From e72040c1dcd61d6669762a60924b8fa3a48c37fc Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sun, 13 Nov 2016 16:24:02 -0500 Subject: [PATCH] Remove heartbeat support Reviewed-by: Rich Salz Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/1669) --- CHANGES | 3 + INSTALL | 3 - ssl/d1_lib.c | 168 -------------- ssl/record/rec_layer_d1.c | 15 -- ssl/s3_lib.c | 15 -- ssl/ssl_locl.h | 25 +- ssl/ssl_utst.c | 4 - ssl/statem/statem.c | 14 -- ssl/statem/statem_dtls.c | 5 - ssl/t1_ext.c | 1 - ssl/t1_lib.c | 100 -------- ssl/t1_trce.c | 33 +-- test/build.info | 6 +- test/heartbeat_test.c | 376 ------------------------------- test/recipes/90-test_heartbeat.t | 12 - util/indent.pro | 1 - 16 files changed, 6 insertions(+), 775 deletions(-) delete mode 100644 test/heartbeat_test.c delete mode 100644 test/recipes/90-test_heartbeat.t diff --git a/CHANGES b/CHANGES index 518a70b6c5..ee574dd296 100644 --- a/CHANGES +++ b/CHANGES @@ -15,6 +15,9 @@ https://www.akkadia.org/drepper/SHA-crypt.txt [Richard Levitte] + *) Heartbeat support has been removed; the ABI is changed for now. + [Richard Levitte, Rich Salz] + Changes between 1.1.0b and 1.1.0c [xx XXX xxxx] *) ChaCha20/Poly1305 heap-buffer-overflow diff --git a/INSTALL b/INSTALL index 8f0acf8321..086304389c 100644 --- a/INSTALL +++ b/INSTALL @@ -333,9 +333,6 @@ available if the GOST algorithms are also available through loading an externally supplied engine. - enable-heartbeats - Build support for DTLS heartbeats. - no-hw-padlock Don't build the padlock engine. diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index ffc63222b1..20970c3f02 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -378,12 +378,6 @@ int dtls1_handle_timeout(SSL *s) if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) { s->d1->timeout.read_timeouts = 1; } -#ifndef OPENSSL_NO_HEARTBEATS - if (s->tlsext_hb_pending) { - s->tlsext_hb_pending = 0; - return dtls1_heartbeat(s); - } -#endif dtls1_start_timer(s); return dtls1_retransmit_buffered_messages(s); @@ -859,168 +853,6 @@ static int dtls1_handshake_write(SSL *s) return dtls1_do_write(s, SSL3_RT_HANDSHAKE); } -#ifndef OPENSSL_NO_HEARTBEATS - -# define HEARTBEAT_SIZE(payload, padding) ( \ - 1 /* heartbeat type */ + \ - 2 /* heartbeat length */ + \ - (payload) + (padding)) - -# define HEARTBEAT_SIZE_STD(payload) HEARTBEAT_SIZE(payload, 16) - -int dtls1_process_heartbeat(SSL *s, unsigned char *p, size_t length) -{ - unsigned char *pl; - unsigned short hbtype; - unsigned int payload; - unsigned int padding = 16; /* Use minimum padding */ - size_t written; - - if (s->msg_callback) - s->msg_callback(0, s->version, DTLS1_RT_HEARTBEAT, - p, length, s, s->msg_callback_arg); - - /* Read type and payload length */ - if (HEARTBEAT_SIZE_STD(0) > length) - return 0; /* silently discard */ - if (length > SSL3_RT_MAX_PLAIN_LENGTH) - return 0; /* silently discard per RFC 6520 sec. 4 */ - - hbtype = *p++; - n2s(p, payload); - if (HEARTBEAT_SIZE_STD(payload) > length) - return 0; /* silently discard per RFC 6520 sec. 4 */ - pl = p; - - if (hbtype == TLS1_HB_REQUEST) { - unsigned char *buffer, *bp; - size_t write_length = HEARTBEAT_SIZE(payload, padding); - int r; - - if (write_length > SSL3_RT_MAX_PLAIN_LENGTH) - return 0; - - /* Allocate memory for the response. */ - buffer = OPENSSL_malloc(write_length); - if (buffer == NULL) - return -1; - bp = buffer; - - /* Enter response type, length and copy payload */ - *bp++ = TLS1_HB_RESPONSE; - s2n(payload, bp); - memcpy(bp, pl, payload); - bp += payload; - /* Random padding */ - if (RAND_bytes(bp, padding) <= 0) { - OPENSSL_free(buffer); - return -1; - } - - r = dtls1_write_bytes(s, DTLS1_RT_HEARTBEAT, buffer, write_length, - &written); - - if (r > 0 && s->msg_callback) - s->msg_callback(1, s->version, DTLS1_RT_HEARTBEAT, - buffer, write_length, s, s->msg_callback_arg); - - OPENSSL_free(buffer); - - if (r <= 0) - return -1; - } else if (hbtype == TLS1_HB_RESPONSE) { - unsigned int seq; - - /* - * We only send sequence numbers (2 bytes unsigned int), and 16 - * random bytes, so we just try to read the sequence number - */ - n2s(pl, seq); - - if (payload == 18 && seq == s->tlsext_hb_seq) { - dtls1_stop_timer(s); - s->tlsext_hb_seq++; - s->tlsext_hb_pending = 0; - } - } - - return 0; -} - -int dtls1_heartbeat(SSL *s) -{ - unsigned char *buf, *p; - int ret = -1; - size_t payload = 18; /* Sequence number + random bytes */ - size_t padding = 16; /* Use minimum padding */ - size_t size, written; - - /* Only send if peer supports and accepts HB requests... */ - if (!(s->tlsext_heartbeat & SSL_DTLSEXT_HB_ENABLED) || - s->tlsext_heartbeat & SSL_DTLSEXT_HB_DONT_SEND_REQUESTS) { - SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT); - return -1; - } - - /* ...and there is none in flight yet... */ - if (s->tlsext_hb_pending) { - SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_TLS_HEARTBEAT_PENDING); - return -1; - } - - /* ...and no handshake in progress. */ - if (SSL_in_init(s) || ossl_statem_get_in_handshake(s)) { - SSLerr(SSL_F_DTLS1_HEARTBEAT, SSL_R_UNEXPECTED_MESSAGE); - return -1; - } - - /*- - * Create HeartBeat message, we just use a sequence number - * as payload to distinguish different messages and add - * some random stuff. - */ - size = HEARTBEAT_SIZE(payload, padding); - buf = OPENSSL_malloc(size); - if (buf == NULL) { - SSLerr(SSL_F_DTLS1_HEARTBEAT, ERR_R_MALLOC_FAILURE); - return -1; - } - p = buf; - /* Message Type */ - *p++ = TLS1_HB_REQUEST; - /* Payload length (18 bytes here) */ - s2n(payload, p); - /* Sequence number */ - s2n(s->tlsext_hb_seq, p); - /* 16 random bytes */ - if (RAND_bytes(p, 16) <= 0) { - SSLerr(SSL_F_DTLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR); - goto err; - } - p += 16; - /* Random padding */ - if (RAND_bytes(p, padding) <= 0) { - SSLerr(SSL_F_DTLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR); - goto err; - } - - ret = dtls1_write_bytes(s, DTLS1_RT_HEARTBEAT, buf, size, &written); - if (ret > 0) { - if (s->msg_callback) - s->msg_callback(1, s->version, DTLS1_RT_HEARTBEAT, - buf, size, s, s->msg_callback_arg); - - dtls1_start_timer(s); - s->tlsext_hb_pending = 1; - } - - err: - OPENSSL_free(buf); - - return ret; -} -#endif - int dtls1_shutdown(SSL *s) { int ret; diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index d2bb678323..5d971fb31b 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -575,21 +575,6 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf, dest = s->rlayer.d->alert_fragment; dest_len = &s->rlayer.d->alert_fragment_len; } -#ifndef OPENSSL_NO_HEARTBEATS - else if (SSL3_RECORD_get_type(rr) == DTLS1_RT_HEARTBEAT) { - /* We allow a 0 return */ - if (dtls1_process_heartbeat(s, SSL3_RECORD_get_data(rr), - SSL3_RECORD_get_length(rr)) < 0) { - return -1; - } - /* Exit and notify application to read again */ - SSL3_RECORD_set_length(rr, 0); - s->rwstate = SSL_READING; - BIO_clear_retry_flags(SSL_get_rbio(s)); - BIO_set_retry_read(SSL_get_rbio(s)); - return -1; - } -#endif /* else it's a CCS message, or application data or wrong */ else if (SSL3_RECORD_get_type(rr) != SSL3_RT_CHANGE_CIPHER_SPEC) { /* diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index dad43753dd..2439167307 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3049,23 +3049,8 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) #ifndef OPENSSL_NO_HEARTBEATS case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT: - if (SSL_IS_DTLS(s)) - ret = dtls1_heartbeat(s); - break; - case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING: - if (SSL_IS_DTLS(s)) - ret = s->tlsext_hb_pending; - break; - case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS: - if (SSL_IS_DTLS(s)) { - if (larg) - s->tlsext_heartbeat |= SSL_DTLSEXT_HB_DONT_RECV_REQUESTS; - else - s->tlsext_heartbeat &= ~SSL_DTLSEXT_HB_DONT_RECV_REQUESTS; - ret = 1; - } break; #endif diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index dbe8813acf..105a487c7e 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1107,17 +1107,6 @@ struct ssl_st { STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; /* What's been chosen */ SRTP_PROTECTION_PROFILE *srtp_profile; - /*- - * Is use of the Heartbeat extension negotiated? - * 0: disabled - * 1: enabled - * 2: enabled, but not allowed to send Requests - */ - unsigned int tlsext_heartbeat; - /* Indicates if a HeartbeatRequest is in flight */ - unsigned int tlsext_hb_pending; - /* HeartbeatRequest sequence number */ - unsigned int tlsext_hb_seq; /* * For a client, this contains the list of supported protocols in wire * format. @@ -1404,7 +1393,7 @@ typedef struct dtls1_state_st { struct hm_header_st r_msg_hdr; struct dtls1_timeout_st timeout; /* - * Indicates when the last handshake msg or heartbeat sent will timeout + * Indicates when the last handshake msg sent will timeout */ struct timeval next_timeout; /* Timeout duration */ @@ -1813,10 +1802,6 @@ const SSL_METHOD *func_name(void) \ struct openssl_ssl_test_functions { int (*p_ssl_init_wbio_buffer) (SSL *s); int (*p_ssl3_setup_buffers) (SSL *s); -# ifndef OPENSSL_NO_HEARTBEATS - int (*p_dtls1_process_heartbeat) (SSL *s, - unsigned char *p, unsigned int length); -# endif }; const char *ssl_protocol_to_string(int version); @@ -2074,13 +2059,6 @@ __owur int ssl_check_clienthello_tlsext_late(SSL *s, int *al); __owur int ssl_parse_serverhello_tlsext(SSL *s, PACKET *pkt); __owur int ssl_prepare_clienthello_tlsext(SSL *s); __owur int ssl_prepare_serverhello_tlsext(SSL *s); - -# ifndef OPENSSL_NO_HEARTBEATS -__owur int dtls1_heartbeat(SSL *s); -__owur int dtls1_process_heartbeat(SSL *s, unsigned char *p, - size_t length); -# endif - __owur RAW_EXTENSION *tls_get_extension_by_type(RAW_EXTENSION *exts, size_t numexts, unsigned int type); @@ -2178,7 +2156,6 @@ void ssl_comp_free_compression_methods_int(void); # define ssl_init_wbio_buffer SSL_test_functions()->p_ssl_init_wbio_buffer # define ssl3_setup_buffers SSL_test_functions()->p_ssl3_setup_buffers -# define dtls1_process_heartbeat SSL_test_functions()->p_dtls1_process_heartbeat # endif #endif diff --git a/ssl/ssl_utst.c b/ssl/ssl_utst.c index 09e76d14a7..cea1bc2707 100644 --- a/ssl/ssl_utst.c +++ b/ssl/ssl_utst.c @@ -14,10 +14,6 @@ static const struct openssl_ssl_test_functions ssl_test_functions = { ssl_init_wbio_buffer, ssl3_setup_buffers, -# ifndef OPENSSL_NO_HEARTBEATS -# undef dtls1_process_heartbeat - dtls1_process_heartbeat -# endif }; const struct openssl_ssl_test_functions *SSL_test_functions(void) diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c index 901a3f2c49..a1da2a4418 100644 --- a/ssl/statem/statem.c +++ b/ssl/statem/statem.c @@ -251,20 +251,6 @@ static int state_machine(SSL *s, int server) } #endif -#ifndef OPENSSL_NO_HEARTBEATS - /* - * If we're awaiting a HeartbeatResponse, pretend we already got and - * don't await it anymore, because Heartbeats don't make sense during - * handshakes anyway. - */ - if (s->tlsext_hb_pending) { - if (SSL_IS_DTLS(s)) - dtls1_stop_timer(s); - s->tlsext_hb_pending = 0; - s->tlsext_hb_seq++; - } -#endif - /* Initialise state machine */ if (st->state == MSG_FLOW_RENEGOTIATE) { diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c index 52e62a4273..08937f518b 100644 --- a/ssl/statem/statem_dtls.c +++ b/ssl/statem/statem_dtls.c @@ -919,13 +919,8 @@ int dtls1_read_failed(SSL *s, int code) */ return code; } -#ifndef OPENSSL_NO_HEARTBEATS - /* done, no need to send a retransmit */ - if (!SSL_in_init(s) && !s->tlsext_hb_pending) -#else /* done, no need to send a retransmit */ if (!SSL_in_init(s)) -#endif { BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ); return