aboutsummaryrefslogtreecommitdiff
path: root/openssl/ssl/heartbeat_test.c
diff options
context:
space:
mode:
authormarha <marha@users.sourceforge.net>2015-02-22 21:39:56 +0100
committermarha <marha@users.sourceforge.net>2015-02-22 21:39:56 +0100
commit462f18c7b25fe3e467f837647d07ab0a78aa8d2b (patch)
treefc8013c0a1bac05a1945846c1697e973f4c35013 /openssl/ssl/heartbeat_test.c
parent36f711ee12b6dd5184198abed3aa551efb585587 (diff)
downloadvcxsrv-462f18c7b25fe3e467f837647d07ab0a78aa8d2b.tar.gz
vcxsrv-462f18c7b25fe3e467f837647d07ab0a78aa8d2b.tar.bz2
vcxsrv-462f18c7b25fe3e467f837647d07ab0a78aa8d2b.zip
Merged origin/release (checked in because wanted to merge new stuff)
Diffstat (limited to 'openssl/ssl/heartbeat_test.c')
-rw-r--r--openssl/ssl/heartbeat_test.c764
1 files changed, 386 insertions, 378 deletions
diff --git a/openssl/ssl/heartbeat_test.c b/openssl/ssl/heartbeat_test.c
index de9d39761..7623c36cc 100644
--- a/openssl/ssl/heartbeat_test.c
+++ b/openssl/ssl/heartbeat_test.c
@@ -1,5 +1,5 @@
/* test/heartbeat_test.c */
-/*
+/*-
* Unit test for TLS heartbeats.
*
* Acts as a regression test against the Heartbleed bug (CVE-2014-0160).
@@ -51,416 +51,424 @@
#if !defined(OPENSSL_NO_HEARTBEATS) && !defined(OPENSSL_NO_UNIT_TEST)
/* As per https://tools.ietf.org/html/rfc6520#section-4 */
-#define MIN_PADDING_SIZE 16
+# define MIN_PADDING_SIZE 16
/* Maximum number of payload characters to print as test output */
-#define MAX_PRINTABLE_CHARACTERS 1024
-
-typedef struct heartbeat_test_fixture
- {
- SSL_CTX *ctx;
- SSL *s;
- const char* test_case_name;
- int (*process_heartbeat)(SSL* s);
- unsigned char* payload;
- int sent_payload_len;
- int expected_return_value;
- int return_payload_offset;
- int expected_payload_len;
- const char* expected_return_payload;
- } HEARTBEAT_TEST_FIXTURE;
-
-static HEARTBEAT_TEST_FIXTURE set_up(const char* const test_case_name,
- const SSL_METHOD* meth)
- {
- HEARTBEAT_TEST_FIXTURE fixture;
- int setup_ok = 1;
- memset(&fixture, 0, sizeof(fixture));
- fixture.test_case_name = test_case_name;
-
- fixture.ctx = SSL_CTX_new(meth);
- if (!fixture.ctx)
- {
- fprintf(stderr, "Failed to allocate SSL_CTX for test: %s\n",
- test_case_name);
- setup_ok = 0;
- goto fail;
- }
-
- fixture.s = SSL_new(fixture.ctx);
- if (!fixture.s)
- {
- fprintf(stderr, "Failed to allocate SSL for test: %s\n", test_case_name);
- setup_ok = 0;
- goto fail;
- }
-
- if (!ssl_init_wbio_buffer(fixture.s, 1))
- {
- fprintf(stderr, "Failed to set up wbio buffer for test: %s\n",
- test_case_name);
- setup_ok = 0;
- goto fail;
- }
-
- if (!ssl3_setup_buffers(fixture.s))
- {
- fprintf(stderr, "Failed to setup buffers for test: %s\n",
- test_case_name);
- setup_ok = 0;
- goto fail;
- }
-
- /* Clear the memory for the return buffer, since this isn't automatically
- * zeroed in opt mode and will cause spurious test failures that will change
- * with each execution.
