1 1.1 christos /* 2 1.1 christos * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. 3 1.1 christos * 4 1.1 christos * Licensed under the Apache License 2.0 (the "License"); 5 1.1 christos * you may not use this file except in compliance with the License. 6 1.1 christos * You may obtain a copy of the License at 7 1.1 christos * https://www.openssl.org/source/license.html 8 1.1 christos * or in the file LICENSE in the source distribution. 9 1.1 christos */ 10 1.1 christos 11 1.1 christos /* 12 1.1 christos * We need access to the deprecated low level Engine APIs for legacy purposes 13 1.1 christos * when the deprecated calls are not hidden 14 1.1 christos */ 15 1.1 christos #ifndef OPENSSL_NO_DEPRECATED_3_0 16 1.1.1.2 christos #define OPENSSL_SUPPRESS_DEPRECATED 17 1.1 christos #endif 18 1.1 christos 19 1.1 christos #include <string.h> 20 1.1 christos #include <openssl/ssl.h> 21 1.1 christos #include <openssl/bio.h> 22 1.1 christos #include <openssl/err.h> 23 1.1 christos #include <openssl/engine.h> 24 1.1 christos 25 1.1 christos #ifndef OPENSSL_NO_QUIC 26 1.1 christos /* This test does not link libssl so avoid pulling in QUIC unwrappers. */ 27 1.1.1.2 christos #define OPENSSL_NO_QUIC 28 1.1 christos #endif 29 1.1 christos 30 1.1 christos /* We include internal headers so we can check if the buffers are allocated */ 31 1.1 christos #include "../ssl/ssl_local.h" 32 1.1 christos #include "../ssl/record/record_local.h" 33 1.1 christos #include "internal/recordmethod.h" 34 1.1 christos #include "../ssl/record/methods/recmethod_local.h" 35 1.1 christos #include "internal/ssl_unwrap.h" 36 1.1 christos 37 1.1 christos #include "internal/packet.h" 38 1.1 christos 39 1.1 christos #include "helpers/ssltestlib.h" 40 1.1 christos #include "testutil.h" 41 1.1 christos 42 1.1 christos struct async_ctrs { 43 1.1 christos unsigned int rctr; 44 1.1 christos unsigned int wctr; 45 1.1 christos }; 46 1.1 christos 47 1.1 christos static SSL_CTX *serverctx = NULL; 48 1.1 christos static SSL_CTX *clientctx = NULL; 49 1.1 christos 50 1.1.1.2 christos #define MAX_ATTEMPTS 100 51 1.1 christos 52 1.1 christos static int checkbuffers(SSL *s, int isalloced) 53 1.1 christos { 54 1.1 christos SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); 55 1.1 christos OSSL_RECORD_LAYER *rrl = sc->rlayer.rrl; 56 1.1 christos OSSL_RECORD_LAYER *wrl = sc->rlayer.wrl; 57 1.1 christos 58 1.1 christos if (isalloced) 59 1.1 christos return rrl->rbuf.buf != NULL && wrl->wbuf[0].buf != NULL; 60 1.1 christos 61 1.1 christos return rrl->rbuf.buf == NULL && wrl->wbuf[0].buf == NULL; 62 1.1 christos } 63 1.1 christos 64 1.1 christos /* 65 1.1 christos * There are 9 passes in the tests 66 1.1 christos * 0 = control test 67 1.1 christos * tests during writes 68 1.1 christos * 1 = free buffers 69 1.1 christos * 2 = + allocate buffers after free 70 1.1 christos * 3 = + allocate buffers again 71 1.1 christos * 4 = + free buffers after allocation 72 1.1 christos * tests during reads 73 1.1 christos * 5 = + free buffers 74 1.1 christos * 6 = + free buffers again 75 1.1 christos * 7 = + allocate buffers after free 76 1.1 christos * 8 = + free buffers after