2 * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 #include "ssltestlib.h"
14 #include "test_main_custom.h"
16 static char *cert
= NULL
;
17 static char *privkey
= NULL
;
19 #define TEST_PLAINTEXT_OVERFLOW_OK 0
20 #define TEST_PLAINTEXT_OVERFLOW_NOT_OK 1
21 #define TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK 2
22 #define TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK 3
23 #define TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK 4
24 #define TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK 5
26 #define TOTAL_RECORD_OVERFLOW_TESTS 6
28 static int write_record(BIO
*b
, size_t len
, int rectype
, int recversion
)
30 unsigned char header
[SSL3_RT_HEADER_LENGTH
];
32 unsigned char buf
[256];
34 memset(buf
, 0, sizeof(buf
));
37 header
[1] = (recversion
>> 8) & 0xff;
38 header
[2] = recversion
& 0xff;
39 header
[3] = (len
>> 8) & 0xff;
40 header
[4] = len
& 0xff;
42 if (!BIO_write_ex(b
, header
, SSL3_RT_HEADER_LENGTH
, &written
)
43 || written
!= SSL3_RT_HEADER_LENGTH
)
49 if (len
> sizeof(buf
))
54 if (!BIO_write_ex(b
, buf
, outlen
, &written
)
64 static int fail_due_to_record_overflow(int enc
)
66 long err
= ERR_peek_error();
70 reason
= SSL_R_ENCRYPTED_LENGTH_TOO_LONG
;
72 reason
= SSL_R_DATA_LENGTH_TOO_LONG
;
74 if (ERR_GET_LIB(err
) == ERR_LIB_SSL
75 && ERR_GET_REASON(err
) == reason
)
81 static int test_record_plain_overflow(int idx
)
83 SSL_CTX
*cctx
= NULL
, *sctx
= NULL
;
84 SSL
*clientssl
= NULL
, *serverssl
= NULL
;
93 #ifdef OPENSSL_NO_TLS1_2
94 if (idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK
95 || idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK
)
98 #ifdef OPENSSL_NO_TLS1_3
99 if (idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK
100 || idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK
)
106 if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), &sctx
,
107 &cctx
, cert
, privkey
)) {
108 printf("Unable to create SSL_CTX pair\n");
112 if (idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK
113 || idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK
) {
114 len
= SSL3_RT_MAX_ENCRYPTED_LENGTH
- SSL3_RT_MAX_COMPRESSED_OVERHEAD
;
115 SSL_CTX_set_max_proto_version(sctx
, TLS1_2_VERSION
);
116 } else if (idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK
117 || idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK
) {
118 len
= SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH
;
121 if (!create_ssl_objects(sctx
, cctx
, &serverssl
, &clientssl
, NULL
, NULL
)) {
122 printf("Unable to create SSL objects\n");
126 serverbio
= SSL_get_rbio(serverssl
);
128 if (idx
== TEST_PLAINTEXT_OVERFLOW_OK
129 || idx
== TEST_PLAINTEXT_OVERFLOW_NOT_OK
) {
130 len
= SSL3_RT_MAX_PLAIN_LENGTH
;
132 if (idx
== TEST_PLAINTEXT_OVERFLOW_NOT_OK
)
135 if (!write_record(serverbio
, len
, SSL3_RT_HANDSHAKE
, TLS1_VERSION
)) {
136 printf("Unable to write plaintext record\n");
140 if (SSL_accept(serverssl
) > 0) {
141 printf("Unexpected success reading plaintext record\n");
145 overf_expected
= (idx
== TEST_PLAINTEXT_OVERFLOW_OK
) ? 0 : 1;
146 if (fail_due_to_record_overflow(0) != overf_expected
) {
147 printf("Unexpected error value received\n");
154 if (!create_ssl_connection(serverssl
, clientssl
, SSL_ERROR_NONE
)) {
155 printf("Unable to create SSL connection\n");
159 if (idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK
160 || idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK
) {
167 if (idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK
168 || idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK
)
169 recversion
= TLS1_VERSION
;
171 recversion
= TLS1_2_VERSION
;
173 if (!write_record(serverbio
, len
, SSL3_RT_APPLICATION_DATA
, recversion
)) {
174 printf("Unable to write encryprted record\n");
178 if (SSL_read_ex(serverssl
, &buf
, sizeof(buf
), &written
)) {
179 printf("Unexpected success reading encrypted record\n");
183 if (fail_due_to_record_overflow(1) != overf_expected
) {
184 printf("Unexpected error value received\n");
193 ERR_print_errors_fp(stdout
);
202 int test_main(int argc
, char *argv
[])
207 printf("Invalid argument count\n");
214 ADD_ALL_TESTS(test_record_plain_overflow
, TOTAL_RECORD_OVERFLOW_TESTS
);
216 testresult
= run_tests(argv
[0]);
218 bio_s_mempacket_test_free();