- */
- memset(fixture.s->s3->wbuf.buf, 0, fixture.s->s3->wbuf.len);
-
- fail:
- if (!setup_ok)
- {
- ERR_print_errors_fp(stderr);
- exit(EXIT_FAILURE);
- }
- return fixture;
- }
-
-static HEARTBEAT_TEST_FIXTURE set_up_dtls(const char* const test_case_name)
- {
- HEARTBEAT_TEST_FIXTURE fixture = set_up(test_case_name,
- DTLSv1_server_method());
- fixture.process_heartbeat = dtls1_process_heartbeat;
-
- /* As per dtls1_get_record(), skipping the following from the beginning of
- * the returned heartbeat message:
- * type-1 byte; version-2 bytes; sequence number-8 bytes; length-2 bytes
- *
- * And then skipping the 1-byte type encoded by process_heartbeat for
- * a total of 14 bytes, at which point we can grab the length and the
- * payload we seek.
- */
- fixture.return_payload_offset = 14;
- return fixture;
- }
+# define MAX_PRINTABLE_CHARACTERS 1024
+
+typedef struct heartbeat_test_fixture {
+ SSL_CTX *ctx;
+ SSL *s;
+ const char *test_case_name;
+ int (*process_heartbeat) (SSL *s);
+ unsigned char *payload;
+ int sent_payload_len;
+ int expected_return_value;
+ int return_payload_offset;
+ int expected_payload_len;
+ const char *expected_return_payload;
+} HEARTBEAT_TEST_FIXTURE;
+
+static HEARTBEAT_TEST_FIXTURE set_up(const char *const test_case_name,
+ const SSL_METHOD *meth)
+{
+ HEARTBEAT_TEST_FIXTURE fixture;
+ int setup_ok = 1;
+ memset(&fixture, 0, sizeof(fixture));
+ fixture.test_case_name = test_case_name;
+
+ fixture.ctx = SSL_CTX_new(meth);
+ if (!fixture.ctx) {
+ fprintf(stderr, "Failed to allocate SSL_CTX for test: %s\n",
+ test_case_name);
+ setup_ok = 0;
+ goto fail;
+ }
+
+ fixture.s = SSL_new(fixture.ctx);
+ if (!fixture.s) {
+ fprintf(stderr, "Failed to allocate SSL for test: %s\n",
+ test_case_name);
+ setup_ok = 0;
+ goto fail;
+ }
+
+ if (!ssl_init_wbio_buffer(fixture.s, 1)) {
+ fprintf(stderr, "Failed to set up wbio buffer for test: %s\n",
+ test_case_name);
+ setup_ok = 0;
+ goto fail;
+ }
+
+ if (!ssl3_setup_buffers(fixture.s)) {
+ fprintf(stderr, "Failed to setup buffers for test: %s\n",
+ test_case_name);
+ setup_ok = 0;
+ goto fail;
+ }
+
+ /*
+ * Clear the memory for the return buffer, since this isn't automatically
+ * zeroed in opt mode and will cause spurious test failures that will
+ * change with each execution.
+ */
+ memset(fixture.s->s3->wbuf.buf, 0, fixture.s->s3->wbuf.len);
+
+ fail:
+ if (!setup_ok) {
+ ERR_print_errors_fp(stderr);
+ exit(EXIT_FAILURE);
+ }
+ return fixture;
+}
+
+static HEARTBEAT_TEST_FIXTURE set_up_dtls(const char *const test_case_name)
+{
+ HEARTBEAT_TEST_FIXTURE fixture = set_up(test_case_name,
+ DTLSv1_server_method());
+ fixture.process_heartbeat = dtls1_process_heartbeat;
+
+ /*
+ * As per dtls1_get_record(), skipping the following from the beginning
+ * of the returned heartbeat message: type-1 byte; version-2 bytes;
+ * sequence number-8 bytes; length-2 bytes And then skipping the 1-byte
+ * type encoded by process_heartbeat for a total of 14 bytes, at which
+ * point we can grab the length and the payload we seek.
