2 * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 #include "ssltestlib.h"
15 static char *cert
= NULL
;
16 static char *privkey
= NULL
;
18 #define TEST_PLAINTEXT_OVERFLOW_OK 0
19 #define TEST_PLAINTEXT_OVERFLOW_NOT_OK 1
20 #define TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK 2
21 #define TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK 3
22 #define TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK 4
23 #define TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK 5
25 #define TOTAL_RECORD_OVERFLOW_TESTS 6
27 static int write_record(BIO
*b
, size_t len
, int rectype
, int recversion
)
29 unsigned char header
[SSL3_RT_HEADER_LENGTH
];
31 unsigned char buf
[256];
33 memset(buf
, 0, sizeof(buf
));
36 header
[1] = (recversion
>> 8) & 0xff;
37 header
[2] = recversion
& 0xff;
38 header
[3] = (len
>> 8) & 0xff;
39 header
[4] = len
& 0xff;
41 if (!BIO_write_ex(b
, header
, SSL3_RT_HEADER_LENGTH
, &written
)
42 || written
!= SSL3_RT_HEADER_LENGTH
)
48 if (len
> sizeof(buf
))
53 if (!BIO_write_ex(b
, buf
, outlen
, &written
)
63 static int fail_due_to_record_overflow(int enc
)
65 long err
= ERR_peek_error();
69 reason
= SSL_R_ENCRYPTED_LENGTH_TOO_LONG
;
71 reason
= SSL_R_DATA_LENGTH_TOO_LONG
;
73 if (ERR_GET_LIB(err
) == ERR_LIB_SSL
74 && ERR_GET_REASON(err
) == reason
)
80 static int test_record_overflow(int idx
)
82 SSL_CTX
*cctx
= NULL
, *sctx
= NULL
;
83 SSL
*clientssl
= NULL
, *serverssl
= NULL
;
92 #ifdef OPENSSL_NO_TLS1_2
93 if (idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK
94 || idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK
)
97 #ifdef OPENSSL_NO_TLS1_3
98 if (idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK
99 || idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK
)
105 if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
106 TLS1_VERSION
, TLS_MAX_VERSION
,
107 &sctx
, &cctx
, cert
, privkey
)))
110 if (idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK
111 || idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK
) {
112 len
= SSL3_RT_MAX_ENCRYPTED_LENGTH
;
113 #ifndef OPENSSL_NO_COMP
114 len
-= SSL3_RT_MAX_COMPRESSED_OVERHEAD
;
116 SSL_CTX_set_max_proto_version(sctx
, TLS1_2_VERSION
);
117 } else if (idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK
118 || idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK
) {
119 len
= SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH
;
122 if (!TEST_true(create_ssl_objects(sctx
, cctx
, &serverssl
, &clientssl
,
126 serverbio
= SSL_get_rbio(serverssl
);
128 if (idx
== TEST_PLAINTEXT_OVERFLOW_OK
129 || idx
== TEST_PLAINTEXT_OVERFLOW_NOT_OK
) {
130 len
= SSL3_RT_MAX_PLAIN_LENGTH
;
132 if (idx
== TEST_PLAINTEXT_OVERFLOW_NOT_OK
)
135 if (!TEST_true(write_record(serverbio
, len
,
136 SSL3_RT_HANDSHAKE
, TLS1_VERSION
)))
139 if (!TEST_int_le(SSL_accept(serverssl
), 0))
142 overf_expected
= (idx
== TEST_PLAINTEXT_OVERFLOW_OK
) ? 0 : 1;
143 if (!TEST_int_eq(fail_due_to_record_overflow(0), overf_expected
))
149 if (!TEST_true(create_ssl_connection(serverssl
, clientssl
,
153 if (idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK
154 || idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK
) {
161 recversion
= TLS1_2_VERSION
;
163 if (!TEST_true(write_record(serverbio
, len
, SSL3_RT_APPLICATION_DATA
,
167 if (!TEST_false(SSL_read_ex(serverssl
, &buf
, sizeof(buf
), &written
)))
170 if (!TEST_int_eq(fail_due_to_record_overflow(1), overf_expected
))
184 int setup_tests(void)
186 if (!TEST_ptr(cert
= test_get_argument(0))
187 || !TEST_ptr(privkey
= test_get_argument(1)))
190 ADD_ALL_TESTS(test_record_overflow
, TOTAL_RECORD_OVERFLOW_TESTS
);
194 void cleanup_tests(void)
196 bio_s_mempacket_test_free();