 | cipher_list = OPENSSL_malloc(sk_SSL_CIPHER_num(sk_ciphers) * | |
160 | sizeof(cipher_list[0])); | |
161 | TEST_check(cipher_list != NULL); | |
162 | ||
163 | for (numciphers = 0, i = 0; i < sk_SSL_CIPHER_num(sk_ciphers); i++) { | |
164 | const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(sk_ciphers, i); | |
165 | ||
166 | if (SSL_CIPHER_get_auth_nid(cipher) == NID_auth_rsa) | |
167 | cipher_list[numciphers++] = SSL_CIPHER_get_name(cipher); | |
168 | } | |
169 | TEST_check(numciphers != 0); | |
170 | ||
171 | sk_SSL_CIPHER_free(sk_ciphers); | |
172 | SSL_free(ssl); | |
173 | SSL_CTX_free(ctx); | |
174 | ||
175 | return numciphers; | |
176 | } | |
177 | ||
178 | static char *cert = NULL; | |
179 | static char *privkey = NULL; | |
180 | ||
181 | static int test_ssl_corrupt(int testidx) | |
182 | { | |
183 | SSL_CTX *sctx = NULL, *cctx = NULL; | |
184 | SSL *server = NULL, *client = NULL; | |
185 | BIO *c_to_s_fbio; | |
186 | int testresult = 0; | |
187 | static unsigned char junk[16000] = { 0 }; | |
b4eee58a MC |
188 | STACK_OF(SSL_CIPHER) *ciphers; |
189 | const SSL_CIPHER *currcipher; | |
c5a56992 | 190 | |
e60ce9c4 MC |
191 | docorrupt = 0; |
192 | ||
c5a56992 AP |
193 | printf("Starting Test %d, %s\n", testidx, cipher_list[testidx]); |
194 | ||
195 | if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), &sctx, | |
196 | &cctx, cert, privkey)) { | |
197 | printf("Unable to create SSL_CTX pair\n"); | |
198 | return 0; | |
199 | } | |
200 | ||
201 | if (!SSL_CTX_set_cipher_list(cctx, cipher_list[testidx])) { | |
202 | printf("Failed setting cipher list\n"); | |
203 | goto end; | |
204 | } | |
205 | ||
b4eee58a MC |
206 | ciphers = SSL_CTX_get_ciphers(cctx); |
207 | if (ciphers == NULL || sk_SSL_CIPHER_num(ciphers) != 1) { | |
208 | printf("Unexpected ciphers set\n"); | |
209 | goto end; | |
210 | } | |
211 | currcipher = sk_SSL_CIPHER_value(ciphers, 0); | |
212 | if (currcipher == NULL) { | |
213 | printf("Failed getting the current cipher\n"); | |
214 | goto end; | |
215 | } | |
216 | ||
217 | /* | |
218 | * If we haven't got a TLSv1.3 cipher, then we mustn't attempt to use | |
219 | * TLSv1.3. Version negotiation happens before cipher selection, so we will | |
220 | * get a "no shared cipher" error. | |
221 | */ | |
222 | if (strcmp(SSL_CIPHER_get_version(currcipher), "TLSv1.3") != 0) { | |
223 | if (!SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION)) { | |
224 | printf("Failed setting max protocol version\n"); | |
225 | goto end; | |
226 | } | |
227 | } | |
228 | ||
c5a56992 AP |
229 | c_to_s_fbio = BIO_new(bio_f_tls_corrupt_filter()); |
230 | if (c_to_s_fbio == NULL) { | |
231 | printf("Failed to create filter BIO\n"); | |
232 | goto end; | |
233 | } | |
234 | ||
235 | /* BIO is freed by create_ssl_connection on error */ | |
236 | if (!create_ssl_objects(sctx, cctx, &server, &client, NULL, | |
237 | c_to_s_fbio)) { | |
238 | printf("Unable to create SSL objects\n"); | |
239 | ERR_print_errors_fp(stdout); | |
240 | goto end; | |
241 | } | |
242 | ||
8e2236ef | 243 | if (!create_ssl_connection(server, client, SSL_ERROR_NONE)) { |
c5a56992 AP |
244 | printf("Unable to create SSL connection\n"); |
245 | ERR_print_errors_fp(stdout); | |
246 | goto end; | |
247 | } | |
248 | ||
e60ce9c4 MC |
249 | docorrupt = 1; |
250 | ||
c5a56992 AP |
251 | if (SSL_write(client, junk, sizeof(junk)) < 0) { |
252 | printf("Unable to SSL_write\n"); | |
253 | ERR_print_errors_fp(stdout); | |
254 | goto end; | |
255 | } | |
256 | ||
257 | if (SSL_read(server, junk, sizeof(junk)) >= 0) { | |
258 | printf("Read should have failed with \"bad record mac\"\n"); | |
259 | goto end; | |
260 | } | |
261 | ||
262 | if (ERR_GET_REASON(ERR_peek_error()) != | |
263 | SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC) { | |
264 | ERR_print_errors_fp(stdout); | |
265 | goto end; | |
266 | } | |
267 | ||
268 | testresult = 1; | |
269 | end: | |
270 | SSL_free(server); | |
271 | SSL_free(client); | |
272 | SSL_CTX_free(sctx); | |
273 | SSL_CTX_free(cctx); | |
274 | ||
275 | return testresult; | |
276 | } | |
277 | ||
278 | int main(int argc, char *argv[]) | |
279 | { | |
280 | BIO *err = NULL; | |
281 | int testresult = 1; | |
282 | ||
283 | if (argc != 3) { | |
284 | printf("Invalid argument count\n"); | |
285 | return 1; | |
286 | } | |
287 | ||
288 | cert = argv[1]; | |
289 | privkey = argv[2]; | |
290 | ||
291 | err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); | |
292 | ||
293 | CRYPTO_set_mem_debug(1); | |
294 | CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); | |
295 | ||
296 | ADD_ALL_TESTS(test_ssl_corrupt, setup_cipher_list()); | |
297 | ||
298 | testresult = run_tests(argv[0]); | |
299 | ||
300 | bio_f_tls_corrupt_filter_free(); | |
301 | ||
302 | OPENSSL_free(cipher_list); | |
303 | ||
304 | #ifndef OPENSSL_NO_CRYPTO_MDEBUG | |
305 | if (CRYPTO_mem_leaks(err) <= 0) | |
306 | testresult = 1; | |
307 | #endif | |
308 | BIO_free(err); | |
309 | ||
310 | if (!testresult) | |
311 | printf("PASS\n"); | |
312 | ||
313 | return testresult; | |
314 | } |