+ */
+ fixture.return_payload_offset = 14;
+ return fixture;
+}
/* Needed by ssl3_write_bytes() */
-static int dummy_handshake(SSL* s)
- {
- return 1;
- }
-
-static HEARTBEAT_TEST_FIXTURE set_up_tls(const char* const test_case_name)
- {
- HEARTBEAT_TEST_FIXTURE fixture = set_up(test_case_name,
- TLSv1_server_method());
- fixture.process_heartbeat = tls1_process_heartbeat;
- fixture.s->handshake_func = dummy_handshake;
-
- /* As per do_ssl3_write(), skipping the following from the beginning of
- * the returned heartbeat message:
- * type-1 byte; version-2 bytes; length-2 bytes
- *
- * And then skipping the 1-byte type encoded by process_heartbeat for
- * a total of 6 bytes, at which point we can grab the length and the payload
- * we seek.
- */
- fixture.return_payload_offset = 6;
- return fixture;
- }
+static int dummy_handshake(SSL *s)
+{
+ return 1;
+}
+
+static HEARTBEAT_TEST_FIXTURE set_up_tls(const char *const test_case_name)
+{
+ HEARTBEAT_TEST_FIXTURE fixture = set_up(test_case_name,
+ TLSv1_server_method());
+ fixture.process_heartbeat = tls1_process_heartbeat;
+ fixture.s->handshake_func = dummy_handshake;
+
+ /*
+ * As per do_ssl3_write(), skipping the following from the beginning of
+ * the returned heartbeat message: type-1 byte; version-2 bytes; length-2
+ * bytes And then skipping the 1-byte type encoded by process_heartbeat
+ * for a total of 6 bytes, at which point we can grab the length and the
+ * payload we seek.
+ */
+ fixture.return_payload_offset = 6;
+ return fixture;
+}
static void tear_down(HEARTBEAT_TEST_FIXTURE fixture)
- {
- ERR_print_errors_fp(stderr);
- SSL_free(fixture.s);
- SSL_CTX_free(fixture.ctx);
- }
-
-static void print_payload(const char* const prefix,
- const unsigned char *payload, const int n)
- {
- const int end = n < MAX_PRINTABLE_CHARACTERS ? n
- : MAX_PRINTABLE_CHARACTERS;
- int i = 0;
-
- printf("%s %d character%s", prefix, n, n == 1 ? "" : "s");
- if (end != n) printf(" (first %d shown)", end);
- printf("\n \"");
-
- for (; i != end; ++i)
- {
- const unsigned char c = payload[i];
- if (isprint(c)) fputc(c, stdout);
- else printf("\\x%02x", c);
- }
- printf("\"\n");
- }
+{
+ ERR_print_errors_fp(stderr);
+ SSL_free(fixture.s);
+ SSL_CTX_free(fixture.ctx);
+}
+
+static void print_payload(const char *const prefix,
+ const unsigned char *payload, const int n)
+{
+ const int end = n < MAX_PRINTABLE_CHARACTERS ? n
+ : MAX_PRINTABLE_CHARACTERS;
+ int i = 0;
+
+ printf("%s %d character%s", prefix, n, n == 1 ? "" : "s");
+ if (end != n)
+ printf(" (first %d shown)", end);
+ printf("\n \"");
+
+ for (; i != end; ++i) {
+ const unsigned char c = payload[i];
+ if (isprint(c))
+ fputc(c, stdout);
+ else
+ printf("\\x%02x", c);
+ }
+ printf("\"\n");
+}
static int execute_heartbeat(HEARTBEAT_TEST_FIXTURE fixture)
- {
- int result = 0;
- SSL* s = fixture.s;
- unsigned char *payload = fixture.payload;
- unsigned char sent_buf[MAX_PRINTABLE_CHARACTERS + 1];
- int return_value;
- unsigned const char *p;
- int actual_payload_len;
-
- s->s3->rrec.data = payload;
- s->s3->rrec.length = strlen((const char*)payload);
- *payload++ = TLS1_HB_REQUEST;
- s2n(fixture.sent_payload_len, payload);
