[thirdparty/openssl.git] / test / recordlentest.c

/*
 * Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <string.h>

#include "ssltestlib.h"
#include "testutil.h"

static char *cert = NULL;
static char *privkey = NULL;

#define TEST_PLAINTEXT_OVERFLOW_OK      0
#define TEST_PLAINTEXT_OVERFLOW_NOT_OK  1
#define TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK       2
#define TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK   3
#define TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK       4
#define TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK   5

#define TOTAL_RECORD_OVERFLOW_TESTS 6

static int write_record(BIO *b, size_t len, int rectype, int recversion)
{
    unsigned char header[SSL3_RT_HEADER_LENGTH];
    size_t written;
    unsigned char buf[256];

    memset(buf, 0, sizeof(buf));

    header[0] = rectype;
    header[1] = (recversion >> 8) & 0xff;
    header[2] = recversion & 0xff;
    header[3] = (len >> 8) & 0xff;
    header[4] = len & 0xff;

    if (!BIO_write_ex(b, header, SSL3_RT_HEADER_LENGTH, &written)
            || written != SSL3_RT_HEADER_LENGTH)
        return 0;

    while (len > 0) {
        size_t outlen;

        if (len > sizeof(buf))
            outlen = sizeof(buf);
        else
            outlen = len;

        if (!BIO_write_ex(b, buf, outlen, &written)
                || written != outlen)
            return 0;

        len -= outlen;
    }

    return 1;
}

static int fail_due_to_record_overflow(int enc)
{
    long err = ERR_peek_error();
    int reason;

    if (enc)
        reason = SSL_R_ENCRYPTED_LENGTH_TOO_LONG;
    else
        reason = SSL_R_DATA_LENGTH_TOO_LONG;

    if (ERR_GET_LIB(err) == ERR_LIB_SSL
            && ERR_GET_REASON(err) == reason)
        return 1;

    return 0;
}

static int test_record_overflow(int idx)
{
    SSL_CTX *cctx = NULL, *sctx = NULL;
    SSL *clientssl = NULL, *serverssl = NULL;
    int testresult = 0;
    size_t len = 0;
    size_t written;
    int overf_expected;
    unsigned char buf;
    BIO *serverbio;
    int recversion;

#ifdef OPENSSL_NO_TLS1_2
    if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK
            || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK)
        return 1;
#endif
#ifdef OPENSSL_NO_TLS1_3
    if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK
            || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK)
        return 1;
#endif

    ERR_clear_error();

    if (!TEST_true(create_ssl_ctx_pair(NULL, TLS_server_method(),
                                       TLS_client_method(),
                                       TLS1_VERSION, 0,
                                       &sctx, &cctx, cert, privkey)))
        goto end;

    if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK
            || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK) {
        len = SSL3_RT_MAX_ENCRYPTED_LENGTH;
#ifndef OPENSSL_NO_COMP
        len -= SSL3_RT_MAX_COMPRESSED_OVERHEAD;
#endif
        SSL_CTX_set_max_proto_version(sctx, TLS1_2_VERSION);
    } else if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK
               || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK) {
        len = SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH;
    }

    if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
                                      NULL, NULL)))
        goto end;

    serverbio = SSL_get_rbio(serverssl);

    if (idx == TEST_PLAINTEXT_OVERFLOW_OK
            || idx == TEST_PLAINTEXT_OVERFLOW_NOT_OK) {
        len = SSL3_RT_MAX_PLAIN_LENGTH;

        if (idx == TEST_PLAINTEXT_OVERFLOW_NOT_OK)
            len++;

        if (!TEST_true(write_record(serverbio, len,
                                    SSL3_RT_HANDSHAKE, TLS1_VERSION)))
            goto end;

        if (!TEST_int_le(SSL_accept(serverssl), 0))
            goto end;

        overf_expected = (idx == TEST_PLAINTEXT_OVERFLOW_OK) ? 0 : 1;
        if (!TEST_int_eq(fail_due_to_record_overflow(0), overf_expected))
            goto end;

        goto success;
    }

    if (!TEST_true(create_ssl_connection(serverssl, clientssl,
                                         SSL_ERROR_NONE)))
        goto end;

    if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK
            || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK) {
        overf_expected = 1;
        len++;
    } else {
        overf_expected = 0;
    }

    recversion = TLS1_2_VERSION;

    if (!TEST_true(write_record(serverbio, len, SSL3_RT_APPLICATION_DATA,
                                recversion)))
        goto end;

    if (!TEST_false(SSL_read_ex(serverssl, &buf, sizeof(buf), &written)))
        goto end;

    if (!TEST_int_eq(fail_due_to_record_overflow(1), overf_expected))
        goto end;

 success:
    testresult = 1;

 end:
    SSL_free(serverssl);
    SSL_free(clientssl);
    SSL_CTX_free(sctx);
    SSL_CTX_free(cctx);
    return testresult;
}

OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n")

int setup_tests(void)
{
    if (!test_skip_common_options()) {
        TEST_error("Error parsing test options\n");
        return 0;
    }

    if (!TEST_ptr(cert = test_get_argument(0))
            || !TEST_ptr(privkey = test_get_argument(1)))
        return 0;

    ADD_ALL_TESTS(test_record_overflow, TOTAL_RECORD_OVERFLOW_TESTS);
    return 1;
}

void cleanup_tests(void)
{
    bio_s_mempacket_test_free();
}
Commit	Line	Data
c1074ce0	1	/*
33388b44	2	* Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
c1074ce0	3	*
909f1a2e	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
c1074ce0 MC	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
	10	#include <string.h>
	11
	12	#include "ssltestlib.h"
	13	#include "testutil.h"
c1074ce0 MC	14
	15	static char *cert = NULL;
	16	static char *privkey = NULL;
	17
	18	#define TEST_PLAINTEXT_OVERFLOW_OK 0
	19	#define TEST_PLAINTEXT_OVERFLOW_NOT_OK 1
	20	#define TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK 2
	21	#define TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK 3
	22	#define TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK 4
	23	#define TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK 5
	24
	25	#define TOTAL_RECORD_OVERFLOW_TESTS 6
	26
	27	static int write_record(BIO *b, size_t len, int rectype, int recversion)
	28	{
	29	unsigned char header[SSL3_RT_HEADER_LENGTH];
	30	size_t written;
	31	unsigned char buf[256];
	32
	33	memset(buf, 0, sizeof(buf));
	34
	35	header[0] = rectype;
	36	header[1] = (recversion >> 8) & 0xff;
	37	header[2] = recversion & 0xff;
	38	header[3] = (len >> 8) & 0xff;
	39	header[4] = len & 0xff;
	40
	41	if (!BIO_write_ex(b, header, SSL3_RT_HEADER_LENGTH, &written)
	42	\|\| written != SSL3_RT_HEADER_LENGTH)
	43	return 0;
	44
	45	while (len > 0) {
	46	size_t outlen;
	47
	48	if (len > sizeof(buf))
	49	outlen = sizeof(buf);
	50	else
	51	outlen = len;
	52
	53	if (!BIO_write_ex(b, buf, outlen, &written)
	54	\|\| written != outlen)
	55	return 0;
	56
	57	len -= outlen;
	58	}
	59
	60	return 1;
	61	}
	62
	63	static int fail_due_to_record_overflow(int enc)
	64	{
	65	long err = ERR_peek_error();
	66	int reason;
	67
	68	if (enc)
	69	reason = SSL_R_ENCRYPTED_LENGTH_TOO_LONG;
	70	else
	71	reason = SSL_R_DATA_LENGTH_TOO_LONG;
	72
	73	if (ERR_GET_LIB(err) == ERR_LIB_SSL
	74	&& ERR_GET_REASON(err) == reason)
	75	return 1;
	76
	77	return 0;
78	}
79
4f7b76bf	80	static int test_record_overflow(int idx)
c1074ce0 MC	81	{
	82	SSL_CTX cctx = NULL, sctx = NULL;
	83	SSL clientssl = NULL, serverssl = NULL;
	84	int testresult = 0;
	85	size_t len = 0;
	86	size_t written;
	87	int overf_expected;
	88	unsigned char buf;
	89	BIO *serverbio;
	90	int recversion;
	91
	92	#ifdef OPENSSL_NO_TLS1_2
	93	if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK
	94	\|\| idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK)
	95	return 1;
	96	#endif
	97	#ifdef OPENSSL_NO_TLS1_3
	98	if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK
	99	\|\| idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK)
	100	return 1;
	101	#endif
	102
	103	ERR_clear_error();
	104
5e30f2fd MC	105	if (!TEST_true(create_ssl_ctx_pair(NULL, TLS_server_method(),
