freebsd-nq/crypto/openssl/ssl/heartbeat_test.c
2014-08-07 18:56:10 +00:00

467 lines
13 KiB
C

/* test/heartbeat_test.c */
/*
* Unit test for TLS heartbeats.
*
* Acts as a regression test against the Heartbleed bug (CVE-2014-0160).
*
* Author: Mike Bland (mbland@acm.org, http://mike-bland.com/)
* Date: 2014-04-12
* License: Creative Commons Attribution 4.0 International (CC By 4.0)
* http://creativecommons.org/licenses/by/4.0/deed.en_US
*
* OUTPUT
* ------
* The program returns zero on success. It will print a message with a count
* of the number of failed tests and return nonzero if any tests fail.
*
* It will print the contents of the request and response buffers for each
* failing test. In a "fixed" version, all the tests should pass and there
* should be no output.
*
* In a "bleeding" version, you'll see:
*
* test_dtls1_heartbleed failed:
* expected payload len: 0
* received: 1024
* sent 26 characters
* "HEARTBLEED "
* received 1024 characters
* "HEARTBLEED \xde\xad\xbe\xef..."
* ** test_dtls1_heartbleed failed **
*
* The contents of the returned buffer in the failing test will depend on the
* contents of memory on your machine.
*
* MORE INFORMATION
* ----------------
* http://mike-bland.com/2014/04/12/heartbleed.html
* http://mike-bland.com/tags/heartbleed.html
*/
#define OPENSSL_UNIT_TEST
#include "../test/testutil.h"
#include "../ssl/ssl_locl.h"
#include <ctype.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#if !defined(OPENSSL_NO_HEARTBEATS) && !defined(OPENSSL_NO_UNIT_TEST)
/* As per https://tools.ietf.org/html/rfc6520#section-4 */
#define MIN_PADDING_SIZE 16
/* Maximum number of payload characters to print as test output */
#define MAX_PRINTABLE_CHARACTERS 1024
typedef struct heartbeat_test_fixture
{
SSL_CTX *ctx;
SSL *s;
const char* test_case_name;
int (*process_heartbeat)(SSL* s);
unsigned char* payload;
int sent_payload_len;
int expected_return_value;
int return_payload_offset;
int expected_payload_len;
const char* expected_return_payload;
} HEARTBEAT_TEST_FIXTURE;
static HEARTBEAT_TEST_FIXTURE set_up(const char* const test_case_name,
const SSL_METHOD* meth)
{
HEARTBEAT_TEST_FIXTURE fixture;
int setup_ok = 1;
memset(&fixture, 0, sizeof(fixture));
fixture.test_case_name = test_case_name;
fixture.ctx = SSL_CTX_new(meth);
if (!fixture.ctx)
{
fprintf(stderr, "Failed to allocate SSL_CTX for test: %s\n",
test_case_name);
setup_ok = 0;
goto fail;
}
fixture.s = SSL_new(fixture.ctx);
if (!fixture.s)
{
fprintf(stderr, "Failed to allocate SSL for test: %s\n", test_case_name);
setup_ok = 0;
goto fail;
}
if (!ssl_init_wbio_buffer(fixture.s, 1))
{
fprintf(stderr, "Failed to set up wbio buffer for test: %s\n",
test_case_name);
setup_ok = 0;
goto fail;
}
if (!ssl3_setup_buffers(fixture.s))
{
fprintf(stderr, "Failed to setup buffers for test: %s\n",
test_case_name);
setup_ok = 0;
goto fail;
}
/* Clear the memory for the return buffer, since this isn't automatically
* zeroed in opt mode and will cause spurious test failures that will change
* with each execution.