allocation 77 1.1 christos */ 78 1.1 christos static int test_func(int test) 79 1.1 christos { 80 1.1 christos int result = 0; 81 1.1 christos SSL *serverssl = NULL, *clientssl = NULL; 82 1.1 christos int ret; 83 1.1 christos size_t i, j; 84 1.1 christos const char testdata[] = "Test data"; 85 1.1 christos char buf[sizeof(testdata)]; 86 1.1 christos 87 1.1 christos if (!TEST_true(create_ssl_objects(serverctx, clientctx, &serverssl, &clientssl, 88 1.1.1.2 christos NULL, NULL))) { 89 1.1 christos TEST_error("Test %d failed: Create SSL objects failed\n", test); 90 1.1 christos goto end; 91 1.1 christos } 92 1.1 christos 93 1.1 christos if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) { 94 1.1 christos TEST_error("Test %d failed: Create SSL connection failed\n", test); 95 1.1 christos goto end; 96 1.1 christos } 97 1.1 christos 98 1.1 christos /* 99 1.1 christos * Send and receive some test data. Do the whole thing twice to ensure 100 1.1 christos * we hit at least one async event in both reading and writing 101 1.1 christos */ 102 1.1 christos for (j = 0; j < 2; j++) { 103 1.1 christos int len; 104 1.1 christos 105 1.1 christos /* 106 1.1 christos 107 1.1 christos * Write some test data. It should never take more than 2 attempts 108 1.1 christos * (the first one might be a retryable fail). 109 1.1 christos */ 110 1.1 christos for (ret = -1, i = 0, len = 0; len != sizeof(testdata) && i < 2; 111 1.1.1.2 christos i++) { 112 1.1 christos /* test == 0 mean to free/allocate = control */ 113 1.1.1.2 christos if (test >= 1 && (!TEST_true(SSL_free_buffers(clientssl)) || !TEST_true(checkbuffers(clientssl, 0)))) 114 1.1 christos goto end; 115 1.1.1.2 christos if (test >= 2 && (!TEST_true(SSL_alloc_buffers(clientssl)) || !TEST_true(checkbuffers(clientssl, 1)))) 116 1.1 christos goto end; 117 1.1 christos /* allocate a second time */ 118 1.1.1.2 christos if (test >= 3 && (!TEST_true(SSL_alloc_buffers(clientssl)) || !TEST_true(checkbuffers(clientssl, 1)))) 119 1.1 christos goto end; 120 1.1.1.2 christos if (test >= 4 && (!TEST_true(SSL_free_buffers(clientssl)) || !TEST_true(checkbuffers(clientssl, 0)))) 121 1.1 christos goto end; 122 1.1 christos 123 1.1 christos ret = SSL_write(clientssl, testdata + len, 124 1.1.1.2 christos sizeof(testdata) - len); 125 1.1 christos if (ret > 0) { 126 1.1 christos len += ret; 127 1.1 christos } else { 128 1.1 christos int ssl_error = SSL_get_error(clientssl, ret); 129 1.1 christos 130 1.1.1.2 christos if (ssl_error == SSL_ERROR_SYSCALL || ssl_error == SSL_ERROR_SSL) { 131 1.1 christos TEST_error("Test %d failed: Failed to write app data\n", test); 132 1.1 christos goto end; 133 1.1 christos } 134 1.1 christos } 135 1.1 christos } 136 1.1 christos if (!TEST_size_t_eq(len, sizeof(testdata))) 137 1.1 christos goto end; 138 1.1 christos /* 139 1.1 christos * Now read the test data. It may take more attempts here because 140 1.1 christos * it could fail once for each byte read, including all overhead 141 1.1 christos * bytes from the record header/padding etc. 142 1.1 christos */ 143 1.1.1.2 christos for (ret = -1, i = 0, len = 0; len != sizeof(testdata) && i < MAX_ATTEMPTS; i++) { 144 1.1.1.2 