code; diff --git a/ssl/t1_ext.c b/ssl/t1_ext.c index bbec1359ca..ae6e978595 100644 --- a/ssl/t1_ext.c +++ b/ssl/t1_ext.c @@ -243,7 +243,6 @@ int SSL_extension_supported(unsigned int ext_type) case TLSEXT_TYPE_application_layer_protocol_negotiation: case TLSEXT_TYPE_ec_point_formats: case TLSEXT_TYPE_supported_groups: - case TLSEXT_TYPE_heartbeat: #ifndef OPENSSL_NO_NEXTPROTONEG case TLSEXT_TYPE_next_proto_neg: #endif diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index a7aa955223..338334fe71 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1254,30 +1254,6 @@ int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al) } } #endif -#ifndef OPENSSL_NO_HEARTBEATS - if (SSL_IS_DTLS(s)) { - unsigned int mode; - - /*- - * Set mode: - * 1: peer may send requests - * 2: peer not allowed to send requests - */ - if (s->tlsext_heartbeat & SSL_DTLSEXT_HB_DONT_RECV_REQUESTS) - mode = SSL_DTLSEXT_HB_DONT_SEND_REQUESTS; - else - mode = SSL_DTLSEXT_HB_ENABLED; - - if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_heartbeat) - /* Sub-packet for Hearbeat extension */ - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes_u8(pkt, mode) - || !WPACKET_close(pkt)) { - SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); - return 0; - } - } -#endif #ifndef OPENSSL_NO_NEXTPROTONEG if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len) { @@ -1555,30 +1531,6 @@ int ssl_add_serverhello_tlsext(SSL *s, WPACKET *pkt, int *al) return 0; } } -#ifndef OPENSSL_NO_HEARTBEATS - /* Add Heartbeat extension if we've received one */ - if (SSL_IS_DTLS(s) && (s->tlsext_heartbeat & SSL_DTLSEXT_HB_ENABLED)) { - unsigned int mode; - /*- - * Set mode: - * 1: peer may send requests - * 2: peer not allowed to send requests - */ - if (s->tlsext_heartbeat & SSL_DTLSEXT_HB_DONT_RECV_REQUESTS) - mode = SSL_DTLSEXT_HB_DONT_SEND_REQUESTS; - else - mode = SSL_DTLSEXT_HB_ENABLED; - - if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_heartbeat) - || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes_u8(pkt, mode) - || !WPACKET_close(pkt)) { - SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR); - return 0; - } - - } -#endif #ifndef OPENSSL_NO_NEXTPROTONEG next_proto_neg_seen = s->s3->next_proto_neg_seen; @@ -1821,10 +1773,6 @@ static int ssl_scan_clienthello_tlsext(SSL *s, CLIENTHELLO_MSG *hello, int *al) OPENSSL_free(s->s3->alpn_proposed); s->s3->alpn_proposed = NULL; s->s3->alpn_proposed_len = 0; -#ifndef OPENSSL_NO_HEARTBEATS - s->tlsext_heartbeat &= ~(SSL_DTLSEXT_HB_ENABLED | - SSL_DTLSEXT_HB_DONT_SEND_REQUESTS); -#endif #ifndef OPENSSL_NO_EC if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG) @@ -2116,29 +2064,6 @@ static int ssl_scan_clienthello_tlsext(SSL *s, CLIENTHELLO_MSG *hello, int *al) s->tlsext_status_type = -1; } } -#ifndef OPENSSL_NO_HEARTBEATS - else if (SSL_IS_DTLS(s) && currext->type == TLSEXT_TYPE_heartbeat) { - unsigned int hbtype; - - if (!PACKET_get_1(&currext->data, &hbtype) - || PACKET_remaining(&currext->data)) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - switch (hbtype) { - case 0x01: /* Client allows us to send HB requests */ - s->tlsext_heartbeat |= SSL_DTLSEXT_HB_ENABLED; - break; - case 0x02: /* Client doesn't accept HB requests */ - s->tlsext_heartbeat |= SSL_DTLSEXT_HB_ENABLED; - s->tlsext_heartbeat |= SSL_DTLSEXT_HB_DONT_SEND_REQUESTS; - break; - default: - *al = SSL_AD_ILLEGAL_PARAMETER; - return 0; - } - } -#endif #ifndef OPENSSL_NO_NEXTPROTONEG else if (currext->type == TLSEXT_TYPE_next_proto_neg && s->s3->tmp.finish_md_len == 0) { @@ -2270,10 +2195,6 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al) OPENSSL_free(s->s3->alpn_selected); s->s3->alpn_selected = NULL; -#ifndef OPENSSL_NO_HEARTBEATS - s->tlsext_heartbeat &= ~(SSL_DTLSEXT_HB_ENABLED | - SSL_DTLSEXT_HB_DONT_SEND_REQUESTS); -#endif s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC; @@ -2463,27 +2384,6 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al) } s->s3->alpn_selected_len = len; } -#ifndef OPENSSL_NO_HEARTBEATS - else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_heartbeat) { - unsigned int hbtype; - if (!PACKET_get_1(&spkt, &hbtype)) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - switch (hbtype) { - case 0x01: /* Server allows us to send HB requests */ - s->tlsext_heartbeat |= SSL_DTLSEXT_HB_ENABLED; - break; - case 0x02: /* Server doesn't accept HB requests */ - s->tlsext_heartbeat |= SSL_DTLSEXT_HB_ENABLED; - s->tlsext_heartbeat |= SSL_DTLSEXT_HB_DONT_SEND_REQUESTS; - break; - default: - *al = SSL_AD_ILLEGAL_PARAMETER; - return 0; - } - } -#endif #ifndef OPENSSL_NO_SRTP else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_use_srtp) { if (ssl_parse_serverhello_use_srtp_ext(s, &spkt, al)) diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index 52c72b2450..2e94c65bdf 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -74,7 +74,6 @@ static ssl_trace_tbl ssl_content_tbl[] = { {SSL3_RT_ALERT, "Alert"}, {SSL3_RT_HANDSHAKE, "Handshake"}, {SSL3_RT_APPLICATION_DATA, "ApplicationData"}, - {DTLS1_RT_HEARTBEAT, "HeartBeat"} }; /* Handshake types */ @@ -453,7 +452,6 @@ static ssl_trace_tbl ssl_exts_tbl[] = { {TLSEXT_TYPE_srp, "srp"}, {TLSEXT_TYPE_signature_algorithms, "signature_algorithms"}, {TLSEXT_TYPE_use_srtp, "use_srtp"}, - {TLSEXT_TYPE_heartbeat, "heartbeat"}, {TLSEXT_TYPE_session_ticket, "session_ticket"}, {TLSEXT_TYPE_supported_versions, "supported_versions"}, {TLSEXT_TYPE_renegotiate, "renegotiate"}, @@ -534,11 +532,6 @@ static ssl_trace_tbl ssl_hb_tbl[] = { {2, "peer_not_allowed_to_send"} }; -static ssl_trace_tbl ssl_hb_type_tbl[] = { - {1, "heartbeat_request"}, - {2, "heartbeat_response"} -}; - static ssl_trace_tbl ssl_ctype_tbl[] = { {1, "rsa_sign"}, {2, "dss_sign"}, @@ -718,12 +711,7 @@ static int ssl_print_extension(BIO *bio, int indent, int server, int extype, break; case TLSEXT_TYPE_heartbeat: - if (extlen != 1) - return 0; - BIO_indent(bio, indent + 2, 80); - BIO_printf(bio, "HeartbeatMode: %s\n", - ssl_trace_str(ext[0], ssl_hb_tbl)); - break; + return 0; case TLSEXT_TYPE_session_ticket: if (extlen != 0) @@ -1270,22 +1258,6 @@ static int ssl_print_handshake(BIO *bio, SSL *ssl, return 1; } -static int ssl_print_heartbeat(BIO *bio, int indent, - const unsigned char *msg, size_t msglen) -{ - if (msglen < 3) - return 0; - BIO_indent(bio, indent, 80); - BIO_printf(bio, "HeartBeatMessageType: %s\n", - ssl_trace_str(msg[0], ssl_hb_type_tbl)); - msg++; - msglen--; - if (!ssl_print_hexbuf(bio, indent, "payload", 2, &msg, &msglen)) - return 0; - ssl_print_hex(bio, indent, "padding", msg, msglen); - return 1; -} - const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c) { return ssl_trace_str(c->id & 0xFFFF, ssl_ciphers_tbl); @@ -1343,9 +1315,6 @@ void SSL_trace(int write_p, int version, int content_type, SSL_alert_type_string_long(msg[0] << 8), msg[0], SSL_alert_desc_string_long(msg[1]), msg[1]); } - case DTLS1_RT_HEARTBEAT: - ssl_print_heartbeat(bio, 4, msg, msglen); - break; } diff --git a/test/build.info b/test/build.info index e9f87edb8b..e25050b9da 100644 --- a/test/build.info +++ b/test/build.info @@ -19,7 +19,7 @@ IF[{- !$disabled{tests} -}] randtest dhtest enginetest casttest \ bftest ssltest_old dsatest exptest rsa_test \ evp_test evp_extra_test igetest v3nametest v3ext \ - danetest heartbeat_test p5_crpt2_test bad_dtls_test \ + danetest p5_crpt2_test bad_dtls_test \ constant_time_test verify_extra_test clienthellotest \ packettest asynctest secmemtest srptest memleaktest \ dtlsv1listentest ct_test threadstest afalgtest d2i_test \ @@ -178,10 +178,6 @@ IF[{- !