]>
Commit | Line | Data |
---|---|---|
c1074ce0 | 1 | /* |
b0edda11 | 2 | * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. |
c1074ce0 MC |
3 | * |
4 | * Licensed under the OpenSSL license (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | #include <string.h> | |
11 | ||
12 | #include "ssltestlib.h" | |
13 | #include "testutil.h" | |
c1074ce0 MC |
14 | |
15 | static char *cert = NULL; | |
16 | static char *privkey = NULL; | |
17 | ||
18 | #define TEST_PLAINTEXT_OVERFLOW_OK 0 | |
19 | #define TEST_PLAINTEXT_OVERFLOW_NOT_OK 1 | |
20 | #define TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK 2 | |
21 | #define TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK 3 | |
22 | #define TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK 4 | |
23 | #define TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK 5 | |
24 | ||
25 | #define TOTAL_RECORD_OVERFLOW_TESTS 6 | |
26 | ||
27 | static int write_record(BIO *b, size_t len, int rectype, int recversion) | |
28 | { | |
29 | unsigned char header[SSL3_RT_HEADER_LENGTH]; | |
30 | size_t written; | |
31 | unsigned char buf[256]; | |
32 | ||
33 | memset(buf, 0, sizeof(buf)); | |
34 | ||
35 | header[0] = rectype; | |
36 | header[1] = (recversion >> 8) & 0xff; | |
37 | header[2] = recversion & 0xff; | |
38 | header[3] = (len >> 8) & 0xff; | |
39 | header[4] = len & 0xff; | |
40 | ||
41 | if (!BIO_write_ex(b, header, SSL3_RT_HEADER_LENGTH, &written) | |
42 | || written != SSL3_RT_HEADER_LENGTH) | |
43 | return 0; | |
44 | ||
45 | while (len > 0) { | |
46 | size_t outlen; | |
47 | ||
48 | if (len > sizeof(buf)) | |
49 | outlen = sizeof(buf); | |
50 | else | |
51 | outlen = len; | |
52 | ||
53 | if (!BIO_write_ex(b, buf, outlen, &written) | |
54 | || written != outlen) | |
55 | return 0; | |
56 | ||
57 | len -= outlen; | |
58 | } | |
59 | ||
60 | return 1; | |
61 | } | |
62 | ||
63 | static int fail_due_to_record_overflow(int enc) | |
64 | { | |
65 | long err = ERR_peek_error(); | |
66 | int reason; | |
67 | ||
68 | if (enc) | |
69 | reason = SSL_R_ENCRYPTED_LENGTH_TOO_LONG; | |
70 | else | |
71 | reason = SSL_R_DATA_LENGTH_TOO_LONG; | |
72 | ||
73 | if (ERR_GET_LIB(err) == ERR_LIB_SSL | |
74 | && ERR_GET_REASON(err) == reason) | |
75 | return 1; | |
76 | ||
77 | return 0; | |
78 | } | |
79 | ||
4f7b76bf | 80 | static int test_record_overflow(int idx) |
c1074ce0 MC |
81 | { |
82 | SSL_CTX *cctx = NULL, *sctx = NULL; | |
83 | SSL *clientssl = NULL, *serverssl = NULL; | |
84 | int testresult = 0; | |
85 | size_t len = 0; | |
86 | size_t written; | |
87 | int overf_expected; | |
88 | unsigned char buf; | |
89 | BIO *serverbio; | |
90 | int recversion; | |
91 | ||
92 | #ifdef OPENSSL_NO_TLS1_2 | |
93 | if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK | |
94 | || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK) | |
95 | return 1; | |
96 | #endif | |
97 | #ifdef OPENSSL_NO_TLS1_3 | |
98 | if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK | |
99 | || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK) | |
100 | return 1; | |
101 | #endif | |
102 | ||
103 | ERR_clear_error(); | |
104 | ||
b66411f6 | 105 | if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), |
7d7f6834 | 106 | TLS1_VERSION, TLS_MAX_VERSION, |
b66411f6 | 107 | &sctx, &cctx, cert, privkey))) |
