2 * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 #include "ssltestlib.h"
14 #include "test_main_custom.h"
16 static char *cert
= NULL
;
17 static char *privkey
= NULL
;
19 #define TEST_PLAINTEXT_OVERFLOW_OK 0
20 #define TEST_PLAINTEXT_OVERFLOW_NOT_OK 1
21 #define TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK 2
22 #define TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK 3
23 #define TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK 4
24 #define TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK 5
26 #define TOTAL_RECORD_OVERFLOW_TESTS 6
28 static int write_record(BIO
*b
, size_t len
, int rectype
, int recversion
)
30 unsigned char header
[SSL3_RT_HEADER_LENGTH
];
32 unsigned char buf
[256];
34 memset(buf
, 0, sizeof(buf
));
37 header
[1] = (recversion
>> 8) & 0xff;
38 header
[2] = recversion
& 0xff;
39 header
[3] = (len
>> 8) & 0xff;
40 header
[4] = len
& 0xff;
42 if (!BIO_write_ex(b
, header
, SSL3_RT_HEADER_LENGTH
, &written
)
43 || written
!= SSL3_RT_HEADER_LENGTH
)
49 if (len
> sizeof(buf
))
54 if (!BIO_write_ex(b
, buf
, outlen
, &written
)
64 static int fail_due_to_record_overflow(int enc
)
66 long err
= ERR_peek_error();
70 reason
= SSL_R_ENCRYPTED_LENGTH_TOO_LONG
;
72 reason
= SSL_R_DATA_LENGTH_TOO_LONG
;
74 if (ERR_GET_LIB(err
) == ERR_LIB_SSL
75 && ERR_GET_REASON(err
) == reason
)
81 static int test_record_overflow(int idx
)
83 SSL_CTX
*cctx
= NULL
, *sctx
= NULL
;
84 SSL
*clientssl
= NULL
, *serverssl
= NULL
;
93 #ifdef OPENSSL_NO_TLS1_2
94 if (idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK
95 || idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK
)
98 #ifdef OPENSSL_NO_TLS1_3
99 if (idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK
100 || idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK
)
106 if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), &sctx
,
107 &cctx
, cert
, privkey
)) {
108 printf("Unable to create SSL_CTX pair\n");
112 if (idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK
113 || idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK
) {
114 len
= SSL3_RT_MAX_ENCRYPTED_LENGTH
;
115 #ifndef OPENSSL_NO_COMP
116 len
-= SSL3_RT_MAX_COMPRESSED_OVERHEAD
;
118 SSL_CTX_set_max_proto_version(sctx
, TLS1_2_VERSION
);
119 } else if (idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK
120 || idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK
) {
121 len
= SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH
;
124 if (!create_ssl_objects(sctx
, cctx
, &serverssl
, &clientssl
, NULL
, NULL
)) {
125 printf("Unable to create SSL objects\n");
129 serverbio
= SSL_get_rbio(serverssl
);
131 if (idx
== TEST_PLAINTEXT_OVERFLOW_OK
132 || idx
== TEST_PLAINTEXT_OVERFLOW_NOT_OK
) {
133 len
= SSL3_RT_MAX_PLAIN_LENGTH
;
135 if (idx
== TEST_PLAINTEXT_OVERFLOW_NOT_OK
)
138 if (!write_record(serverbio
, len
, SSL3_RT_HANDSHAKE
, TLS1_VERSION
)) {
139 printf("Unable to write plaintext record\n");
143 if (SSL_accept(serverssl
) > 0) {
144 printf("Unexpected success reading plaintext record\n");
148 overf_expected
= (idx
== TEST_PLAINTEXT_OVERFLOW_OK
) ? 0 : 1;
149 if (fail_due_to_record_overflow(0) != overf_expected
) {
150 printf("Unexpected error value received\n");
157 if (!create_ssl_connection(serverssl
, clientssl
, SSL_ERROR_NONE
)) {
158 printf("Unable to create SSL connection\n");
162 if (idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK
163 || idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK
) {
170 if (idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK
171 || idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK
)
172 recversion
= TLS1_VERSION
;
174 recversion
= TLS1_2_VERSION
;
176 if (!write_record(serverbio
, len
, SSL3_RT_APPLICATION_DATA
, recversion
)) {
177 printf("Unable to write encryprted record\n");
181 if (SSL_read_ex(serverssl
, &buf
, sizeof(buf
), &written
)) {
182 printf("Unexpected success reading encrypted record\n");
186 if (fail_due_to_record_overflow(1) != overf_expected
) {
187 printf("Unexpected error value received\n");
196 ERR_print_errors_fp(stdout
);
205 int test_main(int argc
, char *argv
[])
210 printf("Invalid argument count\n");
217 ADD_ALL_TESTS(test_record_overflow
, TOTAL_RECORD_OVERFLOW_TESTS
);
219 testresult
= run_tests(argv
[0]);
221 bio_s_mempacket_test_free();