Add tests for the padding extension

Check that the padding extension pads correctly for various scenarios.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2968)

1 files changed, 160 insertions, 84 deletions

diff --git a/test/clienthellotest.c b/test/clienthellotest.c
index 718b582ed5..efdea942b7 100644
--- a/test/clienthellotest.c
+++ b/test/clienthellotest.c
@@ -15,144 +15,220 @@
 #include <openssl/evp.h>
 #include <openssl/ssl.h>
 #include <openssl/err.h>
+#include <time.h>
 
 #include "../ssl/packet_locl.h"
 
-#define CLIENT_VERSION_LEN      2
+#include "testutil.h"
+#include "test_main_custom.h"
 
+#define CLIENT_VERSION_LEN      2
 
-#define TOTAL_NUM_TESTS                         1
+#define TOTAL_NUM_TESTS                         4
 
 /*
  * Test that explicitly setting ticket data results in it appearing in the
  * ClientHello for a negotiated SSL/TLS version
  */
 #define TEST_SET_SESSION_TICK_DATA_VER_NEG      0
+/* Enable padding and make sure ClientHello is long enough to require it */
+#define TEST_ADD_PADDING                        1
+/* Enable padding and make sure ClientHello is short enough to not need it */
+#define TEST_PADDING_NOT_NEEDED                 2
+/*
+ * Enable padding and add a PSK to the ClientHello (this will also ensure the
+ * ClientHello is long enough to need padding)
+ */
+#define TEST_ADD_PADDING_AND_PSK                3
+
+#define F5_WORKAROUND_MIN_MSG_LEN   0xff
+#define F5_WORKAROUND_MAX_MSG_LEN   0x200
+
+const char *sessionfile = NULL;
 
-int main(int argc, char *argv[])
+static int test_client_hello(int currtest)
 {
     SSL_CTX *ctx;
     SSL *con = NULL;
     BIO *rbio;
     BIO *wbio;
-    BIO *err;
     long len;
     unsigned char *data;
     PACKET pkt, pkt2, pkt3;
     char *dummytick = "Hello World!";
     unsigned int type;
     int testresult = 0;
-    int currtest = 0;
-
-    err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
-
-    CRYPTO_set_mem_debug(1);
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+    size_t msglen;
+    BIO *sessbio = NULL;
+    SSL_SESSION *sess = NULL;
 
     /*
      * For each test set up an SSL_CTX and SSL and see what ClientHello gets
      * produced when we try to connect
      */
-    for (; currtest < TOTAL_NUM_TESTS; currtest++) {
-        testresult = 0;
-        ctx = SSL_CTX_new(TLS_method());
+    ctx = SSL_CTX_new(TLS_method());
+    if (ctx == NULL)
+        goto end;
 
+    switch(currtest) {
+    case TEST_SET_SESSION_TICK_DATA_VER_NEG:
         /* Testing for session tickets <= TLS1.2; not relevant for 1.3 */
-        if (ctx == NULL || !SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION))
+        if (!SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION))
             goto end;
-
-        con = SSL_new(ctx);
-        if (con == NULL)
+        break;
+
+    case TEST_ADD_PADDING_AND_PSK:
+    case TEST_ADD_PADDING:
+    case TEST_PADDING_NOT_NEEDED:
+        SSL_CTX_set_options(ctx, SSL_OP_TLSEXT_PADDING);
+        /*
+         * Add lots of ciphersuites so that the ClientHello is at least
+         * F5_WORKAROUND_MIN_MSG_LEN bytes long - meaning padding will be
+         * needed.
+         * In the padding not needed case we assume the test will pass, but then
+         * set testresult to 0 if we see the padding extension.
+         */
+        if (currtest == TEST_ADD_PADDING
+                && !SSL_CTX_set_cipher_list(ctx, "ALL"))
             goto end;
+        else if (currtest == TEST_PADDING_NOT_NEEDED)
+            testresult = 1;
+        break;
 
-        rbio = BIO_new(BIO_s_mem());
-        wbio = BIO_new(BIO_s_mem());
-        if (rbio == NULL || wbio == NULL) {
-            BIO_free(rbio);
-            BIO_free(wbio);
-            goto end;
-        }
+    default:
+        goto end;
+    }
 
-        SSL_set_bio(con, rbio, wbio);
-        SSL_set_connect_state(con);
+    con = SSL_new(ctx);
+    if (con == NULL)
+        goto end;
 
-        if (currtest == TEST_SET_SESSION_TICK_DATA_VER_NEG) {
-            if (!SSL_set_session_ticket_ext(con, dummytick, strlen(dummytick)))
-                goto end;
+    if (currtest == TEST_ADD_PADDING_AND_PSK) {
+        sessbio = BIO_new_file(sessionfile, "r");
+        if (sessbio == NULL) {
+            printf("Unable to open session.pem\n");
+            goto end;
         }
-
-        if (SSL_connect(con) > 0) {
-            /* This shouldn't succeed because we don't have a server! */
+        sess = PEM_read_bio_SSL_SESSION(sessbio, NULL, NULL, NULL);
+        if (sess == NULL) {
+            printf("Unable to load SSL_SESSION\n");
             goto end;
         }
-
-        len = BIO_get_mem_data(wbio, (char **)&data);
-        if (!PACKET_buf_init(&pkt, data, len))
+        /*
+         * We reset the creation time so that we don't discard the session as
+         * too old.
+         */
+        if (!SSL_SESSION_set_time(sess, time(NULL))) {
+            printf("Unable to set creation time on SSL_SESSION\n");
             goto end;
-
-        /* Skip the record header */
-        if (!PACKET_forward(&pkt, SSL3_RT_HEADER_LENGTH))
+        }
+        if (!SSL_set_session(con, sess)) {
+            printf("Unable to set the session on the connection\n");
             goto end;
+        }
+    }
 