c1074ce0 | 108 | goto end; |
c1074ce0 MC |
109 | |
110 | if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK | |
111 | || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK) { | |
4f7b76bf MC |
112 | len = SSL3_RT_MAX_ENCRYPTED_LENGTH; |
113 | #ifndef OPENSSL_NO_COMP | |
114 | len -= SSL3_RT_MAX_COMPRESSED_OVERHEAD; | |
115 | #endif | |
c1074ce0 MC |
116 | SSL_CTX_set_max_proto_version(sctx, TLS1_2_VERSION); |
117 | } else if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK | |
118 | || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK) { | |
119 | len = SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH; | |
120 | } | |
121 | ||
b66411f6 RS |
122 | if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, |
123 | NULL, NULL))) | |
c1074ce0 | 124 | goto end; |
c1074ce0 MC |
125 | |
126 | serverbio = SSL_get_rbio(serverssl); | |
127 | ||
128 | if (idx == TEST_PLAINTEXT_OVERFLOW_OK | |
129 | || idx == TEST_PLAINTEXT_OVERFLOW_NOT_OK) { | |
130 | len = SSL3_RT_MAX_PLAIN_LENGTH; | |
131 | ||
132 | if (idx == TEST_PLAINTEXT_OVERFLOW_NOT_OK) | |
133 | len++; | |
134 | ||
b66411f6 RS |
135 | if (!TEST_true(write_record(serverbio, len, |
136 | SSL3_RT_HANDSHAKE, TLS1_VERSION))) | |
c1074ce0 | 137 | goto end; |
c1074ce0 | 138 | |
b66411f6 | 139 | if (!TEST_int_le(SSL_accept(serverssl), 0)) |
c1074ce0 | 140 | goto end; |
c1074ce0 MC |
141 | |
142 | overf_expected = (idx == TEST_PLAINTEXT_OVERFLOW_OK) ? 0 : 1; | |
b66411f6 | 143 | if (!TEST_int_eq(fail_due_to_record_overflow(0), overf_expected)) |
c1074ce0 | 144 | goto end; |
c1074ce0 MC |
145 | |
146 | goto success; | |
147 | } | |
148 | ||
b66411f6 RS |
149 | if (!TEST_true(create_ssl_connection(serverssl, clientssl, |
150 | SSL_ERROR_NONE))) | |
c1074ce0 | 151 | goto end; |
c1074ce0 MC |
152 | |
153 | if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK | |
154 | || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK) { | |
155 | overf_expected = 1; | |
156 | len++; | |
157 | } else { | |
158 | overf_expected = 0; | |
159 | } | |
160 | ||
3295d242 | 161 | recversion = TLS1_2_VERSION; |
c1074ce0 | 162 | |
b66411f6 RS |
163 | if (!TEST_true(write_record(serverbio, len, SSL3_RT_APPLICATION_DATA, |
164 | recversion))) | |
c1074ce0 | 165 | goto end; |
c1074ce0 | 166 | |
b66411f6 | 167 | if (!TEST_false(SSL_read_ex(serverssl, &buf, sizeof(buf), &written))) |
c1074ce0 | 168 | goto end; |
c1074ce0 | 169 | |
b66411f6 | 170 | if (!TEST_int_eq(fail_due_to_record_overflow(1), overf_expected)) |
c1074ce0 | 171 | goto end; |
c1074ce0 MC |
172 | |
173 | success: | |
174 | testresult = 1; | |
175 | ||
176 | end: | |
c1074ce0 MC |
177 | SSL_free(serverssl); |
178 | SSL_free(clientssl); | |
179 | SSL_CTX_free(sctx); | |
180 | SSL_CTX_free(cctx); | |
c1074ce0 MC |
181 | return testresult; |
182 | } | |
183 | ||
ad887416 | 184 | int setup_tests(void) |
c1074ce0 | 185 | { |
ad887416 P |
186 | if (!TEST_ptr(cert = test_get_argument(0)) |
187 | || !TEST_ptr(privkey = test_get_argument(1))) | |
188 | return 0; | |
c1074ce0 | 189 | |
4f7b76bf | 190 | ADD_ALL_TESTS(test_record_overflow, TOTAL_RECORD_OVERFLOW_TESTS); |
ad887416 P |
191 | return 1; |
192 | } | |
c1074ce0 | 193 | |
ad887416 P |
194 | void cleanup_tests(void) |
195 | { | |
c1074ce0 | 196 | bio_s_mempacket_test_free(); |
c1074ce0 | 197 | } |