123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474 |
- /* test/heartbeat_test.c */
- /*-
- * Unit test for TLS heartbeats.
- *
- * Acts as a regression test against the Heartbleed bug (CVE-2014-0160).
- *
- * Author: Mike Bland (mbland@acm.org, http://mike-bland.com/)
- * Date: 2014-04-12
- * License: Creative Commons Attribution 4.0 International (CC By 4.0)
- * http://creativecommons.org/licenses/by/4.0/deed.en_US
- *
- * OUTPUT
- * ------
- * The program returns zero on success. It will print a message with a count
- * of the number of failed tests and return nonzero if any tests fail.
- *
- * It will print the contents of the request and response buffers for each
- * failing test. In a "fixed" version, all the tests should pass and there
- * should be no output.
- *
- * In a "bleeding" version, you'll see:
- *
- * test_dtls1_heartbleed failed:
- * expected payload len: 0
- * received: 1024
- * sent 26 characters
- * "HEARTBLEED "
- * received 1024 characters
- * "HEARTBLEED \xde\xad\xbe\xef..."
- * ** test_dtls1_heartbleed failed **
- *
- * The contents of the returned buffer in the failing test will depend on the
- * contents of memory on your machine.
- *
- * MORE INFORMATION
- * ----------------
- * http://mike-bland.com/2014/04/12/heartbleed.html
- * http://mike-bland.com/tags/heartbleed.html
- */
- #define OPENSSL_UNIT_TEST
- #include "../test/testutil.h"
- #include "../ssl/ssl_locl.h"
- #include <ctype.h>
- #include <stdio.h>
- #include <stdlib.h>
- #include <string.h>
- #if !defined(OPENSSL_NO_HEARTBEATS) && !defined(OPENSSL_NO_UNIT_TEST)
- /* As per https://tools.ietf.org/html/rfc6520#section-4 */
- # define MIN_PADDING_SIZE 16
- /* Maximum number of payload characters to print as test output */
- # define MAX_PRINTABLE_CHARACTERS 1024
- typedef struct heartbeat_test_fixture {
- SSL_CTX *ctx;
- SSL *s;
- const char *test_case_name;
- int (*process_heartbeat) (SSL *s);
- unsigned char *payload;
- int sent_payload_len;
- int expected_return_value;
- int return_payload_offset;
- int expected_payload_len;
- const char *expected_return_payload;
- } HEARTBEAT_TEST_FIXTURE;
- static HEARTBEAT_TEST_FIXTURE set_up(const char *const test_case_name,
- const SSL_METHOD *meth)
- {
- HEARTBEAT_TEST_FIXTURE fixture;
- int setup_ok = 1;
- memset(&fixture, 0, sizeof(fixture));
- fixture.test_case_name = test_case_name;
- fixture.ctx = SSL_CTX_new(meth);
- if (!fixture.ctx) {
- fprintf(stderr, "Failed to allocate SSL_CTX for test: %s\n",
- test_case_name);
- setup_ok = 0;
- goto fail;
- }
- fixture.s = SSL_new(fixture.ctx);
- if (!fixture.s) {
- fprintf(stderr, "Failed to allocate SSL for test: %s\n",
- test_case_name);
- setup_ok = 0;
- goto fail;
- }
- if (!ssl_init_wbio_buffer(fixture.s, 1)) {
- fprintf(stderr, "Failed to set up wbio buffer for test: %s\n",
- test_case_name);
- setup_ok = 0;
- goto fail;
- }
- if (!ssl3_setup_buffers(fixture.s)) {
- fprintf(stderr, "Failed to setup buffers for test: %s\n",
- test_case_name);
- setup_ok = 0;
- goto fail;
- }
- /*
- * Clear the memory for the return buffer, since this isn't automatically
- * zeroed in opt mode and will cause spurious test failures that will
- * change with each execution.
- */
- memset(fixture.s->s3->wbuf.buf, 0, fixture.s->s3->wbuf.len);
- fail:
- if (!setup_ok) {
- ERR_print_errors_fp(stderr);
- exit(EXIT_FAILURE);
- }
- return fixture;
- }
- static HEARTBEAT_TEST_FIXTURE set_up_dtls(const char *const test_case_name)
- {
- HEARTBEAT_TEST_FIXTURE fixture = set_up(test_case_name,
- DTLSv1_server_method());
- fixture.process_heartbeat = dtls1_process_heartbeat;
- /*
- * As per dtls1_get_record(), skipping the following from the beginning
- * of the returned heartbeat message: type-1 byte; version-2 bytes;
- * sequence number-8 bytes; length-2 bytes And then skipping the 1-byte
- * type encoded by process_heartbeat for a total of 14 bytes, at which
- * point we can grab the length and the payload we seek.