-        /* Skip the handshake message header */
-        if (!PACKET_forward(&pkt, SSL3_HM_HEADER_LENGTH))
-            goto end;
+    rbio = BIO_new(BIO_s_mem());
+    wbio = BIO_new(BIO_s_mem());
+    if (rbio == NULL || wbio == NULL) {
+        BIO_free(rbio);
+        BIO_free(wbio);
+        goto end;
+    }
 
-        /* Skip client version and random */
-        if (!PACKET_forward(&pkt, CLIENT_VERSION_LEN + SSL3_RANDOM_SIZE))
-            goto end;
+    SSL_set_bio(con, rbio, wbio);
+    SSL_set_connect_state(con);
 
-        /* Skip session id */
-        if (!PACKET_get_length_prefixed_1(&pkt, &pkt2))
+    if (currtest == TEST_SET_SESSION_TICK_DATA_VER_NEG) {
+        if (!SSL_set_session_ticket_ext(con, dummytick, strlen(dummytick)))
             goto end;
+    }
 
-        /* Skip ciphers */
-        if (!PACKET_get_length_prefixed_2(&pkt, &pkt2))
-            goto end;
+    if (SSL_connect(con) > 0) {
+        /* This shouldn't succeed because we don't have a server! */
+        goto end;
+    }
 
-        /* Skip compression */
-        if (!PACKET_get_length_prefixed_1(&pkt, &pkt2))
-            goto end;
+    len = BIO_get_mem_data(wbio, (char **)&data);
+    if (!PACKET_buf_init(&pkt, data, len))
+        goto end;
+
+    /* Skip the record header */
+    if (!PACKET_forward(&pkt, SSL3_RT_HEADER_LENGTH))
+        goto end;
+
+    msglen = PACKET_remaining(&pkt);
+
+    /* Skip the handshake message header */
+    if (!PACKET_forward(&pkt, SSL3_HM_HEADER_LENGTH))
+        goto end;
+
+    /* Skip client version and random */
+    if (!PACKET_forward(&pkt, CLIENT_VERSION_LEN + SSL3_RANDOM_SIZE))
+        goto end;
+
+    /* Skip session id */
+    if (!PACKET_get_length_prefixed_1(&pkt, &pkt2))
+        goto end;
+
+    /* Skip ciphers */
+    if (!PACKET_get_length_prefixed_2(&pkt, &pkt2))
+        goto end;
+
+    /* Skip compression */
+    if (!PACKET_get_length_prefixed_1(&pkt, &pkt2))
+        goto end;
 
-        /* Extensions len */
-        if (!PACKET_as_length_prefixed_2(&pkt, &pkt2))
+    /* Extensions len */
+    if (!PACKET_as_length_prefixed_2(&pkt, &pkt2))
+        goto end;
+
+    /* Loop through all extensions */
+    while (PACKET_remaining(&pkt2)) {
+
+        if (!PACKET_get_net_2(&pkt2, &type) ||
+            !PACKET_get_length_prefixed_2(&pkt2, &pkt3))
             goto end;
 
-        /* Loop through all extensions */
-        while (PACKET_remaining(&pkt2)) {
-
-            if (!PACKET_get_net_2(&pkt2, &type) ||
-                !PACKET_get_length_prefixed_2(&pkt2, &pkt3))
-                goto end;
-
-            if (type == TLSEXT_TYPE_session_ticket) {
-                if (currtest == TEST_SET_SESSION_TICK_DATA_VER_NEG) {
-                    if (PACKET_equal(&pkt3, dummytick, strlen(dummytick))) {
-                        /* Ticket data is as we expected */
-                        testresult = 1;
-                    } else {
-                        printf("Received session ticket is not as expected\n");
-                    }
-                    break;
+        if (type == TLSEXT_TYPE_session_ticket) {
+            if (currtest == TEST_SET_SESSION_TICK_DATA_VER_NEG) {
+                if (PACKET_equal(&pkt3, dummytick, strlen(dummytick))) {
+                    /* Ticket data is as we expected */
+                    testresult = 1;
+                } else {
+                    printf("Received session ticket is not as expected\n");
                 }
+                break;
             }
-
         }
-
- end:
-        SSL_free(con);
-        SSL_CTX_free(ctx);
-        if (!testresult) {
-            printf("ClientHello test: FAILED (Test %d)\n", currtest);
-            break;
+        if (type == TLSEXT_TYPE_padding) {
+            if (currtest == TEST_ADD_PADDING
+                    || currtest == TEST_ADD_PADDING_AND_PSK)
+                testresult = (msglen == F5_WORKAROUND_MAX_MSG_LEN);
+            else
+                testresult = 0;
         }
     }
 
-#ifndef OPENSSL_NO_CRYPTO_MDEBUG
-    if (CRYPTO_mem_leaks(err) <= 0)
-        testresult = 0;
-#endif
-    BIO_free(err);
+end:
+    SSL_free(con);
+    SSL_CTX_free(ctx);
+    SSL_SESSION_free(sess);
+    BIO_free(sessbio);
+    if (!testresult)
+        printf("ClientHello test: FAILED (Test %d)\n", currtest);
+
+    return testresult;
+}
+
+int test_main(int argc, char *argv[])
+{
+    if (argc != 2)
+        return 0;
+
+    sessionfile = argv[1];
+
+    ADD_ALL_TESTS(test_client_hello, TOTAL_NUM_TESTS);
 
-    return testresult?0:1;
+    return run_tests(argv[0]);
 }