-
- /* Make a local copy of the request, since it gets overwritten at some
- * point */
- memcpy((char *)sent_buf, (const char*)payload, sizeof(sent_buf));
-
- return_value = fixture.process_heartbeat(s);
-
- if (return_value != fixture.expected_return_value)
- {
- printf("%s failed: expected return value %d, received %d\n",
- fixture.test_case_name, fixture.expected_return_value,
- return_value);
- result = 1;
- }
-
- /* If there is any byte alignment, it will be stored in wbuf.offset. */
- p = &(s->s3->wbuf.buf[
- fixture.return_payload_offset + s->s3->wbuf.offset]);
- actual_payload_len = 0;
- n2s(p, actual_payload_len);
-
- if (actual_payload_len != fixture.expected_payload_len)
- {
- printf("%s failed:\n expected payload len: %d\n received: %d\n",
- fixture.test_case_name, fixture.expected_payload_len,
- actual_payload_len);
- print_payload("sent", sent_buf, strlen((const char*)sent_buf));
- print_payload("received", p, actual_payload_len);
- result = 1;
- }
- else
- {
- char* actual_payload = BUF_strndup((const char*)p, actual_payload_len);
- if (strcmp(actual_payload, fixture.expected_return_payload) != 0)
- {
- printf("%s failed:\n expected payload: \"%s\"\n received: \"%s\"\n",
- fixture.test_case_name, fixture.expected_return_payload,
- actual_payload);
- result = 1;
- }
- OPENSSL_free(actual_payload);
- }
-
- if (result != 0)
- {
- printf("** %s failed **\n--------\n", fixture.test_case_name);
- }
- return result;
- }
+{
+ int result = 0;
+ SSL *s = fixture.s;
+ unsigned char *payload = fixture.payload;
+ unsigned char sent_buf[MAX_PRINTABLE_CHARACTERS + 1];
+ int return_value;
+ unsigned const char *p;
+ int actual_payload_len;
+
+ s->s3->rrec.data = payload;
+ s->s3->rrec.length = strlen((const char *)payload);
+ *payload++ = TLS1_HB_REQUEST;
+ s2n(fixture.sent_payload_len, payload);
+
+ /*
+ * Make a local copy of the request, since it gets overwritten at some
+ * point
+ */
+ memcpy((char *)sent_buf, (const char *)payload, sizeof(sent_buf));
+
+ return_value = fixture.process_heartbeat(s);
+
+ if (return_value != fixture.expected_return_value) {
+ printf("%s failed: expected return value %d, received %d\n",
+ fixture.test_case_name, fixture.expected_return_value,
+ return_value);
+ result = 1;
+ }
+
+ /*
+ * If there is any byte alignment, it will be stored in wbuf.offset.
+ */
+ p = &(s->s3->
+ wbuf.buf[fixture.return_payload_offset + s->s3->wbuf.offset]);
+ actual_payload_len = 0;
+ n2s(p, actual_payload_len);
+
+ if (actual_payload_len != fixture.expected_payload_len) {
+ printf("%s failed:\n expected payload len: %d\n received: %d\n",
+ fixture.test_case_name, fixture.expected_payload_len,
+ actual_payload_len);
+ print_payload("sent", sent_buf, strlen((const char *)sent_buf));
+ print_payload("received", p, actual_payload_len);
+ result = 1;
+ } else {
+ char *actual_payload =
+ BUF_strndup((const char *)p, actual_payload_len);
+ if (strcmp(actual_payload, fixture.expected_return_payload) != 0) {
+ printf
+ ("%s failed:\n expected payload: \"%s\"\n received: \"%s\"\n",
+ fixture.test_case_name, fixture.expected_return_payload,
+ actual_payload);
+ result = 1;
+ }
+ OPENSSL_free(actual_payload);