*/
memset(fixture.s->s3->wbuf.buf, 0, fixture.s->s3->wbuf.len);
fail:
if (!setup_ok)
{
ERR_print_errors_fp(stderr);
exit(EXIT_FAILURE);
}
return fixture;
}
static HEARTBEAT_TEST_FIXTURE set_up_dtls(const char* const test_case_name)
{
HEARTBEAT_TEST_FIXTURE fixture = set_up(test_case_name,
DTLSv1_server_method());
fixture.process_heartbeat = dtls1_process_heartbeat;
/* As per dtls1_get_record(), skipping the following from the beginning of
* the returned heartbeat message:
* type-1 byte; version-2 bytes; sequence number-8 bytes; length-2 bytes
*
* And then skipping the 1-byte type encoded by process_heartbeat for
* a total of 14 bytes, at which point we can grab the length and the
* payload we seek.
*/
fixture.return_payload_offset = 14;
return fixture;
}
/* Needed by ssl3_write_bytes() */
static int dummy_handshake(SSL* s)
{
return 1;
}
static HEARTBEAT_TEST_FIXTURE set_up_tls(const char* const test_case_name)
{
HEARTBEAT_TEST_FIXTURE fixture = set_up(test_case_name,
TLSv1_server_method());
fixture.process_heartbeat = tls1_process_heartbeat;
fixture.s->handshake_func = dummy_handshake;
/* As per do_ssl3_write(), skipping the following from the beginning of
* the returned heartbeat message:
* type-1 byte; version-2 bytes; length-2 bytes
*
* And then skipping the 1-byte type encoded by process_heartbeat for
* a total of 6 bytes, at which point we can grab the length and the payload
* we seek.
*/
fixture.return_payload_offset = 6;
return fixture;
}
static void tear_down(HEARTBEAT_TEST_FIXTURE fixture)
{
ERR_print_errors_fp(stderr);
SSL_free(fixture.s);
SSL_CTX_free(fixture.ctx);
}
static void print_payload(const char* const prefix,
const unsigned char *payload, const int n)
{
const int end = n < MAX_PRINTABLE_CHARACTERS ? n
: MAX_PRINTABLE_CHARACTERS;
int i = 0;
printf("%s %d character%s", prefix, n, n == 1 ? "" : "s");
if (end != n) printf(" (first %d shown)", end);
printf("\n \"");
for (; i != end; ++i)
{
const unsigned char c = payload[i];
if (isprint(c)) fputc(c, stdout);
else printf("\\x%02x", c);
}
printf("\"\n");
}
static int execute_heartbeat(HEARTBEAT_TEST_FIXTURE fixture)
{
int result = 0;
SSL* s = fixture.s;
unsigned char *payload = fixture.payload;
unsigned char sent_buf[MAX_PRINTABLE_CHARACTERS + 1];
int return_value;
unsigned const char *p;
int actual_payload_len;
s->s3->rrec.data = payload;
s->s3->rrec.length = strlen((const char*)payload);
*payload++ = TLS1_HB_REQUEST;
s2n(fixture.sent_payload_len, payload);
/* Make a local copy of the request, since it gets overwritten at some
* point */
memcpy((char *)sent_buf, (const char*)payload, sizeof(sent_buf));
return_value = fixture.process_heartbeat(s);
if (return_value != fixture.expected_return_value)
{
printf("%s failed: expected return value %d, received %d\n",
fixture.test_case_name, fixture.expected_return_value,
return_value);
result = 1;
}
/* If there is any byte alignment, it will be stored in wbuf.offset. */
p = &(s->s3->wbuf.buf[
fixture.return_payload_offset + s->s3->wbuf.offset]);
actual_payload_len = 0;
n2s(p, actual_payload_len);
if (actual_payload_len != fixture.expected_payload_len)
{
printf("%s failed:\n expected payload len: %d\n received: %d\n",
fixture.test_case_name, fixture.expected_payload_len,
actual_payload_len);
print_payload("sent", sent_buf, strlen((const char*)sent_buf));