5e30f2fd MC	106	TLS_client_method(),
5c587fb6	107	TLS1_VERSION, 0,
b66411f6	108	&sctx, &cctx, cert, privkey)))
c1074ce0	109	goto end;
c1074ce0 MC	110
	111	if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK
	112	\|\| idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK) {
4f7b76bf MC	113	len = SSL3_RT_MAX_ENCRYPTED_LENGTH;
	114	#ifndef OPENSSL_NO_COMP
	115	len -= SSL3_RT_MAX_COMPRESSED_OVERHEAD;
	116	#endif
c1074ce0 MC	117	SSL_CTX_set_max_proto_version(sctx, TLS1_2_VERSION);
	118	} else if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK
	119	\|\| idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK) {
	120	len = SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH;
	121	}
	122
b66411f6 RS	123	if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
b66411f6 RS	124	NULL, NULL)))
c1074ce0	125	goto end;
c1074ce0 MC	126
	127	serverbio = SSL_get_rbio(serverssl);
	128
	129	if (idx == TEST_PLAINTEXT_OVERFLOW_OK
	130	\|\| idx == TEST_PLAINTEXT_OVERFLOW_NOT_OK) {
	131	len = SSL3_RT_MAX_PLAIN_LENGTH;
	132
	133	if (idx == TEST_PLAINTEXT_OVERFLOW_NOT_OK)
	134	len++;
	135
b66411f6 RS	136	if (!TEST_true(write_record(serverbio, len,
b66411f6 RS	137	SSL3_RT_HANDSHAKE, TLS1_VERSION)))
c1074ce0	138	goto end;
c1074ce0	139
b66411f6	140	if (!TEST_int_le(SSL_accept(serverssl), 0))
c1074ce0	141	goto end;
c1074ce0 MC	142
c1074ce0 MC	143	overf_expected = (idx == TEST_PLAINTEXT_OVERFLOW_OK) ? 0 : 1;
b66411f6	144	if (!TEST_int_eq(fail_due_to_record_overflow(0), overf_expected))
c1074ce0	145	goto end;
c1074ce0 MC	146
	147	goto success;
	148	}
	149
b66411f6 RS	150	if (!TEST_true(create_ssl_connection(serverssl, clientssl,
b66411f6 RS	151	SSL_ERROR_NONE)))
c1074ce0	152	goto end;
c1074ce0 MC	153
	154	if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK
	155	\|\| idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK) {
	156	overf_expected = 1;
	157	len++;
	158	} else {
	159	overf_expected = 0;
	160	}
	161
3295d242	162	recversion = TLS1_2_VERSION;
c1074ce0	163
b66411f6 RS	164	if (!TEST_true(write_record(serverbio, len, SSL3_RT_APPLICATION_DATA,
b66411f6 RS	165	recversion)))
c1074ce0	166	goto end;
c1074ce0	167
b66411f6	168	if (!TEST_false(SSL_read_ex(serverssl, &buf, sizeof(buf), &written)))
c1074ce0	169	goto end;
c1074ce0	170
b66411f6	171	if (!TEST_int_eq(fail_due_to_record_overflow(1), overf_expected))
c1074ce0	172	goto end;
c1074ce0 MC	173
	174	success:
	175	testresult = 1;
	176
	177	end:
c1074ce0 MC	178	SSL_free(serverssl);
	179	SSL_free(clientssl);
	180	SSL_CTX_free(sctx);
	181	SSL_CTX_free(cctx);
c1074ce0 MC	182	return testresult;
	183	}
	184
a43ce58f SL	185	OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n")
a43ce58f SL	186
ad887416	187	int setup_tests(void)
c1074ce0	188	{
8d242823 MC	189	if (!test_skip_common_options()) {
	190	TEST_error("Error parsing test options\n");
	191	return 0;
	192	}
	193
ad887416 P	194	if (!TEST_ptr(cert = test_get_argument(0))
	195	\|\| !TEST_ptr(privkey = test_get_argument(1)))
	196	return 0;
c1074ce0	197
4f7b76bf	198	ADD_ALL_TESTS(test_record_overflow, TOTAL_RECORD_OVERFLOW_TESTS);
ad887416 P	199	return 1;
ad887416 P	200	}
c1074ce0	201
ad887416 P	202	void cleanup_tests(void)
ad887416 P	203	{
c1074ce0	204	bio_s_mempacket_test_free();
c1074ce0	205	}