$disabled{tests} -}] INCLUDE[danetest]=../include DEPEND[danetest]=../libcrypto ../libssl - SOURCE[heartbeat_test]=heartbeat_test.c testutil.c - INCLUDE[heartbeat_test]=.. ../include - DEPEND[heartbeat_test]=../libcrypto ../libssl - SOURCE[p5_crpt2_test]=p5_crpt2_test.c INCLUDE[p5_crpt2_test]=../include DEPEND[p5_crpt2_test]=../libcrypto diff --git a/test/heartbeat_test.c b/test/heartbeat_test.c deleted file mode 100644 index 9f6c6e538a..0000000000 --- a/test/heartbeat_test.c +++ /dev/null @@ -1,376 +0,0 @@ -/* - * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/*- - * Unit test for TLS heartbeats. - * - * Acts as a regression test against the Heartbleed bug (CVE-2014-0160). - * - * Author: Mike Bland (mbland@acm.org, http://mike-bland.com/) - * Date: 2014-04-12 - * License: Creative Commons Attribution 4.0 International (CC By 4.0) - * http://creativecommons.org/licenses/by/4.0/deed.en_US - * - * OUTPUT - * ------ - * The program returns zero on success. It will print a message with a count - * of the number of failed tests and return nonzero if any tests fail. - * - * It will print the contents of the request and response buffers for each - * failing test. In a "fixed" version, all the tests should pass and there - * should be no output. - * - * In a "bleeding" version, you'll see: - * - * test_dtls1_heartbleed failed: - * expected payload len: 0 - * received: 1024 - * sent 26 characters - * "HEARTBLEED " - * received 1024 characters - * "HEARTBLEED \xde\xad\xbe\xef..." - * ** test_dtls1_heartbleed failed ** - * - * The contents of the returned buffer in the failing test will depend on the - * contents of memory on your machine. - * - * MORE INFORMATION - * ---------------- - * http://mike-bland.com/2014/04/12/heartbleed.html - * http://mike-bland.com/tags/heartbleed.html - */ - -#define OPENSSL_UNIT_TEST - -#include "../ssl/ssl_locl.h" - -#include "testutil.h" -#include -#include -#include -#include - -#if !defined(OPENSSL_NO_HEARTBEATS) && !defined(OPENSSL_NO_UNIT_TEST) - -/* As per https://tools.ietf.org/html/rfc6520#section-4 */ -# define MIN_PADDING_SIZE 16 - -/* Maximum number of payload characters to print as test output */ -# define MAX_PRINTABLE_CHARACTERS 1024 - -typedef struct heartbeat_test_fixture { - SSL_CTX *ctx; - SSL *s; - const char *test_case_name; - int (*process_heartbeat) (SSL *s, unsigned char *p, unsigned int length); - unsigned char *payload; - int sent_payload_len; - int expected_return_value; - int return_payload_offset; - int expected_payload_len; - const char *expected_return_payload; -} HEARTBEAT_TEST_FIXTURE; - -static HEARTBEAT_TEST_FIXTURE set_up(const char *const test_case_name, - const SSL_METHOD *meth) -{ - HEARTBEAT_TEST_FIXTURE fixture; - int setup_ok = 1; - memset(&fixture, 0, sizeof(fixture)); - fixture.test_case_name = test_case_name; - - fixture.ctx = SSL_CTX_new(meth); - if (!fixture.ctx) { - fprintf(stderr, "Failed to allocate SSL_CTX for test: %s\n", - test_case_name); - setup_ok = 0; - goto fail; - } - - fixture.s = SSL_new(fixture.ctx); - if (!fixture.s) { - fprintf(stderr, "Failed to allocate SSL for test: %s\n", - test_case_name); - setup_ok = 0; - goto fail; - } - - if (!ssl_init_wbio_buffer(fixture.s)) { - fprintf(stderr, "Failed to set up wbio buffer for test: %s\n", - test_case_name); - setup_ok = 0; - goto fail; - } - - if (!ssl3_setup_buffers(fixture.s)) { - fprintf(stderr, "Failed to setup buffers for test: %s\n", - test_case_name); - setup_ok = 0; - goto fail; - } - - /* - * Clear the memory for the return buffer, since this isn't automatically - * zeroed in opt mode and will cause spurious test failures that will - * change with each execution. - */ - memset(fixture.s->rlayer.wbuf.buf, 0, fixture.s->rlayer.wbuf.len); - - fail: - if (!setup_ok) { - ERR_print_errors_fp(stderr); - exit(EXIT_FAILURE); - } - return fixture; -} - -static HEARTBEAT_TEST_FIXTURE set_up_dtls(const char *const test_case_name) -{ - HEARTBEAT_TEST_FIXTURE fixture = set_up(test_case_name, - DTLS_server_method()); - fixture.process_heartbeat = dtls1_process_heartbeat; - - /* - * As per dtls1_get_record(), skipping the following from the beginning - * of the returned heartbeat message: type-1 byte; version-2 bytes; - * sequence number-8 bytes; length-2 bytes And then skipping the 1-byte - * type encoded by process_heartbeat for a total of 14 bytes, at which - * point we can grab the length and the payload we seek. - */ - fixture.return_payload_offset = 14; - return fixture; -} - -/* Needed by ssl3_write_bytes() */ -static int dummy_handshake(SSL *s) -{ - return 1; -} - -static void tear_down(HEARTBEAT_TEST_FIXTURE fixture) -{ - SSL_free(fixture.s); - SSL_CTX_free(fixture.ctx); -} - -static void print_payload(const char *const prefix, - const unsigned char *payload, const int n) -{ - const int end = n < MAX_PRINTABLE_CHARACTERS ? n - : MAX_PRINTABLE_CHARACTERS; - int i = 0; - - printf("%s %d character%s", prefix, n, n == 1 ? "" : "s"); - if (end != n) - printf(" (first %d shown)", end); - printf("\n \""); - - for (; i != end; ++i) { - const unsigned char c = payload[i]; - if (isprint(c)) - fputc(c, stdout); - else - printf("\\x%02x", c); - } - printf("\"\n"); -} - -static int execute_heartbeat(HEARTBEAT_TEST_FIXTURE fixture) -{ - int result = 0; - SSL *s = fixture.s; - unsigned char *payload = fixture.payload; - unsigned char sent_buf[MAX_PRINTABLE_CHARACTERS + 1]; - int return_value; - unsigned const char *p; - int actual_payload_len; - - s->rlayer.rrec.data = payload; - s->rlayer.rrec.length = strlen((const char *)payload); - *payload++ = TLS1_HB_REQUEST; - s2n(fixture.sent_payload_len, payload); - - /* - * Make a local copy of the request, since it gets overwritten at some - * point - */ - memcpy(sent_buf, payload, sizeof(sent_buf)); - - return_value = fixture.process_heartbeat(s, s->rlayer.rrec.data, - s->rlayer.rrec.length); - - if (return_value != fixture.expected_return_value) { - printf("%s failed: expected return value %d, received %d\n", - fixture.test_case_name, fixture.expected_return_value, - return_value); - result = 1; - } - - /* - * If there is any byte alignment, it will be stored in wbuf.offset. - */ - p = &(s->rlayer. - wbuf.buf[fixture.return_payload_offset + s->rlayer.wbuf.offset]); - actual_payload_len = 0; - n2s(p, actual_payload_len); - - if (actual_payload_len != fixture.expected_payload_len) { - printf("%s failed:\n expected payload len: %d\n received: %d\n", - fixture.test_case_name, fixture.expected_payload_len, - actual_payload_len); - print_payload("sent", sent_buf, strlen((const char *)sent_buf)); - print_payload("received", p, actual_payload_len); - result = 1; - } else { - char *actual_payload = - OPENSSL_strndup((const char *)p, actual_payload_len); - if (strcmp(actual_payload, fixture.expected_return_payload) != 0) { - printf - ("%s failed:\n expected payload: \"%s\"\n received: \"%s\"\n", - fixture.test_case_name, fixture.expected_return_payload, - actual_payload); - result = 1; - } - OPENSSL_free(actual_payload); - } - - if (result != 0) { - printf("** %s failed **\n--------\n", fixture.test_case_name); - } - return result; -} - -static int honest_payload_size(unsigned char payload_buf[]) -{ - /* Omit three-byte pad at the beginning for type and payload length */ - return strlen((const char *)&payload_buf[3]) - MIN_PADDING_SIZE; -} - -# define SETUP_HEARTBEAT_TEST_FIXTURE(type)\ - SETUP_TEST_FIXTURE(HEARTBEAT_TEST_FIXTURE, set_up_##type) - -# define EXECUTE_HEARTBEAT_TEST()\ - EXECUTE_TEST(execute_heartbeat, tear_down) - -static int test_dtls1_not_bleeding() -{ - SETUP_HEARTBEAT_TEST_FIXTURE(dtls); - /* Three-byte pad at the beginning for type and payload length */ - unsigned char payload_buf[MAX_PRINTABLE_CHARACTERS + 4] = - " Not bleeding, sixteen spaces of padding" " "; - const int payload_buf_len = honest_payload_size(payload_buf); - - fixture.payload = &payload_buf[0]; - fixture.sent_payload_len = payload_buf_len; - fixture.expected_return_value = 0; - fixture.expected_payload_len = payload_buf_len; - fixture.expected_return_payload = - "Not bleeding, sixteen spaces of padding"; - EXECUTE_HEARTBEAT_TEST(); -} - -static int test_dtls1_not_bleeding_empty_payload() -{ - int payload_buf_len; - - SETUP_HEARTBEAT_TEST_FIXTURE(dtls); - /* - * Three-byte pad at the beginning for type and payload length, plus a - * NUL at the end - */ - unsigned char payload_buf[4 + MAX_PRINTABLE_CHARACTERS]; - memset(payload_buf, ' ', MIN_PADDING_SIZE + 3); - payload_buf[MIN_PADDING_SIZE + 3] = '\0'; - payload_buf_len = honest_payload_size(payload_buf); - - fixture.payload = &payload_buf[0]; - fixture.sent_payload_len = payload_buf_len; - fixture.expected_return_value = 0; - fixture.expected_payload_len = payload_buf_len; - fixture.expected_return_payload = ""; - EXECUTE_HEARTBEAT_TEST(); -} - -static int test_dtls1_heartbleed() -{ - SETUP_HEARTBEAT_TEST_FIXTURE(dtls); - /* Three-byte pad at the beginning for type and payload length */ - unsigned char payload_buf[4 + MAX_PRINTABLE_CHARACTERS] = - " HEARTBLEED "; - - fixture.payload = &payload_buf[0]; - fixture.sent_payload_len = MAX_PRINTABLE_CHARACTERS; - fixture.expected_return_value = 0; - fixture.expected_payload_len = 0; - fixture.expected_return_payload = ""; - EXECUTE_HEARTBEAT_TEST(); -} - -static int test_dtls1_heartbleed_empty_payload() -{ - SETUP_HEARTBEAT_TEST_FIXTURE(dtls); - /* - * Excluding the NUL at the end, one byte short of type + payload length - * + minimum padding - */ - unsigned char payload_buf[MAX_PRINTABLE_CHARACTERS + 4]; - memset(payload_buf, ' ', MIN_PADDING_SIZE + 2); - payload_buf[MIN_PADDING_SIZE + 2] = '\0'; - - fixture.payload = &payload_buf[0]; - fixture.sent_payload_len = MAX_PRINTABLE_CHARACTERS; - fixture.expected_return_value = 0; - fixture.expected_payload_len = 0; - fixture.expected_return_payload = ""; - EXECUTE_HEARTBEAT_TEST(); -} - -static int test_dtls1_heartbleed_excessive_plaintext_length() -{ - SETUP_HEARTBEAT_TEST_FIXTURE(dtls); - /* - * Excluding the NUL at the end, one byte in excess of maximum allowed - * heartbeat message length - */ - unsigned char payload_buf[SSL3_RT_MAX_PLAIN_LENGTH + 2]; - memset(payload_buf, ' ', sizeof(payload_buf)); - payload_buf[sizeof(payload_buf) - 1] = '\0'; - - fixture.payload = &payload_buf[0]; - fixture.sent_payload_len = honest_payload_size(payload_buf); - fixture.expected_return_value = 0; - fixture.expected_payload_len = 0; - fixture.expected_return_payload = ""; - EXECUTE_HEARTBEAT_TEST(); -} - -# undef EXECUTE_HEARTBEAT_TEST -# undef SETUP_HEARTBEAT_TEST_FIXTURE - -int main(int argc, char *argv[]) -{ - int result = 0; - - ADD_TEST(test_dtls1_not_bleeding); - ADD_TEST(test_dtls1_not_bleeding_empty_payload); - ADD_TEST(test_dtls1_heartbleed); - ADD_TEST(test_dtls1_heartbleed_empty_payload); - ADD_TEST(test_dtls1_heartbleed_excessive_plaintext_length); - - result = run_tests(argv[0]); - return result; -} - -#else /* OPENSSL_NO_HEARTBEATS */ - -int main(int argc, char *argv[]) -{ - return EXIT_SUCCESS; -} -#endif /* OPENSSL_NO_HEARTBEATS */ diff --git a/test/recipes/90-test_heartbeat.t b/test/recipes/90-test_heartbeat.t deleted file mode 100644 index 90d6a67b7d..0000000000 --- a/test/recipes/90-test_heartbeat.t +++ /dev/null @@ -1,12 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the OpenSSL license (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -use OpenSSL::Test::Simple; - -simple_test("test_heartbeat", "heartbeat_test", "heartbeats"); diff --git a/util/indent.pro b/util/indent.pro index 3946e8ef31..e768a2a021 100644 --- a/util/indent.pro +++ b/util/indent.pro @@ -283,7 +283,6 @@ -T HASH_CTX -T HEAPENTRY32 -T HEAPLIST32 --T HEARTBEAT_TEST_FIXTURE -T HMAC_CTX -T ICA_KEY_RSA_CRT -T ICA_KEY_RSA_CRT_REC -- 2.39.2