diff options
author | marha <marha@users.sourceforge.net> | 2015-02-22 21:39:56 +0100 |
---|---|---|
committer | marha <marha@users.sourceforge.net> | 2015-02-22 21:39:56 +0100 |
commit | 462f18c7b25fe3e467f837647d07ab0a78aa8d2b (patch) | |
tree | fc8013c0a1bac05a1945846c1697e973f4c35013 /openssl/ssl/heartbeat_test.c | |
parent | 36f711ee12b6dd5184198abed3aa551efb585587 (diff) | |
download | vcxsrv-462f18c7b25fe3e467f837647d07ab0a78aa8d2b.tar.gz vcxsrv-462f18c7b25fe3e467f837647d07ab0a78aa8d2b.tar.bz2 vcxsrv-462f18c7b25fe3e467f837647d07ab0a78aa8d2b.zip |
Merged origin/release (checked in because wanted to merge new stuff)
Diffstat (limited to 'openssl/ssl/heartbeat_test.c')
-rw-r--r-- | openssl/ssl/heartbeat_test.c | 764 |
1 files changed, 386 insertions, 378 deletions
diff --git a/openssl/ssl/heartbeat_test.c b/openssl/ssl/heartbeat_test.c index de9d39761..7623c36cc 100644 --- a/openssl/ssl/heartbeat_test.c +++ b/openssl/ssl/heartbeat_test.c @@ -1,5 +1,5 @@ /* test/heartbeat_test.c */ -/* +/*- * Unit test for TLS heartbeats. * * Acts as a regression test against the Heartbleed bug (CVE-2014-0160). @@ -51,416 +51,424 @@ #if !defined(OPENSSL_NO_HEARTBEATS) && !defined(OPENSSL_NO_UNIT_TEST) /* As per https://tools.ietf.org/html/rfc6520#section-4 */ -#define MIN_PADDING_SIZE 16 +# define MIN_PADDING_SIZE 16 /* Maximum number of payload characters to print as test output */ -#define MAX_PRINTABLE_CHARACTERS 1024 - -typedef struct heartbeat_test_fixture - { - SSL_CTX *ctx; - SSL *s; - const char* test_case_name; - int (*process_heartbeat)(SSL* s); - unsigned char* payload; - int sent_payload_len; - int expected_return_value; - int return_payload_offset; - int expected_payload_len; - const char* expected_return_payload; - } HEARTBEAT_TEST_FIXTURE; - -static HEARTBEAT_TEST_FIXTURE set_up(const char* const test_case_name, - const SSL_METHOD* meth) - { - HEARTBEAT_TEST_FIXTURE fixture; - int setup_ok = 1; - memset(&fixture, 0, sizeof(fixture)); - fixture.test_case_name = test_case_name; - - fixture.ctx = SSL_CTX_new(meth); - if (!fixture.ctx) - { - fprintf(stderr, "Failed to allocate SSL_CTX for test: %s\n", - test_case_name); - setup_ok = 0; - goto fail; - } - - fixture.s = SSL_new(fixture.ctx); - if (!fixture.s) - { - fprintf(stderr, "Failed to allocate SSL for test: %s\n", test_case_name); - setup_ok = 0; - goto fail; - } - - if (!ssl_init_wbio_buffer(fixture.s, 1)) - { - fprintf(stderr, "Failed to set up wbio buffer for test: %s\n", - test_case_name); - setup_ok = 0; - goto fail; - } - - if (!ssl3_setup_buffers(fixture.s)) - { - fprintf(stderr, "Failed to setup buffers for test: %s\n", - test_case_name); - setup_ok = 0; - goto fail; - } - - /* Clear the memory for the return buffer, since this isn't automatically - * zeroed in opt mode and will cause spurious test failures that will change - * with each execution. - */ - memset(fixture.s->s3->wbuf.buf, 0, fixture.s->s3->wbuf.len); - - fail: - if (!setup_ok) - { - ERR_print_errors_fp(stderr); - exit(EXIT_FAILURE); - } - return fixture; - } - -static HEARTBEAT_TEST_FIXTURE set_up_dtls(const char* const test_case_name) - { - HEARTBEAT_TEST_FIXTURE fixture = set_up(test_case_name, - DTLSv1_server_method()); - fixture.process_heartbeat = dtls1_process_heartbeat; - - /* As per dtls1_get_record(), skipping the following from the beginning of - * the returned heartbeat message: - * type-1 byte; version-2 bytes; sequence number-8 bytes; length-2 bytes - * - * And then skipping the 1-byte type encoded by process_heartbeat for - * a total of 14 bytes, at which