christos if (test >= 5 && (!TEST_true(SSL_free_buffers(serverssl)) || !TEST_true(checkbuffers(serverssl, 0)))) 145 1.1 christos goto end; 146 1.1 christos /* free a second time */ 147 1.1.1.2 christos if (test >= 6 && (!TEST_true(SSL_free_buffers(serverssl)) || !TEST_true(checkbuffers(serverssl, 0)))) 148 1.1 christos goto end; 149 1.1.1.2 christos if (test >= 7 && (!TEST_true(SSL_alloc_buffers(serverssl)) || !TEST_true(checkbuffers(serverssl, 1)))) 150 1.1 christos goto end; 151 1.1.1.2 christos if (test >= 8 && (!TEST_true(SSL_free_buffers(serverssl)) || !TEST_true(checkbuffers(serverssl, 0)))) 152 1.1 christos goto end; 153 1.1 christos 154 1.1 christos ret = SSL_read(serverssl, buf + len, sizeof(buf) - len); 155 1.1 christos if (ret > 0) { 156 1.1 christos len += ret; 157 1.1 christos } else { 158 1.1 christos int ssl_error = SSL_get_error(serverssl, ret); 159 1.1 christos 160 1.1.1.2 christos if (ssl_error == SSL_ERROR_SYSCALL || ssl_error == SSL_ERROR_SSL) { 161 1.1 christos TEST_error("Test %d failed: Failed to read app data\n", test); 162 1.1 christos goto end; 163 1.1 christos } 164 1.1 christos } 165 1.1 christos } 166 1.1 christos if (!TEST_mem_eq(buf, len, testdata, sizeof(testdata))) 167 1.1 christos goto end; 168 1.1 christos } 169 1.1 christos 170 1.1 christos result = 1; 171 1.1.1.2 christos end: 172 1.1 christos if (!result) 173 1.1 christos ERR_print_errors_fp(stderr); 174 1.1 christos 175 1.1 christos SSL_free(clientssl); 176 1.1 christos SSL_free(serverssl); 177 1.1 christos 178 1.1 christos return result; 179 1.1 christos } 180 1.1 christos 181 1.1 christos /* 182 1.1 christos * Test that attempting to free the buffers at points where they cannot be freed 183 1.1 christos * works as expected 184 1.1 christos * Test 0: Attempt to free buffers after a full record has been processed, but 185 1.1 christos * the application has only performed a partial read 186 1.1 christos * Test 1: Attempt to free buffers after only a partial record header has been 187 1.1 christos * received 188 1.1 christos * Test 2: Attempt to free buffers after a full record header but no record body 189 1.1 christos * Test 3: Attempt to free buffers after a full record hedaer and partial record 190 1.1 christos * body 191 1.1 christos * Test 4-7: We repeat tests 0-3 but including data from a second pipelined 192 1.1 christos * record 193 1.1 christos */ 194 1.1 christos static int test_free_buffers(int test) 195 1.1 christos { 196 1.1 christos int result = 0; 197 1.1 christos SSL *serverssl = NULL, *clientssl = NULL; 198 1.1 christos const char testdata[] = "Test data"; 199 1.1 christos char buf[120]; 200 1.1 christos size_t written, readbytes; 201 1.1 christos int i, pipeline = test > 3; 202 1.1 christos ENGINE *e = NULL; 203 1.1 christos 204 1.1 christos if (pipeline) { 205 1.1 christos e = load_dasync(); 206 1.1 christos if (e == NULL) 207 1.1 christos goto end; 208 1.1 christos test -= 4; 209 1.1 christos } 210 1.1 christos 211 1.1 christos if (!TEST_true(create_ssl_objects(serverctx, clientctx, &serverssl, 212 1.1.1.2 christos &clientssl, NULL, NULL))) 213 1.1 christos goto end; 214 1.1 christos 215 1.1 christos if (pipeline) { 216 1.1 christos if (!TEST_true(SSL_set_cipher_list(serverssl, "AES128-SHA")) 217 1.1.1.2 christos || !TEST_true(SSL_set_max_proto_version(serverssl, 218 1.1.1.2 christos TLS1_2_VERSION)) 219 1.1.1.2 christos || !TEST_true(SSL_set_max_pipelines(serverssl, 2))) 220 1.1 christos goto end; 221 1.1 christos } 222 1.1 christos 223 1.1 christos if (!TEST_true(create_ssl_connection(serverssl, clientssl, 224 1.1.1.2 christos SSL_ERROR_NONE))) 225 1.1 christos goto end; 226 1.1 christos 227 1.1 christos /* 228 1.1 christos * For the non-pipeline case we write one record. For pipelining we write 229 1.1 christos * two records. 230 1.1 christos */ 231 1.1 christos for (i = 0; i <= pipeline; i++) { 232 1.1 christos if (!TEST_true(SSL_write_ex(clientssl, testdata, strlen(testdata), 233 1.1.1.2 christos &written))) 234 1.1 christos goto end; 235 1.1 christos } 236 1.1 christos 237 1.1 christos if (test == 0) { 238 1.1 christos size_t readlen = 1; 239 1.1 christos 240 1.1 christos /* 241 1.1 christos * Deliberately only read the first byte - so the remaining bytes are 242 1.1 christos * still buffered. In the pipelining case we read as far as the first 243 1.1 christos * byte from the second record. 244 1.1 christos */ 245 1.1 christos if (pipeline) 246 1.1 christos readlen += strlen(testdata); 247 1.1 christos 248 1.1 christos if (!TEST_true(SSL_read_ex(serverssl, buf, readlen, &readbytes)) 249 1.1.1.2 christos || !TEST_size_t_eq(readlen, readbytes)) 250 1.1 christos goto end; 251 1.1 christos } else { 252 1.1 christos BIO *tmp; 253 1.1 christos size_t partial_len; 254 1.1 christos 255 1.1 christos /* Remove all the data that is pending for read by the server */ 256 1.1 christos tmp = SSL_get_rbio(serverssl); 257 1.1 christos if (!TEST_true(BIO_read_ex(tmp, buf, sizeof(buf), &readbytes)) 258 1.1.1.2 christos || !TEST_size_t_lt(readbytes, sizeof(buf)) 259 1.1.1.2 christos || !TEST_size_t_gt(readbytes, SSL3_RT_HEADER_LENGTH)) 260 1.1 christos goto end; 261 1.1 christos 262 1.1.1.2 christos switch (test) { 263 1.1 christos case 1: 264 1.1 christos partial_len = SSL3_RT_HEADER_LENGTH - 1; 265 1.1 christos break; 266 1.1 christos case 2: 267 1.1 christos partial_len = SSL3_RT_HEADER_LENGTH; 268 1.1 christos break; 269 1.1 christos case 3: 270 1.1 christos partial_len = readbytes - 1; 271 1.1 christos break; 272 1.1 christos default: 273 1.1 christos TEST_error("Invalid test index"); 274 1.1 christos goto end; 275 1.1 christos } 276 1.1 christos 277 1.1 christos if (pipeline) { 278 1.1 christos /* We happen to know the first record is 57 bytes long */ 279 1.1 christos const size_t first_rec_len = 57; 280 1.1 christos 281 1.1 christos if (test != 3) 282 1.1 christos partial_len += first_rec_len; 283 1.1 christos 284 1.1 christos /* 285 1.1 christos * Sanity check. If we got the record len right then this should 286 1.1 christos * never fail. 287 1.1 christos */ 288 1.1 christos if (!TEST_int_eq(buf[first_rec_len], SSL3_RT_APPLICATION_DATA)) 289 1.1 christos goto end; 290 1.1 christos } 291 1.1 christos 292 1.1 christos /* 293 1.1 christos * Put back just the partial record (plus the whole initial record in 294 1.1 christos * the pipelining case) 295 1.1 christos */ 296 1.1 christos if (!TEST_true(BIO_write_ex(tmp, buf, partial_len, &written))) 297 1.1 christos goto end; 298 1.1 christos 299 1.1 christos if (pipeline) { 300 1.1 christos /* 301 1.1 christos * Attempt a read. This should pass but only return data from the 302 1.1 christos * first record. Only a partial record is available for the second 303 1.1 christos * record. 