- */
- fixture.return_payload_offset = 14;
- return fixture;
- }
- /* Needed by ssl3_write_bytes() */
- static int dummy_handshake(SSL *s)
- {
- return 1;
- }
- static HEARTBEAT_TEST_FIXTURE set_up_tls(const char *const test_case_name)
- {
- HEARTBEAT_TEST_FIXTURE fixture = set_up(test_case_name,
- TLSv1_server_method());
- fixture.process_heartbeat = tls1_process_heartbeat;
- fixture.s->handshake_func = dummy_handshake;
- /*
- * As per do_ssl3_write(), skipping the following from the beginning of
- * the returned heartbeat message: type-1 byte; version-2 bytes; length-2
- * bytes And then skipping the 1-byte type encoded by process_heartbeat
- * for a total of 6 bytes, at which point we can grab the length and the
- * payload we seek.
- */
- fixture.return_payload_offset = 6;
- return fixture;
- }
- static void tear_down(HEARTBEAT_TEST_FIXTURE fixture)
- {
- ERR_print_errors_fp(stderr);
- SSL_free(fixture.s);
- SSL_CTX_free(fixture.ctx);
- }
- static void print_payload(const char *const prefix,
- const unsigned char *payload, const int n)
- {
- const int end = n < MAX_PRINTABLE_CHARACTERS ? n
- : MAX_PRINTABLE_CHARACTERS;
- int i = 0;
- printf("%s %d character%s", prefix, n, n == 1 ? "" : "s");
- if (end != n)
- printf(" (first %d shown)", end);
- printf("\n \"");
- for (; i != end; ++i) {
- const unsigned char c = payload[i];
- if (isprint(c))
- fputc(c, stdout);
- else
- printf("\\x%02x", c);
- }
- printf("\"\n");
- }
- static int execute_heartbeat(HEARTBEAT_TEST_FIXTURE fixture)
- {
- int result = 0;
- SSL *s = fixture.s;
- unsigned char *payload = fixture.payload;
- unsigned char sent_buf[MAX_PRINTABLE_CHARACTERS + 1];
- int return_value;
- unsigned const char *p;
- int actual_payload_len;
- s->s3->rrec.data = payload;
- s->s3->rrec.length = strlen((const char *)payload);
- *payload++ = TLS1_HB_REQUEST;
- s2n(fixture.sent_payload_len, payload);
- /*
- * Make a local copy of the request, since it gets overwritten at some
- * point
- */
- memcpy((char *)sent_buf, (const char *)payload, sizeof(sent_buf));
- return_value = fixture.process_heartbeat(s);
- if (return_value != fixture.expected_return_value) {
- printf("%s failed: expected return value %d, received %d\n",
- fixture.test_case_name, fixture.expected_return_value,
- return_value);
- result = 1;
- }
- /*
- * If there is any byte alignment, it will be stored in wbuf.offset.