print_payload("received", p, actual_payload_len);
result = 1;
}
else
{
char* actual_payload = BUF_strndup((const char*)p, actual_payload_len);
if (strcmp(actual_payload, fixture.expected_return_payload) != 0)
{
printf("%s failed:\n expected payload: \"%s\"\n received: \"%s\"\n",
fixture.test_case_name, fixture.expected_return_payload,
actual_payload);
result = 1;
}
OPENSSL_free(actual_payload);
}
if (result != 0)
{
printf("** %s failed **\n--------\n", fixture.test_case_name);
}
return result;
}
static int honest_payload_size(unsigned char payload_buf[])
{
/* Omit three-byte pad at the beginning for type and payload length */
return strlen((const char*)&payload_buf[3]) - MIN_PADDING_SIZE;
}
#define SETUP_HEARTBEAT_TEST_FIXTURE(type)\
SETUP_TEST_FIXTURE(HEARTBEAT_TEST_FIXTURE, set_up_##type)
#define EXECUTE_HEARTBEAT_TEST()\
EXECUTE_TEST(execute_heartbeat, tear_down)
static int test_dtls1_not_bleeding()
{
SETUP_HEARTBEAT_TEST_FIXTURE(dtls);
/* Three-byte pad at the beginning for type and payload length */
unsigned char payload_buf[] = " Not bleeding, sixteen spaces of padding"
" ";
const int payload_buf_len = honest_payload_size(payload_buf);
fixture.payload = &payload_buf[0];
fixture.sent_payload_len = payload_buf_len;
fixture.expected_return_value = 0;
fixture.expected_payload_len = payload_buf_len;
fixture.expected_return_payload = "Not bleeding, sixteen spaces of padding";
EXECUTE_HEARTBEAT_TEST();
}
static int test_dtls1_not_bleeding_empty_payload()
{
int payload_buf_len;
SETUP_HEARTBEAT_TEST_FIXTURE(dtls);
/* Three-byte pad at the beginning for type and payload length, plus a NUL
* at the end */
unsigned char payload_buf[4 + MIN_PADDING_SIZE];
memset(payload_buf, ' ', sizeof(payload_buf));
payload_buf[sizeof(payload_buf) - 1] = '\0';
payload_buf_len = honest_payload_size(payload_buf);
fixture.payload = &payload_buf[0];
fixture.sent_payload_len = payload_buf_len;
fixture.expected_return_value = 0;
fixture.expected_payload_len = payload_buf_len;
fixture.expected_return_payload = "";
EXECUTE_HEARTBEAT_TEST();
}
static int test_dtls1_heartbleed()
{
SETUP_HEARTBEAT_TEST_FIXTURE(dtls);
/* Three-byte pad at the beginning for type and payload length */
unsigned char payload_buf[] = " HEARTBLEED ";
fixture.payload = &payload_buf[0];
fixture.sent_payload_len = MAX_PRINTABLE_CHARACTERS;
fixture.expected_return_value = 0;
fixture.expected_payload_len = 0;
fixture.expected_return_payload = "";
EXECUTE_HEARTBEAT_TEST();
}
static int test_dtls1_heartbleed_empty_payload()
{
SETUP_HEARTBEAT_TEST_FIXTURE(dtls);
/* Excluding the NUL at the end, one byte short of type + payload length +
* minimum padding */
unsigned char payload_buf[MIN_PADDING_SIZE + 3];
memset(payload_buf, ' ', sizeof(payload_buf));
payload_buf[sizeof(payload_buf) - 1] = '\0';
fixture.payload = &payload_buf[0];
fixture.sent_payload_len = MAX_PRINTABLE_CHARACTERS;
fixture.expected_return_value = 0;
fixture.expected_payload_len = 0;
fixture.expected_return_payload = "";
EXECUTE_HEARTBEAT_TEST();
}
static int test_dtls1_heartbleed_excessive_plaintext_length()
{
SETUP_HEARTBEAT_TEST_FIXTURE(dtls);
/* Excluding the NUL at the end, one byte in excess of maximum allowed
* heartbeat message length */
unsigned char payload_buf[SSL3_RT_MAX_PLAIN_LENGTH + 2];
memset(payload_buf, ' ', sizeof(payload_buf));
payload_buf[sizeof(payload_buf) - 1] = '\0';
