• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the OpenSSL license (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 #include <string.h>
11 
12 #include "ssltestlib.h"
13 #include "testutil.h"
14 
15 static char *cert = NULL;
16 static char *privkey = NULL;
17 
18 #define TEST_PLAINTEXT_OVERFLOW_OK      0
19 #define TEST_PLAINTEXT_OVERFLOW_NOT_OK  1
20 #define TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK       2
21 #define TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK   3
22 #define TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK       4
23 #define TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK   5
24 
25 #define TOTAL_RECORD_OVERFLOW_TESTS 6
26 
write_record(BIO * b,size_t len,int rectype,int recversion)27 static int write_record(BIO *b, size_t len, int rectype, int recversion)
28 {
29     unsigned char header[SSL3_RT_HEADER_LENGTH];
30     size_t written;
31     unsigned char buf[256];
32 
33     memset(buf, 0, sizeof(buf));
34 
35     header[0] = rectype;
36     header[1] = (recversion >> 8) & 0xff;
37     header[2] = recversion & 0xff;
38     header[3] = (len >> 8) & 0xff;
39     header[4] = len & 0xff;
40 
41     if (!BIO_write_ex(b, header, SSL3_RT_HEADER_LENGTH, &written)
42             || written != SSL3_RT_HEADER_LENGTH)
43         return 0;
44 
45     while (len > 0) {
46         size_t outlen;
47 
48         if (len > sizeof(buf))
49             outlen = sizeof(buf);
50         else
51             outlen = len;
52 
53         if (!BIO_write_ex(b, buf, outlen, &written)
54                 || written != outlen)
55             return 0;
56 
57         len -= outlen;
58     }
59 
60     return 1;
61 }
62 
fail_due_to_record_overflow(int enc)63 static int fail_due_to_record_overflow(int enc)
64 {
65     long err = ERR_peek_error();
66     int reason;
67 
68     if (enc)
69         reason = SSL_R_ENCRYPTED_LENGTH_TOO_LONG;
70     else
71         reason = SSL_R_DATA_LENGTH_TOO_LONG;
72 
73     if (ERR_GET_LIB(err) == ERR_LIB_SSL
74             && ERR_GET_REASON(err) == reason)
75         return 1;
76 
77     return 0;
78 }
79 
test_record_overflow(int idx)80 static int test_record_overflow(int idx)
81 {
82     SSL_CTX *cctx = NULL, *sctx = NULL;
83     SSL *clientssl = NULL, *serverssl = NULL;
84     int testresult = 0;
85     size_t len = 0;
86     size_t written;
87     int overf_expected;
88     unsigned char buf;
89     BIO *serverbio;
90     int recversion;
91 
92 #ifdef OPENSSL_NO_TLS1_2
93     if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK
94             || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK)
95         return 1;
96 #endif
97 #ifdef OPENSSL_NO_TLS1_3
98     if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK
99             || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK)
100         return 1;
101 #endif
102 
103     ERR_clear_error();
104 
105     if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
106                                        TLS1_VERSION, TLS_MAX_VERSION,
107                                        &sctx, &cctx, cert, privkey)))
108         goto end;
109 
110     if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK
111             || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK) {
112         len = SSL3_RT_MAX_ENCRYPTED_LENGTH;
113 #ifndef OPENSSL_NO_COMP
114         len -= SSL3_RT_MAX_COMPRESSED_OVERHEAD;
115 #endif
116         SSL_CTX_set_max_proto_version(sctx, TLS1_2_VERSION);
117     } else if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK
118                || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK) {
119         len = SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH;
120     }
121 
122     if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
123                                       NULL, NULL)))
124         goto end;
125 
126     serverbio = SSL_get_rbio(serverssl);
127 
128     if (idx == TEST_PLAINTEXT_OVERFLOW_OK
129             || idx == TEST_PLAINTEXT_OVERFLOW_NOT_OK) {
130         len = SSL3_RT_MAX_PLAIN_LENGTH;
131 
132         if (idx == TEST_PLAINTEXT_OVERFLOW_NOT_OK)
133             len++;
134 
135         if (!TEST_true(write_record(serverbio, len,
136                                     SSL3_RT_HANDSHAKE, TLS1_VERSION)))
137             goto end;
138 
139         if (!TEST_int_le(SSL_accept(serverssl), 0))
140             goto end;
141 
142         overf_expected = (idx == TEST_PLAINTEXT_OVERFLOW_OK) ? 0 : 1;
143         if (!TEST_int_eq(fail_due_to_record_overflow(0), overf_expected))
144             goto end;
145 
146         goto success;
147     }
148 
149     if (!TEST_true(create_ssl_connection(serverssl, clientssl,
150                                          SSL_ERROR_NONE)))
151         goto end;
152 
153     if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK
154             || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK) {
155         overf_expected = 1;
156         len++;
157     } else {
158         overf_expected = 0;
159     }
160 
161     recversion = TLS1_2_VERSION;
162 
163     if (!TEST_true(write_record(serverbio, len, SSL3_RT_APPLICATION_DATA,
164                                 recversion)))
165         goto end;
166 
167     if (!TEST_false(SSL_read_ex(serverssl, &buf, sizeof(buf), &written)))
168         goto end;
169 
170     if (!TEST_int_eq(fail_due_to_record_overflow(1), overf_expected))
171         goto end;
172 
173  success:
174     testresult = 1;
175 
176  end:
177     SSL_free(serverssl);
178     SSL_free(clientssl);
179     SSL_CTX_free(sctx);
180     SSL_CTX_free(cctx);
181     return testresult;
182 }
183 
setup_tests(void)184 int setup_tests(void)
185 {
186     if (!TEST_ptr(cert = test_get_argument(0))
187             || !TEST_ptr(privkey = test_get_argument(1)))
188         return 0;
189 
190     ADD_ALL_TESTS(test_record_overflow, TOTAL_RECORD_OVERFLOW_TESTS);
191     return 1;
192 }
193 
cleanup_tests(void)194 void cleanup_tests(void)
195 {
196     bio_s_mempacket_test_free();
197 }
198