point we can grab the length and the - * payload we seek. - */ - fixture.return_payload_offset = 14; - return fixture; - } +# define MAX_PRINTABLE_CHARACTERS 1024 + +typedef struct heartbeat_test_fixture { + SSL_CTX *ctx; + SSL *s; + const char *test_case_name; + int (*process_heartbeat) (SSL *s); + unsigned char *payload; + int sent_payload_len; + int expected_return_value; + int return_payload_offset; + int expected_payload_len; + const char *expected_return_payload; +} HEARTBEAT_TEST_FIXTURE; + +static HEARTBEAT_TEST_FIXTURE set_up(const char *const test_case_name, + const SSL_METHOD *meth) +{ + HEARTBEAT_TEST_FIXTURE fixture; + int setup_ok = 1; + memset(&fixture, 0, sizeof(fixture)); + fixture.test_case_name = test_case_name; + + fixture.ctx = SSL_CTX_new(meth); + if (!fixture.ctx) { + fprintf(stderr, "Failed to allocate SSL_CTX for test: %s\n", + test_case_name); + setup_ok = 0; + goto fail; + } + + fixture.s = SSL_new(fixture.ctx); + if (!fixture.s) { + fprintf(stderr, "Failed to allocate SSL for test: %s\n", + test_case_name); + setup_ok = 0; + goto fail; + } + + if (!ssl_init_wbio_buffer(fixture.s, 1)) { + fprintf(stderr, "Failed to set up wbio buffer for test: %s\n", + test_case_name); + setup_ok = 0; + goto fail; + } + + if (!ssl3_setup_buffers(fixture.s)) { + fprintf(stderr, "Failed to setup buffers for test: %s\n", + test_case_name); + setup_ok = 0; + goto fail; + } + + /* + * Clear the memory for the return buffer, since this isn't automatically + * zeroed in opt mode and will cause spurious test failures that will + * change with each execution. + */ + memset(fixture.s->s3->wbuf.buf, 0, fixture.s->s3->wbuf.len); + + fail: + if (!setup_ok) { + ERR_print_errors_fp(stderr); + exit(EXIT_FAILURE); + } + return fixture; +} + +static HEARTBEAT_TEST_FIXTURE set_up_dtls(const char *const test_case_name) +{ + HEARTBEAT_TEST_FIXTURE fixture = set_up(test_case_name, + DTLSv1_server_method()); + fixture.process_heartbeat = dtls1_process_heartbeat; + + /* + * As per dtls1_get_record(), skipping the following from the beginning + * of the returned heartbeat message: type-1 byte; version-2 bytes; + * sequence number-8 bytes; length-2 bytes And then skipping the 1-byte + * type encoded by process_heartbeat for a total of 14 bytes, at which + * point we can grab the length and the payload we seek. + */ + fixture.return_payload_offset = 14; + return fixture; +} /* Needed by ssl3_write_bytes() */ -static int dummy_handshake(SSL* s) - { - return 1; - } - -static HEARTBEAT_TEST_FIXTURE set_up_tls(const char* const test_case_name) - { - HEARTBEAT_TEST_FIXTURE fixture = set_up(test_case_name, - TLSv1_server_method()); - fixture.process_heartbeat = tls1_process_heartbeat; - fixture.s->handshake_func = dummy_handshake; - - /* As per do_ssl3_write(), skipping the following from the beginning of - * the returned heartbeat message: - * type-1 byte; version-2 bytes; length-2 bytes - * - * And then skipping the 1-byte type encoded by process_heartbeat for - * a total of 6 bytes, at which point we can grab the length and the payload - * we seek. - */ - fixture.return_payload_offset = 6; - return fixture; - } +static int dummy_handshake(SSL *s) +{ + return 1; +} + +static HEARTBEAT_TEST_FIXTURE set_up_tls(const char *const test_case_name) +{ + HEARTBEAT_TEST_FIXTURE fixture = set_up(test_case_name, + TLSv1_server_method()); + fixture.process_heartbeat = tls1_process_heartbeat; + fixture.s->handshake_func = dummy_handshake; + + /* + * As per do_ssl3_write(), skipping the following from the beginning of + * the