recordlentest.c 5.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204
  1. /*
  2. * Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <string.h>
  10. #include "helpers/ssltestlib.h"
  11. #include "testutil.h"
  12. static char *cert = NULL;
  13. static char *privkey = NULL;
  14. #define TEST_PLAINTEXT_OVERFLOW_OK 0
  15. #define TEST_PLAINTEXT_OVERFLOW_NOT_OK 1
  16. #define TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK 2
  17. #define TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK 3
  18. #define TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK 4
  19. #define TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK 5
  20. #define TOTAL_RECORD_OVERFLOW_TESTS 6
  21. static int write_record(BIO *b, size_t len, uint8_t rectype, int recversion)
  22. {
  23. unsigned char header[SSL3_RT_HEADER_LENGTH];
  24. size_t written;
  25. unsigned char buf[256];
  26. memset(buf, 0, sizeof(buf));
  27. header[0] = rectype;
  28. header[1] = (recversion >> 8) & 0xff;
  29. header[2] = recversion & 0xff;
  30. header[3] = (len >> 8) & 0xff;
  31. header[4] = len & 0xff;
  32. if (!BIO_write_ex(b, header, SSL3_RT_HEADER_LENGTH, &written)
  33. || written != SSL3_RT_HEADER_LENGTH)
  34. return 0;
  35. while (len > 0) {
  36. size_t outlen;
  37. if (len > sizeof(buf))
  38. outlen = sizeof(buf);
  39. else
  40. outlen = len;
  41. if (!BIO_write_ex(b, buf, outlen, &written)
  42. || written != outlen)
  43. return 0;
  44. len -= outlen;
  45. }
  46. return 1;
  47. }
  48. static int fail_due_to_record_overflow(int enc)
  49. {
  50. long err = ERR_peek_error();
  51. int reason;
  52. if (enc)
  53. reason = SSL_R_ENCRYPTED_LENGTH_TOO_LONG;
  54. else
  55. reason = SSL_R_DATA_LENGTH_TOO_LONG;
  56. if (ERR_GET_LIB(err) == ERR_LIB_SSL
  57. && ERR_GET_REASON(err) == reason)
  58. return 1;
  59. return 0;
  60. }
  61. static int test_record_overflow(int idx)
  62. {
  63. SSL_CTX *cctx = NULL, *sctx = NULL;
  64. SSL *clientssl = NULL, *serverssl = NULL;
  65. int testresult = 0;
  66. size_t len = 0;
  67. size_t written;
  68. int overf_expected;
  69. unsigned char buf;
  70. BIO *serverbio;
  71. int recversion;
  72. #ifdef OPENSSL_NO_TLS1_2
  73. if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK
  74. || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK)
  75. return 1;
  76. #endif
  77. #if defined(OPENSSL_NO_TLS1_3) \
  78. || (defined(OPENSSL_NO_EC) && defined(OPENSSL_NO_DH))
  79. if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK
  80. || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK)
  81. return 1;
  82. #endif
  83. if (!TEST_true(create_ssl_ctx_pair(NULL, TLS_server_method(),
  84. TLS_client_method(),
  85. TLS1_VERSION, 0,
  86. &sctx, &cctx, cert, privkey)))
  87. goto end;
  88. if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK
  89. || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK) {
  90. len = SSL3_RT_MAX_ENCRYPTED_LENGTH;
  91. #ifndef OPENSSL_NO_COMP
  92. len -= SSL3_RT_MAX_COMPRESSED_OVERHEAD;
  93. #endif
  94. SSL_CTX_set_max_proto_version(sctx, TLS1_2_VERSION);
  95. } else if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK
  96. || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK) {
  97. len = SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH;
  98. }
  99. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
  100. NULL, NULL)))
  101. goto end;
  102. serverbio = SSL_get_rbio(serverssl);
  103. if (idx == TEST_PLAINTEXT_OVERFLOW_OK
  104. || idx == TEST_PLAINTEXT_OVERFLOW_NOT_OK) {
  105. len = SSL3_RT_MAX_PLAIN_LENGTH;
  106. if (idx == TEST_PLAINTEXT_OVERFLOW_NOT_OK)
  107. len++;
  108. if (!TEST_true(write_record(serverbio, len,
  109. SSL3_RT_HANDSHAKE, TLS1_VERSION)))
  110. goto end;
  111. if (!TEST_int_le(SSL_accept(serverssl), 0))
  112. goto end;
  113. overf_expected = (idx == TEST_PLAINTEXT_OVERFLOW_OK) ? 0 : 1;
  114. if (!TEST_int_eq(fail_due_to_record_overflow(0), overf_expected))
  115. goto end;
  116. goto success;
  117. }
  118. if (!TEST_true(create_ssl_connection(serverssl, clientssl,
  119. SSL_ERROR_NONE)))
  120. goto end;
  121. if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK
  122. || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK) {
  123. overf_expected = 1;
  124. len++;
  125. } else {
  126. overf_expected = 0;
  127. }
  128. recversion = TLS1_2_VERSION;
  129. if (!TEST_true(write_record(serverbio, len, SSL3_RT_APPLICATION_DATA,
  130. recversion)))
  131. goto end;
  132. if (!TEST_false(SSL_read_ex(serverssl, &buf, sizeof(buf), &written)))
  133. goto end;
  134. if (!TEST_int_eq(fail_due_to_record_overflow(1), overf_expected))
  135. goto end;
  136. success:
  137. testresult = 1;
  138. end:
  139. SSL_free(serverssl);
  140. SSL_free(clientssl);
  141. SSL_CTX_free(sctx);
  142. SSL_CTX_free(cctx);
  143. return testresult;
  144. }
  145. OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n")
  146. int setup_tests(void)
  147. {
  148. if (!test_skip_common_options()) {
  149. TEST_error("Error parsing test options\n");
  150. return 0;
  151. }
  152. if (!TEST_ptr(cert = test_get_argument(0))
  153. || !TEST_ptr(privkey = test_get_argument(1)))
  154. return 0;
  155. ADD_ALL_TESTS(test_record_overflow, TOTAL_RECORD_OVERFLOW_TESTS);
  156. return 1;
  157. }
  158. void cleanup_tests(void)
  159. {
  160. bio_s_mempacket_test_free();
  161. }