fixture.payload = &payload_buf[0];
fixture.sent_payload_len = honest_payload_size(payload_buf);
fixture.expected_return_value = 0;
fixture.expected_payload_len = 0;
fixture.expected_return_payload = "";
EXECUTE_HEARTBEAT_TEST();
}
static int test_tls1_not_bleeding()
{
SETUP_HEARTBEAT_TEST_FIXTURE(tls);
/* Three-byte pad at the beginning for type and payload length */
unsigned char payload_buf[] = " Not bleeding, sixteen spaces of padding"
" ";
const int payload_buf_len = honest_payload_size(payload_buf);
fixture.payload = &payload_buf[0];
fixture.sent_payload_len = payload_buf_len;
fixture.expected_return_value = 0;
fixture.expected_payload_len = payload_buf_len;
fixture.expected_return_payload = "Not bleeding, sixteen spaces of padding";
EXECUTE_HEARTBEAT_TEST();
}
static int test_tls1_not_bleeding_empty_payload()
{
int payload_buf_len;
SETUP_HEARTBEAT_TEST_FIXTURE(tls);
/* Three-byte pad at the beginning for type and payload length, plus a NUL
* at the end */
unsigned char payload_buf[4 + MIN_PADDING_SIZE];
memset(payload_buf, ' ', sizeof(payload_buf));
payload_buf[sizeof(payload_buf) - 1] = '\0';
payload_buf_len = honest_payload_size(payload_buf);
fixture.payload = &payload_buf[0];
fixture.sent_payload_len = payload_buf_len;
fixture.expected_return_value = 0;
fixture.expected_payload_len = payload_buf_len;
fixture.expected_return_payload = "";
EXECUTE_HEARTBEAT_TEST();
}
static int test_tls1_heartbleed()
{
SETUP_HEARTBEAT_TEST_FIXTURE(tls);
/* Three-byte pad at the beginning for type and payload length */
unsigned char payload_buf[] = " HEARTBLEED ";
fixture.payload = &payload_buf[0];
fixture.sent_payload_len = MAX_PRINTABLE_CHARACTERS;
fixture.expected_return_value = 0;
fixture.expected_payload_len = 0;
fixture.expected_return_payload = "";
EXECUTE_HEARTBEAT_TEST();
}
static int test_tls1_heartbleed_empty_payload()
{
SETUP_HEARTBEAT_TEST_FIXTURE(tls);
/* Excluding the NUL at the end, one byte short of type + payload length +
* minimum padding */
unsigned char payload_buf[MIN_PADDING_SIZE + 3];
memset(payload_buf, ' ', sizeof(payload_buf));
payload_buf[sizeof(payload_buf) - 1] = '\0';
fixture.payload = &payload_buf[0];
fixture.sent_payload_len = MAX_PRINTABLE_CHARACTERS;
fixture.expected_return_value = 0;
fixture.expected_payload_len = 0;
fixture.expected_return_payload = "";
EXECUTE_HEARTBEAT_TEST();
}
#undef EXECUTE_HEARTBEAT_TEST
#undef SETUP_HEARTBEAT_TEST_FIXTURE
int main(int argc, char *argv[])
{
int num_failed;
SSL_library_init();
SSL_load_error_strings();
num_failed = test_dtls1_not_bleeding() +
test_dtls1_not_bleeding_empty_payload() +
test_dtls1_heartbleed() +
test_dtls1_heartbleed_empty_payload() +
/* The following test causes an assertion failure at
* ssl/d1_pkt.c:dtls1_write_bytes() in versions prior to 1.0.1g: */
(OPENSSL_VERSION_NUMBER >= 0x1000107fL ?
test_dtls1_heartbleed_excessive_plaintext_length() : 0) +
test_tls1_not_bleeding() +
test_tls1_not_bleeding_empty_payload() +
test_tls1_heartbleed() +
test_tls1_heartbleed_empty_payload() +
0;
ERR_print_errors_fp(stderr);
if (num_failed != 0)
{
printf("%d test%s failed\n", num_failed, num_failed != 1 ? "s" : "");
return EXIT_FAILURE;
}
return EXIT_SUCCESS;
}
#else /* OPENSSL_NO_HEARTBEATS*/
int main(int argc, char *argv[])
{
return EXIT_SUCCESS;
}
#endif /* OPENSSL_NO_HEARTBEATS */