returned heartbeat message: type-1 byte; version-2 bytes; length-2 + * bytes And then skipping the 1-byte type encoded by process_heartbeat + * for a total of 6 bytes, at which point we can grab the length and the + * payload we seek. + */ + fixture.return_payload_offset = 6; + return fixture; +} static void tear_down(HEARTBEAT_TEST_FIXTURE fixture) - { - ERR_print_errors_fp(stderr); - SSL_free(fixture.s); - SSL_CTX_free(fixture.ctx); - } - -static void print_payload(const char* const prefix, - const unsigned char *payload, const int n) - { - const int end = n < MAX_PRINTABLE_CHARACTERS ? n - : MAX_PRINTABLE_CHARACTERS; - int i = 0; - - printf("%s %d character%s", prefix, n, n == 1 ? "" : "s"); - if (end != n) printf(" (first %d shown)", end); - printf("\n \""); - - for (; i != end; ++i) - { - const unsigned char c = payload[i]; - if (isprint(c)) fputc(c, stdout); - else printf("\\x%02x", c); - } - printf("\"\n"); - } +{ + ERR_print_errors_fp(stderr); + SSL_free(fixture.s); + SSL_CTX_free(fixture.ctx); +} + +static void print_payload(const char *const prefix, + const unsigned char *payload, const int n) +{ + const int end = n < MAX_PRINTABLE_CHARACTERS ? n + : MAX_PRINTABLE_CHARACTERS; + int i = 0; + + printf("%s %d character%s", prefix, n, n == 1 ? "" : "s"); + if (end != n) + printf(" (first %d shown)", end); + printf("\n \""); + + for (; i != end; ++i) { + const unsigned char c = payload[i]; + if (isprint(c)) + fputc(c, stdout); + else + printf("\\x%02x", c); + } + printf("\"\n"); +} static int execute_heartbeat(HEARTBEAT_TEST_FIXTURE fixture) - { - int result = 0; - SSL* s = fixture.s; - unsigned char *payload = fixture.payload; - unsigned char sent_buf[MAX_PRINTABLE_CHARACTERS + 1]; - int return_value; - unsigned const char *p; - int actual_payload_len; - - s->s3->rrec.data = payload; - s->s3->rrec.length = strlen((const char*)payload); - *payload++ = TLS1_HB_REQUEST; - s2n(fixture.sent_payload_len, payload); - - /* Make a local copy of the request, since it gets overwritten at some - * point */ - memcpy((char *)sent_buf, (const char*)payload, sizeof(sent_buf)); - - return_value = fixture.process_heartbeat(s); - - if (return_value != fixture.expected_return_value) - { - printf("%s failed: expected return value %d, received %d\n", - fixture.test_case_name, fixture.expected_return_value, - return_value); - result = 1; - } - - /* If there is any byte alignment, it will be stored in wbuf.offset. */ - p = &(s->s3->wbuf.buf[ - fixture.return_payload_offset + s->s3->wbuf.offset]); - actual_payload_len = 0; - n2s(p, actual_payload_len); - - if (actual_payload_len != fixture.expected_payload_len) - { - printf("%s failed:\n expected payload len: %d\n received: %d\n", - fixture.test_case_name, fixture.expected_payload_len, - actual_payload_len); - print_payload("sent", sent_buf, strlen((const char*)sent_buf)); - print_payload("received", p, actual_payload_len); - result = 1; - } - else - { - char* actual_payload = BUF_strndup((const char*)p, actual_payload_len); - if (strcmp(actual_payload, fixture.expected_return_payload) != 0) - { - printf("%s failed:\n expected payload: \"%s\"\n received: \"%s\"\n", - fixture.test_case_name, fixture.expected_return_payload, - actual_payload); - result = 1; - } - OPENSSL_free(actual_payload); - } - - if (result != 0) - { - printf("** %s failed **\n--------\n", fixture.test_case_name); - } - return result; - } +{ + int result = 0; + SSL *s = fixture.s; + unsigned char *payload = fixture.payload; + unsigned char sent_buf[MAX_PRINTABLE_CHARACTERS + 1]; + int