+ }
+
+ if (result != 0) {
+ printf("** %s failed **\n--------\n", fixture.test_case_name);
+ }
+ return result;
+}
static int honest_payload_size(unsigned char payload_buf[])
- {
- /* Omit three-byte pad at the beginning for type and payload length */
- return strlen((const char*)&payload_buf[3]) - MIN_PADDING_SIZE;
- }
+{
+ /* Omit three-byte pad at the beginning for type and payload length */
+ return strlen((const char *)&payload_buf[3]) - MIN_PADDING_SIZE;
+}
-#define SETUP_HEARTBEAT_TEST_FIXTURE(type)\
+# define SETUP_HEARTBEAT_TEST_FIXTURE(type)\
SETUP_TEST_FIXTURE(HEARTBEAT_TEST_FIXTURE, set_up_##type)
-#define EXECUTE_HEARTBEAT_TEST()\
+# define EXECUTE_HEARTBEAT_TEST()\
EXECUTE_TEST(execute_heartbeat, tear_down)
static int test_dtls1_not_bleeding()
- {
- SETUP_HEARTBEAT_TEST_FIXTURE(dtls);
- /* Three-byte pad at the beginning for type and payload length */
- unsigned char payload_buf[] = " Not bleeding, sixteen spaces of padding"
- " ";
- const int payload_buf_len = honest_payload_size(payload_buf);
-
- fixture.payload = &payload_buf[0];
- fixture.sent_payload_len = payload_buf_len;
- fixture.expected_return_value = 0;
- fixture.expected_payload_len = payload_buf_len;
- fixture.expected_return_payload = "Not bleeding, sixteen spaces of padding";
- EXECUTE_HEARTBEAT_TEST();
- }
+{
+ SETUP_HEARTBEAT_TEST_FIXTURE(dtls);
+ /* Three-byte pad at the beginning for type and payload length */
+ unsigned char payload_buf[MAX_PRINTABLE_CHARACTERS + 4] =
+ " Not bleeding, sixteen spaces of padding" " ";
+ const int payload_buf_len = honest_payload_size(payload_buf);
+
+ fixture.payload = &payload_buf[0];
+ fixture.sent_payload_len = payload_buf_len;
+ fixture.expected_return_value = 0;
+ fixture.expected_payload_len = payload_buf_len;
+ fixture.expected_return_payload =
+ "Not bleeding, sixteen spaces of padding";
+ EXECUTE_HEARTBEAT_TEST();
+}
static int test_dtls1_not_bleeding_empty_payload()
- {
- int payload_buf_len;
-
- SETUP_HEARTBEAT_TEST_FIXTURE(dtls);
- /* Three-byte pad at the beginning for type and payload length, plus a NUL
- * at the end */
- unsigned char payload_buf[4 + MIN_PADDING_SIZE];
- memset(payload_buf, ' ', sizeof(payload_buf));
- payload_buf[sizeof(payload_buf) - 1] = '\0';
- payload_buf_len = honest_payload_size(payload_buf);
-
- fixture.payload = &payload_buf[0];
- fixture.sent_payload_len = payload_buf_len;
- fixture.expected_return_value = 0;
- fixture.expected_payload_len = payload_buf_len;
- fixture.expected_return_payload = "";
- EXECUTE_HEARTBEAT_TEST();
- }
+{
+ int payload_buf_len;
+
+ SETUP_HEARTBEAT_TEST_FIXTURE(dtls);
+ /*
+ * Three-byte pad at the beginning for type and payload length, plus a
+ * NUL at the end
+ */
+ unsigned char payload_buf[4 + MAX_PRINTABLE_CHARACTERS];
+ memset(payload_buf, ' ', MIN_PADDING_SIZE + 3);
+ payload_buf[MIN_PADDING_SIZE + 3] = '\0';
+ payload_buf_len = honest_payload_size(payload_buf);
+
+ fixture.payload = &payload_buf[0];
+ fixture.sent_payload_len = payload_buf_len;
+ fixture.expected_return_value = 0;
+ fixture.expected_payload_len = payload_buf_len;
+ fixture.expected_return_payload = "";
+ EXECUTE_HEARTBEAT_TEST();
+}