304 1.1 christos */ 305 1.1 christos if (!TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), 306 1.1.1.2 christos &readbytes)) 307 1.1.1.2 christos || !TEST_size_t_eq(readbytes, strlen(testdata))) 308 1.1 christos goto end; 309 1.1 christos } else { 310 1.1 christos /* 311 1.1.1.2 christos * Attempt a read. This should fail because only a partial record is 312 1.1.1.2 christos * available. 313 1.1.1.2 christos */ 314 1.1 christos if (!TEST_false(SSL_read_ex(serverssl, buf, sizeof(buf), 315 1.1.1.2 christos &readbytes))) 316 1.1 christos goto end; 317 1.1 christos } 318 1.1 christos } 319 1.1 christos 320 1.1 christos /* 321 1.1 christos * Attempting to free the buffers at this point should fail because they are 322 1.1 christos * still in use 323 1.1 christos */ 324 1.1 christos if (!TEST_false(SSL_free_buffers(serverssl))) 325 1.1 christos goto end; 326 1.1 christos 327 1.1 christos result = 1; 328 1.1.1.2 christos end: 329 1.1 christos SSL_free(clientssl); 330 1.1 christos SSL_free(serverssl); 331 1.1 christos #ifndef OPENSSL_NO_DYNAMIC_ENGINE 332 1.1 christos if (e != NULL) { 333 1.1 christos ENGINE_unregister_ciphers(e); 334 1.1 christos ENGINE_finish(e); 335 1.1 christos ENGINE_free(e); 336 1.1 christos } 337 1.1 christos #endif 338 1.1 christos return result; 339 1.1 christos } 340 1.1 christos 341 1.1 christos OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n") 342 1.1 christos 343 1.1 christos int setup_tests(void) 344 1.1 christos { 345 1.1 christos char *cert, *pkey; 346 1.1 christos 347 1.1 christos if (!test_skip_common_options()) { 348 1.1 christos TEST_error("Error parsing test options\n"); 349 1.1 christos return 0; 350 1.1 christos } 351 1.1 christos 352 1.1 christos if (!TEST_ptr(cert = test_get_argument(0)) 353 1.1.1.2 christos || !TEST_ptr(pkey = test_get_argument(1))) 354 1.1 christos return 0; 355 1.1 christos 356 1.1 christos if (!create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), 357 1.1.1.2 christos TLS1_VERSION, 0, 358 1.1.1.2 christos &serverctx, &clientctx, cert, pkey)) { 359 1.1 christos TEST_error("Failed to create SSL_CTX pair\n"); 360 1.1 christos return 0; 361 1.1 christos } 362 1.1 christos 363 1.1 christos ADD_ALL_TESTS(test_func, 9); 364 1.1 christos #if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DYNAMIC_ENGINE) 365 1.1 christos ADD_ALL_TESTS(test_free_buffers, 8); 366 1.1 christos #else 367 1.1 christos ADD_ALL_TESTS(test_free_buffers, 4); 368 1.1 christos #endif 369 1.1 christos return 1; 370 1.1 christos } 371 1.1 christos 372 1.1 christos void cleanup_tests(void) 373 1.1 christos { 374 1.1 christos SSL_CTX_free(clientctx); 375 1.1 christos SSL_CTX_free(serverctx); 376 1.1 christos } 377
Indexes created Wed Mar 04 05:31:52 UTC 2026