return_value; + unsigned const char *p; + int actual_payload_len; + + s->s3->rrec.data = payload; + s->s3->rrec.length = strlen((const char *)payload); + *payload++ = TLS1_HB_REQUEST; + s2n(fixture.sent_payload_len, payload); + + /* + * Make a local copy of the request, since it gets overwritten at some + * point + */ + memcpy((char *)sent_buf, (const char *)payload, sizeof(sent_buf)); + + return_value = fixture.process_heartbeat(s); + + if (return_value != fixture.expected_return_value) { + printf("%s failed: expected return value %d, received %d\n", + fixture.test_case_name, fixture.expected_return_value, + return_value); + result = 1; + } + + /* + * If there is any byte alignment, it will be stored in wbuf.offset. + */ + p = &(s->s3-> + wbuf.buf[fixture.return_payload_offset + s->s3->wbuf.offset]); + actual_payload_len = 0; + n2s(p, actual_payload_len); + + if (actual_payload_len != fixture.expected_payload_len) { + printf("%s failed:\n expected payload len: %d\n received: %d\n", + fixture.test_case_name, fixture.expected_payload_len, + actual_payload_len); + print_payload("sent", sent_buf, strlen((const char *)sent_buf)); + print_payload("received", p, actual_payload_len); + result = 1; + } else { + char *actual_payload = + BUF_strndup((const char *)p, actual_payload_len); + if (strcmp(actual_payload, fixture.expected_return_payload) != 0) { + printf + ("%s failed:\n expected payload: \"%s\"\n received: \"%s\"\n", + fixture.test_case_name, fixture.expected_return_payload, + actual_payload); + result = 1; + } + OPENSSL_free(actual_payload); + } + + if (result != 0) { + printf("** %s failed **\n--------\n", fixture.test_case_name); + } + return result; +} static int honest_payload_size(unsigned char payload_buf[]) - { - /* Omit three-byte pad at the beginning for type and payload length */ - return strlen((const char*)&payload_buf[3]) - MIN_PADDING_SIZE; - } +{ + /* Omit three-byte pad at the beginning for type and payload length */ + return strlen((const char *)&payload_buf[3]) - MIN_PADDING_SIZE; +} -#define SETUP_HEARTBEAT_TEST_FIXTURE(type)\ +# define SETUP_HEARTBEAT_TEST_FIXTURE(type)\ SETUP_TEST_FIXTURE(HEARTBEAT_TEST_FIXTURE, set_up_##type) -#define EXECUTE_HEARTBEAT_TEST()\ +# define EXECUTE_HEARTBEAT_TEST()\ EXECUTE_TEST(execute_heartbeat, tear_down) static int test_dtls1_not_bleeding() - { - SETUP_HEARTBEAT_TEST_FIXTURE(dtls); - /* Three-byte pad at the beginning for type and payload length */ - unsigned char payload_buf[] = " Not bleeding, sixteen spaces of padding" - " "; - const int payload_buf_len = honest_payload_size(payload_buf); - - fixture.payload = &payload_buf[0]; - fixture.sent_payload_len = payload_buf_len; - fixture.expected_return_value = 0; - fixture.expected_payload_len = payload_buf_len; - fixture.expected_return_payload = "Not bleeding, sixteen spaces of padding"; - EXECUTE_HEARTBEAT_TEST(); - } +{ + SETUP_HEARTBEAT_TEST_FIXTURE(dtls); + /* Three-byte pad at the beginning for type and payload length */ + unsigned char payload_buf[MAX_PRINTABLE_CHARACTERS + 4] = + " Not bleeding, sixteen spaces of padding" " "; + const int payload_buf_len = honest_payload_size(payload_buf); + + fixture.payload = &payload_buf[0]; + fixture.sent_payload_len = payload_buf_len; + fixture.expected_return_value = 0; + fixture.expected_payload_len = payload_buf_len; + fixture.expected_return_payload = + "Not bleeding, sixteen spaces of padding"; + EXECUTE_HEARTBEAT_TEST(); +} static int test_dtls1_not_bleeding_empty_payload() - { - int payload_buf_len; - - SETUP_HEARTBEAT_TEST_FIXTURE(dtls); - /* Three-byte