static int test_dtls1_heartbleed()
- {
- SETUP_HEARTBEAT_TEST_FIXTURE(dtls);
- /* Three-byte pad at the beginning for type and payload length */
- unsigned char payload_buf[] = " HEARTBLEED ";
-
- fixture.payload = &payload_buf[0];
- fixture.sent_payload_len = MAX_PRINTABLE_CHARACTERS;
- fixture.expected_return_value = 0;
- fixture.expected_payload_len = 0;
- fixture.expected_return_payload = "";
- EXECUTE_HEARTBEAT_TEST();
- }
+{
+ SETUP_HEARTBEAT_TEST_FIXTURE(dtls);
+ /* Three-byte pad at the beginning for type and payload length */
+ unsigned char payload_buf[4 + MAX_PRINTABLE_CHARACTERS] =
+ " HEARTBLEED ";
+
+ fixture.payload = &payload_buf[0];
+ fixture.sent_payload_len = MAX_PRINTABLE_CHARACTERS;
+ fixture.expected_return_value = 0;
+ fixture.expected_payload_len = 0;
+ fixture.expected_return_payload = "";
+ EXECUTE_HEARTBEAT_TEST();
+}
static int test_dtls1_heartbleed_empty_payload()
- {
- SETUP_HEARTBEAT_TEST_FIXTURE(dtls);
- /* Excluding the NUL at the end, one byte short of type + payload length +
- * minimum padding */
- unsigned char payload_buf[MIN_PADDING_SIZE + 3];
- memset(payload_buf, ' ', sizeof(payload_buf));
- payload_buf[sizeof(payload_buf) - 1] = '\0';
-
- fixture.payload = &payload_buf[0];
- fixture.sent_payload_len = MAX_PRINTABLE_CHARACTERS;
- fixture.expected_return_value = 0;
- fixture.expected_payload_len = 0;
- fixture.expected_return_payload = "";
- EXECUTE_HEARTBEAT_TEST();
- }
+{
+ SETUP_HEARTBEAT_TEST_FIXTURE(dtls);
+ /*
+ * Excluding the NUL at the end, one byte short of type + payload length
+ * + minimum padding
+ */
+ unsigned char payload_buf[MAX_PRINTABLE_CHARACTERS + 4];
+ memset(payload_buf, ' ', MIN_PADDING_SIZE + 2);
+ payload_buf[MIN_PADDING_SIZE + 2] = '\0';
+
+ fixture.payload = &payload_buf[0];
+ fixture.sent_payload_len = MAX_PRINTABLE_CHARACTERS;
+ fixture.expected_return_value = 0;
+ fixture.expected_payload_len = 0;
+ fixture.expected_return_payload = "";
+ EXECUTE_HEARTBEAT_TEST();
+}
static int test_dtls1_heartbleed_excessive_plaintext_length()
- {
- SETUP_HEARTBEAT_TEST_FIXTURE(dtls);
- /* Excluding the NUL at the end, one byte in excess of maximum allowed
- * heartbeat message length */
- unsigned char payload_buf[SSL3_RT_MAX_PLAIN_LENGTH + 2];
- memset(payload_buf, ' ', sizeof(payload_buf));
- payload_buf[sizeof(payload_buf) - 1] = '\0';
-
- fixture.payload = &payload_buf[0];
- fixture.sent_payload_len = honest_payload_size(payload_buf);
- fixture.expected_return_value = 0;
- fixture.expected_payload_len = 0;
- fixture.expected_return_payload = "";
- EXECUTE_HEARTBEAT_TEST();
- }
+{
+ SETUP_HEARTBEAT_TEST_FIXTURE(dtls);
+ /*
+ * Excluding the NUL at the end, one byte in excess of maximum allowed
+ * heartbeat message length
+ */
+ unsigned char payload_buf[SSL3_RT_MAX_PLAIN_LENGTH + 2];
+ memset(payload_buf, ' ', sizeof(payload_buf));
+ payload_buf[sizeof(payload_buf) - 1] = '\0';
+
+ fixture.payload = &payload_buf[0];
+ fixture.sent_payload_len = honest_payload_size(payload_buf);
+ fixture.expected_return_value = 0;
+ fixture.expected_payload_len = 0;
+ fixture.expected_return_payload = "";
+ EXECUTE_HEARTBEAT_TEST();
+}
static int test_tls1_not_bleeding()
- {
