2 * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 #include "helpers/ssltestlib.h"
15 static char *cert
= NULL
;
16 static char *privkey
= NULL
;
18 #define TEST_PLAINTEXT_OVERFLOW_OK 0
19 #define TEST_PLAINTEXT_OVERFLOW_NOT_OK 1
20 #define TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK 2
21 #define TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK 3
22 #define TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK 4
23 #define TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK 5
25 #define TOTAL_RECORD_OVERFLOW_TESTS 6
27 static int write_record(BIO
*b
, size_t len
, int rectype
, int recversion
)
29 unsigned char header
[SSL3_RT_HEADER_LENGTH
];
31 unsigned char buf
[256];
33 memset(buf
, 0, sizeof(buf
));
36 header
[1] = (recversion
>> 8) & 0xff;
37 header
[2] = recversion
& 0xff;
38 header
[3] = (len
>> 8) & 0xff;
39 header
[4] = len
& 0xff;
41 if (!BIO_write_ex(b
, header
, SSL3_RT_HEADER_LENGTH
, &written
)
42 || written
!= SSL3_RT_HEADER_LENGTH
)
48 if (len
> sizeof(buf
))
53 if (!BIO_write_ex(b
, buf
, outlen
, &written
)
63 static int fail_due_to_record_overflow(int enc
)
65 long err
= ERR_peek_error();
69 reason
= SSL_R_ENCRYPTED_LENGTH_TOO_LONG
;
71 reason
= SSL_R_DATA_LENGTH_TOO_LONG
;
73 if (ERR_GET_LIB(err
) == ERR_LIB_SSL
74 && ERR_GET_REASON(err
) == reason
)
80 static int test_record_overflow(int idx
)
82 SSL_CTX
*cctx
= NULL
, *sctx
= NULL
;
83 SSL
*clientssl
= NULL
, *serverssl
= NULL
;
92 #ifdef OPENSSL_NO_TLS1_2
93 if (idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK
94 || idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK
)
97 #if defined(OPENSSL_NO_TLS1_3) \
98 || (defined(OPENSSL_NO_EC) && defined(OPENSSL_NO_DH))
99 if (idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK
100 || idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK
)
106 if (!TEST_true(create_ssl_ctx_pair(NULL
, TLS_server_method(),
109 &sctx
, &cctx
, cert
, privkey
)))
112 if (idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK
113 || idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK
) {
114 len
= SSL3_RT_MAX_ENCRYPTED_LENGTH
;
115 #ifndef OPENSSL_NO_COMP
116 len
-= SSL3_RT_MAX_COMPRESSED_OVERHEAD
;
118 SSL_CTX_set_max_proto_version(sctx
, TLS1_2_VERSION
);
119 } else if (idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK
120 || idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK
) {
121 len
= SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH
;
124 if (!TEST_true(create_ssl_objects(sctx
, cctx
, &serverssl
, &clientssl
,
128 serverbio
= SSL_get_rbio(serverssl
);
130 if (idx
== TEST_PLAINTEXT_OVERFLOW_OK
131 || idx
== TEST_PLAINTEXT_OVERFLOW_NOT_OK
) {
132 len
= SSL3_RT_MAX_PLAIN_LENGTH
;
134 if (idx
== TEST_PLAINTEXT_OVERFLOW_NOT_OK
)
137 if (!TEST_true(write_record(serverbio
, len
,
138 SSL3_RT_HANDSHAKE
, TLS1_VERSION
)))
141 if (!TEST_int_le(SSL_accept(serverssl
), 0))
144 overf_expected
= (idx
== TEST_PLAINTEXT_OVERFLOW_OK
) ? 0 : 1;
145 if (!TEST_int_eq(fail_due_to_record_overflow(0), overf_expected
))
151 if (!TEST_true(create_ssl_connection(serverssl
, clientssl
,
155 if (idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK
156 || idx
== TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK
) {
163 recversion
= TLS1_2_VERSION
;
165 if (!TEST_true(write_record(serverbio
, len
, SSL3_RT_APPLICATION_DATA
,
169 if (!TEST_false(SSL_read_ex(serverssl
, &buf
, sizeof(buf
), &written
)))
172 if (!TEST_int_eq(fail_due_to_record_overflow(1), overf_expected
))
186 OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n")
188 int setup_tests(void)
190 if (!test_skip_common_options()) {
191 TEST_error("Error parsing test options\n");
195 if (!TEST_ptr(cert
= test_get_argument(0))
196 || !TEST_ptr(privkey
= test_get_argument(1)))
199 ADD_ALL_TESTS(test_record_overflow
, TOTAL_RECORD_OVERFLOW_TESTS
);
203 void cleanup_tests(void)
205 bio_s_mempacket_test_free();