- */
- p = &(s->s3->
- wbuf.buf[fixture.return_payload_offset + s->s3->wbuf.offset]);
- actual_payload_len = 0;
- n2s(p, actual_payload_len);
- if (actual_payload_len != fixture.expected_payload_len) {
- printf("%s failed:\n expected payload len: %d\n received: %d\n",
- fixture.test_case_name, fixture.expected_payload_len,
- actual_payload_len);
- print_payload("sent", sent_buf, strlen((const char *)sent_buf));
- print_payload("received", p, actual_payload_len);
- result = 1;
- } else {
- char *actual_payload =
- BUF_strndup((const char *)p, actual_payload_len);
- if (strcmp(actual_payload, fixture.expected_return_payload) != 0) {
- printf
- ("%s failed:\n expected payload: \"%s\"\n received: \"%s\"\n",
- fixture.test_case_name, fixture.expected_return_payload,
- actual_payload);
- result = 1;
- }
- OPENSSL_free(actual_payload);
- }
- if (result != 0) {
- printf("** %s failed **\n--------\n", fixture.test_case_name);
- }
- return result;
- }
- static int honest_payload_size(unsigned char payload_buf[])
- {
- /* Omit three-byte pad at the beginning for type and payload length */
- return strlen((const char *)&payload_buf[3]) - MIN_PADDING_SIZE;
- }
- # define SETUP_HEARTBEAT_TEST_FIXTURE(type)\
- SETUP_TEST_FIXTURE(HEARTBEAT_TEST_FIXTURE, set_up_##type)
- # define EXECUTE_HEARTBEAT_TEST()\
- EXECUTE_TEST(execute_heartbeat, tear_down)
- static int test_dtls1_not_bleeding()
- {
- SETUP_HEARTBEAT_TEST_FIXTURE(dtls);
- /* Three-byte pad at the beginning for type and payload length */
- unsigned char payload_buf[MAX_PRINTABLE_CHARACTERS + 4] =
- " Not bleeding, sixteen spaces of padding" " ";
- const int payload_buf_len = honest_payload_size(payload_buf);
- fixture.payload = &payload_buf[0];
- fixture.sent_payload_len = payload_buf_len;
- fixture.expected_return_value = 0;
- fixture.expected_payload_len = payload_buf_len;
- fixture.expected_return_payload =
- "Not bleeding, sixteen spaces of padding";
- EXECUTE_HEARTBEAT_TEST();
- }
- static int test_dtls1_not_bleeding_empty_payload()
- {
- int payload_buf_len;
- SETUP_HEARTBEAT_TEST_FIXTURE(dtls);
- /*
- * Three-byte pad at the beginning for type and payload length, plus a
- * NUL at the end
- */
- unsigned char payload_buf[4 + MAX_PRINTABLE_CHARACTERS];
- memset(payload_buf, ' ', MIN_PADDING_SIZE + 3);
- payload_buf[MIN_PADDING_SIZE + 3] = '\0';
- payload_buf_len = honest_payload_size(payload_buf);
- fixture.payload = &payload_buf[0];
- fixture.sent_payload_len = payload_buf_len;
- fixture.expected_return_value = 0;
- fixture.expected_payload_len = payload_buf_len;
- fixture.expected_return_payload = "";
- EXECUTE_HEARTBEAT_TEST();
- }
- static int test_dtls1_heartbleed()
- {
- SETUP_HEARTBEAT_TEST_FIXTURE(dtls);
- /* Three-byte pad at the beginning for type and payload length */
- unsigned char payload_buf[4 + MAX_PRINTABLE_CHARACTERS] =
- " HEARTBLEED ";
- fixture.payload = &payload_buf[0];
- fixture.sent_payload_len = MAX_PRINTABLE_CHARACTERS;
- fixture.expected_return_value = 0;
- fixture.expected_payload_len = 0;
- fixture.expected_return_payload = "";
- EXECUTE_HEARTBEAT_TEST();
- }
- static int test_dtls1_heartbleed_empty_payload()
- {
- SETUP_HEARTBEAT_TEST_FIXTURE(dtls);
- /*
- * Excluding the NUL at the end, one byte short of type + payload length
- * + minimum padding
- */
- unsigned char payload_buf[MAX_PRINTABLE_CHARACTERS + 4];
- memset(payload_buf, ' ', MIN_PADDING_SIZE + 2);
- payload_buf[MIN_PADDING_SIZE + 2] = '\0';
- fixture.payload = &payload_buf[0];
- fixture.sent_payload_len = MAX_PRINTABLE_CHARACTERS;
- fixture.expected_return_value = 0;
- fixture.expected_payload_len = 0;
- fixture.expected_return_payload = "";
- EXECUTE_HEARTBEAT_TEST();
- }
- static int test_dtls1_heartbleed_excessive_plaintext_length()
- {
- SETUP_HEARTBEAT_TEST_FIXTURE(dtls);
- /*
