diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-06-27 15:00:13 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-07-02 08:39:51 +0000 |
commit | ee16068f67d4d69f139cfdd2675c79dacb15dfcf (patch) | |
tree | 02ff2245c1f9d8c20f22dedc518e8b47c4eba420 /tests | |
parent | c0ff5485481e6b035fdf588098e456a3e82be8b7 (diff) | |
download | gnutls-ee16068f67d4d69f139cfdd2675c79dacb15dfcf.tar.gz |
tests: check for GNUTLS_E_GOT_APPLICATION_DATA on post-handshake auth
That is, check whether GNUTLS_E_GOT_APPLICATION_DATA is received as
documented, and whether post-handshake auth can complete while this
is being sent.
Resolves #490
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/tls13/post-handshake-with-cert-ticket.c | 1 | ||||
-rw-r--r-- | tests/tls13/post-handshake-with-cert.c | 61 | ||||
-rw-r--r-- | tests/tls13/post-handshake-with-psk.c | 1 |
3 files changed, 57 insertions, 6 deletions
diff --git a/tests/tls13/post-handshake-with-cert-ticket.c b/tests/tls13/post-handshake-with-cert-ticket.c index edac74b30f..87b3ea4ea3 100644 --- a/tests/tls13/post-handshake-with-cert-ticket.c +++ b/tests/tls13/post-handshake-with-cert-ticket.c @@ -331,6 +331,7 @@ void doit(void) pid_t child; signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); if (ret < 0) { diff --git a/tests/tls13/post-handshake-with-cert.c b/tests/tls13/post-handshake-with-cert.c index e9940e79cb..803a77b196 100644 --- a/tests/tls13/post-handshake-with-cert.c +++ b/tests/tls13/post-handshake-with-cert.c @@ -70,6 +70,7 @@ static void client_log_func(int level, const char *str) } #define MAX_BUF 1024 +#define MAX_APP_DATA 3 static void client(int fd, unsigned send_cert, unsigned max_auths) { @@ -77,7 +78,7 @@ static void client(int fd, unsigned send_cert, unsigned max_auths) gnutls_certificate_credentials_t x509_cred; gnutls_session_t session; char buf[64]; - unsigned i; + unsigned i, j; global_init(); @@ -105,8 +106,6 @@ static void client(int fd, unsigned send_cert, unsigned max_auths) GNUTLS_X509_FMT_PEM)>=0); } - /* put the anonymous credentials to the current session - */ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); gnutls_transport_set_int(session, fd); @@ -124,7 +123,12 @@ static void client(int fd, unsigned send_cert, unsigned max_auths) if (debug) success("client handshake completed\n"); + gnutls_record_set_timeout(session, 20 * 1000); + for (i=0;i<max_auths;i++) { + if (debug) + success("waiting for auth nr %d\n", i); + do { ret = gnutls_record_recv(session, buf, sizeof(buf)); } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); @@ -133,6 +137,17 @@ static void client(int fd, unsigned send_cert, unsigned max_auths) fail("recv: unexpected error: %s\n", gnutls_strerror(ret)); } + /* send application data to check if server tolerates them */ + if (i==0) { + for (j=0;j<MAX_APP_DATA;j++) { + memset(buf, j, sizeof(buf)); + do { + ret = gnutls_record_send(session, buf, sizeof(buf)); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + assert(ret>=0); + } + } + if (debug) success("received reauth request\n"); do { @@ -194,7 +209,7 @@ static void server(int fd, int err, int type, unsigned max_auths) char buffer[MAX_BUF + 1]; gnutls_session_t session; gnutls_certificate_credentials_t x509_cred; - unsigned i; + unsigned i, retries; /* this must be called once in the program */ @@ -203,7 +218,7 @@ static void server(int fd, int err, int type, unsigned max_auths) if (debug) { gnutls_global_set_log_function(server_log_func); - gnutls_global_set_log_level(4711); + gnutls_global_set_log_level(6); } gnutls_certificate_allocate_credentials(&x509_cred); @@ -252,7 +267,40 @@ static void server(int fd, int err, int type, unsigned max_auths) gnutls_certificate_server_set_request(session, type); - for (i=0;i<max_auths;i++) { + /* i = 0 */ + /* ask peer for re-authentication */ + retries = 0; + do { + do { + ret = gnutls_reauth(session, 0); + } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); + + if (ret == GNUTLS_E_GOT_APPLICATION_DATA) { + int ret2; + do { + ret2 = gnutls_record_recv(session, buffer, sizeof(buffer)); + } while (ret2 == GNUTLS_E_AGAIN || ret2 == GNUTLS_E_INTERRUPTED); + + if (ret2 < 0) + fail("error receiving app data: %s\n", gnutls_strerror(ret2)); + + /* sender memsets the message with the retry attempt */ + assert((uint8_t)buffer[0] == retries); + assert(retries < MAX_APP_DATA); + } + + retries++; + } while (ret == GNUTLS_E_GOT_APPLICATION_DATA); + + if (err) { + if (ret != err) + fail("server: expected error %s, got: %s\n", gnutls_strerror(err), + gnutls_strerror(ret)); + } else if (ret != 0) + fail("server: gnutls_reauth did not succeed as expected: %s\n", gnutls_strerror(ret)); + + + for (i=1;i<max_auths;i++) { /* ask peer for re-authentication */ do { ret = gnutls_reauth(session, 0); @@ -298,6 +346,7 @@ void start(const char *name, int err, int type, unsigned max_auths, unsigned sen server_hello_ok = 0; signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); if (ret < 0) { diff --git a/tests/tls13/post-handshake-with-psk.c b/tests/tls13/post-handshake-with-psk.c index dd3d9b850e..d104d0d460 100644 --- a/tests/tls13/post-handshake-with-psk.c +++ b/tests/tls13/post-handshake-with-psk.c @@ -330,6 +330,7 @@ void start(const char *name, int err, int type, unsigned max_auths, unsigned sen server_hello_ok = 0; signal(SIGCHLD, ch_handler); + signal(SIGPIPE, SIG_IGN); ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); if (ret < 0) { |