- SETUP_HEARTBEAT_TEST_FIXTURE(tls);
- /* Three-byte pad at the beginning for type and payload length */
- unsigned char payload_buf[] = " Not bleeding, sixteen spaces of padding"
- " ";
- const int payload_buf_len = honest_payload_size(payload_buf);
-
- fixture.payload = &payload_buf[0];
- fixture.sent_payload_len = payload_buf_len;
- fixture.expected_return_value = 0;
- fixture.expected_payload_len = payload_buf_len;
- fixture.expected_return_payload = "Not bleeding, sixteen spaces of padding";
- EXECUTE_HEARTBEAT_TEST();
- }
+{
+ SETUP_HEARTBEAT_TEST_FIXTURE(tls);
+ /* Three-byte pad at the beginning for type and payload length */
+ unsigned char payload_buf[MAX_PRINTABLE_CHARACTERS + 4] =
+ " Not bleeding, sixteen spaces of padding" " ";
+ const int payload_buf_len = honest_payload_size(payload_buf);
+
+ fixture.payload = &payload_buf[0];
+ fixture.sent_payload_len = payload_buf_len;
+ fixture.expected_return_value = 0;
+ fixture.expected_payload_len = payload_buf_len;
+ fixture.expected_return_payload =
+ "Not bleeding, sixteen spaces of padding";
+ EXECUTE_HEARTBEAT_TEST();
+}
static int test_tls1_not_bleeding_empty_payload()
- {
- int payload_buf_len;
-
- SETUP_HEARTBEAT_TEST_FIXTURE(tls);
- /* Three-byte pad at the beginning for type and payload length, plus a NUL
- * at the end */
- unsigned char payload_buf[4 + MIN_PADDING_SIZE];
- memset(payload_buf, ' ', sizeof(payload_buf));
- payload_buf[sizeof(payload_buf) - 1] = '\0';
- payload_buf_len = honest_payload_size(payload_buf);
-
- fixture.payload = &payload_buf[0];
- fixture.sent_payload_len = payload_buf_len;
- fixture.expected_return_value = 0;
- fixture.expected_payload_len = payload_buf_len;
- fixture.expected_return_payload = "";
- EXECUTE_HEARTBEAT_TEST();
- }
+{
+ int payload_buf_len;
+
+ SETUP_HEARTBEAT_TEST_FIXTURE(tls);
+ /*
+ * Three-byte pad at the beginning for type and payload length, plus a
+ * NUL at the end
+ */
+ unsigned char payload_buf[4 + MAX_PRINTABLE_CHARACTERS];
+ memset(payload_buf, ' ', MIN_PADDING_SIZE + 3);
+ payload_buf[MIN_PADDING_SIZE + 3] = '\0';
+ payload_buf_len = honest_payload_size(payload_buf);
+
+ fixture.payload = &payload_buf[0];
+ fixture.sent_payload_len = payload_buf_len;
+ fixture.expected_return_value = 0;
+ fixture.expected_payload_len = payload_buf_len;
+ fixture.expected_return_payload = "";
+ EXECUTE_HEARTBEAT_TEST();
+}
static int test_tls1_heartbleed()
- {
- SETUP_HEARTBEAT_TEST_FIXTURE(tls);
- /* Three-byte pad at the beginning for type and payload length */
- unsigned char payload_buf[] = " HEARTBLEED ";
-
- fixture.payload = &payload_buf[0];
- fixture.sent_payload_len = MAX_PRINTABLE_CHARACTERS;
- fixture.expected_return_value = 0;
- fixture.expected_payload_len = 0;
- fixture.expected_return_payload = "";
- EXECUTE_HEARTBEAT_TEST();
- }
+{
+ SETUP_HEARTBEAT_TEST_FIXTURE(tls);
+ /* Three-byte pad at the beginning for type and payload length */
+ unsigned char payload_buf[MAX_PRINTABLE_CHARACTERS + 4] =
+ " HEARTBLEED ";
+
+ fixture.payload = &payload_buf[0];
+ fixture.sent_payload_len = MAX_PRINTABLE_CHARACTERS;
+ fixture.expected_return_value = 0;
+ fixture.expected_payload_len = 0;
