1 /* 2 * Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <string.h> 11 12 #include "helpers/ssltestlib.h" 13 #include "testutil.h" 14 15 static char *cert = NULL; 16 static char *privkey = NULL; 17 18 #define TEST_PLAINTEXT_OVERFLOW_OK 0 19 #define TEST_PLAINTEXT_OVERFLOW_NOT_OK 1 20 #define TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK 2 21 #define TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK 3 22 #define TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK 4 23 #define TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK 5 24 25 #define TOTAL_RECORD_OVERFLOW_TESTS 6 26 27 static int write_record(BIO *b, size_t len, int rectype, int recversion) 28 { 29 unsigned char header[SSL3_RT_HEADER_LENGTH]; 30 size_t written; 31 unsigned char buf[256]; 32 33 memset(buf, 0, sizeof(buf)); 34 35 header[0] = rectype; 36 header[1] = (recversion >> 8) & 0xff; 37 header[2] = recversion & 0xff; 38 header[3] = (len >> 8) & 0xff; 39 header[4] = len & 0xff; 40 41 if (!BIO_write_ex(b, header, SSL3_RT_HEADER_LENGTH, &written) 42 || written != SSL3_RT_HEADER_LENGTH) 43 return 0; 44 45 while (len > 0) { 46 size_t outlen; 47 48 if (len > sizeof(buf)) 49 outlen = sizeof(buf); 50 else 51 outlen = len; 52 53 if (!BIO_write_ex(b, buf, outlen, &written) 54 || written != outlen) 55 return 0; 56 57 len -= outlen; 58 } 59 60 return 1; 61 } 62 63 static int fail_due_to_record_overflow(int enc) 64 { 65 long err = ERR_peek_error(); 66 int reason; 67 68 if (enc) 69 reason = SSL_R_ENCRYPTED_LENGTH_TOO_LONG; 70 else 71 reason = SSL_R_DATA_LENGTH_TOO_LONG; 72 73 if (ERR_GET_LIB(err) == ERR_LIB_SSL 74 && ERR_GET_REASON(err) == reason) 75 return 1; 76 77 return 0; 78 } 79 80 static int test_record_overflow(int idx) 81 { 82 SSL_CTX *cctx = NULL, *sctx = NULL; 83 SSL *clientssl = NULL, *serverssl = NULL; 84 int testresult = 0; 85 size_t len = 0; 86 size_t written; 87 int overf_expected; 88 unsigned char buf; 89 BIO *serverbio; 90 int recversion; 91 92 #ifdef OPENSSL_NO_TLS1_2 93 if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK 94 || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK) 95 return 1; 96 #endif 97 #if defined(OPENSSL_NO_TLS1_3) \ 98 || (defined(OPENSSL_NO_EC) && defined(OPENSSL_NO_DH)) 99 if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK 100 || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK) 101 return 1; 102 #endif 103 104 if (!TEST_true(create_ssl_ctx_pair(NULL, TLS_server_method(), 105 TLS_client_method(), 106 TLS1_VERSION, 0, 107 &sctx, &cctx, cert, privkey))) 108 goto end; 109 110 if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_OK 111 || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK) { 112 len = SSL3_RT_MAX_ENCRYPTED_LENGTH; 113 #ifndef OPENSSL_NO_COMP 114 len -= SSL3_RT_MAX_COMPRESSED_OVERHEAD; 115 #endif 116 SSL_CTX_set_max_proto_version(sctx, TLS1_2_VERSION); 117 } else if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_OK 118 || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK) { 119 len = SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH; 120 } 121 122 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, 123 NULL, NULL))) 124 goto end; 125 126 serverbio = SSL_get_rbio(serverssl); 127 128 if (idx == TEST_PLAINTEXT_OVERFLOW_OK 129 || idx == TEST_PLAINTEXT_OVERFLOW_NOT_OK) { 130 len = SSL3_RT_MAX_PLAIN_LENGTH; 131 132 if (idx == TEST_PLAINTEXT_OVERFLOW_NOT_OK) 133 len++; 134 135 if (!TEST_true(write_record(serverbio, len, 136 SSL3_RT_HANDSHAKE, TLS1_VERSION))) 137 goto end; 138 139 if (!TEST_int_le(SSL_accept(serverssl), 0)) 140 goto end; 141 142 overf_expected = (idx == TEST_PLAINTEXT_OVERFLOW_OK) ? 0 : 1; 143 if (!TEST_int_eq(fail_due_to_record_overflow(0), overf_expected)) 144 goto end; 145 146 goto success; 147 } 148 149 if (!TEST_true(create_ssl_connection(serverssl, clientssl, 150 SSL_ERROR_NONE))) 151 goto end; 152 153 if (idx == TEST_ENCRYPTED_OVERFLOW_TLS1_2_NOT_OK 154 || idx == TEST_ENCRYPTED_OVERFLOW_TLS1_3_NOT_OK) { 155 overf_expected = 1; 156 len++; 157 } else { 158 overf_expected = 0; 159 } 160 161 recversion = TLS1_2_VERSION; 162 163 if (!TEST_true(write_record(serverbio, len, SSL3_RT_APPLICATION_DATA, 164 recversion))) 165 goto end; 166 167 if (!TEST_false(SSL_read_ex(serverssl, &buf, sizeof(buf), &written))) 168 goto end; 169 170 if (!TEST_int_eq(fail_due_to_record_overflow(1), overf_expected)) 171 goto end; 172 173 success: 174 testresult = 1; 175 176 end: 177 SSL_free(serverssl); 178 SSL_free(clientssl); 179 SSL_CTX_free(sctx); 180 SSL_CTX_free(cctx); 181 return testresult; 182 } 183 184 OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n") 185 186 int setup_tests(void) 187 { 188 if (!test_skip_common_options()) { 189 TEST_error("Error parsing test options\n"); 190 return 0; 191 } 192 193 if (!TEST_ptr(cert = test_get_argument(0)) 194 || !TEST_ptr(privkey = test_get_argument(1))) 195 return 0; 196 197 ADD_ALL_TESTS(test_record_overflow, TOTAL_RECORD_OVERFLOW_TESTS); 198 return 1; 199 } 200 201 void cleanup_tests(void) 202 { 203 bio_s_mempacket_test_free(); 204 } 205