pad at the beginning for type and payload length, plus a NUL - * at the end */ - unsigned char payload_buf[4 + MIN_PADDING_SIZE]; - memset(payload_buf, ' ', sizeof(payload_buf)); - payload_buf[sizeof(payload_buf) - 1] = '\0'; - payload_buf_len = honest_payload_size(payload_buf); - - fixture.payload = &payload_buf[0]; - fixture.sent_payload_len = payload_buf_len; - fixture.expected_return_value = 0; - fixture.expected_payload_len = payload_buf_len; - fixture.expected_return_payload = ""; - EXECUTE_HEARTBEAT_TEST(); - } +{ + int payload_buf_len; + + SETUP_HEARTBEAT_TEST_FIXTURE(dtls); + /* + * Three-byte pad at the beginning for type and payload length, plus a + * NUL at the end + */ + unsigned char payload_buf[4 + MAX_PRINTABLE_CHARACTERS]; + memset(payload_buf, ' ', MIN_PADDING_SIZE + 3); + payload_buf[MIN_PADDING_SIZE + 3] = '\0'; + payload_buf_len = honest_payload_size(payload_buf); + + fixture.payload = &payload_buf[0]; + fixture.sent_payload_len = payload_buf_len; + fixture.expected_return_value = 0; + fixture.expected_payload_len = payload_buf_len; + fixture.expected_return_payload = ""; + EXECUTE_HEARTBEAT_TEST(); +} static int test_dtls1_heartbleed() - { - SETUP_HEARTBEAT_TEST_FIXTURE(dtls); - /* Three-byte pad at the beginning for type and payload length */ - unsigned char payload_buf[] = " HEARTBLEED "; - - fixture.payload = &payload_buf[0]; - fixture.sent_payload_len = MAX_PRINTABLE_CHARACTERS; - fixture.expected_return_value = 0; - fixture.expected_payload_len = 0; - fixture.expected_return_payload = ""; - EXECUTE_HEARTBEAT_TEST(); - } +{ + SETUP_HEARTBEAT_TEST_FIXTURE(dtls); + /* Three-byte pad at the beginning for type and payload length */ + unsigned char payload_buf[4 + MAX_PRINTABLE_CHARACTERS] = + " HEARTBLEED "; + + fixture.payload = &payload_buf[0]; + fixture.sent_payload_len = MAX_PRINTABLE_CHARACTERS; + fixture.expected_return_value = 0; + fixture.expected_payload_len = 0; + fixture.expected_return_payload = ""; + EXECUTE_HEARTBEAT_TEST(); +} static int test_dtls1_heartbleed_empty_payload() - { - SETUP_HEARTBEAT_TEST_FIXTURE(dtls); - /* Excluding the NUL at the end, one byte short of type + payload length + - * minimum padding */ - unsigned char payload_buf[MIN_PADDING_SIZE + 3]; - memset(payload_buf, ' ', sizeof(payload_buf)); - payload_buf[sizeof(payload_buf) - 1] = '\0'; - - fixture.payload = &payload_buf[0]; - fixture.sent_payload_len = MAX_PRINTABLE_CHARACTERS; - fixture.expected_return_value = 0; - fixture.expected_payload_len = 0; - fixture.expected_return_payload = ""; - EXECUTE_HEARTBEAT_TEST(); - } +{ + SETUP_HEARTBEAT_TEST_FIXTURE(dtls); + /* + * Excluding the NUL at the end, one byte short of type + payload length + * + minimum padding + */ + unsigned char payload_buf[MAX_PRINTABLE_CHARACTERS + 4]; + memset(payload_buf, ' ', MIN_PADDING_SIZE + 2); + payload_buf[MIN_PADDING_SIZE + 2] = '\0'; + + fixture.payload = &payload_buf[0]; + fixture.sent_payload_len = MAX_PRINTABLE_CHARACTERS; + fixture.expected_return_value = 0; + fixture.expected_payload_len = 0; + fixture.expected_return_payload = ""; + EXECUTE_HEARTBEAT_TEST(); +} static int test_dtls1_heartbleed_excessive_plaintext_length() - { - SETUP_HEARTBEAT_TEST_FIXTURE(dtls); - /* Excluding the NUL at the end, one byte in excess of maximum allowed - * heartbeat message length */ - unsigned char payload_buf[SSL3_RT_MAX_PLAIN_LENGTH + 2]; - memset(payload_buf, ' ', sizeof(payload_buf)); - payload_buf[sizeof(payload_buf) - 1] = '\0'; - - fixture.payload = &payload_buf[0]; - fixture.sent_payload_len = honest_payload_size(payload_buf); - fixture.expected_return_value = 0; - fixture.expected_payload_len = 0; - fixture.expected_return_payload = ""; - EXECUTE_HEARTBEAT_TEST(); - } +{ + SETUP_HEARTBEAT_TEST_FIXTURE(dtls); + /* + * Excluding the NUL at the end, one byte in excess of maximum allowed + * heartbeat message length + */ + unsigned char payload_buf[SSL3_RT_MAX_PLAIN_LENGTH + 2]; + memset(payload_buf, ' ', sizeof(payload_buf)); + payload_buf[sizeof(payload_buf) - 1] = '\0'; + + fixture.payload = &payload_buf[0]; + fixture.sent_payload_len = honest_payload_size(payload_buf); + fixture.expected_return_value = 0; + fixture.expected_payload_len = 0; + fixture.expected_return_payload = ""; + EXECUTE_HEARTBEAT_TEST(); +} static int test_tls1_not_bleeding() - { - SETUP_HEARTBEAT_TEST_FIXTURE(tls); - /* Three-byte pad at the beginning for type and payload length */ - unsigned char payload_buf[] = " Not bleeding, sixteen spaces of padding" - " "; - const int payload_buf_len = honest_payload_size(payload_buf); - - fixture.payload = &payload_buf[0]; - fixture.sent_payload_len = payload_buf_len; - fixture.expected_return_value = 0; - fixture.expected_payload_len = payload_buf_len; - fixture.expected_return_payload = "Not bleeding, sixteen spaces of padding"; - EXECUTE_HEARTBEAT_TEST(); - } +{ + SETUP_HEARTBEAT_TEST_FIXTURE(tls); + /* Three-byte pad at the beginning for type and payload length */ + unsigned char payload_buf[MAX_PRINTABLE_CHARACTERS + 4] = + " Not bleeding, sixteen spaces of padding" " "; + const int payload_buf_len = honest_payload_size(payload_buf); + + fixture.payload = &payload_buf[0]; + fixture.sent_payload_len = payload_buf_len; + fixture.expected_return_value = 0; + fixture.expected_payload_len = payload_buf_len; + fixture.expected_return_payload = + "Not bleeding, sixteen spaces of padding"; + EXECUTE_HEARTBEAT_TEST(); +} static int test_tls1_not_bleeding_empty_payload() - { - int payload_buf_len; - - SETUP_HEARTBEAT_TEST_FIXTURE(tls); - /* Three-byte pad at the beginning for type and payload length, plus a NUL - * at the end */ - unsigned char payload_buf[4 + MIN_PADDING_SIZE]; - memset(payload_buf, ' ', sizeof(payload_buf)); - payload_buf[sizeof(payload_buf) - 1] = '\0'; - payload_buf_len = honest_payload_size(payload_buf); - - fixture.payload = &payload_buf[0]; - fixture.sent_payload_len = payload_buf_len; - fixture.expected_return_value = 0; - fixture.expected_payload_len = payload_buf_len; - fixture.expected_return_payload = ""; - EXECUTE_HEARTBEAT_TEST(); - } +{ + int payload_buf_len; + + SETUP_HEARTBEAT_TEST_FIXTURE(tls); + /* + * Three-byte pad at the beginning for type and payload length, plus a + * NUL at the end + */ + unsigned char payload_buf[4 + MAX_PRINTABLE_CHARACTERS]; + memset(payload_buf, ' ', MIN_PADDING_SIZE + 3); + payload_buf[MIN_PADDING_SIZE + 3] = '\0'; + payload_buf_len = honest_payload_size(payload_buf); + + fixture.payload = &payload_buf[0]; + fixture.sent_payload_len = payload_buf_len; + fixture.expected_return_value = 0; + fixture.expected_payload_len = payload_buf_len; + fixture.expected_return_payload = ""; + EXECUTE_HEARTBEAT_TEST(); +} static int test_tls1_heartbleed() - { - SETUP_HEARTBEAT_TEST_FIXTURE(tls); - /* Three-byte pad at the beginning for type and payload length */ - unsigned char payload_buf[] = " HEARTBLEED "; - - fixture.payload = &payload_buf[0]; - fixture.sent_payload_len = MAX_PRINTABLE_CHARACTERS; - fixture.expected_return_value = 0; - fixture.expected_payload_len = 0; - fixture.expected_return_payload = ""; - EXECUTE_HEARTBEAT_TEST(); - } +{ + SETUP_HEARTBEAT_TEST_FIXTURE(tls); + /* Three-byte pad at the beginning for type and payload length */ + unsigned char payload_buf[MAX_PRINTABLE_CHARACTERS + 4] = + " HEARTBLEED "; + + fixture.payload = &payload_buf[0]; + fixture.sent_payload_len = MAX_PRINTABLE_CHARACTERS; + fixture.expected_return_value = 0; + fixture.expected_payload_len = 0; + fixture.expected_return_payload = ""; + EXECUTE_HEARTBEAT_TEST(); +} static int test_tls1_heartbleed_empty_payload() - { - SETUP_HEARTBEAT_TEST_FIXTURE(tls); - /* Excluding the NUL at the end, one byte short of type + payload length + - * minimum padding */ - unsigned char payload_buf[MIN_PADDING_SIZE + 3]; - memset(payload_buf, ' ', sizeof(payload_buf)); - payload_buf[sizeof(payload_buf) - 1] = '\0'; - - fixture.payload = &payload_buf[0]; - fixture.sent_payload_len = MAX_PRINTABLE_CHARACTERS; - fixture.expected_return_value = 0; - fixture.expected_payload_len = 0; - fixture.expected_return_payload = ""; - EXECUTE_HEARTBEAT_TEST(); - } - -#undef EXECUTE_HEARTBEAT_TEST -#undef SETUP_HEARTBEAT_TEST_FIXTURE +{ + SETUP_HEARTBEAT_TEST_FIXTURE(tls); + /* + * Excluding the NUL at the end, one byte short of type + payload length + * + minimum padding + */ + unsigned char payload_buf[MAX_PRINTABLE_CHARACTERS + 4]; + memset(payload_buf, ' ', MIN_PADDING_SIZE + 2); + payload_buf[MIN_PADDING_SIZE + 2] = '\0'; + + fixture.payload = &payload_buf[0]; + fixture.sent_payload_len = MAX_PRINTABLE_CHARACTERS; + fixture.expected_return_value = 0; + fixture.expected_payload_len = 0; + fixture.expected_return_payload = ""; + EXECUTE_HEARTBEAT_TEST(); +} + +# undef EXECUTE_HEARTBEAT_TEST +# undef SETUP_HEARTBEAT_TEST_FIXTURE int main(int argc, char *argv[]) - { - int num_failed; - - SSL_library_init(); - SSL_load_error_strings(); - - num_failed = test_dtls1_not_bleeding() + - test_dtls1_not_bleeding_empty_payload() + - test_dtls1_heartbleed() + - test_dtls1_heartbleed_empty_payload() + - /* The following test causes an assertion failure at - * ssl/d1_pkt.c:dtls1_write_bytes() in versions prior to 1.0.1g: */ - (OPENSSL_VERSION_NUMBER >= 0x1000107fL ? - test_dtls1_heartbleed_excessive_plaintext_length() : 0) + - test_tls1_not_bleeding() + - test_tls1_not_bleeding_empty_payload() + - test_tls1_heartbleed() + - test_tls1_heartbleed_empty_payload() + - 0; - - ERR_print_errors_fp(stderr); - - if (num_failed != 0) - { - printf("%d test%s failed\n", num_failed, num_failed != 1 ? "s" : ""); - return EXIT_FAILURE; - } - return EXIT_SUCCESS; - } - -#else /* OPENSSL_NO_HEARTBEATS*/ +{ + int num_failed; + + SSL_library_init(); + SSL_load_error_strings(); + + num_failed = test_dtls1_not_bleeding() + + test_dtls1_not_bleeding_empty_payload() + + test_dtls1_heartbleed() + test_dtls1_heartbleed_empty_payload() + + /* + * The following test causes an assertion failure at + * ssl/d1_pkt.c:dtls1_write_bytes() in versions prior to 1.0.1g: + */ + (OPENSSL_VERSION_NUMBER >= 0x1000107fL ? + test_dtls1_heartbleed_excessive_plaintext_length() : 0) + + test_tls1_not_bleeding() + + test_tls1_not_bleeding_empty_payload() + + test_tls1_heartbleed() + test_tls1_heartbleed_empty_payload() + 0; + + ERR_print_errors_fp(stderr); + + if (num_failed != 0) { + printf("%d test%s failed\n", num_failed, num_failed != 1 ? "s" : ""); + return EXIT_FAILURE; + } + return EXIT_SUCCESS; +} + +#else /* OPENSSL_NO_HEARTBEATS */ int main(int argc, char *argv[]) - { - return EXIT_SUCCESS; - } -#endif /* OPENSSL_NO_HEARTBEATS */ +{ + return EXIT_SUCCESS; +} +#endif /* OPENSSL_NO_HEARTBEATS */ |