+ fixture.expected_return_payload = "";
+ EXECUTE_HEARTBEAT_TEST();
+}
static int test_tls1_heartbleed_empty_payload()
- {
- SETUP_HEARTBEAT_TEST_FIXTURE(tls);
- /* Excluding the NUL at the end, one byte short of type + payload length +
- * minimum padding */
- unsigned char payload_buf[MIN_PADDING_SIZE + 3];
- memset(payload_buf, ' ', sizeof(payload_buf));
- payload_buf[sizeof(payload_buf) - 1] = '\0';
-
- fixture.payload = &payload_buf[0];
- fixture.sent_payload_len = MAX_PRINTABLE_CHARACTERS;
- fixture.expected_return_value = 0;
- fixture.expected_payload_len = 0;
- fixture.expected_return_payload = "";
- EXECUTE_HEARTBEAT_TEST();
- }
-
-#undef EXECUTE_HEARTBEAT_TEST
-#undef SETUP_HEARTBEAT_TEST_FIXTURE
+{
+ SETUP_HEARTBEAT_TEST_FIXTURE(tls);
+ /*
+ * Excluding the NUL at the end, one byte short of type + payload length
+ * + minimum padding
+ */
+ unsigned char payload_buf[MAX_PRINTABLE_CHARACTERS + 4];
+ memset(payload_buf, ' ', MIN_PADDING_SIZE + 2);
+ payload_buf[MIN_PADDING_SIZE + 2] = '\0';
+
+ fixture.payload = &payload_buf[0];
+ fixture.sent_payload_len = MAX_PRINTABLE_CHARACTERS;
+ fixture.expected_return_value = 0;
+ fixture.expected_payload_len = 0;
+ fixture.expected_return_payload = "";
+ EXECUTE_HEARTBEAT_TEST();
+}
+
+# undef EXECUTE_HEARTBEAT_TEST
+# undef SETUP_HEARTBEAT_TEST_FIXTURE
int main(int argc, char *argv[])
- {
- int num_failed;
-
- SSL_library_init();
- SSL_load_error_strings();
-
- num_failed = test_dtls1_not_bleeding() +
- test_dtls1_not_bleeding_empty_payload() +
- test_dtls1_heartbleed() +
- test_dtls1_heartbleed_empty_payload() +
- /* The following test causes an assertion failure at
- * ssl/d1_pkt.c:dtls1_write_bytes() in versions prior to 1.0.1g: */
- (OPENSSL_VERSION_NUMBER >= 0x1000107fL ?
- test_dtls1_heartbleed_excessive_plaintext_length() : 0) +
- test_tls1_not_bleeding() +
- test_tls1_not_bleeding_empty_payload() +
- test_tls1_heartbleed() +
- test_tls1_heartbleed_empty_payload() +
- 0;
-
- ERR_print_errors_fp(stderr);
-
- if (num_failed != 0)
- {
- printf("%d test%s failed\n", num_failed, num_failed != 1 ? "s" : "");
- return EXIT_FAILURE;
- }
- return EXIT_SUCCESS;
- }
-
-#else /* OPENSSL_NO_HEARTBEATS*/
+{
+ int num_failed;
+
+ SSL_library_init();
+ SSL_load_error_strings();
+
+ num_failed = test_dtls1_not_bleeding() +
+ test_dtls1_not_bleeding_empty_payload() +
+ test_dtls1_heartbleed() + test_dtls1_heartbleed_empty_payload() +
+ /*
+ * The following test causes an assertion failure at
+ * ssl/d1_pkt.c:dtls1_write_bytes() in versions prior to 1.0.1g:
+ */
+ (OPENSSL_VERSION_NUMBER >= 0x1000107fL ?
+ test_dtls1_heartbleed_excessive_plaintext_length() : 0) +
+ test_tls1_not_bleeding() +
+ test_tls1_not_bleeding_empty_payload() +
+ test_tls1_heartbleed() + test_tls1_heartbleed_empty_payload() + 0;
+
+ ERR_print_errors_fp(stderr);
+
+ if (num_failed != 0) {
+ printf("%d test%s failed\n", num_failed, num_failed != 1 ? "s" : "");
+ return EXIT_FAILURE;
+ }
+ return EXIT_SUCCESS;
+}
+
+#else /* OPENSSL_NO_HEARTBEATS */
int main(int argc, char *argv[])
- {
- return EXIT_SUCCESS;
- }
-#endif /* OPENSSL_NO_HEARTBEATS */
+{
+ return EXIT_SUCCESS;
+}
+#endif /* OPENSSL_NO_HEARTBEATS */