X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=test%2Fbad_dtls_test.c;h=66b5e1d2eda8f21c8bd5ae7524eabef5f3fd2472;hp=9c478f43d92790d6550886134b8709a05d92fca8;hb=0d345f0e10b14392925479fc61b6c9072a9605a3;hpb=9cc76cc40a033ade05a2799a4de5be5f29a35ed1 diff --git a/test/bad_dtls_test.c b/test/bad_dtls_test.c index 9c478f43d9..66b5e1d2ed 100644 --- a/test/bad_dtls_test.c +++ b/test/bad_dtls_test.c @@ -1,7 +1,7 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -19,7 +19,7 @@ * Note that unlike other SSL tests, we don't test against our own SSL * server method. Firstly because we don't have one; we *only* support * DTLS1_BAD_VER as a client. And secondly because even if that were - * fixed up it's the wrong thing to test against — because if changes + * fixed up it's the wrong thing to test against - because if changes * are made in generic DTLS code which don't take DTLS1_BAD_VER into * account, there's plenty of scope for making those changes such that * they break *both* the client and the server in the same way. @@ -37,9 +37,9 @@ #include #include #include - -#include "../ssl/packet_locl.h" -#include "../e_os.h" /* for OSSL_NELEM() */ +#include "internal/packet.h" +#include "internal/nelem.h" +#include "testutil.h" /* For DTLS1_BAD_VER packets the MAC doesn't include the handshake header */ #define MAC_OFFSET (DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH) @@ -111,29 +111,14 @@ static SSL_SESSION *client_session(void) return d2i_SSL_SESSION(NULL, &p, sizeof(session_asn1)); } -/* PACKET_equal() doesn't quite do what we need. Provide a version that - * does, in a form that can easily be moved to ssl_locl.h if anyone else - * cares to come up with a better name and use it too... */ -__owur static ossl_inline int PACKET_starts(PACKET *pkt, const void *ptr, - size_t num) -{ - if (PACKET_remaining(pkt) < num) - return 0; - if (CRYPTO_memcmp(pkt->curr, ptr, num) != 0) - return 0; - - packet_forward(pkt, num); - return 1; -} - /* Returns 1 for initial ClientHello, 2 for ClientHello with cookie */ static int validate_client_hello(BIO *wbio) { - PACKET pkt; + PACKET pkt, pkt2; long len; unsigned char *data; int cookie_found = 0; - unsigned int u; + unsigned int u = 0; len = BIO_get_mem_data(wbio, (char **)&data); if (!PACKET_buf_init(&pkt, data, len)) @@ -165,16 +150,15 @@ static int validate_client_hello(BIO *wbio) return 0; /* Check session id length and content */ - if (!PACKET_get_1(&pkt, &u)) - return 0; - if (u != sizeof(session_id) || !PACKET_starts(&pkt, session_id, u)) + if (!PACKET_get_length_prefixed_1(&pkt, &pkt2) || + !PACKET_equal(&pkt2, session_id, sizeof(session_id))) return 0; /* Check cookie */ - if (!PACKET_get_1(&pkt, &u)) + if (!PACKET_get_length_prefixed_1(&pkt, &pkt2)) return 0; - if (u) { - if (u != sizeof(cookie) || !PACKET_starts(&pkt, cookie, u)) + if (PACKET_remaining(&pkt2)) { + if (!PACKET_equal(&pkt2, cookie, sizeof(cookie))) return 0; cookie_found = 1; } @@ -198,7 +182,7 @@ static int validate_client_hello(BIO *wbio) /* Update handshake MAC for second ClientHello (with cookie) */ if (cookie_found && !EVP_DigestUpdate(handshake_md, data + MAC_OFFSET, len - MAC_OFFSET)) - printf("EVP_DigestUpdate() failed\n"); + return 0; (void)BIO_reset(wbio); @@ -275,7 +259,7 @@ static int send_server_hello(BIO *rbio) if (!EVP_DigestUpdate(handshake_md, server_hello + MAC_OFFSET, sizeof(server_hello) - MAC_OFFSET)) - printf("EVP_DigestUpdate() failed\n"); + return 0; BIO_write(rbio, server_hello, sizeof(server_hello)); BIO_write(rbio, change_cipher_spec, sizeof(change_cipher_spec)); @@ -284,7 +268,7 @@ static int send_server_hello(BIO *rbio) } /* Create header, HMAC, pad, encrypt and send a record */ -static int send_record(BIO *rbio, unsigned char type, unsigned long seqnr, +static int send_record(BIO *rbio, unsigned char type, uint64_t seqnr, const void *msg, size_t len) { /* Note that the order of the record header fields on the wire, @@ -300,10 +284,8 @@ static int send_record(BIO *rbio, unsigned char type, unsigned long seqnr, unsigned char pad; unsigned char *enc; -#ifdef SIXTY_FOUR_BIT_LONG seq[0] = (seqnr >> 40) & 0xff; seq[1] = (seqnr >> 32) & 0xff; -#endif seq[2] = (seqnr >> 24) & 0xff; seq[3] = (seqnr >> 16) & 0xff; seq[4] = (seqnr >> 8) & 0xff; @@ -324,8 +306,8 @@ static int send_record(BIO *rbio, unsigned char type, unsigned long seqnr, HMAC_Update(ctx, seq, 6); HMAC_Update(ctx, &type, 1); HMAC_Update(ctx, ver, 2); /* Version */ - lenbytes[0] = len >> 8; - lenbytes[1] = len & 0xff; + lenbytes[0] = (unsigned char)(len >> 8); + lenbytes[1] = (unsigned char)(len); HMAC_Update(ctx, lenbytes, 2); /* Length */ HMAC_Update(ctx, enc, len); /* Finally the data itself */ HMAC_Final(ctx, enc + len, NULL); @@ -349,8 +331,8 @@ static int send_record(BIO *rbio, unsigned char type, unsigned long seqnr, BIO_write(rbio, ver, 2); BIO_write(rbio, epoch, 2); BIO_write(rbio, seq, 6); - lenbytes[0] = (len + sizeof(iv)) >> 8; - lenbytes[1] = (len + sizeof(iv)) & 0xff; + lenbytes[0] = (unsigned char)((len + sizeof(iv)) >> 8); + lenbytes[1] = (unsigned char)(len + sizeof(iv)); BIO_write(rbio, lenbytes, 2); BIO_write(rbio, iv, sizeof(iv)); @@ -381,7 +363,7 @@ static int send_finished(SSL *s, BIO *rbio) /* Generate Finished MAC */ if (!EVP_DigestFinal_ex(handshake_md, handshake_hash, NULL)) - printf("EVP_DigestFinal_ex() failed\n"); + return 0; do_PRF(TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE, handshake_hash, EVP_MD_CTX_size(handshake_md), @@ -444,7 +426,7 @@ static int validate_ccs(BIO *wbio) #define DROP(x) { x##UL, 1 } static struct { - unsigned long seq; + uint64_t seq; int drop; } tests[] = { NODROP(1), NODROP(3), NODROP(2), @@ -459,123 +441,99 @@ static struct { /* The last test should be NODROP, because a DROP wouldn't get tested. */ }; -int main(int argc, char *argv[]) +static int test_bad_dtls(void) { - SSL_SESSION *sess; - SSL_CTX *ctx; - SSL *con; - BIO *rbio; - BIO *wbio; - BIO *err; + SSL_SESSION *sess = NULL; + SSL_CTX *ctx = NULL; + SSL *con = NULL; + BIO *rbio = NULL; + BIO *wbio = NULL; + time_t now = 0; int testresult = 0; int ret; int i; - err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); - - CRYPTO_set_mem_debug(1); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - RAND_bytes(session_id, sizeof(session_id)); RAND_bytes(master_secret, sizeof(master_secret)); RAND_bytes(cookie, sizeof(cookie)); RAND_bytes(server_random + 4, sizeof(server_random) - 4); - time((void *)server_random); + + now = time(NULL); + memcpy(server_random, &now, sizeof(now)); sess = client_session(); - if (sess == NULL) { - printf("Failed to generate SSL_SESSION\n"); + if (!TEST_ptr(sess)) goto end; - } handshake_md = EVP_MD_CTX_new(); - if (handshake_md == NULL || - !EVP_DigestInit_ex(handshake_md, EVP_md5_sha1(), NULL)) { - printf("Failed to initialise handshake_md\n"); + if (!TEST_ptr(handshake_md) + || !TEST_true(EVP_DigestInit_ex(handshake_md, EVP_md5_sha1(), + NULL))) goto end; - } ctx = SSL_CTX_new(DTLS_client_method()); - if (ctx == NULL) { - printf("Failed to allocate SSL_CTX\n"); - goto end_md; - } - if (!SSL_CTX_set_min_proto_version(ctx, DTLS1_BAD_VER)) { - printf("SSL_CTX_set_min_proto_version() failed\n"); - goto end_ctx; - } - if (!SSL_CTX_set_max_proto_version(ctx, DTLS1_BAD_VER)) { - printf("SSL_CTX_set_max_proto_version() failed\n"); - goto end_ctx; - } - - if (!SSL_CTX_set_cipher_list(ctx, "AES128-SHA")) { - printf("SSL_CTX_set_cipher_list() failed\n"); - goto end_ctx; - } + if (!TEST_ptr(ctx) + || !TEST_true(SSL_CTX_set_min_proto_version(ctx, DTLS1_BAD_VER)) + || !TEST_true(SSL_CTX_set_max_proto_version(ctx, DTLS1_BAD_VER)) + || !TEST_true(SSL_CTX_set_cipher_list(ctx, "AES128-SHA"))) + goto end; con = SSL_new(ctx); - if (!SSL_set_session(con, sess)) { - printf("SSL_set_session() failed\n"); - goto end_con; - } + if (!TEST_ptr(con) + || !TEST_true(SSL_set_session(con, sess))) + goto end; SSL_SESSION_free(sess); rbio = BIO_new(BIO_s_mem()); wbio = BIO_new(BIO_s_mem()); - BIO_set_nbio(rbio, 1); - BIO_set_nbio(wbio, 1); + if (!TEST_ptr(rbio) + || !TEST_ptr(wbio)) + goto end; SSL_set_bio(con, rbio, wbio); + + if (!TEST_true(BIO_up_ref(rbio))) { + /* + * We can't up-ref but we assigned ownership to con, so we shouldn't + * free in the "end" block + */ + rbio = wbio = NULL; + goto end; + } + + if (!TEST_true(BIO_up_ref(wbio))) { + wbio = NULL; + goto end; + } + SSL_set_connect_state(con); /* Send initial ClientHello */ ret = SSL_do_handshake(con); - if (ret > 0 || SSL_get_error(con, ret) != SSL_ERROR_WANT_READ) { - printf("Unexpected handshake result at initial call!\n"); - goto end_con; - } + if (!TEST_int_le(ret, 0) + || !TEST_int_eq(SSL_get_error(con, ret), SSL_ERROR_WANT_READ) + || !TEST_int_eq(validate_client_hello(wbio), 1) + || !TEST_true(send_hello_verify(rbio))) + goto end; - if (validate_client_hello(wbio) != 1) { - printf("Initial ClientHello failed validation\n"); - goto end_con; - } - if (send_hello_verify(rbio) != 1) { - printf("Failed to send HelloVerify\n"); - goto end_con; - } ret = SSL_do_handshake(con); - if (ret > 0 || SSL_get_error(con, ret) != SSL_ERROR_WANT_READ) { - printf("Unexpected handshake result after HelloVerify!