- * Excluding the NUL at the end, one byte in excess of maximum allowed
- * heartbeat message length
- */
- unsigned char payload_buf[SSL3_RT_MAX_PLAIN_LENGTH + 2];
- memset(payload_buf, ' ', sizeof(payload_buf));
- payload_buf[sizeof(payload_buf) - 1] = '\0';
- fixture.payload = &payload_buf[0];
- fixture.sent_payload_len = honest_payload_size(payload_buf);
- fixture.expected_return_value = 0;
- fixture.expected_payload_len = 0;
- fixture.expected_return_payload = "";
- EXECUTE_HEARTBEAT_TEST();
- }
- static int test_tls1_not_bleeding()
- {
- SETUP_HEARTBEAT_TEST_FIXTURE(tls);
- /* Three-byte pad at the beginning for type and payload length */
- unsigned char payload_buf[MAX_PRINTABLE_CHARACTERS + 4] =
- " Not bleeding, sixteen spaces of padding" " ";
- const int payload_buf_len = honest_payload_size(payload_buf);
- fixture.payload = &payload_buf[0];
- fixture.sent_payload_len = payload_buf_len;
- fixture.expected_return_value = 0;
- fixture.expected_payload_len = payload_buf_len;
- fixture.expected_return_payload =
- "Not bleeding, sixteen spaces of padding";
- EXECUTE_HEARTBEAT_TEST();
- }
- static int test_tls1_not_bleeding_empty_payload()
- {
- int payload_buf_len;
- SETUP_HEARTBEAT_TEST_FIXTURE(tls);
- /*
- * Three-byte pad at the beginning for type and payload length, plus a
- * NUL at the end
- */
- unsigned char payload_buf[4 + MAX_PRINTABLE_CHARACTERS];
- memset(payload_buf, ' ', MIN_PADDING_SIZE + 3);
- payload_buf[MIN_PADDING_SIZE + 3] = '\0';
- payload_buf_len = honest_payload_size(payload_buf);
- fixture.payload = &payload_buf[0];
- fixture.sent_payload_len = payload_buf_len;
- fixture.expected_return_value = 0;
- fixture.expected_payload_len = payload_buf_len;
- fixture.expected_return_payload = "";
- EXECUTE_HEARTBEAT_TEST();
- }
- static int test_tls1_heartbleed()
- {
- SETUP_HEARTBEAT_TEST_FIXTURE(tls);
- /* Three-byte pad at the beginning for type and payload length */
- unsigned char payload_buf[MAX_PRINTABLE_CHARACTERS + 4] =
- " HEARTBLEED ";
- fixture.payload = &payload_buf[0];
- fixture.sent_payload_len = MAX_PRINTABLE_CHARACTERS;
- fixture.expected_return_value = 0;
- fixture.expected_payload_len = 0;
- fixture.expected_return_payload = "";
- EXECUTE_HEARTBEAT_TEST();
- }
- static int test_tls1_heartbleed_empty_payload()
- {
- SETUP_HEARTBEAT_TEST_FIXTURE(tls);
- /*
- * Excluding the NUL at the end, one byte short of type + payload length
- * + minimum padding
- */
- unsigned char payload_buf[MAX_PRINTABLE_CHARACTERS + 4];
- memset(payload_buf, ' ', MIN_PADDING_SIZE + 2);
- payload_buf[MIN_PADDING_SIZE + 2] = '\0';
- fixture.payload = &payload_buf[0];
- fixture.sent_payload_len = MAX_PRINTABLE_CHARACTERS;
- fixture.expected_return_value = 0;
- fixture.expected_payload_len = 0;
- fixture.expected_return_payload = "";
- EXECUTE_HEARTBEAT_TEST();
- }
- # undef EXECUTE_HEARTBEAT_TEST
- # undef SETUP_HEARTBEAT_TEST_FIXTURE
- int main(int argc, char *argv[])
- {
- int num_failed;
- SSL_library_init();
- SSL_load_error_strings();
- num_failed = test_dtls1_not_bleeding() +
- test_dtls1_not_bleeding_empty_payload() +
- test_dtls1_heartbleed() + test_dtls1_heartbleed_empty_payload() +
- /*
- * The following test causes an assertion failure at
- * ssl/d1_pkt.c:dtls1_write_bytes() in versions prior to 1.0.1g:
- */
- (OPENSSL_VERSION_NUMBER >= 0x1000107fL ?
- test_dtls1_heartbleed_excessive_plaintext_length() : 0) +
- test_tls1_not_bleeding() +
- test_tls1_not_bleeding_empty_payload() +
- test_tls1_heartbleed() + test_tls1_heartbleed_empty_payload() + 0;
- ERR_print_errors_fp(stderr);
- if (num_failed != 0) {
- printf("%d test%s failed\n", num_failed, num_failed != 1 ? "s" : "");
- return EXIT_FAILURE;
- }
- return EXIT_SUCCESS;
- }
- #else /* OPENSSL_NO_HEARTBEATS */
- int main(int argc, char *argv[])
- {
- return EXIT_SUCCESS;
- }
- #endif /* OPENSSL_NO_HEARTBEATS */
|