recordlentest.c 5.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199
  1. /*
  2. * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <string.h>
  10. #include "ssltestlib.h"
  11. #include "testutil.h"
  12. static char *cert = NULL;
  13. static char *privkey = NULL;
  14. #define TEST_PLAINTEXT_OVERFLOW_OK 0
  15. #define TEST_PLAINTEXT_OVERFLOW_NOT_OK 1
  16. #define TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK 2
  17. #define TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK 3
  18. #define TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK 4
  19. #define TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK 5
  20. #define TOTAL_RECORD_OVERFLOW_TESTS 6
  21. static int write_record(BIO *b, size_t len, int rectype, int recversion)
  22. {
  23. unsigned char header[SSL3_RT_HEADER_LENGTH];
  24. size_t written;
  25. unsigned char buf[256];
  26. memset(buf, 0, sizeof(buf));
  27. header[0] = rectype;
  28. header[1] = (recversion >> 8) & 0xff;
  29. header[2] = recversion & 0xff;
  30. header[3] = (len >> 8) & 0xff;
  31. header[4] = len & 0xff;
  32. if (!BIO_write_ex(b, header, SSL3_RT_HEADER_LENGTH, &written)
  33. || written != SSL3_RT_HEADER_LENGTH)
  34. return 0;
  35. while (len > 0) {
  36. size_t outlen;
  37. if (len > sizeof(buf))
  38. outlen = sizeof(buf);
  39. else
  40. outlen = len;
  41. if (!BIO_write_ex(b, buf, outlen, &written)
  42. || written != outlen)
  43. return 0;
  44. len -= outlen;
  45. }
  46. return 1;
  47. }
  48. static int fail_due_to_record_overflow(int enc)
  49. {
  50. long err = ERR_peek_error();
  51. int reason;
  52. if (enc)
  53. reason = SSL_R_ENCRYPTED_LENGTH_TOO_LONG;
  54. else
  55. reason = SSL_R_DATA_LENGTH_TOO_LONG;
  56. if (ERR_GET_LIB(err) == ERR_LIB_SSL
  57. && ERR_GET_REASON(err) == reason)
  58. return 1;
  59. return 0;
  60. }
  61. static int test_record_overflow(int idx)
  62. {
  63. SSL_CTX *cctx = NULL, *sctx = NULL;
  64. SSL *clientssl = NULL, *serverssl = NULL;
  65. int testresult = 0;
  66. size_t len = 0;
  67. size_t written;
  68. int overf_expected;
  69. unsigned char buf;
  70. BIO *serverbio;
  71. int recversion;
  72. #ifdef OPENSSL_NO_TLS1_2
  73. if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK
  74. || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK)
  75. return 1;
  76. #endif
  77. #ifdef OPENSSL_NO_TLS1_3
  78. if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK
  79. || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK)
  80. return 1;
  81. #endif
  82. ERR_clear_error();
  83. if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
  84. TLS1_VERSION, 0,
  85. &sctx, &cctx, cert, privkey)))
  86. goto end;
  87. if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK
  88. || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK) {
  89. len = SSL3_RT_MAX_ENCRYPTED_LENGTH;
  90. #ifndef OPENSSL_NO_COMP
  91. len -= SSL3_RT_MAX_COMPRESSED_OVERHEAD;
  92. #endif
  93. SSL_CTX_set_max_proto_version(sctx, TLS1_2_VERSION);
  94. } else if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK
  95. || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK) {
  96. len = SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH;
  97. }
  98. if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
  99. NULL, NULL)))
  100. goto end;
  101. serverbio = SSL_get_rbio(serverssl);
  102. if (idx == TEST_PLAINTEXT_OVERFLOW_OK
  103. || idx == TEST_PLAINTEXT_OVERFLOW_NOT_OK) {
  104. len = SSL3_RT_MAX_PLAIN_LENGTH;
  105. if (idx == TEST_PLAINTEXT_OVERFLOW_NOT_OK)
  106. len++;
  107. if (!TEST_true(write_record(serverbio, len,
  108. SSL3_RT_HANDSHAKE, TLS1_VERSION)))
  109. goto end;
  110. if (!TEST_int_le(SSL_accept(serverssl), 0))
  111. goto end;
  112. overf_expected = (idx == TEST_PLAINTEXT_OVERFLOW_OK) ? 0 : 1;
  113. if (!TEST_int_eq(fail_due_to_record_overflow(0), overf_expected))
  114. goto end;
  115. goto success;
  116. }
  117. if (!TEST_true(create_ssl_connection(serverssl, clientssl,
  118. SSL_ERROR_NONE)))
  119. goto end;
  120. if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK
  121. || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK) {
  122. overf_expected = 1;
  123. len++;
  124. } else {
  125. overf_expected = 0;
  126. }
  127. recversion = TLS1_2_VERSION;
  128. if (!TEST_true(write_record(serverbio, len, SSL3_RT_APPLICATION_DATA,
  129. recversion)))
  130. goto end;
  131. if (!TEST_false(SSL_read_ex(serverssl, &buf, sizeof(buf), &written)))
  132. goto end;
  133. if (!TEST_int_eq(fail_due_to_record_overflow(1), overf_expected))
  134. goto end;
  135. success:
  136. testresult = 1;
  137. end:
  138. SSL_free(serverssl);
  139. SSL_free(clientssl);
  140. SSL_CTX_free(sctx);
  141. SSL_CTX_free(cctx);
  142. return testresult;
  143. }
  144. OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n")
  145. int setup_tests(void)
  146. {
  147. if (!TEST_ptr(cert = test_get_argument(0))
  148. || !TEST_ptr(privkey = test_get_argument(1)))
  149. return 0;
  150. ADD_ALL_TESTS(test_record_overflow, TOTAL_RECORD_OVERFLOW_TESTS);
  151. return 1;
  152. }
  153. void cleanup_tests(void)
  154. {
  155. bio_s_mempacket_test_free();
  156. }