\n"); - goto end_con; - } - if (validate_client_hello(wbio) != 2) { - printf("Second ClientHello failed validation\n"); - goto end_con; - } - if (send_server_hello(rbio) != 1) { - printf("Failed to send ServerHello\n"); - goto end_con; - } + if (!TEST_int_le(ret, 0) + || !TEST_int_eq(SSL_get_error(con, ret), SSL_ERROR_WANT_READ) + || !TEST_int_eq(validate_client_hello(wbio), 2) + || !TEST_true(send_server_hello(rbio))) + goto end; + ret = SSL_do_handshake(con); - if (ret > 0 || SSL_get_error(con, ret) != SSL_ERROR_WANT_READ) { - printf("Unexpected handshake result after ServerHello!\n"); - goto end_con; - } - if (send_finished(con, rbio) != 1) { - printf("Failed to send Finished\n"); - goto end_con; - } + if (!TEST_int_le(ret, 0) + || !TEST_int_eq(SSL_get_error(con, ret), SSL_ERROR_WANT_READ) + || !TEST_true(send_finished(con, rbio))) + goto end; + ret = SSL_do_handshake(con); - if (ret < 1) { - printf("Handshake not successful after Finished!\n"); - goto end_con; - } - if (validate_ccs(wbio) != 1) { - printf("Failed to validate client CCS/Finished\n"); - goto end_con; - } + if (!TEST_int_gt(ret, 0) + || !TEST_true(validate_ccs(wbio))) + goto end; /* While we're here and crafting packets by hand, we might as well do a bit of a stress test on the DTLS record replay handling. Not Cisco-DTLS @@ -583,55 +541,46 @@ int main(int argc, char *argv[]) before, and in fact was broken even for a basic 0, 2, 1 test case when this test was first added.... */ for (i = 0; i < (int)OSSL_NELEM(tests); i++) { - unsigned long recv_buf[2]; + uint64_t recv_buf[2]; - if (send_record(rbio, SSL3_RT_APPLICATION_DATA, tests[i].seq, - &tests[i].seq, sizeof(unsigned long)) != 1) { - printf("Failed to send data seq #0x%lx (%d)\n", - tests[i].seq, i); - goto end_con; + if (!TEST_true(send_record(rbio, SSL3_RT_APPLICATION_DATA, tests[i].seq, + &tests[i].seq, sizeof(uint64_t)))) { + TEST_error("Failed to send data seq #0x%x%08x (%d)\n", + (unsigned int)(tests[i].seq >> 32), (unsigned int)tests[i].seq, i); + goto end; } if (tests[i].drop) continue; - ret = SSL_read(con, recv_buf, 2 * sizeof(unsigned long)); - if (ret != sizeof(unsigned long)) { - printf("SSL_read failed or wrong size on seq#0x%lx (%d)\n", - tests[i].seq, i); - goto end_con; - } - if (recv_buf[0] != tests[i].seq) { - printf("Wrong data packet received (0x%lx not 0x%lx) at packet %d\n", - recv_buf[0], tests[i].seq, i); - goto end_con; + ret = SSL_read(con, recv_buf, 2 * sizeof(uint64_t)); + if (!TEST_int_eq(ret, (int)sizeof(uint64_t))) { + TEST_error("SSL_read failed or wrong size on seq#0x%x%08x (%d)\n", + (unsigned int)(tests[i].seq >> 32), (unsigned int)tests[i].seq, i); + goto end; } + if (!TEST_true(recv_buf[0] == tests[i].seq)) + goto end; } - if (tests[i-1].drop) { - printf("Error: last test cannot be DROP()\n"); - goto end_con; - } - testresult=1; - end_con: + /* The last test cannot be DROP() */ + if (!TEST_false(tests[i-1].drop)) + goto end; + + testresult = 1; + + end: + BIO_free(rbio); + BIO_free(wbio); SSL_free(con); - end_ctx: SSL_CTX_free(ctx); - end_md: EVP_MD_CTX_free(handshake_md); - end: - ERR_print_errors_fp(stderr); - - if (!testresult) { - printf("Cisco BadDTLS test: FAILED\n"); - } + return testresult; +} -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - if (CRYPTO_mem_leaks(err) <= 0) - testresult = 0; -#endif - BIO_free(err); - - return testresult?0:1; +int setup_tests(void) +{ + ADD_TEST(test_bad_dtls); + return 1; }